We’d like to remind Forumites to please avoid political debate on the Forum.
This is to keep it a safe and useful space for MoneySaving discussions. Threads that are – or become – political in nature may be removed in line with the Forum’s rules. Thank you for your understanding.
📨 Have you signed up to the Forum's new Email Digest yet? Get a selection of trending threads sent straight to your inbox daily, weekly or monthly!
The Forum now has a brand new text editor, adding a bunch of handy features to use when creating posts. Read more in our how-to guide
Remove Trojandownloader:Win32/Renos?
Snakeeyes21
Posts: 2,527 Forumite
in Techie Stuff
Hello.
This virus has me stumped.
Ive run scans with malwarebytes, windows defender and avira and removed the virus each time, but the virus keeps returning?
How do I kill this bloody thing?
Cheers
This virus has me stumped.
Ive run scans with malwarebytes, windows defender and avira and removed the virus each time, but the virus keeps returning?
How do I kill this bloody thing?
Cheers
0
Comments
-
Please run COMBOFIX
Shut down your anti virus
Follow the simple instructions it gives
Post the COMPLETE log it creates here (Split into sections if need be)
If it comes up with a RENAMING error then RIGHT click the exe file and RENAME and call it QWERTY (Making the complete file name 'QWERTY.exe') Or SAVE as 'QWERTY' on download:idea:0 -
Thanks for that. ive run a scan but it shows no reference to the virus.
Mabe that last scan removedit.
ComboFix 09-12-25.05 - THOMAS 26/12/2009 20:21:04.1.1 - x86
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.44.1033.18.954.218 [GMT 0:00]
Running from: c:\users\THOMAS\AppData\Local\Opera\Opera\temporary_downloads\ComboFix.exe
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\$recycle.bin\S-1-5-21-476849498-567350131-1708330093-500
C:\ErrLog.txt
c:\users\THOMAS\AppData\Roaming\EurekaLog
c:\users\THOMAS\AppData\Roaming\EurekaLog\VistaStartMenu\BugReport.zip
c:\users\THOMAS\AppData\Roaming\EurekaLog\VistaStartMenu\VistaStartMenu.elf
c:\windows\SW_Win2146X32.DLL
c:\windows\system32\sised.dll
.
((((((((((((((((((((((((( Files Created from 2009-11-26 to 2009-12-26 )))))))))))))))))))))))))))))))
.
2009-12-26 20:37 . 2009-12-26 20:37
d
w- c:\users\Default\AppData\Local\temp
2009-12-26 20:32 . 2009-12-26 20:32
d
w- c:\users\THOMAS\AppData\Local\ElevatedDiagnostics
2009-12-26 19:44 . 2009-12-26 19:44 168960 ----a-w- c:\programdata\Microsoft\Windows Defender\LocalCopy\{9B653D38-35F0-EF3B-CF4E-AC64F36C4B69}-msa.exe
2009-12-26 17:27 . 2009-12-26 17:27 168960 ----a-w- c:\programdata\Microsoft\Windows Defender\LocalCopy\{D8A885C6-441C-690C-23B4-7E09CF1B08FF}-msa.exe
2009-12-26 14:00 . 2009-12-26 14:00 168960 ----a-w- c:\programdata\Microsoft\Windows Defender\LocalCopy\{F0523EF0-98D1-14B6-CD91-B6FCE4EB735C}-msa.exe
2009-12-25 21:46 . 2009-12-25 21:46 168960 ----a-w- c:\programdata\Microsoft\Windows Defender\LocalCopy\{5CA7EF3E-9F2A-967E-0639-2135834F0EFD}-msa.exe
2009-12-25 18:52 . 2009-12-25 18:52 173568 ----a-w- c:\programdata\Microsoft\Windows Defender\LocalCopy\{DF7013C2-E025-067A-5056-5D12F68ED7EC}-c.exe
2009-12-25 18:52 . 2009-12-25 18:52 168960 ----a-w- c:\programdata\Microsoft\Windows Defender\LocalCopy\{04F1636A-C89C-A0E3-4ACC-B7D002245B3D}-msa.exe
2009-12-25 05:49 . 2009-12-25 05:49
d
w- c:\users\THOMAS\AppData\Roaming\Birdstep Technology
2009-12-25 05:48 . 2009-12-25 05:49
d
w- c:\program files\ZTE_MF627_LEGACY_DRIVER_1.2059.0.4
2009-12-25 05:48 . 2009-12-25 05:48
d
w- c:\program files\3 Mobile Broadband
2009-12-24 21:46 . 2009-12-24 21:46 55296 ----a-w- c:\programdata\Microsoft\Windows Defender\LocalCopy\{A6C96B41-66E4-43A5-0403-A94F6170984E}-earthps.dll
2009-12-24 01:36 . 2009-12-24 01:51
d--h--w- c:\program files\NetWorx
2009-12-23 01:39 . 2009-12-23 01:39
d
w- c:\program files\Siber Systems
2009-12-23 01:34 . 2009-12-23 01:41
d
w- c:\programdata\RoboForm
2009-12-22 20:01 . 2009-12-22 20:01
d
w- c:\users\THOMAS\AppData\Roaming\Aleo Software
2009-12-22 19:32 . 2009-12-22 19:32
d
w- c:\program files\Nvu
2009-12-21 23:04 . 2009-12-21 23:04
d
w- c:\windows\2DB4C5DAF3D74A6DB535FC424FFD9EA6.TMP
2009-12-21 22:47 . 2009-12-21 22:48
d
w- C:\Virtual
2009-12-20 17:57 . 2009-12-20 17:57
d
w- c:\program files\Insofta Cover Commander
2009-12-19 06:00 . 2009-12-19 06:00
d
w- c:\program files\GPLGS
2009-12-18 00:37 . 2009-08-06 00:00
d---a-w- C:\xampp
2009-12-17 17:13 . 2009-12-17 17:13 23949312 ----a-w- c:\programdata\Microsoft\Windows Defender\LocalCopy\{C1F4FDA1-DB4E-D129-5736-7B11A4CD3F1E}-WWTExplorer.exe
2009-12-17 16:36 . 2009-08-24 21:08 28160 ----a-w- c:\windows\system32\DfSdkBt.exe
2009-12-17 16:33 . 2009-12-17 16:33
d
w- c:\users\THOMAS\AppData\Local\Microsoft_Research
2009-12-17 16:27 . 2009-12-17 16:27
d
w- c:\program files\Microsoft Research
2009-12-17 09:23 . 2009-12-17 09:23
d
w- c:\program files\AnyBizSoft
2009-12-17 09:16 . 2009-12-17 09:20
d
w- c:\users\THOMAS\AppData\Roaming\FILEminimizerPictures
2009-12-17 09:16 . 2009-12-17 09:16
d
w- c:\program files\FILEminimizer Pictures
2009-12-17 03:29 . 2009-12-17 04:19
d
w- C:\AuctionSplash
2009-12-17 03:28 . 2009-12-17 04:11
d
w- c:\users\THOMAS\AppData\Local\Deployment
2009-12-17 03:26 . 2009-12-17 03:26
d
w- c:\program files\AuctionSplashSetup
2009-12-16 04:29 . 2009-12-16 16:11 3044 ----a-w- c:\programdata\Intuit\QuickBooks 2008\qbbackup.sys
2009-12-16 03:51 . 2009-12-16 03:51 94 ----a-w- c:\users\THOMAS\AppData\Local\fusioncache.dat
