Reply to thread

Message

<blockquote data-quote="edward1" data-source="post: 96768" data-attributes="member: 4314">All completed. Here is log:-ComboFix 13-01-14.01 - Administrator 15/01/2013&nbsp;&nbsp; 9:20.4.2 - x86 MINIMALMicrosoft Windows XP Home Edition&nbsp; 5.1.2600.3.1252.44.1033.18.1023.817 [GMT 0:00]Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exeCommand switches used :: c:\documents and settings\Administrator\Desktop\CFScript.txt.txtAV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}FW: avast! Antivirus *Disabled* {7591DB91-41F0-48A3-B128-1A293FD8233D}..(((((((((((((((((((((((((&nbsp;&nbsp; Files Created from 2012-12-15 to 2013-01-15&nbsp; )))))))))))))))))))))))))))))))..2013-01-14 17:03 . 2013-01-14 17:03&nbsp; &nbsp; --------&nbsp; &nbsp; d-----w-&nbsp; &nbsp; C:\_OTL2013-01-13 19:35 . 2013-01-13 19:35&nbsp; &nbsp; --------&nbsp; &nbsp; d-----w-&nbsp; &nbsp; C:\eeepcfr2013-01-12 09:21 . 2013-01-12 09:21&nbsp; &nbsp; --------&nbsp; &nbsp; d-----w-&nbsp; &nbsp; c:\documents and settings\Administrator\Local Settings\Application Data\Mozilla2013-01-06 15:58 . 2012-12-14 16:49&nbsp; &nbsp; 21104&nbsp; &nbsp; ----a-w-&nbsp; &nbsp; c:\windows\system32\drivers\mbam.sys2013-01-06 15:11 . 2013-01-06 15:11&nbsp; &nbsp; --------&nbsp; &nbsp; d-----w-&nbsp; &nbsp; c:\program files\ERUNT2013-01-05 09:59 . 2013-01-05 09:59&nbsp; &nbsp; --------&nbsp; &nbsp; d-----w-&nbsp; &nbsp; c:\documents and settings\All Users.WINDOWS\Application Data\SUPERAntiSpyware.com2012-12-31 20:54 . 2012-12-31 20:54&nbsp; &nbsp; --------&nbsp; &nbsp; d-----w-&nbsp; &nbsp; c:\documents and settings\Administrator\Application Data\vlc2012-12-31 20:54 . 2012-12-31 20:54&nbsp; &nbsp; --------&nbsp; &nbsp; d-----w-&nbsp; &nbsp; c:\documents and settings\Administrator\Application Data\dvdcss2012-12-31 10:20 . 2012-12-31 10:20&nbsp; &nbsp; --------&nbsp; &nbsp; d-----w-&nbsp; &nbsp; c:\documents and settings\Administrator\Application Data\Malwarebytes2012-12-31 08:52 . 2013-01-05 21:05&nbsp; &nbsp; --------&nbsp; &nbsp; d-----w-&nbsp; &nbsp; c:\documents and settings\All Users.WINDOWS\Application Data\HitmanPro2012-12-31 08:50 . 2012-12-31 08:50&nbsp; &nbsp; --------&nbsp; &nbsp; d-----w-&nbsp; &nbsp; c:\documents and settings\All Users.WINDOWS\Application Data\Malwarebytes2012-12-29 12:13 . 2013-01-06 16:22&nbsp; &nbsp; --------&nbsp; &nbsp; d-----w-&nbsp; &nbsp; c:\program files\GridinSoft Trojan Killer2012-12-18 14:28 . 2012-12-18 14:28&nbsp; &nbsp; 186584&nbsp; &nbsp; ----a-w-&nbsp; &nbsp; c:\program files\Internet Explorer\PLUGINS\nppdf32.dll2012-12-18 11:44 . 2012-12-18 11:44&nbsp; &nbsp; --------&nbsp; &nbsp; d-----w-&nbsp; &nbsp; c:\program files\Common Files\xing shared...((((((((((((((((((((((((((((((((((((((((&nbsp;&nbsp; Find3M Report&nbsp;&nbsp; )))))))))))))))))))))))))))))))))))))))))))))))))))).2013-01-08 23:09 . 2012-03-31 16:24&nbsp; &nbsp; 697864&nbsp; &nbsp; ----a-w-&nbsp; &nbsp; c:\windows\system32\FlashPlayerApp.exe2013-01-08 23:09 . 2012-01-13 09:02&nbsp; &nbsp; 74248&nbsp; &nbsp; ----a-w-&nbsp; &nbsp; c:\windows\system32\FlashPlayerCPLApp.cpl2012-12-18 11:43 . 2009-05-21 19:21&nbsp; &nbsp; 499712&nbsp; &nbsp; ----a-w-&nbsp; &nbsp; c:\windows\system32\msvcp71.dll2012-12-18 11:43 . 2009-05-21 17:57&nbsp; &nbsp; 348160&nbsp; &nbsp; ----a-w-&nbsp; &nbsp; c:\windows\system32\msvcr71.dll2012-12-16 12:23 . 2004-08-04 12:00&nbsp; &nbsp; 290560&nbsp; &nbsp; ----a-w-&nbsp; &nbsp; c:\windows\system32\atmfd.dll2012-12-03 15:40 . 2012-12-04 16:46&nbsp; &nbsp; 1874280&nbsp; &nbsp; ----a-w-&nbsp; &nbsp; c:\windows\system32\nvcuvenc.dll2012-12-03 15:40 . 2012-10-19 14:19&nbsp; &nbsp; 5955584&nbsp; &nbsp; ----a-w-&nbsp; &nbsp; c:\windows\system32\nvopencl.dll2012-12-03 15:40 . 2012-10-19 14:19&nbsp; &nbsp; 889192&nbsp; &nbsp; ----a-w-&nbsp; &nbsp; c:\windows\system32\nvdispgenco32.dll2012-12-03 15:40 . 2012-02-09 21:40&nbsp; &nbsp; 7606272&nbsp; &nbsp; ----a-w-&nbsp; &nbsp; c:\windows\system32\nvcuda.dll2012-12-03 15:40 . 2012-02-09 21:40&nbsp; &nbsp; 2611560&nbsp; &nbsp; ----a-w-&nbsp; &nbsp; c:\windows\system32\nvcuvid.dll2012-12-03 15:40 . 2012-02-09 21:40&nbsp; &nbsp; 2441728&nbsp; &nbsp; ----a-w-&nbsp; &nbsp; c:\windows\system32\nvapi.dll2012-12-03 15:40 . 2012-02-09 21:40&nbsp; &nbsp; 19460096&nbsp; &nbsp; ----a-w-&nbsp; &nbsp; c:\windows\system32\nvoglnt.dll2012-12-03 15:40 . 2012-02-09 21:40&nbsp; &nbsp; 17551360&nbsp; &nbsp; ----a-w-&nbsp; &nbsp; c:\windows\system32\nvcompiler.dll2012-12-03 15:40 . 2012-02-09 21:40&nbsp; &nbsp; 1011048&nbsp; &nbsp; ----a-w-&nbsp; &nbsp; c:\windows\system32\nvdispco32.dll2012-12-03 15:40 . 2011-04-11 09:51&nbsp; &nbsp; 11053992&nbsp; &nbsp; ----a-w-&nbsp; &nbsp; c:\windows\system32\drivers\nv4_mini.sys2012-12-03 15:40 . 2008-04-14 00:12&nbsp; &nbsp; 4153600&nbsp; &nbsp; ----a-w-&nbsp; &nbsp; c:\windows\system32\nv4_disp.dll2012-12-01 04:56 . 2012-12-04 16:52&nbsp; &nbsp; 249856&nbsp; &nbsp; ----a-w-&nbsp; &nbsp; c:\windows\system32\nvrscs.dll2012-12-01 04:56 . 2012-12-04 16:52&nbsp; &nbsp; 286720&nbsp; &nbsp; ----a-w-&nbsp; &nbsp; c:\windows\system32\nvrsfr.dll2012-12-01 04:56 . 