A case of several viruses invading system registry

[Aelo123]

Well, I have a case of infection with several viruses(Trojan Horse.AQLW, IDP.trojan.1C8D1A13 and perhaps others.) and AVG keeps deleting registry files but it doesn't solve the problem.) Here are the logs you requested:-
DDS:-

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421
Run by hp at 22:27:46 on 2012-06-13
Microsoft Windows 7 Professional 6.1.7600.0.1252.1.1033.18.2510.1045 [GMT 2:00]
.
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\PROGRA~1\AVG\AVG2012\avgrsx.exe
C:\Program Files\AVG\AVG2012\avgcsrvx.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\IDT\WDM\STacSV.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\System32\svchost.exe -k Akamai
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG2012\avgwdsvc.exe
c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
D:\A\Programs\Hotspot Shield\bin\openvpnas.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
D:\A\Programs\Hotspot Shield\HssWPR\hsssrv.exe
D:\A\Programs\Hotspot Shield\bin\hsswd.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Realtek\Realtek PCIE Card Reader\RIconMan.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\AVG\AVG PC Tuneup\BoostSpeed.exe
C:\Program Files\ToolKitService\ToolkitService.exe
C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\11.1.0\ToolbarUpdater.exe
C:\Program Files\AVG\AVG2012\avgidsagent.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\AVG\AVG2012\avgtray.exe
C:\Program Files\AVG Secure Search\vprot.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\AVG\AVG2012\avgnsx.exe
C:\Program Files\AVG\AVG2012\avgemcx.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\WeFi\WefiEngSvc.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files\WeFi\WeFi.exe
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\Users\hp\AppData\Local\Akamai\netsession_win.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Users\hp\AppData\Local\Akamai\netsession_win.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
c:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\CyberLink\YouCam\YCMMirage.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\conhost.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe
C:\Users\hp\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\hp\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\hp\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\hp\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\hp\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\hp\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\hp\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\hp\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\hp\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\hp\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\hp\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\hp\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\hp\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\hp\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\hp\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\rundll32.exe
C:\Users\hp\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\hp\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\hp\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.alnaddy.com/?afltid=wbpk
mStart Page = hxxp://home.allgameshome.com/
uInternet Settings,ProxyOverride = <local>
uURLSearchHooks: ToolbarURLSearchHook Class: {ca3eb689-8f09-4026-aa10-b9534c691ce0} - c:\program files\allgameshome toolbar\tbhelper.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Codecv Class: {1d8f1bbe-c6fa-6cdf-a687-dc47da301414} - c:\programdata\codecv\bhoclass.dll
BHO: Babylon toolbar helper: {2eecd738-5844-4a99-b4b6-146bf802613b} - c:\program files\babylontoolbar\babylontoolbar\1.5.3.17\bh\BabylonToolbar.dll
BHO: AVG Do Not Track: {31332eef-cb9f-458f-afeb-d30e9a66b6ba} - c:\program files\avg\avg2012\avgdtiex.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg2012\avgssie.dll
BHO: Alnaddy.com Helper Object: {55928dd2-8878-4275-aab3-b3a09a67a1eb} - c:\program files\alnaddy.com\alnaddytoolbar\1.5.25.2\bh\alnaddyToolbar.dll
BHO: ToolKit IE Helper: {70ea269e-56df-49c2-86b2-1a1924ed88b4} - c:\program files\toolkitservice\splash.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~1\office12\GR469A~1.DLL
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - c:\program files\avg secure search\11.1.0.7\AVG Secure Search_toolbar.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Hotspot Shield Class: {f9e4a054-e9b1-4bc3-83a3-76a1ae736170} - d:\a\programs\hotspot shield\hssie\HssIE.dll
BHO: TBSB01457 Class: {fcbccb87-9224-4b8d-b117-f56d924beb18} - c:\program files\allgameshome toolbar\tbcore3.dll
TB: AllGamesHome Toolbar: {5fc86fb3-a8b1-400b-8be7-0eaf0d857f5d} - c:\program files\allgameshome toolbar\tbcore3.dll
TB: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - c:\program files\avg secure search\11.1.0.7\AVG Secure Search_toolbar.dll
TB: Babylon Toolbar: {98889811-442d-49dd-99d7-dc866be87dbc} - c:\program files\babylontoolbar\babylontoolbar\1.5.3.17\BabylonToolbarTlbr.dll
TB: Alnaddy.com Toolbar: {cd3aed25-23ab-4543-b915-159449c37197} - c:\program files\alnaddy.com\alnaddytoolbar\1.5.25.2\alnaddyToolbarTlbr.dll
TB: eToolKit Toolbar: {d3b22a92-87a2-47b6-b3e6-a64877b5c242} - c:\program files\toolkitservice\toolbar.dll
{e7df6bff-55a5-4eb7-a673-4ed3e9456d39}
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [Google Update] "c:\users\hp\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [PC Suite Tray] "c:\program files\nokia\nokia pc suite 7\PCSuite.exe" -onlytray
uRun: [Akamai NetSession Interface] "c:\users\hp\appdata\local\akamai\netsession_win.exe"
mRun: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [NokiaMServer] c:\program files\common files\nokia\mplatform\NokiaMServer /watchfiles startup
mRun: [NokiaMusic FastStart] "c:\program files\nokia\nokia music player\NokiaMusicPlayer.exe" /command:faststart
mRun: [SysTrayApp] c:\program files\idt\wdm\sttray.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [AVG_TRAY] "c:\program files\avg\avg2012\avgtray.exe"
mRun: [vProt] "c:\program files\avg secure search\vprot.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
StartupFolder: c:\users\hp\appdata\roaming\micros~1\windows\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~1\office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: Sothink Flash Downloader For IE - c:\program files\common files\sourcetec\swf catcher\InternetExplorer.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - c:\program files\common files\sourcetec\swf catcher\InternetExplorer.htm
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~1\office12\ONBttnIE.dll
IE: {5FC86FB3-A8B1-400B-8BE7-0EAF0D857F5D} - {5FC86FB3-A8B1-400B-8BE7-0EAF0D857F5D} - c:\program files\allgameshome toolbar\tbcore3.dll
IE: {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - c:\program files\avg\avg2012\avgdtiex.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~1\office12\REFIEBAR.DLL
LSP: mswsock.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
TCP: DhcpNameServer = 8.8.8.8 8.8.4.4
TCP: Interfaces\{7C5ABD3D-63C7-4714-846F-A892A2BF87CE} : NameServer = 10.72.144.1
TCP: Interfaces\{E51740AD-C71E-4378-97EB-C1A64C151984} : DhcpNameServer = 8.8.8.8 8.8.4.4
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\progra~1\micros~1\office12\GRA32A~1.DLL
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg2012\avgpp.dll
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\common files\avg secure search\viprotocolinstaller\11.1.0\ViProtocol.dll
Notify: igfxcui - igfxdev.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~1\office12\GR469A~1.DLL
LSA: Notification Packages = scecli c:\program files\widcomm\bluetooth software\BtwProximityCP.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\hp\appdata\roaming\mozilla\firefox\profiles\xhny2dox.default\
FF - prefs.js: browser.search.selectedEngine - Alnaddy
FF - prefs.js: browser.startup.homepage - hxxp://www.alnaddy.com/?afltid=wbpk
FF - prefs.js: keyword.URL - hxxp://www.alnaddy.com/search/?q=
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\common files\avg secure search\sitesafetyinstaller\11.1.0\npsitesafety.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npwachk.dll
FF - plugin: c:\users\hp\appdata\local\google\update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_2_202_235.dll
.
---- FIREFOX POLICIES ----
FF - user.js: extensions.alnaddyToolbar.autoRvrt - false
FF - user.js: extensions.alnaddyToolbar_i.hmpg - true
FF - user.js: extensions.alnaddyToolbar.hmpgUrl - hxxp://www.alnaddy.com/?afltid=wbpk
FF - user.js: extensions.alnaddyToolbar.dfltSrch - true
FF - user.js: extensions.alnaddyToolbar.srchPrvdr - Alnaddy
FF - user.js: extensions.alnaddyToolbar.keyWordUrl - hxxp://www.alnaddy.com/search/?q=
FF - user.js: extensions.alnaddyToolbar_i.dnsErr - true
FF - user.js: extensions.alnaddyToolbar_i.newTab - true
FF - user.js: extensions.alnaddyToolbar.newTabUrl - hxxp://www.alnaddy.com/?afltid=wbpk
FF - user.js: extensions.alnaddyToolbar.tlbrSrchUrl - hxxp://www.alnaddy.com/search/?q=
FF - user.js: extensions.alnaddyToolbar.id - 0cde32cd00000000000000ff7c5abd3d
FF - user.js: extensions.alnaddyToolbar.instlDay - 15502
FF - user.js: extensions.alnaddyToolbar.vrsn - 1.5.25.2
FF - user.js: extensions.alnaddyToolbar.vrsni - 1.5.25.2
FF - user.js: extensions.alnaddyToolbar_i.vrsnTs - 1.5.25.29:15:12
FF - user.js: extensions.alnaddyToolbar.prtnrId - alnaddy
FF - user.js: extensions.alnaddyToolbar.prdct - alnaddyToolbar
FF - user.js: extensions.alnaddyToolbar.aflt - wbpk
FF - user.js: extensions.alnaddyToolbar_i.smplGrp - none
FF - user.js: extensions.alnaddyToolbar.tlbrId - alnaddy1
FF - user.js: extensions.alnaddyToolbar.instlRef -
FF - user.js: extensions.alnaddyToolbar.dfltLng -
FF - user.js: extensions.alnaddyToolbar.excTlbr - false
FF - user.js: extensions.alnaddyToolbar.admin - false
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [2012-4-19 24896]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2012-1-31 31952]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2012-2-22 235216]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-12-23 41040]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2012-3-19 301248]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-14 48128]
R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2012-1-3 63928]
R2 Akamai;Akamai NetSession Interface;c:\windows\system32\svchost.exe -k Akamai [2009-7-14 20992]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-8-17 176128]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2012\avgidsagent.exe [2012-4-30 5106744]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg2012\avgwdsvc.exe [2012-2-14 193288]
R2 hshld;Hotspot Shield Service;d:\a\programs\hotspot shield\bin\openvpnas.exe [2012-4-11 542552]
R2 HssWd;Hotspot Shield Monitoring Service;d:\a\programs\hotspot shield\bin\hsswd.exe -product hss --> d:\a\programs\hotspot shield\bin\hsswd.exe -product HSS [?]
R2 IconMan_R;IconMan_R;c:\program files\realtek\realtek pcie card reader\RIconMan.exe [2012-3-17 1752576]
R2 ToolkitSvc;Toolkit Service;c:\program files\toolkitservice\toolkitservice.exe [2012-6-12 687168]
R2 vToolbarUpdater11.1.0;vToolbarUpdater11.1.0;c:\program files\common files\avg secure search\vtoolbarupdater\11.1.0\ToolbarUpdater.exe [2012-6-4 935480]
R3 amdkmdag;amdkmdag;c:\windows\system32\drivers\atikmdag.sys [2011-8-18 8396800]
R3 amdkmdap;amdkmdap;c:\windows\system32\drivers\atikmpag.sys [2011-8-17 247808]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [2011-12-23 139856]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\avgidsfilterx.sys [2011-12-23 24144]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [2011-12-23 17232]
R3 bcbtums;Bluetooth RAM Firmware Download USB Filter;c:\windows\system32\drivers\bcbtums.sys [2012-3-17 142632]
R3 btwampfl;btwampfl Bluetooth filter driver;c:\windows\system32\drivers\btwampfl.sys [2012-3-17 525864]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\drivers\btwl2cap.sys [2012-3-17 33832]
R3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\drivers\clwvd.sys [2010-12-10 27632]
R3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\drivers\IntcDAud.sys [2012-3-17 269824]
R3 intelkmd;intelkmd;c:\windows\system32\drivers\igdpmd32.sys [2011-8-9 10843136]
R3 MEI;Intel(R) Management Engine Interface;c:\windows\system32\drivers\HECI.sys [2012-3-17 41088]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2012-6-2 414824]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\drivers\vwifimp.sys [2009-7-14 14336]
R3 WefiEngSvc;WeFi Engine Service;c:\program files\wefi\WefiEngSvc.exe [2010-11-3 120152]
S2 hfneavwv;SFF Storage Protocol for SDBusSupport;c:\windows\system32\svchost.exe -k netsvcs [2009-7-14 20992]
S2 lpx;ET5Drv;c:\windows\system32\svchost.exe -k netsvcs [2009-7-14 20992]
S2 mbr;Vwlogger;c:\windows\system32\svchost.exe -k netsvcs [2009-7-14 20992]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-12 257696]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888]
S3 BTWDPAN;Bluetooth Personal Area Network;c:\windows\system32\drivers\btwdpan.sys [2012-3-17 76328]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-6-10 113120]
S3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\drivers\RtsPStor.sys [2012-3-17 251496]
S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 20992]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2012-3-20 1343400]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2008-5-6 11520]
.
=============== Created Last 30 ================
.
2012-06-12 17:35:20 -------- d-----w- c:\users\hp\appdata\local\eToolKit
2012-06-12 17:35:12 57152 ----a-w- c:\windows\system32\drivers\toolkitdisk.sys
2012-06-12 17:34:38 -------- d-----w- c:\program files\ToolKitService
2012-06-11 17:49:42 -------- d-----w- c:\users\hp\appdata\roaming\CBS Interactive
2012-06-11 07:15:30 -------- d-----w- c:\users\hp\appdata\roaming\Optimizer Pro
2012-06-11 07:15:12 -------- d-----w- c:\program files\Alnaddy.com
2012-06-11 07:13:30 -------- d-----w- c:\program files\Optimizer Pro
2012-06-11 07:12:07 -------- d-----w- c:\programdata\ADDICT-THING
2012-06-10 17:32:29 -------- d-----w- c:\program files\common files\SourceTec
2012-06-10 17:32:24 -------- d-----w- c:\program files\SourceTec
2012-06-10 12:59:37 -------- d-----w- c:\windows\pss
2012-06-09 20:40:33 -------- d-----w- c:\users\hp\appdata\local\Apple Computer
2012-06-09 20:40:26 -------- d-----w- c:\program files\iPod
2012-06-09 20:40:21 -------- d-----w- c:\program files\iTunes
2012-06-09 14:48:23 -------- d-----w- c:\users\hp\appdata\local\WindowsUpdate
2012-06-09 14:07:46 3951672 ----a-w- c:\windows\system32\ntkr128g.exe
2012-06-08 22:04:16 -------- d-----w- c:\program files\BabylonToolbar
2012-06-08 22:03:26 -------- d-----w- c:\users\hp\appdata\roaming\Babylon
2012-06-08 22:03:26 -------- d-----w- c:\programdata\Premium
2012-06-08 22:03:26 -------- d-----w- c:\programdata\Babylon
2012-06-08 22:02:43 -------- d-----w- c:\programdata\Codecv
2012-06-08 22:02:19 -------- d-----w- c:\programdata\InstallMate
2012-06-07 08:56:44 -------- d-----w- c:\program files\CCleaner
2012-06-06 10:01:26 -------- d-----w- c:\windows\system32\Adobe
2012-06-06 09:59:18 -------- d-----w- c:\users\hp\appdata\local\ElevatedDiagnostics
2012-06-05 13:15:18 -------- d-----w- c:\programdata\Hotspot Shield
2012-06-05 13:14:16 -------- d-----w- C:\Hotspot Shield
2012-06-05 10:42:17 -------- d-----w- c:\users\hp\.vdrift
2012-06-04 18:21:04 -------- d-----w- c:\users\hp\appdata\roaming\AVG
2012-06-04 16:08:19 -------- d-----w- c:\users\hp\appdata\roaming\AVG2012
2012-06-04 16:06:15 -------- d-----w- c:\users\hp\appdata\local\AVG Secure Search
2012-06-04 14:37:15 -------- d-----w- c:\programdata\AVG Secure Search
2012-06-04 14:37:14 -------- d-----w- c:\program files\common files\AVG Secure Search
2012-06-04 14:37:14 -------- d-----w- c:\program files\AVG Secure Search
2012-06-04 14:33:49 -------- d--h--w- c:\programdata\Common Files
2012-06-04 14:33:40 -------- d--h--w- C:\$AVG
2012-06-04 14:33:40 -------- d-----w- c:\windows\system32\drivers\AVG
2012-06-04 14:33:40 -------- d-----w- c:\programdata\AVG2012
2012-06-04 14:33:23 -------- d-----w- c:\program files\AVG
2012-06-04 14:06:06 -------- d-----w- c:\programdata\MFAData
2012-06-04 09:41:51 -------- d-----w- c:\users\hp\appdata\roaming\playmink
2012-06-03 22:40:50 -------- d-----w- c:\users\hp\youwave
2012-06-03 22:40:50 -------- d-----w- c:\users\hp\.Virtualbox
2012-06-03 14:28:27 -------- d-----w- c:\users\hp\appdata\roaming\IDT
2012-06-03 13:31:19 -------- d-----w- c:\users\hp\appdata\roaming\dll-files.com
2012-06-03 13:31:12 -------- d-----w- c:\program files\Dll-Files.com Fixer
2012-06-02 23:01:52 -------- d-----w- c:\users\hp\appdata\local\ATI
2012-06-02 22:59:17 -------- d-----w- c:\program files\common files\Intel
2012-06-02 22:59:11 -------- d-----w- C:\Intel
2012-06-02 22:59:09 -------- d-----w- c:\program files\AMD APP
2012-06-02 22:57:57 -------- d-----w- c:\program files\ATI
2012-06-02 22:57:42 -------- d-----w- c:\program files\ATI Technologies
2012-06-02 20:47:12 6012416 ----a-w- c:\windows\system32\IDTNGUI.exe
2012-06-02 20:47:12 536576 ----a-w- c:\windows\system32\idtmini1.exe
2012-06-02 20:47:12 5077504 ----a-w- c:\windows\system32\IDTNHP.dll
2012-06-02 20:47:12 4120576 ----a-w- c:\windows\system32\stlang.dll
2012-06-02 20:47:12 233472 ----a-w- c:\windows\system32\IDTNJ.exe
2012-06-02 20:47:12 1784320 ----a-w- c:\windows\system32\IDTNCPL.cpl
2012-06-02 20:47:12 1433692 ----a-w- c:\windows\sttray.exe
2012-06-02 20:47:12 1041920 ----a-w- c:\windows\system32\IDTNX.dll
2012-06-02 20:47:10 -------- d-----w- c:\windows\system32\SRSLabs
2012-06-02 20:47:08 207360 ----a-w- c:\windows\system32\staco.dll
2012-06-02 20:46:34 535552 ------w- c:\windows\system32\stapi32.dll
2012-06-02 20:46:34 444928 ----a-w- c:\windows\system32\drivers\stwrt.sys
2012-06-02 20:46:34 417280 ----a-w- c:\windows\system32\stcplx.dll
2012-06-02 20:46:34 1259008 ----a-w- c:\windows\system32\stapo.dll
2012-06-02 20:46:29 -------- d-----w- c:\program files\IDT
2012-06-02 20:20:52 80416 ----a-w- c:\windows\system32\RtNicProp32.dll
2012-06-02 20:20:52 414824 ----a-w- c:\windows\system32\drivers\Rt86win7.sys
2012-06-02 19:09:48 -------- d-----w- c:\program files\Cisco
2012-06-02 19:07:58 91448 ----a-w- c:\windows\system32\bcmwlcoi.dll
2012-06-02 19:07:58 6656 ----a-w- c:\windows\system32\bcmwlrc.dll
2012-06-02 19:07:58 4256320 ----a-w- c:\windows\system32\drivers\BCMWL6.SYS
2012-06-02 19:07:58 3928064 ----a-w- c:\windows\system32\bcmihvsrv.dll
2012-06-02 19:07:58 3616768 ----a-w- c:\windows\system32\bcmihvui.dll
2012-06-02 17:40:54 936960 ----a-w- c:\program files\common files\microsoft shared\ink\journal.dll
2012-06-02 17:40:53 989184 ----a-w- c:\program files\windows journal\JNTFiltr.dll
2012-06-02 17:40:53 969216 ----a-w- c:\program files\windows journal\JNWDRV.dll
2012-06-02 17:40:53 1221632 ----a-w- c:\program files\windows journal\NBDoc.DLL
2012-06-02 16:00:24 -------- d-----w- c:\program files\HP
2012-06-01 13:06:07 -------- d-----w- c:\users\hp\appdata\roaming\iWin
2012-05-30 18:12:31 -------- d-----w- c:\programdata\WeFi
2012-05-30 18:12:09 -------- d-----w- c:\program files\WeFi
2012-05-30 08:06:09 -------- d-----w- c:\users\hp\appdata\roaming\.freeciv
2012-05-30 07:49:03 -------- d-----w- c:\users\hp\appdata\local\Akamai
2012-05-30 07:43:20 -------- d-----w- c:\program files\common files\Akamai
2012-05-30 07:39:01 -------- d-----w- c:\program files\Kuma Games
2012-05-28 18:28:38 -------- d-----w- c:\users\hp\appdata\local\IsolatedStorage
2012-05-28 13:58:56 -------- d-----w- c:\users\hp\appdata\local\Nokia
2012-05-28 13:58:51 -------- d-----w- c:\programdata\NokiaMusic
2012-05-28 12:16:07 -------- d-----w- c:\program files\common files\PCSuite
2012-05-28 12:16:07 -------- d-----w- c:\program files\common files\Nokia
2012-05-28 12:15:28 18816 ----a-w- c:\windows\system32\drivers\pccsmcfd.sys
2012-05-28 12:15:23 -------- d-----w- c:\program files\PC Connectivity Solution
2012-05-24 12:10:56 -------- d-----w- c:\programdata\Playrix Entertainment
2012-05-24 12:09:00 -------- d-----w- c:\program files\AllGamesHome Toolbar
2012-05-23 10:36:41 -------- d-----w- c:\windows\system32\appmgmt
2012-05-15 08:01:50 -------- d-----w- c:\users\hp\appdata\local\Diagnostics
2012-05-15 07:30:10 -------- d-----w- c:\users\hp\appdata\roaming\Anvil Studio
2012-05-15 07:14:16 -------- d-----w- c:\users\hp\appdata\roaming\Synthesia
.
==================== Find3M ====================
.
2012-06-13 17:21:19 0 --sha-w- c:\windows\system32\dds_trash_log.cmd
2012-05-13 10:00:25 215 ----a-w- c:\windows\system32\wsun32.dll
2012-05-13 10:00:25 215 ----a-w- c:\windows\system32\msgb.dll
2012-05-06 15:59:38 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-05-06 15:59:38 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-04-29 18:43:32 773968 ----a-w- c:\windows\system32\msvcr100.dll
2012-04-29 18:43:28 421200 ----a-w- c:\windows\system32\msvcp100.dll
2012-04-19 02:50:26 24896 ----a-w- c:\windows\system32\drivers\avgidshx.sys
2012-03-26 21:45:18 37376 ----a-w- c:\windows\system32\drivers\HssDrv.sys
2012-03-26 21:45:14 32768 ----a-w- c:\windows\system32\drivers\taphss.sys
2012-03-22 20:54:44 472808 ----a-w- c:\windows\system32\deployJava1.dll
2012-03-19 03:17:28 301248 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2012-03-17 05:00:29 0 ----a-w- c:\windows\ativpsrm.bin
.
============= FINISH: 22:28:32.74 ===============

