Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Inactive Support Threads
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Support
Windows Malware Removal Help & Support
Police Ransom Virus
Message
<blockquote data-quote="edward1" data-source="post: 97756" data-attributes="member: 4314"><p>Hi Fiery. Combofix log herewith plus also Emsisoft:-</p><p>ComboFix 13-01-14.01 - Administrator 18/01/2013 10:13:15.5.2 - x86 NETWORK</p><p>Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.1023.824 [GMT 0:00]</p><p>Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe</p><p>Command switches used :: c:\documents and settings\Administrator\Desktop\CFscript.txt</p><p>AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}</p><p>FW: avast! Antivirus *Disabled* {7591DB91-41F0-48A3-B128-1A293FD8233D}</p><p>.</p><p>FILE ::</p><p>"c:\documents and settings\Jane\My Documents\Downloads\nuancepdf.exe"</p><p>.</p><p>.</p><p>((((((((((((((((((((((((( Files Created from 2012-12-18 to 2013-01-18 )))))))))))))))))))))))))))))))</p><p>.</p><p>.</p><p>2013-01-17 08:59 . 2013-01-12 03:30 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll</p><p>2013-01-15 18:24 . 2013-01-15 18:24 -------- d-----w- c:\program files\ESET</p><p>2013-01-14 17:03 . 2013-01-14 17:03 -------- d-----w- C:\_OTL</p><p>2013-01-13 19:35 . 2013-01-13 19:35 -------- d-----w- C:\eeepcfr</p><p>2013-01-12 09:21 . 2013-01-12 09:21 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Mozilla</p><p>2013-01-06 15:58 . 2012-12-14 16:49 21104 ----a-w- c:\windows\system32\drivers\mbam.sys</p><p>2013-01-06 15:11 . 2013-01-06 15:11 -------- d-----w- c:\program files\ERUNT</p><p>2013-01-05 09:59 . 2013-01-05 09:59 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\SUPERAntiSpyware.com</p><p>2012-12-31 20:54 . 2012-12-31 20:54 -------- d-----w- c:\documents and settings\Administrator\Application Data\vlc</p><p>2012-12-31 20:54 . 2012-12-31 20:54 -------- d-----w- c:\documents and settings\Administrator\Application Data\dvdcss</p><p>2012-12-31 10:20 . 2012-12-31 10:20 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes</p><p>2012-12-31 08:52 . 2013-01-05 21:05 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\HitmanPro</p><p>2012-12-31 08:50 . 2012-12-31 08:50 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Malwarebytes</p><p>2012-12-29 12:13 . 2013-01-06 16:22 -------- d-----w- c:\program files\GridinSoft Trojan Killer</p><p>.</p><p>.</p><p>.</p><p>(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))</p><p>.</p><p>2013-01-08 23:09 . 2012-03-31 16:24 697864 ----a-w- c:\windows\system32\FlashPlayerApp.exe</p><p>2013-01-08 23:09 . 2012-01-13 09:02 74248 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl</p><p>2012-12-18 11:43 . 2009-05-21 19:21 499712 ----a-w- c:\windows\system32\msvcp71.dll</p><p>2012-12-18 11:43 . 2009-05-21 17:57 348160 ----a-w- c:\windows\system32\msvcr71.dll</p><p>2012-12-16 12:23 . 2004-08-04 12:00 290560 ----a-w- c:\windows\system32\atmfd.dll</p><p>2012-12-03 15:40 . 2012-12-04 16:46 1874280 ----a-w- c:\windows\system32\nvcuvenc.dll</p><p>2012-12-03 15:40 . 2012-10-19 14:19 5955584 ----a-w- c:\windows\system32\nvopencl.dll</p><p>2012-12-03 15:40 . 2012-10-19 14:19 889192 ----a-w- c:\windows\system32\nvdispgenco32.dll</p><p>2012-12-03 15:40 . 2012-02-09 21:40 7606272 ----a-w- c:\windows\system32\nvcuda.dll</p><p>2012-12-03 15:40 . 2012-02-09 21:40 2611560 ----a-w- c:\windows\system32\nvcuvid.dll</p><p>2012-12-03 15:40 . 2012-02-09 21:40 2441728 ----a-w- c:\windows\system32\nvapi.dll</p><p>2012-12-03 15:40 . 2012-02-09 21:40 19460096 ----a-w- c:\windows\system32\nvoglnt.dll</p><p>2012-12-03 15:40 . 2012-02-09 21:40 17551360 ----a-w- c:\windows\system32\nvcompiler.dll</p><p>2012-12-03 15:40 . 2012-02-09 21:40 1011048 ----a-w- c:\windows\system32\nvdispco32.dll</p><p>2012-12-03 15:40 . 2011-04-11 09:51 11053992 ----a-w- c:\windows\system32\drivers\nv4_mini.sys</p><p>2012-12-03 15:40 . 2008-04-14 00:12 4153600 ----a-w- c:\windows\system32\nv4_disp.dll</p><p>2012-12-01 04:56 . 2012-12-04 16:52 249856 ----a-w- c:\windows\system32\nvrscs.dll</p><p>2012-12-01 04:56 . 2012-12-04 16:52 286720 ----a-w- c:\windows\system32\nvrsfr.dll</p><p>2012-12-01 04:56 . 2012-12-04 16:52 274432 ----a-w- c:\windows\system32\nvrsnl.dll</p><p>2012-12-01 04:56 . 2012-12-04 16:52 258048 ----a-w- c:\windows\system32\nvrstr.dll</p><p>2012-12-01 04:56 . 2012-12-04 16:52 258048 ----a-w- c:\windows\system32\nvrssl.dll</p><p>2012-12-01 04:56 . 2012-12-04 16:52 278528 ----a-w- c:\windows\system32\nvrsde.dll</p><p>2012-12-01 04:56 . 2012-12-04 16:52 253952 ----a-w- c:\windows\system32\nvrsda.dll</p><p>2012-12-01 04:56 . 2012-12-04 16:52 282624 ----a-w- c:\windows\system32\nvrsit.dll</p><p>2012-12-01 04:56 . 2012-12-04 16:52 253952 ----a-w- c:\windows\system32\nvrsth.dll</p><p>2012-12-01 04:56 . 2012-12-04 16:52 253952 ----a-w- c:\windows\system32\nvrssv.dll</p><p>2012-12-01 04:56 . 2012-12-04 16:52 249856 ----a-w- c:\windows\system32\nvrsfi.dll</p><p>2012-12-01 04:56 . 2012-12-04 16:52 229376 ----a-w- c:\windows\system32\nvrszhc.dll</p><p>2012-12-01 04:56 . 2012-12-04 16:52 335872 ----a-w- c:\windows\system32\nvrsar.dll</p><p>2012-12-01 04:56 . 2012-12-04 16:52 270336 ----a-w- c:\windows\system32\nvrsru.dll</p><p>2012-12-01 04:56 . 