2009-12-16 03:46 . 2009-12-16 06:12
d
w- c:\users\THOMAS\AppData\Local\intuit
2009-12-16 03:46 . 2009-12-16 03:46
d
w- c:\program files\Common Files\supportsoft
2009-12-16 03:41 . 2009-12-16 19:12
d
w- c:\program files\Common Files\Intuit
2009-12-16 03:41 . 2009-12-17 02:58
d
w- c:\program files\Intuit
2009-12-16 03:41 . 2009-12-16 15:59
d
w- c:\programdata\Intuit
2009-12-16 03:38 . 2009-12-16 03:38
d
w- c:\programdata\COMMON FILES
2009-12-15 23:00 . 2009-12-15 23:00
d
w- c:\users\THOMAS\AppData\Local\Boldchat
2009-12-15 02:57 . 2009-08-13 14:16 398848 ----a-w- c:\windows\system32\TVWizudlg.exe
2009-12-15 02:57 . 2009-08-13 14:16 140288 ----a-w- c:\windows\system32\igfxtvcx.dll
2009-12-15 02:51 . 2009-12-15 02:51
d
w- c:\windows\system32\x64
2009-12-14 19:53 . 2009-12-25 18:35
d
w- c:\program files\Webcam and Screen Recorder
2009-12-14 16:11 . 2009-12-14 16:11
d
w- c:\users\THOMAS\AppData\Roaming\Nvu
2009-12-13 04:28 . 2009-12-19 06:02
d
w- c:\users\THOMAS\AppData\Local\CutePDF Writer
2009-12-13 04:25 . 2009-11-05 08:39 87552 ----a-w- c:\windows\system32\cpwmon2k.dll
2009-12-13 04:25 . 2009-12-13 04:25
d
w- c:\program files\Acro Software
2009-12-11 19:51 . 2009-12-11 19:51
d
w- c:\users\THOMAS\AppData\Roaming\Download Manager
2009-12-10 02:40 . 2008-08-14 11:08 458752 ----a-w- c:\windows\system32\SimplyPostCodeLookup.dll
2009-12-09 19:59 . 2009-03-27 12:55 234304 ----a-w- c:\windows\system32\drivers\SCRCAMHRDRV.sys
2009-12-09 19:59 . 2009-12-09 19:59
d
w- c:\program files\ScreenCamera
2009-12-09 06:31 . 2009-12-09 06:31
d
w- c:\programdata\Sage
2009-12-09 05:16 . 2009-12-09 05:16
d
w- c:\users\THOMAS\AppData\Local\flamerobin
2009-12-09 02:55 . 2009-12-09 02:55
d
w- c:\users\THOMAS\AppData\Roaming\Bradsoft.com
2009-12-08 01:55 . 2009-12-08 01:55
d
w- c:\program files\Simply Software
2009-12-07 21:55 . 2009-12-07 21:55
d
w- c:\users\THOMAS\AppData\Local\Thunderbird
2009-12-07 21:55 . 2009-12-07 21:55
d
w- c:\users\THOMAS\AppData\Roaming\Thunderbird
2009-12-07 15:15 . 2009-12-07 15:15
d
w- c:\program files\Microsoft SQL Server
2009-12-07 14:56 . 2004-04-21 22:17 393216 ----a-w- c:\windows\system32\iMagicErrorLibrary.dll
2009-12-07 14:56 . 2002-11-21 10:21 161280 ----a-w- c:\windows\system32\TALBC.DLL
2009-12-07 14:56 . 2005-02-11 11:20 163840 ----a-w- c:\windows\system32\FlicPlusSDK_Win32_API.dll
2009-12-07 14:08 . 2009-12-07 14:08
d
w- c:\program files\Free PDF to Word Converter
2009-12-07 13:59 . 2009-12-07 13:59
d
w- c:\program files\Gadwin Systems
2009-12-07 03:21 . 2005-08-30 15:19 1052672 ----a-w- c:\users\THOMAS\AppData\Roaming\Macromedia\Dreamweaver 8\Configuration\Flash Player\FlashPlayerW.dll
2009-12-07 03:16 . 2009-12-07 03:19
d
w- c:\program files\Common Files\Macromedia
2009-12-07 03:16 . 2009-12-07 03:17
d
w- c:\program files\Macromedia
2009-12-07 03:12 . 2009-12-09 05:57
d
w- c:\windows\Downloaded Installations
2009-12-06 14:25 . 2009-12-06 14:25
d
w- c:\users\THOMAS\Option
2009-12-06 12:10 . 2009-12-06 12:10
d
w- c:\users\THOMAS\AppData\Roaming\Cool YouTube To Mp3 Converter
2009-12-06 12:10 . 2009-12-06 12:10
d
w- c:\program files\Cool YouTube To Mp3 Converter
2009-12-05 15:35 . 2009-12-05 15:35
d
w- c:\programdata\InterVideo
2009-12-03 19:23 . 2009-12-03 19:23
d
w- c:\program files\uTorrent
2009-12-03 16:41 . 2009-12-03 16:41 7253504 ----a-w- c:\programdata\Microsoft\Windows Defender\LocalCopy\{02EAB72C-2096-FCEA-5D79-7803DA3F5E5B}-WinX_HD_Video_Converter.exe
2009-12-03 16:41 . 2009-12-03 16:41 599040 ----a-w- c:\programdata\Microsoft\Windows Defender\LocalCopy\{AB7D3D44-05AD-A08E-1890-5C226A2FA7C0}-WinXUpdate.exe
2009-12-03 15:13 . 2009-12-03 15:13 180598 ----a-w- c:\programdata\Microsoft\Windows Defender\LocalCopy\{A9D31B89-E78E-56CE-84FF-49857AF7C907}-aecore.dll
2009-12-03 15:02 . 2009-12-03 14:35 737280 ----a-w- c:\windows\iun6002.exe
2009-12-03 11:08 . 2009-12-03 11:08
d
w- c:\users\THOMAS\AppData\Roaming\Aunsoft
2009-12-03 11:08 . 2009-12-03 11:08
d
w- c:\program files\Aunsoft
2009-12-02 19:08 . 2009-12-17 16:40
d
w- c:\program files\YCIII
2009-12-02 09:57 . 2009-12-02 09:57
d
w- C:\archive_db
2009-12-02 09:54 . 2009-12-02 09:54
d
w- c:\programdata\Paragon
2009-12-02 09:51 . 2009-12-02 05:12 40560 ----a-w- c:\windows\system32\drivers\hotcore3.sys
2009-12-02 09:51 . 2009-12-02 09:51
dc----w- c:\windows\system32\DRVSTORE
2009-12-02 09:50 . 2009-12-02 09:50
d
w- c:\program files\Paragon Software
2009-12-02 09:40 . 2009-12-02 09:40
d
w- C:\backup
2009-12-02 05:12 . 2009-12-02 05:12 4254224 ----a-w- c:\windows\system32\qtp-mt334.dll
2009-12-02 05:12 . 2009-12-02 05:12 249872 ----a-w- c:\windows\system32\prgiso.dll
2009-12-02 05:12 . 2009-12-02 05:12 385544 ----a-w- c:\windows\system32\drivers\Uim_IM.sys
2009-12-02 05:12 . 2009-12-02 05:12 34392 ----a-w- c:\windows\system32\drivers\UimBus.sys
2009-12-02 05:12 . 2009-12-02 05:12 261416 ----a-w- c:\windows\system32\drivers\UimFIO.sys
2009-12-01 09:28 . 2009-12-01 09:28
d
w- c:\users\THOMAS\AppData\Local\Corner-A
2009-12-01 09:27 . 2009-12-01 09:27
d
w- c:\program files\Corner-A
2009-11-30 12:12 . 2007-04-09 02:47 61440 ----a-w- c:\windows\vm305_sti.exe
2009-11-30 12:12 . 2007-03-27 17:24 49152 ----a-w- c:\windows\VM301Snap.exe
2009-11-30 12:12 . 2009-11-30 12:12
d
w- c:\program files\Vimicro
2009-11-30 11:59 . 2009-11-30 11:59
d
w- c:\windows\EffectResources
2009-11-30 11:58 . 2007-04-09 02:47 474368 ----a-w- c:\windows\system32\drivers\vvftav.sys
