Malware Infection

[Rebos]

Redirected from google sites to a variety of unwanted sites

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.15.2
Run by Jayne at 13:37:57 on 2013-03-03
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.44.1033.18.3069.1299 [GMT 0:00]
.
AV: AVG Internet Security 2013 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AVG Internet Security 2013 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
FW: AVG Internet Security 2013 *Enabled* {36AFA1E1-4CDC-7EF8-11EE-C77C3581ABA2}
.
============== Running Processes ================
.
C:\PROGRA~1\AVG\AVG2013\avgrsx.exe
C:\Program Files\AVG\AVG2013\avgcsrvx.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files\Fingerprint Reader Suite\upeksvr.exe
C:\Program Files\Dell\DellDock\DockLogin.exe
C:\Windows\System32\WLTRYSVC.EXE
C:\Windows\System32\bcmwltry.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\WLANExt.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\aestsrv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG2013\avgfws.exe
C:\Program Files\AVG\AVG2013\avgidsagent.exe
C:\Program Files\AVG\AVG2013\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Windows\system32\STacSV.exe
C:\Program Files\AVG\AVG PC TuneUp\TuneUpUtilitiesService32.exe
C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\14.2.0\ToolbarUpdater.exe
C:\Program Files\AVG\AVG2013\avgnsx.exe
C:\Program Files\AVG\AVG2013\avgemcx.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\AVG\AVG PC TuneUp\TuneUpUtilitiesApp32.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\AVG\AVG2013\avgcsrvx.exe
C:\Program Files\Dell\DellDock\DellDock.exe
C:\Windows\OEM02Mon.exe
C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\AVG\AVG2013\avgui.exe
C:\Program Files\AVG Secure Search\vprot.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Windows Photo Gallery\Helper\EyeFiHelper.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\ehome\ehmsas.exe
C:\Users\Jayne\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Betting Assistant\Betting Assistant.exe
C:\Users\Jayne\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Jayne\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Jayne\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Jayne\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Jayne\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Jayne\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Jayne\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Jayne\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Jayne\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Jayne\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Jayne\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Jayne\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Jayne\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\ERUNT\ERUNT.EXE
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.co.uk/
uWindow Title = Internet Explorer provided by Dell
uSearch Bar = hxxp://www.google.com/ie
uDefault_Page_URL = hxxp://www.google.ie/ig/dell?hl=en&client=dell-row&channel=ie&ibd=4081218
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: {95B7759C-8C7F-4BF1-B163-73684A933233} - <orphaned>
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: CBrowserHelperObject Object: {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\program files\dell\bae\BAE.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
uRun: [Eye-Fi] "c:\program files\windows photo gallery\helper\EyeFiHelper.exe"
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [Google Update] "c:\users\jayne\appdata\local\google\update\GoogleUpdate.exe" /c
mRun: [OEM02Mon.exe] c:\windows\OEM02Mon.exe
mRun: [SigmatelSysTrayApp] c:\program files\sigmatel\c-major audio\wdm\sttray.exe
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [AVG_UI] "c:\program files\avg\avg2013\avgui.exe" /TRAYONLY
mRun: [vProt] "c:\program files\avg secure search\vprot.exe"
