Desktop Results

[mattyang]

Scanned done as a result of problem with ad popup from CoupondropDown which is still affecting my Firefox browser and not IE. As a result was advise to do the following scans and result posted for study as attached.

 

dds.txtattach.txtaswMBR.txt

 

 

Appreciate advise on next step to take.

[mattyang]

Attached is scan log result from SuperAntiSpyware which detected 3 Trojans in my Toshiba notebook. Please do note that I had posted a earlier scan result for my Acer Desk top. I apologize for not submitting a attachment as I tried but was advised that file type was not permitted to be attached.

 

SUPERAntiSpyware Scan Log

http://www.superantispyware.com

 

Generated 12/29/2012 at 11:27 AM

 

Application Version : 5.6.1014

 

Core Rules Database Version : 9803

Trace Rules Database Version: 7615

 

Scan type : Complete Scan

Total Scan Time : 01:19:36

 

Operating System Information

Windows 7 Home Premium 32-bit, Service Pack 1 (Build 6.01.7601)

UAC On - Limited User

 

Memory items scanned : 638

Memory threats detected : 0

Registry items scanned : 39942

Registry threats detected : 0

File items scanned : 47891

File threats detected : 3

 

Trojan.Agent/Gen-Sisproc

C:WINDOWSIFINST27.EXE

C:USERSMATTAPPDATAROAMINGMICROSOFTWINDOWSSTART MENUPROGRAMSPITTASOFTBLACKVUEBASICUNINSTALL BLACKVUE.LNK

C:windowsPrefetchIFINST27.EXE-658C4860.pf

 

 

However, I have not remove the Trojan out with SuperAntiSpyware because one of the Trojan highlighted Pittasoft Blackvue is actually used for my car surveillance camera. Hence, i am afraid that by removing this out it might affect the software itself.

[Tomk_]

Hi mattboy,

 

 

My name is Tomk. I would be glad to take a look at your log and help you with solving any malware problems. Logs can take a while to research, so please be patient and I'd be grateful if you would note the following:

• I will be working on your Malware issues, this may or may not, solve other issues you have with your machine.
• The fixes are specific to your problem and should only be used for the issues on this machine.
• Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear.
• It's often worth reading through these instructions and printing them for ease of reference.
• If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
• Please reply to this thread. Do not start a new topic.

I have combined both your posts into this one thread.

 

AdwCleaner

• Please download AdwCleaner by Xplode onto your desktop.
• Close all open programs and internet browsers.
• Double click on AdwCleaner.exe to run the tool.
• Click on Delete.
• Confirm each time with Ok.
• Your computer will be rebooted automatically. A text file will open after the restart.
• Please post the content of that logfile with your next answer.
• You can find the logfile at C:AdwCleaner[s1].txt as well.

[mattyang]

Hi Tomk_, with regards to AdwCleaner, attached is the scan result from run on my Acer Desktop. However, please do not confuse this with post 2 which was merge from another topic and was posted with regards to scan on my Toshiba notebook.AdwCleanerS1.txt

[mattyang]

Hi Tomk_, herein is the result from AdwCleaner for the Toshiba Notebook. Hope I am not confusing the issues by posting on problems for two different machines.

AdwCleanerS1.txt

[Tomk_]

mattboy,

 

Yep... two different computers is confusing. I completely missed that you were posting about different ones. Let's handle them one at a time. First lets concentrate on the Acer and then we'll get to the Toshiba.

 

Also, would you please post the information instead of attaching .txt files unless specifically asked? It makes it easier on me.

 

So... on the Acer:

 

Please download Malwarebytes' Anti-Malware to your desktop.

• Double-click mbam-setup.exe and follow the prompts to install the program.
• At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
• If an update is found, it will download and install the latest version.
• Once the program has loaded, select Perform quick scan, then click Scan.
• When the scan is complete, click OK, then Show Results to view the results.
• Be sure that everything is checked, and click Remove Selected.
• When completed, a log will open in Notepad. Please save it to a convenient location and post the results.
• Note: If you receive a notice that some of the items couldn't be removed, that they have been added to the delete on reboot list, please reboot (shut down your computer then restart it).

Also... please let me know how things seem to be running on this machine now.

[mattyang]

Oops sorry about that Tomk_, will do a scan with Malware and post the result soon.

[mattyang]

Hi Tomk_, please find scan result from Malwarebyte.

 

Malwarebytes Anti-Malware 1.70.0.1100

www.malwarebytes.org

 

Database version: v2013.01.04.05

 

Windows XP Service Pack 3 x86 NTFS

Internet Explorer 8.0.6001.18702

acer :: ACER-2BD4233E2B [administrator]

 

1/4/2013 9:17:25 PM

mbam-log-2013-01-04 (21-17-25).txt

 

Scan type: Full scan (C:|D:|)

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 250173

Time elapsed: 1 hour(s), 1 minute(s), 15 second(s)

 

Memory Processes Detected: 0

(No malicious items detected)

 

Memory Modules Detected: 0

(No malicious items detected)

 

Registry Keys Detected: 0

(No malicious items detected)

 

Registry Values Detected: 0

(No malicious items detected)

 

Registry Data Items Detected: 0

(No malicious items detected)

 

Folders Detected: 0

(No malicious items detected)

 

Files Detected: 0

(No malicious items detected)

 

(end)

 

Currently my machine is running fine thou I do noticed that browser Mozilla tends to hang more often then usual especially if a few windows are opened. I have to run Task Manager to stop the program. Also I noticed that this ad prog from Coupondropdown seems to be affecting Mozilla and not IE.

[Tomk_]

Let's give this a try:

 

Download ComboFix:

 

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

 

* IMPORTANT !!! Save ComboFix.exe to your Desktop

 

 

• Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link --> http://forums.whatthetech.com/How_Disable_your_Security_Programs_t96260.html

   

• Double click on ComboFix.exe & follow the prompts.

   

• As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

   

• Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

 

 

 

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

 

 

 

Click on Yes, to continue scanning for malware.

 

When finished, it shall produce a log for you. Please include the C:ComboFix.txt in your next reply.

 

 

Notes:

 

1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.

2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.

3. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.

4.CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

[mattyang]

Hi Tomk_, following is ComboFix scan result:

 

ComboFix 13-01-06.01 - acer 01/08/2013 18:20:14.1.2 - x86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1023.595 [GMT 8:00]

Running from: c:documents and settingsacerDesktopComboFix.exe

AV: Trend Micro Titanium Internet Security 2012 *Disabled/Updated* {7D2296BC-32CC-4519-917E-52E652474AF5}

* Created a new restore point

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:documents and settingsAll UsersApplication DataTEMP

c:windowssystem32_000005_.tmp.dll

c:windowssystem32URTTemp

c:windowssystem32URTTempfusion.dll

c:windowssystem32URTTempmscoree.dll

c:windowssystem32URTTempmscoree.dll.local

c:windowssystem32URTTempmscorsn.dll

c:windowssystem32URTTempmscorwks.dll

c:windowssystem32URTTempmsvcr71.dll

c:windowssystem32URTTempregtlib.exe

.

.

((((((((((((((((((((((((( Files Created from 2012-12-08 to 2013-01-08 )))))))))))))))))))))))))))))))

.

.

2012-12-24 05:59 . 2012-12-24 05:59 -------- d-----w- c:documents and settingsacerApplication DataSUPERAntiSpyware.com

2012-12-24 05:58 . 2012-12-24 05:58 -------- d-----w- c:program filesSUPERAntiSpyware

2012-12-24 05:58 . 2012-12-24 05:58 -------- d-----w- c:documents and settingsAll UsersApplication DataSUPERAntiSpyware.com

2012-12-18 10:20 . 2013-01-06 05:24 -------- d-----w- c:documents and settingsacerApplication DataQuickScan

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-12-16 12:23 . 2004-08-04 05:00 290560 ----a-w- c:windowssystem32atmfd.dll

2012-12-15 04:49 . 2012-04-04 11:34 697272 ----a-w- c:windowssystem32FlashPlayerApp.exe

2012-12-15 04:49 . 2012-01-26 03:27 73656 ----a-w- c:windowssystem32FlashPlayerCPLApp.cpl

2012-12-14 08:49 . 2012-02-03 12:47 21104 ----a-w- c:windowssystem32driversmbam.sys

2012-11-13 01:25 . 2005-10-06 00:06 1866368 ----a-w- c:windowssystem32win32k.sys

2012-11-02 02:02 . 2004-08-04 05:00 375296 ----a-w- c:windowssystem32dpnet.dll

2012-11-01 12:17 . 2006-03-04 03:58 916992 ----a-w- c:windowssystem32wininet.dll

2012-11-01 12:17 . 2004-08-04 05:00 43520 ----a-w- c:windowssystem32licmgr10.dll

2012-11-01 12:17 . 2004-08-04 05:00 1469440 ------w- c:windowssystem32inetcpl.cpl

2012-11-01 00:35 . 2004-08-04 05:00 385024 ----a-w- c:windowssystem32html.iec

2009-05-01 21:02 . 2012-12-07 11:48 1044480 ----a-w- c:program filesmozilla firefoxpluginslibdivx.dll

2009-05-01 21:02 . 2012-12-07 11:49 200704 ----a-w- c:program filesmozilla firefoxpluginsssldivx.dll

2012-12-07 11:49 . 2012-12-07 11:48 262112 ----a-w- c:program filesmozilla firefoxcomponentsbrowsercomps.dll

2006-05-03 03:06 163328 --sha-r- c:windowssystem32flvDX.dll

2007-02-21 04:47 31232 --sha-r- c:windowssystem32msfDX.dll

2008-03-16 06:30 216064 --sha-r- c:windowssystem32nbDX.dll

2010-01-06 15:00 107520 --sha-r- c:windowssystem32TAKDSDecoder.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]

"Trend Micro Titanium"="c:program filesTrend MicroTitaniumUIFrameworkuiWinMgr.exe" [2012-09-08 1304824]

"Trend Micro Client Framework"="c:program filesTrend MicroUniClientUiFrmWrkUIWatchDog.exe" [2012-02-27 133424]

"TkBellExe"="c:program filesrealrealplayerupdaterealsched.exe" [2012-08-14 296096]

.