2012-12-04 16:52 270336 ----a-w- c:\windows\system32\nvrsptb.dll</p><p>2012-12-01 04:56 . 2012-12-04 16:52 258048 ----a-w- c:\windows\system32\nvrssk.dll</p><p>2012-12-01 04:56 . 2012-12-04 16:52 258048 ----a-w- c:\windows\system32\nvrspl.dll</p><p>2012-12-01 04:56 . 2012-12-04 16:52 282624 ----a-w- c:\windows\system32\nvrsel.dll</p><p>2012-12-01 04:56 . 2012-12-04 16:52 335872 ----a-w- c:\windows\system32\nvrshe.dll</p><p>2012-12-01 04:56 . 2012-12-04 16:52 274432 ----a-w- c:\windows\system32\nvrspt.dll</p><p>2012-12-01 04:56 . 2012-12-04 16:52 266240 ----a-w- c:\windows\system32\nvrsko.dll</p><p>2012-12-01 04:56 . 2012-12-04 16:52 262144 ----a-w- c:\windows\system32\nvrshu.dll</p><p>2012-12-01 04:56 . 2012-12-04 16:52 253952 ----a-w- c:\windows\system32\nvrsno.dll</p><p>2012-12-01 04:56 . 2012-12-04 16:52 282624 ----a-w- c:\windows\system32\nvrses.dll</p><p>2012-12-01 04:56 . 2012-12-04 16:52 249856 ----a-w- c:\windows\system32\nvrseng.dll</p><p>2012-12-01 04:56 . 2012-12-04 16:52 274432 ----a-w- c:\windows\system32\nvrsja.dll</p><p>2012-12-01 04:56 . 2012-12-04 16:52 126976 ----a-w- c:\windows\system32\nvrszht.dll</p><p>2012-12-01 04:56 . 2012-12-04 16:52 274432 ----a-w- c:\windows\system32\nvrsesm.dll</p><p>2012-12-01 04:53 . 2012-10-19 14:22 15524712 ----a-w- c:\windows\system32\nvcpl.dll</p><p>2012-12-01 04:53 . 2012-10-19 14:22 164712 ----a-w- c:\windows\system32\nvsvc32.exe</p><p>2012-12-01 04:53 . 2012-10-19 14:22 143720 ----a-w- c:\windows\system32\nvcolor.exe</p><p>2012-12-01 04:53 . 2012-10-19 14:22 108392 ----a-w- c:\windows\system32\nvmctray.dll</p><p>2012-12-01 04:52 . 2012-10-19 14:22 54272 ----a-w- c:\windows\system32\nvwddi.dll</p><p>2012-11-13 01:25 . 2004-08-04 12:00 1866368 ----a-w- c:\windows\system32\win32k.sys</p><p>2012-11-06 02:01 . 2008-04-14 00:12 1371648 ----a-w- c:\windows\system32\msxml6.dll</p><p>2012-11-02 02:02 . 2004-08-04 12:00 375296 ----a-w- c:\windows\system32\dpnet.dll</p><p>2012-11-01 12:17 . 2004-09-29 18:47 916992 ----a-w- c:\windows\system32\wininet.dll</p><p>2012-11-01 12:17 . 2004-08-04 12:00 43520 ------w- c:\windows\system32\licmgr10.dll</p><p>2012-11-01 12:17 . 2004-08-04 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl</p><p>2012-11-01 00:35 . 2004-08-04 12:00 385024 ------w- c:\windows\system32\html.iec</p><p>2012-10-30 22:51 . 2012-07-11 13:47 361032 ----a-w- c:\windows\system32\drivers\aswSP.sys</p><p>2012-10-30 22:51 . 2012-07-11 13:47 54232 ----a-w- c:\windows\system32\drivers\aswTdi.sys</p><p>2012-10-30 22:51 . 2012-07-11 13:47 35928 ----a-w- c:\windows\system32\drivers\aswRdr.sys</p><p>2012-10-30 22:51 . 2012-07-11 13:47 738504 ----a-w- c:\windows\system32\drivers\aswSnx.sys</p><p>2012-10-30 22:51 . 2012-07-11 13:47 97608 ----a-w- c:\windows\system32\drivers\aswmon2.sys</p><p>2012-10-30 22:51 . 2012-07-11 13:47 89752 ----a-w- c:\windows\system32\drivers\aswmon.sys</p><p>2012-10-30 22:51 . 2012-07-11 13:47 21256 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys</p><p>2012-10-30 22:51 . 2012-07-11 13:47 25256 ----a-w- c:\windows\system32\drivers\aavmker4.sys</p><p>2012-10-30 22:51 . 2012-07-11 13:46 41224 ----a-w- c:\windows\avastSS.scr</p><p>2012-10-30 22:50 . 2012-07-11 13:46 227648 ----a-w- c:\windows\system32\aswBoot.exe</p><p>2012-10-25 03:12 . 2012-10-25 03:12 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx</p><p>2012-10-25 03:12 . 2012-10-25 03:12 69632 ----a-w- c:\windows\system32\QuickTime.qts</p><p>2013-01-12 09:52 . 2013-01-12 09:50 262704 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll</p><p>.</p><p>.</p><p>(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))</p><p>.</p><p>---- Directory of c:\documents and settings\Jane\Local Settings\Application Data\PCHealth ----</p><p>.</p><p>2013-01-17 21:52 . 2013-01-17 21:52 2182 ----atw- c:\documents and settings\Jane\Local Settings\Application Data\PCHealth\ErrorRep\QSignoff\1998B52.cab</p><p>2013-01-17 21:52 . 2013-01-17 21:52 2608 ----a-w- c:\documents and settings\Jane\Local Settings\Application Data\PCHealth\ErrorRep\QSignoff\1998B52.txt</p><p>2013-01-17 11:42 . 2013-01-17 11:42 2179 ----atw- c:\documents and settings\Jane\Local Settings\Application Data\PCHealth\ErrorRep\QSignoff\9BDF71.cab</p><p>2013-01-17 11:42 . 2013-01-17 11:42 2610 ----a-w- c:\documents and settings\Jane\Local Settings\Application Data\PCHealth\ErrorRep\QSignoff\9BDF71.txt</p><p>2013-01-16 23:03 . 2013-01-16 23:03 2179 ----atw- c:\documents and settings\Jane\Local Settings\Application Data\PCHealth\ErrorRep\QSignoff\14461F.cab</p><p>2013-01-16 23:03 . 2013-01-16 23:03 2610 ----a-w- c:\documents and settings\Jane\Local Settings\Application Data\PCHealth\ErrorRep\QSignoff\14461F.txt</p><p>2013-01-16 13:18 . 2013-01-16 13:18 2180 ----atw- c:\documents and settings\Jane\Local Settings\Application Data\PCHealth\ErrorRep\QSignoff\F6EBF9.cab</p><p>2013-01-16 13:18 . 2013-01-16 13:18 2608 ----a-w- c:\documents and settings\Jane\Local Settings\Application Data\PCHealth\ErrorRep\QSignoff\F6EBF9.txt</p><p>.</p><p>.</p><p>((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))</p><p>.</p><p>.</p><p>*Note* empty entries & legit default entries are not shown </p><p>REGEDIT4</p><p>.</p><p>[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]</p><p>@="{472083B0-C522-11CF-8763-00608CC02F24}"</p><p>[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]</p><p>2012-10-30 22:50 121528 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll</p><p>.