Results 1 to 2 of 2

Thread: Virtumonde.dll and Microsoft. WindowsSecurityCenter_disabled. Please help!!!

  1. #1
    Junior Member
    Join Date
    Feb 2011
    Posts
    3

    Default Virtumonde.dll and Microsoft. WindowsSecurityCenter_disabled. Please help!!!

    Both viruses in the title description are present in my Spybot SD check. I have ran numerous checks and they re-appear every time. The Microsoft Security virus disables me from running Microsoft Security Essentials. I have recently installed Kaspersky Internet Security and am currently running a scan. Please help me remove these nasty viruses!!



    ComboFix 11-02-25.02 - Nicholas 02/26/2011 22:50:44.1.8 - x64
    Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.4087.1700 [GMT -5:00]
    Running from: c:\users\Nicholas\Downloads\ComboFix.exe
    AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
    SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\Install.exe
    c:\program files (x86)\Search Toolbar
    c:\program files (x86)\Search Toolbar\icon.ico
    c:\program files (x86)\Search Toolbar\SearchToolbar.dll
    c:\program files (x86)\Search Toolbar\SearchToolbarUninstall.exe
    c:\program files (x86)\Search Toolbar\SearchToolbarUpdater.exe
    c:\users\Nicholas\AppData\Local\Microsoft\Windows\Temporary Internet Files\{6D130931-D1E3-4792-95C9-5BC8EE45DC5D}.xps
    c:\users\Public\videos\HP MediaSmart Demo.exe
    c:\windows\Txokia.exe

    .
    ((((((((((((((((((((((((( Files Created from 2011-01-27 to 2011-02-27 )))))))))))))))))))))))))))))))
    .