SSD:-
Babylon.Toolbar: [SBI $DEB52F26] Program directory (Directory, nothing done)
C:\ProgramData\Babylon\

Babylon.Toolbar: [SBI $5AB447BB] Program directory (Directory, nothing done)
C:\Users\hp\AppData\Roaming\Babylon\

Babylon.Toolbar: [SBI $D1EDD9CA] Settings (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Babylon

Babylon.Toolbar: [SBI $D573FB99] Settings (Registry key, nothing done)
HKEY_USERS\S-1-5-21-4088562051-3164859817-2932628761-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4A99-B4B6-146BF802613B}

Babylon.Toolbar: [SBI $E02AA723] Settings (Registry key, nothing done)
HKEY_USERS\S-1-5-21-4088562051-3164859817-2932628761-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}

Babylon.Toolbar: [SBI $E0B59C7B] Class ID (Registry key, nothing done)
HKEY_CLASSES_ROOT\CLSID\{2EECD738-5844-4a99-B4B6-146BF802613B}

Babylon.Toolbar: [SBI $845CDFE1] Class ID (Registry key, nothing done)
HKEY_CLASSES_ROOT\CLSID\{97F2FF5B-260C-4ccf-834A-2DDA4E29E39E}

Babylon.Toolbar: [SBI $C85E7B42] Class ID (Registry key, nothing done)
HKEY_CLASSES_ROOT\CLSID\{98889811-442D-49dd-99D7-DC866BE87DBC}

Babylon.Toolbar: [SBI $3B673BC9] Class ID (Registry key, nothing done)
HKEY_CLASSES_ROOT\CLSID\{B8276A94-891D-453C-9FF3-715C042A2575}

Babylon.Toolbar: [SBI $295D1CA8] Class ID (Registry key, nothing done)
HKEY_CLASSES_ROOT\CLSID\{E46C8196-B634-44a1-AF6E-957C64278AB1}

Babylon.Toolbar: [SBI $965DE1CF] Class ID (Registry key, nothing done)
HKEY_CLASSES_ROOT\CLSID\{FFB9ADCB-8C79-4C29-81D3-74D46A93D370}

Babylon.Toolbar: [SBI $03CC717B] Interface (Registry key, nothing done)
HKEY_CLASSES_ROOT\Interface\{44C3C1DB-2127-433C-98EC-4C9412B5FC3A}

Babylon.Toolbar: [SBI $55401212] Interface (Registry key, nothing done)
HKEY_CLASSES_ROOT\Interface\{4D5132DD-BB2B-4249-B5E0-D145A8C982E1}

Babylon.Toolbar: [SBI $4FD7143C] Interface (Registry key, nothing done)
HKEY_CLASSES_ROOT\Interface\{706D4A4B-184A-4434-B331-296B07493D2D}

Babylon.Toolbar: [SBI $86D54DEE] Interface (Registry key, nothing done)
HKEY_CLASSES_ROOT\Interface\{8BE10F21-185F-4CA0-B789-9921674C3993}

Babylon.Toolbar: [SBI $B3F815D3] Interface (Registry key, nothing done)
HKEY_CLASSES_ROOT\Interface\{94C0B25D-3359-4B10-B227-F96A77DB773F}

Babylon.Toolbar: [SBI $A7E24495] Interface (Registry key, nothing done)
HKEY_CLASSES_ROOT\Interface\{B0B75FBA-7288-4FD3-A9EB-7EE27FA65599}

Babylon.Toolbar: [SBI $F311396F] Interface (Registry key, nothing done)
HKEY_CLASSES_ROOT\Interface\{B173667F-8395-4317-8DD6-45AD1FE00047}

Babylon.Toolbar: [SBI $473B0254] Interface (Registry key, nothing done)
HKEY_CLASSES_ROOT\Interface\{B32672B3-F656-46E0-B584-FE61C0BB6037}

Babylon.Toolbar: [SBI $17D55CEB] Interface (Registry key, nothing done)
HKEY_CLASSES_ROOT\Interface\{BFE569F7-646C-4512-969B-9BE3E580D393}

Babylon.Toolbar: [SBI $35D035AC] Interface (Registry key, nothing done)
HKEY_CLASSES_ROOT\Interface\{C2434722-5C85-4CA0-BA69-1B67E7AB3D68}

Babylon.Toolbar: [SBI $CD2F4F51] Interface (Registry key, nothing done)
HKEY_CLASSES_ROOT\Interface\{C2996524-2187-441F-A398-CD6CB6B3D020}

Babylon.Toolbar: [SBI $88BEA276] Interface (Registry key, nothing done)
HKEY_CLASSES_ROOT\Interface\{E047E227-5342-4D94-80F7-CFB154BF55BD}

Babylon.Toolbar: [SBI $44038FF2] Interface (Registry key, nothing done)
HKEY_CLASSES_ROOT\Interface\{E3F79BE9-24D4-4F4D-8C13-DF2C9899F82E}

Babylon.Toolbar: [SBI $A3E68EB6] Interface (Registry key, nothing done)
HKEY_CLASSES_ROOT\Interface\{E77EEF95-3E83-4BB8-9C0D-4A5163774997}

Babylon.Toolbar: [SBI $BBB82D0A] Type library (Registry key, nothing done)
HKEY_CLASSES_ROOT\TypeLib\{35C1605E-438B-4D64-AAB1-8885F097A9B1}

Babylon.Toolbar: [SBI $C5E991BF] Type library (Registry key, nothing done)
HKEY_CLASSES_ROOT\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}

Babylon.Toolbar: [SBI $58FD8250] Type library (Registry key, nothing done)
HKEY_CLASSES_ROOT\TypeLib\{6E8BF012-2C85-4834-B10A-1B31AF173D70}

Babylon.Toolbar: [SBI $7C893BE9] Type library (Registry key, nothing done)
HKEY_CLASSES_ROOT\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}

Babylon.Toolbar: [SBI $82C5EBDA] Settings (Registry value, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8375D9C8-634F-4ECB-8CF5-C7416BA5D542}\AppName

Babylon.Toolbar: [SBI $7491E83C] Settings (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2EECD738-5844-4a99-B4B6-146BF802613B}

Babylon.Toolbar: [SBI $F75ED516] IE toolbar (Registry value, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{98889811-442D-49dd-99D7-DC866BE87DBC}

Babylon.Toolbar: [SBI $07586C96] Root class (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\escort.escortIEPane

Babylon.Toolbar: [SBI $07586C96] Root class (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\escort.escortIEPane.1

Babylon.Toolbar: [SBI $07586C96] Class ID (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EE20B4F0-A56F-41CE-BFFC-FB7389CCB627}

Babylon.Toolbar: [SBI $9BB50AEF] Root class (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\escort.escrtBtn.1

Babylon.Toolbar: [SBI $9BB50AEF] Class ID (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E46C8196-B634-44a1-AF6E-957C64278AB1}

Babylon.Toolbar: [SBI $52C6ABB7] Root class (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\esrv.BabylonESrvc

Babylon.Toolbar: [SBI $52C6ABB7] Root class (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\esrv.BabylonESrvc.1

Babylon.Toolbar: [SBI $52C6ABB7] Class ID (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{291BCCC1-6890-484a-89D3-318C928DAC1B}

Babylon.Toolbar: [SBI $53246B67] Settings (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8375D9C8-634F-4ECB-8CF5-C7416BA5D542}

Babylon.Toolbar: [SBI $C2E2DFDF] Program directory (Directory, nothing done)
C:\Program Files\BabylonToolbar\

Babylon.Toolbar: [SBI $6FD65E4E] Program directory (Directory, nothing done)
C:\Program Files\BabylonToolbar\BabylonToolbar\

Babylon.Toolbar: [SBI $BD2D2D7E] Program directory (Directory, nothing done)
C:\Program Files\BabylonToolbar\BabylonToolbar\1.5.3.17\

Babylon.Toolbar: [SBI $7C2CF2C5] Program directory (Directory, nothing done)
C:\Program Files\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\

Babylon.Toolbar: [SBI $5F690EB1] Uninstall settings (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BabylonToolbar

Babylon.Toolbar: [SBI $554A5FF0] Root class (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\bbylnApp.appCore

Babylon.Toolbar: [SBI $554A5FF0] Root class (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\bbylnApp.appCore.1

Babylon.Toolbar: [SBI $554A5FF0] Class ID (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FFB9ADCB-8C79-4C29-81D3-74D46A93D370}

Babylon.Toolbar: [SBI $86348D5E] Root class (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Babylon.dskBnd

Babylon.Toolbar: [SBI $86348D5E] Root class (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Babylon.dskBnd.1

Babylon.Toolbar: [SBI $86348D5E] Class ID (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{98889811-442D-49dd-99D7-DC866BE87DBC}

Babylon.Toolbar: [SBI $3BE29F71] Settings (Registry key, nothing done)
HKEY_CLASSES_ROOT\AppID\{BDB69379-802F-4eaf-B541-F8DE92DD98DB}

Babylon.Toolbar: [SBI $B04483F7] Root class (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr

Babylon.Toolbar: [SBI $B04483F7] Root class (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr.1

Babylon.Toolbar: [SBI $B04483F7] Class ID (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2EECD738-5844-4a99-B4B6-146BF802613B}

Babylon.Toolbar: [SBI $F8D06006] User settings (Registry key, nothing done)
HKEY_USERS\S-1-5-21-4088562051-3164859817-2932628761-1000\Software\BabylonToolbar

Babylon.Toolbar: [SBI $2C6EC819] Settings (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\BabylonToolbar

BrothersoftExtreme.CT: [SBI $7877A24A] Executable (File, nothing done)
C:\Users\hp\Documents\Downloads\11CT2776682_BrotherSoft_Extreme.exe
Properties.size=192848
Properties.md5=366ACA3ACE9F8F388BB831F0F1CBB015
Properties.filedate=1335992661
Properties.filedatetext=2012-05-02 23:04:20

CoolWWWSearch.CameUp: [SBI $4A5E11C5] Interface (Registry key, nothing done)
HKEY_CLASSES_ROOT\Interface\{95B92D92-8B7D-4A19-A3F1-43113B4DBCAF}

CoolWWWSearch.Toolband: [SBI $E1C52FF8] Type library (Registry key, nothing done)
HKEY_CLASSES_ROOT\TypeLib\{5297E905-1DFB-4A9C-9871-A4F95FD58945}

CoolWWWSearch.Toolband: [SBI $C80E6C03] Root class (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ToolBand.ToolBandObj

CoolWWWSearch.Toolband: [SBI $C80E6C03] Root class (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ToolBand.ToolBandObj.1

CoolWWWSearch.Toolband: [SBI $C80E6C03] Class ID (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D3B22A92-87A2-47b6-B3E6-A64877B5C242}

Microsoft.Windows.Security.InternetExplorer: [SBI $A3433CBF] Settings (Registry change, nothing done)
HKEY_USERS\S-1-5-21-4088562051-3164859817-2932628761-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWN\iexplore.exe


--- Spybot - Search & Destroy version: 1.6.2 (build: 20090126) ---

2009-01-26 blindman.exe (1.0.0.8)
2009-01-26 SDFiles.exe (1.6.1.7)
2009-01-26 SDMain.exe (1.0.0.6)
2009-01-26 SDShred.exe (1.0.2.5)
2009-01-26 SDUpdate.exe (1.6.0.12)
2009-01-26 SDWinSec.exe (1.0.0.12)
2009-01-26 SpybotSD.exe (1.6.2.46)
2009-01-26 TeaTimer.exe (1.6.4.26)
2012-06-13 unins000.exe (51.49.0.0)
2009-01-26 Update.exe (1.6.0.7)
2009-01-26 advcheck.dll (1.6.2.15)
2007-04-02 aports.dll (2.1.0.0)
2008-06-14 DelZip179.dll (1.79.11.1)
2009-01-26 SDHelper.dll (1.6.2.14)
2008-06-19 sqlite3.dll
2009-01-26 Tools.dll (2.1.6.10)
2009-01-16 UninsSrv.dll (1.0.0.0)
2012-01-16 Includes\Adware.sbi (*)
2012-06-05 Includes\AdwareC.sbi (*)
2010-08-13 Includes\Cookies.sbi (*)
2010-12-14 Includes\Dialer.sbi (*)
2011-11-29 Includes\DialerC.sbi (*)
2012-01-31 Includes\HeavyDuty.sbi (*)
2012-05-16 Includes\Hijackers.sbi (*)
2012-05-16 Includes\HijackersC.sbi (*)
2010-09-15 Includes\iPhone.sbi (*)
2012-03-13 Includes\Keyloggers.sbi (*)
2012-03-13 Includes\KeyloggersC.sbi (*)
2004-11-29 Includes\LSP.sbi (*)
2012-04-17 Includes\Malware.sbi (*)
2012-06-05 Includes\MalwareC.sbi (*)
2011-02-24 Includes\PUPS.sbi (*)
2012-05-29 Includes\PUPSC.sbi (*)
2010-01-25 Includes\Revision.sbi (*)
2011-02-24 Includes\Security.sbi (*)
2011-12-13 Includes\SecurityC.sbi (*)
2008-06-03 Includes\Spybots.sbi (*)
2008-06-03 Includes\SpybotsC.sbi (*)
2012-01-17 Includes\Spyware.sbi (*)
2012-05-08 Includes\SpywareC.sbi (*)
2010-03-08 Includes\Tracks.uti
2011-09-28 Includes\Trojans.sbi (*)
2012-06-12 Includes\TrojansC-02.sbi (*)
2012-06-06 Includes\TrojansC-03.sbi (*)
2012-06-11 Includes\TrojansC-04.sbi (*)
2012-05-23 Includes\TrojansC-05.sbi (*)
2012-06-12 Includes\TrojansC.sbi (*)
2008-03-04 Plugins\Chai.dll
2008-03-05 Plugins\Fennel.dll
2008-02-26 Plugins\Mate.dll
2007-12-24 Plugins\TCPIPAddress.dll


Thanks in advance

 

[JonTom]

Hello Aelo123 and :welcome:

My name is JonTom

• Malware Logs can sometimes take a lot of time to research and interpret.
  
• Please be patient while I try to assist with your problem. If at any time you do not understand what is required, please ask for further explanation.
  
• Please note that there is no "Quick Fix" to modern malware infections and we may need to use several different approaches to get your system clean.
  
• Read every reply you receive carefully and thoroughly before carrying out the instructions. You may also find it helpful to print out the instructions you receive, as in some instances you may have to disconnect your computer from the Internet.
  
• PLEASE NOTE: If you do not reply after 3 days your thread will be closed.

There is a serious rootkit infection on this machine. Please use an uninfected machine to change all of your passwords as soon as you can as your passwords may have been compromised.

Also, please back up all of your important data immediately as in the worst case scenario you may have to reformat and reinstall your operating system.

Before we begin I would like to review the logs created by the following tools:

1. aswMBR
   
   
   • Download aswMBR.exe to your desktop.
   • Double click the aswMBR.exe to run it.
   • When asked if you want to download Avast's virus definitions please select Yes.
   • Click the "Scan" button to start scan.
   
   
   
   
   
   • On completion of the scan click save log, save it to your desktop and post in your next reply.
   
   
   
   
   
   
   The next tool may give you the option of curing what is detected.
   
   At this time please do not allow the tool to cure anything it detects (we only need to review the log that is created at this time).
   
   
2. TDSS Killer
   
   
   • 
     [*]Please read carefully and follow these steps.
   • Download TDSSKiller and save it to your Desktop.
   • Extract its contents to your desktop.
   • Once extracted, open the TDSSKiller folder and Right click on TDSSKiller.exe and select "Run as Administrator" to run the application.
   • When the window opens, click on Change Parameters.
   • Under ”Additional options”, put a check mark in the box next to “Detect TDLFS File System”.
   • Click on Start Scan.
   • If an infected file is detected, the default action will be Cure, click on Skip.
   • If a suspicious file is detected, the default action will be Skip, click on Continue.
   • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
   • If no reboot is required, click on Report. A log file should appear. Please copy and paste the contents of that file here.
   • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt".
   
   Please post the aswMBR log and the TDSSKiller log in your next reply.

 

[Aelo123]

I've done as you adviced, here are the logs you requested(attached)
View attachment 9597

View attachment 9598

 

[JonTom]

Hello Aelo123

Please post your logs directy into your replies (there is no need to attach them).

This machine is terribly infected.


Please re-run TDSSKiller and allow it to cure (or quarantine) what it detects, then follow immediately with Combofix:

1. Combofix
   
   
   • Download ComboFix from one of the following locations:
     
     Link 1
     Link 2
   • VERY IMPORTANT !!! Save ComboFix.exe to your Desktop
   • IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here .
   • Right click on ComboFix.exe and select "Run as Administrator" to run the program. Follow the prompts.
   • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
   • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
   • Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
   
   
   
   
   
   • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
   
   
   
   
   
   • Click on Yes, to continue scanning for malware.
   • When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
   • Notes: Do not mouse-click Combofix's window while it is running. That may cause it to stall.
   • Do not "re-run" Combofix. If you have a problem, reply back for further instructions.
   • Should there be issues with internet afterward:
     
     In IE: Tools Menu -> Internet Options -> Connections Tab -> Lan Settings -> uncheck "use a proxy server" or reconfigure the Proxy server again in case you have set it previously.
     
     In Firefox: Tools Menu -> Options... -> Advanced Tab -> Network Tab -> "Settings" under Connection and uncheck the proxyserver, set it to No Proxy.
     
   
   
   Please post the TDSSKiller log and the Combofix log in your next reply.

 

[Aelo123]

I attached the text because it was too long:-
View attachment 9602

 

[JonTom]

Hello Aelo123

Please try running Combofix again. It may take a little time to complete so please be patient.

If (say after an hour) it has still not completed let me know.

 

[Aelo123]

It was much faster this time here is the log:-
\ComboFix 12-06-15.06 - hp 18-Jun-12 10:32:38.2.4 - x86
Microsoft Windows 7 Professional 6.1.7600.0.1252.1.1033.18.2510.1567 [GMT 2:00]
Running from: c:\users\hp\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
C:\Read Me.txt
c:\windows\$NtUninstallKB45282$
c:\windows\$NtUninstallKB45282$\613192814\L\xadqgnnk
c:\windows\system32\dds_trash_log.cmd
c:\windows\system32\DEBUG.log
c:\windows\system32\msgb.dll
c:\windows\system32\oem44.inf
c:\windows\system32\wsun32.dll
.
.
((((((((((((((((((((((((( Files Created from 2012-05-18 to 2012-06-18 )))))))))))))))))))))))))))))))
.
.
2012-06-18 08:36 . 2012-06-18 08:36 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-06-16 22:03 . 2012-06-16 22:03 253952 ------w- c:\windows\Setup1.exe
2012-06-16 22:03 . 2012-06-16 22:03 74752 ----a-w- c:\windows\ST6UNST.EXE
2012-06-16 18:53 . 2012-06-18 08:38 -------- d-----w- c:\users\hp\AppData\Local\temp
2012-06-16 18:34 . 2012-06-16 18:37 -------- d-----w- C:\TDSSKiller_Quarantine
2012-06-16 13:45 . 2012-06-16 13:45 -------- d-----w- C:\TWISTER
2012-06-16 08:23 . 2012-06-16 08:25 -------- d-----w- c:\users\hp\AppData\Local\Facebook
2012-06-15 20:36 . 2012-06-15 20:36 -------- d-----w- c:\program files\7-Zip
2012-06-13 21:00 . 2012-06-13 21:03 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2012-06-13 21:00 . 2012-06-13 21:01 -------- d-----w- c:\program files\Spybot - Search & Destroy
2012-06-13 20:27 . 2012-06-13 20:24 607260 ----a-r- c:\users\hp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\dds.scr
2012-06-13 20:22 . 2012-06-13 20:22 -------- d-----w- c:\program files\ERUNT
2012-06-12 17:35 . 2012-06-12 17:35 -------- d-----w- c:\users\hp\AppData\Local\eToolKit
2012-06-12 17:35 . 2011-09-12 16:43 57152 ----a-w- c:\windows\system32\drivers\toolkitdisk.sys
2012-06-12 17:34 . 2012-06-12 17:35 -------- d-----w- c:\program files\ToolKitService
2012-06-11 17:49 . 2012-06-11 17:49 -------- d-----w- c:\users\hp\AppData\Roaming\CBS Interactive
2012-06-11 07:15 . 2012-06-11 07:15 -------- d-----w- c:\users\hp\AppData\Roaming\Optimizer Pro
2012-06-11 07:15 . 2012-06-11 07:15 -------- d-----w- c:\program files\Alnaddy.com
2012-06-11 07:13 . 2012-06-11 07:13 -------- d-----w- c:\program files\Optimizer Pro
2012-06-11 07:12 . 2012-06-11 17:56 -------- d-----w- c:\programdata\ADDICT-THING
2012-06-10 17:32 . 2012-06-10 17:32 -------- d-----w- c:\program files\Common Files\SourceTec
2012-06-10 17:32 . 2012-06-10 17:33 -------- d-----w- c:\program files\SourceTec
2012-06-09 20:40 . 2012-06-09 20:43 -------- d-----w- c:\users\hp\AppData\Local\Apple Computer
2012-06-09 20:40 . 2012-06-09 20:40 -------- d-----w- c:\users\hp\AppData\Roaming\Apple Computer
2012-06-09 20:40 . 2012-06-09 20:40 -------- d-----w- c:\program files\iPod
2012-06-09 20:40 . 2012-06-09 20:40 -------- d-----w- c:\program files\iTunes
2012-06-09 14:48 . 2012-06-09 14:48 -------- d-----w- c:\users\hp\AppData\Local\WindowsUpdate
2012-06-09 14:07 . 2012-06-09 14:07 3951672 ----a-w- c:\windows\system32\ntkr128g.exe
2012-06-08 22:04 . 2012-06-08 22:04 -------- d-----w- c:\program files\BabylonToolbar
2012-06-08 22:04 . 2012-06-11 07:15 1547 ----a-w- C:\user.js
2012-06-08 22:03 . 2012-06-08 22:03 -------- d-----w- c:\users\hp\AppData\Roaming\Babylon
2012-06-08 22:03 . 2012-06-08 22:03 -------- d-----w- c:\programdata\Premium
2012-06-08 22:03 . 2012-06-08 22:03 -------- d-----w- c:\programdata\Babylon
2012-06-08 22:02 . 2012-06-16 18:52 -------- d-----w- c:\programdata\Codecv
2012-06-08 22:02 . 2012-06-11 21:20 -------- d-----w- c:\programdata\InstallMate
2012-06-07 08:56 . 2012-06-07 08:56 -------- d-----w- c:\program files\CCleaner
2012-06-06 10:01 . 2012-06-06 10:01 -------- d-----w- c:\windows\system32\Adobe
2012-06-06 09:59 . 2012-06-06 09:59 -------- d-----w- c:\users\hp\AppData\Local\ElevatedDiagnostics
2012-06-05 13:15 . 2012-06-05 13:15 -------- d-----w- c:\programdata\Hotspot Shield
2012-06-05 13:14 . 2012-06-05 13:15 -------- d-----w- C:\Hotspot Shield
2012-06-05 10:42 . 2012-06-05 10:42 -------- d-----w- c:\users\hp\.vdrift
2012-06-04 18:21 . 2012-06-04 18:21 -------- d-----w- c:\users\hp\AppData\Roaming\AVG
2012-06-04 16:06 . 2012-06-04 16:06 -------- d-----w- c:\users\hp\AppData\Local\AVG Secure Search
2012-06-04 14:37 . 2012-06-04 16:06 -------- d-----w- c:\programdata\AVG Secure Search
2012-06-04 14:37 . 2012-06-04 16:06 -------- d-----w- c:\program files\AVG Secure Search
2012-06-04 14:37 . 2012-06-04 14:37 -------- d-----w- c:\program files\Common Files\AVG Secure Search
2012-06-04 14:33 . 2012-06-04 14:33 -------- d--h--w- c:\programdata\Common Files
2012-06-04 14:33 . 2012-06-17 21:31 -------- d-----w- c:\windows\system32\drivers\AVG
2012-06-04 14:33 . 2012-06-12 16:27 -------- d-----w- c:\programdata\AVG2012
2012-06-04 14:33 . 2012-06-04 14:33 -------- d-----w- C:\$AVG
2012-06-04 14:33 . 2012-06-04 18:20 -------- d-----w- c:\program files\AVG
2012-06-04 14:06 . 2012-06-18 07:52 -------- d-----w- c:\programdata\MFAData
2012-06-04 09:41 . 2012-06-04 09:41 -------- d-----w- c:\users\hp\AppData\Roaming\playmink
2012-06-03 22:40 . 2012-06-03 22:44 -------- d-----w- c:\users\hp\youwave
2012-06-03 22:40 . 2012-06-03 22:40 -------- d-----w- c:\users\hp\.Virtualbox
2012-06-03 14:28 . 2012-06-03 14:28 -------- d-----w- c:\users\hp\AppData\Roaming\IDT
2012-06-03 13:31 . 2012-06-03 13:31 -------- d-----w- c:\users\hp\AppData\Roaming\dll-files.com
2012-06-03 13:31 . 2012-06-03 13:31 -------- d-----w- c:\program files\Dll-Files.com Fixer
2012-06-02 23:01 . 2012-06-02 23:01 -------- d-----w- c:\users\hp\AppData\Roaming\ATI
2012-06-02 23:01 . 2012-06-02 23:01 -------- d-----w- c:\users\hp\AppData\Local\ATI
2012-06-02 23:01 . 2012-06-02 23:01 -------- d-----w- c:\programdata\ATI
2012-06-02 22:59 . 2012-06-02 22:59 -------- d-----w- c:\program files\Common Files\Intel
2012-06-02 22:59 . 2012-06-02 22:59 -------- d-----w- c:\program files\Intel
2012-06-02 22:59 . 2012-06-02 22:59 -------- d-----w- C:\Intel
2012-06-02 22:59 . 2012-06-02 22:59 -------- d-----w- c:\program files\AMD APP
2012-06-02 22:57 . 2012-06-02 22:57 -------- d-----w- c:\program files\ATI
2012-06-02 22:57 . 2012-06-02 22:59 -------- d-----w- c:\program files\ATI Technologies
2012-06-02 20:47 . 2011-09-08 03:42 6012416 ----a-w- c:\windows\system32\IDTNGUI.exe
2012-06-02 20:47 . 2011-09-08 03:42 536576 ----a-w- c:\windows\system32\idtmini1.exe
2012-06-02 20:20 . 2011-08-23 19:57 80416 ----a-w- c:\windows\system32\RtNicProp32.dll
2012-06-02 20:20 . 2011-08-23 19:57 414824 ----a-w- c:\windows\system32\drivers\Rt86win7.sys
2012-06-02 19:09 . 2012-06-02 19:20 -------- d-----w- c:\program files\Cisco
2012-06-02 19:07 . 2012-06-02 19:19 6656 ----a-w- c:\windows\system32\bcmwlrc.dll
2012-06-02 19:07 . 2012-06-02 19:07 91448 ----a-w- c:\windows\system32\bcmwlcoi.dll
2012-06-02 19:07 . 2012-06-02 19:07 4256320 ----a-w- c:\windows\system32\drivers\BCMWL6.SYS
2012-06-02 19:07 . 2012-06-02 19:07 3928064 ----a-w- c:\windows\system32\bcmihvsrv.dll
2012-06-02 19:07 . 2012-06-02 19:07 3616768 ----a-w- c:\windows\system32\bcmihvui.dll
2012-06-02 18:07 . 2012-06-02 18:07 -------- d-----w- c:\users\hp\AppData\Roaming\InstallShield
2012-06-02 17:40 . 2012-04-02 04:40 936960 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2012-06-02 17:40 . 2012-04-02 04:41 1221632 ----a-w- c:\program files\Windows Journal\NBDoc.DLL
2012-06-02 17:40 . 2012-04-02 04:40 989184 ----a-w- c:\program files\Windows Journal\JNTFiltr.dll
2012-06-02 17:40 . 2012-04-02 04:40 969216 ----a-w- c:\program files\Windows Journal\JNWDRV.dll
2012-06-02 16:00 . 2012-06-02 16:00 -------- d-----w- c:\program files\Hewlett-Packard
2012-06-02 16:00 . 2012-06-02 16:00 -------- d-----w- c:\program files\HP
2012-06-01 13:06 . 2012-06-01 13:06 -------- d-----w- c:\users\hp\AppData\Roaming\iWin
2012-05-30 18:12 . 2012-06-18 08:38 -------- d-----w- c:\programdata\WeFi
2012-05-30 18:12 . 2012-05-30 18:12 -------- d-----w- c:\program files\WeFi
2012-05-30 08:06 . 2012-06-05 10:46 -------- d-----w- c:\users\hp\AppData\Roaming\.freeciv
2012-05-30 07:49 . 2012-05-30 07:49 -------- d-----w- c:\users\hp\AppData\Local\Akamai
2012-05-30 07:43 . 2012-06-18 08:38 -------- d-----w- c:\program files\Common Files\Akamai
2012-05-30 07:39 . 2012-05-30 08:05 -------- d-----w- c:\program files\Kuma Games
2012-05-28 18:28 . 2012-05-28 18:28 -------- d-----w- c:\users\hp\AppData\Local\IsolatedStorage
2012-05-28 13:58 . 2012-05-28 13:59 -------- d-----w- c:\users\hp\AppData\Local\Nokia
2012-05-28 13:58 . 2012-05-28 13:58 -------- d-----w- c:\programdata\NokiaMusic
2012-05-28 12:16 . 2012-05-28 13:58 -------- d-----w- c:\program files\Common Files\Nokia
2012-05-28 12:16 . 2012-05-28 12:16 -------- d-----w- c:\program files\Common Files\PCSuite
2012-05-28 12:15 . 2012-05-28 12:16 -------- d-----w- c:\program files\DIFX
2012-05-28 12:15 . 2008-08-26 07:26 18816 ----a-w- c:\windows\system32\drivers\pccsmcfd.sys
2012-05-28 12:15 . 2012-05-28 12:15 -------- dc----w- c:\windows\system32\DRVSTORE
2012-05-28 12:15 . 2012-05-28 12:15 -------- d-----w- c:\program files\PC Connectivity Solution
2012-05-28 12:10 . 2012-05-28 12:10 -------- d-----w- c:\programdata\Installations
2012-05-24 12:10 . 2012-05-24 12:10 -------- d-----w- c:\programdata\Playrix Entertainment
2012-05-24 12:09 . 2012-05-24 12:09 -------- d-----w- c:\program files\AllGamesHome Toolbar
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-16 18:38 . 2009-07-13 23:12 74240 ----a-w- c:\windows\system32\drivers\tdx.sys
2012-05-06 15:59 . 2012-04-12 18:35 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-05-06 15:59 . 2012-03-22 20:53 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-04-29 18:43 . 2012-04-29 18:43 773968 ----a-w- c:\windows\system32\msvcr100.dll
2012-04-29 18:43 . 2012-04-29 18:43 421200 ----a-w- c:\windows\system32\msvcp100.dll
2012-04-19 02:50 . 2012-04-19 02:50 24896 ----a-w- c:\windows\system32\drivers\avgidshx.sys
2012-03-26 21:45 . 2012-03-26 21:45 37376 ----a-w- c:\windows\system32\drivers\HssDrv.sys
2012-03-26 21:45 . 2012-03-26 21:45 32768 ----a-w- c:\windows\system32\drivers\taphss.sys
2012-03-23 22:19 . 2012-03-23 22:19 86528 ----a-w- c:\windows\system32\iesysprep.dll
2012-03-23 22:19 . 2012-03-23 22:19 76800 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2012-03-23 22:19 . 2012-03-23 22:19 74752 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2012-03-23 22:19 . 2012-03-23 22:19 74752 ----a-w- c:\windows\system32\iesetup.dll
2012-03-23 22:19 . 2012-03-23 22:19 63488 ----a-w- c:\windows\system32\tdc.ocx
2012-03-23 22:19 . 2012-03-23 22:19 48640 ----a-w- c:\windows\system32\mshtmler.dll
2012-03-23 22:19 . 2012-03-23 22:19 420864 ----a-w- c:\windows\system32\vbscript.dll
2012-03-23 22:19 . 2012-03-23 22:19 367104 ----a-w- c:\windows\system32\html.iec
2012-03-23 22:19 . 2012-03-23 22:19 35840 ----a-w- c:\windows\system32\imgutil.dll
2012-03-23 22:19 . 2012-03-23 22:19 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-03-23 22:19 . 2012-03-23 22:19 23552 ----a-w- c:\windows\system32\licmgr10.dll
2012-03-23 22:19 . 2012-03-23 22:19 1798656 ----a-w- c:\windows\system32\jscript9.dll
2012-03-23 22:19 . 2012-03-23 22:19 161792 ----a-w- c:\windows\system32\msls31.dll
2012-03-23 22:19 . 2012-03-23 22:19 152064 ----a-w- c:\windows\system32\wextract.exe
2012-03-23 22:19 . 2012-03-23 22:19 150528 ----a-w- c:\windows\system32\iexpress.exe
2012-03-23 22:19 . 2012-03-23 22:19 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2012-03-23 22:19 . 2012-03-23 22:19 1427456 ----a-w- c:\windows\system32\inetcpl.cpl
2012-03-23 22:19 . 2012-03-23 22:19 11776 ----a-w- c:\windows\system32\mshta.exe
2012-03-23 22:19 . 2012-03-23 22:19 1127424 ----a-w- c:\windows\system32\wininet.dll
2012-03-23 22:19 . 2012-03-23 22:19 110592 ----a-w- c:\windows\system32\IEAdvpack.dll
2012-03-23 22:19 . 2012-03-23 22:19 101888 ----a-w- c:\windows\system32\admparse.dll
2012-03-22 20:54 . 2012-03-22 20:54 472808 ----a-w- c:\windows\system32\deployJava1.dll
2012-06-01 15:40 . 2012-06-10 17:14 85472 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1D8F1BBE-C6FA-6CDF-A687-DC47DA301414}]
2012-06-08 22:02 140800 ----a-w- c:\programdata\Codecv\bhoclass.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{55928DD2-8878-4275-AAB3-B3A09A67A1EB}]
2012-06-04 11:31 268904 ----a-w- c:\program files\Alnaddy.com\alnaddyToolbar\1.5.25.2\bh\alnaddyToolbar.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{70EA269E-56DF-49C2-86B2-1A1924ED88B4}]
2011-12-26 15:47 109640 ----a-w- c:\program files\ToolKitService\splash.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2012-06-04 14:37 2068536 ----a-w- c:\program files\AVG Secure Search\11.1.0.7\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{5FC86FB3-A8B1-400B-8BE7-0EAF0D857F5D}"= "c:\program files\AllGamesHome Toolbar\tbcore3.dll" [2012-01-16 2666112]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files\AVG Secure Search\11.1.0.7\AVG Secure Search_toolbar.dll" [2012-06-04 2068536]
"{CD3AED25-23AB-4543-B915-159449C37197}"= "c:\program files\Alnaddy.com\alnaddyToolbar\1.5.25.2\alnaddyToolbarTlbr.dll" [2012-06-04 286824]
"{D3B22A92-87A2-47b6-B3E6-A64877B5C242}"= "c:\program files\ToolKitService\toolbar.dll" [2011-12-30 875592]
.
[HKEY_CLASSES_ROOT\clsid\{5fc86fb3-a8b1-400b-8be7-0eaf0d857f5d}]
[HKEY_CLASSES_ROOT\TBSB01457.TBSB01457.3]
[HKEY_CLASSES_ROOT\TypeLib\{EC4085F2-8DB3-45a6-AD0B-CA289F3C5D7E}]
[HKEY_CLASSES_ROOT\TBSB01457.TBSB01457]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_CLASSES_ROOT\clsid\{cd3aed25-23ab-4543-b915-159449c37197}]
[HKEY_CLASSES_ROOT\alnaddy.alnaddyToolbardskBnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}]
[HKEY_CLASSES_ROOT\alnaddy.alnaddyToolbardskBnd]
.
[HKEY_CLASSES_ROOT\clsid\{d3b22a92-87a2-47b6-b3e6-a64877b5c242}]
[HKEY_CLASSES_ROOT\ToolBand.ToolBandObj.1]
[HKEY_CLASSES_ROOT\TypeLib\{5297E905-1DFB-4A9C-9871-A4F95FD58945}]
[HKEY_CLASSES_ROOT\ToolBand.ToolBandObj]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2012-03-26 1516600]
"Akamai NetSession Interface"="c:\users\hp\AppData\Local\Akamai\netsession_win.exe" [2012-05-07 3331872]
"Facebook Update"="c:\users\hp\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-06-16 137536]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NokiaMServer"="c:\program files\Common Files\Nokia\MPlatform\NokiaMServer" [X]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-12-17 1996072]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"NokiaMusic FastStart"="c:\program files\Nokia\Nokia Music Player\NokiaMusicPlayer.exe" [2011-10-21 2193000]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2011-09-08 1433692]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-08-09 142616]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-08-09 177432]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-08-09 176408]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-08-17 343168]
"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2012-04-05 2587008]
"vProt"="c:\program files\AVG Secure Search\vprot.exe" [2012-06-04 1104440]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2007-06-29 286720]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2007-07-10 270648]
.
c:\users\hp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]
Facebook Messenger.lnk - c:\users\hp\AppData\Local\Facebook\Messenger\2.1.4520.0\FacebookMessenger.exe [2012-5-17 200704]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2011-9-20 1008928]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli c:\program files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll
.
[HKLM\~\startupfolder\C:^Users^hp^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^CNET TechTracker.lnk]
path=c:\users\hp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CNET TechTracker.lnk
backup=c:\windows\pss\CNET TechTracker.lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^hp^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Kuma_Tray.lnk]
path=c:\users\hp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Kuma_Tray.lnk
backup=c:\windows\pss\Kuma_Tray.lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^hp^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
path=c:\users\hp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Optimizer Pro]
2012-01-02 17:15 81912 ----a-w- c:\program files\Optimizer Pro\OptProLauncher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tktray]
2012-01-23 15:01 453712 ----a-w- c:\program files\ToolKitService\tktray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
2011-12-09 17:22 74752 ----a-w- c:\program files\Winamp\winampa.exe
.
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdix.sys [2012-03-19 301248]
R2 hfneavwv;SFF Storage Protocol for SDBusSupport;c:\windows\System32\svchost.exe [2009-07-14 20992]
R2 VBoxDrv;VBox Support Driver;d:\drivers\A\YouWave_Android\vb\VBoxDrv.sys [x]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-06 257696]
R3 BTWDPAN;Bluetooth Personal Area Network;c:\windows\system32\DRIVERS\btwdpan.sys [2011-09-20 76328]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-01 113120]
R3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys [2011-02-15 251496]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-03-20 1343400]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam.sys [2008-05-06 11520]
S0 AVGIDSHX;AVGIDSHX;c:\windows\system32\DRIVERS\avgidshx.sys [2012-04-19 24896]
S0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx86.sys [2012-01-31 31952]
S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx86.sys [2012-02-22 235216]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 20992]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-08-17 176128]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\avgidsagent.exe [2012-04-30 5106744]
S2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [2012-02-14 193288]
S2 hshld;Hotspot Shield Service;d:\a\Programs\Hotspot Shield\bin\openvpnas.exe [2012-04-10 542552]
S2 HssWd;Hotspot Shield Monitoring Service;d:\a\Programs\Hotspot Shield\bin\hsswd.exe [2012-04-02 329544]
S2 IconMan_R;IconMan_R;c:\program files\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2011-02-18 1752576]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 ToolkitSvc;Toolkit Service;c:\program files\ToolKitService\ToolkitService.exe [2012-01-23 687168]
S2 vToolbarUpdater11.1.0;vToolbarUpdater11.1.0;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\11.1.0\ToolbarUpdater.exe [2012-06-04 935480]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2011-08-17 8396800]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2011-08-17 247808]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdriverx.sys [2011-12-23 139856]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\avgidsfilterx.sys [2011-12-23 24144]
S3 AVGIDSShim;AVGIDSShim;c:\windows\system32\DRIVERS\avgidsshimx.sys [2011-12-23 17232]
S3 bcbtums;Bluetooth RAM Firmware Download USB Filter;c:\windows\system32\drivers\bcbtums.sys [2011-09-20 142632]
S3 btwampfl;btwampfl Bluetooth filter driver;c:\windows\system32\drivers\btwampfl.sys [2011-09-20 525864]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2011-09-20 33832]
S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [2010-12-10 27632]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-15 269824]
S3 intelkmd;intelkmd;c:\windows\system32\DRIVERS\igdpmd32.sys [2011-08-09 10843136]
S3 MEI;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECI.sys [2010-10-20 41088]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2011-08-23 414824]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]
S3 WefiEngSvc;WeFi Engine Service;c:\program files\WeFi\WefiEngSvc.exe [2010-11-03 120152]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
NETSVCS REQUIRES REPAIRS - current entries shown
AeLookupSvc
CertPropSvc
SCPolicySvc
lanmanserver
gpsvc
IKEEXT
AudioSrv
FastUserSwitchingCompatibility
Ias
Irmon
Nla
Ntmssvc
NWCWorkstation
Nwsapagent
Rasauto
Rasman
Remoteaccess
SENS
Sharedaccess
SRService
Tapisrv
Wmi
WmdmPmSp
tifmsony
LMouKE
tb2launch
symlcbrd
cdr4_xp
se44nd5
StreamDispatcher
SE2Emdfl
transcode360
YMIDUSB
ATSWPDRV
qbcfmonitorservice
UVCFTR
osanbm
sp_clamsrv
SPFDRV
tvald
nv4
snoopfree
eaps2kbd
icraplus
dmprimer
crystalaps
CdaC15BA
zppinger
nhcDriverDevice
sfman
lpx
nm
StMp3Rec
mcontrol
adihdaudaddservice
ESMCR
rchost
cd20xrnt
msvsmon90
nwcworkstation
pilogsrv
cwafadmincontroller
nvcap
enodpl
pav_service
Sk9920nt
idisw2km
olcamsrv
SGHIDI
pserve
unrealircd
SMPLSCSI
_iomega_active_disk_service_
s3savagenb
cfgwzsvc
lhidusb
sskbfd
vaiomediaplatform-videoserver-appserver
SNTIE
naiavfilter1
Tablet2k
pdlnacom
nsm1bus
zpnodecollector
maxbackserviceint
pdlnatdl
StarOpen
btdriver
se58nd5
FVXSCSI
NWSLP
co_mon
CTMMOUNT
SaiH040B
siswlsvc
CTAudSvcService
z800bus
VHidMinidrv
scan
Alpham1
govsrv
PCTINDIS5
Xponaut_WBD
Ktp
gusvc
alcxsens
nocashio
avipbb
{e2b953a6-195a-44f9-9ba3-3d5f4e32bb55}
ARCSOFTVIRTUALCAPTURE
inotask
MXOFX
sonypvs1
pdlnemsg
Fd16_700
mnmdd
spbbcdrv
symidsco
msgsrvservice
svv
VC4CB104
Blfp
s616mdm
SNP2STD
dlcc_device
tbiosdrv
sqlagent$soshome22
W8100PCI
pclepci
qserver
schscnt
acsvc
websensecamserver
btwdndis
lvsrvlauncher
EIO
wwsecsvc
softfax
sansaservice
svcwrsssdk
AcronisOSSReinstallSvc
CSDriver
PSDFilter
ufad-ws60
sshrmd
wlmel51b
sit_flt
CX23880
pduip6000dmemcrdmgr
avupdsvc
NTACCESS
mfeapfk
DynDNS_Updater_Service
ctmmfilt
itmrtsvc
YahooAUService
wmdmpmsn
entertainment
A4S2600
k750mdfl
CE3
orbpvr
wacomvhid
lxrjd31d
acedrv07
RMSvc
mssql$microsoftsmlbiz
ossrv
mbr
s616mgmt
RDID1007
Cam5603D
viaudio
ssmdrv
vpctcom
hpzid412
tme3srv
TermService
wuauserv
BITS
ShellHWDetection
hfneavwv
LogonHours
PCAudit
helpsvc
uploadmgr
iphlpsvc
seclogon
AppInfo
msiscsi
MMCSS
wercplsupport
EapHost
ProfSvc
schedule
hkmsvc
SessionEnv
winmgmt
browser
Themes
BDESVC
AppMgmt
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-06-18 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-12 15:59]
.
2012-06-13 c:\windows\Tasks\DLL-files.com Fixer_UPDATES.job
- c:\program files\Dll-Files.com Fixer\DLLFixer.exe [2012-06-03 15:29]
.
2012-06-18 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4088562051-3164859817-2932628761-1000Core.job
- c:\users\hp\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-06-16 08:23]
.
2012-06-18 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4088562051-3164859817-2932628761-1000UA.job
- c:\users\hp\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-06-16 08:23]
.
2012-06-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4088562051-3164859817-2932628761-1000Core.job
- c:\users\hp\AppData\Local\Google\Update\GoogleUpdate.exe [2012-03-25 14:34]
.
2012-06-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4088562051-3164859817-2932628761-1000UA.job
- c:\users\hp\AppData\Local\Google\Update\GoogleUpdate.exe [2012-03-25 14:34]
.
2012-06-18 c:\windows\Tasks\WefiStartup.job
- c:\program files\WeFi\WefiStartup.exe [2010-11-03 09:21]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.alnaddy.com/?afltid=wbpk
mStart Page = hxxp://home.allgameshome.com/
uInternet Settings,ProxyOverride = <local>
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: Sothink Flash Downloader For IE - c:\program files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
IE: {{5FC86FB3-A8B1-400B-8BE7-0EAF0D857F5D} - {5FC86FB3-A8B1-400B-8BE7-0EAF0D857F5D} - c:\program files\AllGamesHome Toolbar\tbcore3.dll
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{7C5ABD3D-63C7-4714-846F-A892A2BF87CE}: NameServer = 10.89.80.1
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\11.1.0\ViProtocol.dll
FF - ProfilePath - c:\users\hp\AppData\Roaming\Mozilla\Firefox\Profiles\xhny2dox.default\
FF - prefs.js: browser.search.selectedEngine - Alnaddy
FF - prefs.js: browser.startup.homepage - hxxp://www.alnaddy.com/?afltid=wbpk
FF - prefs.js: keyword.URL - hxxp://www.alnaddy.com/search/?q=
FF - prefs.js: network.proxy.type - 0
FF - user.js: extensions.alnaddyToolbar.autoRvrt - false
FF - user.js: extensions.alnaddyToolbar_i.hmpg - true
FF - user.js: extensions.alnaddyToolbar.hmpgUrl - hxxp://www.alnaddy.com/?afltid=wbpk
FF - user.js: extensions.alnaddyToolbar.dfltSrch - true
FF - user.js: extensions.alnaddyToolbar.srchPrvdr - Alnaddy
FF - user.js: extensions.alnaddyToolbar.keyWordUrl - hxxp://www.alnaddy.com/search/?q=
FF - user.js: extensions.alnaddyToolbar_i.dnsErr - true
FF - user.js: extensions.alnaddyToolbar_i.newTab - true
FF - user.js: extensions.alnaddyToolbar.newTabUrl - hxxp://www.alnaddy.com/?afltid=wbpk
FF - user.js: extensions.alnaddyToolbar.tlbrSrchUrl - hxxp://www.alnaddy.com/search/?q=
FF - user.js: extensions.alnaddyToolbar.id - 0cde32cd00000000000000ff7c5abd3d
FF - user.js: extensions.alnaddyToolbar.instlDay - 15502
FF - user.js: extensions.alnaddyToolbar.vrsn - 1.5.25.2
FF - user.js: extensions.alnaddyToolbar.vrsni - 1.5.25.2
FF - user.js: extensions.alnaddyToolbar_i.vrsnTs - 1.5.25.29:15
FF - user.js: extensions.alnaddyToolbar.prtnrId - alnaddy
FF - user.js: extensions.alnaddyToolbar.prdct - alnaddyToolbar
FF - user.js: extensions.alnaddyToolbar.aflt - wbpk
FF - user.js: extensions.alnaddyToolbar_i.smplGrp - none
FF - user.js: extensions.alnaddyToolbar.tlbrId - alnaddy1
FF - user.js: extensions.alnaddyToolbar.instlRef -
FF - user.js: extensions.alnaddyToolbar.dfltLng -
FF - user.js: extensions.alnaddyToolbar.excTlbr - false
FF - user.js: extensions.alnaddyToolbar.admin - false
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
SafeBoot-39305673.sys
AddRemove-City Racing_is1 - d:\a\City Race\unins000.exe
AddRemove-Exotic Farm_is1 - d:\a\Exotic Farm\unins000.exe
AddRemove-Freeciv-2.3.2-gtk2 - d:\a\Freeciv 2.3.2\uninstall.exe
AddRemove-Garden Defence_is1 - d:\a\Garden Defence\unins000.exe
AddRemove-Helic_is1 - d:\a\Helic\unins000.exe
AddRemove-Nitro Racers_is1 - d:\a\Nitro Racers\unins000.exe
AddRemove-Police Supercars Racing_is1 - d:\a\Police Supercars Racing\unins000.exe
AddRemove-Quadro Racing_is1 - d:\a\Quadro Racing\unins000.exe
AddRemove-Sky Track_is1 - d:\a\Sky Track\unins000.exe
AddRemove-Sudden Strike Iwo Jima_is1 - d:\a\SS Iwo Jima\unins000.exe
AddRemove-Sudden_Strike_Normandy_is1 - d:\a\SS Normandy\unins000.exe
AddRemove-Super Bikes_is1 - d:\a\Super Bikes\unins000.exe
AddRemove-Synthesia - d:\a\Synthesia\uninstall.exe
AddRemove-Travel Agency_is1 - d:\a\Travel Agency\unins000.exe
AddRemove-VDrift - d:\a\VDrift\uninstall.exe
AddRemove-YouWave - d:\drivers\A\YouWave_Android\uninstall.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Akamai]
"ServiceDll"="C:/Program Files/Common Files/Akamai/netsession_win_80c2ffa.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Akamai]
"ServiceDll"="C:/Program Files/Common Files/Akamai/netsession_win_80c2ffa.dll"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0008\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'lsass.exe'(904)
c:\program files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll
.
- - - - - - - > 'Explorer.exe'(5472)
c:\program files\WIDCOMM\Bluetooth Software\btncopy.dll
c:\program files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL
c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_eng.nlr
c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
.
------------------------ Other Running Processes ------------------------
.
c:\progra~1\AVG\AVG2012\avgrsx.exe
c:\program files\AVG\AVG2012\avgcsrvx.exe
c:\program files\IDT\WDM\STacSV.exe
c:\windows\system32\atieclxx.exe
c:\windows\system32\WLANExt.exe
c:\windows\system32\conhost.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\WIDCOMM\Bluetooth Software\btwdins.exe
d:\a\Programs\Hotspot Shield\HssWPR\hsssrv.exe
c:\windows\system32\sppsvc.exe
c:\windows\system32\taskhost.exe
c:\program files\AVG\AVG PC Tuneup\BoostSpeed.exe
c:\program files\AVG\AVG2012\avgemcx.exe
c:\windows\System32\rundll32.exe
c:\windows\system32\conhost.exe
c:\program files\WeFi\WeFi.exe
c:\program files\CyberLink\YouCam\YCMMirage.exe
.
**************************************************************************
.
Completion time: 2012-06-18 10:41:02 - machine was rebooted
ComboFix-quarantined-files.txt 2012-06-18 08:41
.
Pre-Run: 77,245,825,024 bytes free
Post-Run: 76,983,259,136 bytes free
.
- - End Of File - - 5FBA5475835735371247F1A8039026C5