</p><p>[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]</p><p>"ISUSPM"="c:\documents and settings\All Users.WINDOWS\Application Data\FLEXnet\Connect\11\ISUSPM.exe" [2009-05-05 222496]</p><p>"TomTomHOME.exe"="c:\program files\TomTom HOME 2\TomTomHOMERunner.exe" [2012-01-23 247728]</p><p>"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-03-19 2423752]</p><p>.</p><p>[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]</p><p>"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2004-10-27 61952]</p><p>"SpeedTouch USB Diagnostics"="c:\program files\Thomson\SpeedTouch USB\Dragdiag.exe" [2004-01-26 866816]</p><p>"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]</p><p>"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2010-07-26 2569616]</p><p>"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]</p><p>"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]</p><p>"UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2010-07-04 17408]</p><p>"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-10-11 59280]</p><p>"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-10-30 4297136]</p><p>"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]</p><p>"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-10-25 421888]</p><p>"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2012-12-01 15524712]</p><p>"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2012-12-01 108392]</p><p>"nwiz"="c:\program files\NVIDIA Corporation\nview\nwiz.exe" [2012-12-03 1982312]</p><p>"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2007-02-05 849280]</p><p>"TkBellExe"="c:\program files\Real\RealPlayer\update\realsched.exe" [2012-12-18 295072]</p><p>.</p><p>[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]</p><p>"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]</p><p>.</p><p>[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]</p><p>@="Service"</p><p>.</p><p>[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]</p><p>"%windir%\\system32\\sessmgr.exe"=</p><p>"c:\\Program Files\\TalkTalk\\agent\\bin\\bcont.exe"=</p><p>"c:\\Program Files\\Common Files\\SupportSoft\\bin\\tgsrvc.exe"=</p><p>"c:\\Program Files\\TalkTalk\\agent\\bin\\bcont_nm.exe"=</p><p>"c:\\Program Files\\TalkTalk\\bin\\sprtcmd.exe"=</p><p>"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=</p><p>"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=</p><p>"c:\\Program Files\\Common Files\\HP\\Digital Imaging\\bin\\hpqPhotoCrm.exe"=</p><p>"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqsudi.exe"=</p><p>"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpsapp.exe"=</p><p>"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpse.exe"=</p><p>"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe"=</p><p>"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgm.exe"=</p><p>"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgh.exe"=</p><p>"c:\\Program Files\\HP\\Digital Imaging\\smart web printing\\SmartWebPrintExe.exe"=</p><p>"%windir%\\Network Diagnostic\\xpnetdiag.exe"=</p><p>"c:\\Program Files\\Deluge\\deluge.exe"=</p><p>"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=</p><p>"c:\\Program Files\\NVIDIA Corporation\\NVIDIA Update Core\\daemonu.exe"=</p><p>"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=</p><p>"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=</p><p>"c:\\Program Files\\AVAST Software\\Avast\\AvastUI.exe"=</p><p>.</p><p>[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]</p><p>"AllowInboundRouterRequest"= 1 (0x1)</p><p>"AllowOutboundDestinationUnreachable"= 1 (0x1)</p><p>.</p><p>R1 A2DDA;A2 Direct Disk Access Support Driver;c:\program files\Emsisoft Anti-Malware\a2ddax86.sys [21/11/2012 00:53 17904]</p><p>R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [11/07/2012 13:47 738504]</p><p>R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [11/07/2012 13:47 361032]</p><p>R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [17/02/2010 18:25 12872]</p><p>R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [10/05/2010 18:41 67656]</p><p>R2 a2AntiMalware;Emsisoft Anti-Malware 6.6 - Service;c:\program files\Emsisoft Anti-Malware\a2service.exe [21/11/2012 00:53 3069752]</p><p>R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [11/07/2012 13:47 21256]</p><p>R2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [06/01/2013 15:58 398184]</p><p>R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [28/04/2010 20:24 682344]</p><p>R2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files\RealNetworks\RealDownloader\rndlresolversvc.exe [09/08/2012 12:02 38608]</p><p>R2 sprtsvc_TalkTalk;SupportSoft Sprocket Service (TalkTalk);c:\program files\TalkTalk\bin\sprtsvc.exe [12/10/2007 08:33 202016]</p><p>R2 tgsrvc_TalkTalk;SupportSoft Repair Service (TalkTalk);c:\program files\Common Files\SupportSoft\bin\tgsrvc.exe [02/08/2007 13:42 148768]</p><p>R2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [23/01/2012 04:43 92592]</p><p>R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [06/01/2013 15:58 21104]</p><p>S1 SABKUTIL;SABKUTIL;\??\c:\program files\SUPERAntiSpyware\SABKUTIL.sys --> c:\program files\SUPERAntiSpyware\SABKUTIL.sys [?]