    2011-02-27 04:06 . 2011-02-27 04:06 -------- d-----w- c:\users\Default\AppData\Local\temp
    2011-02-27 04:06 . 2011-02-27 04:06 -------- d-----w- c:\users\ADMINI~1\AppData\Local\temp
    2011-02-27 04:06 . 2011-02-27 04:06 -------- d-----w- c:\users\Guest\AppData\Local\temp
    2011-02-27 03:50 . 2010-10-06 01:26 109240 ----a-w- c:\program files (x86)\Mozilla Firefox\extensions\KavAntiBanner@Kaspersky.ru\components\abhelperxpcom.dll
    2011-02-27 03:50 . 2010-10-06 01:27 150200 ----a-w- c:\program files (x86)\Mozilla Firefox\extensions\linkfilter@kaspersky.ru\components\kavlinkfilter.dll
    2011-02-27 03:49 . 2011-02-27 04:11 -------- d-----w- c:\programdata\Kaspersky Lab
    2011-02-27 03:49 . 2011-02-27 03:49 -------- d-----w- c:\program files (x86)\Kaspersky Lab
    2011-02-27 03:48 . 2011-02-27 03:48 -------- d-----w- c:\programdata\Kaspersky Lab Setup Files
    2011-02-27 01:42 . 2011-02-27 01:42 -------- d-----w- c:\users\Nicholas\AppData\Roaming\AVG10
    2011-02-27 01:39 . 2011-02-27 01:39 -------- d--h--w- c:\programdata\Common Files
    2011-02-27 01:39 . 2011-02-27 03:45 -------- d-----w- c:\programdata\AVG10
    2011-02-27 01:38 . 2011-02-27 03:46 -------- d-----w- c:\program files (x86)\AVG
    2011-02-27 01:33 . 2011-02-27 01:38 -------- d-----w- c:\programdata\MFAData
    2011-02-27 00:49 . 2011-02-27 00:49 -------- d-----w- c:\windows\Sun
    2011-02-27 00:48 . 2011-02-27 00:48 52736 --sha-r- c:\windows\SysWow64\mmresh.dll
    2011-02-27 00:13 . 2011-02-27 00:13 -------- d-----w- c:\programdata\InstallMate
    2011-02-26 22:51 . 2010-01-04 03:42 4608 ----a-w- c:\windows\SysWow64\Viveza2FC64.dll
    2011-02-26 22:07 . 2011-02-26 22:07 -------- d-----w- c:\program files (x86)\JMHL Loader
    2011-02-26 21:54 . 2011-02-26 22:09 -------- d-----w- c:\users\Nicholas\AppData\Local\Babylon
    2011-02-26 21:54 . 2011-01-25 20:40 142336 ----a-w- c:\program files (x86)\Mozilla Firefox\BabyFox.dll
    2011-02-26 21:54 . 2011-02-26 21:54 -------- d-----w- c:\program files\Babylon
    2011-02-26 21:54 . 2011-02-26 21:54 -------- d-----w- c:\program files (x86)\Babylon
    2011-02-26 21:54 . 2011-02-26 22:18 -------- d-----w- c:\programdata\Babylon
    2011-02-26 21:54 . 2011-02-26 22:18 -------- d-----w- c:\users\Nicholas\AppData\Roaming\Babylon
    2011-02-24 16:30 . 2011-02-24 16:30 -------- d-----w- c:\users\Nicholas\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
    2011-02-24 12:10 . 2010-09-14 06:45 367104 ----a-w- c:\windows\system32\wcncsvc.dll
    2011-02-24 12:10 . 2010-09-14 06:07 276992 ----a-w- c:\windows\SysWow64\wcncsvc.dll
    2011-02-23 16:15 . 2011-02-26 22:39 -------- d-----w- c:\users\Nicholas\AppData\Roaming\Nik Software
    2011-02-23 16:09 . 2011-02-23 16:09 -------- d-----w- c:\windows\MSSecurityNS
    2011-02-23 16:08 . 2011-02-23 16:08 -------- d-----w- c:\windows\MSSecurityNi
    2011-02-23 16:08 . 2011-02-23 16:44 -------- d-----w- c:\programdata\Nik Software
    2011-02-23 16:08 . 2011-02-23 16:08 -------- d-----w- c:\users\Nicholas\AppData\Local\Nik Software
    2011-02-23 16:07 . 2011-02-23 16:11 -------- d-----w- c:\program files\Nik Software
    2011-02-23 13:47 . 2011-02-23 13:47 -------- d-----w- c:\users\Guest\AppData\Roaming\onOne Software
    2011-02-23 13:46 . 2011-02-23 13:46 -------- d-----w- c:\users\Default\AppData\Roaming\onOne Software
    2011-02-23 13:46 . 2011-02-23 13:46 -------- d-----w- c:\users\Brian\AppData\Roaming\onOne Software
    2011-02-23 13:42 . 2011-02-03 21:44 227840 ----a-w- c:\windows\SysWow64\Deco_32.dll
    2011-02-23 13:41 . 2011-02-23 13:45 -------- d-----w- c:\program files\onOne Software
    2011-02-23 13:41 . 2011-02-23 13:41 -------- d-----w- c:\windows\SysWow64\spool
    2011-02-23 13:41 . 2011-02-03 21:47 66560 ----a-w- c:\windows\system32\nlssrv32.exe
    2011-02-23 13:09 . 2011-02-23 13:48 -------- d-----w- c:\program files (x86)\onOne Software
    2011-02-23 13:09 . 2011-02-26 16:33 -------- d-----w- c:\users\Nicholas\AppData\Roaming\onOne Software
    2011-02-23 13:08 . 2011-02-23 13:45 -------- d-----w- c:\programdata\onOne Software
    2011-02-23 12:33 . 2011-01-07 08:07 662528 ----a-w- c:\windows\system32\XpsPrint.dll
    2011-02-23 12:33 . 2011-01-07 07:31 442880 ----a-w- c:\windows\SysWow64\XpsPrint.dll
    2011-02-23 12:33 . 2011-01-07 08:07 475648 ----a-w- c:\windows\system32\XpsGdiConverter.dll
    2011-02-23 12:33 . 2011-01-07 07:31 288256 ----a-w- c:\windows\SysWow64\XpsGdiConverter.dll
    2011-02-15 15:41 . 2011-02-15 15:41 -------- d-----w- c:\users\Nicholas\AppData\Roaming\Hewlett-Packard
    2011-02-15 10:11 . 2011-02-15 10:11 316928 ----a-w- c:\windows\SysWow64\Viveza2FC32.dll
    2011-02-13 16:09 . 2011-02-13 16:09 -------- d-----w- c:\program files (x86)\Common Files\Wise Installation Wizard
    2011-02-12 17:26 . 2011-02-15 21:37 -------- d-----w- c:\users\Nicholas\AppData\Roaming\My Battle for Middle-earth(tm) II Files
    2011-02-02 16:05 . 2011-02-02 16:05 -------- d-----w- c:\users\Nicholas\AppData\Local\Peter_L_Jones
    2011-02-02 16:04 . 2011-02-02 16:04 -------- d-----w- c:\program files (x86)\s3pe
    2011-01-31 01:09 . 2011-02-06 02:13 -------- d-----w- c:\users\Nicholas\AppData\Roaming\Alien Skin
    2011-01-31 01:09 . 2011-01-31 01:09 -------- d-----w- c:\users\Nicholas\AppData\Local\Alien Skin
    2011-01-31 00:48 . 2011-01-31 01:14 -------- d-----w- c:\programdata\Alien Skin
    2011-01-31 00:48 . 2011-01-31 00:48 -------- d-----w- c:\program files\Alien Skin
    2011-01-31 00:44 . 2011-01-31 01:07 -------- d-----w- c:\program files (x86)\Alien Skin
    2011-01-30 22:47 . 2011-01-30 22:47 -------- d-----w- c:\program files\iPod
    2011-01-30 22:47 . 2011-01-30 22:48 -------- d-----w- c:\program files\iTunes
    2011-01-30 19:57 . 2011-01-30 19:57 103864 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\nppdf32.dll
    2011-01-30 19:57 . 2011-01-30 19:57 103864 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\nppdf32.dll
    2011-01-30 15:50 . 2010-04-09 11:06 374664 ----a-w- c:\windows\system32\drivers\netio.sys