StartupFolder: c:\users\jayne\appdata\roaming\micros~1\windows\startm~1\programs\startup\delldo~1.lnk - c:\program files\dell\delldock\DellDock.exe
StartupFolder: c:\users\jayne\appdata\roaming\micros~1\windows\startm~1\programs\startup\dropbox.lnk - c:\users\jayne\appdata\roaming\dropbox\bin\Dropbox.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: DisableCAD = dword:1
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
LSP: c:\windows\system32\wpclsp.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: NameServer = 192.168.1.1 0.0.0.0
TCP: Interfaces\{A3739997-8883-44FE-B40A-152D29022AF8} : DHCPNameServer = 192.168.1.1 0.0.0.0
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\common files\avg secure search\viprotocolinstaller\14.2.0\ViProtocol.dll
Notify: GoToAssist - c:\program files\citrix\gotoassist\514\G2AWinLogon.dll
Notify: psfus - c:\windows\system32\psqlpwd.dll
LSA: Notification Packages = scecli psqlpwd
LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [2012-10-15 55776]
R0 Avglogx;AVG Logging Driver;c:\windows\system32\drivers\avglogx.sys [2012-9-21 177376]
R0 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2012-11-15 94048]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2012-9-14 35552]
R0 RapportKELL;RapportKELL;c:\windows\system32\drivers\RapportKELL.sys [2013-2-13 102008]
R1 aswKbd;aswKbd;c:\windows\system32\drivers\aswKbd.sys [2012-8-31 18544]
R1 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwd6x.sys [2012-9-4 50296]
R1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [2012-10-22 179936]
R1 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [2012-9-21 19936]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2012-10-2 159712]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2012-9-21 164832]
R1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [2013-3-2 33112]
R1 RapportCerberus_50414;RapportCerberus_50414;c:\programdata\trusteer\rapport\store\exts\rapportcerberus\baseline\RapportCerberus32_50414.sys [2013-2-23 316984]
R1 RapportEI;RapportEI;c:\program files\trusteer\rapport\bin\RapportEI.sys [2013-2-13 102680]
R1 RapportPG;RapportPG;c:\program files\trusteer\rapport\bin\RapportPG.sys [2013-2-13 173880]
R2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\AEstSrv.exe [2008-12-18 73728]
R2 avgfws;AVG Firewall;c:\program files\avg\avg2013\avgfws.exe [2012-12-10 1342024]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2013\avgidsagent.exe [2012-11-15 5814904]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg2013\avgwdsvc.exe [2012-10-22 196664]
R2 DockLoginService;Dock Login Service;c:\program files\dell\delldock\DockLogin.exe [2008-9-23 155648]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-21 21504]
R2 RapportMgmtService;Rapport Management Service;c:\program files\trusteer\rapport\bin\RapportMgmtService.exe [2013-2-13 1124184]
R2 TuneUp.UtilitiesSvc;AVG PC TuneUp Service;c:\program files\avg\avg pc tuneup\TuneUpUtilitiesService32.exe [2012-8-23 1532280]
R2 vToolbarUpdater14.2.0;vToolbarUpdater14.2.0;c:\program files\common files\avg secure search\vtoolbarupdater\14.2.0\ToolbarUpdater.exe [2013-3-2 968880]
R3 RapportIaso;RapportIaso;c:\programdata\trusteer\rapport\store\exts\rapportms\baseline\RapportIaso.sys [2013-2-21 55448]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\avg\avg pc tuneup\TuneUpUtilitiesDriver32.sys [2012-7-4 10088]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 PCloudCleanerService;Panda Security CloudCLeaner Service;c:\windows\system32\PCloudCleanerService.EXE [2013-3-2 83168]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-6-7 160944]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S4 iaNvStor;Intel(R) Turbo Memory Controller;c:\windows\system32\drivers\iaNvStor.sys [2008-12-18 209408]
.
=============== Created Last 30 ================
.
2013-03-02 16:18:21 32120 ----a-w- c:\windows\system32\TURegOpt.exe
2013-03-02 16:18:16 21880 ----a-w- c:\windows\system32\authuitu.dll
2013-03-02 16:06:04 -------- d-----w- c:\users\jayne\appdata\roaming\AVG2013
2013-03-02 15:46:41 -------- d-----w- c:\users\jayne\appdata\local\AVG Secure Search
2013-03-02 15:46:34 -------- d-----w- c:\programdata\AVG Secure Search
2013-03-02 15:46:28 33112 ----a-w- c:\windows\system32\drivers\avgtpx86.sys
2013-03-02 15:46:24 -------- d-----w- c:\program files\common files\AVG Secure Search
2013-03-02 15:46:23 -------- d-----w- c:\program files\AVG Secure Search
2013-03-02 15:42:28 -------- d--h--w- C:\$AVG
2013-03-02 15:42:27 -------- d-----w- c:\programdata\AVG2013
2013-03-02 15:40:23 -------- d-----w- c:\program files\AVG
2013-03-02 15:37:50 -------- d-----w- c:\users\jayne\appdata\local\MFAData
2013-03-02 15:37:50 -------- d-----w- c:\users\jayne\appdata\local\Avg2013
2013-03-02 15:37:50 -------- d-----w- c:\programdata\MFAData
2013-03-02 12:07:27 83168 ----a-w- c:\windows\system32\PCloudCleanerService.EXE
2013-03-02 12:07:21 9464 ----a-w- c:\windows\system32\drivers\DasBootI.SYS
2013-03-02 12:07:21 9464 ----a-w- c:\windows\system32\drivers\DasBootE.SYS
2013-03-02 12:07:21 59640 ----a-w- c:\windows\system32\drivers\DasBootF.SYS
2013-03-02 12:07:21 31480 ----a-w- c:\windows\system32\drivers\DasPtct.SYS
2013-03-02 12:07:21 3072 ----a-w- c:\windows\system32\drivers\DasBootD.SYS
2013-03-02 12:07:21 28024 ----a-w- c:\windows\system32\drivers\PRSBDRVR.SYS
2013-03-02 12:07:21 27896 ----a-w- c:\windows\system32\drivers\DasBootK.SYS
2013-03-02 12:07:21 237816 ----a-w- c:\windows\system32\drivers\DasBootS.SYS
2013-03-02 12:07:21 -------- d-----w- c:\windows\system32\DBBK
2013-03-02 12:07:20 21240 ----a-w- c:\windows\system32\drivers\DasBoot.SYS
2013-03-02 11:55:26 6954968 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{c5fc1602-3c05-41f4-a487-b85e93356c7d}\mpengine.dll
2013-03-02 11:51:05 -------- d-----w- c:\program files\Panda Security
2013-02-21 17:51:58 -------- d-----w- c:\users\jayne\appdata\roaming\Malwarebytes
2013-02-21 17:50:14 -------- d-----w- c:\programdata\Malwarebytes
2013-02-21 11:40:14 -------- d-----w- c:\program files\Trusteer
2013-02-20 17:10:20 -------- d-----w- c:\users\jayne\appdata\roaming\f-secure
2013-02-20 17:09:13 -------- d-----w- c:\programdata\F-Secure
2013-02-20 16:57:46 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-02-16 13:29:20 -------- d-----w- c:\users\jayne\appdata\roaming\Anvisoft
2013-02-16 13:28:20 -------- d-----w- c:\programdata\Anvisoft
2013-02-16 13:28:16 -------- d-----w- c:\program files\Anvisoft
2013-02-15 22:31:23 186432 ----a-w- c:\program files\internet explorer\plugins\nppdf32.dll
2013-02-13 14:02:48 -------- d-----w- c:\programdata\Ad-Aware Antivirus
2013-02-13 14:02:39 -------- d-----w- c:\users\jayne\appdata\roaming\LavasoftStatistics
2013-02-13 13:56:44 -------- d-----w- c:\program files\Ad-Aware Antivirus
2013-02-13 13:55:38 -------- d-----w- c:\programdata\blekko toolbars
2013-02-13 13:55:38 -------- d-----w- c:\programdata\adawaretb
2013-02-13 13:55:37 -------- d-----w- c:\users\jayne\appdata\local\adawarebp
2013-02-13 13:55:36 -------- d-----w- c:\programdata\Ad-Aware Browsing Protection
2013-02-13 13:55:28 -------- d-----w- c:\program files\Toolbar Cleaner
2013-02-13 13:55:18 -------- d-----w- c:\program files\adawaretb
2013-02-13 13:54:43 -------- d-----w- c:\users\jayne\appdata\roaming\Ad-Aware Antivirus
2013-02-13 09:19:12 102008 ----a-w- c:\windows\system32\drivers\RapportKELL.sys
.
==================== Find3M ====================
.
2013-03-02 13:22:09 71024 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-03-02 13:22:09 691568 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-02-20 16:57:22 861088 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-02-20 16:57:21 782240 ----a-w- c:\windows\system32\deployJava1.dll
2013-01-17 01:28:58 232336 ------w- c:\windows\system32\MpSigStub.exe
.
============= FINISH: 13:40:18.18 ===============


aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2013-03-03 13:53:17
-----------------------------
13:53:17.709 OS Version: Windows 6.0.6001 Service Pack 1
13:53:17.709 Number of processors: 2 586 0xF0D
13:53:17.711 ComputerName: JAYNE-PC UserName: Jayne
13:53:19.940 Initialize success
13:54:08.312 AVAST engine defs: 13030300
13:54:20.132 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
13:54:20.134 Disk 0 Vendor: WDC_WD12 01.0 Size: 114473MB BusType: 3
13:54:20.154 Disk 0 MBR read successfully
13:54:20.157 Disk 0 MBR scan
13:54:20.167 Disk 0 Windows VISTA default MBR code
13:54:20.172 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 125 MB offset 63
13:54:20.208 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 10240 MB offset 258048
13:54:20.231 Disk 0 Partition 3 80 (A) 07 HPFS/NTFS NTFS 101545 MB offset 21229568
13:54:20.240 Disk 0 Partition - 00 0F Extended LBA 2560 MB offset 229195776
13:54:20.279 Disk 0 Partition 4 00 DD MSDOS5.0 2559 MB offset 229197824
13:54:20.291 Disk 0 scanning sectors +234438656
13:54:20.359 Disk 0 scanning C:\Windows\system32\drivers
13:54:39.845 Service scanning
13:55:13.267 Modules scanning
13:55:13.776 Module: C:\Windows\system32\drivers\DasBootD.SYS **SUSPICIOUS**
13:55:20.433 Disk 0 trace - called modules:
13:55:20.453 ntkrnlpa.exe CLASSPNP.SYS disk.sys iastor.sys hal.dll
13:55:20.458 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x87f84758]
13:55:20.464 3 CLASSPNP.SYS[8bfbf745] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0x87fe6030]
13:55:21.753 AVAST engine scan C:\Windows
13:55:27.406 AVAST engine scan C:\Windows\system32
14:04:23.300 AVAST engine scan C:\Windows\system32\drivers
14:04:43.362 AVAST engine scan C:\Users\Jayne
14:08:15.401 Disk 0 MBR has been saved successfully to "C:\Users\Jayne\Desktop\MBR.dat"
14:08:15.404 The log file has been saved successfully to "C:\Users\Jayne\Desktop\aswMBR.txt"