</p><p>S3 a2acc;a2acc;c:\program files\Emsisoft Anti-Malware\a2accx86.sys [21/11/2012 00:53 54072]</p><p>S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [17/04/2012 18:48 137600]</p><p>S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [17/04/2012 18:48 8576]</p><p>.</p><p>[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]</p><p>hpdevmgmt REG_MULTI_SZ hpqcxs08</p><p>.</p><p>[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]</p><p>2013-01-12 20:13 1606760 ----a-w- c:\program files\Google\Chrome\Application\24.0.1312.52\Installer\setup.exe</p><p>.</p><p>Contents of the 'Scheduled Tasks' folder</p><p>.</p><p>2013-01-18 c:\windows\Tasks\Adobe Flash Player Updater.job</p><p>- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-31 23:09]</p><p>.</p><p>2012-12-18 c:\windows\Tasks\AppleSoftwareUpdate.job</p><p>- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 16:57]</p><p>.</p><p>2013-01-18 c:\windows\Tasks\avast! Emergency Update.job</p><p>- c:\program files\AVAST Software\Avast\AvastEmUpdate.exe [2012-07-11 22:50]</p><p>.</p><p>2013-01-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job</p><p>- c:\program files\Google\Update\GoogleUpdate.exe [2012-07-11 13:47]</p><p>.</p><p>2013-01-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job</p><p>- c:\program files\Google\Update\GoogleUpdate.exe [2012-07-11 13:47]</p><p>.</p><p>2012-12-14 c:\windows\Tasks\Microsoft_Hardware_Launch_IPoint_exe.job</p><p>- c:\program files\Microsoft IntelliPoint\ipoint.exe [2007-02-05 15:52]</p><p>.</p><p>2013-01-08 c:\windows\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-1060284298-1202660629-725345543-1005.job</p><p>- c:\program files\RealNetworks\RealDownloader\recordingmanager.exe [2012-08-09 12:04]</p><p>.</p><p>2013-01-18 c:\windows\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-1060284298-1202660629-725345543-1005.job</p><p>- c:\program files\RealNetworks\RealDownloader\realupgrade.exe [2012-08-09 12:02]</p><p>.</p><p>2013-01-18 c:\windows\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-1060284298-1202660629-725345543-1005.job</p><p>- c:\program files\RealNetworks\RealDownloader\realupgrade.exe [2012-08-09 12:02]</p><p>.</p><p>2013-01-18 c:\windows\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1060284298-1202660629-725345543-1005.job</p><p>- c:\program files\Real\RealUpgrade\realupgrade.exe [2012-11-30 15:30]</p><p>.</p><p>2013-01-12 c:\windows\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1060284298-1202660629-725345543-1005.job</p><p>- c:\program files\Real\RealUpgrade\realupgrade.exe [2012-11-30 15:30]</p><p>.</p><p>2013-01-18 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1060284298-1202660629-725345543-1005.job</p><p>- c:\program files\Real\RealUpgrade\realupgrade.exe [2012-11-30 15:30]</p><p>.</p><p>2012-12-17 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1060284298-1202660629-725345543-1005.job</p><p>- c:\program files\Real\RealUpgrade\realupgrade.exe [2012-11-30 15:30]</p><p>.</p><p>.</p><p>------- Supplementary Scan -------</p><p>.</p><p>uStart Page = hxxp://www.mytalktalk.co.uk</p><p>mStart Page = hxxp://www.google.com</p><p>uInternet Connection Wizard,ShellNext = hxxp://www.mytalktalk.co.uk/</p><p>uSearchAssistant = </p><p>TCP: DhcpNameServer = 192.168.1.1</p><p>FF - ProfilePath - c:\documents and settings\Jane\Application Data\Mozilla\Firefox\Profiles\dxwlwziu.default\</p><p>FF - prefs.js: browser.search.defaulturl - </p><p>FF - prefs.js: browser.search.selectedEngine - </p><p>FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/</p><p>.</p><p>.</p><p>**************************************************************************</p><p>.</p><p>catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net</p><p>Rootkit scan 2013-01-18 10:24</p><p>Windows 5.1.2600 Service Pack 3 NTFS</p><p>.</p><p>scanning hidden processes ... </p><p>.</p><p>scanning hidden autostart entries ... </p><p>.</p><p>scanning hidden files ... </p><p>.</p><p>scan completed successfully</p><p>hidden files: 0</p><p>.</p><p>**************************************************************************</p><p>.</p><p>--------------------- LOCKED REGISTRY KEYS ---------------------</p><p>.</p><p>[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]</p><p>@Denied: (A 2) (Everyone)</p><p>@="FlashBroker"</p><p>"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe,-101"</p><p>.</p><p>[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]</p><p>"Enabled"=dword:00000001</p><p>.</p><p>[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]</p><p>@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe"</p><p>.</p><p>[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]</p><p>@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"</p><p>.</p><p>[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]</p><p>@Denied: (A 2) (Everyone)</p><p>@="IFlashBroker5"</p><p>.</p><p>[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]</p><p>@="{00020424-0000-0000-C000-000000000046}"</p><p>.</p><p>[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]</p><p>@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"</p><p>"Version"="1.0"</p><p>.</p><p>[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*]</p><p>@="?????????????????? v1"</p><p>.</p><p>[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*\CLSID]</p><p>@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"</p><p>.</p><p>[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*]</p><p>@="?????????????????? v2"</p><p>.</p><p>[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*\CLSID]</p><p>@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"</p><p>.</p><p>--------------------- DLLs Loaded Under Running Processes ---------------------</p><p>.</p><p>- - - - - - - > 'explorer.exe'(2656)</p><p>c:\windows\system32\WININET.dll</p><p>c:\progra~1\WINDOW~2\wmpband.dll</p><p>c:\windows\system32\ieframe.dll</p><p>c:\windows\system32\webcheck.dll</p><p>c:\windows\system32\WPDShServiceObj.dll</p><p>c:\windows\system32\PortableDeviceTypes.dll</p><p>c:\windows\system32\PortableDeviceApi.dll</p><p>.</p><p>------------------------ Other Running Processes ------------------------</p><p>.</p><p>c:\program files\AVAST Software\Avast\AvastSvc.exe</p><p>c:\program files\Java\jre7\bin\jqs.exe</p><p>c:\windows\system32\nvsvc32.exe</p><p>c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe</p><p>c:\program files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe</p><p>c:\windows\system32\RUNDLL32.EXE</p><p>.</p><p>**************************************************************************</p><p>.</p><p>Completion time: 2013-01-18 10:30:29 - machine was rebooted</p><p>ComboFix-quarantined-files.txt 2013-01-18 10:30</p><p>ComboFix2.txt 2013-01-15 09:43</p><p>ComboFix3.txt 2013-01-14 20:03</p><p>ComboFix4.txt 2013-01-07 20:53</p><p>ComboFix5.txt 2013-01-18 10:10</p><p>.</p><p>Pre-Run: 174,585,556,992 bytes free</p><p>Post-Run: 174,452,056,064 bytes free</p><p>.</p><p>- - End Of File - - B7492C12577697DAD6F02884FDB9BE00</p><p>Emsisoft Emergency Kit - Version 3.0</p><p>Last update: 18/01/2013 10:57:27</p><p></p><p>Scan settings:</p><p></p><p>Scan type: Smart Scan</p><p>Objects: Rootkits, Memory, Traces, C:\WINDOWS\, C:\Program Files\</p><p></p><p>Detect Riskware: Off</p><p>Scan archives: Off</p><p>ADS Scan: On</p><p>File extension filter: Off</p><p>Advanced caching: On</p><p>Direct disk access: Off</p><p></p><p>Scan start: 18/01/2013 10:59:43</p><p></p><p>C:\Program Files\SProtector\uninstall.exe detected: Trojan.Win32.StartPage (A)</p><p></p><p>Scanned 358983</p><p>Found 1</p><p></p><p>Scan end: 18/01/2013 11:27:32</p><p>Scan time: 0:27:49</p><p></p><p>C:\Program Files\SProtector\uninstall.exe Quarantined Trojan.Win32.StartPage (A)</p><p></p><p>Quarantined 1</p></blockquote><p></p>
[QUOTE="edward1, post: 97756, member: 4314"] Hi Fiery. Combofix log herewith plus also Emsisoft:- ComboFix 13-01-14.01 - Administrator 18/01/2013 10:13:15.5.2 - x86 NETWORK Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.1023.824 [GMT 0:00] Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\Administrator\Desktop\CFscript.txt AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D} FW: avast! Antivirus *Disabled* {7591DB91-41F0-48A3-B128-1A293FD8233D} . FILE :: "c:\documents and settings\Jane\My Documents\Downloads\nuancepdf.exe" . . ((((((((((((((((((((((((( Files Created from 2012-12-18 to 2013-01-18 ))))))))))))))))))))))))))))))) . . 2013-01-17 08:59 . 2013-01-12 03:30 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll 2013-01-15 18:24 . 2013-01-15 18:24 -------- d-----w- c:\program files\ESET 2013-01-14 17:03 . 2013-01-14 17:03 -------- d-----w- C:\_OTL 2013-01-13 19:35 . 2013-01-13 19:35 -------- d-----w- C:\eeepcfr 2013-01-12 09:21 . 2013-01-12 09:21 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Mozilla 2013-01-06 15:58 . 2012-12-14 16:49 21104 ----a-w- c:\windows\system32\drivers\mbam.sys 2013-01-06 15:11 . 2013-01-06 15:11 -------- d-----w- c:\program files\ERUNT 2013-01-05 09:59 . 2013-01-05 09:59 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\SUPERAntiSpyware.com 2012-12-31 20:54 . 2012-12-31 20:54 -------- d-----w- c:\documents and settings\Administrator\Application Data\vlc 2012-12-31 20:54 . 2012-12-31 20:54 -------- d-----w- c:\documents and settings\Administrator\Application Data\dvdcss 2012-12-31 10:20 . 2012-12-31 10:20 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes 2012-12-31 08:52 . 2013-01-05 21:05 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\HitmanPro 2012-12-31 08:50 . 2012-12-31 08:50 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Malwarebytes 2012-12-29 12:13 . 2013-01-06 16:22 -------- d-----w- c:\program files\GridinSoft Trojan Killer . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-01-08 23:09 . 2012-03-31 16:24 697864 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2013-01-08 23:09 . 2012-01-13 09:02 74248 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-12-18 11:43 . 2009-05-21 19:21 499712 ----a-w- c:\windows\system32\msvcp71.dll 2012-12-18 11:43 . 2009-05-21 17:57 348160 ----a-w- c:\windows\system32\msvcr71.dll 2012-12-16 12:23 . 2004-08-04 12:00 290560 ----a-w- c:\windows\system32\atmfd.dll 2012-12-03 15:40 . 2012-12-04 16:46 1874280 ----a-w- c:\windows\system32\nvcuvenc.dll 2012-12-03 15:40 . 2012-10-19 14:19 5955584 ----a-w- c:\windows\system32\nvopencl.dll 2012-12-03 15:40 . 2012-10-19 14:19 889192 ----a-w- c:\windows\system32\nvdispgenco32.dll 2012-12-03 15:40 . 2012-02-09 21:40 7606272 ----a-w- c:\windows\system32\nvcuda.dll 2012-12-03 15:40 . 2012-02-09 21:40 2611560 ----a-w- c:\windows\system32\nvcuvid.dll 2012-12-03 15:40 . 