2009-11-30 11:58 . 2007-04-09 02:47 46080 ----a-w- c:\windows\system32\VvFtCtrl.dll
2009-11-30 11:58 . 2007-04-09 02:47 81920 ----a-w- c:\windows\system32\VM305STI.dll
2009-11-30 11:58 . 2007-04-09 02:47 200704 ----a-w- c:\windows\RegUnstal.dll
2009-11-30 11:58 . 2007-04-09 02:47 176128 ----a-w- c:\windows\amcap.exe
2009-11-30 11:58 . 2007-04-09 02:47 1466624 ----a-w- c:\windows\system32\drivers\usbVM305.sys
2009-11-30 11:58 . 2007-04-09 02:47 122880 ----a-w- c:\windows\rm305.exe
2009-11-30 11:58 . 2007-04-09 02:47 114688 ----a-w- c:\windows\VM305Cap.exe
2009-11-30 02:03 . 2009-12-26 14:23
d
w- C:\Downloads
2009-11-30 01:55 . 2009-11-30 01:55 716320 ----a-w- c:\programdata\Microsoft\Windows Defender\LocalCopy\{398D1ACE-E254-CF79-0489-8ADFFC2B31D0}-PSISetup.exe
2009-11-29 20:17 . 2009-11-29 20:17
d
w- c:\users\THOMAS\AppData\Local\xmltv
2009-11-29 01:43 . 2009-07-19 11:05 411704 ----a-w- c:\windows\system32\pwNative.exe
2009-11-29 01:43 . 2009-07-19 11:05 16456 ----a-w- c:\windows\system32\pwdrvio.sys
2009-11-29 01:43 . 2009-07-19 11:05 11088 ----a-w- c:\windows\system32\pwdspio.sys
2009-11-29 01:43 . 2009-11-29 01:57
d
w- c:\program files\Partition Wizard Home Edition 4.0
2009-11-28 19:37 . 2009-11-28 19:37
d
w- c:\windows\PCHEALTH
2009-11-28 19:06 . 2009-10-29 07:22 2048 ----a-w- c:\windows\system32\tzres.dll
2009-11-28 13:54 . 2009-11-29 02:08
d
w- C:\tmpDownload
2009-11-27 10:29 . 2009-10-29 11:57 105472 ----a-w- c:\windows\PreConvert.dll
2009-11-26 23:52 . 2009-11-11 14:50 311296 ----a-w- c:\windows\system32\TubeFinder.exe
2009-11-26 23:52 . 2009-06-19 18:51 9728 ----a-w- c:\windows\system32\PCCLPFR.DLL
2009-11-26 23:52 . 2009-06-19 18:51 119568 ----a-w- c:\windows\system32\VB6FR.DLL
2009-11-26 23:52 . 2009-06-19 18:51 101888 ----a-w- c:\windows\system32\VB6STKIT.DLL
2009-11-26 23:52 . 2009-11-26 23:54
d
w- c:\users\THOMAS\AppData\Roaming\FreeFLVConverter
2009-11-26 23:52 . 2009-11-26 23:52
d
w- c:\program files\Free FLV Converter
2009-11-26 23:52 . 2009-06-19 18:51 32768 ----a-w- c:\windows\system32\CMDLGFR.DLL
2009-11-26 23:52 . 2009-06-19 18:51 141312 ----a-w- c:\windows\system32\MSCMCFR.DLL0 -
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-26 16:45 . 2009-11-15 01:36
d
w- c:\users\THOMAS\AppData\Roaming\Orbit
2009-12-26 14:25 . 2009-11-21 02:48
d
w- c:\program files\Orbitdownloader
2009-12-25 20:16 . 2009-11-18 00:21
d
w- c:\users\THOMAS\AppData\Roaming\uTorrent
2009-12-25 18:29 . 2009-11-14 11:12
d
w- c:\users\THOMAS\AppData\Roaming\Vista Start Menu
2009-12-25 05:48 . 2008-08-28 19:03
d--h--w- c:\program files\InstallShield Installation Information
2009-12-25 05:39 . 2009-10-28 09:00
d
w- c:\programdata\Birdstep Technology
2009-12-24 01:15 . 2009-11-15 22:25
d
w- c:\users\THOMAS\AppData\Roaming\vlc
2009-12-19 23:05 . 2009-11-11 00:19 400 ----a-w- c:\users\THOMAS\AppData\Roaming\wklnhst.dat
2009-12-17 16:41 . 2009-11-19 17:49
d
w- c:\program files\TotalCMD
2009-12-17 16:36 . 2009-11-24 15:00
d
w- c:\program files\Ashampoo
2009-12-17 03:01 . 2009-11-19 17:47
d
w- c:\users\THOMAS\AppData\Roaming\Notepad++
2009-12-16 19:26 . 2009-11-19 17:42 146432 ----a-w- c:\users\THOMAS\AppData\Local\GDIPFONTCACHEV1.DAT
2009-12-15 02:57 . 2008-08-28 18:55
d
w- c:\program files\Intel
2009-12-15 02:49 . 2008-08-28 19:29
d
w- c:\programdata\Microsoft Help
2009-12-09 16:02 . 2009-10-28 05:47 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-12-09 06:30 . 2009-12-09 06:30
d
w- c:\program files\Common Files\TAS Software
2009-12-08 21:08 . 2009-12-08 21:08
d
w- c:\program files\Softinterface, Inc
2009-12-07 14:53 . 2009-11-26 18:29
d
w- c:\programdata\NCH Software
2009-12-07 03:12 . 2008-08-28 19:02
d
w- c:\program files\Common Files\InstallShield
2009-12-07 00:12 . 2009-07-14 04:52
d
w- c:\program files\MSBuild
2009-12-07 00:06 . 2009-11-06 20:04
d
w- c:\program files\Microsoft Visual Studio 8
2009-12-04 12:38 . 2009-10-28 04:46
d
w- c:\users\THOMAS\AppData\Roaming\OpenOffice.org2
2009-12-04 12:36 . 2009-10-28 04:46 1 ----a-w- c:\users\THOMAS\AppData\Roaming\OpenOffice.org2\user\uno_packages\cache\stamp.sys
2009-12-03 16:31 . 2009-11-21 09:42
d
w- c:\program files\Digiarty
2009-11-30 02:06 . 2009-11-19 17:46 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-11-30 02:06 . 2009-10-28 09:36
d
w- c:\program files\java
2009-11-26 18:25 . 2009-11-26 18:25
d
w- c:\program files\Windows Media Components
2009-11-26 00:01 . 2009-11-25 11:57
d
w- c:\users\THOMAS\AppData\Roaming\IObit
2009-11-23 22:44 . 2009-11-23 22:42
d
w- c:\program files\Free Hide Folder
2009-11-23 15:48 . 2009-11-23 15:48
d
w- c:\program files\Opera
2009-11-23 10:02 . 2009-11-23 08:40
d
w- c:\users\THOMAS\AppData\Roaming\Ahead
2009-11-23 08:41 . 2009-11-23 08:41
d
w- c:\users\THOMAS\AppData\Roaming\Simple Star
2009-11-23 08:36 . 2009-11-23 08:36
d
w- c:\program files\Common Files\Nero
2009-11-23 08:35 . 2009-11-23 08:35
d
w- c:\programdata\Ahead
2009-11-23 08:35 . 2009-11-23 08:35
d
w- c:\program files\Common Files\Ahead
2009-11-22 13:26 . 2009-10-28 23:20
d
w- c:\users\THOMAS\AppData\Roaming\KeePass
2009-11-19 21:53 . 2009-11-11 10:01
d
w- c:\program files\watermarker
2009-11-19 19:43 . 2009-11-19 19:43 546624 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2009-11-19 18:53 . 2009-11-19 18:53
d
w- c:\users\THOMAS\AppData\Roaming\Apple Computer
2009-11-19 18:32 . 2009-11-19 18:32 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_09_00.Wdf
2009-11-19 18:18 . 2009-10-29 04:52
d
w- c:\programdata\Yahoo!