[hkey_local_machinesoftwaremicrosoftwindowscurrentversionexplorerShellExecuteHooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:program filesSUPERAntiSpywareSASSEH.DLL" [2011-07-19 113024]

.

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimal!SASCORE]

@=""

.

[HKLM~startupfolderC:^Documents and Settings^All Users^Start Menu^Programs^Startup^Acer Empowering Technology.lnk]

path=c:documents and settingsAll UsersStart MenuProgramsStartupAcer Empowering Technology.lnk

backup=c:windowspssAcer Empowering Technology.lnkCommon Startup

.

[HKLM~startupfolderC:^Documents and Settings^All Users^Start Menu^Programs^Startup^Acer WLAN 11g USB Dongle.lnk]

path=c:documents and settingsAll UsersStart MenuProgramsStartupAcer WLAN 11g USB Dongle.lnk

backup=c:windowspssAcer WLAN 11g USB Dongle.lnkCommon Startup

.

[HKLM~startupfolderC:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]

path=c:documents and settingsAll UsersStart MenuProgramsStartupAdobe Reader Speed Launch.lnk

backup=c:windowspssAdobe Reader Speed Launch.lnkCommon Startup

.

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregLaunchApp]

Alaunch [X]

.

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregAcer Empowering Technology Monitor]

2006-04-19 03:54 49152 ----a-w- c:windowssystem32SysMonitor.exe

.

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregAdobe ARM]

2012-07-27 20:51 919008 ----a-w- c:program filesCommon FilesAdobeARM1.0AdobeARM.exe

.

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregAlcmtr]

2005-05-03 02:43 69632 ----a-w- c:windowsAlcmtr.exe

.

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregAPSDaemon]

2012-02-20 13:28 59240 ----a-w- c:program filesCommon FilesAppleApple Application SupportAPSDaemon.exe

.

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregAspireService]

2006-06-09 20:24 110592 ----a-w- c:program filesAcerAcer eMode ManagementAspireService.exe

.

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregctfmon.exe]

2008-04-14 00:12 15360 ----a-w- c:windowssystem32ctfmon.exe

.

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregeDataSecurity Loader]

2006-03-17 23:00 345088 ----a-w- c:acerEmpowering TechnologyeDataSecurityeDSloader.exe

.

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregeRecoveryService]

2006-06-01 22:40 413696 ----a-w- c:acerEmpowering TechnologyeRecoveryeRAgent.exe

.

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregIMEKRMIG6.1]

2004-08-04 05:00 44032 ----a-w- c:windowsimeimkr6_1imekrmig.exe

.

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregIMJPMIG8.1]

2004-08-04 05:00 208952 ----a-w- c:windowsimeimjp8_1imjpmig.exe

.

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregMediaSync]

2006-05-04 22:55 425984 ----a-w- c:program filesAcerAcer eConsoleMediaSync.exe

.

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregMSMSGS]

2008-04-14 00:12 1695232 ----a-w- c:program filesMessengermsmsgs.exe

.

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregMSPY2002]

2004-08-04 05:00 59392 ----a-w- c:windowssystem32IMEPINTLGNTIMSCINST.EXE

.

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregntiMUI]

2005-05-12 00:15 45056 ----a-w- c:program filesNewTech InfosystemsNTI CD & DVD-Maker 7ntiMUI.exe

.

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregNvCplDaemon]

2006-07-11 22:19 7626752 ----a-w- c:windowssystem32nvcpl.dll

.

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregNvMediaCenter]

2006-07-11 22:19 86016 ----a-w- c:windowssystem32nvmctray.dll

.

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregnwiz]

2006-07-11 22:19 1519616 ----a-w- c:windowssystem32nwiz.exe

.

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregPCMService]

2006-03-30 05:50 143360 ----a-w- c:program filesAcer TV-FMPCMService.exe

.

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregPHIME2002A]

2004-08-04 05:00 455168 ----a-w- c:windowssystem32IMETINTLGNTTINTSETP.EXE

.

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregPHIME2002ASync]

2004-08-04 05:00 455168 ----a-w- c:windowssystem32IMETINTLGNTTINTSETP.EXE

.

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregQuickTime Task]

2012-04-18 12:56 421888 ----a-w- c:program filesQuickTimeQTTask.exe

.

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregRemoteControl]

2004-11-03 03:24 32768 ----a-w- c:program filesCyberLinkPowerDVDPDVDServ.exe

.

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregRTHDCPL]

2006-06-01 00:48 16208384 ----a-w- c:windowsRTHDCPL.exe

.

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregSkyTel]

2006-05-16 02:04 2879488 ----a-w- c:windowsSkyTel.exe

.

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregSunJavaUpdateSched]

2011-06-09 05:06 254696 ----a-w- c:program filesCommon FilesJavaJava Updatejusched.exe

.

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregSUPERAntiSpyware]

2012-11-01 19:45 4763008 ----a-w- c:program filesSUPERAntiSpywareSUPERAntiSpyware.exe

.

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregTkBellExe]

2012-08-14 13:00 296096 ----a-w- c:program filesRealRealPlayerUpdaterealsched.exe

.

[HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity centerMonitoringTrendAntiVirus]

"DisableMonitoring"=dword:00000001

.

[HKLM~servicessharedaccessparametersfirewallpolicystandardprofileAuthorizedApplicationsList]

"%windir%system32sessmgr.exe"=

"c:Program FilesAcer TV-FMPowerCinema.exe"=

"c:Program FilesAcer TV-FMPCMService.exe"=

"%windir%Network Diagnosticxpnetdiag.exe"=

"c:Program FilesVeetlePlayerVeetleNet.exe"=

"c:Program FilesMicrosoft OfficeOffice14ONENOTE.EXE"=

"c:Program FilesMicrosoft OfficeOffice14OUTLOOK.EXE"=

"c:Program FilesSopCastSopCast.exe"=

"c:WINDOWSsystem32msiexec.exe"=

"c:Program FilesCommon FilesAppleApple Application SupportWebKit2WebProcess.exe"=

.

R1 SASDIFSV;SASDIFSV;c:program filesSUPERAntiSpywaresasdifsv.sys [7/23/2011 12:27 AM 12880]

R1 SASKUTIL;SASKUTIL;c:program filesSUPERAntiSpywareSASKUTIL.SYS [7/13/2011 5:55 AM 67664]

R1 tmevtmgr;tmevtmgr;c:windowssystem32driverstmevtmgr.sys [1/26/2012 11:02 AM 76648]

R2 !SASCORE;SAS Core Service;c:program filesSUPERAntiSpywareSASCore.exe [7/12/2012 2:54 AM 116608]

S2 Amsp;Trend Micro Solution Platform;c:program filesTrend MicroAMSPcoreServiceShell.exe [1/26/2012 10:54 AM 200632]

.

Contents of the 'Scheduled Tasks' folder

.

2013-01-07 c:windowsTasksAdobe Flash Player Updater.job

- c:windowssystem32MacromedFlashFlashPlayerUpdateService.exe [2012-04-04 04:49]

.

2012-10-09 c:windowsTasksAppleSoftwareUpdate.job

- c:program filesApple Software UpdateSoftwareUpdate.exe [2011-06-01 09:57]

.

2013-01-08 c:windowsTasksGoogleUpdateTaskMachineCore.job

- c:program filesGoogleUpdateGoogleUpdate.exe [2012-08-14 12:57]

.

2013-01-08 c:windowsTasksGoogleUpdateTaskMachineUA.job

- c:program filesGoogleUpdateGoogleUpdate.exe [2012-08-14 12:57]

.

2013-01-08 c:windowsTasksRealUpgradeLogonTaskS-1-5-21-2142491333-3158233723-917065816-1006.job

- c:program filesRealRealUpgraderealupgrade.exe [2012-07-27 06:27]

.

2012-12-27 c:windowsTasksRealUpgradeScheduledTaskS-1-5-21-2142491333-3158233723-917065816-1006.job

- c:program filesRealRealUpgraderealupgrade.exe [2012-07-27 06:27]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://sg.yahoo.com/?p=us

IE: E&xport to Microsoft Excel - c:progra~1MICROS~2Office14EXCEL.EXE/3000

IE: Se&nd to OneNote - c:progra~1MICROS~2Office14ONBttnIE.dll/105

IE: Search the Web - c:program filesSweetIMToolbarsInternet Explorerresourcesmenuext.html

TCP: DhcpNameServer = 192.168.1.254

FF - ProfilePath - c:documents and settingsacerApplication DataMozillaFirefoxProfilesfoutjaf1.default

FF - prefs.js: browser.search.selectedEngine -

FF - prefs.js: browser.startup.homepage - hxxp://sg.yahoo.com/

FF - ExtSQL: 2012-12-18 18:19; {e001c731-5e37-4538-a5cb-8168736a2360}; c:documents and settingsacerApplication DataMozillaFirefoxProfilesfoutjaf1.defaultextensions{e001c731-5e37-4538-a5cb-8168736a2360}

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2013-01-08 18:23

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERSS-1-5-21-2142491333-3158233723-917065816-1006SoftwareMicrosoftSystemCertificatesAddressBook*]

@Allowed: (Read) (RestrictedCode)

@Allowed: (Read) (RestrictedCode)

.

[HKEY_LOCAL_MACHINEsoftwareClassesCLSID{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:WINDOWSsystem32MacromedFlashFlashUtil32_11_5_502_135_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINEsoftwareClassesCLSID{73C9DFA0-750D-11E1-B0C4-0800200C9A66}Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINEsoftwareClassesCLSID{73C9DFA0-750D-11E1-B0C4-0800200C9A66}LocalServer32]

@="c:WINDOWSsystem32MacromedFlashFlashUtil32_11_5_502_135_ActiveX.exe"

.

[HKEY_LOCAL_MACHINEsoftwareClassesCLSID{73C9DFA0-750D-11E1-B0C4-0800200C9A66}TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINEsoftwareClassesInterface{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINEsoftwareClassesInterface{6AE38AE0-750C-11E1-B0C4-0800200C9A66}ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINEsoftwareClassesInterface{6AE38AE0-750C-11E1-B0C4-0800200C9A66}TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINEsoftwareClassesVideoLAN.VLCPlugin.*1*]

@="?????????????????? v1"

.

[HKEY_LOCAL_MACHINEsoftwareClassesVideoLAN.VLCPlugin.*1*CLSID]

@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"

.

[HKEY_LOCAL_MACHINEsoftwareClassesVideoLAN.VLCPlugin.*2*]

@="?????????????????? v2"

.

[HKEY_LOCAL_MACHINEsoftwareClassesVideoLAN.VLCPlugin.*2*CLSID]

@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'winlogon.exe'(792)

c:windowssystem32Ati2evxx.dll

.

Completion time: 2013-01-08 18:24:44

ComboFix-quarantined-files.txt 2013-01-08 10:24

.

Pre-Run: 92,390,326,272 bytes free

Post-Run: 92,343,468,032 bytes free

.

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(2)WINDOWS

[operating systems]

c:cmdconsBOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

UnsupportedDebug="do not select this" /debug

multi(0)disk(0)rdisk(0)partition(2)WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect /usepmtimer

.

- - End Of File - - 35A4F68BB72384DA6C67D5574EAE0101

[Tomk_]

Let's get an online scan.

 

ESET Online Scanner:

 

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.

 

Vista users: You will need to to right-click on the either the IE or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator from the context menu.

 

• Please go here then click on:

  Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.

  All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.

• Select the option YES, I accept the Terms of Use then click on:
• When prompted allow the Add-On/Active X to install.
• Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
• Now click on Advanced Settings and select the following:

• • Scan for potentially unwanted applications
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth Technology
• Now click on:
• The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
• When completed the Online Scan will begin automatically.
• Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
• When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
• Now click on:
• Use notepad to open the logfile located at C:Program FilesESETEsetOnlineScannerlog.txt.
• Copy and paste that log as a reply to this topic.

Note: Do not forget to re-enable your Anti-Virus application after running the above scan!

[mattyang]

Hi Tomk_, sorry for the delay in posting as had some problems deactivating Trend due to password problems. However, have since resolved issue and done scan online as directed using ESET, please find the log as follows:

 

ESETSmartInstaller@High as downloader log:

all ok

# version=8

# OnlineScannerApp.exe=1.0.0.1

# OnlineScanner.ocx=1.0.0.6844

# api_version=3.0.2

# EOSSerial=b3322dc81dbe6449be78e90816a15ada

# end=finished

# remove_checked=false

# archives_checked=true

# unwanted_checked=false

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2013-01-13 02:48:02

# local_time=2013-01-13 10:48:02 (+0800, Malay Peninsula Standard Time)

# country="United States"

# lang=1033

# osver=5.1.2600 NT Service Pack 3

# compatibility_mode=518 16777213 100 100 3162176 45728106 0 0

# scanned=65278

# found=1

# cleaned=0

# scan_time=3564

C:Documents and SettingsacerMy DocumentsDownloadsVipBoxSportsApp_setup(8).exe Win32/Adware.1ClickDownload.G application (unable to clean) 9702A5F925BFBDCAF77CD8C006D2DB9748749568 I

[Tomk_]

COMBOFIX-Script

 

• Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:

   

  File::
  C:Documents and SettingsacerMy DocumentsDownloadsVipBoxSportsApp_setup(8).exe
  
  

• Save this as CFScript.txt and change the "Save as type" to "All Files" and place it on your desktop.

   

  

• Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
• Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
• ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
• When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.

 

 

Also... are you still having trouble with Coupondropdown?

[mattyang]

Tomk_, yet to run the CFScript in ComboFix, I can see the Coupondropdown ads popping up at certain underlined words. Will run CFScript and report in again to see if problem still exist.

[mattyang]

Tomk_, COMBOFIX scan log with CFScript.txt

 

ComboFix 13-01-13.01 - acer 01/13/2013 20:11:28.2.2 - x86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1023.582 [GMT 8:00]

Running from: c:documents and settingsacerDesktopComboFix.exe

Command switches used :: c:documents and settingsacerDesktopCFScript.txt

AV: Trend Micro Titanium Internet Security 2012 *Disabled/Updated* {7D2296BC-32CC-4519-917E-52E652474AF5}

.

.

((((((((((((((((((((((((( Files Created from 2012-12-13 to 2013-01-13 )))))))))))))))))))))))))))))))

.

.

2013-01-13 01:42 . 2013-01-13 01:42 -------- d-----w- c:program filesESET

2013-01-12 04:29 . 2013-01-12 04:29 -------- d-----w- c:documents and settingsacerLocal SettingsApplication DataPCHealth

2013-01-10 12:37 . 2013-01-10 12:37 -------- d-----w- c:documents and settingsacerApplication DataXilisoft

2012-12-24 05:59 . 2012-12-24 05:59 -------- d-----w- c:documents and settingsacerApplication DataSUPERAntiSpyware.com

2012-12-24 05:58 . 2012-12-24 05:58 -------- d-----w- c:program filesSUPERAntiSpyware

2012-12-24 05:58 . 2012-12-24 05:58 -------- d-----w- c:documents and settingsAll UsersApplication DataSUPERAntiSpyware.com

2012-12-22 06:13 . 2012-12-22 06:13 2174976 ----a-w- c:program filesCommon Filesatimpenc.dll

2012-12-18 10:20 . 2013-01-06 05:24 -------- d-----w- c:documents and settingsacerApplication DataQuickScan

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2013-01-10 13:49 . 2012-04-04 11:34 697864 ----a-w- c:windowssystem32FlashPlayerApp.exe

2013-01-10 13:49 . 2012-01-26 03:27 74248 ----a-w- c:windowssystem32FlashPlayerCPLApp.cpl

2012-12-16 12:23 . 2004-08-04 05:00 290560 ----a-w- c:windowssystem32atmfd.dll

2012-12-14 08:49 . 2012-02-03 12:47 21104 ----a-w- c:windowssystem32driversmbam.sys

2012-11-13 01:25 . 2005-10-06 00:06 1866368 ----a-w- c:windowssystem32win32k.sys

2012-11-06 02:01 . 2008-04-14 00:12 1371648 ------w- c:windowssystem32msxml6.dll

2012-11-02 02:02 . 2004-08-04 05:00 375296 ----a-w- c:windowssystem32dpnet.dll

2012-11-01 12:17 . 2006-03-04 03:58 916992 ----a-w- c:windowssystem32wininet.dll

2012-11-01 12:17 . 2004-08-04 05:00 43520 ----a-w- c:windowssystem32licmgr10.dll

2012-11-01 12:17 . 2004-08-04 05:00 1469440 ------w- c:windowssystem32inetcpl.cpl

2012-11-01 00:35 . 2004-08-04 05:00 385024 ----a-w- c:windowssystem32html.iec

2009-05-01 21:02 . 2013-01-12 05:19 1044480 ----a-w- c:program filesmozilla firefoxpluginslibdivx.dll

2009-05-01 21:02 . 2013-01-12 05:19 200704 ----a-w- c:program filesmozilla firefoxpluginsssldivx.dll

2013-01-12 05:19 . 2013-01-12 05:18 262704 ----a-w- c:program filesmozilla firefoxcomponentsbrowsercomps.dll

2006-05-03 03:06 163328 --sha-r- c:windowssystem32flvDX.dll

2007-02-21 04:47 31232 --sha-r- c:windowssystem32msfDX.dll

2008-03-16 06:30 216064 --sha-r- c:windowssystem32nbDX.dll

2010-01-06 15:00 107520 --sha-r- c:windowssystem32TAKDSDecoder.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]

"Trend Micro Titanium"="c:program filesTrend MicroTitaniumUIFrameworkuiWinMgr.exe" [2012-09-08 1304824]

"Trend Micro Client Framework"="c:program filesTrend MicroUniClientUiFrmWrkUIWatchDog.exe" [2012-02-27 133424]

"TkBellExe"="c:program filesrealrealplayerupdaterealsched.exe" [2012-08-14 296096]

.

[hkey_local_machinesoftwaremicrosoftwindowscurrentversionexplorerShellExecuteHooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:program filesSUPERAntiSpywareSASSEH.DLL" [2011-07-19 113024]

.

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimal!SASCORE]

@=""

.

[HKLM~startupfolderC:^Documents and Settings^All Users^Start Menu^Programs^Startup^Acer Empowering Technology.lnk]

path=c:documents and settingsAll UsersStart MenuProgramsStartupAcer Empowering Technology.lnk

backup=c:windowspssAcer Empowering Technology.lnkCommon Startup

.

[HKLM~startupfolderC:^Documents and Settings^All Users^Start Menu^Programs^Startup^Acer WLAN 11g USB Dongle.lnk]

path=c:documents and settingsAll UsersStart MenuProgramsStartupAcer WLAN 11g USB Dongle.lnk

backup=c:windowspssAcer WLAN 11g USB Dongle.lnkCommon Startup

.

[HKLM~startupfolderC:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]

path=c:documents and settingsAll UsersStart MenuProgramsStartupAdobe Reader Speed Launch.lnk

backup=c:windowspssAdobe Reader Speed Launch.lnkCommon Startup

.

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregLaunchApp]

Alaunch [X]

.

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregAcer Empowering Technology Monitor]

2006-04-19 03:54 49152 ----a-w- c:windowssystem32SysMonitor.exe

.

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregAdobe ARM]

2012-07-27 20:51 919008 ----a-w- c:program filesCommon FilesAdobeARM1.0AdobeARM.exe

.

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregAlcmtr]

2005-05-03 02:43 69632 ----a-w- c:windowsAlcmtr.exe

.

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregAPSDaemon]

2012-02-20 13:28 59240 ----a-w- c:program filesCommon FilesAppleApple Application SupportAPSDaemon.exe

.

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregAspireService]

2006-06-09 20:24 110592 ----a-w- c:program filesAcerAcer eMode ManagementAspireService.exe

.

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregctfmon.exe]

2008-04-14 00:12 15360 ----a-w- c:windowssystem32ctfmon.exe

.

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregeDataSecurity Loader]

2006-03-17 23:00 345088 ----a-w- c:acerEmpowering TechnologyeDataSecurityeDSloader.exe

.

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregeRecoveryService]

2006-06-01 22:40 413696 ----a-w- c:acerEmpowering TechnologyeRecoveryeRAgent.exe

.

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregIMEKRMIG6.1]

2004-08-04 05:00 44032 ----a-w- c:windowsimeimkr6_1imekrmig.exe

.

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregIMJPMIG8.1]

2004-08-04 05:00 208952 ----a-w- c:windowsimeimjp8_1imjpmig.exe

.

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregMediaSync]

2006-05-04 22:55 425984 ----a-w- c:program filesAcerAcer eConsoleMediaSync.exe

.

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregMSMSGS]

2008-04-14 00:12 1695232 ----a-w- c:program filesMessengermsmsgs.exe

.

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregMSPY2002]

2004-08-04 05:00 59392 ----a-w- c:windowssystem32IMEPINTLGNTIMSCINST.EXE

.

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregntiMUI]

2005-05-12 00:15 45056 ----a-w- c:program filesNewTech InfosystemsNTI CD & DVD-Maker 7ntiMUI.exe

.

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregNvCplDaemon]

2006-07-11 22:19 7626752 ----a-w- c:windowssystem32nvcpl.dll

.

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregNvMediaCenter]

2006-07-11 22:19 86016 ----a-w- c:windowssystem32nvmctray.dll

.

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregnwiz]

2006-07-11 22:19 1519616 ----a-w- c:windowssystem32nwiz.exe

.

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregPCMService]

2006-03-30 05:50 143360 ----a-w- c:program filesAcer TV-FMPCMService.exe

.

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregPHIME2002A]

2004-08-04 05:00 455168 ----a-w- c:windowssystem32IMETINTLGNTTINTSETP.EXE

.

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregPHIME2002ASync]

2004-08-04 05:00 455168 ----a-w- c:windowssystem32IMETINTLGNTTINTSETP.EXE

.

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregQuickTime Task]

2012-04-18 12:56 421888 ----a-w- c:program filesQuickTimeQTTask.exe

.

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregRemoteControl]

2004-11-03 03:24 32768 ----a-w- c:program filesCyberLinkPowerDVDPDVDServ.exe

.

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregRTHDCPL]

2006-06-01 00:48 16208384 ----a-w- c:windowsRTHDCPL.exe

.

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregSkyTel]

2006-05-16 02:04 2879488 ----a-w- c:windowsSkyTel.exe

.

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregSunJavaUpdateSched]

2011-06-09 05:06 254696 ----a-w- c:program filesCommon FilesJavaJava Updatejusched.exe

.

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregSUPERAntiSpyware]

2012-11-01 19:45 4763008 ----a-w- c:program filesSUPERAntiSpywareSUPERAntiSpyware.exe

.

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregTkBellExe]

2012-08-14 13:00 296096 ----a-w- c:program filesRealRealPlayerUpdaterealsched.exe

.

[HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity centerMonitoringTrendAntiVirus]

"DisableMonitoring"=dword:00000001

.

[HKLM~servicessharedaccessparametersfirewallpolicystandardprofileAuthorizedApplicationsList]

"%windir%system32sessmgr.exe"=

"c:Program FilesAcer TV-FMPowerCinema.exe"=

"c:Program FilesAcer TV-FMPCMService.exe"=

"%windir%Network Diagnosticxpnetdiag.exe"=

"c:Program FilesVeetlePlayerVeetleNet.exe"=

"c:Program FilesMicrosoft OfficeOffice14ONENOTE.EXE"=

"c:Program FilesMicrosoft OfficeOffice14OUTLOOK.EXE"=

"c:Program FilesSopCastSopCast.exe"=

"c:WINDOWSsystem32msiexec.exe"=

"c:Program FilesCommon FilesAppleApple Application SupportWebKit2WebProcess.exe"=

.

R1 SASDIFSV;SASDIFSV;c:program filesSUPERAntiSpywaresasdifsv.sys [7/23/2011 12:27 AM 12880]

R1 SASKUTIL;SASKUTIL;c:program filesSUPERAntiSpywareSASKUTIL.SYS [7/13/2011 5:55 AM 67664]

R1 tmevtmgr;tmevtmgr;c:windowssystem32driverstmevtmgr.sys [1/26/2012 11:02 AM 76648]

R2 !SASCORE;SAS Core Service;c:program filesSUPERAntiSpywareSASCore.exe [7/12/2012 2:54 AM 116608]

S2 Amsp;Trend Micro Solution Platform;c:program filesTrend MicroAMSPcoreServiceShell.exe [1/26/2012 10:54 AM 200632]

.

[HKEY_LOCAL_MACHINEsoftwaremicrosoftactive setupinstalled components{8A69D345-D564-463c-AFF1-A69D9E530F96}]

2013-01-12 05:13 1606760 ----a-w- c:program filesGoogleChromeApplication24.0.1312.52Installersetup.exe

.

Contents of the 'Scheduled Tasks' folder

.

2013-01-13 c:windowsTasksAdobe Flash Player Updater.job

- c:windowssystem32MacromedFlashFlashPlayerUpdateService.exe [2012-04-04 13:49]

.

2013-01-08 c:windowsTasksAppleSoftwareUpdate.job

- c:program filesApple Software UpdateSoftwareUpdate.exe [2011-06-01 09:57]

.

2013-01-13 c:windowsTasksGoogleUpdateTaskMachineCore.job

- c:program filesGoogleUpdateGoogleUpdate.exe [2012-08-14 12:57]

.

2013-01-13 c:windowsTasksGoogleUpdateTaskMachineUA.job

- c:program filesGoogleUpdateGoogleUpdate.exe [2012-08-14 12:57]

.

2013-01-13 c:windowsTasksRealUpgradeLogonTaskS-1-5-21-2142491333-3158233723-917065816-1006.job

- c:program filesRealRealUpgraderealupgrade.exe [2012-07-27 06:27]

.

2013-01-10 c:windowsTasksRealUpgradeScheduledTaskS-1-5-21-2142491333-3158233723-917065816-1006.job

- c:program filesRealRealUpgraderealupgrade.exe [2012-07-27 06:27]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://sg.yahoo.com/?p=us

IE: E&xport to Microsoft Excel - c:progra~1MICROS~2Office14EXCEL.EXE/3000

IE: Se&nd to OneNote - c:progra~1MICROS~2Office14ONBttnIE.dll/105

IE: Search the Web - c:program filesSweetIMToolbarsInternet Explorerresourcesmenuext.html

TCP: DhcpNameServer = 192.168.1.254

FF - ProfilePath - c:documents and settingsacerApplication DataMozillaFirefoxProfilesfoutjaf1.default

FF - prefs.js: browser.search.selectedEngine -

FF - prefs.js: browser.startup.homepage - hxxp://sg.yahoo.com/

FF - ExtSQL: 2012-12-18 18:19; {e001c731-5e37-4538-a5cb-8168736a2360}; c:documents and settingsacerApplication DataMozillaFirefoxProfilesfoutjaf1.defaultextensions{e001c731-5e37-4538-a5cb-8168736a2360}

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2013-01-13 20:15

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERSS-1-5-21-2142491333-3158233723-917065816-1006SoftwareMicrosoftSystemCertificatesAddressBook*]

@Allowed: (Read) (RestrictedCode)

@Allowed: (Read) (RestrictedCode)

.

[HKEY_LOCAL_MACHINEsoftwareClassesCLSID{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:WINDOWSsystem32MacromedFlashFlashUtil32_11_5_502_146_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINEsoftwareClassesCLSID{73C9DFA0-750D-11E1-B0C4-0800200C9A66}Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINEsoftwareClassesCLSID{73C9DFA0-750D-11E1-B0C4-0800200C9A66}LocalServer32]

@="c:WINDOWSsystem32MacromedFlashFlashUtil32_11_5_502_146_ActiveX.exe"

.

[HKEY_LOCAL_MACHINEsoftwareClassesCLSID{73C9DFA0-750D-11E1-B0C4-0800200C9A66}TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINEsoftwareClassesInterface{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINEsoftwareClassesInterface{6AE38AE0-750C-11E1-B0C4-0800200C9A66}ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINEsoftwareClassesInterface{6AE38AE0-750C-11E1-B0C4-0800200C9A66}TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINEsoftwareClassesVideoLAN.VLCPlugin.*1*]

@="?????????????????? v1"

.

[HKEY_LOCAL_MACHINEsoftwareClassesVideoLAN.VLCPlugin.*1*CLSID]

@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"

.

[HKEY_LOCAL_MACHINEsoftwareClassesVideoLAN.VLCPlugin.*2*]

@="?????????????????? v2"

.

[HKEY_LOCAL_MACHINEsoftwareClassesVideoLAN.VLCPlugin.*2*CLSID]

@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'winlogon.exe'(792)

c:windowssystem32Ati2evxx.dll

.

- - - - - - - > 'explorer.exe'(404)

c:windowssystem32WININET.dll

c:windowssystem32ieframe.dll

c:windowssystem32webcheck.dll

.

Completion time: 2013-01-13 20:16:33

ComboFix-quarantined-files.txt 2013-01-13 12:16

ComboFix2.txt 2013-01-08 10:24

.

Pre-Run: 91,968,647,168 bytes free

Post-Run: 91,975,061,504 bytes free

.

- - End Of File - - 6F183E9CFA4D1A566226CE2070C675B6

 

And yes I can still see the Coupondropdown ads underlined words.

[Tomk_]

I'm not seeing where it's coming from.

 

Let's see if another tool can find it.

 

Please download Junkware Removal Tool to your desktop.

• Shut down your protection software now to avoid potential conflicts.
• Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
• The tool will open and start scanning your system.
• Please be patient as this can take a while to complete depending on your system's specifications.
• On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
• Post the contents of JRT.txt into your next message.

[mattyang]

Tomk_, here is the scan result from JRT:

 

Junkware Removal Tool (JRT) by Thisisu

Version: 4.4.2 (01.08.2013:1)

OS: Microsoft Windows XP x86

Ran by acer on Mon 01/14/2013 at 19:14:44.17

Blog: http://thisisudax.blogspot.com

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

 

 

 

~~~ Services

 

 

 

~~~ Registry Values

 

Successfully repaired: [Registry Value] hkey_local_machinesoftwaremicrosoftinternet explorersearchscopes{0633ee93-d776-472f-a0ff-e1416b8b2e3a}DisplayName

Successfully repaired: [Registry Value] hkey_local_machinesoftwaremicrosoftinternet explorersearchscopes{0633ee93-d776-472f-a0ff-e1416b8b2e3a}URL

 

 

 

~~~ Registry Keys

 

 

 

~~~ Files

 

Successfully deleted: [File] C:WINDOWSprefetchAPNSTUB.EXE-16E66AC4.pf

 

 

 

~~~ Folders

 

 

 

~~~ FireFox

 

Successfully deleted the following from C:Documents and SettingsacerApplication Datamozillafirefoxprofilesfoutjaf1.defaultprefs.js

 

user_pref("extensions.crossrider.bic", "135ddb01fea94924f5e4f1de29c38ab2");

Emptied folder: C:Documents and SettingsacerApplication Datamozillafirefoxprofilesfoutjaf1.defaultminidumps [4 files]

 

 

 

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on Mon 01/14/2013 at 19:19:45.25

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

Unfortunately the Coupondropdown ad is one pesky burger, still lurking in Mozilla browser.

[Tomk_]

Please look for it in extentions.

 

In FireFox - Click on Tools and then Add-ons then Extensions. Look for Coupondropdown and if it is there remove it. If you should find 1clickdownloader there - remove it also. Coupondropdown comes with 1clickdownloader. You shouldn't find 1clickdownloader as we already removed it... but look while you're there.

 

Then... Let's clear the cookies.

 

In FireFox - Click on Tools then Options then Advanced then Network then the Clear Now button under Cached Web Content.

 

 

Let me know how you do.

[mattyang]

Hi Tomk_, things looks good, thou didn't see any CoupondropDown extensions but did managed to remove another which I suspected was harbouring the offending adware. So far can see the problem is no longer bugging me. Thanks.

[Tomk_]

Great.

 

Then let's clean up.

• Click START then RUN
• Now type ComboFix /Uninstall in the runbox and click OK.
• Note the space between the X and the U, it needs to be there.
• 

The above procedure will:

• Implement some cleanup procedures.
• Reset System Restore.

Now to remove most of the tools that we have used in fixing your machine:

• Make sure you have an Internet Connection.
• Download OTC to your desktop and run it
• A list of tool components used in the cleanup of malware will be downloaded.
• If your Firewall or Real Time protection attempts to block OTC to reach the Internet, please allow the application to do so.
• Click Yes to begin the cleanup process and remove these components, including this application.
• You will be asked to reboot the machine to finish the cleanup process. If you are asked to reboot the machine choose Yes.

Please re-enable any security that was disabled.

 

 

The following is my standard advice for the future. Use what you can and pat yourself on the back for what you're already doing.

 

Please take time to read Preventing Malware - Tools and Practices for Safe Computing. Very important information for your consideration is contained therein.

 

I would also suggest you read this:

So how did I get infected in the first place?

by Tony Klein

 

 

Also: "How to prevent malware"

by miekiemoes

 

With that done...

 

 

 

Please give me a set of DDS logs for the second computer and let me know what is happening with it at this point.

[mattyang]

Thanks Tomk_ couldn't have done it without your guidance. Btw, how do I remove JRT as I can't locate the uninstall software in Programs?

[Tomk_]

It has no uninstall. It's just a script so you can just delete it.

 

Are you going to post logs for the second computer?

[mattyang]

Hi Tomk_ herein are the scan result from DDS for my Toshiba Notebook. I had done so as SuperAntiSpyware has detected some trojans in my system. Hence, just want to be thoroughly sure that all remnants of anything that might pose a threat to the notebook are thoroughly eradicated.

 

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 9.0.8112.16457 BrowserJavaVersion: 1.6.0_29
Run by Matt at 20:29:42 on 2013-01-21
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.65.1033.18.3060.2237 [GMT 8:00]
.
AV: Trend Micro Titanium Maximum Security 2012 *Disabled/Updated* {B7599298-8445-728A-A5C7-A26A082C8BDA}
SP: Trend Micro Titanium Maximum Security 2012 *Disabled/Updated* {0C38737C-A27F-7D04-9F77-991873ABC167}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ================
.
C:windowssystem32wininit.exe
C:windowssystem32lsm.exe
C:Program FilesFingerprint SensorAtService.exe
C:windowssystem32nvvsvc.exe
C:WindowsSystem32GFNEXSrv.exe
C:windowsSystem32spoolsv.exe
C:windowssystem32nvvsvc.exe
C:Program FilesTrend MicroUniClientUiFrmWrkuiWatchDog.exe
C:Program FilesSUPERAntiSpywareSASCORE.EXE
C:Program FilesCommon FilesAdobeARM1.0armsvc.exe
C:Program FilesCommon FilesAppleMobile Device SupportAppleMobileDeviceService.exe
C:Program FilesMicrosoft Small BusinessBusiness Contact ManagerBcmSqlStartupSvc.exe
C:Program FilesMicrosoftBingDesktopBingDesktopUpdater.exe
C:Program FilesBonjourmDNSResponder.exe
C:windowssystem32FsUsbExService.Exe
C:Program FilesIntelIntel® Management Engine ComponentsLMSLMS.exe
c:Program FilesMicrosoft SQL ServerMSSQL.1MSSQLBinnsqlservr.exe
C:ProgramDataSkypeToolbarsSkype C2C Servicec2c_service.exe
c:Program FilesMicrosoft SQL Server90Sharedsqlbrowser.exe
c:Program FilesMicrosoft SQL Server90Sharedsqlwriter.exe
C:windowssystem32ThpSrv.exe
C:windowssystem32TODDSrv.exe
C:Program FilesTOSHIBAPower SaverTosCoSrv.exe
C:Program FilesTOSHIBATECOTecoService.exe
C:Program FilesCommon FilesMicrosoft SharedWindows LiveWLIDSVC.EXE
C:Program FilesYahoo!SoftwareUpdateYahooAUService.exe
C:Program FilesIntelIntel® Rapid Storage TechnologyIAStorDataMgrSvc.exe
C:Program FilesCommon FilesMicrosoft SharedWindows LiveWLIDSvcM.exe
C:windowssystem32wbemwmiprvse.exe
C:windowssystem32wbemunsecapp.exe
C:windowssystem32taskhost.exe
C:windowssystem32Dwm.exe
C:windowsExplorer.EXE
C:Program FilesTrend MicroTitaniumpluginTMASTMAS_WLMTMAS_WLMMon.exe
C:Program FilesGoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe
C:windowssystem32SearchIndexer.exe
C:Program FilesWindows Media Playerwmpnetwk.exe
C:windowssystem32taskeng.exe
C:Program FilesTOSHIBAConfigFreeNDSTray.exe
C:Program FilesTOSHIBAConfigFreeCFSwMgr.exe
C:windowssystem32DllHost.exe
C:Program FilesTOSHIBAConfigFreeCFIWmxSvcs.exe
C:Program FilesTOSHIBAConfigFreeCFSvcs.exe
C:Program FilesIntelIntel® Management Engine ComponentsUNSUNS.exe
C:windowssystem32wuauclt.exe
C:windowssystem32SearchProtocolHost.exe
C:windowssystem32SearchFilterHost.exe
C:windowssystem32conhost.exe
C:windowssystem32wbemwmiprvse.exe
C:windowssystem32svchost.exe -k DcomLaunch
C:windowssystem32svchost.exe -k RPCSS
C:windowsSystem32svchost.exe -k LocalServiceNetworkRestricted
C:windowsSystem32svchost.exe -k LocalSystemNetworkRestricted
C:windowssystem32svchost.exe -k netsvcs
C:windowssystem32svchost.exe -k LocalService
C:windowssystem32svchost.exe -k NetworkService
C:windowssystem32svchost.exe -k LocalServiceNoNetwork
C:windowssystem32svchost.exe -k LocalServiceAndNoImpersonation
C:windowssystem32svchost.exe -k imgsvc
C:windowssystem32svchost.exe -k NetworkServiceNetworkRestricted
C:windowsSystem32svchost.exe -k LocalServicePeerNet
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://sg.yahoo.com/?p=us
uDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSAS&bmod=TSAS
mStart Page = hxxp://www.google.com
mDefault_Page_URL = hxxp://sg.yahoo.com
BHO: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - c:program filesyahoo!companioninstallscpn0yt.dll
BHO: TFPUPWDBankBHO Class: {030AC7B6-E7EC-40F1-8FB2-C0FD344DE0B9} - c:program filestoshibatfpuTFPUPWDBankBHO.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:program filescommon filesadobeacrobatactivexAcroIEHelperShim.dll
BHO: TmIEPlugInBHO Class: {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - c:program filestrend microamspmodule200042.0.13616.8.1078TmIEPlg.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:programdatarealrealplayerbrowserrecordpluginierpbrowserrecordplugin.dll
BHO: TSToolbarBHO: {43C6D902-A1C5-45c9-91F6-FD9E90337E18} - c:program filestrend microtitaniumuiframeworkToolbarIE.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:program filescommon filesmicrosoft sharedwindows liveWindowsLiveLogin.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:program filesgooglegoogle toolbarGoogleToolbar_32.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - c:program filesskypetoolbarsinternet explorerskypeieplugin.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - c:program filesmicrosoft officeoffice14URLREDIR.DLL
BHO: TmBpIeBHO Class: {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - c:program filestrend microamspmodule200027.1.11047.1.1104TmBpIe32.dll
BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:program filesjavajre6binjp2ssv.dll
BHO: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - c:program filesyahoo!companioninstallscpn0YTSingleInstance.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:program filesgooglegoogle toolbarGoogleToolbar_32.dll
TB: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - c:program filesyahoo!companioninstallscpn0yt.dll
TB: Trend Micro Toolbar: {CCAC5586-44D7-4c43-B64A-F042461A97D2} - c:program filestrend microtitaniumuiframeworkToolbarIE.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:program filesgooglegoogle toolbarGoogleToolbar_32.dll
uRun: [swg] "c:program filesgooglegoogletoolbarnotifierGoogleToolbarNotifier.exe"
mRun: [WLM] "c:program filestrend microtitaniumplugintmastmas_wlmTMAS_WLMMon.exe"
mRun: [Trend Micro Titanium] "c:program filestrend microtitaniumuiframeworkuiWinMgr.exe" -set Silent "1" SplashURL ""
mRun: [Trend Micro Client Framework] "c:program filestrend microuniclientuifrmwrkUIWatchDog.exe"
mRun: [Adobe ARM] "c:program filescommon filesadobearm1.0AdobeARM.exe"
mRunOnce: [b Register c:program filesdivxdivx plus playerdpxpluginsdpxdfxaudioplugin.dll] "c:windowssystem32rundll32.exe" "c:program filesdivxdivx plus playerdpxpluginsDPXDFXAudioPlugin.dll",DllRegisterServer
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - c:progra~1mif5ba~1office14EXCEL.EXE/3000
IE: Se&nd to OneNote - c:progra~1mif5ba~1office14ONBttnIE.dll/105
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:program fileswindows livewriterWriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:program filesmicrosoft officeoffice14ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:program filesmicrosoft officeoffice14ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:program filesskypetoolbarsinternet explorerskypeieplugin.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - hxxp://utilities.pcpitstop.com/Nirvana/controls/pcmatic.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} - hxxp://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework//microsoft/wrc32.ocx
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
TCP: NameServer = 192.168.1.254
TCP: Interfaces{28FCAA0F-22A2-4822-9D11-E00609EB5AA6} : DHCPNameServer = 203.116.1.94 203.116.254.150
TCP: Interfaces{F748CED6-E33D-4AE4-B0A6-5EE2AAA5BD5D} : DHCPNameServer = 192.168.1.254
TCP: Interfaces{F748CED6-E33D-4AE4-B0A6-5EE2AAA5BD5D}14A747563686131303F573231433 : DHCPNameServer = 192.168.1.254
TCP: Interfaces{F748CED6-E33D-4AE4-B0A6-5EE2AAA5BD5D}14E47454C4350225F4F4D4 : DHCPNameServer = 192.168.1.254
TCP: Interfaces{F748CED6-E33D-4AE4-B0A6-5EE2AAA5BD5D}14E47454C4350284F4D45402 : DHCPNameServer = 192.168.1.254
TCP: Interfaces{F748CED6-E33D-4AE4-B0A6-5EE2AAA5BD5D}84F4D454 : DHCPNameServer = 192.168.1.254
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:program filescommon filesmicrosoft sharedoffice14MSOXMLMF.DLL
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:program filesskypetoolbarsinternet explorerskypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:program filescommon filesskypeSkype4COM.dll
Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - c:program filestrend microamspmodule200027.1.11047.1.1104TmBpIe32.dll
Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - c:program filestrend microamspmodule200042.0.13616.8.1078TmIEPlg.dll
Handler: tmtb - {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} - c:program filestrend microtitaniumuiframeworkToolbarIE.dll
Handler: tmtbim - {0B37915C-8B98-4B9E-80D4-464D2C830D10} - c:program filestrend microtitaniumuiframeworkProToolbarIMRatingActiveX.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:program fileswindows livephoto galleryAlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:program filesgooglechromeapplication24.0.1312.52installersetup.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:usersmattappdataroamingmozillafirefoxprofiles4s4eywhw.default
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://sg.yahoo.com/
FF - plugin: c:progra~1mif5ba~1office14NPAUTHZ.DLL
FF - plugin: c:progra~1mif5ba~1office14NPSPWRAP.DLL
FF - plugin: c:program filesadobereader 10.0readerairnppdf32.dll
FF - plugin: c:program filesdivxdivx ovs helpernpovshelper.dll
FF - plugin: c:program filesgoogleupdate1.3.21.123npGoogleUpdate3.dll
FF - plugin: c:program filesjavajre6binnew_pluginnpdeployJava1.dll
FF - plugin: c:program filesmicrosoft silverlight4.1.10329.0npctrlui.dll
FF - plugin: c:program filesmozilla firefoxpluginsnpdeployJava1.dll
FF - plugin: c:program filestrend microtitaniumuiframeworktoolbarfirefoxextensioncomponentsnpToolbarChrome.dll
FF - plugin: c:program filestvuplayernpTVUAx.dll
FF - plugin: c:program filesveetleplayernpvlc.dll
FF - plugin: c:program filesveetlepluginsnpVeetle.dll
FF - plugin: c:program filesveetlevlcbroadcastnpvbp.dll
FF - plugin: c:program fileswindows livephoto galleryNPWLPG.dll
FF - plugin: c:programdatarealrealplayerbrowserrecordpluginmozillapluginsnprpchromebrowserrecordext.dll
FF - plugin: c:programdatarealrealplayerbrowserrecordpluginmozillapluginsnprphtml5videoshim.dll
FF - plugin: c:windowssystem32macromedflashNPSWF32_11_5_502_146.dll
.
============= SERVICES / DRIVERS ===============
.
R0 Thpdrv;TOSHIBA HDD Protection Driver;c:windowssystem32driversthpdrv.sys [2009-6-30 30272]
R0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;c:windowssystem32driversThpevm.sys [2009-6-30 13120]
R1 SASDIFSV;SASDIFSV;c:program filessuperantispywaresasdifsv.sys [2011-7-23 12880]
R1 SASKUTIL;SASKUTIL;c:program filessuperantispywareSASKUTIL.SYS [2011-7-13 67664]
R1 tmevtmgr;tmevtmgr;c:windowssystem32driverstmevtmgr.sys [2012-8-5 76648]
R2 !SASCORE;SAS Core Service;c:program filessuperantispywareSASCore.exe [2012-7-12 116608]
R2 ATService;AuthenTec Fingerprint Service;c:program filesfingerprint sensorAtService.exe [2009-10-24 1811704]
R2 BingDesktopUpdate;Bing Desktop Update service;c:program filesmicrosoftbingdesktopBingDesktopUpdater.exe [2012-11-22 166424]
R2 cfWiMAXService;ConfigFree WiMAX Service;c:program filestoshibaconfigfreeCFIWmxSvcs.exe [2009-10-28 185712]
R2 ConfigFree Service;ConfigFree Service;c:program filestoshibaconfigfreeCFSvcs.exe [2009-3-11 46448]
R2 FsUsbExService;FsUsbExService;c:windowssystem32FsUsbExService.Exe [2010-7-6 233472]
R2 GFNEXSrv;GFNEX Service;c:windowssystem32GFNEXSrv.exe [2010-4-13 132408]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:program filesintelintel® rapid storage technologyIAStorDataMgrSvc.exe [2010-4-13 13336]
R2 rimspci;rimspci;c:windowssystem32driversrimspe86.sys [2010-4-13 47104]
R2 risdpcie;risdpcie;c:windowssystem32driversrisdpe86.sys [2010-4-13 49152]
R2 rixdpcie;rixdpcie;c:windowssystem32driversrixdpe86.sys [2010-4-13 38400]
R2 Skype C2C Service;Skype C2C Service;c:programdataskypetoolbarsskype c2c servicec2c_service.exe [2012-8-13 3064000]
R2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:program filestoshibatecoTecoService.exe [2009-9-29 185712]
R2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:windowssystem32driversTVALZFL.sys [2009-6-20 12920]
R2 UNS;Intel® Management & Security Application User Notification Service;c:program filesintelintel® management engine componentsunsUNS.exe [2010-4-13 2314240]
R3 ATSwpWDF;AuthenTec TruePrint USB WDF Driver;c:windowssystem32driversATSwpWDF.sys [2010-4-13 659328]
R3 FsUsbExDisk;FsUsbExDisk;c:windowssystem32FsUsbExDisk.Sys [2010-7-6 36608]
R3 Impcd;Impcd;c:windowssystem32driversImpcd.sys [2009-10-27 125696]
R3 PGEffect;Pangu effect driver;c:windowssystem32driversPGEffect.sys [2010-4-13 24064]
R3 RTL8167;Realtek 8167 NT Driver;c:windowssystem32driversRt86win7.sys [2011-6-10 394856]
R3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;c:windowssystem32driversrtl8192se.sys [2010-4-26 1011232]
R3 tmeevw;tmeevw;c:windowssystem32driverstmeevw.sys [2012-8-5 55056]
R3 tmnciesc;tmnciesc;c:windowssystem32driverstmnciesc.sys [2012-8-5 171280]
S2 Amsp;Trend Micro Solution Platform;c:program filestrend microamspcoreServiceShell.exe [2012-8-5 200632]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:windowsmicrosoft.netframeworkv4.0.30319mscorsvw.exe [2010-3-18 130384]
S2 SkypeUpdate;Skype Updater;c:program filesskypeupdaterUpdater.exe [2012-7-13 160944]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:windowssystem32driversb57nd60x.sys [2009-7-14 229888]
S3 Netaapl;Apple Mobile Device Ethernet Service;c:windowssystem32driversnetaapl.sys [2011-5-10 18432]
S3 TMachInfo;TMachInfo;c:program filestoshibatoshiba service stationTMachInfo.exe [2010-4-13 51512]
S3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:program filestoshibatoshiba hdd ssd alertTosSmartSrv.exe [2009-9-18 111960]
S3 TPCHSrv;TPCH Service;c:program filestoshibatphmTPCHSrv.exe [2009-10-31 677232]
S3 TsUsbFlt;TsUsbFlt;c:windowssystem32driversTsUsbFlt.sys [2011-7-3 52224]
S3 WatAdminSvc;Windows Activation Technologies Service;c:windowssystem32watWatAdminSvc.exe [2010-6-20 1343400]
.
=============== Created Last 30 ================
.
2013-01-21 12:27:35 -------- d-----w- c:usersmattappdatalocal{8CDEC0EA-1F89-4724-B45D-E93AEFFEAA15}
2013-01-17 12:14:19 -------- d-----w- c:usersmattappdatalocal{9BC89241-94C6-4676-8F2F-DE773D97CDC5}
2013-01-15 12:48:55 -------- d-----w- c:usersmattappdatalocal{C9CE3C22-6CD0-4C80-945C-DA290CCB2F8C}
2013-01-09 12:41:51 626688 ----a-w- c:windowssystem32usp10.dll
2013-01-09 12:41:11 492032 ----a-w- c:windowssystem32win32spl.dll
2013-01-06 03:17:40 -------- d-----w- c:usersmattappdatalocalPrograms
2013-01-03 13:03:50 -------- d-----w- c:usersmattappdatalocal{EC34A816-756E-4909-8478-242E430CFFD3}
2013-01-01 01:45:48 -------- d-----w- c:usersmattappdatalocal{9E6EB1EB-92C1-4951-9E2A-EDFD61C6A8CC}
2012-12-31 02:44:32 -------- d-----w- c:usersmattappdatalocal{4EFC01C1-E43E-4101-A2DC-512ED380329F}
2012-12-30 13:02:30 -------- d-----w- c:usersmattappdatalocal{063CD621-2312-4EA4-9BC8-4CBA6219F658}
2012-12-30 01:02:03 -------- d-----w- c:usersmattappdatalocal{D32F5634-F1CF-4FAF-90C7-CB320FA12962}
2012-12-29 02:06:35 -------- d-----w- c:usersmattappdataroamingSUPERAntiSpyware.com
2012-12-29 02:06:16 -------- d-----w- c:program filesSUPERAntiSpyware
2012-12-29 02:06:15 -------- d-----w- c:programdataSUPERAntiSpyware.com
2012-12-29 02:00:16 -------- d-----w- c:usersmattappdatalocal{707C3217-F59D-41C0-8E90-8DF440EACACB}
2012-12-28 11:18:32 -------- d-----w- c:usersmattappdatalocal{F36368CD-A694-4C29-8E3F-FFC440E2A4D4}
2012-12-27 10:42:03 -------- d-----w- c:usersmattappdatalocal{810DDA05-07C4-4EBE-BDA2-ED4724B595EB}
2012-12-26 10:33:59 -------- d-----w- c:usersmattappdatalocal{7033B61C-DB58-4336-B39C-6D3AA3C79355}
2012-12-25 01:01:43 -------- d-----w- c:usersmattappdatalocal{CA3D682E-949C-430E-B5A8-C82767F4213F}
2012-12-24 02:30:00 -------- d-----w- c:usersmattappdatalocal{4D48A3F6-6A42-4FDC-B6B6-B8C85B1F9D88}
.
==================== Find3M ====================
.
2013-01-12 05:14:24 74248 ----a-w- c:windowssystem32FlashPlayerCPLApp.cpl
2013-01-12 05:14:24 697864 ----a-w- c:windowssystem32FlashPlayerApp.exe
2012-12-17 10:56:42 65536 ----a-w- c:windowsIFinst27.exe
2012-12-16 14:13:28 295424 ----a-w- c:windowssystem32atmfd.dll
2012-12-16 14:13:20 34304 ----a-w- c:windowssystem32atmlib.dll
2012-12-14 08:49:28 21104 ----a-w- c:windowssystem32driversmbam.sys
2012-12-07 12:26:17 308736 ----a-w- c:windowssystem32Wpc.dll
2012-12-07 12:20:43 2576384 ----a-w- c:windowssystem32gameux.dll
2012-11-30 04:53:34 169984 ----a-w- c:windowssystem32winsrv.dll
2012-11-30 04:47:45 293376 ----a-w- c:windowssystem32KernelBase.dll
2012-11-30 02:55:25 271360 ----a-w- c:windowssystem32conhost.exe
2012-11-30 02:38:59 6144 ---ha-w- c:windowssystem32api-ms-win-security-base-l1-1-0.dll
2012-11-30 02:38:59 4608 ---ha-w- c:windowssystem32api-ms-win-core-threadpool-l1-1-0.dll
2012-11-30 02:38:59 3584 ---ha-w- c:windowssystem32api-ms-win-core-xstate-l1-1-0.dll
2012-11-30 02:38:59 3072 ---ha-w- c:windowssystem32api-ms-win-core-util-l1-1-0.dll
2012-11-23 02:56:23 2345984 ----a-w- c:windowssystem32win32k.sys
2012-11-23 02:48:41 49152 ----a-w- c:windowssystem32taskhost.exe
2012-11-20 04:51:09 220160 ----a-w- c:windowssystem32ncrypt.dll
2012-11-14 02:09:22 1800704 ----a-w- c:windowssystem32jscript9.dll
2012-11-14 01:58:15 1427968 ----a-w- c:windowssystem32inetcpl.cpl
2012-11-14 01:57:37 1129472 ----a-w- c:windowssystem32wininet.dll
2012-11-14 01:49:25 142848 ----a-w- c:windowssystem32ieUnatt.exe
2012-11-14 01:48:27 420864 ----a-w- c:windowssystem32vbscript.dll
2012-11-14 01:44:42 2382848 ----a-w- c:windowssystem32mshtml.tlb
2012-11-09 04:42:49 2048 ----a-w- c:windowssystem32tzres.dll
2012-11-02 05:11:31 376832 ----a-w- c:windowssystem32dpnet.dll
2012-11-01 04:47:54 1389568 ----a-w- c:windowssystem32msxml6.dll
2012-10-24 19:12:26 94208 ----a-w- c:windowssystem32QuickTimeVR.qtx
2012-10-24 19:12:26 69632 ----a-w- c:windowssystem32QuickTime.qts
.
============= FINISH: 20:30:41.18 ===============

 

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: DeviceHarddiskVolume1
Install Date: 19/6/2010 7:07:06 PM
System Uptime: 21/1/2013 7:59:40 PM (1 hours ago)
.
Motherboard: TOSHIBA | | JPTR
Processor: Intel® Core i5 CPU M 430 @ 2.27GHz | CPU 1 | 1178/533mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 453 GiB total, 381.21 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP516: 31/12/2012 7:10:09 PM - Windows Update
RP517: 1/1/2013 11:38:06 AM - Windows Update
RP518: 2/1/2013 6:13:38 PM - Windows Update
RP519: 2/1/2013 8:44:12 PM - Windows Update
RP520: 3/1/2013 9:35:20 PM - Windows Update
RP521: 5/1/2013 9:16:22 AM - Windows Update
RP522: 5/1/2013 11:37:51 AM - Windows Update
RP523: 6/1/2013 11:33:01 AM - Windows Update
RP524: 7/1/2013 9:17:30 PM - Windows Update
RP525: 10/1/2013 6:17:07 PM - Windows Update
RP526: 10/1/2013 6:29:29 PM - Windows Update
RP527: 13/1/2013 9:54:12 AM - Windows Update
RP528: 13/1/2013 10:03:45 AM - Windows Update
RP529: 13/1/2013 10:32:54 AM - Windows Update
RP530: 16/1/2013 6:31:06 PM - Windows Update
RP531: 16/1/2013 9:13:12 PM - Windows Update
RP532: 17/1/2013 8:57:13 PM - Windows Update
RP533: 18/1/2013 9:10:35 PM - Windows Update
RP534: 19/1/2013 10:53:58 AM - Windows Update
RP535: 20/1/2013 11:13:16 AM - Windows Update
.
==== Installed Programs ======================
.
Acrobat.com
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.5)
Apple Application Support
Apple Mobile Device Support
Apple Software Update
AuthenTec Fingerprint Software
Bejeweled 2 Deluxe
Bing Desktop
BlackVue
Bluetooth Stack for Windows by Toshiba
Bonjour
Business Contact Manager for Outlook 2007 SP2
Canon MP250 series MP Drivers
CCleaner
Chinese Simplified Fonts Support For Adobe Reader X
Chuzzle Deluxe
D3DX10
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
DivX Setup
DivX Web Player
Dolby Control Center
DVD Flick 1.3.0.7
ESET Online Scanner v3
FATE
Google Chrome
Google Toolbar for Internet Explorer
Google Update Helper
Graboid Video 2.4
HDMI Control Manager
HomePlug AV Ethernet Adapter
iCloud
Intel® Control Center
Intel® Management Engine Components
Intel® Rapid Storage Technology
Intel® Turbo Boost Technology Driver
iTunes
Java Auto Updater
Java 6 Update 29
Junk Mail filter update
Magic Match - The Genie's Journey
Malwarebytes Anti-Malware version 1.70.0.1100
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Office 2003 Web Components
Microsoft Office 2007 Primary Interop Assemblies
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Home and Student 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Single Image 2010
Microsoft Office Small Business Connectivity Components
Microsoft Office Suite Activation Assistant
Microsoft Office Word MUI (English) 2010
Microsoft redistributable runtime DLLs VS2005(x86)
Microsoft Silverlight
Microsoft SQL Server 2005
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
Microsoft SQL Server 2005 Express Edition (SQLEXPRESS)
Microsoft SQL Server 2005 Tools Express Edition
Microsoft SQL Server Native Client
Microsoft SQL Server Setup Support Files (English)
Microsoft SQL Server VSS Writer
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
MobileMe Control Panel
Monopoly
Mozilla Firefox 18.0.1 (x86 en-GB)
Mozilla Maintenance Service
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
NVIDIA Drivers
NVIDIA PhysX
Peggle
PlayReady PC Runtime x86
Polar Bowler
Polar Golfer
QuickTime
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealPlayer
Realtek 8136 8168 8169 Ethernet Driver
Realtek High Definition Audio Driver
Realtek WLAN Driver
RealUpgrade 1.1
RICOH R5U230 Media Driver ver.2.07.03.02
Safari
SAMSUNG Mobile Composite Device Software
Samsung Mobile Modem Device Software
SAMSUNG Mobile Modem V2 Software
Samsung Mobile phone USB driver Software
SAMSUNG Mobile USB Modem 1.0 Software
SAMSUNG Mobile USB Modem Software
SAMSUNG USB Mobile Device Software
SDFormatter
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft Excel 2010 (KB2597126) 32-Bit Edition
Security Update for Microsoft InfoPath 2010 (KB2687417) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553091)
Security Update for Microsoft Office 2010 (KB2553096)
Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2597986) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2687501) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2687510) 32-Bit Edition
Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition
Security Update for Microsoft Visio Viewer 2010 (KB2598287) 32-Bit Edition
Security Update for Microsoft Word 2010 (KB2760410) 32-Bit Edition
Skype Click to Call
Skype™ 5.10
SopCast 3.4.0
SUPERAntiSpyware
TFPU
TOSHIBA Assist
TOSHIBA Bulletin Board
TOSHIBA ConfigFree
TOSHIBA Disc Creator
TOSHIBA DVD PLAYER
TOSHIBA eco Utility
TOSHIBA Extended Tiles for Windows Mobility Center
TOSHIBA Face Recognition
TOSHIBA Fingerprint Utility
TOSHIBA Hardware Setup
TOSHIBA HDD Protection
TOSHIBA HDD/SSD Alert
TOSHIBA PC Health Monitor
TOSHIBA Recovery Media Creator
TOSHIBA ReelTime
TOSHIBA Service Station
TOSHIBA Speech System Applications
TOSHIBA Speech System SR Engine(U.S.) Version1.0
TOSHIBA Speech System TTS Engine(U.S.) Version1.0
TOSHIBA Supervisor Password
TOSHIBA USB Sleep and Charge Utility
TOSHIBA Value Added Package
TOSHIBA Web Camera Application
Trend Micro Titanium
Trend Micro Titanium Maximum Security 2012
TVUPlayer 2.5.3.1
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition
Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2687277) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
VC80CRTRedist - 8.0.50727.4053
Veetle TV
VLC media player 2.0.5
vShare.tv plugin 1.3
WildTangent Games
WildTangent ORB Game Console
Windows Driver Package - MobileTop (sshpmdm) Modem (01/26/2008 2.6.0.0)
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Mail
Windows Live Messenger
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Windows Media Player Firefox Plugin
WinRAR archiver
Yahoo! Messenger
Yahoo! Search Protection
Yahoo! Software Update
Yahoo! Toolbar
Zuma Deluxe
.
==== Event Viewer Messages From Past Week ========
.
20/1/2013 11:13:37 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft Office PowerPoint 2007 (KB2596764).
18/1/2013 5:26:01 PM, Error: iaStor [9] - The device, DeviceIdeiaStor0, did not respond within the timeout period.
.
==== End Of File ===========================

[Tomk_]

Things look pretty good but you've got an old version of Java on there and there has been alot of "bad juju" related to Java recently-

http://forums.pcpitstop.com/index.php?/topic/200692-disable-java/

 

If you need Java then you need to get it updated to Java 7 update 11 (you currently have Java 6 update 29). First off you need to go to uninstall programs in your control panel and uninstall the version you have. Then go here: http://java.com/download to download and install the current version.

 

After doing that... let's get another scan:

 

Please download Malwarebytes' Anti-Malware to your desktop.

• [*]Double-click

mbam-setup.exe and follow the prompts to install the program. [*]At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish. [*]If an update is found, it will download and install the latest version. [*]Once the program has loaded, select Perform quick scan, then click Scan. [*]When the scan is complete, click OK, then Show Results to view the results. [*]Be sure that everything is checked, and click Remove Selected. [*]When completed, a log will open in Notepad. Please save it to a convenient location and post the results. [*]Note: If you receive a notice that some of the items couldn't be removed, that they have been added to the delete on reboot list, please reboot (shut down your computer then restart it).

 

[mattyang]

Hi Tomk_ did a scan with Malware and got the following scan result.

 

Malwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org

Database version: v2013.01.22.02

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
Matt :: MATT-PC [administrator]

22/1/2013 6:02:38 PM
mbam-log-2013-01-22 (18-02-38).txt

Scan type: Full scan (C:|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 346211
Time elapsed: 2 hour(s), 16 minute(s), 31 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

 

Incidentally I also ran another test with SuperAntiSpyware and got the following results.

 

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 01/22/2013 at 09:10 PM

Application Version : 5.6.1014

Core Rules Database Version : 9903
Trace Rules Database Version: 7715

Scan type : Complete Scan
Total Scan Time : 00:48:27

Operating System Information
Windows 7 Home Premium 32-bit, Service Pack 1 (Build 6.01.7601)
UAC On - Limited User

Memory items scanned : 578
Memory threats detected : 0
Registry items scanned : 39950
Registry threats detected : 0
File items scanned : 48136
File threats detected : 2

Trojan.Agent/Gen-Sisproc
C:WINDOWSIFINST27.EXE
C:USERSMATTAPPDATAROAMINGMICROSOFTWINDOWSSTART MENUPROGRAMSPITTASOFTBLACKVUEBASICUNINSTALL BLACKVUE.LNK