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-02-03 21:47 . 2010-11-23 15:54 66560 ----a-w- c:\windows\SysWow64\nlssrv32.exe
    2010-12-23 14:24 . 2010-12-23 14:24 344064 ----a-w- c:\windows\system32\HDREfexProFC64.dll
    2010-12-23 14:24 . 2010-12-23 14:24 316928 ----a-w- c:\windows\SysWow64\HDREfexProFC32.dll
    2010-11-29 22:38 . 2010-11-29 22:38 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx
    2010-11-29 22:38 . 2010-11-29 22:38 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
    2011-02-27 01:01 3911776 ----a-w- c:\program files (x86)\ConduitEngine\ConduitEngin0.dll

    [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
    2011-02-27 01:01 3911776 ----a-w- c:\program files (x86)\Vuze_Remote\tbVuz1.dll

    [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
    2010-09-29 02:44 1400712 ----a-w- c:\program files (x86)\Ask.com\GenericAskToolbar.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
    "{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2010-09-29 1400712]
    "{ba14329e-9550-4989-b3f2-9732e92d17cc}"= "c:\program files (x86)\Vuze_Remote\tbVuz1.dll" [2011-02-27 3911776]
    "{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files (x86)\ConduitEngine\ConduitEngin0.dll" [2011-02-27 3911776]

    [HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
    [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
    [HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
    [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

    [HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]

    [HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "LightScribe Control Panel"="c:\program files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe" [2009-08-20 2363392]
    "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1475072]
    "Google Update"="c:\users\Nicholas\AppData\Local\Google\Update\GoogleUpdate.exe" [2010-10-22 136176]
    "Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2009-06-02 24264488]
    "HPADVISOR"="c:\program files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2009-09-29 1685048]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "HPCam_Menu"="c:\program files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
    "QlbCtrl.exe"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2009-08-20 322104]
    "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
    "HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
    "WirelessAssistant"="c:\program files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2009-07-23 498744]
    "SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
    "AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-07-23 402432]
    "DiscWizardMonitor.exe"="c:\program files (x86)\Seagate\DiscWizard\DiscWizardMonitor.exe" [2008-06-24 1325848]
    "AcronisTimounterMonitor"="c:\program files (x86)\Seagate\DiscWizard\TimounterMonitor.exe" [2008-06-25 904768]
    "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
    "AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-09-22 47904]
    "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
    "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888]
    "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-01-25 421160]
    "BabylonToolbar"="c:\program files (x86)\BabylonToolbar\BabylonToolbar\1.4.19.5\BabylonToolbarsrv.exe" [2010-11-07 286720]
    "AVP"="c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe" [2010-11-03 365336]