Many thanks

[fbfbfb]

Hello Rebos.

My name is fbfbfb. I will gladly assist you with your concerns.

Please be advised, as I am still in training, all my replies to you will be checked for accuracy by one of our experts to ensure that I am giving you the best possible advice. This may cause a delay, but I will do my best to keep it as short as possible.

I am checking over your DDS and aswMBR logs now, and I will post back shortly with instructions.

While working to resolve the issues with your machine, please follow these guidelines:

• Please be patient. Logs are lengthy and can take time to analyze.
• Read and follow my directions carefully, in the sequence they are posted.
• If you are unsure about anything, please ask for clarification before continuing.
• Use only those tools that you have been directed to use.
• Do not install or uninstall any applications or run any other scans without being directed to do so.
• Copy and Paste the log files inside your post. Do not send them as attachments unless otherwise instructed.
• Stay with me until your machine has been deemed all clear.
• Please reply within 3 days to avoid closing this topic.

_____ In Training at WTT Classroom _____

[fbfbfb]

Hello, Rebos.

Please work through the following scan:


Note: Before you begin, please read through these instructions completely, noting all important messages and warnings.

• Please download ComboFix from HERE or HERE.

Very Important! Save ComboFix.exe to to your Desktop.

• Close all browsers.
• Disable your AntiVirus and AntiSpyware applications as they can interfere with running ComboFix. To disable any security programs:

• Right click on the System Tray icon, or
• Refer to this link HERE for further assistance.

• Double click on ComboFix.exe and follow the prompts.
• When finished, ComboFix will produce a log for you. Please include the C:\ComboFix.txt in your next reply.

Warnings:

• Do not mouse-click on ComboFix's window while it is running. This may cause it to stall.
• Do not re-run ComboFix. If problems occur with the installation or running of ComboFix, please reply back for further instructions.
• Do not attempt to surf the internet while ComboFix is scanning.

Note: If there is no internet connection after running ComboFix, reboot your computer to restore the connection.

Very Important! Make sure you re-enable your security programs when ComboFix is finished.

_____ In Training at WTT Classroom _____

[Rebos]

Hi FbFbFb

Combofix started to run before I had a chance to save and switch off security. I stopped it and deleted and have now savd it to desktop.

Do you want me to run it?

[fbfbfb]

Hello, Rebos.

Yes, please run ComboFix again.

[Rebos]

