Hi, just done.
I don't know if i am loosing it but i think the option "Services" has now appeared under Settings & More Tools in the Spybot Start Center. Doubt it matters and maybe i just missed it before somehow. Also the little icons for Avira and Spybot have now gone from the bottom right. Anyway, Ill post the log.
Cheers.
ComboFix 11-12-16.01 - Charmaine 16/12/2011 17:28:47.3.2 - x86
Microsoft Windows 7 Enterprise 6.1.7601.1.1252.44.1033.18.1918.1149 [GMT 0:00]
Running from: c:\users\Charmaine\Desktop\ComboFix.exe
Command switches used :: c:\users\Charmaine\Desktop\CFScript.txt
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Spybot - Search & Destroy *Enabled/Outdated* {1EAF1D03-5480-F3B2-EB14-11F0F5EE2699}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\charmaine\appdata\roaming\mozilla\firefox\profiles\iirg01fc.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}
c:\users\charmaine\appdata\roaming\mozilla\firefox\profiles\iirg01fc.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\chrome.manifest
c:\users\charmaine\appdata\roaming\mozilla\firefox\profiles\iirg01fc.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\chrome\utorrentbar.jar
c:\users\charmaine\appdata\roaming\mozilla\firefox\profiles\iirg01fc.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\components\ConduitAutoCompleteSearch.js
c:\users\charmaine\appdata\roaming\mozilla\firefox\profiles\iirg01fc.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\components\ConduitAutoCompleteSearch.xpt
c:\users\charmaine\appdata\roaming\mozilla\firefox\profiles\iirg01fc.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\components\ConduitToolbar.idl
c:\users\charmaine\appdata\roaming\mozilla\firefox\profiles\iirg01fc.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\components\ConduitToolbar.js
c:\users\charmaine\appdata\roaming\mozilla\firefox\profiles\iirg01fc.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\components\ConduitToolbar.xpt
c:\users\charmaine\appdata\roaming\mozilla\firefox\profiles\iirg01fc.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\components\RadioWMPCore.dll
c:\users\charmaine\appdata\roaming\mozilla\firefox\profiles\iirg01fc.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\components\RadioWMPCore.xpt
c:\users\charmaine\appdata\roaming\mozilla\firefox\profiles\iirg01fc.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\components\RadioWMPCoreGecko19.dll
c:\users\charmaine\appdata\roaming\mozilla\firefox\profiles\iirg01fc.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\defaults\alertSettingsComponent.xml
c:\users\charmaine\appdata\roaming\mozilla\firefox\profiles\iirg01fc.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\defaults\appContextMenu.xml
c:\users\charmaine\appdata\roaming\mozilla\firefox\profiles\iirg01fc.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\defaults\engineContextMenu.xml
c:\users\charmaine\appdata\roaming\mozilla\firefox\profiles\iirg01fc.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\defaults\engineSettings.json
c:\users\charmaine\appdata\roaming\mozilla\firefox\profiles\iirg01fc.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\defaults\fbAlert.js
c:\users\charmaine\appdata\roaming\mozilla\firefox\profiles\iirg01fc.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\defaults\getAppsContextMenu.xml
c:\users\charmaine\appdata\roaming\mozilla\firefox\profiles\iirg01fc.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\defaults\postAppsContextMenu.xml
c:\users\charmaine\appdata\roaming\mozilla\firefox\profiles\iirg01fc.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\defaults\toolbarContextMenu.xml
c:\users\charmaine\appdata\roaming\mozilla\firefox\profiles\iirg01fc.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\defaults\unsharedAppsContextMenu.xml
c:\users\charmaine\appdata\roaming\mozilla\firefox\profiles\iirg01fc.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\install.rdf
c:\users\charmaine\appdata\roaming\mozilla\firefox\profiles\iirg01fc.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\lib\xpcom.js
c:\users\charmaine\appdata\roaming\mozilla\firefox\profiles\iirg01fc.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\META-INF\manifest.mf
c:\users\charmaine\appdata\roaming\mozilla\firefox\profiles\iirg01fc.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\META-INF\zigbert.rsa
c:\users\charmaine\appdata\roaming\mozilla\firefox\profiles\iirg01fc.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\META-INF\zigbert.sf
c:\users\charmaine\appdata\roaming\mozilla\firefox\profiles\iirg01fc.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\searchplugin\conduit.gif
c:\users\charmaine\appdata\roaming\mozilla\firefox\profiles\iirg01fc.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\searchplugin\conduit.ico
c:\users\charmaine\appdata\roaming\mozilla\firefox\profiles\iirg01fc.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\searchplugin\conduit.PNG
c:\users\charmaine\appdata\roaming\mozilla\firefox\profiles\iirg01fc.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\searchplugin\conduit.src
c:\users\charmaine\appdata\roaming\mozilla\firefox\profiles\iirg01fc.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\searchplugin\conduit.xml
c:\users\charmaine\appdata\roaming\mozilla\firefox\profiles\iirg01fc.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\setup.ini
c:\users\charmaine\appdata\roaming\mozilla\firefox\profiles\iirg01fc.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\version.txt
c:\users\charmaine\appdata\roaming\mozilla\firefox\profiles\iirg01fc.default\extensions\engine@conduit.com
c:\users\charmaine\appdata\roaming\mozilla\firefox\profiles\iirg01fc.default\extensions\engine@conduit.com\chrome.manifest
c:\users\charmaine\appdata\roaming\mozilla\firefox\profiles\iirg01fc.default\extensions\engine@conduit.com\chrome\conduitengine.jar
c:\users\charmaine\appdata\roaming\mozilla\firefox\profiles\iirg01fc.default\extensions\engine@conduit.com\components\ConduitAutoCompleteSearch.js
c:\users\charmaine\appdata\roaming\mozilla\firefox\profiles\iirg01fc.default\extensions\engine@conduit.com\components\ConduitAutoCompleteSearch.xpt
c:\users\charmaine\appdata\roaming\mozilla\firefox\profiles\iirg01fc.default\extensions\engine@conduit.com\components\ConduitToolbar.idl
c:\users\charmaine\appdata\roaming\mozilla\firefox\profiles\iirg01fc.default\extensions\engine@conduit.com\components\ConduitToolbar.js
c:\users\charmaine\appdata\roaming\mozilla\firefox\profiles\iirg01fc.default\extensions\engine@conduit.com\components\ConduitToolbar.xpt
c:\users\charmaine\appdata\roaming\mozilla\firefox\profiles\iirg01fc.default\extensions\engine@conduit.com\components\RadioWMPCore.dll
c:\users\charmaine\appdata\roaming\mozilla\firefox\profiles\iirg01fc.default\extensions\engine@conduit.com\components\RadioWMPCore.xpt
c:\users\charmaine\appdata\roaming\mozilla\firefox\profiles\iirg01fc.default\extensions\engine@conduit.com\components\RadioWMPCoreGecko19.dll
c:\users\charmaine\appdata\roaming\mozilla\firefox\profiles\iirg01fc.default\extensions\engine@conduit.com\defaults\alertSettingsComponent.xml
c:\users\charmaine\appdata\roaming\mozilla\firefox\profiles\iirg01fc.default\extensions\engine@conduit.com\defaults\appContextMenu.xml
c:\users\charmaine\appdata\roaming\mozilla\firefox\profiles\iirg01fc.default\extensions\engine@conduit.com\defaults\engineContextMenu.xml
c:\users\charmaine\appdata\roaming\mozilla\firefox\profiles\iirg01fc.default\extensions\engine@conduit.com\defaults\engineSettings.json
c:\users\charmaine\appdata\roaming\mozilla\firefox\profiles\iirg01fc.default\extensions\engine@conduit.com\defaults\fbAlert.js
c:\users\charmaine\appdata\roaming\mozilla\firefox\profiles\iirg01fc.default\extensions\engine@conduit.com\defaults\getAppsContextMenu.xml
c:\users\charmaine\appdata\roaming\mozilla\firefox\profiles\iirg01fc.default\extensions\engine@conduit.com\defaults\postAppsContextMenu.xml
c:\users\charmaine\appdata\roaming\mozilla\firefox\profiles\iirg01fc.default\extensions\engine@conduit.com\defaults\toolbarContextMenu.xml
c:\users\charmaine\appdata\roaming\mozilla\firefox\profiles\iirg01fc.default\extensions\engine@conduit.com\defaults\unsharedAppsContextMenu.xml
c:\users\charmaine\appdata\roaming\mozilla\firefox\profiles\iirg01fc.default\extensions\engine@conduit.com\DualPackage\install.rdf
c:\users\charmaine\appdata\roaming\mozilla\firefox\profiles\iirg01fc.default\extensions\engine@conduit.com\install.rdf
c:\users\charmaine\appdata\roaming\mozilla\firefox\profiles\iirg01fc.default\extensions\engine@conduit.com\lib\xpcom.js
c:\users\charmaine\appdata\roaming\mozilla\firefox\profiles\iirg01fc.default\extensions\engine@conduit.com\META-INF\manifest.mf
c:\users\charmaine\appdata\roaming\mozilla\firefox\profiles\iirg01fc.default\extensions\engine@conduit.com\META-INF\zigbert.rsa
c:\users\charmaine\appdata\roaming\mozilla\firefox\profiles\iirg01fc.default\extensions\engine@conduit.com\META-INF\zigbert.sf
c:\users\charmaine\appdata\roaming\mozilla\firefox\profiles\iirg01fc.default\extensions\engine@conduit.com\searchplugin\conduit.gif
c:\users\charmaine\appdata\roaming\mozilla\firefox\profiles\iirg01fc.default\extensions\engine@conduit.com\searchplugin\conduit.ico
c:\users\charmaine\appdata\roaming\mozilla\firefox\profiles\iirg01fc.default\extensions\engine@conduit.com\searchplugin\conduit.PNG
c:\users\charmaine\appdata\roaming\mozilla\firefox\profiles\iirg01fc.default\extensions\engine@conduit.com\searchplugin\conduit.src
c:\users\charmaine\appdata\roaming\mozilla\firefox\profiles\iirg01fc.default\extensions\engine@conduit.com\searchplugin\conduit.xml
c:\users\charmaine\appdata\roaming\mozilla\firefox\profiles\iirg01fc.default\extensions\engine@conduit.com\setup.ini
c:\users\charmaine\appdata\roaming\mozilla\firefox\profiles\iirg01fc.default\extensions\engine@conduit.com\version.txt
.
.
((((((((((((((((((((((((( Files Created from 2011-11-16 to 2011-12-16 )))))))))))))))))))))))))))))))
.
.
2011-12-16 17:46 . 2011-12-16 17:47 -------- d-----w- c:\users\Charmaine\AppData\Local\temp
2011-12-16 17:46 . 2011-12-16 17:46 -------- d-----w- c:\users\Public\AppData\Local\temp
2011-12-16 17:46 . 2011-12-16 17:46 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-12-16 03:01 . 2011-11-03 22:31 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2011-12-16 03:01 . 2011-11-03 23:16 141112 ----a-w- c:\program files\Internet Explorer\sqmapi.dll
2011-12-16 03:01 . 2011-11-03 22:37 194048 ----a-w- c:\program files\Internet Explorer\IEShims.dll
2011-12-16 03:00 . 2011-11-03 22:47 1798144 ----a-w- c:\windows\system32\jscript9.dll
2011-12-16 03:00 . 2011-11-03 22:39 1127424 ----a-w- c:\windows\system32\wininet.dll
2011-12-16 03:00 . 2011-11-03 22:42 678912 ----a-w- c:\program files\Internet Explorer\iedvtool.dll
2011-12-16 03:00 . 2011-11-03 22:40 1427456 ----a-w- c:\windows\system32\inetcpl.cpl
2011-12-14 23:24 . 2011-11-21 10:47 6823496 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{E89ABDFD-D52B-45ED-B3EC-FC3DA2287F03}\mpengine.dll
2011-12-14 23:23 . 2011-10-15 05:38 534528 ----a-w- c:\windows\system32\EncDec.dll
2011-12-14 23:23 . 2011-11-05 04:26 2048 ----a-w- c:\windows\system32\tzres.dll
2011-12-14 23:22 . 2011-11-24 04:25 2342912 ----a-w- c:\windows\system32\win32k.sys
2011-12-14 23:22 . 2011-10-26 04:28 38912 ----a-w- c:\windows\system32\csrsrv.dll
2011-12-14 23:22 . 2011-10-26 04:47 3912560 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-12-14 23:22 . 2011-10-26 04:47 3967856 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-12-10 16:48 . 2011-12-10 16:48 -------- d-----w- c:\programdata\Hitman Pro
2011-12-08 01:35 . 2009-01-25 13:14 15224 ----a-w- c:\windows\system32\sdnclean.exe
2011-12-08 01:35 . 2011-12-08 01:35 -------- d-----w- c:\program files\Spybot - Search & Destroy 2
2011-12-07 22:17 . 2011-08-31 17:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-10 16:49 . 2011-10-09 23:12 23624 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2011-12-08 19:08 . 2011-10-09 16:59 134856 ----a-w- c:\windows\system32\drivers\avipbb.sys
2011-10-09 22:58 . 2011-08-20 16:41 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-10-03 04:06 . 2010-12-28 15:32 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-09-29 16:03 . 2011-11-09 15:38 1290608 ----a-w- c:\windows\system32\drivers\tcpip.sys
.