2009-11-19 18:17 . 2009-10-30 07:01
d
w- c:\programdata\Skype
2009-11-19 18:13 . 2009-11-19 18:07
d
w- c:\users\THOMAS\AppData\Roaming\Skype
2009-11-19 17:49 . 2009-11-19 17:49
d
w- c:\program files\MagicISO
2009-11-19 17:48 . 2009-11-19 17:48
d
w- c:\program files\WinSCP
2009-11-19 17:47 . 2009-11-19 17:47
d
w- c:\programdata\Apple Computer
2009-11-19 17:47 . 2009-11-19 17:47
d
w- c:\program files\Notepad++
2009-11-19 17:47 . 2009-11-19 17:46
d
w- c:\program files\ffdshow
2009-11-19 17:45 . 2009-11-19 17:45
d
w- c:\program files\AC3Filter
2009-11-19 17:30 . 2009-11-19 17:30 21316 ----a-w- c:\windows\system32\emptyregdb.dat
2009-11-19 17:16 . 2009-10-28 09:46
d
w- c:\programdata\WinZip
2009-11-19 17:15 . 2009-11-15 22:24
d
w- c:\program files\VideoLAN
2009-11-19 17:15 . 2009-11-03 12:59
d
w- c:\program files\Tesco Internet Phone
2009-11-19 17:15 . 2009-10-31 22:43
d
w- c:\program files\treasure of persia
2009-11-19 17:15 . 2009-11-19 10:46
d
w- c:\program files\Serif
2009-11-19 17:15 . 2008-08-28 19:03
d
w- c:\program files\Realtek
2009-11-19 17:15 . 2009-11-02 15:39
d
w- c:\program files\PhonerLite
2009-11-19 17:15 . 2009-10-28 09:42
d
w- c:\program files\OpenOffice.org 2.4
2009-11-19 17:14 . 2009-10-28 09:38
d
w- c:\program files\open office
2009-11-19 17:14 . 2008-08-28 19:06
d
w- c:\program files\Oberon Media
2009-11-19 17:14 . 2009-10-28 09:35
d
w- c:\program files\NitroRacers
2009-11-19 17:14 . 2008-08-28 19:24
d
w- c:\program files\NewTech Infosystems
2009-11-19 17:14 . 2008-08-28 19:32
d
w- c:\program files\Microsoft Works
2009-11-19 17:14 . 2008-08-28 19:31
d
w- c:\program files\Microsoft.NET
2009-11-19 17:14 . 2009-10-30 03:47
d
w- c:\program files\Microsoft Silverlight
2009-11-19 17:13 . 2009-11-18 04:40
d
w- c:\program files\Malwarebytes' Anti-Malware
2009-11-19 17:13 . 2009-10-28 19:05
d
w- c:\program files\Microsoft
2009-11-19 17:13 . 2009-10-28 09:36
d
w- c:\program files\licenses
2009-11-19 17:13 . 2009-07-14 04:52
d
w- c:\program files\Microsoft Games
2009-11-19 17:13 . 2009-10-29 17:00
d
w- c:\program files\LG PC Suite
2009-11-19 17:13 . 2009-10-29 17:02
d
w- c:\program files\LG Electronics
2009-11-19 17:13 . 2009-10-28 08:53
d
w- c:\program files\Launch Manager
2009-11-19 17:13 . 2009-10-28 09:05
d
w- c:\program files\InterVideo
2009-11-19 17:13 . 2009-11-03 23:04
d
w- c:\program files\Inpaint
2009-11-19 17:13 . 2008-08-28 19:18
d
w- c:\program files\Google
2009-11-19 17:12 . 2009-11-05 23:03
d
w- c:\program files\Freshtel internet phone
2009-11-19 17:12 . 2008-08-28 19:06
d
w- c:\program files\eMachines GameZone
2009-11-19 15:51 . 2009-10-28 18:25 12 ----a-w- c:\windows\bthservsdp.dat
2009-11-18 17:51 . 2009-11-18 17:51 4520817 ----a-w- c:\windows\system32\Scenic.scr
2009-11-18 17:51 . 2009-11-18 17:51 3411325 ----a-w- c:\windows\system32\Out and About.scr
2009-11-18 17:51 . 2009-11-18 17:51 15688 ----a-w- c:\users\THOMAS\AppData\Roaming\Microsoft\IM-HM\Giftpack from Hotmail.exe
2009-11-15 01:36 . 2009-11-15 01:36
d
w- c:\users\THOMAS\AppData\Roaming\GrabPro
2009-11-13 22:41 . 2009-11-13 22:41 2141 ----a-w- c:\users\THOMAS\AppData\Roaming\.purple\certificates\x509\tls_peers\omega.contacts.msn.com
2009-11-13 22:41 . 2009-11-13 22:41 2095 ----a-w- c:\users\THOMAS\AppData\Roaming\.purple\certificates\x509\tls_peers\login.live.com
2009-11-12 16:27 . 2009-11-18 17:51 16480600 ----a-w- c:\users\THOMAS\AppData\Roaming\Microsoft\IM-HM\im-hm-uninst.exe
2009-11-10 19:43 . 2009-11-10 19:43 86016 ----a-w- c:\programdata\NOS\Adobe_Downloads\arh.exe
2009-11-08 02:01 . 2009-10-29 05:29 38976 ----a-w- c:\windows\system32\drivers\pssdk42.sys
2009-11-08 01:07 . 2009-10-31 02:02
d
w- c:\users\THOMAS\AppData\Roaming\SUPERAntiSpyware.com
2009-11-07 11:15 . 2009-11-07 11:02
d
w- c:\users\THOMAS\AppData\Roaming\Comodo
2009-11-07 10:58 . 2009-11-07 10:59 74328 ----a-w- c:\windows\system32\drivers\inspect.sys
2009-11-05 14:14 . 2009-11-05 14:14 230912 ----a-w- c:\windows\system32\drivers\Rt86win7.sys
2009-11-04 02:34 . 2009-11-04 02:34 31 ---ha-w- c:\windows\UKCpInfo.sys
2009-11-02 20:42 . 2009-10-31 02:11 195456
w- c:\windows\system32\MpSigStub.exe
2009-11-01 05:17 . 2009-11-01 05:17 807136 ----a-w- c:\programdata\Skype\Plugins\Plugins\7DB369C197CB421699AA8B7A9C0420FC\FaxtasticForSkype.exe
2009-11-01 05:17 . 2009-11-01 05:17 155648 ----a-w- c:\programdata\Skype\Plugins\Plugins\7DB369C197CB421699AA8B7A9C0420FC\Interop.SKYPE4COMLib.dll
2009-11-01 05:17 . 2009-11-01 05:17 1136600 ----a-w- c:\programdata\Skype\Plugins\Plugins\7DB369C197CB421699AA8B7A9C0420FC\FaxtasticForSkypeSetup.exe
2009-10-31 19:08 . 2009-10-31 19:08 53760 ----a-w- c:\programdata\Skype\Plugins\Plugins\962C58B9C93944A28A0B82EF9F85A392\zlib.dll
2009-10-31 19:08 . 2009-10-31 19:08 42496 ----a-w- c:\programdata\Skype\Plugins\Plugins\962C58B9C93944A28A0B82EF9F85A392\PrettyMayRemover.exe
2009-10-31 19:08 . 2009-10-31 19:08 40448 ----a-w- c:\programdata\Skype\Plugins\Plugins\962C58B9C93944A28A0B82EF9F85A392\PrettyMayLoader.exe
2009-10-31 19:08 . 2009-10-31 19:08 3690496 ----a-w- c:\programdata\Skype\Plugins\Plugins\962C58B9C93944A28A0B82EF9F85A392\PrettyMay.exe
2009-12-02 18:50 . 2009-12-02 18:51 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
2009-06-10 21:26 . 2009-07-14 02:04 9633792 --sha-r- c:\windows\Fonts\StaticCache.dat
2009-07-14 01:14 . 2009-07-13 23:42 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-10-28 68856]
"VistaStartMenu"="c:\program files\Vista Start Menu\VistaStartMenu.exe" [2009-11-11 2752856]
"Gadwin PrintScreen"="c:\program files\Gadwin Systems\PrintScreen\PrintScreen.exe" [2008-12-09 495616]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2008-06-27 6244896]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"BkupTray"="c:\program files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe" [2008-04-07 34040]
"WarReg_PopUp"="c:\program files\eMachines\WR_PopUp\WarReg_PopUp.exe" [2008-05-10 49152]
"LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2008-07-25 768520]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-11-30 149280]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2009-12-02 30192]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-08-13 135168]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-08-13 167424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-08-13 144384]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BigD!!!05]
2007-04-09 02:47 61440 ----a-w- c:\windows\vm305_sti.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2008-10-25 11:44 31072 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes Anti-Malware (reboot)]
2009-09-10 14:53 1312080 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbam.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2009-10-28 08:50 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
R0 hotcore3;hc3ServiceName;c:\windows\System32\drivers\hotcore3.sys [02/12/2009 09:51 40560]
R1 PSSDK42;PSSDK42;c:\windows\System32\drivers\pssdk42.sys [29/10/2009 05:29 38976]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [28/10/2009 05:47 108289]
R2 BUNAgentSvc;NTI Backup Now 5 Agent Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe [03/03/2008 20:11 16384]
R2 ETService;Empowering Technology Service;c:\program files\eMachines\eMachines Recovery Management\Service\ETService.exe [28/10/2009 09:00 24576]
R2 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [07/04/2008 05:42 50424]
R2 regi;regi;c:\windows\System32\drivers\regi.sys [18/04/2007 03:09 11032]
R2 SCRCAMHRDRV;ScreenCamera HR;c:\windows\System32\drivers\SCRCAMHRDRV.sys [09/12/2009 19:59 234304]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\System32\drivers\Rt86win7.sys [05/11/2009 14:14 230912]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [19/11/2009 10:24 135664]
S2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [04/04/2008 10:03 131072]
S3 DfSdkS;Defragmentation-Service;c:\program files\Ashampoo\Ashampoo WinOptimizer 2010 Advanced\DfSdkS.exe [17/12/2009 16:36 406016]
S3 GoogleDesktopManager-110309-193829;Google Desktop Manager 5.9.911.3589;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [28/08/2008 19:18 30192]
S3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\System32\drivers\massfilter.sys [07/09/2009 14:55 7168]
S3 Partner Service;Partner Service;c:\programdata\Partner\partner.exe [28/10/2009 08:50 110576]
S3 pwdrvio;pwdrvio;c:\windows\System32\pwdrvio.sys [29/11/2009 01:43 16456]
S3 pwdspio;pwdspio;c:\windows\System32\pwdspio.sys [29/11/2009 01:43 11088]
S3 vvftav;vvftav;c:\windows\System32\drivers\vvftav.sys [30/11/2009 11:58 474368]
S3 w7Svc;webcam 7 Service;c:\program files\webcam 7\wService.exe [23/10/2009 15:09 3806720]
S3 ZSMC0305;Vimicro USB PC Camera(ZC0301ZN);c:\windows\System32\drivers\usbVM305.sys [30/11/2009 11:58 1466624]
.
Supplementary Scan
.
uStart Page = hxxp://www.google.co.uk/
mStart Page = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0809&s=2&o=vb32&d=1009&m=e520
IE: &Download by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/204
IE: Do&wnload selected by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/202
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
TCP: {e4768a70-a044-43b0-9ad6-b5b7cc35ec4c} = 141.1.1.1 195.27.1.1
FF - ProfilePath - c:\users\THOMAS\AppData\Roaming\Mozilla\Firefox\Profiles\ka812aqn.default\
FF - prefs.js: browser.search.selectedEngine - GoogleFeed.net
FF - prefs.js: browser.startup.homepage - hxxp://search.orbitdownloader.com
FF - component: c:\program files\Mozilla Firefox\components\GoogleDesktopMozilla.dll
FF - component: c:\program files\Orbitdownloader\addons\OneClickYouTubeDownloader\components\GrabXpcom.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - ORPHANS REMOVED - - - -
BHO-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
Toolbar-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKLM-Run-NetWorx - c:\program files\NetWorx\networx.exe
AddRemove-Convert XLS_is1 - c:\program files\Softinterface
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\w7Svc]
"ImagePath"="c:\program files\webcam 7\wService.exe /startedbyscm:5053B757-40E35B3B-webcam7SRV"
.
LOCKED REGISTRY KEYS
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0008\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2009-12-26 20:43:25
ComboFix-quarantined-files.txt 2009-12-26 20:43
Pre-Run: 121,192,058,880 bytes free
Post-Run: 121,188,388,864 bytes free
- - End Of File - - 578396D8BD3F97CB20A5539BB121DA570 -
Mate ~ your definitely still infected
You also have possibly the most amount of cr*p running on a computer I think ive ever seen!
I gave up going through the log proper there was so much to wade through so id recommend as follows ~
Download CCLEANER
http://www.ccleaner.com/download/builds/downloading-slim
Run the CLEANER scan (UNTICK 'cookies')
Then run the REGISTRY scan (Backup the registry when it asks)
........................................................
Download and run the FREE version of DR WEB
http://www.freedrweb.com/download+cureit/gr/
Turn your anti virus OFF
It will auto QUICK scan
After that set to scan the WHOLE computer and press the 'play' icon
***DO NOT UPGRADE TO FULL VERSION***
After thats run, do another combofix log:idea:0 -
I got this laptop 2nd hand a couple of weeks ago,Ive just removed alot of the programs I don't need and gained around 10gb of space.
Done a scan with Dr Web and it didnt find anything and cleaned up with ccleaner.
Heres another combofix log.
ComboFix 09-12-26.01 - THOMAS 27/12/2009 3:12.3.1 - x86
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.44.1033.18.954.191 [GMT 0:00]
Running from: c:\users\THOMAS\Desktop\ComboFix.exe
.
((((((((((((((((((((((((( Files Created from 2009-11-27 to 2009-12-27 )))))))))))))))))))))))))))))))
.