2012-02-09 21:40 2441728 ----a-w- c:\windows\system32\nvapi.dll 2012-12-03 15:40 . 2012-02-09 21:40 19460096 ----a-w- c:\windows\system32\nvoglnt.dll 2012-12-03 15:40 . 2012-02-09 21:40 17551360 ----a-w- c:\windows\system32\nvcompiler.dll 2012-12-03 15:40 . 2012-02-09 21:40 1011048 ----a-w- c:\windows\system32\nvdispco32.dll 2012-12-03 15:40 . 2011-04-11 09:51 11053992 ----a-w- c:\windows\system32\drivers\nv4_mini.sys 2012-12-03 15:40 . 2008-04-14 00:12 4153600 ----a-w- c:\windows\system32\nv4_disp.dll 2012-12-01 04:56 . 2012-12-04 16:52 249856 ----a-w- c:\windows\system32\nvrscs.dll 2012-12-01 04:56 . 2012-12-04 16:52 286720 ----a-w- c:\windows\system32\nvrsfr.dll 2012-12-01 04:56 . 2012-12-04 16:52 274432 ----a-w- c:\windows\system32\nvrsnl.dll 2012-12-01 04:56 . 2012-12-04 16:52 258048 ----a-w- c:\windows\system32\nvrstr.dll 2012-12-01 04:56 . 2012-12-04 16:52 258048 ----a-w- c:\windows\system32\nvrssl.dll 2012-12-01 04:56 . 2012-12-04 16:52 278528 ----a-w- c:\windows\system32\nvrsde.dll 2012-12-01 04:56 . 2012-12-04 16:52 253952 ----a-w- c:\windows\system32\nvrsda.dll 2012-12-01 04:56 . 2012-12-04 16:52 282624 ----a-w- c:\windows\system32\nvrsit.dll 2012-12-01 04:56 . 2012-12-04 16:52 253952 ----a-w- c:\windows\system32\nvrsth.dll 2012-12-01 04:56 . 2012-12-04 16:52 253952 ----a-w- c:\windows\system32\nvrssv.dll 2012-12-01 04:56 . 2012-12-04 16:52 249856 ----a-w- c:\windows\system32\nvrsfi.dll 2012-12-01 04:56 . 2012-12-04 16:52 229376 ----a-w- c:\windows\system32\nvrszhc.dll 2012-12-01 04:56 . 2012-12-04 16:52 335872 ----a-w- c:\windows\system32\nvrsar.dll 2012-12-01 04:56 . 2012-12-04 16:52 270336 ----a-w- c:\windows\system32\nvrsru.dll 2012-12-01 04:56 . 2012-12-04 16:52 270336 ----a-w- c:\windows\system32\nvrsptb.dll 2012-12-01 04:56 . 2012-12-04 16:52 258048 ----a-w- c:\windows\system32\nvrssk.dll 2012-12-01 04:56 . 2012-12-04 16:52 258048 ----a-w- c:\windows\system32\nvrspl.dll 2012-12-01 04:56 . 2012-12-04 16:52 282624 ----a-w- c:\windows\system32\nvrsel.dll 2012-12-01 04:56 . 2012-12-04 16:52 335872 ----a-w- c:\windows\system32\nvrshe.dll 2012-12-01 04:56 . 2012-12-04 16:52 274432 ----a-w- c:\windows\system32\nvrspt.dll 2012-12-01 04:56 . 2012-12-04 16:52 266240 ----a-w- c:\windows\system32\nvrsko.dll 2012-12-01 04:56 . 2012-12-04 16:52 262144 ----a-w- c:\windows\system32\nvrshu.dll 2012-12-01 04:56 . 2012-12-04 16:52 253952 ----a-w- c:\windows\system32\nvrsno.dll 2012-12-01 04:56 . 2012-12-04 16:52 282624 ----a-w- c:\windows\system32\nvrses.dll 2012-12-01 04:56 . 2012-12-04 16:52 249856 ----a-w- c:\windows\system32\nvrseng.dll 2012-12-01 04:56 . 2012-12-04 16:52 274432 ----a-w- c:\windows\system32\nvrsja.dll 2012-12-01 04:56 . 2012-12-04 16:52 126976 ----a-w- c:\windows\system32\nvrszht.dll 2012-12-01 04:56 . 2012-12-04 16:52 274432 ----a-w- c:\windows\system32\nvrsesm.dll 2012-12-01 04:53 . 2012-10-19 14:22 15524712 ----a-w- c:\windows\system32\nvcpl.dll 2012-12-01 04:53 . 2012-10-19 14:22 164712 ----a-w- c:\windows\system32\nvsvc32.exe 2012-12-01 04:53 . 2012-10-19 14:22 143720 ----a-w- c:\windows\system32\nvcolor.exe 2012-12-01 04:53 . 2012-10-19 14:22 108392 ----a-w- c:\windows\system32\nvmctray.dll 2012-12-01 04:52 . 2012-10-19 14:22 54272 ----a-w- c:\windows\system32\nvwddi.dll 2012-11-13 01:25 . 2004-08-04 12:00 1866368 ----a-w- c:\windows\system32\win32k.sys 2012-11-06 02:01 . 2008-04-14 00:12 1371648 ----a-w- c:\windows\system32\msxml6.dll 2012-11-02 02:02 . 2004-08-04 12:00 375296 ----a-w- c:\windows\system32\dpnet.dll 2012-11-01 12:17 . 2004-09-29 18:47 916992 ----a-w- c:\windows\system32\wininet.dll 2012-11-01 12:17 . 2004-08-04 12:00 43520 ------w- c:\windows\system32\licmgr10.dll 2012-11-01 12:17 . 2004-08-04 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl 2012-11-01 00:35 . 2004-08-04 12:00 385024 ------w- c:\windows\system32\html.iec 2012-10-30 22:51 . 2012-07-11 13:47 361032 ----a-w- c:\windows\system32\drivers\aswSP.sys 2012-10-30 22:51 . 2012-07-11 13:47 54232 ----a-w- c:\windows\system32\drivers\aswTdi.sys 2012-10-30 22:51 . 2012-07-11 13:47 35928 ----a-w- c:\windows\system32\drivers\aswRdr.sys 2012-10-30 22:51 . 2012-07-11 13:47 738504 ----a-w- c:\windows\system32\drivers\aswSnx.sys 2012-10-30 22:51 . 2012-07-11 13:47 97608 ----a-w- c:\windows\system32\drivers\aswmon2.sys 2012-10-30 22:51 . 2012-07-11 13:47 89752 ----a-w- c:\windows\system32\drivers\aswmon.sys 2012-10-30 22:51 . 2012-07-11 13:47 21256 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys 2012-10-30 22:51 . 2012-07-11 13:47 25256 ----a-w- c:\windows\system32\drivers\aavmker4.sys 2012-10-30 22:51 . 2012-07-11 13:46 41224 ----a-w- c:\windows\avastSS.scr 2012-10-30 22:50 . 2012-07-11 13:46 227648 ----a-w- c:\windows\system32\aswBoot.exe 2012-10-25 03:12 . 2012-10-25 03:12 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx 2012-10-25 03:12 . 2012-10-25 03:12 69632 ----a-w- c:\windows\system32\QuickTime.qts 2013-01-12 09:52 . 2013-01-12 09:50 262704 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . (((((((((((((((((((((((((((((((((((((((((((( Look ))))))))))))))))))))))))))))))))))))))))))))))))))))))))) . ---- Directory of c:\documents and settings\Jane\Local Settings\Application Data\PCHealth ---- . 2013-01-17 21:52 . 2013-01-17 21:52 2182 ----atw- c:\documents and settings\Jane\Local Settings\Application Data\PCHealth\ErrorRep\QSignoff\1998B52.cab 2013-01-17 21:52 . 