.
((((((((((((((((((((((((((((( SnapShot@2011-12-16_05.57.58 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-14 04:55 . 2011-12-16 16:58 39770 c:\windows\System32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2010-12-21 19:25 . 2011-12-16 16:58 11586 c:\windows\System32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-4054292811-2639179496-1958547070-1000_UserData.bin
- 2011-12-16 03:18 . 2011-12-16 03:18 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2011-12-16 16:56 . 2011-12-16 16:56 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2011-12-16 03:18 . 2011-12-16 03:18 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2011-12-16 16:56 . 2011-12-16 16:56 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-07-14 02:05 . 2011-12-16 17:04 628460 c:\windows\System32\perfh009.dat
- 2009-07-14 02:05 . 2011-12-16 05:04 628460 c:\windows\System32\perfh009.dat
- 2009-07-14 02:05 . 2011-12-16 05:04 110612 c:\windows\System32\perfc009.dat
+ 2009-07-14 02:05 . 2011-12-16 17:04 110612 c:\windows\System32\perfc009.dat
+ 2009-07-14 04:34 . 2011-12-16 17:09 114632 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
- 2009-07-14 04:47 . 2011-12-16 03:16 274036 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 04:47 . 2011-12-16 06:42 274036 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2011-08-20 17:23 . 2011-12-16 06:43 694900 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-4054292811-2639179496-1958547070-1000-8192.dat
- 2011-08-20 17:23 . 2011-12-16 03:16 694900 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-4054292811-2639179496-1958547070-1000-8192.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-12-21 39408]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]
"Facebook Update"="c:\users\Charmaine\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2011-09-02 137536]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-10-26 1029416]
"LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-02-08 488984]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-09-23 258512]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"SDTray"="c:\program files\Spybot - Search & Destroy 2\SDTray.exe" [2011-10-05 3578272]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean.exe
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-12-21 136176]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-12-21 136176]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 15872]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-12-21 1343400]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2011-09-15 36000]
S1 SDHookDriver;Spybot-S&D 2 Hook Driver;c:\program files\Spybot - Search & Destroy 2\SDHookDrv32.sys [2011-10-05 38504]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 AntiVirSchedulerService;Avira Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2011-09-23 86224]
S2 SDHookService;Spybot S&D 2 Live Protection Service;c:\program files\Spybot - Search & Destroy 2\SDHookSvc.exe [2011-10-05 130976]
S2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files\Spybot - Search & Destroy 2\SDFSSvc.exe [2011-10-05 892336]
S2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files\Spybot - Search & Destroy 2\SDUpdSvc.exe [2011-10-05 955816]
S2 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files\Spybot - Search & Destroy 2\SDWSCSvc.exe [2011-10-05 169624]
S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [2009-07-13 207360]
S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992]
S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-13 661504]
.
.
Contents of the 'Scheduled Tasks' folder
.
2011-12-09 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4054292811-2639179496-1958547070-1000Core.job
- c:\users\Charmaine\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-09-02 19:43]
.
2011-12-16 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4054292811-2639179496-1958547070-1000UA.job
- c:\users\Charmaine\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-09-02 19:43]
.
2011-12-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-12-21 22:36]
.
2011-12-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-12-21 22:36]
.
.
------- Supplementary Scan -------
.
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
TCP: DhcpNameServer = 192.168.1.254
FF - ProfilePath - c:\users\Charmaine\AppData\Roaming\Mozilla\Firefox\Profiles\iirg01fc.default\
FF - Ext: Skype Click to Call: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} - c:\program files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2011-12-16 18:03:54
ComboFix-quarantined-files.txt 2011-12-16 18:03
ComboFix2.txt 2011-12-16 06:15
ComboFix3.txt 2011-10-10 00:03
.
Pre-Run: 59,219,865,600 bytes free
Post-Run: 59,168,583,680 bytes free
.
- - End Of File - - EF11AB360B7CB8DDD18584052911F0A0
Hi,
I see that you have Malwarebytes on your system. Please open Malwarebytes, update it and then run a Quick Scan. Please save the log that is created for your next reply.