2009-12-27 03:24 . 2009-12-27 03:24
d
w- c:\users\Default\AppData\Local\temp
2009-12-27 03:23 . 2009-12-27 03:23
d
w- c:\users\THOMAS\Tracing
2009-12-27 03:11 . 2009-12-27 03:11
d
w- C:\32788R22FWJFW
2009-12-27 01:36 . 2009-12-27 01:36
d
w- c:\users\THOMAS\AppData\Roaming\InstallShield
2009-12-26 20:32 . 2009-12-26 20:32
d
w- c:\users\THOMAS\AppData\Local\ElevatedDiagnostics
2009-12-26 19:44 . 2009-12-26 19:44 168960 ----a-w- c:\programdata\Microsoft\Windows Defender\LocalCopy\{9B653D38-35F0-EF3B-CF4E-AC64F36C4B69}-msa.exe
2009-12-26 17:27 . 2009-12-26 17:27 168960 ----a-w- c:\programdata\Microsoft\Windows Defender\LocalCopy\{D8A885C6-441C-690C-23B4-7E09CF1B08FF}-msa.exe
2009-12-26 14:00 . 2009-12-26 14:00 168960 ----a-w- c:\programdata\Microsoft\Windows Defender\LocalCopy\{F0523EF0-98D1-14B6-CD91-B6FCE4EB735C}-msa.exe
2009-12-25 21:46 . 2009-12-25 21:46 168960 ----a-w- c:\programdata\Microsoft\Windows Defender\LocalCopy\{5CA7EF3E-9F2A-967E-0639-2135834F0EFD}-msa.exe
2009-12-25 18:52 . 2009-12-25 18:52 173568 ----a-w- c:\programdata\Microsoft\Windows Defender\LocalCopy\{DF7013C2-E025-067A-5056-5D12F68ED7EC}-c.exe
2009-12-25 18:52 . 2009-12-25 18:52 168960 ----a-w- c:\programdata\Microsoft\Windows Defender\LocalCopy\{04F1636A-C89C-A0E3-4ACC-B7D002245B3D}-msa.exe
2009-12-25 05:49 . 2009-12-25 05:49
d
w- c:\users\THOMAS\AppData\Roaming\Birdstep Technology
2009-12-25 05:48 . 2009-12-25 05:49
d
w- c:\program files\ZTE_MF627_LEGACY_DRIVER_1.2059.0.4
2009-12-25 05:48 . 2009-12-25 05:48
d
w- c:\program files\3 Mobile Broadband
2009-12-24 21:46 . 2009-12-24 21:46 55296 ----a-w- c:\programdata\Microsoft\Windows Defender\LocalCopy\{A6C96B41-66E4-43A5-0403-A94F6170984E}-earthps.dll
2009-12-24 01:36 . 2009-12-24 01:51
d--h--w- c:\program files\NetWorx
2009-12-22 20:01 . 2009-12-22 20:01
d
w- c:\users\THOMAS\AppData\Roaming\Aleo Software
2009-12-21 23:04 . 2009-12-21 23:04
d
w- c:\windows\2DB4C5DAF3D74A6DB535FC424FFD9EA6.TMP
2009-12-19 06:00 . 2009-12-19 06:00
d
w- c:\program files\GPLGS
2009-12-17 17:13 . 2009-12-17 17:13 23949312 ----a-w- c:\programdata\Microsoft\Windows Defender\LocalCopy\{C1F4FDA1-DB4E-D129-5736-7B11A4CD3F1E}-WWTExplorer.exe
2009-12-17 16:33 . 2009-12-17 16:33
d
w- c:\users\THOMAS\AppData\Local\Microsoft_Research
2009-12-17 09:16 . 2009-12-27 00:15
d
w- c:\users\THOMAS\AppData\Roaming\FILEminimizerPictures
2009-12-17 03:28 . 2009-12-27 00:09
d
w- c:\users\THOMAS\AppData\Local\Deployment
2009-12-16 03:51 . 2009-12-16 03:51 94 ----a-w- c:\users\THOMAS\AppData\Local\fusioncache.dat
2009-12-16 03:46 . 2009-12-16 06:12
d
w- c:\users\THOMAS\AppData\Local\intuit
2009-12-15 23:00 . 2009-12-15 23:00
d
w- c:\users\THOMAS\AppData\Local\Boldchat
2009-12-15 02:57 . 2009-08-13 14:16 398848 ----a-w- c:\windows\system32\TVWizudlg.exe
2009-12-15 02:57 . 2009-08-13 14:16 140288 ----a-w- c:\windows\system32\igfxtvcx.dll
2009-12-15 02:51 . 2009-12-15 02:51
d
w- c:\windows\system32\x64
2009-12-14 16:11 . 2009-12-14 16:11
d
w- c:\users\THOMAS\AppData\Roaming\Nvu
2009-12-13 04:28 . 2009-12-19 06:02
d
w- c:\users\THOMAS\AppData\Local\CutePDF Writer
2009-12-13 04:25 . 2009-11-05 08:39 87552 ----a-w- c:\windows\system32\cpwmon2k.dll
2009-12-13 04:25 . 2009-12-13 04:25
d
w- c:\program files\Acro Software
2009-12-11 19:51 . 2009-12-11 19:51
d
w- c:\users\THOMAS\AppData\Roaming\Download Manager
2009-12-10 02:40 . 2008-08-14 11:08 458752 ----a-w- c:\windows\system32\SimplyPostCodeLookup.dll
2009-12-09 19:59 . 2009-03-27 12:55 234304 ----a-w- c:\windows\system32\drivers\SCRCAMHRDRV.sys
2009-12-09 05:16 . 2009-12-09 05:16
d
w- c:\users\THOMAS\AppData\Local\flamerobin
2009-12-09 02:55 . 2009-12-09 02:55
d
w- c:\users\THOMAS\AppData\Roaming\Bradsoft.com
2009-12-08 01:55 . 2009-12-08 01:55
d
w- c:\program files\Simply Software
2009-12-07 21:55 . 2009-12-07 21:55
d
w- c:\users\THOMAS\AppData\Local\Thunderbird
2009-12-07 21:55 . 2009-12-07 21:55
d
w- c:\users\THOMAS\AppData\Roaming\Thunderbird
2009-12-07 15:15 . 2009-12-07 15:15
d
w- c:\program files\Microsoft SQL Server
2009-12-07 14:56 . 2004-04-21 22:17 393216 ----a-w- c:\windows\system32\iMagicErrorLibrary.dll
2009-12-07 14:56 . 2002-11-21 10:21 161280 ----a-w- c:\windows\system32\TALBC.DLL
2009-12-07 14:56 . 2005-02-11 11:20 163840 ----a-w- c:\windows\system32\FlicPlusSDK_Win32_API.dll
2009-12-07 03:21 . 2005-08-30 15:19 1052672 ----a-w- c:\users\THOMAS\AppData\Roaming\Macromedia\Dreamweaver 8\Configuration\Flash Player\FlashPlayerW.dll
2009-12-07 03:12 . 2009-12-27 00:28
d
w- c:\windows\Downloaded Installations
2009-12-06 12:10 . 2009-12-06 12:10
d
w- c:\users\THOMAS\AppData\Roaming\Cool YouTube To Mp3 Converter
2009-12-05 15:35 . 2009-12-05 15:35
d
w- c:\programdata\InterVideo
2009-12-03 19:23 . 2009-12-03 19:23
d
w- c:\program files\uTorrent
2009-12-03 16:41 . 2009-12-03 16:41 7253504 ----a-w- c:\programdata\Microsoft\Windows Defender\LocalCopy\{02EAB72C-2096-FCEA-5D79-7803DA3F5E5B}-WinX_HD_Video_Converter.exe
2009-12-03 16:41 . 2009-12-03 16:41 599040 ----a-w- c:\programdata\Microsoft\Windows Defender\LocalCopy\{AB7D3D44-05AD-A08E-1890-5C226A2FA7C0}-WinXUpdate.exe
2009-12-03 15:13 . 2009-12-03 15:13 180598 ----a-w- c:\programdata\Microsoft\Windows Defender\LocalCopy\{A9D31B89-E78E-56CE-84FF-49857AF7C907}-aecore.dll
2009-12-03 15:02 . 2009-12-03 14:35 737280 ----a-w- c:\windows\iun6002.exe
2009-12-03 11:08 . 2009-12-03 11:08
d
w- c:\users\THOMAS\AppData\Roaming\Aunsoft
2009-12-02 09:51 . 2009-12-02 05:12 40560 ----a-w- c:\windows\system32\drivers\hotcore3.sys
2009-12-02 09:51 . 2009-12-27 01:03
dc----w- c:\windows\system32\DRVSTORE
2009-12-02 05:12 . 2009-12-02 05:12 4254224 ----a-w- c:\windows\system32\qtp-mt334.dll
2009-12-02 05:12 . 2009-12-02 05:12 249872 ----a-w- c:\windows\system32\prgiso.dll
2009-12-02 05:12 . 2009-12-02 05:12 385544 ----a-w- c:\windows\system32\drivers\Uim_IM.sys
2009-12-02 05:12 . 2009-12-02 05:12 34392 ----a-w- c:\windows\system32\drivers\UimBus.sys
2009-12-02 05:12 . 2009-12-02 05:12 261416 ----a-w- c:\windows\system32\drivers\UimFIO.sys
2009-12-01 09:28 . 2009-12-01 09:28
d
w- c:\users\THOMAS\AppData\Local\Corner-A
2009-11-30 12:12 . 2007-04-09 02:47 61440 ----a-w- c:\windows\vm305_sti.exe
2009-11-30 12:12 . 2007-03-27 17:24 49152 ----a-w- c:\windows\VM301Snap.exe