2012-12-04 16:52&nbsp; &nbsp; 274432&nbsp; &nbsp; ----a-w-&nbsp; &nbsp; c:\windows\system32\nvrsnl.dll2012-12-01 04:56 . 2012-12-04 16:52&nbsp; &nbsp; 258048&nbsp; &nbsp; ----a-w-&nbsp; &nbsp; c:\windows\system32\nvrstr.dll2012-12-01 04:56 . 2012-12-04 16:52&nbsp; &nbsp; 258048&nbsp; &nbsp; ----a-w-&nbsp; &nbsp; c:\windows\system32\nvrssl.dll2012-12-01 04:56 . 2012-12-04 16:52&nbsp; &nbsp; 278528&nbsp; &nbsp; ----a-w-&nbsp; &nbsp; c:\windows\system32\nvrsde.dll2012-12-01 04:56 . 2012-12-04 16:52&nbsp; &nbsp; 253952&nbsp; &nbsp; ----a-w-&nbsp; &nbsp; c:\windows\system32\nvrsda.dll2012-12-01 04:56 . 2012-12-04 16:52&nbsp; &nbsp; 282624&nbsp; &nbsp; ----a-w-&nbsp; &nbsp; c:\windows\system32\nvrsit.dll2012-12-01 04:56 . 2012-12-04 16:52&nbsp; &nbsp; 253952&nbsp; &nbsp; ----a-w-&nbsp; &nbsp; c:\windows\system32\nvrsth.dll2012-12-01 04:56 . 2012-12-04 16:52&nbsp; &nbsp; 253952&nbsp; &nbsp; ----a-w-&nbsp; &nbsp; c:\windows\system32\nvrssv.dll2012-12-01 04:56 . 2012-12-04 16:52&nbsp; &nbsp; 249856&nbsp; &nbsp; ----a-w-&nbsp; &nbsp; c:\windows\system32\nvrsfi.dll2012-12-01 04:56 . 2012-12-04 16:52&nbsp; &nbsp; 229376&nbsp; &nbsp; ----a-w-&nbsp; &nbsp; c:\windows\system32\nvrszhc.dll2012-12-01 04:56 . 2012-12-04 16:52&nbsp; &nbsp; 335872&nbsp; &nbsp; ----a-w-&nbsp; &nbsp; c:\windows\system32\nvrsar.dll2012-12-01 04:56 . 2012-12-04 16:52&nbsp; &nbsp; 270336&nbsp; &nbsp; ----a-w-&nbsp; &nbsp; c:\windows\system32\nvrsru.dll2012-12-01 04:56 . 2012-12-04 16:52&nbsp; &nbsp; 270336&nbsp; &nbsp; ----a-w-&nbsp; &nbsp; c:\windows\system32\nvrsptb.dll2012-12-01 04:56 . 2012-12-04 16:52&nbsp; &nbsp; 258048&nbsp; &nbsp; ----a-w-&nbsp; &nbsp; c:\windows\system32\nvrssk.dll2012-12-01 04:56 . 2012-12-04 16:52&nbsp; &nbsp; 258048&nbsp; &nbsp; ----a-w-&nbsp; &nbsp; c:\windows\system32\nvrspl.dll2012-12-01 04:56 . 2012-12-04 16:52&nbsp; &nbsp; 282624&nbsp; &nbsp; ----a-w-&nbsp; &nbsp; c:\windows\system32\nvrsel.dll2012-12-01 04:56 . 2012-12-04 16:52&nbsp; &nbsp; 335872&nbsp; &nbsp; ----a-w-&nbsp; &nbsp; c:\windows\system32\nvrshe.dll2012-12-01 04:56 . 2012-12-04 16:52&nbsp; &nbsp; 274432&nbsp; &nbsp; ----a-w-&nbsp; &nbsp; c:\windows\system32\nvrspt.dll2012-12-01 04:56 . 2012-12-04 16:52&nbsp; &nbsp; 266240&nbsp; &nbsp; ----a-w-&nbsp; &nbsp; c:\windows\system32\nvrsko.dll2012-12-01 04:56 . 2012-12-04 16:52&nbsp; &nbsp; 262144&nbsp; &nbsp; ----a-w-&nbsp; &nbsp; c:\windows\system32\nvrshu.dll2012-12-01 04:56 . 2012-12-04 16:52&nbsp; &nbsp; 253952&nbsp; &nbsp; ----a-w-&nbsp; &nbsp; c:\windows\system32\nvrsno.dll2012-12-01 04:56 . 2012-12-04 16:52&nbsp; &nbsp; 282624&nbsp; &nbsp; ----a-w-&nbsp; &nbsp; c:\windows\system32\nvrses.dll2012-12-01 04:56 . 2012-12-04 16:52&nbsp; &nbsp; 249856&nbsp; &nbsp; ----a-w-&nbsp; &nbsp; c:\windows\system32\nvrseng.dll2012-12-01 04:56 . 2012-12-04 16:52&nbsp; &nbsp; 274432&nbsp; &nbsp; ----a-w-&nbsp; &nbsp; c:\windows\system32\nvrsja.dll2012-12-01 04:56 . 2012-12-04 16:52&nbsp; &nbsp; 126976&nbsp; &nbsp; ----a-w-&nbsp; &nbsp; c:\windows\system32\nvrszht.dll2012-12-01 04:56 . 2012-12-04 16:52&nbsp; &nbsp; 274432&nbsp; &nbsp; ----a-w-&nbsp; &nbsp; c:\windows\system32\nvrsesm.dll2012-12-01 04:53 . 2012-10-19 14:22&nbsp; &nbsp; 15524712&nbsp; &nbsp; ----a-w-&nbsp; &nbsp; c:\windows\system32\nvcpl.dll2012-12-01 04:53 . 2012-10-19 14:22&nbsp; &nbsp; 164712&nbsp; &nbsp; ----a-w-&nbsp; &nbsp; c:\windows\system32\nvsvc32.exe2012-12-01 04:53 . 2012-10-19 14:22&nbsp; &nbsp; 143720&nbsp; &nbsp; ----a-w-&nbsp; &nbsp; c:\windows\system32\nvcolor.exe2012-12-01 04:53 . 2012-10-19 14:22&nbsp; &nbsp; 108392&nbsp; &nbsp; ----a-w-&nbsp; &nbsp; c:\windows\system32\nvmctray.dll2012-12-01 04:52 . 2012-10-19 14:22&nbsp; &nbsp; 54272&nbsp; &nbsp; ----a-w-&nbsp; &nbsp; c:\windows\system32\nvwddi.dll2012-11-13 01:25 . 2004-08-04 12:00&nbsp; &nbsp; 1866368&nbsp; &nbsp; ----a-w-&nbsp; &nbsp; c:\windows\system32\win32k.sys2012-11-06 02:01 . 2008-04-14 00:12&nbsp; &nbsp; 1371648&nbsp; &nbsp; ----a-w-&nbsp; &nbsp; c:\windows\system32\msxml6.dll2012-11-02 02:02 . 2004-08-04 12:00&nbsp; &nbsp; 375296&nbsp; &nbsp; ----a-w-&nbsp; &nbsp; c:\windows\system32\dpnet.dll2012-11-01 12:17 . 2004-09-29 18:47&nbsp; &nbsp; 916992&nbsp; &nbsp; ----a-w-&nbsp; &nbsp; c:\windows\system32\wininet.dll2012-11-01 12:17 . 2004-08-04 12:00&nbsp; &nbsp; 43520&nbsp; &nbsp; ------w-&nbsp; &nbsp; c:\windows\system32\licmgr10.dll2012-11-01 12:17 . 2004-08-04 12:00&nbsp; &nbsp; 1469440&nbsp; &nbsp; ------w-&nbsp; &nbsp; c:\windows\system32\inetcpl.cpl2012-11-01 00:35 . 2004-08-04 12:00&nbsp; &nbsp; 385024&nbsp; &nbsp; ------w-&nbsp; &nbsp; c:\windows\system32\html.iec2012-10-30 22:51 . 2012-07-11 13:47&nbsp; &nbsp; 361032&nbsp; &nbsp; ----a-w-&nbsp; &nbsp; c:\windows\system32\drivers\aswSP.sys2012-10-30 22:51 . 2012-07-11 13:47&nbsp; &nbsp; 54232&nbsp; &nbsp; ----a-w-&nbsp; &nbsp; c:\windows\system32\drivers\aswTdi.sys2012-10-30 22:51 . 2012-07-11 13:47&nbsp; &nbsp; 35928&nbsp; &nbsp; ----a-w-&nbsp; &nbsp; c:\windows\system32\drivers\aswRdr.sys2012-10-30 22:51 . 2012-07-11 13:47&nbsp; &nbsp; 738504&nbsp; &nbsp; ----a-w-&nbsp; &nbsp; c:\windows\system32\drivers\aswSnx.sys2012-10-30 22:51 . 2012-07-11 13:47&nbsp; &nbsp; 97608&nbsp; &nbsp; ----a-w-&nbsp; &nbsp; c:\windows\system32\drivers\aswmon2.sys2012-10-30 22:51 . 2012-07-11 13:47&nbsp; &nbsp; 89752&nbsp; &nbsp; ----a-w-&nbsp; &nbsp; c:\windows\system32\drivers\aswmon.sys2012-10-30 22:51 . 2012-07-11 13:47&nbsp; &nbsp; 21256&nbsp; &nbsp; ----a-w-&nbsp; &nbsp; c:\windows\system32\drivers\aswFsBlk.sys2012-10-30 22:51 . 2012-07-11 13:47&nbsp; &nbsp; 25256&nbsp; &nbsp; ----a-w-&nbsp; &nbsp; c:\windows\system32\drivers\aavmker4.sys2012-10-30 22:51 . 2012-07-11 13:46&nbsp; &nbsp; 41224&nbsp; &nbsp; ----a-w-&nbsp; &nbsp; c:\windows\avastSS.scr2012-10-30 22:50 . 2012-07-11 13:46&nbsp; &nbsp; 227648&nbsp; &nbsp; ----a-w-&nbsp; &nbsp; c:\windows\system32\aswBoot.exe2012-10-25 03:12 . 2012-10-25 03:12&nbsp; &nbsp; 94208&nbsp; &nbsp; ----a-w-&nbsp; &nbsp; c:\windows\system32\QuickTimeVR.qtx2012-10-25 03:12 . 2012-10-25 03:12&nbsp; &nbsp; 69632&nbsp; &nbsp; ----a-w-&nbsp; &nbsp; c:\windows\system32\QuickTime.qts2013-01-12 09:52 . 2013-01-12 09:50&nbsp; &nbsp; 262704&nbsp; &nbsp; ----a-w-&nbsp; &nbsp; c:\program files\mozilla firefox\components\browsercomps.dll..(((((((((((((((((((((((((((((((((((((&nbsp;&nbsp; Reg Loading Points&nbsp;&nbsp; ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries &amp; legit default entries are not shown REGEDIT4.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]@=&quot;{472083B0-C522-11CF-8763-00608CC02F24}&quot;[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]2012-10-30 22:50&nbsp; &nbsp; 121528&nbsp; &nbsp; ----a-w-&nbsp; &nbsp; c:\program files\AVAST Software\Avast\ashShell.dll.[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]&quot;ISUSPM&quot;=&quot;c:\documents and settings\All Users.WINDOWS\Application Data\FLEXnet\Connect\11\ISUSPM.exe&quot; [2009-05-05 222496]&quot;TomTomHOME.exe&quot;=&quot;c:\program files\TomTom HOME 2\TomTomHOMERunner.exe&quot; [2012-01-23 247728]&quot;SUPERAntiSpyware&quot;=&quot;c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe&quot; [2011-03-19 2423752].[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]&quot;High Definition Audio Property Page Shortcut&quot;=&quot;HDAShCut.exe&quot; [2004-10-27 61952]&quot;SpeedTouch USB Diagnostics&quot;=&quot;c:\program files\Thomson\SpeedTouch USB\Dragdiag.exe&quot; [2004-01-26 866816]&quot;HP Software Update&quot;=&quot;c:\program files\HP\HP Software Update\HPWuSchd2.exe&quot; [2008-12-08 54576]&quot;CanonMyPrinter&quot;=&quot;c:\program files\Canon\MyPrinter\BJMyPrt.exe&quot; [2010-07-26 2569616]&quot;Adobe ARM&quot;=&quot;c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe&quot; [2012-12-03 946352]&quot;NeroFilterCheck&quot;=&quot;c:\windows\system32\NeroCheck.exe&quot; [2001-07-09 155648]&quot;UnlockerAssistant&quot;=&quot;c:\program files\Unlocker\UnlockerAssistant.exe&quot; [2010-07-04 17408]&quot;APSDaemon&quot;=&quot;c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe&quot; [2012-10-11 59280]&quot;avast&quot;=&quot;c:\program files\AVAST Software\Avast\avastUI.exe&quot; [2012-10-30 4297136]&quot;SunJavaUpdateSched&quot;=&quot;c:\program files\Common Files\Java\Java Update\jusched.exe&quot; [2012-07-03 252848]&quot;QuickTime Task&quot;=&quot;c:\program files\QuickTime\QTTask.exe&quot; [2012-10-25 421888]&quot;NvCplDaemon&quot;=&quot;c:\windows\system32\NvCpl.dll&quot; [2012-12-01 15524712]&quot;NvMediaCenter&quot;=&quot;c:\windows\system32\NvMcTray.dll&quot; [2012-12-01 108392]&quot;nwiz&quot;=&quot;c:\program files\NVIDIA Corporation\nview\nwiz.exe&quot; [2012-12-03 1982312]&quot;IntelliPoint&quot;=&quot;c:\program files\Microsoft IntelliPoint\ipoint.exe&quot; [2007-02-05 849280]&quot;TkBellExe&quot;=&quot;c:\program files\Real\RealPlayer\update\realsched.exe&quot; [2012-12-18 295072]&quot;DWQueuedReporting&quot;=&quot;c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe&quot; [2007-02-26 437160].[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]&quot;CTFMON.EXE&quot;=&quot;c:\windows\system32\CTFMON.EXE&quot; [2008-04-14 15360].[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]@=&quot;Service&quot;.[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]&quot;%windir%\\system32\\sessmgr.exe&quot;=&quot;c:\\Program Files\\TalkTalk\\agent\\bin\\bcont.exe&quot;=&quot;c:\\Program Files\\Common Files\\SupportSoft\\bin\\tgsrvc.exe&quot;=&quot;c:\\Program Files\\TalkTalk\\agent\\bin\\bcont_nm.exe&quot;=&quot;c:\\Program Files\\TalkTalk\\bin\\sprtcmd.exe&quot;=&quot;c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe&quot;=&quot;c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe&quot;=&quot;c:\\Program Files\\Common Files\\HP\\Digital Imaging\\bin\\hpqPhotoCrm.exe&quot;=&quot;c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqsudi.exe&quot;=&quot;c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpsapp.exe&quot;=&quot;c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpse.exe&quot;=&quot;c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe&quot;=&quot;c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgm.exe&quot;=&quot;c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgh.exe&quot;=&quot;c:\\Program Files\\HP\\Digital Imaging\\smart web printing\\SmartWebPrintExe.exe&quot;=&quot;%windir%\\Network Diagnostic\\xpnetdiag.exe&quot;=&quot;c:\\Program Files\\Deluge\\deluge.exe&quot;=&quot;c:\\Program Files\\VideoLAN\\VLC\\vlc.exe&quot;=&quot;c:\\Program Files\\NVIDIA Corporation\\NVIDIA Update Core\\daemonu.exe&quot;=&quot;c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe&quot;=&quot;c:\\Program Files\\Mozilla Firefox\\firefox.exe&quot;=&quot;c:\\Program Files\\AVAST Software\\Avast\\AvastUI.exe&quot;=.