----------
ESET Online Scanner
I'd like us to scan your machine with ESET Online Scan
Note: It is recommended to disable on-board anti-virus program and anti-spyware programs while performing scans so there are no conflicts and it will speed up scan time.
Please don't go surfing while your resident protection is disabled!
Once the scan is finished remember to re-enable your anti-virus along with your anti-spyware programs.
As a Vista/Win7 user you will need to right click your browser icon and select "Run as Administrator" in order to run this scan.
- Do not use this instance of your browser for anything besides doing this scan
- When the scan is complete and the results saved, close that instance of your browser
- Open a new one the usual way and post the results in this topic.
- Right-click and Run as Administartor on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan- Click the
button.
- For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
- Click on
to download the ESET Smart Installer. Save it to your desktop.
- Double click on the
icon on your desktop.
- Check
- Click the Start button.
- Accept any security warnings from your browser.
- Check
- Make sure that the option "Remove found threats" is Unchecked
- Push the Start button.
- ESET will then download updates for itself, install itself, and begin
scanning your computer. Please be patient as this can take some time.- When the scan completes, push
- Push
, and save the file to your desktop using a unique name, such as
ESETScan. Include the contents of this report in your next reply.- Push the Back button.
- Push Finish
http://www.eset.com/onlinescan/
----------
In your next reply please post the logs created by Malwarebytes and ESET online scanner.
Malwarebytes log:
Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org
Database version: 8382
Windows 6.1.7601 Service Pack 1
Internet Explorer 9.0.8112.16421
16/12/2011 22:06:11
mbam-log-2011-12-16 (22-06-11).txt
Scan type: Quick scan
Objects scanned: 156139
Time elapsed: 3 minute(s), 18 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
ESET online scanner:
[it said i had to download something so i just did - 'onlinescanner.cab' from 'ESET, spol. s r.o.' - said it was ActiveX Control]
C:\Users\Charmaine\Desktop\BIE\bie_7install86.exe a variant of Win32/HackKMS.A application
Cheers
Hi,
First open an elevated command prompt > Click Start and type cmd in Start Search.
When cmd.exe populates above, right click it and select Run as Administrator to open an elevated command prompt.
Copy the contents of the code box > right click in the command window and select paste
Press EnterCode:del C:\Users\Charmaine\Desktop\BIE\bie_7install86.exe
----------
How is your system running?
Hi, just done
To be honest i have been too paranoid to use it much, except for a bit of general internet browsing, but that seems to be working fine thanks. It is a bit slow to start up though but i'm guessing that's just because of the Antivirus and Spybot loading up.
Do you know if anything serious has been found yet please? Anything that could have been tracking my activity/ stealing my details etc?
Could you tell me please what malware or viruses have been found?
I'm trying to work out how i had my bank account hacked recently and it doesn't seem like i'm ever going to get an answer from the bank now so from what has been found so far do you think any of it could of been responsible?
Thanks a lot for all your help!
Hi,
There were many bad entries that I found in your logs that you posted for me, but to definitively say that there is one that is causing all of your problems with your bank site I just could not say.Do you know if anything serious has been found yet please? Anything that could have been tracking my activity/ stealing my details etc?
---------
Unfortunately, like I said, there is no definitive way to determine how it happened? Sorry...I'm trying to work out how i had my bank account hacked recently
---------
P2P - I see you have P2P software uTorrent installed on your machine. We are not here to pass judgment on file-sharing as a concept. However, we will warn you that engaging in this activity and having this kind of software installed on your machine will always make you more susceptible to re-infections and possibly Identity Theft. It likely contributed to your current situation. This page will give you further information.
Please note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares.
I would strongly recommend that you uninstall these now. You can do so via Control Panel >> Programs and Features.
---------
Please download JavaRa to your desktop and unzip it to its own
folder
- Run JavaRa.exe (double-click for XP/right-click and Run as Administrator for Vista), pick the language of your choice and click Select. Then
click Remove Older Versions.- Accept any prompts.
- Open JavaRa.exe (double-click for XP/right-click and Run as Administrator for Vista) again and select Search For Updates.
- Select Update Using Sun Java's Website then click Search and click on the Open Webpage button. Download and install the latest
Java Runtime Environment (JRE) version for your computer.
----------
Please now run a new scan with DDS and post both of the logs that are created.
Hi,
Do you still need help?
Due to lack of feedback, this topic will now be closed.
If you are the original poster and you still require help, please start a new thread.
Posting Permissions