Note: I have another problem, see if you can help me with it it please: I have my all my browsers start on alnaddy.com when my homepage was either facebook or google but when I click the homepage icon, it opens the homepage that I've set.
Thanks

 

[JonTom]

Hello Aelo123

Good job getting Combofix to run.

I have my all my browsers start on alnaddy.com when my homepage was either facebook or google but when I click the homepage icon, it opens the homepage that I've set

I do not understand exatly what you are asking.

Do you wish me to remove alnaddy.com from your machine?

1. Please work your way through the following steps
   
   
   • Open Notepad (Click on "Start" and then on "Run" and type notepad
   • Click on OK.
   • Notepad will open.
   • Copy the text provided in the box below and paste it into Notepad (DO NOT include the word "code"):
     
     

     @echo off
     swreg query hklm\system\currentcontrolset\services /s |(
     SED -r "/^HK|^ +ImagePath.*-k netsvcs/I!d" |(
     SED -r ":a; $!N;s/\n.*\t.*/\t/;ta;P;D" |(
     SED -r "/.*\\(.*)\t/!d; s//\1/"
     )))>Log.txt
     Start Notepad Log.txt

   • Save the text in Notepad as fix.bat, change the "Save as Type" to "All Files" and select your desktop as the save location.
   • An icon will appear on your desktop called "fix.bat".
   • Double click on the "fix.bat" icon.
   • Please post the log in your next reply.

 

[Aelo123]

Yes, I don't want the browsers to open on alnaddy.com. Here's the log:-

A4S2600
acedrv07
AcronisOSSReinstallSvc
acsvc
AeLookupSvc
Appinfo
AppMgmt
avupdsvc
BDESVC
BITS
Browser
Cam5603D
CdaC15BA
cdr4_xp
CE3
CertPropSvc
cfgwzsvc
crystalaps
ctmmfilt
dmprimer
DynDNS_Updater_Service
EapHost
eaps2kbd
entertainment
gpsvc
hfneavwv
hkmsvc
hpzid412
icraplus
IKEEXT
iphlpsvc
itmrtsvc
k750mdfl
LanmanServer
LMouKE
lpx
lxrjd31d
mfeapfk
MMCSS
MSiSCSI
mssql$microsoftsmlbiz
nhcDriverDevice
NTACCESS
nv4
orbpvr
osanbm
ossrv
pclepci
ProfSvc
qbcfmonitorservice
RasAuto
RasMan
rchost
RDID1007
RemoteAccess
RMSvc
s3savagenb
s616mgmt
Schedule
schscnt
SCPolicySvc
SE2Emdfl
se44nd5
seclogon
SENS
SessionEnv
sfman
SharedAccess
ShellHWDetection
siswlsvc
SMPLSCSI
snoopfree
SPFDRV
sp_clamsrv
ssmdrv
StreamDispatcher
symlcbrd
tb2launch
Themes
tifmsony
tme3srv
transcode360
tvald
unrealircd
UVCFTR
viaudio
vpctcom
W8100PCI
wacomvhid
wercplsupport
Winmgmt
wmdmpmsn
wuauserv
YahooAUService
YMIDUSB
zppinger
_iomega_active_disk_service_

 

[JonTom]

Hello Aelo123

Thank you for the log.

Yes, I don't want the browsers to open on alnaddy.com

We can take care of that as part of our fix in due course.

Right now I need a little more information.

1. Download and run OTL by Oldtimer
   
   
   • Please download OTL by Oldtimer by clicking here and save the file (called OTL.exe) to your desktop.
   • Close all open windows on your computer then Right click on the OTL.exe icon and select "Run as Administrator" to run the program.
   • Check the boxes beside "LOP Check" and "Purity Check".
   • Under Custom Scan paste this in:
   
   
   msconfig
   safebootminimal
   activex
   drivers32
   netsvcs /all
   "%WinDir%\$NtUninstallKB*$." /30
   C:\Program Files\Common Files\ComObjects\*.* /s
   %systemroot%\*. /mp /s
   %systemroot%\*. /rp /s
   %systemroot%\system32\*.dll /lockedfiles
   %systemroot%\Tasks\*.job /lockedfiles
   %systemroot%\system32\drivers\*.sys /lockedfiles
   %systemroot%\System32\config\*.sav
   %systemroot%\system32\drivers\*.sys /90
   %SYSTEMDRIVE%\*.exe
   /md5start
   volsnap.sys
   atapi.sys
   explorer.exe
   services.*
   winlogon.exe
   wininit.exe
   tdx.sys
   /md5stop
   hklm\software\clients\startmenuinternet|command /rs
   hklm\software\clients\startmenuinternet|command /64 /rs
   
   
   • Click the "Run Scan" button. Do not change any settings unless specifically told to do so. The scan will not take long.
   • When the scan completes, it will open two notepad windows: OTL.Txt and Extras.Txt.
   • Note: These logs can be located in the OTL. folder on you C:\ drive if they fail to open automatically.
   • Please Copy and Paste the contents of both files in your next reply. You may need two posts to fit them both in.

 

[Aelo123]

I attached it:
View attachment 9610

 

[JonTom]

Hello Aelo123

We need to use Combofix again but this time, we will be running it in a slightly different way.

Take your time with the steps described below. If you have any questions, please ask before doing anything.

1. Please work through the following steps
   
   
   • Hold down the Windows key (has the Windows symbol on it) and press the "R" key. A Run box will open. Type in Notepad and press Enter then click on "OK").
     
   • NOTE: Do not Use Wordpad or any other text editor except Notepad or the script will fail.
     
   • Copy and Paste the text in the quotebox below into the open Notepad window:
     
     

     RegLock::
     [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
     [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
     [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
     [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
     [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
     [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
     [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
     [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
     [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0008\AllUserSettings]
     
     Folder::
     c:\program files\BabylonToolbar
     c:\users\hp\AppData\Roaming\Babylon
     c:\programdata\Babylon
     c:\program files\Alnaddy.com
     
     DDS::
     uStart Page = hxxp://www.alnaddy.com/?afltid=wbpk
     uInternet Settings,ProxyOverride = <local>
     
     Firefox::
     FF - ProfilePath - c:\users\hp\AppData\Roaming\Mozilla\Firefox\Profiles\xhny2dox.default\
     FF - prefs.js: browser.search.selectedEngine - Alnaddy
     FF - prefs.js: browser.startup.homepage - hxxp://www.alnaddy.com/?afltid=wbpk
     FF - prefs.js: keyword.URL - hxxp://www.alnaddy.com/search/?q=
     FF - prefs.js: network.proxy.type - 0
     FF - user.js: extensions.alnaddyToolbar.autoRvrt - false
     FF - user.js: extensions.alnaddyToolbar_i.hmpg - true
     FF - user.js: extensions.alnaddyToolbar.hmpgUrl - hxxp://www.alnaddy.com/?afltid=wbpk
     FF - user.js: extensions.alnaddyToolbar.dfltSrch - true
     FF - user.js: extensions.alnaddyToolbar.srchPrvdr - Alnaddy
     FF - user.js: extensions.alnaddyToolbar.keyWordUrl - hxxp://www.alnaddy.com/search/?q=
     FF - user.js: extensions.alnaddyToolbar_i.dnsErr - true
     FF - user.js: extensions.alnaddyToolbar_i.newTab - true
     FF - user.js: extensions.alnaddyToolbar.newTabUrl - hxxp://www.alnaddy.com/?afltid=wbpk
     FF - user.js: extensions.alnaddyToolbar.tlbrSrchUrl - hxxp://www.alnaddy.com/search/?q=
     FF - user.js: extensions.alnaddyToolbar.id - 0cde32cd00000000000000ff7c5abd3d
     FF - user.js: extensions.alnaddyToolbar.instlDay - 15502
     FF - user.js: extensions.alnaddyToolbar.vrsn - 1.5.25.2
     FF - user.js: extensions.alnaddyToolbar.vrsni - 1.5.25.2
     FF - user.js: extensions.alnaddyToolbar_i.vrsnTs - 1.5.25.29:15
     FF - user.js: extensions.alnaddyToolbar.prtnrId - alnaddy
     FF - user.js: extensions.alnaddyToolbar.prdct - alnaddyToolbar
     FF - user.js: extensions.alnaddyToolbar.aflt - wbpk
     FF - user.js: extensions.alnaddyToolbar_i.smplGrp - none
     FF - user.js: extensions.alnaddyToolbar.tlbrId - alnaddy1
     FF - user.js: extensions.alnaddyToolbar.instlRef - 
     FF - user.js: extensions.alnaddyToolbar.dfltLng - 
     FF - user.js: extensions.alnaddyToolbar.excTlbr - false
     FF - user.js: extensions.alnaddyToolbar.admin - false
     
     Registry::
     [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost]
     "netsvcs"=-
     "netsvcs"=hex(7):41,00,65,00,4c,00,6f,00,6f,00,6b,00,75,00,70,00,53,00,76,00,\
       63,00,00,00,43,00,65,00,72,00,74,00,50,00,72,00,6f,00,70,00,53,00,76,00,63,\
       00,00,00,53,00,43,00,50,00,6f,00,6c,00,69,00,63,00,79,00,53,00,76,00,63,00,\
       00,00,6c,00,61,00,6e,00,6d,00,61,00,6e,00,73,00,65,00,72,00,76,00,65,00,72,\
       00,00,00,67,00,70,00,73,00,76,00,63,00,00,00,49,00,4b,00,45,00,45,00,58,00,\
       54,00,00,00,41,00,75,00,64,00,69,00,6f,00,53,00,72,00,76,00,00,00,46,00,61,\
       00,73,00,74,00,55,00,73,00,65,00,72,00,53,00,77,00,69,00,74,00,63,00,68,00,\
       69,00,6e,00,67,00,43,00,6f,00,6d,00,70,00,61,00,74,00,69,00,62,00,69,00,6c,\
       00,69,00,74,00,79,00,00,00,49,00,61,00,73,00,00,00,49,00,72,00,6d,00,6f,00,\
       6e,00,00,00,4e,00,6c,00,61,00,00,00,4e,00,74,00,6d,00,73,00,73,00,76,00,63,\
       00,00,00,4e,00,57,00,43,00,57,00,6f,00,72,00,6b,00,73,00,74,00,61,00,74,00,\
       69,00,6f,00,6e,00,00,00,4e,00,77,00,73,00,61,00,70,00,61,00,67,00,65,00,6e,\
       00,74,00,00,00,52,00,61,00,73,00,61,00,75,00,74,00,6f,00,00,00,52,00,61,00,\
       73,00,6d,00,61,00,6e,00,00,00,52,00,65,00,6d,00,6f,00,74,00,65,00,61,00,63,\
       00,63,00,65,00,73,00,73,00,00,00,53,00,45,00,4e,00,53,00,00,00,53,00,68,00,\
       61,00,72,00,65,00,64,00,61,00,63,00,63,00,65,00,73,00,73,00,00,00,53,00,52,\
       00,53,00,65,00,72,00,76,00,69,00,63,00,65,00,00,00,54,00,61,00,70,00,69,00,\
       73,00,72,00,76,00,00,00,57,00,6d,00,69,00,00,00,57,00,6d,00,64,00,6d,00,50,\
       00,6d,00,53,00,70,00,00,00,54,00,65,00,72,00,6d,00,53,00,65,00,72,00,76,00,\
       69,00,63,00,65,00,00,00,77,00,75,00,61,00,75,00,73,00,65,00,72,00,76,00,00,\
       00,42,00,49,00,54,00,53,00,00,00,53,00,68,00,65,00,6c,00,6c,00,48,00,57,00,\
       44,00,65,00,74,00,65,00,63,00,74,00,69,00,6f,00,6e,00,00,00,4c,00,6f,00,67,\
       00,6f,00,6e,00,48,00,6f,00,75,00,72,00,73,00,00,00,50,00,43,00,41,00,75,00,\
       64,00,69,00,74,00,00,00,68,00,65,00,6c,00,70,00,73,00,76,00,63,00,00,00,75,\
       00,70,00,6c,00,6f,00,61,00,64,00,6d,00,67,00,72,00,00,00,69,00,70,00,68,00,\
       6c,00,70,00,73,00,76,00,63,00,00,00,73,00,65,00,63,00,6c,00,6f,00,67,00,6f,\
       00,6e,00,00,00,41,00,70,00,70,00,49,00,6e,00,66,00,6f,00,00,00,6d,00,73,00,\
       69,00,73,00,63,00,73,00,69,00,00,00,4d,00,4d,00,43,00,53,00,53,00,00,00,77,\
       00,65,00,72,00,63,00,70,00,6c,00,73,00,75,00,70,00,70,00,6f,00,72,00,74,00,\
       00,00,45,00,61,00,70,00,48,00,6f,00,73,00,74,00,00,00,50,00,72,00,6f,00,66,\
       00,53,00,76,00,63,00,00,00,73,00,63,00,68,00,65,00,64,00,75,00,6c,00,65,00,\
       00,00,68,00,6b,00,6d,00,73,00,76,00,63,00,00,00,53,00,65,00,73,00,73,00,69,\
       00,6f,00,6e,00,45,00,6e,00,76,00,00,00,77,00,69,00,6e,00,6d,00,67,00,6d,00,\
       74,00,00,00,62,00,72,00,6f,00,77,00,73,00,65,00,72,00,00,00,54,00,68,00,65,\
       00,6d,00,65,00,73,00,00,00,42,00,44,00,45,00,53,00,56,00,43,00,00,00,41,00,\
       70,00,70,00,4d,00,67,00,6d,00,74,00,00,00,00,00
     
     [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{55928DD2-8878-4275-AAB3-B3A09A67A1EB}]
     
     [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
     "{CD3AED25-23AB-4543-B915-159449C37197}"=-
     
     Driver::
     zppinger
     YMIDUSB
     YahooAUService
     wmdmpmsn
     wacomvhid
     W8100PCI
     vpctcom
     viaudio
     UVCFTR
     unrealircd
     tvald
     transcode360
     tme3srv
     tifmsony
     tb2launch
     symlcbrd
     StreamDispatcher
     ssmdrv
     SPFDRV
     sp_clamsrv
     snoopfree
     SMPLSCSI
     siswlsvc
     sfman
     se44nd5
     SE2Emdfl
     schscnt
     s616mgmt
     s3savagenb
     RMSvc
     RDID1007
     rchost
     qbcfmonitorservice
     pclepci
     ossrv
     osanbm
     orbpvr
     nv4
     NTACCESS
     nhcDriverDevice
     mssql$microsoftsmlbiz
     mfeapfk
     lxrjd31d
     lpx
     LMouKE
     k750mdfl
     itmrtsvc
     icraplus
     hpzid412
     hfneavwv
     Sentertainment
     eaps2kbd
     DynDNS_Updater_Service
     dmprimer
     ctmmfilt
     crystalaps
     cfgwzsvc
     CE3
     cdr4_xp
     CdaC15BA
     Cam5603D
     avupdsvc
     acsvc
     AcronisOSSReinstallSvc
     acedrv07
     A4S2600
     _iomega_active_disk_service_

     
     
   • Save this as "CFScript.txt" (including the quotation marks), change the "Save as type" to "All Files" and save it to your desktop.
     
   • Close any open browsers.
     
   • Disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
     
   • Refering to the picture below, drag CFScript.txt into ComboFix.exe
     
     
     
     
     
     
     
   • When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.
     
   • Once the log is produced, re-engage your resident anti virus.
   
   
   Please post the Combofix log in your next reply.

 

[Aelo123]

Please help me restore my device! I did as you told me, combofix told me it had to update, all programs where closed except one. The computer reeboot and told me preparing your desktop then the file C:\Windows\system32\config\...desktop.*** wasnot found. I clicked
ok to find my desktop black with no icons but the recyclebin and all start up programs not running. I tried rebooting several times but it didn't work. Please help me.

 

[Aelo123]

FALSE ALARM
I tried running windows restore but the computer wouldn't run any installed .exe file. I held down the power button until my computer shut and I start it again, the machine said windows wasn't able to start and it ran the startup fix, it offered to restore the computer and it restart as normal. So what to do? Should I try again?

 

[JonTom]

Hello Aelo123

So what to do? Should I try again?

Not right now. Please re-scan with OTL as you did before, except this time, paste the following under "Custom scan":


netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
nvrd32.sys
symmpi.sys
adp3132.sys
/md5stop
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\drivers\*.sys /90
CREATERESTOREPOINT


Post the OTL log in your next reply.

 

[Aelo123]

Logs attached: View attachment 9618

 

[JonTom]

Hello Aelo123

Thank you for the log.

Lets stick with OTL for the moment and proceed as follows:

1. Please open OTL
   
   
   • Copy and paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL.
     
     

     :OTL
     PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
     IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.alnaddy.com/?afltid=wbpk
     IE - HKCU\..\SearchScopes,DefaultScope = {21087D8A-7075-41CF-86F0-12F73EE04367}
     IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/?q={searchTerms}&affID=112477&babsrc=SP_ss&mntrId=0cde32cd00000000000000ff7c5abd3d
     IE - HKCU\..\SearchScopes\{21087D8A-7075-41CF-86F0-12F73EE04367}: "URL" = http://www.alnaddy.com/search/?q={searchTerms}&r=116
     IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
     IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
     FF - prefs.js..browser.search.selectedEngine: "Alnaddy"
     FF - prefs.js..browser.startup.homepage: "http://www.alnaddy.com/?afltid=wbpk"
     FF - prefs.js..keyword.URL: "http://www.alnaddy.com/search/?q="
     [2012-06-11 09:15:11 | 000,001,389 | ---- | M] () -- C:\Users\hp\AppData\Roaming\Mozilla\Firefox\Profiles\xhny2dox.default\searchplugins\alnaddyToolbar.xml
     O2 - BHO: (Codecv Class) - {1D8F1BBE-C6FA-6CDF-A687-DC47DA301414} - C:\ProgramData\Codecv\bhoclass.dll ()
     O2 - BHO: (Babylon toolbar helper) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll (Babylon BHO)
     O2 - BHO: (Alnaddy.com Helper Object) - {55928DD2-8878-4275-AAB3-B3A09A67A1EB} - C:\Program Files\Alnaddy.com\alnaddyToolbar\1.5.25.2\bh\alnaddyToolbar.dll (Alnaddy.com)
     O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll (Babylon Ltd.)
     O3 - HKLM\..\Toolbar: (Alnaddy.com Toolbar) - {CD3AED25-23AB-4543-B915-159449C37197} - C:\Program Files\Alnaddy.com\alnaddyToolbar\1.5.25.2\alnaddyToolbarTlbr.dll (Alnaddy.com)
     O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
     O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
     @Alternate Data Stream - 145 bytes -> C:\ProgramData\Temp:0B4227B4
     @Alternate Data Stream - 133 bytes -> C:\ProgramData\Temp:0B4227B4
     
     :Services
     zppinger
     YMIDUSB
     YahooAUService
     wmdmpmsn
     wacomvhid
     W8100PCI
     vpctcom
     viaudio
     UVCFTR
     unrealircd
     tvald
     transcode360
     tme3srv
     tifmsony
     tb2launch
     symlcbrd
     StreamDispatcher
     ssmdrv
     SPFDRV
     sp_clamsrv
     snoopfree
     SMPLSCSI
     siswlsvc
     sfman
     se44nd5
     SE2Emdfl
     schscnt
     s616mgmt
     s3savagenb
     RMSvc
     RDID1007
     rchost
     qbcfmonitorservice
     pclepci
     ossrv
     osanbm
     orbpvr
     nv4
     NTACCESS
     nhcDriverDevice
     mssql$microsoftsmlbiz
     mfeapfk
     lxrjd31d
     lpx
     LMouKE
     k750mdfl
     itmrtsvc
     icraplus
     hpzid412
     hfneavwv
     Sentertainment
     eaps2kbd
     DynDNS_Updater_Service
     dmprimer
     ctmmfilt
     crystalaps
     cfgwzsvc
     CE3
     cdr4_xp
     CdaC15BA
     Cam5603D
     avupdsvc
     acsvc
     AcronisOSSReinstallSvc
     acedrv07
     A4S2600
     _iomega_active_disk_service_
     
     :Reg
     [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost]
     "netsvcs"=-
     "netsvcs"=hex(7):41,00,65,00,4c,00,6f,00,6f,00,6b,00,75,00,70,00,53,00,76,00,\
       63,00,00,00,43,00,65,00,72,00,74,00,50,00,72,00,6f,00,70,00,53,00,76,00,63,\
       00,00,00,53,00,43,00,50,00,6f,00,6c,00,69,00,63,00,79,00,53,00,76,00,63,00,\
       00,00,6c,00,61,00,6e,00,6d,00,61,00,6e,00,73,00,65,00,72,00,76,00,65,00,72,\
       00,00,00,67,00,70,00,73,00,76,00,63,00,00,00,49,00,4b,00,45,00,45,00,58,00,\
       54,00,00,00,41,00,75,00,64,00,69,00,6f,00,53,00,72,00,76,00,00,00,46,00,61,\
       00,73,00,74,00,55,00,73,00,65,00,72,00,53,00,77,00,69,00,74,00,63,00,68,00,\
       69,00,6e,00,67,00,43,00,6f,00,6d,00,70,00,61,00,74,00,69,00,62,00,69,00,6c,\
       00,69,00,74,00,79,00,00,00,49,00,61,00,73,00,00,00,49,00,72,00,6d,00,6f,00,\
       6e,00,00,00,4e,00,6c,00,61,00,00,00,4e,00,74,00,6d,00,73,00,73,00,76,00,63,\
       00,00,00,4e,00,57,00,43,00,57,00,6f,00,72,00,6b,00,73,00,74,00,61,00,74,00,\
       69,00,6f,00,6e,00,00,00,4e,00,77,00,73,00,61,00,70,00,61,00,67,00,65,00,6e,\
       00,74,00,00,00,52,00,61,00,73,00,61,00,75,00,74,00,6f,00,00,00,52,00,61,00,\
       73,00,6d,00,61,00,6e,00,00,00,52,00,65,00,6d,00,6f,00,74,00,65,00,61,00,63,\
       00,63,00,65,00,73,00,73,00,00,00,53,00,45,00,4e,00,53,00,00,00,53,00,68,00,\
       61,00,72,00,65,00,64,00,61,00,63,00,63,00,65,00,73,00,73,00,00,00,53,00,52,\
       00,53,00,65,00,72,00,76,00,69,00,63,00,65,00,00,00,54,00,61,00,70,00,69,00,\
       73,00,72,00,76,00,00,00,57,00,6d,00,69,00,00,00,57,00,6d,00,64,00,6d,00,50,\
       00,6d,00,53,00,70,00,00,00,54,00,65,00,72,00,6d,00,53,00,65,00,72,00,76,00,\
       69,00,63,00,65,00,00,00,77,00,75,00,61,00,75,00,73,00,65,00,72,00,76,00,00,\
       00,42,00,49,00,54,00,53,00,00,00,53,00,68,00,65,00,6c,00,6c,00,48,00,57,00,\
       44,00,65,00,74,00,65,00,63,00,74,00,69,00,6f,00,6e,00,00,00,4c,00,6f,00,67,\
       00,6f,00,6e,00,48,00,6f,00,75,00,72,00,73,00,00,00,50,00,43,00,41,00,75,00,\
       64,00,69,00,74,00,00,00,68,00,65,00,6c,00,70,00,73,00,76,00,63,00,00,00,75,\
       00,70,00,6c,00,6f,00,61,00,64,00,6d,00,67,00,72,00,00,00,69,00,70,00,68,00,\
       6c,00,70,00,73,00,76,00,63,00,00,00,73,00,65,00,63,00,6c,00,6f,00,67,00,6f,\
       00,6e,00,00,00,41,00,70,00,70,00,49,00,6e,00,66,00,6f,00,00,00,6d,00,73,00,\
       69,00,73,00,63,00,73,00,69,00,00,00,4d,00,4d,00,43,00,53,00,53,00,00,00,77,\
       00,65,00,72,00,63,00,70,00,6c,00,73,00,75,00,70,00,70,00,6f,00,72,00,74,00,\
       00,00,45,00,61,00,70,00,48,00,6f,00,73,00,74,00,00,00,50,00,72,00,6f,00,66,\
       00,53,00,76,00,63,00,00,00,73,00,63,00,68,00,65,00,64,00,75,00,6c,00,65,00,\
       00,00,68,00,6b,00,6d,00,73,00,76,00,63,00,00,00,53,00,65,00,73,00,73,00,69,\
       00,6f,00,6e,00,45,00,6e,00,76,00,00,00,77,00,69,00,6e,00,6d,00,67,00,6d,00,\
       74,00,00,00,62,00,72,00,6f,00,77,00,73,00,65,00,72,00,00,00,54,00,68,00,65,\
       00,6d,00,65,00,73,00,00,00,42,00,44,00,45,00,53,00,56,00,43,00,00,00,41,00,\
       70,00,70,00,4d,00,67,00,6d,00,74,00,00,00,00,00
     
     :Files
     C:\Program Files\Alnaddy.com
     C:\Program Files\BabylonToolbar
     C:\ProgramData\Codecv
     c:\users\hp\AppData\Roaming\Babylon
     c:\programdata\Babylon
     
     :Commands
     [purity]
     [emptytemp]
     [emptyflash]
     [start explorer]
     [Reboot]

   • Once you have pasted the information into the Custom Scans/Fixes box, click the "Run Fix" button at the top.
   • Allow the program to run unhindered.
   • Your machine will re-start itself. This is normal.
   • A log will be created after your machine reboots. Please post the contents of the log in your next reply.

 

[Aelo123]

Thank you

Thank you very much for your help, however it worked for firefox and Iexplorer but not for chrome. Will re installing solve the problem? Here are the log:-