2009-11-30 12:12 . 2009-11-30 12:12
d
w- c:\program files\Vimicro
2009-11-30 11:59 . 2009-11-30 11:59
d
w- c:\windows\EffectResources
2009-11-30 11:58 . 2007-04-09 02:47 474368 ----a-w- c:\windows\system32\drivers\vvftav.sys
2009-11-30 11:58 . 2007-04-09 02:47 46080 ----a-w- c:\windows\system32\VvFtCtrl.dll
2009-11-30 11:58 . 2007-04-09 02:47 81920 ----a-w- c:\windows\system32\VM305STI.dll
2009-11-30 11:58 . 2007-04-09 02:47 200704 ----a-w- c:\windows\RegUnstal.dll
2009-11-30 11:58 . 2007-04-09 02:47 176128 ----a-w- c:\windows\amcap.exe
2009-11-30 11:58 . 2007-04-09 02:47 1466624 ----a-w- c:\windows\system32\drivers\usbVM305.sys
2009-11-30 11:58 . 2007-04-09 02:47 122880 ----a-w- c:\windows\rm305.exe
2009-11-30 11:58 . 2007-04-09 02:47 114688 ----a-w- c:\windows\VM305Cap.exe
2009-11-30 02:03 . 2009-12-26 14:23
d
w- C:\Downloads
2009-11-30 01:55 . 2009-11-30 01:55 716320 ----a-w- c:\programdata\Microsoft\Windows Defender\LocalCopy\{398D1ACE-E254-CF79-0489-8ADFFC2B31D0}-PSISetup.exe
2009-11-29 20:17 . 2009-11-29 20:17
d
w- c:\users\THOMAS\AppData\Local\xmltv
2009-11-29 01:43 . 2009-07-19 11:05 411704 ----a-w- c:\windows\system32\pwNative.exe
2009-11-29 01:43 . 2009-07-19 11:05 16456 ----a-w- c:\windows\system32\pwdrvio.sys
2009-11-29 01:43 . 2009-07-19 11:05 11088 ----a-w- c:\windows\system32\pwdspio.sys
2009-11-28 19:37 . 2009-11-28 19:37
d
w- c:\windows\PCHEALTH
2009-11-28 19:06 . 2009-10-29 07:22 2048 ----a-w- c:\windows\system32\tzres.dll
2009-11-27 10:29 . 2009-10-29 11:57 105472 ----a-w- c:\windows\PreConvert.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-27 02:30 . 2009-11-14 11:12
d
w- c:\users\THOMAS\AppData\Roaming\Vista Start Menu
2009-12-27 02:24 . 2008-08-28 19:06
d
w- c:\program files\eMachines GameZone
2009-12-27 02:24 . 2009-11-19 17:48
d
w- c:\program files\WinSCP
2009-12-27 02:17 . 2008-08-28 19:03
d--h--w- c:\program files\InstallShield Installation Information
2009-12-27 02:14 . 2009-10-28 19:05
d
w- c:\program files\Microsoft
2009-12-27 02:13 . 2009-10-28 09:36
d
w- c:\program files\java
2009-12-27 01:18 . 2009-11-19 17:42 146432 ----a-w- c:\users\THOMAS\AppData\Local\GDIPFONTCACHEV1.DAT
2009-12-27 01:18 . 2008-08-28 19:18
d
w- c:\program files\Google
2009-12-26 16:45 . 2009-11-15 01:36
d
w- c:\users\THOMAS\AppData\Roaming\Orbit
2009-12-26 14:25 . 2009-11-21 02:48
d
w- c:\program files\Orbitdownloader
2009-12-25 20:16 . 2009-11-18 00:21
d
w- c:\users\THOMAS\AppData\Roaming\uTorrent
2009-12-25 05:39 . 2009-10-28 09:00
d
w- c:\programdata\Birdstep Technology
2009-12-24 01:15 . 2009-11-15 22:25
d
w- c:\users\THOMAS\AppData\Roaming\vlc
2009-12-19 23:05 . 2009-11-11 00:19 400 ----a-w- c:\users\THOMAS\AppData\Roaming\wklnhst.dat
2009-12-17 03:01 . 2009-11-19 17:47
d
w- c:\users\THOMAS\AppData\Roaming\Notepad++
2009-12-15 02:57 . 2008-08-28 18:55
d
w- c:\program files\Intel
2009-12-09 16:02 . 2009-10-28 05:47 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-12-07 03:12 . 2008-08-28 19:02
d
w- c:\program files\Common Files\InstallShield
2009-12-07 00:12 . 2009-07-14 04:52
d
w- c:\program files\MSBuild
2009-12-04 12:38 . 2009-10-28 04:46
d
w- c:\users\THOMAS\AppData\Roaming\OpenOffice.org2
2009-12-04 12:36 . 2009-10-28 04:46 1 ----a-w- c:\users\THOMAS\AppData\Roaming\OpenOffice.org2\user\uno_packages\cache\stamp.sys
2009-11-30 02:06 . 2009-11-19 17:46 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-11-26 23:54 . 2009-11-26 23:52
d
w- c:\users\THOMAS\AppData\Roaming\FreeFLVConverter
2009-11-26 18:25 . 2009-11-26 18:25
d
w- c:\program files\Windows Media Components
2009-11-26 00:01 . 2009-11-25 11:57
d
w- c:\users\THOMAS\AppData\Roaming\IObit
2009-11-23 22:44 . 2009-11-23 22:42
d
w- c:\program files\Free Hide Folder
2009-11-23 15:48 . 2009-11-23 15:48
d
w- c:\program files\Opera
2009-11-23 10:02 . 2009-11-23 08:40
d
w- c:\users\THOMAS\AppData\Roaming\Ahead
2009-11-23 08:41 . 2009-11-23 08:41
d
w- c:\users\THOMAS\AppData\Roaming\Simple Star
2009-11-23 08:35 . 2009-11-23 08:35
d
w- c:\program files\Common Files\Ahead
2009-11-22 13:26 . 2009-10-28 23:20
d
w- c:\users\THOMAS\AppData\Roaming\KeePass
2009-11-19 19:43 . 2009-11-19 19:43 546624 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2009-11-19 18:53 . 2009-11-19 18:53
d
w- c:\users\THOMAS\AppData\Roaming\Apple Computer
2009-11-19 18:32 . 2009-11-19 18:32 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_09_00.Wdf
2009-11-19 18:13 . 2009-11-19 18:07
d
w- c:\users\THOMAS\AppData\Roaming\Skype
2009-11-19 17:47 . 2009-11-19 17:47
d
w- c:\program files\Notepad++
2009-11-19 17:30 . 2009-11-19 17:30 21316 ----a-w- c:\windows\system32\emptyregdb.dat
2009-11-19 17:16 . 2009-10-28 09:46
d
w- c:\programdata\WinZip
2009-11-19 17:16 . 2009-11-15 22:12
d
w- c:\programdata\VistaCodecs
2009-11-19 17:16 . 2009-11-01 03:24
d
w- c:\programdata\n7-89-o9-3r-4t-r9
2009-11-19 17:16 . 2009-10-28 08:50
d
w- c:\programdata\Partner
2009-11-19 17:16 . 2009-10-31 02:04
d
w- c:\programdata\Malwarebytes
2009-11-19 17:16 . 2009-10-28 05:47
d
w- c:\programdata\Avira
2009-11-19 17:16 . 2009-10-28 04:50
d
w- c:\programdata\ashampoo
2009-11-19 17:16 . 2009-11-09 22:22
d
w- c:\program files\Windows Live
2009-11-19 17:16 . 2006-11-02 12:35
d
w- c:\program files\Windows Photo Gallery
2009-11-19 17:16 . 2006-11-02 12:35
d
w- c:\program files\Windows Collaboration
2009-11-19 17:16 . 2006-11-02 12:35
d
w- c:\program files\Windows Calendar
2009-11-19 17:16 . 2009-11-14 11:12
d
w- c:\program files\Vista Start Menu
2009-11-19 17:15 . 2009-11-03 12:59
d
w- c:\program files\Tesco Internet Phone
2009-11-19 17:15 . 2008-08-28 19:03
d
w- c:\program files\Realtek
2009-11-19 17:13 . 2009-11-18 04:40
d
w- c:\program files\Malwarebytes' Anti-Malware
2009-11-19 17:13 . 2009-10-28 09:36
d
w- c:\program files\licenses
2009-11-19 17:13 . 2009-07-14 04:52
d
w- c:\program files\Microsoft Games
2009-11-19 17:13 . 2009-10-28 08:53
d
w- c:\program files\Launch Manager
2009-11-19 17:13 . 2009-10-28 09:05
d
w- c:\program files\InterVideo
2009-11-19 15:51 . 2009-10-28 18:25 12 ----a-w- c:\windows\bthservsdp.dat
2009-11-15 01:36 . 2009-11-15 01:36
d
w- c:\users\THOMAS\AppData\Roaming\GrabPro
2009-11-13 22:41 . 2009-11-13 22:41 2141 ----a-w- c:\users\THOMAS\AppData\Roaming\.purple\certificates\x509\tls_peers\omega.contacts.msn.com
2009-11-13 22:41 . 2009-11-13 22:41 2095 ----a-w- c:\users\THOMAS\AppData\Roaming\.purple\certificates\x509\tls_peers\login.live.com
2009-11-12 16:27 . 2009-11-18 17:51 16480600 ----a-w- c:\users\THOMAS\AppData\Roaming\Microsoft\IM-HM\im-hm-uninst.exe
2009-11-11 14:50 . 2009-11-26 23:52 311296 ----a-w- c:\windows\system32\TubeFinder.exe
2009-11-08 02:01 . 2009-10-29 05:29 38976 ----a-w- c:\windows\system32\drivers\pssdk42.sys
2009-11-08 01:07 . 2009-10-31 02:02
d
w- c:\users\THOMAS\AppData\Roaming\SUPERAntiSpyware.com
2009-11-07 11:15 . 2009-11-07 11:02
d
w- c:\users\THOMAS\AppData\Roaming\Comodo
2009-11-07 10:58 . 2009-11-07 10:59 74328 ----a-w- c:\windows\system32\drivers\inspect.sys
2009-11-05 14:14 . 2009-11-05 14:14 230912 ----a-w- c:\windows\system32\drivers\Rt86win7.sys
2009-11-04 02:34 . 2009-11-04 02:34 31 ---ha-w- c:\windows\UKCpInfo.sys
2009-11-02 20:42 . 2009-10-31 02:11 195456
w- c:\windows\system32\MpSigStub.exe
2009-10-28 23:28 . 2009-10-28 23:28 0 ----a-w- c:\windows\nsreg.dat
2009-10-28 09:07 . 2009-10-28 09:07 0 ----a-w- c:\windows\system32\drivers\eMachines_E520_V1.05_LXN050Y00884203B2C1601.MRK
2009-10-28 09:00 . 2009-10-28 09:00 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2009-10-28 08:57 . 2009-10-28 08:57 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_Apfiltr_01005.Wdf
2009-10-28 08:50 . 2009-10-28 08:50 110576 ----a-w- c:\programdata\Partner\partner.exe
2009-10-02 04:06 . 2009-11-20 18:54 728648 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2009-09-30 06:53 . 2009-09-30 06:53 1184768 ----a-w- c:\windows\system32\drivers\athr.sys
2009-12-02 18:50 . 2009-12-02 18:51 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
2009-06-10 21:26 . 2009-07-14 02:04 9633792 --sha-r- c:\windows\Fonts\StaticCache.dat
2009-07-14 01:14 . 2009-07-13 23:42 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-10-28 68856]
"VistaStartMenu"="c:\program files\Vista Start Menu\VistaStartMenu.exe" [2009-11-11 2752856]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2008-06-27 6244896]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"WarReg_PopUp"="c:\program files\eMachines\WR_PopUp\WarReg_PopUp.exe" [2008-05-10 49152]
"LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2008-07-25 768520]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2009-12-02 30192]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-08-13 135168]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-08-13 167424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-08-13 144384]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-11-30 149280]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes Anti-Malware (reboot)]
2009-09-10 14:53 1312080 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbam.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2009-10-28 08:50 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
R1 PSSDK42;PSSDK42;c:\windows\System32\drivers\pssdk42.sys [29/10/2009 05:29 38976]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [28/10/2009 05:47 108289]
R2 ETService;Empowering Technology Service;c:\program files\eMachines\eMachines Recovery Management\Service\ETService.exe [28/10/2009 09:00 24576]
R2 regi;regi;c:\windows\System32\drivers\regi.sys [18/04/2007 03:09 11032]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\System32\drivers\Rt86win7.sys [05/11/2009 14:14 230912]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [19/11/2009 10:24 135664]
S2 SCRCAMHRDRV;ScreenCamera HR;c:\windows\System32\drivers\SCRCAMHRDRV.sys [09/12/2009 19:59 234304]
S3 GoogleDesktopManager-110309-193829;Google Desktop Manager 5.9.911.3589;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [28/08/2008 19:18 30192]
S3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\System32\drivers\massfilter.sys [07/09/2009 14:55 7168]
S3 Partner Service;Partner Service;c:\programdata\Partner\partner.exe [28/10/2009 08:50 110576]
S3 pwdrvio;pwdrvio;c:\windows\System32\pwdrvio.sys [29/11/2009 01:43 16456]
S3 pwdspio;pwdspio;c:\windows\System32\pwdspio.sys [29/11/2009 01:43 11088]
S3 vvftav;vvftav;c:\windows\System32\drivers\vvftav.sys [30/11/2009 11:58 474368]
S3 ZSMC0305;Vimicro USB PC Camera(ZC0301ZN);c:\windows\System32\drivers\usbVM305.sys [30/11/2009 11:58 1466624]
--- Other Services/Drivers In Memory ---
*Deregistered* - UBHelper
.
Supplementary Scan
.
uStart Page = hxxp://www.google.co.uk/
mStart Page = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0809&s=2&o=vb32&d=1009&m=e520
IE: &Download by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/204
IE: Do&wnload selected by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/202
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
TCP: {e4768a70-a044-43b0-9ad6-b5b7cc35ec4c} = 141.1.1.1 195.27.1.1
FF - ProfilePath - c:\users\THOMAS\AppData\Roaming\Mozilla\Firefox\Profiles\ka812aqn.default\
FF - prefs.js: browser.search.selectedEngine - GoogleFeed.net
FF - prefs.js: browser.startup.homepage - hxxp://search.orbitdownloader.com
FF - component: c:\program files\Mozilla Firefox\components\GoogleDesktopMozilla.dll
FF - component: c:\program files\Orbitdownloader\addons\OneClickYouTubeDownloader\components\GrabXpcom.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
.
LOCKED REGISTRY KEYS
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
DLLs Loaded Under Running Processes
- - - - - - - > 'Explorer.exe'(4408)
c:\program files\Vista Start Menu\VistaStartMenu.dll
.
Completion time: 2009-12-27 03:29:49
ComboFix-quarantined-files.txt 2009-12-27 03:29
Pre-Run: 130,138,738,688 bytes free
Post-Run: 129,949,974,528 bytes free
- - End Of File - - 6C081002658945D68D7EB4A2D34D71650 -
If you can, I would seriously recommend formatting and starting from scratch
Ill go through the combofix log in time:idea:0
This discussion has been closed.
Confirm your email address to Create Threads and Reply
Categories
- All Categories
- 353.5K Banking & Borrowing
- 254.2K Reduce Debt & Boost Income
- 455.1K Spending & Discounts
- 246.6K Work, Benefits & Business
- 603K Mortgages, Homes & Bills
- 178.1K Life & Family
- 260.6K Travel & Transport
- 1.5M Hobbies & Leisure
- 16K Discuss & Feedback
- 37.7K Read-Only Boards