[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]&quot;AllowInboundRouterRequest&quot;= 1 (0x1)&quot;AllowOutboundDestinationUnreachable&quot;= 1 (0x1).R1 A2DDA;A2 Direct Disk Access Support Driver;c:\program files\Emsisoft Anti-Malware\a2ddax86.sys [21/11/2012 00:53 17904]R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [11/07/2012 13:47 738504]R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [11/07/2012 13:47 361032]R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [17/02/2010 18:25 12872]R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [10/05/2010 18:41 67656]R2 a2AntiMalware;Emsisoft Anti-Malware 6.6 - Service;c:\program files\Emsisoft Anti-Malware\a2service.exe [21/11/2012 00:53 3069752]R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [11/07/2012 13:47 21256]R2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes&#039; Anti-Malware\mbamscheduler.exe [06/01/2013 15:58 398184]R2 MBAMService;MBAMService;c:\program files\Malwarebytes&#039; Anti-Malware\mbamservice.exe [28/04/2010 20:24 682344]R2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files\RealNetworks\RealDownloader\rndlresolversvc.exe [09/08/2012 12:02 38608]R2 sprtsvc_TalkTalk;SupportSoft Sprocket Service (TalkTalk);c:\program files\TalkTalk\bin\sprtsvc.exe [12/10/2007 08:33 202016]R2 tgsrvc_TalkTalk;SupportSoft Repair Service (TalkTalk);c:\program files\Common Files\SupportSoft\bin\tgsrvc.exe [02/08/2007 13:42 148768]R2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [23/01/2012 04:43 92592]R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [06/01/2013 15:58 21104]S1 SABKUTIL;SABKUTIL;\??\c:\program files\SUPERAntiSpyware\SABKUTIL.sys --&gt; c:\program files\SUPERAntiSpyware\SABKUTIL.sys [?]S3 a2acc;a2acc;c:\program files\Emsisoft Anti-Malware\a2accx86.sys [21/11/2012 00:53 54072]S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [17/04/2012 18:48 137600]S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [17/04/2012 18:48 8576].[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]hpdevmgmt&nbsp; &nbsp; REG_MULTI_SZ&nbsp; &nbsp; &nbsp;&nbsp; hpqcxs08.[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]2013-01-12 20:13&nbsp; &nbsp; 1606760&nbsp; &nbsp; ----a-w-&nbsp; &nbsp; c:\program files\Google\Chrome\Application\24.0.1312.52\Installer\setup.exe.Contents of the &#039;Scheduled Tasks&#039; folder.2013-01-14 c:\windows\Tasks\Adobe Flash Player Updater.job- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-31 23:09].2012-12-18 c:\windows\Tasks\AppleSoftwareUpdate.job- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 16:57].2013-01-15 c:\windows\Tasks\avast! Emergency Update.job- c:\program files\AVAST Software\Avast\AvastEmUpdate.exe [2012-07-11 22:50].2013-01-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job- c:\program files\Google\Update\GoogleUpdate.exe [2012-07-11 13:47].2013-01-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job- c:\program files\Google\Update\GoogleUpdate.exe [2012-07-11 13:47].2012-12-14 c:\windows\Tasks\Microsoft_Hardware_Launch_IPoint_exe.job- c:\program files\Microsoft IntelliPoint\ipoint.exe [2007-02-05 15:52].2013-01-08 c:\windows\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-1060284298-1202660629-725345543-1005.job- c:\program files\RealNetworks\RealDownloader\recordingmanager.exe [2012-08-09 12:04].2013-01-15 c:\windows\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-1060284298-1202660629-725345543-1005.job- c:\program files\RealNetworks\RealDownloader\realupgrade.exe [2012-08-09 12:02].2013-01-15 c:\windows\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-1060284298-1202660629-725345543-1005.job- c:\program files\RealNetworks\RealDownloader\realupgrade.exe [2012-08-09 12:02].2013-01-15 c:\windows\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1060284298-1202660629-725345543-1005.job- c:\program files\Real\RealUpgrade\realupgrade.exe [2012-11-30 15:30].2013-01-12 c:\windows\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1060284298-1202660629-725345543-1005.job- c:\program files\Real\RealUpgrade\realupgrade.exe [2012-11-30 15:30].2013-01-15 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1060284298-1202660629-725345543-1005.job- c:\program files\Real\RealUpgrade\realupgrade.exe [2012-11-30 15:30].2012-12-17 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1060284298-1202660629-725345543-1005.job- c:\program files\Real\RealUpgrade\realupgrade.exe [2012-11-30 15:30]..