All processes killed
========== OTL ==========
No active process named explorer.exe was found!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{21087D8A-7075-41CF-86F0-12F73EE04367}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{21087D8A-7075-41CF-86F0-12F73EE04367}\ not found.
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
Prefs.js: "Alnaddy" removed from browser.search.selectedEngine
Prefs.js: "http://www.alnaddy.com/?afltid=wbpk" removed from browser.startup.homepage
Prefs.js: "http://www.alnaddy.com/search/?q=" removed from keyword.URL
C:\Users\hp\AppData\Roaming\Mozilla\Firefox\Profiles\xhny2dox.default\searchplugins\alnaddyToolbar.xml moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1D8F1BBE-C6FA-6CDF-A687-DC47DA301414}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1D8F1BBE-C6FA-6CDF-A687-DC47DA301414}\ deleted successfully.
C:\ProgramData\Codecv\bhoclass.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2EECD738-5844-4a99-B4B6-146BF802613B}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2EECD738-5844-4a99-B4B6-146BF802613B}\ deleted successfully.
C:\Program Files\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{55928DD2-8878-4275-AAB3-B3A09A67A1EB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{55928DD2-8878-4275-AAB3-B3A09A67A1EB}\ deleted successfully.
C:\Program Files\Alnaddy.com\alnaddyToolbar\1.5.25.2\bh\alnaddyToolbar.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{98889811-442D-49dd-99D7-DC866BE87DBC} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{98889811-442D-49dd-99D7-DC866BE87DBC}\ deleted successfully.
C:\Program Files\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{CD3AED25-23AB-4543-B915-159449C37197} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CD3AED25-23AB-4543-B915-159449C37197}\ deleted successfully.
C:\Program Files\Alnaddy.com\alnaddyToolbar\1.5.25.2\alnaddyToolbarTlbr.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Restrictions\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel\ deleted successfully.
ADS C:\ProgramData\Temp:0B4227B4 deleted successfully.
Unable to delete ADS C:\ProgramData\Temp:0B4227B4 .
========== SERVICES/DRIVERS ==========
Service zppinger stopped successfully!
Service zppinger deleted successfully!
Service YMIDUSB stopped successfully!
Service YMIDUSB deleted successfully!
Service YahooAUService stopped successfully!
Service YahooAUService deleted successfully!
Service wmdmpmsn stopped successfully!
Service wmdmpmsn deleted successfully!
Service wacomvhid stopped successfully!
Service wacomvhid deleted successfully!
Service W8100PCI stopped successfully!
Service W8100PCI deleted successfully!
Service vpctcom stopped successfully!
Service vpctcom deleted successfully!
Service viaudio stopped successfully!
Service viaudio deleted successfully!
Service UVCFTR stopped successfully!
Service UVCFTR deleted successfully!
Service unrealircd stopped successfully!
Service unrealircd deleted successfully!
Service tvald stopped successfully!
Service tvald deleted successfully!
Service transcode360 stopped successfully!
Service transcode360 deleted successfully!
Service tme3srv stopped successfully!
Service tme3srv deleted successfully!
Service tifmsony stopped successfully!
Service tifmsony deleted successfully!
Service tb2launch stopped successfully!
Service tb2launch deleted successfully!
Service symlcbrd stopped successfully!
Service symlcbrd deleted successfully!
Service StreamDispatcher stopped successfully!
Service StreamDispatcher deleted successfully!
Service ssmdrv stopped successfully!
Service ssmdrv deleted successfully!
Service SPFDRV stopped successfully!
Service SPFDRV deleted successfully!
Service sp_clamsrv stopped successfully!
Service sp_clamsrv deleted successfully!
Service snoopfree stopped successfully!
Service snoopfree deleted successfully!
Service SMPLSCSI stopped successfully!
Service SMPLSCSI deleted successfully!
Service siswlsvc stopped successfully!
Service siswlsvc deleted successfully!
Service sfman stopped successfully!
Service sfman deleted successfully!
Service se44nd5 stopped successfully!
Service se44nd5 deleted successfully!
Service SE2Emdfl stopped successfully!
Service SE2Emdfl deleted successfully!
Service schscnt stopped successfully!
Service schscnt deleted successfully!
Service s616mgmt stopped successfully!
Service s616mgmt deleted successfully!
Service s3savagenb stopped successfully!
Service s3savagenb deleted successfully!
Service RMSvc stopped successfully!
Service RMSvc deleted successfully!
Service RDID1007 stopped successfully!
Service RDID1007 deleted successfully!
Service rchost stopped successfully!
Service rchost deleted successfully!
Service qbcfmonitorservice stopped successfully!
Service qbcfmonitorservice deleted successfully!
Service pclepci stopped successfully!
Service pclepci deleted successfully!
Service ossrv stopped successfully!
Service ossrv deleted successfully!
Service osanbm stopped successfully!
Service osanbm deleted successfully!
Service orbpvr stopped successfully!
Service orbpvr deleted successfully!
Service nv4 stopped successfully!
Service nv4 deleted successfully!
Service NTACCESS stopped successfully!
Service NTACCESS deleted successfully!
Service nhcDriverDevice stopped successfully!
Service nhcDriverDevice deleted successfully!
Service mssql$microsoftsmlbiz stopped successfully!
Service mssql$microsoftsmlbiz deleted successfully!
Service mfeapfk stopped successfully!
Service mfeapfk deleted successfully!
Service lxrjd31d stopped successfully!
Service lxrjd31d deleted successfully!
Service lpx stopped successfully!
Service lpx deleted successfully!
Service LMouKE stopped successfully!
Service LMouKE deleted successfully!
Service k750mdfl stopped successfully!
Service k750mdfl deleted successfully!
Service itmrtsvc stopped successfully!
Service itmrtsvc deleted successfully!
Service icraplus stopped successfully!
Service icraplus deleted successfully!
Service hpzid412 stopped successfully!
Service hpzid412 deleted successfully!
Service hfneavwv stopped successfully!
Service hfneavwv deleted successfully!
Error: No service named Sentertainment was found to stop!
Service\Driver key Sentertainment not found.
Service eaps2kbd stopped successfully!
Service eaps2kbd deleted successfully!
Service DynDNS_Updater_Service stopped successfully!
Service DynDNS_Updater_Service deleted successfully!
Service dmprimer stopped successfully!
Service dmprimer deleted successfully!
Service ctmmfilt stopped successfully!
Service ctmmfilt deleted successfully!
Service crystalaps stopped successfully!
Service crystalaps deleted successfully!
Service cfgwzsvc stopped successfully!
Service cfgwzsvc deleted successfully!
Service CE3 stopped successfully!
Service CE3 deleted successfully!
Service cdr4_xp stopped successfully!
Service cdr4_xp deleted successfully!
Service CdaC15BA stopped successfully!
Service CdaC15BA deleted successfully!
Service Cam5603D stopped successfully!
Service Cam5603D deleted successfully!
Service avupdsvc stopped successfully!
Service avupdsvc deleted successfully!
Service acsvc stopped successfully!
Service acsvc deleted successfully!
Service AcronisOSSReinstallSvc stopped successfully!
Service AcronisOSSReinstallSvc deleted successfully!
Service acedrv07 stopped successfully!
Service acedrv07 deleted successfully!
Service A4S2600 stopped successfully!
Service A4S2600 deleted successfully!
Service _iomega_active_disk_service_ stopped successfully!
Service _iomega_active_disk_service_ deleted successfully!
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost\\netsvcs deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost\\"netsvcs"|hex(7):41,00,65,00,4c,00,6f,00,6f,00,6b,00,75,00,70,00,53,00,76,00,63,00,00,00,43,00,65,00,72,00,74,00,50,00,72,00,6f,00,70,00,53,00,76,00,63,00,00,00,53,00,43,00,50,00,6f,00,6c,00,69,00,63,00,79,00,53,00,76,00,63,00,00,00,6c,00,61,00,6e,00,6d,00,61,00,6e,00,73,00,65,00,72,00,76,00,65,00,72,00,00,00,67,00,70,00,73,00,76,00,63,00,00,00,49,00,4b,00,45,00,45,00,58,00,54,00,00,00,41,00,75,00,64,00,69,00,6f,00,53,00,72,00,76,00,00,00,46,00,61,00,73,00,74,00,55,00,73,00,65,00,72,00,53,00,77,00,69,00,74,00,63,00,68,00,69,00,6e,00,67,00,43,00,6f,00,6d,00,70,00,61,00,74,00,69,00,62,00,69,00,6c,00,69,00,74,00,79,00,00,00,49,00,61,00,73,00,00,00,49,00,72,00,6d,00,6f,00,6e,00,00,00,4e,00,6c,00,61,00,00,00,4e,00,74,00,6d,00,73,00,73,00,76,00,63,00,00,00,4e,00,57,00,43,00,57,00,6f,00,72,00,6b,00,73,00,74,00,61,00,74,00,69,00,6f,00,6e,00,00,00,4e,00,77,00,73,00,61,00,70,00,61,00,67,00,65,00,6e,00,74,00,00,00,52,00,61,00,73,00,61,00,75,00,74,00,6f,00,00,00,52,00,61,00,73,00,6d,00,61,00,6e,00,00,00,52,00,65,00,6d,00,6f,00,74,00,65,00,61,00,63,00,63,00,65,00,73,00,73,00,00,00,53,00,45,00,4e,00,53,00,00,00,53,00,68,00,61,00,72,00,65,00,64,00,61,00,63,00,63,00,65,00,73,00,73,00,00,00,53,00,52,00,53,00,65,00,72,00,76,00,69,00,63,00,65,00,00,00,54,00,61,00,70,00,69,00,73,00,72,00,76,00,00,00,57,00,6d,00,69,00,00,00,57,00,6d,00,64,00,6d,00,50,00,6d,00,53,00,70,00,00,00,54,00,65,00,72,00,6d,00,53,00,65,00,72,00,76,00,69,00,63,00,65,00,00,00,77,00,75,00,61,00,75,00,73,00,65,00,72,00,76,00,00,00,42,00,49,00,54,00,53,00,00,00,53,00,68,00,65,00,6c,00,6c,00,48,00,57,00,44,00,65,00,74,00,65,00,63,00,74,00,69,00,6f,00,6e,00,00,00,4c,00,6f,00,67,00,6f,00,6e,00,48,00,6f,00,75,00,72,00,73,00,00,00,50,00,43,00,41,00,75,00,64,00,69,00,74,00,00,00,68,00,65,00,6c,00,70,00,73,00,76,00,63,00,00,00,75,00,70,00,6c,00,6f,00,61,00,64,00,6d,00,67,00,72,00,00,00,69,00,70,00,68,00,6c,00,70,00,73,00,76,00,63,00,00,00,73,00,65,00,63,00,6c,00,6f,00,67,00,6f,00,6e,00,00,00,41,00,70,00,70,00,49,00,6e,00,66,00,6f,00,00,00,6d,00,73,00,69,00,73,00,63,00,73,00,69,00,00,00,4d,00,4d,00,43,00,53,00,53,00,00,00,77,00,65,00,72,00,63,00,70,00,6c,00,73,00,75,00,70,00,70,00,6f,00,72,00,74,00,00,00,45,00,61,00,70,00,48,00,6f,00,73,00,74,00,00,00,50,00,72,00,6f,00,66,00,53,00,76,00,63,00,00,00,73,00,63,00,68,00,65,00,64,00,75,00,6c,00,65,00,00,00,68,00,6b,00,6d,00,73,00,76,00,63,00,00,00,53,00,65,00,73,00,73,00,69,00,6f,00,6e,00,45,00,6e,00,76,00,00,00,77,00,69,00,6e,00,6d,00,67,00,6d,00,74,00,00,00,62,00,72,00,6f,00,77,00,73,00,65,00,72,00,00,00,54,00,68,00,65,00,6d,00,65,00,73,00,00,00,42,00,44,00,45,00,53,00,56,00,43,00,00,00,41,00,70,00,70,00,4d,00,67,00,6d,00,74,00,00,00,00,00 /E : value set successfully!
========== FILES ==========
C:\Program Files\Alnaddy.com\alnaddyToolbar\1.5.25.2\bh folder moved successfully.
C:\Program Files\Alnaddy.com\alnaddyToolbar\1.5.25.2 folder moved successfully.
C:\Program Files\Alnaddy.com\alnaddyToolbar folder moved successfully.
C:\Program Files\Alnaddy.com folder moved successfully.
C:\Program Files\BabylonToolbar\BabylonToolbar\1.5.3.17\bh folder moved successfully.
C:\Program Files\BabylonToolbar\BabylonToolbar\1.5.3.17 folder moved successfully.
C:\Program Files\BabylonToolbar\BabylonToolbar folder moved successfully.
C:\Program Files\BabylonToolbar folder moved successfully.
C:\ProgramData\Codecv\data folder moved successfully.
C:\ProgramData\Codecv folder moved successfully.
File\Folder c:\users\hp\AppData\Roaming\Babylon not found.
File\Folder c:\programdata\Babylon not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: hp
->Temp folder emptied: 9498752 bytes
->Temporary Internet Files folder emptied: 23761024 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 330139122 bytes
->Google Chrome cache emptied: 370179772 bytes
->Flash cache emptied: 18643 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 331611 bytes
RecycleBin emptied: 246 bytes

Total Files Cleaned = 700.00 mb


[EMPTYFLASH]

User: All Users

User: Default

User: Default User

User: hp
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.50.0 log created on 06222012_010007

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

 

[JonTom]

Hello Aelo123

Thank you for the log.

Thank you very much for your help, however it worked for firefox and Iexplorer but not for chrome. Will re installing solve the problem?

Hold off from doing anything with Chrome for the moment. We still have a fair bit of work to do so lets continue with the following for now:

Please run Combofix exactly as you did the very first time (page 1, post number 4). If you are informed that there is an update available for Combofix please allow it to be installed.

Once Combofix has completed its run, re-scan with OTL as you did before and post both logs in your next reply.

 

[Aelo123]