2013-01-17 21:52 2608 ----a-w- c:\documents and settings\Jane\Local Settings\Application Data\PCHealth\ErrorRep\QSignoff\1998B52.txt 2013-01-17 11:42 . 2013-01-17 11:42 2179 ----atw- c:\documents and settings\Jane\Local Settings\Application Data\PCHealth\ErrorRep\QSignoff\9BDF71.cab 2013-01-17 11:42 . 2013-01-17 11:42 2610 ----a-w- c:\documents and settings\Jane\Local Settings\Application Data\PCHealth\ErrorRep\QSignoff\9BDF71.txt 2013-01-16 23:03 . 2013-01-16 23:03 2179 ----atw- c:\documents and settings\Jane\Local Settings\Application Data\PCHealth\ErrorRep\QSignoff\14461F.cab 2013-01-16 23:03 . 2013-01-16 23:03 2610 ----a-w- c:\documents and settings\Jane\Local Settings\Application Data\PCHealth\ErrorRep\QSignoff\14461F.txt 2013-01-16 13:18 . 2013-01-16 13:18 2180 ----atw- c:\documents and settings\Jane\Local Settings\Application Data\PCHealth\ErrorRep\QSignoff\F6EBF9.cab 2013-01-16 13:18 . 2013-01-16 13:18 2608 ----a-w- c:\documents and settings\Jane\Local Settings\Application Data\PCHealth\ErrorRep\QSignoff\F6EBF9.txt . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast] @="{472083B0-C522-11CF-8763-00608CC02F24}" [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}] 2012-10-30 22:50 121528 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ISUSPM"="c:\documents and settings\All Users.WINDOWS\Application Data\FLEXnet\Connect\11\ISUSPM.exe" [2009-05-05 222496] "TomTomHOME.exe"="c:\program files\TomTom HOME 2\TomTomHOMERunner.exe" [2012-01-23 247728] "SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-03-19 2423752] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2004-10-27 61952] "SpeedTouch USB Diagnostics"="c:\program files\Thomson\SpeedTouch USB\Dragdiag.exe" [2004-01-26 866816] "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576] "CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2010-07-26 2569616] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352] "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648] "UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2010-07-04 17408] "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-10-11 59280] "avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-10-30 4297136] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-10-25 421888] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2012-12-01 15524712] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2012-12-01 108392] "nwiz"="c:\program files\NVIDIA Corporation\nview\nwiz.exe" [2012-12-03 1982312] "IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2007-02-05 849280] "TkBellExe"="c:\program files\Real\RealPlayer\update\realsched.exe" [2012-12-18 295072] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc] @="Service" . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\TalkTalk\\agent\\bin\\bcont.exe"= "c:\\Program Files\\Common Files\\SupportSoft\\bin\\tgsrvc.exe"= "c:\\Program Files\\TalkTalk\\agent\\bin\\bcont_nm.exe"= "c:\\Program Files\\TalkTalk\\bin\\sprtcmd.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"= "c:\\Program Files\\Common Files\\HP\\Digital Imaging\\bin\\hpqPhotoCrm.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqsudi.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpsapp.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpse.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgm.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgh.exe"= "c:\\Program Files\\HP\\Digital Imaging\\smart web printing\\SmartWebPrintExe.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Deluge\\deluge.exe"= "c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"= "c:\\Program Files\\NVIDIA Corporation\\NVIDIA Update Core\\daemonu.exe"= "c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"= "c:\\Program Files\\Mozilla Firefox\\firefox.exe"= "c:\\Program Files\\AVAST Software\\Avast\\AvastUI.exe"= . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings] "AllowInboundRouterRequest"= 1 (0x1) "AllowOutboundDestinationUnreachable"= 1 (0x1) . R1 A2DDA;A2 Direct Disk Access Support Driver;c:\program files\Emsisoft Anti-Malware\a2ddax86.sys [21/11/2012 00:53 17904] R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [11/07/2012 13:47 738504] R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [11/07/2012 13:47 361032] R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [17/02/2010 18:25 12872] R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [10/05/2010 18:41 67656] R2 a2AntiMalware;Emsisoft Anti-Malware 6.6 - Service;c:\program files\Emsisoft Anti-Malware\a2service.exe [21/11/2012 00:53 3069752] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [11/07/2012 13:47 21256] R2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [06/01/2013 15:58 398184] R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [28/04/2010 20:24 682344] R2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files\RealNetworks\RealDownloader\rndlresolversvc.exe [09/08/2012 12:02 38608] R2 sprtsvc_TalkTalk;SupportSoft Sprocket Service (TalkTalk);c:\program files\TalkTalk\bin\sprtsvc.exe [12/10/2007 08:33 202016] R2 tgsrvc_TalkTalk;SupportSoft Repair Service (TalkTalk);c:\program files\Common Files\SupportSoft\bin\tgsrvc.exe [02/08/2007 13:42 148768] R2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [23/01/2012 04:43 92592] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [06/01/2013 15:58 21104] S1 SABKUTIL;SABKUTIL;\??