------- Supplementary Scan -------.uStart Page = hxxp://www.mytalktalk.co.ukmStart Page = hxxp://www.google.comuInternet Connection Wizard,ShellNext = hxxp://www.mytalktalk.co.uk/uSearchAssistant = TCP: DhcpNameServer = 192.168.1.1FF - ProfilePath - c:\documents and settings\Jane\Application Data\Mozilla\Firefox\Profiles\dxwlwziu.default\FF - prefs.js: browser.search.defaulturl - FF - prefs.js: browser.search.selectedEngine - FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/..**************************************************************************.catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2013-01-15 09:32Windows 5.1.2600 Service Pack 3 NTFS.scanning hidden processes ...&nbsp; .scanning hidden autostart entries ... .scanning hidden files ...&nbsp; .scan completed successfullyhidden files: 0.**************************************************************************.--------------------- LOCKED REGISTRY KEYS ---------------------.[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@=&quot;FlashBroker&quot;&quot;LocalizedString&quot;=&quot;@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe,-101&quot;.[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]&quot;Enabled&quot;=dword:00000001.[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]@=&quot;c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe&quot;.[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]@=&quot;{FAB3E735-69C7-453B-A446-B6823C6DF1C9}&quot;.[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@=&quot;IFlashBroker5&quot;.[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]@=&quot;{00020424-0000-0000-C000-000000000046}&quot;.[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]@=&quot;{FAB3E735-69C7-453B-A446-B6823C6DF1C9}&quot;&quot;Version&quot;=&quot;1.0&quot;.[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*]@=&quot;?????????????????? v1&quot;.[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*\CLSID]@=&quot;{E23FE9C6-778E-49D4-B537-38FCDE4887D8}&quot;.[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*]@=&quot;?????????????????? v2&quot;.[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*\CLSID]@=&quot;{9BE31822-FDAD-461B-AD51-BE1D1C159921}&quot;.--------------------- DLLs Loaded Under Running Processes ---------------------.- - - - - - - &gt; &#039;explorer.exe&#039;(3692)c:\windows\system32\WININET.dllc:\program files\Unlocker\UnlockerHook.dllc:\progra~1\WINDOW~2\wmpband.dllc:\windows\system32\ieframe.dllc:\windows\system32\webcheck.dllc:\windows\system32\WPDShServiceObj.dllc:\windows\system32\PortableDeviceTypes.dllc:\windows\system32\PortableDeviceApi.dll.------------------------ Other Running Processes ------------------------.c:\program files\AVAST Software\Avast\AvastSvc.exec:\program files\Java\jre7\bin\jqs.exec:\windows\system32\nvsvc32.exec:\program files\Malwarebytes&#039; Anti-Malware\mbamgui.exec:\program files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exec:\windows\system32\RUNDLL32.EXEc:\windows\system32\msiexec.exe.**************************************************************************.Completion time: 2013-01-15&nbsp; 09:43:07 - machine was rebootedComboFix-quarantined-files.txt&nbsp; 2013-01-15 09:43ComboFix2.txt&nbsp; 2013-01-14 20:03ComboFix3.txt&nbsp; 2013-01-07 20:53ComboFix4.txt&nbsp; 2013-01-05 12:42.Pre-Run: 176,010,002,432 bytes freePost-Run: 175,703,793,664 bytes free.- - End Of File - - E4E5B0EC3445065BB3102A874352762D</blockquote>

[QUOTE="edward1, post: 96768, member: 4314"] All completed. Here is log:- ComboFix 13-01-14.01 - Administrator 15/01/2013 9:20.4.2 - x86 MINIMAL Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.1023.817 [GMT 0:00] Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\Administrator\Desktop\CFScript.txt.txt AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D} FW: avast! Antivirus *Disabled* {7591DB91-41F0-48A3-B128-1A293FD8233D} . . ((((((((((((((((((((((((( Files Created from 2012-12-15 to 2013-01-15 ))))))))))))))))))))))))))))))) . . 2013-01-14 17:03 . 2013-01-14 17:03 -------- d-----w- C:\_OTL 2013-01-13 19:35 . 2013-01-13 19:35 -------- d-----w- C:\eeepcfr 2013-01-12 09:21 . 2013-01-12 09:21 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Mozilla 2013-01-06 15:58 . 2012-12-14 16:49 21104 ----a-w- c:\windows\system32\drivers\mbam.sys 2013-01-06 15:11 . 2013-01-06 15:11 -------- d-----w- c:\program files\ERUNT 2013-01-05 09:59 . 2013-01-05 09:59 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\SUPERAntiSpyware.com 2012-12-31 20:54 . 2012-12-31 20:54 -------- d-----w- c:\documents and settings\Administrator\Application Data\vlc 2012-12-31 20:54 . 2012-12-31 20:54 -------- d-----w- c:\documents and settings\Administrator\Application Data\dvdcss 2012-12-31 10:20 . 2012-12-31 10:20 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes 2012-12-31 08:52 . 2013-01-05 21:05 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\HitmanPro 2012-12-31 08:50 . 