ComboFix 13-03-05.01 - Jayne 05/03/2013 17:20:08.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.44.1033.18.3069.1954 [GMT 0:00]
Running from: c:\users\Jayne\Desktop\ComboFix.exe
AV: AVG Internet Security 2013 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
FW: AVG Internet Security 2013 *Enabled* {36AFA1E1-4CDC-7EF8-11EE-C77C3581ABA2}
SP: AVG Internet Security 2013 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\PFRO.log
.
.
((((((((((((((((((((((((( Files Created from 2013-02-05 to 2013-03-05 )))))))))))))))))))))))))))))))
.
.
2013-03-05 17:47 . 2013-03-05 17:47 -------- d-----w- c:\users\Denis\AppData\Local\temp
2013-03-05 17:47 . 2013-03-05 17:51 -------- d-----w- c:\users\Jayne\AppData\Local\temp
2013-03-05 17:47 . 2013-03-05 17:47 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-03-05 17:47 . 2013-03-05 17:47 -------- d-----w- c:\users\Max\AppData\Local\temp
2013-03-03 13:31 . 2013-03-03 13:31 -------- d-----w- c:\program files\ERUNT
2013-03-02 16:18 . 2012-08-23 11:31 32120 ----a-w- c:\windows\system32\TURegOpt.exe
2013-03-02 16:18 . 2012-08-23 11:31 21880 ----a-w- c:\windows\system32\authuitu.dll
2013-03-02 16:06 . 2013-03-02 16:06 -------- d-----w- c:\users\Jayne\AppData\Roaming\AVG2013
2013-03-02 15:46 . 2013-03-02 15:46 -------- d-----w- c:\users\Jayne\AppData\Local\AVG Secure Search
2013-03-02 15:46 . 2013-03-02 15:46 -------- d-----w- c:\programdata\AVG Secure Search
2013-03-02 15:46 . 2013-03-02 15:46 33112 ----a-w- c:\windows\system32\drivers\avgtpx86.sys
2013-03-02 15:46 . 2013-03-02 15:46 -------- d-----w- c:\program files\Common Files\AVG Secure Search
2013-03-02 15:46 . 2013-03-02 15:46 -------- d-----w- c:\program files\AVG Secure Search
2013-03-02 15:42 . 2013-03-02 15:42 -------- d-----w- C:\$AVG
2013-03-02 15:42 . 2013-03-02 15:47 -------- d-----w- c:\programdata\AVG2013
2013-03-02 15:40 . 2013-03-02 16:17 -------- d-----w- c:\program files\AVG
2013-03-02 15:37 . 2013-03-05 16:44 -------- d-----w- c:\programdata\MFAData
2013-03-02 15:37 . 2013-03-02 16:10 -------- d-----w- c:\users\Jayne\AppData\Local\Avg2013
2013-03-02 15:37 . 2013-03-02 15:37 -------- d-----w- c:\users\Jayne\AppData\Local\MFAData
2013-03-02 12:07 . 2013-02-21 18:11 83168 ----a-w- c:\windows\system32\PCloudCleanerService.EXE
2013-03-02 12:07 . 2013-03-05 17:51 -------- d-----w- c:\windows\system32\DBBK
2013-03-02 12:07 . 2013-01-04 15:34 9464 ----a-w- c:\windows\system32\drivers\DasBootI.SYS
2013-03-02 12:07 . 2013-01-04 15:34 9464 ----a-w- c:\windows\system32\drivers\DasBootE.SYS
2013-03-02 12:07 . 2013-01-04 15:34 59640 ----a-w- c:\windows\system32\drivers\DasBootF.SYS
2013-03-02 12:07 . 2013-01-04 15:34 31480 ----a-w- c:\windows\system32\drivers\DasPtct.SYS
2013-03-02 12:07 . 2013-01-04 15:34 28024 ----a-w- c:\windows\system32\drivers\PRSBDRVR.SYS
2013-03-02 12:07 . 2013-01-04 15:34 27896 ----a-w- c:\windows\system32\drivers\DasBootK.SYS
2013-03-02 12:07 . 2013-01-04 15:34 237816 ----a-w- c:\windows\system32\drivers\DasBootS.SYS
2013-03-02 12:07 . 2011-03-11 13:26 3072 ----a-w- c:\windows\system32\drivers\DasBootD.SYS
2013-03-02 12:07 . 2013-01-04 15:34 21240 ----a-w- c:\windows\system32\drivers\DasBoot.SYS
2013-03-02 11:55 . 2013-02-08 00:45 6954968 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{C5FC1602-3C05-41F4-A487-B85E93356C7D}\mpengine.dll
2013-03-02 11:51 . 2013-03-02 11:51 -------- d-----w- c:\program files\Panda Security
2013-02-23 13:05 . 2013-02-23 13:05 -------- d-----w- c:\users\Default\AppData\Local\Trusteer
2013-02-21 17:51 . 2013-02-21 17:51 -------- d-----w- c:\users\Jayne\AppData\Roaming\Malwarebytes
2013-02-21 17:50 . 2013-02-21 17:50 -------- d-----w- c:\programdata\Malwarebytes
2013-02-21 11:40 . 2013-02-21 11:40 -------- d-----w- c:\program files\Trusteer
2013-02-20 17:10 . 2013-02-20 17:10 -------- d-----w- c:\users\Jayne\AppData\Roaming\f-secure
2013-02-20 17:09 . 2013-02-20 17:09 -------- d-----w- c:\programdata\F-Secure
2013-02-20 16:57 . 2013-02-20 16:57 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-02-16 13:29 . 2013-02-16 13:45 -------- d-----w- c:\users\Jayne\AppData\Roaming\Anvisoft
2013-02-16 13:28 . 2013-02-16 13:28 -------- d-----w- c:\programdata\Anvisoft
2013-02-16 13:28 . 2013-02-16 13:45 -------- d-----w- c:\program files\Anvisoft
2013-02-15 22:31 . 2013-02-15 22:31 186432 ----a-w- c:\program files\Internet Explorer\Plugins\nppdf32.dll
2013-02-13 14:02 . 2013-02-13 14:05 -------- d-----w- c:\programdata\Ad-Aware Antivirus
2013-02-13 14:02 . 2013-02-13 14:02 -------- d-----w- c:\users\Jayne\AppData\Roaming\LavasoftStatistics
2013-02-13 13:56 . 2013-02-13 13:56 -------- d-----w- c:\programdata\Lavasoft
2013-02-13 13:56 . 2013-02-13 16:53 -------- d-----w- c:\program files\Ad-Aware Antivirus