\c:\program files\SUPERAntiSpyware\SABKUTIL.sys --> c:\program files\SUPERAntiSpyware\SABKUTIL.sys [?] S3 a2acc;a2acc;c:\program files\Emsisoft Anti-Malware\a2accx86.sys [21/11/2012 00:53 54072] S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [17/04/2012 18:48 137600] S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [17/04/2012 18:48 8576] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] hpdevmgmt REG_MULTI_SZ hpqcxs08 . [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}] 2013-01-12 20:13 1606760 ----a-w- c:\program files\Google\Chrome\Application\24.0.1312.52\Installer\setup.exe . Contents of the 'Scheduled Tasks' folder . 2013-01-18 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-31 23:09] . 2012-12-18 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 16:57] . 2013-01-18 c:\windows\Tasks\avast! Emergency Update.job - c:\program files\AVAST Software\Avast\AvastEmUpdate.exe [2012-07-11 22:50] . 2013-01-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2012-07-11 13:47] . 2013-01-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2012-07-11 13:47] . 2012-12-14 c:\windows\Tasks\Microsoft_Hardware_Launch_IPoint_exe.job - c:\program files\Microsoft IntelliPoint\ipoint.exe [2007-02-05 15:52] . 2013-01-08 c:\windows\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-1060284298-1202660629-725345543-1005.job - c:\program files\RealNetworks\RealDownloader\recordingmanager.exe [2012-08-09 12:04] . 2013-01-18 c:\windows\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-1060284298-1202660629-725345543-1005.job - c:\program files\RealNetworks\RealDownloader\realupgrade.exe [2012-08-09 12:02] . 2013-01-18 c:\windows\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-1060284298-1202660629-725345543-1005.job - c:\program files\RealNetworks\RealDownloader\realupgrade.exe [2012-08-09 12:02] . 2013-01-18 c:\windows\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1060284298-1202660629-725345543-1005.job - c:\program files\Real\RealUpgrade\realupgrade.exe [2012-11-30 15:30] . 2013-01-12 c:\windows\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1060284298-1202660629-725345543-1005.job - c:\program files\Real\RealUpgrade\realupgrade.exe [2012-11-30 15:30] . 2013-01-18 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1060284298-1202660629-725345543-1005.job - c:\program files\Real\RealUpgrade\realupgrade.exe [2012-11-30 15:30] . 2012-12-17 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1060284298-1202660629-725345543-1005.job - c:\program files\Real\RealUpgrade\realupgrade.exe [2012-11-30 15:30] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.mytalktalk.co.uk mStart Page = hxxp://www.google.com uInternet Connection Wizard,ShellNext = hxxp://www.mytalktalk.co.uk/ uSearchAssistant = TCP: DhcpNameServer = 192.168.1.1 FF - ProfilePath - c:\documents and settings\Jane\Application Data\Mozilla\Firefox\Profiles\dxwlwziu.default\ FF - prefs.js: browser.search.defaulturl - FF - prefs.js: browser.search.selectedEngine - FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/ . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2013-01-18 10:24 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*] @="?????????????????? v1" . [HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*\CLSID] @="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}" . [HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*] @="?????????????????? v2" . [HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*\CLSID] @="{9BE31822-FDAD-461B-AD51-BE1D1C159921}" . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'explorer.exe'(2656) c:\windows\system32\WININET.dll c:\progra~1\WINDOW~2\wmpband.dll c:\windows\system32\ieframe.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Other Running Processes ------------------------ . c:\program files\AVAST Software\Avast\AvastSvc.exe c:\program files\Java\jre7\bin\jqs.exe c:\windows\system32\nvsvc32.exe c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe c:\program files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe c:\windows\system32\RUNDLL32.EXE . ************************************************************************** . Completion time: 2013-01-18 10:30:29 - machine was rebooted ComboFix-quarantined-files.txt 2013-01-18 10:30 ComboFix2.txt 2013-01-15 09:43 ComboFix3.txt 2013-01-14 20:03 ComboFix4.txt 2013-01-07 20:53 ComboFix5.txt 2013-01-18 10:10 . Pre-Run: 174,585,556,992 bytes free Post-Run: 174,452,056,064 bytes free . - - End Of File - - B7492C12577697DAD6F02884FDB9BE00 Emsisoft Emergency Kit - Version 3.0 Last update: 18/01/2013 10:57:27 Scan settings: Scan type: Smart Scan Objects: Rootkits, Memory, Traces, C:\WINDOWS\, C:\Program Files\ Detect Riskware: Off Scan archives: Off ADS Scan: On File extension filter: Off Advanced caching: On Direct disk access: Off Scan start: 18/01/2013 10:59:43 C:\Program Files\SProtector\uninstall.exe detected: Trojan.Win32.StartPage (A) Scanned 358983 Found 1 Scan end: 18/01/2013 11:27:32 Scan time: 0:27:49 C:\Program Files\SProtector\uninstall.exe Quarantined Trojan.Win32.StartPage (A) Quarantined 1 [/QUOTE]
Insert quotes…
Verification
Post reply
Top