2012-12-31 08:50 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Malwarebytes 2012-12-29 12:13 . 2013-01-06 16:22 -------- d-----w- c:\program files\GridinSoft Trojan Killer 2012-12-18 14:28 . 2012-12-18 14:28 186584 ----a-w- c:\program files\Internet Explorer\PLUGINS\nppdf32.dll 2012-12-18 11:44 . 2012-12-18 11:44 -------- d-----w- c:\program files\Common Files\xing shared . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-01-08 23:09 . 2012-03-31 16:24 697864 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2013-01-08 23:09 . 2012-01-13 09:02 74248 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-12-18 11:43 . 2009-05-21 19:21 499712 ----a-w- c:\windows\system32\msvcp71.dll 2012-12-18 11:43 . 2009-05-21 17:57 348160 ----a-w- c:\windows\system32\msvcr71.dll 2012-12-16 12:23 . 2004-08-04 12:00 290560 ----a-w- c:\windows\system32\atmfd.dll 2012-12-03 15:40 . 2012-12-04 16:46 1874280 ----a-w- c:\windows\system32\nvcuvenc.dll 2012-12-03 15:40 . 2012-10-19 14:19 5955584 ----a-w- c:\windows\system32\nvopencl.dll 2012-12-03 15:40 . 2012-10-19 14:19 889192 ----a-w- c:\windows\system32\nvdispgenco32.dll 2012-12-03 15:40 . 2012-02-09 21:40 7606272 ----a-w- c:\windows\system32\nvcuda.dll 2012-12-03 15:40 . 2012-02-09 21:40 2611560 ----a-w- c:\windows\system32\nvcuvid.dll 2012-12-03 15:40 . 2012-02-09 21:40 2441728 ----a-w- c:\windows\system32\nvapi.dll 2012-12-03 15:40 . 2012-02-09 21:40 19460096 ----a-w- c:\windows\system32\nvoglnt.dll 2012-12-03 15:40 . 2012-02-09 21:40 17551360 ----a-w- c:\windows\system32\nvcompiler.dll 2012-12-03 15:40 . 2012-02-09 21:40 1011048 ----a-w- c:\windows\system32\nvdispco32.dll 2012-12-03 15:40 . 2011-04-11 09:51 11053992 ----a-w- c:\windows\system32\drivers\nv4_mini.sys 2012-12-03 15:40 . 2008-04-14 00:12 4153600 ----a-w- c:\windows\system32\nv4_disp.dll 2012-12-01 04:56 . 2012-12-04 16:52 249856 ----a-w- c:\windows\system32\nvrscs.dll 2012-12-01 04:56 . 2012-12-04 16:52 286720 ----a-w- c:\windows\system32\nvrsfr.dll 2012-12-01 04:56 . 2012-12-04 16:52 274432 ----a-w- c:\windows\system32\nvrsnl.dll 2012-12-01 04:56 . 2012-12-04 16:52 258048 ----a-w- c:\windows\system32\nvrstr.dll 2012-12-01 04:56 . 2012-12-04 16:52 258048 ----a-w- c:\windows\system32\nvrssl.dll 2012-12-01 04:56 . 2012-12-04 16:52 278528 ----a-w- c:\windows\system32\nvrsde.dll 2012-12-01 04:56 . 2012-12-04 16:52 253952 ----a-w- c:\windows\system32\nvrsda.dll 2012-12-01 04:56 . 2012-12-04 16:52 282624 ----a-w- c:\windows\system32\nvrsit.dll 2012-12-01 04:56 . 2012-12-04 16:52 253952 ----a-w- c:\windows\system32\nvrsth.dll 2012-12-01 04:56 . 2012-12-04 16:52 253952 ----a-w- c:\windows\system32\nvrssv.dll 2012-12-01 04:56 . 2012-12-04 16:52 249856 ----a-w- c:\windows\system32\nvrsfi.dll 2012-12-01 04:56 . 2012-12-04 16:52 229376 ----a-w- c:\windows\system32\nvrszhc.dll 2012-12-01 04:56 . 2012-12-04 16:52 335872 ----a-w- c:\windows\system32\nvrsar.dll 2012-12-01 04:56 . 2012-12-04 16:52 270336 ----a-w- c:\windows\system32\nvrsru.dll 2012-12-01 04:56 . 2012-12-04 16:52 270336 ----a-w- c:\windows\system32\nvrsptb.dll 2012-12-01 04:56 . 2012-12-04 16:52 258048 ----a-w- c:\windows\system32\nvrssk.dll 2012-12-01 04:56 . 2012-12-04 16:52 258048 ----a-w- c:\windows\system32\nvrspl.dll 2012-12-01 04:56 . 2012-12-04 16:52 282624 ----a-w- c:\windows\system32\nvrsel.dll 2012-12-01 04:56 . 2012-12-04 16:52 335872 ----a-w- c:\windows\system32\nvrshe.dll 2012-12-01 04:56 . 2012-12-04 16:52 274432 ----a-w- c:\windows\system32\nvrspt.dll 2012-12-01 04:56 . 2012-12-04 16:52 266240 ----a-w- c:\windows\system32\nvrsko.dll 2012-12-01 04:56 . 2012-12-04 16:52 262144 ----a-w- c:\windows\system32\nvrshu.dll 2012-12-01 04:56 . 2012-12-04 16:52 253952 ----a-w- c:\windows\system32\nvrsno.dll 2012-12-01 04:56 . 2012-12-04 16:52 282624 ----a-w- c:\windows\system32\nvrses.dll 2012-12-01 04:56 . 2012-12-04 16:52 249856 ----a-w- c:\windows\system32\nvrseng.dll 2012-12-01 04:56 . 2012-12-04 16:52 274432 ----a-w- c:\windows\system32\nvrsja.dll 2012-12-01 04:56 . 2012-12-04 16:52 126976 ----a-w- c:\windows\system32\nvrszht.dll 2012-12-01 04:56 . 2012-12-04 16:52 274432 ----a-w- c:\windows\system32\nvrsesm.dll 2012-12-01 04:53 . 2012-10-19 14:22 15524712 ----a-w- c:\windows\system32\nvcpl.dll 2012-12-01 04:53 . 2012-10-19 14:22 164712 ----a-w- c:\windows\system32\nvsvc32.exe 2012-12-01 04:53 . 2012-10-19 14:22 143720 ----a-w- c:\windows\system32\nvcolor.exe 2012-12-01 04:53 . 2012-10-19 14:22 108392 ----a-w- c:\windows\system32\nvmctray.dll 2012-12-01 04:52 . 2012-10-19 14:22 54272 ----a-w- c:\windows\system32\nvwddi.dll 2012-11-13 01:25 . 2004-08-04 12:00 1866368 ----a-w- c:\windows\system32\win32k.sys 2012-11-06 02:01 . 2008-04-14 00:12 1371648 ----a-w- c:\windows\system32\msxml6.dll 2012-11-02 02:02 . 2004-08-04 12:00 375296 ----a-w- c:\windows\system32\dpnet.dll 2012-11-01 12:17 . 2004-09-29 18:47 916992 ----a-w- c:\windows\system32\wininet.dll 2012-11-01 12:17 . 2004-08-04 12:00 43520 ------w- c:\windows\system32\licmgr10.dll 2012-11-01 12:17 . 2004-08-04 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl 2012-11-01 00:35 . 