2013-02-13 13:55 . 2013-02-13 13:55 -------- d-----w- c:\programdata\blekko toolbars
2013-02-13 13:55 . 2013-02-13 13:55 -------- d-----w- c:\programdata\adawaretb
2013-02-13 13:55 . 2013-02-13 13:55 -------- d-----w- c:\users\Jayne\AppData\Local\adawarebp
2013-02-13 13:55 . 2013-02-13 13:55 -------- d-----w- c:\programdata\Ad-Aware Browsing Protection
2013-02-13 13:55 . 2013-02-13 13:55 -------- d-----w- c:\program files\Toolbar Cleaner
2013-02-13 13:55 . 2013-02-13 13:55 -------- d-----w- c:\program files\adawaretb
2013-02-13 13:54 . 2013-02-13 14:05 -------- d-----w- c:\users\Jayne\AppData\Roaming\Ad-Aware Antivirus
2013-02-13 09:19 . 2013-02-13 09:19 102008 ----a-w- c:\windows\system32\drivers\RapportKELL.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-03-02 13:22 . 2012-07-28 09:05 691568 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-03-02 13:22 . 2011-05-20 08:15 71024 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-02-20 16:57 . 2012-08-23 09:19 861088 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-02-20 16:57 . 2010-05-29 08:23 782240 ----a-w- c:\windows\system32\deployJava1.dll
2013-01-17 01:28 . 2009-10-04 07:28 232336 ------w- c:\windows\system32\MpSigStub.exe
2013-01-07 09:58 . 2013-01-07 09:58 784144 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\users\Jayne\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\users\Jayne\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\users\Jayne\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlay]
@="{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}"
[HKEY_CLASSES_ROOT\CLSID\{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}]
2007-04-16 22:13 721408 ----a-w- c:\program files\Fingerprint Reader Suite\farchns.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlayOpen]
@="{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}"
[HKEY_CLASSES_ROOT\CLSID\{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}]
2007-04-16 22:13 721408 ----a-w- c:\program files\Fingerprint Reader Suite\farchns.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Eye-Fi"="c:\program files\Windows Photo Gallery\Helper\EyeFiHelper.exe" [2011-12-21 3961464]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OEM02Mon.exe"="c:\windows\OEM02Mon.exe" [2008-03-04 36864]
"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\sttray.exe" [2007-12-03 405504]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"AVG_UI"="c:\program files\AVG\AVG2013\avgui.exe" [2012-12-11 3147384]
"vProt"="c:\program files\AVG Secure Search\vprot.exe" [2013-03-02 1151152]
.
c:\users\Max\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2008-9-23 1295656]
.
c:\users\Jayne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2008-9-23 1295656]
Dropbox.lnk - c:\users\Jayne\AppData\Roaming\Dropbox\bin\Dropbox.exe [2013-1-20 28539272]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2008-9-23 1295656]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
"DisableCAD"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2008-12-18 13:08 10536 ----a-w- c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
2007-04-16 22:04 86528 ----a-w- c:\windows\System32\psqlpwd.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli psqlpwd
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^QuickSet.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\QuickSet.lnk
backup=c:\windows\pss\QuickSet.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^Denis^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dell Dock.lnk]
path=c:\users\Denis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk
backup=c:\windows\pss\Dell Dock.lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^Denis^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Monitor Ink Alerts - HP Photosmart 5510 series (Network).lnk]
path=c:\users\Denis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Photosmart 5510 series (Network).lnk
backup=c:\windows\pss\Monitor Ink Alerts - HP Photosmart 5510 series (Network).lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-12-03 07:35 946352 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Apoint]
2008-01-25 05:42 167936 ----a-w- c:\program files\DellTPad\Apoint.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
2011-11-02 07:51 59240 ----a-w- c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2011-11-01 23:25 59240 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Broadcom Wireless Manager UI]
2008-07-03 12:29 3563520 ----a-w- c:\windows\System32\WLTRAY.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dellsupportcenter]
2008-10-04 12:58 206064 ----a-w- c:\program files\Dell Support Center\bin\sprtcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe]