Here's the log:-

ComboFix 12-06-21.03 - hp 22-Jun-12 15:36:13.3.4 - x86
Microsoft Windows 7 Professional 6.1.7600.0.1252.1.1033.18.2510.1563 [GMT 2:00]
Running from: c:\users\hp\Desktop\ComboFix.exe
Command switches used :: c:\users\hp\Desktop\CFScript.txt
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\iun6002.exe
.
---- Previous Run -------
.
c:\program files\Alnaddy.com
c:\program files\Alnaddy.com\alnaddyToolbar\1.5.25.2\alnaddyToolbar.crx
c:\program files\Alnaddy.com\alnaddyToolbar\1.5.25.2\alnaddyToolbarApp.dll
c:\program files\Alnaddy.com\alnaddyToolbar\1.5.25.2\alnaddyToolbarEng.dll
c:\program files\Alnaddy.com\alnaddyToolbar\1.5.25.2\alnaddyToolbarsrv.exe
c:\program files\Alnaddy.com\alnaddyToolbar\1.5.25.2\alnaddyToolbarTlbr.dll
c:\program files\Alnaddy.com\alnaddyToolbar\1.5.25.2\bh\alnaddyToolbar.dll
c:\program files\Alnaddy.com\alnaddyToolbar\1.5.25.2\escortShld.dll
c:\program files\Alnaddy.com\alnaddyToolbar\1.5.25.2\uninstall.exe
c:\program files\BabylonToolbar
c:\program files\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarApp.dll
c:\program files\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarEng.dll
c:\program files\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarsrv.exe
c:\program files\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll
c:\program files\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll
c:\program files\BabylonToolbar\BabylonToolbar\1.5.3.17\uninstall.exe
c:\program files\BabylonToolbar\BabylonToolbar\BabylonTB.xpi
c:\programdata\Babylon
c:\users\hp\AppData\Roaming\Babylon
c:\users\hp\AppData\Roaming\Babylon\log_file.txt
c:\windows\iun6002.exe
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service__iomega_active_disk_service_
-------\Service_A4S2600
-------\Service_acedrv07
-------\Service_AcronisOSSReinstallSvc
-------\Service_acsvc
-------\Service_avupdsvc
-------\Service_Cam5603D
-------\Service_CdaC15BA
-------\Service_cdr4_xp
-------\Service_CE3
-------\Service_cfgwzsvc
-------\Service_crystalaps
-------\Service_ctmmfilt
-------\Service_dmprimer
-------\Service_DynDNS_Updater_Service
-------\Service_eaps2kbd
-------\Service_hfneavwv
-------\Service_hpzid412
-------\Service_icraplus
-------\Service_itmrtsvc
-------\Service_k750mdfl
-------\Service_LMouKE
-------\Service_lpx
-------\Service_lxrjd31d
-------\Service_mfeapfk
-------\Service_mssql$microsoftsmlbiz
-------\Service_nhcDriverDevice
-------\Service_NTACCESS
-------\Service_nv4
-------\Service_orbpvr
-------\Service_osanbm
-------\Service_ossrv
-------\Service_pclepci
-------\Service_qbcfmonitorservice
-------\Service_rchost
-------\Service_RDID1007
-------\Service_RMSvc
-------\Service_s3savagenb
-------\Service_s616mgmt
-------\Service_schscnt
-------\Service_SE2Emdfl
-------\Service_se44nd5
-------\Service_sfman
-------\Service_siswlsvc
-------\Service_SMPLSCSI
-------\Service_snoopfree
-------\Service_sp_clamsrv
-------\Service_SPFDRV
-------\Service_ssmdrv
-------\Service_StreamDispatcher
-------\Service_symlcbrd
-------\Service_tb2launch
-------\Service_tifmsony
-------\Service_tme3srv
-------\Service_transcode360
-------\Service_tvald
-------\Service_unrealircd
-------\Service_UVCFTR
-------\Service_viaudio
-------\Service_vpctcom
-------\Service_W8100PCI
-------\Service_wacomvhid
-------\Service_wmdmpmsn
-------\Service_YahooAUService
-------\Service_YMIDUSB
-------\Service_zppinger
.
.
((((((((((((((((((((((((( Files Created from 2012-05-22 to 2012-06-22 )))))))))))))))))))))))))))))))
.
.
2012-06-16 18:34 . 2012-06-16 18:37 -------- d-----w- C:\TDSSKiller_Quarantine
2012-06-16 13:45 . 2012-06-16 13:45 -------- d-----w- C:\TWISTER
2012-06-16 08:23 . 2012-06-16 08:25 -------- d-----w- c:\users\hp\AppData\Local\Facebook
2012-06-15 20:36 . 2012-06-15 20:36 -------- d-----w- c:\program files\7-Zip
2012-06-13 21:00 . 2012-06-13 21:03 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2012-06-13 21:00 . 2012-06-13 21:01 -------- d-----w- c:\program files\Spybot - Search & Destroy
2012-06-13 20:27 . 2012-06-13 20:24 607260 ----a-r- c:\users\hp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\dds.scr
2012-06-13 20:22 . 2012-06-13 20:22 -------- d-----w- c:\program files\ERUNT
2012-06-12 17:35 . 2012-06-12 17:35 -------- d-----w- c:\users\hp\AppData\Local\eToolKit
2012-06-12 17:35 . 2011-09-12 16:43 57152 ----a-w- c:\windows\system32\drivers\toolkitdisk.sys
2012-06-12 17:34 . 2012-06-21 21:36 -------- d-----w- c:\program files\ToolKitService
2012-06-11 17:49 . 2012-06-11 17:49 -------- d-----w- c:\users\hp\AppData\Roaming\CBS Interactive
2012-06-11 07:15 . 2012-06-11 07:15 -------- d-----w- c:\users\hp\AppData\Roaming\Optimizer Pro
2012-06-11 07:13 . 2012-06-11 07:13 -------- d-----w- c:\program files\Optimizer Pro
2012-06-11 07:12 . 2012-06-19 07:24 -------- d-----w- c:\programdata\ADDICT-THING
2012-06-10 17:32 . 2012-06-10 17:32 -------- d-----w- c:\program files\Common Files\SourceTec
2012-06-10 17:32 . 2012-06-10 17:33 -------- d-----w- c:\program files\SourceTec
2012-06-09 20:40 . 2012-06-09 20:43 -------- d-----w- c:\users\hp\AppData\Local\Apple Computer
2012-06-09 20:40 . 2012-06-09 20:40 -------- d-----w- c:\users\hp\AppData\Roaming\Apple Computer
2012-06-09 20:40 . 2012-06-09 20:40 -------- d-----w- c:\program files\iPod
2012-06-09 20:40 . 2012-06-09 20:40 -------- d-----w- c:\program files\iTunes
2012-06-09 14:48 . 2012-06-09 14:48 -------- d-----w- c:\users\hp\AppData\Local\WindowsUpdate
2012-06-09 14:07 . 2012-06-09 14:07 3951672 ----a-w- c:\windows\system32\ntkr128g.exe
2012-06-08 22:04 . 2012-06-11 07:15 1547 ----a-w- C:\user.js
2012-06-08 22:03 . 2012-06-08 22:03 -------- d-----w- c:\programdata\Premium
2012-06-08 22:02 . 2012-06-11 21:20 -------- d-----w- c:\programdata\InstallMate
2012-06-07 08:56 . 2012-06-07 08:56 -------- d-----w- c:\program files\CCleaner
2012-06-06 10:01 . 2012-06-06 10:01 -------- d-----w- c:\windows\system32\Adobe
2012-06-06 09:59 . 2012-06-18 21:44 -------- d-----w- c:\users\hp\AppData\Local\ElevatedDiagnostics
2012-06-05 13:15 . 2012-06-05 13:15 -------- d-----w- c:\programdata\Hotspot Shield
2012-06-05 13:14 . 2012-06-05 13:15 -------- d-----w- C:\Hotspot Shield
2012-06-05 10:42 . 2012-06-05 10:42 -------- d-----w- c:\users\hp\.vdrift
2012-06-04 18:21 . 2012-06-04 18:21 -------- d-----w- c:\users\hp\AppData\Roaming\AVG
2012-06-04 16:06 . 2012-06-04 16:06 -------- d-----w- c:\users\hp\AppData\Local\AVG Secure Search
2012-06-04 14:37 . 2012-06-04 16:06 -------- d-----w- c:\programdata\AVG Secure Search
2012-06-04 14:37 . 2012-06-21 07:35 -------- d-----w- c:\program files\Common Files\AVG Secure Search
2012-06-04 14:37 . 2012-06-04 16:06 -------- d-----w- c:\program files\AVG Secure Search
2012-06-04 14:33 . 2012-06-04 14:33 -------- d--h--w- c:\programdata\Common Files
2012-06-04 14:33 . 2012-06-21 16:59 -------- d-----w- c:\windows\system32\drivers\AVG
2012-06-04 14:33 . 2012-06-12 16:27 -------- d-----w- c:\programdata\AVG2012
2012-06-04 14:33 . 2012-06-04 14:33 -------- d-----w- C:\$AVG
2012-06-04 14:33 . 2012-06-04 18:20 -------- d-----w- c:\program files\AVG
2012-06-04 14:06 . 2012-06-19 07:24 -------- d-----w- c:\programdata\MFAData
2012-06-04 09:41 . 2012-06-04 09:41 -------- d-----w- c:\users\hp\AppData\Roaming\playmink
2012-06-03 22:40 . 2012-06-03 22:44 -------- d-----w- c:\users\hp\youwave
2012-06-03 22:40 . 2012-06-03 22:40 -------- d-----w- c:\users\hp\.Virtualbox
2012-06-03 14:28 . 2012-06-03 14:28 -------- d-----w- c:\users\hp\AppData\Roaming\IDT
2012-06-03 13:31 . 2012-06-03 13:31 -------- d-----w- c:\users\hp\AppData\Roaming\dll-files.com
2012-06-03 13:31 . 2012-06-03 13:31 -------- d-----w- c:\program files\Dll-Files.com Fixer
2012-06-02 23:01 . 2012-06-02 23:01 -------- d-----w- c:\users\hp\AppData\Roaming\ATI
2012-06-02 23:01 . 2012-06-02 23:01 -------- d-----w- c:\users\hp\AppData\Local\ATI
2012-06-02 23:01 . 2012-06-02 23:01 -------- d-----w- c:\programdata\ATI
2012-06-02 22:59 . 2012-06-02 22:59 -------- d-----w- c:\program files\Common Files\Intel
2012-06-02 22:59 . 2012-06-02 22:59 -------- d-----w- c:\program files\Intel
2012-06-02 22:59 . 2012-06-02 22:59 -------- d-----w- C:\Intel
2012-06-02 22:59 . 2012-06-02 22:59 -------- d-----w- c:\program files\AMD APP
2012-06-02 22:57 . 2012-06-02 22:57 -------- d-----w- c:\program files\ATI
2012-06-02 22:57 . 2012-06-02 22:59 -------- d-----w- c:\program files\ATI Technologies
2012-06-02 20:47 . 2011-09-08 03:42 6012416 ----a-w- c:\windows\system32\IDTNGUI.exe
2012-06-02 20:47 . 2011-09-08 03:42 536576 ----a-w- c:\windows\system32\idtmini1.exe
2012-06-02 20:20 . 2011-08-23 19:57 80416 ----a-w- c:\windows\system32\RtNicProp32.dll
2012-06-02 20:20 . 2011-08-23 19:57 414824 ----a-w- c:\windows\system32\drivers\Rt86win7.sys
2012-06-02 19:09 . 2012-06-02 19:20 -------- d-----w- c:\program files\Cisco
2012-06-02 19:07 . 2012-06-02 19:19 6656 ----a-w- c:\windows\system32\bcmwlrc.dll
2012-06-02 19:07 . 2012-06-02 19:07 91448 ----a-w- c:\windows\system32\bcmwlcoi.dll
2012-06-02 19:07 . 2012-06-02 19:07 4256320 ----a-w- c:\windows\system32\drivers\BCMWL6.SYS
2012-06-02 19:07 . 2012-06-02 19:07 3928064 ----a-w- c:\windows\system32\bcmihvsrv.dll
2012-06-02 19:07 . 2012-06-02 19:07 3616768 ----a-w- c:\windows\system32\bcmihvui.dll
2012-06-02 18:07 . 2012-06-02 18:07 -------- d-----w- c:\users\hp\AppData\Roaming\InstallShield
2012-06-02 17:40 . 2012-04-02 04:40 936960 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2012-06-02 17:40 . 2012-04-02 04:41 1221632 ----a-w- c:\program files\Windows Journal\NBDoc.DLL
2012-06-02 17:40 . 2012-04-02 04:40 989184 ----a-w- c:\program files\Windows Journal\JNTFiltr.dll
2012-06-02 17:40 . 2012-04-02 04:40 969216 ----a-w- c:\program files\Windows Journal\JNWDRV.dll
2012-06-02 16:00 . 2012-06-02 16:00 -------- d-----w- c:\program files\Hewlett-Packard
2012-06-02 16:00 . 2012-06-02 16:00 -------- d-----w- c:\program files\HP
2012-06-01 13:06 . 2012-06-01 13:06 -------- d-----w- c:\users\hp\AppData\Roaming\iWin
2012-05-30 18:12 . 2012-06-22 13:31 -------- d-----w- c:\programdata\WeFi
2012-05-30 18:12 . 2012-05-30 18:12 -------- d-----w- c:\program files\WeFi
2012-05-30 08:06 . 2012-06-05 10:46 -------- d-----w- c:\users\hp\AppData\Roaming\.freeciv
2012-05-30 07:49 . 2012-06-20 22:48 -------- d-----w- c:\users\hp\AppData\Local\Akamai
2012-05-30 07:43 . 2012-06-22 10:54 -------- d-----w- c:\program files\Common Files\Akamai
2012-05-30 07:39 . 2012-05-30 08:05 -------- d-----w- c:\program files\Kuma Games
2012-05-28 18:28 . 2012-05-28 18:28 -------- d-----w- c:\users\hp\AppData\Local\IsolatedStorage
2012-05-28 13:58 . 2012-05-28 13:59 -------- d-----w- c:\users\hp\AppData\Local\Nokia
2012-05-28 13:58 . 2012-05-28 13:58 -------- d-----w- c:\programdata\NokiaMusic
2012-05-28 12:16 . 2012-05-28 13:58 -------- d-----w- c:\program files\Common Files\Nokia
2012-05-28 12:16 . 2012-05-28 12:16 -------- d-----w- c:\program files\Common Files\PCSuite
2012-05-28 12:15 . 2012-05-28 12:16 -------- d-----w- c:\program files\DIFX
2012-05-28 12:15 . 2008-08-26 07:26 18816 ----a-w- c:\windows\system32\drivers\pccsmcfd.sys
2012-05-28 12:15 . 2012-05-28 12:15 -------- dc----w- c:\windows\system32\DRVSTORE
2012-05-28 12:15 . 2012-05-28 12:15 -------- d-----w- c:\program files\PC Connectivity Solution
2012-05-28 12:10 . 2012-05-28 12:10 -------- d-----w- c:\programdata\Installations
2012-05-24 12:10 . 2012-05-24 12:10 -------- d-----w- c:\programdata\Playrix Entertainment
2012-05-24 12:09 . 2012-05-24 12:09 -------- d-----w- c:\program files\AllGamesHome Toolbar
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-16 18:38 . 2009-07-13 23:12 74240 ----a-w- c:\windows\system32\drivers\tdx.sys
2012-05-06 15:59 . 2012-04-12 18:35 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-05-06 15:59 . 2012-03-22 20:53 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-04-29 18:43 . 2012-04-29 18:43 773968 ----a-w- c:\windows\system32\msvcr100.dll
2012-04-29 18:43 . 2012-04-29 18:43 421200 ----a-w- c:\windows\system32\msvcp100.dll
2012-04-19 02:50 . 2012-04-19 02:50 24896 ----a-w- c:\windows\system32\drivers\avgidshx.sys
2012-03-26 21:45 . 2012-03-26 21:45 37376 ----a-w- c:\windows\system32\drivers\HssDrv.sys
2012-03-26 21:45 . 2012-03-26 21:45 32768 ----a-w- c:\windows\system32\drivers\taphss.sys
2012-06-18 10:29 . 2012-06-10 17:14 85472 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{70EA269E-56DF-49C2-86B2-1A1924ED88B4}]
2011-12-26 15:47 109640 ----a-w- c:\program files\ToolKitService\splash.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2012-06-04 14:37 2068536 ----a-w- c:\program files\AVG Secure Search\11.1.0.7\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{5FC86FB3-A8B1-400B-8BE7-0EAF0D857F5D}"= "c:\program files\AllGamesHome Toolbar\tbcore3.dll" [2012-01-16 2666112]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files\AVG Secure Search\11.1.0.7\AVG Secure Search_toolbar.dll" [2012-06-04 2068536]
"{D3B22A92-87A2-47b6-B3E6-A64877B5C242}"= "c:\program files\ToolKitService\toolbar.dll" [2011-12-30 875592]
.
[HKEY_CLASSES_ROOT\clsid\{5fc86fb3-a8b1-400b-8be7-0eaf0d857f5d}]
[HKEY_CLASSES_ROOT\TBSB01457.TBSB01457.3]
[HKEY_CLASSES_ROOT\TypeLib\{EC4085F2-8DB3-45a6-AD0B-CA289F3C5D7E}]
[HKEY_CLASSES_ROOT\TBSB01457.TBSB01457]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_CLASSES_ROOT\clsid\{d3b22a92-87a2-47b6-b3e6-a64877b5c242}]
[HKEY_CLASSES_ROOT\ToolBand.ToolBandObj.1]
[HKEY_CLASSES_ROOT\TypeLib\{5297E905-1DFB-4A9C-9871-A4F95FD58945}]
[HKEY_CLASSES_ROOT\ToolBand.ToolBandObj]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2012-03-26 1516600]
"Akamai NetSession Interface"="c:\users\hp\AppData\Local\Akamai\netsession_win.exe" [2012-05-26 4327744]
"Facebook Update"="c:\users\hp\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-06-16 137536]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NokiaMServer"="c:\program files\Common Files\Nokia\MPlatform\NokiaMServer" [X]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-12-17 1996072]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"NokiaMusic FastStart"="c:\program files\Nokia\Nokia Music Player\NokiaMusicPlayer.exe" [2011-10-21 2193000]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2011-09-08 1433692]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-08-09 142616]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-08-09 177432]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-08-09 176408]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-08-17 343168]
"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2012-04-05 2587008]
"vProt"="c:\program files\AVG Secure Search\vprot.exe" [2012-06-04 1104440]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2007-06-29 286720]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2007-07-10 270648]
.
c:\users\hp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2011-9-20 1008928]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli c:\program files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll
.
[HKLM\~\startupfolder\C:^Users^hp^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^CNET TechTracker.lnk]
path=c:\users\hp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CNET TechTracker.lnk
backup=c:\windows\pss\CNET TechTracker.lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^hp^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Facebook Messenger.lnk]
path=c:\users\hp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook Messenger.lnk
backup=c:\windows\pss\Facebook Messenger.lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^hp^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Kuma_Tray.lnk]
path=c:\users\hp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Kuma_Tray.lnk
backup=c:\windows\pss\Kuma_Tray.lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^hp^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
path=c:\users\hp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Optimizer Pro]
2012-01-02 17:15 81912 ----a-w- c:\program files\Optimizer Pro\OptProLauncher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tktray]
2012-01-23 15:01 453712 ----a-w- c:\program files\ToolKitService\tktray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
2011-12-09 17:22 74752 ----a-w- c:\program files\Winamp\winampa.exe
.
R1 vcdrom;Virtual CD-ROM Device Driver;D:\VCdRom.sys [x]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\avgidsagent.exe [2012-04-30 5106744]
R2 VBoxDrv;VBox Support Driver;d:\drivers\A\YouWave_Android\vb\VBoxDrv.sys [x]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-06 257696]
R3 BTWDPAN;Bluetooth Personal Area Network;c:\windows\system32\DRIVERS\btwdpan.sys [2011-09-20 76328]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-18 113120]
R3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys [2011-02-15 251496]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-03-20 1343400]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam.sys [2008-05-06 11520]
S0 AVGIDSHX;AVGIDSHX;c:\windows\system32\DRIVERS\avgidshx.sys [2012-04-19 24896]
S0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx86.sys [2012-01-31 31952]
S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx86.sys [2012-02-22 235216]
S1 Avgtdix;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdix.sys [2012-03-19 301248]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 20992]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-08-17 176128]
S2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [2012-02-14 193288]
S2 hshld;Hotspot Shield Service;d:\a\Programs\Hotspot Shield\bin\openvpnas.exe [2012-04-10 542552]
S2 HssWd;Hotspot Shield Monitoring Service;d:\a\Programs\Hotspot Shield\bin\hsswd.exe [2012-04-02 329544]
S2 IconMan_R;IconMan_R;c:\program files\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2011-02-18 1752576]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 ToolkitSvc;Toolkit Service;c:\program files\ToolKitService\ToolkitService.exe [2012-01-23 687168]
S2 vToolbarUpdater11.1.0;vToolbarUpdater11.1.0;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\11.1.0\ToolbarUpdater.exe [2012-06-04 935480]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2011-08-17 8396800]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2011-08-17 247808]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdriverx.sys [2011-12-23 139856]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\avgidsfilterx.sys [2011-12-23 24144]
S3 AVGIDSShim;AVGIDSShim;c:\windows\system32\DRIVERS\avgidsshimx.sys [2011-12-23 17232]
S3 bcbtums;Bluetooth RAM Firmware Download USB Filter;c:\windows\system32\drivers\bcbtums.sys [2011-09-20 142632]
S3 btwampfl;btwampfl Bluetooth filter driver;c:\windows\system32\drivers\btwampfl.sys [2011-09-20 525864]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2011-09-20 33832]
S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [2010-12-10 27632]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-15 269824]
S3 intelkmd;intelkmd;c:\windows\system32\DRIVERS\igdpmd32.sys [2011-08-09 10843136]
S3 MEI;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECI.sys [2010-10-20 41088]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2011-08-23 414824]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]
S3 WefiEngSvc;WeFi Engine Service;c:\program files\WeFi\WefiEngSvc.exe [2010-11-03 120152]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
NETSVCS REQUIRES REPAIRS - current entries shown
L
o
o
k
u
p
S
v
c
.
.
C
r
P
r
o
p
S
v
c
.
.
S
C
P
o
l
i
c
y
S
v
c
.
.
l
n
m
n
s
r
v
r
.
.
p
s
v
c
.
.
I
K
X
.
.
u
d
i
o
S
r
v
.
.
F
s
U
s
r
S
w
i
c
h
i
n
C
o
m
p
i
b
i
l
i
y
.
.
I
s
.
.
I
r
m
o
n
.
.
N
l
.
.
N
m
s
s
v
c
.
.
N
W
C
W
o
r
k
s
i
o
n
.
.
N
w
s
p
n
.
.
R
s
u
o
.
.
R
s
m
n
.
.
R
m
o
c
c
s
s
.
.
S
N
S
.
.
S
h
r
d
c
c
s
s
.
.
S
R
S
r
v
i
c
.
.
p
i
s
r
v
.
.
W
m
i
.
.
W
m
d
m
P
m
S
p
.
.
r
m
S
r
v
i
c
.
.
w
u
u
s
r
v
.
.
B
I
S
.
.
S
h
l
l
H
W
D
c
i
o
n
.
.
L
o
o
n
H
o
u
r
s
.
.
P
C
u
d
i
.
.
h
l
p
s
v
c
.
.
u
p
l
o
d
m
r
.
.
i
p
h
l
p
s
v
c
.
.
s
c
l
o
o
n
.
.
p
p
I
n
f
o
.
.
m
s
i
s
c
s
i
.
.
M
M
C
S
S
.
.
w
r
c
p
l
s
u
p
p
o
r
.
.
p
H
o
s
.
.
P
r
o
f
S
v
c
.
.
s
c
h
d
u
l
.
.
h
k
m
s
v
c
.
.
S
s
s
i
o
n
n
v
.
.
w
i
n
m
m
.
.
b
r
o
w
s
r
.
.
h
m
s
.
.
B
D
S
V
C
.
.
p
p
M
m
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-06-22 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-12 15:59]
.
2012-06-13 c:\windows\Tasks\DLL-files.com Fixer_UPDATES.job
- c:\program files\Dll-Files.com Fixer\DLLFixer.exe [2012-06-03 15:29]
.
2012-06-21 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4088562051-3164859817-2932628761-1000Core.job
- c:\users\hp\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-06-16 08:23]
.
2012-06-22 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4088562051-3164859817-2932628761-1000UA.job
- c:\users\hp\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-06-16 08:23]
.
2012-06-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4088562051-3164859817-2932628761-1000Core.job
- c:\users\hp\AppData\Local\Google\Update\GoogleUpdate.exe [2012-03-25 14:34]
.
2012-06-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4088562051-3164859817-2932628761-1000UA.job
- c:\users\hp\AppData\Local\Google\Update\GoogleUpdate.exe [2012-03-25 14:34]
.
2012-06-22 c:\windows\Tasks\WefiStartup.job
- c:\program files\WeFi\WefiStartup.exe [2010-11-03 09:21]
.
.
------- Supplementary Scan -------
.
mStart Page = hxxp://home.allgameshome.com/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: Sothink Flash Downloader For IE - c:\program files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
IE: {{5FC86FB3-A8B1-400B-8BE7-0EAF0D857F5D} - {5FC86FB3-A8B1-400B-8BE7-0EAF0D857F5D} - c:\program files\AllGamesHome Toolbar\tbcore3.dll
TCP: DhcpNameServer = 8.8.8.8 8.8.4.4
TCP: Interfaces\{7C5ABD3D-63C7-4714-846F-A892A2BF87CE}: NameServer = 10.89.80.1
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\11.1.0\ViProtocol.dll
FF - ProfilePath - c:\users\hp\AppData\Roaming\Mozilla\Firefox\Profiles\xhny2dox.default\
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-alnaddyToolbar - c:\program files\Alnaddy.com\alnaddyToolbar\1.5.25.2\uninstall.exe
AddRemove-BabylonToolbar - c:\program files\BabylonToolbar\BabylonToolbar\1.5.3.17\uninstall.exe
AddRemove-Battlecraft 19422.1 - c:\windows\iun6002.exe
AddRemove-GameSpy Arcade - d:\a\Games\GANESP~1\UNWISE.EXE
AddRemove-MDT - c:\windows\iun6002.exe
AddRemove-{2EF17083-57D4-4D64-AE4F-55F32A2C4571} - c:\programdata\Codecv\uninstall.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Akamai]
"ServiceDll"="C:/Program Files/Common Files/Akamai/netsession_win_80c2ffa.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Akamai]
"ServiceDll"="C:/Program Files/Common Files/Akamai/netsession_win_80c2ffa.dll"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'lsass.exe'(908)
c:\program files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll
.
Completion time: 2012-06-22 15:42:03
ComboFix-quarantined-files.txt 2012-06-22 13:42
ComboFix2.txt 2012-06-18 08:41
.
Pre-Run: 78,538,141,696 bytes free
Post-Run: 78,477,705,216 bytes free
.
- - End Of File - - AD824B272C52DFD5CE3035A90D9A4977