2004-08-04 12:00 385024 ------w- c:\windows\system32\html.iec 2012-10-30 22:51 . 2012-07-11 13:47 361032 ----a-w- c:\windows\system32\drivers\aswSP.sys 2012-10-30 22:51 . 2012-07-11 13:47 54232 ----a-w- c:\windows\system32\drivers\aswTdi.sys 2012-10-30 22:51 . 2012-07-11 13:47 35928 ----a-w- c:\windows\system32\drivers\aswRdr.sys 2012-10-30 22:51 . 2012-07-11 13:47 738504 ----a-w- c:\windows\system32\drivers\aswSnx.sys 2012-10-30 22:51 . 2012-07-11 13:47 97608 ----a-w- c:\windows\system32\drivers\aswmon2.sys 2012-10-30 22:51 . 2012-07-11 13:47 89752 ----a-w- c:\windows\system32\drivers\aswmon.sys 2012-10-30 22:51 . 2012-07-11 13:47 21256 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys 2012-10-30 22:51 . 2012-07-11 13:47 25256 ----a-w- c:\windows\system32\drivers\aavmker4.sys 2012-10-30 22:51 . 2012-07-11 13:46 41224 ----a-w- c:\windows\avastSS.scr 2012-10-30 22:50 . 2012-07-11 13:46 227648 ----a-w- c:\windows\system32\aswBoot.exe 2012-10-25 03:12 . 2012-10-25 03:12 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx 2012-10-25 03:12 . 2012-10-25 03:12 69632 ----a-w- c:\windows\system32\QuickTime.qts 2013-01-12 09:52 . 2013-01-12 09:50 262704 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast] @="{472083B0-C522-11CF-8763-00608CC02F24}" [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}] 2012-10-30 22:50 121528 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ISUSPM"="c:\documents and settings\All Users.WINDOWS\Application Data\FLEXnet\Connect\11\ISUSPM.exe" [2009-05-05 222496] "TomTomHOME.exe"="c:\program files\TomTom HOME 2\TomTomHOMERunner.exe" [2012-01-23 247728] "SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-03-19 2423752] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2004-10-27 61952] "SpeedTouch USB Diagnostics"="c:\program files\Thomson\SpeedTouch USB\Dragdiag.exe" [2004-01-26 866816] "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576] "CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2010-07-26 2569616] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352] "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648] "UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2010-07-04 17408] "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-10-11 59280] "avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-10-30 4297136] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-10-25 421888] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2012-12-01 15524712] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2012-12-01 108392] "nwiz"="c:\program files\NVIDIA Corporation\nview\nwiz.exe" [2012-12-03 1982312] "IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2007-02-05 849280] "TkBellExe"="c:\program files\Real\RealPlayer\update\realsched.exe" [2012-12-18 295072] "DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc] @="Service" . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\TalkTalk\\agent\\bin\\bcont.exe"= "c:\\Program Files\\Common Files\\SupportSoft\\bin\\tgsrvc.exe"= "c:\\Program Files\\TalkTalk\\agent\\bin\\bcont_nm.exe"= "c:\\Program Files\\TalkTalk\\bin\\sprtcmd.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"= "c:\\Program Files\\Common Files\\HP\\Digital Imaging\\bin\\hpqPhotoCrm.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqsudi.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpsapp.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpse.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgm.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgh.exe"= "c:\\Program Files\\HP\\Digital Imaging\\smart web printing\\SmartWebPrintExe.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Deluge\\deluge.exe"= "c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"= "c:\\Program Files\\NVIDIA Corporation\\NVIDIA Update Core\\daemonu.exe"= "c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"= "c:\\Program Files\\Mozilla Firefox\\firefox.exe"= "c:\\Program Files\\AVAST Software\\Avast\\AvastUI.exe"= . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings] "AllowInboundRouterRequest"= 1 (0x1) "AllowOutboundDestinationUnreachable"= 1 (0x1) . R1 A2DDA;A2 Direct Disk Access Support Driver;c:\program files\Emsisoft Anti-Malware\a2ddax86.sys [21/11/2012 00:53 17904] R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [11/07/2012 13:47 738504] R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [11/07/2012 13:47 361032] R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [17/02/2010 18:25 12872] R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [10/05/2010 18:41 67656] R2 a2AntiMalware;Emsisoft Anti-Malware 6.6 - Service;c:\program files\Emsisoft Anti-Malware\a2service.exe [21/11/2012 00:53 3069752] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [11/07/2012 13:47 21256] R2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [06/01/2013 15:58 398184] R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [28/04/2010 20:24 682344] R2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files\RealNetworks\RealDownloader\rndlresolversvc.exe [09/08/2012 12:02 38608] R2 sprtsvc_TalkTalk;SupportSoft Sprocket Service (TalkTalk);c:\program files\TalkTalk\bin\sprtsvc.exe [12/10/2007 08:33 202016] R2 tgsrvc_TalkTalk;SupportSoft Repair Service (TalkTalk);c:\program files\Common Files\SupportSoft\bin\tgsrvc.exe [02/08/2007 13:42 148768] R2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [23/01/2012 04:43 92592] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [06/01/2013 15:58 21104] S1 SABKUTIL;SABKUTIL;\??