    c:\users\Nicholas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    OpenOffice.org 3.2.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-5-20 1195008]

    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-9-4 1081632]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)

    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=c:\progra~2\KASPER~1\KASPER~1\mzvkbd3.dll c:\progra~2\KASPER~1\KASPER~1\sbhook.dll

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
    @="Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
    @="Driver"

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
    "DisableMonitoring"=dword:00000001

    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2010-03-25 51456888]
    R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2010-10-25 40832]
    R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [2009-06-10 5434368]
    R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2010-10-25 72064]
    R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2010-11-11 282616]
    R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-10 174440]
    R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
    R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-10-03 258560]
    R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864]
    R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]
    R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]
    R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-08-09 1255736]
    R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2009-06-10 389120]
    R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
    S1 kl2;kl2;c:\windows\system32\DRIVERS\kl2.sys [2010-06-09 11864]
    S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [2010-04-22 27736]
    S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
    S2 {55662437-DA8C-40c0-AADA-2C816A897A49};Power Control [2010/07/01 15:39];c:\program files (x86)\Hewlett-Packard\Media\DVD\000.fcl [2009-10-17 03:47 146928]
    S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe [2009-03-02 89600]
    S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 27136]
    S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2010-07-16 30520]
    S2 nlsX86cc;Nalpeiron Licensing Service;c:\windows\SysWOW64\nlssrv32.exe [2011-02-03 66560]
    S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
    S2 SgtSch2Svc;Seagate Scheduler2 Service;c:\program files (x86)\Common Files\Seagate\Schedule2\schedul2.exe [2008-06-24 605464]
    S3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2010-04-14 54824]
    S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2009-09-17 35104]
    S3 Com4QLBEx;Com4QLBEx;c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2009-05-05 228408]
    S3 enecir;ENE CIR Receiver;c:\windows\system32\DRIVERS\enecir.sys [2009-06-29 70656]
    S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [2009-07-21 140712]
    S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys [2009-11-03 22544]
    S3 NETw5s64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETw5s64.sys [2010-01-13 7675392]
    S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [2010-06-21 131688]
    S3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2010-09-28 51712]


    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
    Akamai REG_MULTI_SZ Akamai

    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
    2009-08-20 20:24 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
    .
    Contents of the 'Scheduled Tasks' folder

    2011-02-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1771595705-1710500038-3947344727-1003Core.job
    - c:\users\Nicholas\AppData\Local\Google\Update\GoogleUpdate.exe [2010-10-22 19:13]

    2011-02-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1771595705-1710500038-3947344727-1003UA.job
    - c:\users\Nicholas\AppData\Local\Google\Update\GoogleUpdate.exe [2010-10-22 19:13]
    .