2008-01-21 02:25 125952 ----a-w- c:\windows\ehome\ehtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2010-10-17 14:19 136176 ----atw- c:\users\Denis\AppData\Local\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2011-05-10 02:41 49208 ----a-w- c:\program files\HP\HP Software Update\hpwuschd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAAnotif]
2007-03-21 12:00 174872 ----a-w- c:\program files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2012-01-16 17:22 421736 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2012-03-08 17:50 4280184 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2009-06-16 09:27 13793824 ----a-w- c:\windows\System32\nvcpl.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NVHotkey]
2009-06-16 09:27 92704 ----a-w- c:\windows\System32\nvhotkey.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OEM02Mon.exe]
2008-03-04 05:05 36864 ----a-w- c:\windows\OEM02Mon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]
2007-12-21 09:58 184320 ----a-w- c:\program files\Dell\MediaDirect\PCMService.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PSQLLauncher]
2007-04-16 21:50 49168 ----a-w- c:\program files\Fingerprint Reader Suite\launcher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2011-07-05 17:36 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmatelSysTrayApp]
2007-12-03 04:28 405504 ----a-w- c:\program files\Sigmatel\C-Major Audio\WDM\sttray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2012-07-03 08:04 252848 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2008-01-21 02:23 1008184 ----a-w- c:\program files\Windows Defender\MSASCui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
2008-01-21 02:25 202240 ----a-w- c:\program files\Windows Media Player\wmpnscfg.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WPCUMI]
2006-11-02 12:35 176128 ----a-w- c:\windows\System32\wpcumi.exe
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Google Update"="c:\users\Jayne\AppData\Local\Google\Update\GoogleUpdate.exe" /c
"doubleTwist"=c:\program files\doubleTwist 2.0\DoubleTwist.DeviceHelper.exe
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" /background
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
.
S2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\aestsrv.exe [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder
.
2013-03-05 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-28 13:22]
.
2013-03-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-04 19:59]
.
2013-03-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-04 19:59]
.
2013-03-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3704117945-1433447086-1109901018-1000Core.job
- c:\users\Jayne\AppData\Local\Google\Update\GoogleUpdate.exe [2009-06-02 18:28]
.
2013-03-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3704117945-1433447086-1109901018-1000UA.job
- c:\users\Jayne\AppData\Local\Google\Update\GoogleUpdate.exe [2009-06-02 18:28]
.
2013-03-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3704117945-1433447086-1109901018-1001Core.job
- c:\users\Max\AppData\Local\Google\Update\GoogleUpdate.exe [2010-07-24 13:14]
.
2013-03-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3704117945-1433447086-1109901018-1001UA.job
- c:\users\Max\AppData\Local\Google\Update\GoogleUpdate.exe [2010-07-24 13:14]
.
2013-01-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3704117945-1433447086-1109901018-1002Core.job
- c:\users\Denis\AppData\Local\Google\Update\GoogleUpdate.exe [2011-01-22 14:19]
.
2013-03-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3704117945-1433447086-1109901018-1002UA.job
- c:\users\Denis\AppData\Local\Google\Update\GoogleUpdate.exe [2011-01-22 14:19]
.
2013-03-05 c:\windows\Tasks\HP Photo Creations Messager.job
- c:\programdata\HP Photo Creations\MessageCheck.exe [2011-02-15 10:11]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.uk/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
LSP: c:\windows\system32\wpclsp.dll
TCP: DhcpNameServer = 192.168.1.1 0.0.0.0
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\14.2.0\ViProtocol.dll
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{95B7759C-8C7F-4BF1-B163-73684A933233} - (no file)
Toolbar-{95B7759C-8C7F-4BF1-B163-73684A933233} - (no file)
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-03-05 17:51
Windows 6.0.6001 Service Pack 1 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'lsass.exe'(1040)
c:\windows\system32\psqlpwd.dll
c:\program files\Fingerprint Reader Suite\homefus2.dll
c:\program files\Fingerprint Reader Suite\infra.dll
.
Completion time: 2013-03-05 17:55:23
ComboFix-quarantined-files.txt 2013-03-05 17:55
.
Pre-Run: 3,596,492,800 bytes free
Post-Run: 4,659,183,616 bytes free
.
- - End Of File - - 91738C99D886BD6B6A12C6A9989A44F9