\c:\program files\SUPERAntiSpyware\SABKUTIL.sys --> c:\program files\SUPERAntiSpyware\SABKUTIL.sys [?] S3 a2acc;a2acc;c:\program files\Emsisoft Anti-Malware\a2accx86.sys [21/11/2012 00:53 54072] S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [17/04/2012 18:48 137600] S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [17/04/2012 18:48 8576] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] hpdevmgmt REG_MULTI_SZ hpqcxs08 . [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}] 2013-01-12 20:13 1606760 ----a-w- c:\program files\Google\Chrome\Application\24.0.1312.52\Installer\setup.exe . Contents of the 'Scheduled Tasks' folder . 2013-01-14 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-31 23:09] . 2012-12-18 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 16:57] . 2013-01-15 c:\windows\Tasks\avast! Emergency Update.job - c:\program files\AVAST Software\Avast\AvastEmUpdate.exe [2012-07-11 22:50] . 2013-01-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2012-07-11 13:47] . 2013-01-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2012-07-11 13:47] . 2012-12-14 c:\windows\Tasks\Microsoft_Hardware_Launch_IPoint_exe.job - c:\program files\Microsoft IntelliPoint\ipoint.exe [2007-02-05 15:52] . 2013-01-08 c:\windows\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-1060284298-1202660629-725345543-1005.job - c:\program files\RealNetworks\RealDownloader\recordingmanager.exe [2012-08-09 12:04] . 2013-01-15 c:\windows\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-1060284298-1202660629-725345543-1005.job - c:\program files\RealNetworks\RealDownloader\realupgrade.exe [2012-08-09 12:02] . 2013-01-15 c:\windows\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-1060284298-1202660629-725345543-1005.job - c:\program files\RealNetworks\RealDownloader\realupgrade.exe [2012-08-09 12:02] . 2013-01-15 c:\windows\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1060284298-1202660629-725345543-1005.job - c:\program files\Real\RealUpgrade\realupgrade.exe [2012-11-30 15:30] . 2013-01-12 c:\windows\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1060284298-1202660629-725345543-1005.job - c:\program files\Real\RealUpgrade\realupgrade.exe [2012-11-30 15:30] . 2013-01-15 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1060284298-1202660629-725345543-1005.job - c:\program files\Real\RealUpgrade\realupgrade.exe [2012-11-30 15:30] . 2012-12-17 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1060284298-1202660629-725345543-1005.job - c:\program files\Real\RealUpgrade\realupgrade.exe [2012-11-30 15:30] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.mytalktalk.co.uk mStart Page = hxxp://www.google.com uInternet Connection Wizard,ShellNext = hxxp://www.mytalktalk.co.uk/ uSearchAssistant = TCP: DhcpNameServer = 192.168.1.1 FF - ProfilePath - c:\documents and settings\Jane\Application Data\Mozilla\Firefox\Profiles\dxwlwziu.default\ FF - prefs.js: browser.search.defaulturl - FF - prefs.js: browser.search.selectedEngine - FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/ . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2013-01-15 09:32 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*] @="?????????????????? v1" . [HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*\CLSID] @="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}" . [HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*] @="?????????????????? v2" . [HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*\CLSID] @="{9BE31822-FDAD-461B-AD51-BE1D1C159921}" . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'explorer.exe'(3692) c:\windows\system32\WININET.dll c:\program files\Unlocker\UnlockerHook.dll c:\progra~1\WINDOW~2\wmpband.dll c:\windows\system32\ieframe.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Other Running Processes ------------------------ . c:\program files\AVAST Software\Avast\AvastSvc.exe c:\program files\Java\jre7\bin\jqs.exe c:\windows\system32\nvsvc32.exe c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe c:\program files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe c:\windows\system32\RUNDLL32.EXE c:\windows\system32\msiexec.exe . ************************************************************************** . Completion time: 2013-01-15 09:43:07 - machine was rebooted ComboFix-quarantined-files.txt 2013-01-15 09:43 ComboFix2.txt 2013-01-14 20:03 ComboFix3.txt 2013-01-07 20:53 ComboFix4.txt 2013-01-05 12:42 . Pre-Run: 176,010,002,432 bytes free Post-Run: 175,703,793,664 bytes free . - - End Of File - - E4E5B0EC3445065BB3102A874352762D [/QUOTE]

Verification