    --------- x86-64 -----------


    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "combofix"="c:\combofix\CF3348.cfxxe" [X]
    "SmartMenu"="c:\program files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe" [2009-08-25 610872]
    "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-11-16 171520]
    "AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
    "Seagate Scheduler2 Service"="c:\program files (x86)\Common Files\Seagate\Schedule2\schedhlp.exe" [2008-06-24 136472]
    "SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2010-03-23 487424]
    "BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 112512]
    "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2010-11-30 1436224]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "LoadAppInit_DLLs"=0x1
    "AppInit_DLLs"=c:\progra~2\KASPER~1\KASPER~1\x64\kloehk.dll c:\progra~2\KASPER~1\KASPER~1\x64\sbhook64.dll
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.bing.com/?pc=ZUGO&form=ZGAPHP
    uLocal Page = c:\windows\system32\blank.htm
    mLocal Page = c:\windows\SysWOW64\blank.htm
    IE: Add to Anti-Banner - c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\ie_banner_deny.htm
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
    IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
    IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
    IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    IE: Translate this web page with Babylon - c:\program files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm
    IE: Translate with Babylon - c:\program files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Action.htm
    Trusted Zone: clonewarsadventures.com
    Trusted Zone: freerealms.com
    Trusted Zone: soe.com
    Trusted Zone: sony.com
    Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
    FF - ProfilePath - c:\users\Nicholas\AppData\Roaming\Mozilla\Firefox\Profiles\lbtc7ocz.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://search.babylon.com/web/{searchTerms}?babsrc=browsersearch&AF=17241
    FF - prefs.js: browser.search.selectedEngine - Bing
    FF - prefs.js: browser.startup.homepage - hxxp://www.bing.com/?pc=ZUGO&form=ZGAPHP
    FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?pc=ZUGO&form=ZGAADF&q=
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
    FF - Ext: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - %profile%\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}
    FF - Ext: Search Toolbar: searchtoolbar@zugo.com - %profile%\extensions\searchtoolbar@zugo.com
    .
    - - - - ORPHANS REMOVED - - - -

    Wow6432Node-HKLM-Run-Babylon Client - c:\program files (x86)\Babylon\Babylon-Pro\Babylon.exe
    WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
    WebBrowser-{BA14329E-9550-4989-B3F2-9732E92D17CC} - (no file)
    WebBrowser-{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - (no file)
    HKLM-Run-SynTPEnh - %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
    AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc_apb.exe



    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\{55662437-DA8C-40c0-AADA-2C816A897A49}]
    "ImagePath"="\??\c:\program files (x86)\Hewlett-Packard\Media\DVD\000.fcl"
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------

    [HKEY_USERS\S-1-5-21-1771595705-1710500038-3947344727-1003\Software\SecuROM\License information*]
    "datasecu"=hex:e2,dd,54,88,6f,41,95,78,0d,d8,73,fb,c7,fe,58,c5,dd,f7,51,7e,8c,
    65,93,7f,b7,52,b4,41,3f,fb,44,14,bd,8b,21,bd,28,a6,27,65,9a,bd,fd,b6,50,30,\
    "rkeysecu"=hex:3c,47,d0,2b,65,47,9e,98,db,eb,e4,6d,a9,de,33,48

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"
    "ThreadingModel"="Apartment"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.10"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"
    "ThreadingModel"="Apartment"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    "MSCurrentCountry"=dword:000000b5

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\windows\SysWOW64\rundll32.exe
    c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    c:\program files (x86)\Bonjour\mDNSResponder.exe
    c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
    c:\windows\SysWOW64\PnkBstrA.exe
    c:\windows\SysWOW64\PnkBstrB.exe
    c:\program files (x86)\CyberLink\Shared files\RichVideo.exe
    c:\program files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
    c:\program files (x86)\OpenOffice.org 3\program\soffice.exe
    c:\program files (x86)\OpenOffice.org 3\program\soffice.bin
    c:\program files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
    c:\program files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
    .
    **************************************************************************
    .
    Completion time: 2011-02-26 23:16:33 - machine was rebooted
    ComboFix-quarantined-files.txt 2011-02-27 04:16

    Pre-Run: 226,502,651,904 bytes free
    Post-Run: 225,913,397,248 bytes free

    - - End Of File - - 461CA62A1245C4C31C6138C9CD6B3926

  2. #2
    Member of Team Spybot tashi's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    30,955

    Default

    Hello TeamNinja,

    So that everyone is on the same track please see the forum FAQ which also includes instructions for posting preliminary DDS logs in post #2.
    "BEFORE you POST"(READ this Procedure BEFORE Requesting Assistance)

    Then start a new topic providing the DDS logs as shown in that sticky and a link back to this thread.

    Best regards.
    Microsoft MVP Reconnect 2018-
    Windows Insider MVP 2016-2018
    Microsoft Consumer Security MVP 2006-2016

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •