Virus found & computer going very slow ?

[jenzo]

I have been noticing that my computer is getting slower & slower , And when i use CC Cleaner it comes up with Internet Explorer stuff which i dont use i only use Firefox to search web.  i have also found a file called :  C:\Windows\E10DB5DAE57640EAA7FC1CB2A7B283A6.TMP the file contains a program called  : WiseCustomCalla.dll . But as you will see in the scans it does not show up & i have tried to delete it but no good  Also Avira in Quarantine is a virus named :  EXP/CVE2010-0840.CX  Found on the 13/10/2011 at 15.02 , so you guys have helped me in the pasted & got it all working again so hopefully your help will help me clean what ever is slowing up or doing something to my computer.

Computer Details :

Made by : Zoomstorm
Model : G31 & NV VP series M7
Proces : Intel Core 2 Quad 2.33ghz 2.33ghz
Memory : 3 GB  500HDD
wins system : Vista Home Premium 32Bit

I have logs which i will put up now.

Avira Logs :

Avira Antivirus Premium 2012
Report file date: 04 November 2011  11:53

Scanning for 3478265 virus strains and unwanted programs.

The program is running as a fully functional evaluation version.
Online services are available:

Licensee        : ian west
Serial number   : 2216714536-PEPWE-0000001
Platform        : Windows Vista
Windows version : (Service Pack 2)  [6.0.6002]
Boot mode       : Normally booted
Username        : SYSTEM
Computer name   : JENZO-PC

Version information:
BUILD.DAT       : 12.0.0.877     42511 Bytes  19/10/2011 18:51:00
AVSCAN.EXE      : 12.1.0.18     490448 Bytes  26/10/2011 06:28:22
AVSCAN.DLL      : 12.1.0.17      54224 Bytes  23/09/2011 12:34:57
LUKE.DLL        : 12.1.0.17      68304 Bytes  05/10/2011 09:24:24
AVSCPLR.DLL     : 12.1.0.19      99536 Bytes  05/10/2011 09:24:16
AVREG.DLL       : 12.1.0.22     226512 Bytes  26/10/2011 06:28:22
VBASE000.VDF    : 7.10.0.0    19875328 Bytes  06/11/2009 19:18:34
VBASE001.VDF    : 7.11.0.0    13342208 Bytes  14/12/2010 10:07:39
VBASE002.VDF    : 7.11.3.0     1950720 Bytes  09/02/2011 16:08:51
VBASE003.VDF    : 7.11.5.225   1980416 Bytes  07/04/2011 11:00:55
VBASE004.VDF    : 7.11.8.178   2354176 Bytes  31/05/2011 11:18:22
VBASE005.VDF    : 7.11.10.251  1788416 Bytes  07/07/2011 13:12:53
VBASE006.VDF    : 7.11.13.60   6411776 Bytes  16/08/2011 08:26:09
VBASE007.VDF    : 7.11.15.106  2389504 Bytes  05/10/2011 10:44:27
VBASE008.VDF    : 7.11.15.107     2048 Bytes  05/10/2011 10:44:27
VBASE009.VDF    : 7.11.15.108     2048 Bytes  05/10/2011 10:44:27
VBASE010.VDF    : 7.11.15.109     2048 Bytes  05/10/2011 10:44:27
VBASE011.VDF    : 7.11.15.110     2048 Bytes  05/10/2011 10:44:27
VBASE012.VDF    : 7.11.15.111     2048 Bytes  05/10/2011 10:44:27
VBASE013.VDF    : 7.11.15.144   161792 Bytes  07/10/2011 11:37:42
VBASE014.VDF    : 7.11.15.177   130048 Bytes  10/10/2011 11:37:42
VBASE015.VDF    : 7.11.15.213   113664 Bytes  11/10/2011 11:37:42
VBASE016.VDF    : 7.11.16.1     163328 Bytes  14/10/2011 10:16:51
VBASE017.VDF    : 7.11.16.34    187904 Bytes  18/10/2011 05:44:13
VBASE018.VDF    : 7.11.16.77    139264 Bytes  20/10/2011 13:03:58
VBASE019.VDF    : 7.11.16.112   162816 Bytes  24/10/2011 06:28:23
VBASE020.VDF    : 7.11.16.150   167424 Bytes  26/10/2011 09:46:19
VBASE021.VDF    : 7.11.16.187   171520 Bytes  28/10/2011 09:46:18
VBASE022.VDF    : 7.11.16.209   190976 Bytes  31/10/2011 21:38:28
VBASE023.VDF    : 7.11.16.243   158208 Bytes  02/11/2011 08:01:43
VBASE024.VDF    : 7.11.16.244     2048 Bytes  02/11/2011 08:01:43
VBASE025.VDF    : 7.11.16.245     2048 Bytes  02/11/2011 08:01:43
VBASE026.VDF    : 7.11.16.246     2048 Bytes  02/11/2011 08:01:43
VBASE027.VDF    : 7.11.16.247     2048 Bytes  02/11/2011 08:01:43
VBASE028.VDF    : 7.11.16.248     2048 Bytes  02/11/2011 08:01:43
VBASE029.VDF    : 7.11.16.249     2048 Bytes  02/11/2011 08:01:43
VBASE030.VDF    : 7.11.16.250     2048 Bytes  02/11/2011 08:01:43
VBASE031.VDF    : 7.11.17.10     79872 Bytes  04/11/2011 11:52:45
Engineversion   : 8.2.6.104
AEVDF.DLL       : 8.1.2.2       106868 Bytes  26/10/2011 06:28:21
AESCRIPT.DLL    : 8.1.3.84      467324 Bytes  28/10/2011 09:46:17
AESCN.DLL       : 8.1.7.2       127349 Bytes  01/09/2011 22:46:02
AESBX.DLL       : 8.2.1.34      323957 Bytes  01/09/2011 22:46:02
AERDL.DLL       : 8.1.9.15      639348 Bytes  08/09/2011 22:16:06
AEPACK.DLL      : 8.2.13.3      684407 Bytes  26/10/2011 06:28:21
AEOFFICE.DLL    : 8.1.2.19      201084 Bytes  04/11/2011 08:01:48
AEHEUR.DLL      : 8.1.2.188    3801464 Bytes  04/11/2011 08:01:48
AEHELP.DLL      : 8.1.18.0      254327 Bytes  26/10/2011 06:28:18
AEGEN.DLL       : 8.1.5.11      401781 Bytes  26/10/2011 06:28:17
AEEMU.DLL       : 8.1.3.0       393589 Bytes  01/09/2011 22:46:01
AECORE.DLL      : 8.1.24.0      196983 Bytes  26/10/2011 06:28:17
AEBB.DLL        : 8.1.1.0        53618 Bytes  01/09/2011 22:46:01
AVWINLL.DLL     : 12.1.0.17      27344 Bytes  05/10/2011 09:24:18
AVPREF.DLL      : 12.1.0.17      51920 Bytes  05/10/2011 09:24:15
AVREP.DLL       : 12.1.0.17     179920 Bytes  05/10/2011 09:24:15
AVARKT.DLL      : 12.1.0.17     223184 Bytes  05/10/2011 09:24:12
AVEVTLOG.DLL    : 12.1.0.17     169168 Bytes  05/10/2011 09:24:14
SQLITE3.DLL     : 3.7.0.0       398288 Bytes  05/10/2011 09:24:28
AVSMTP.DLL      : 12.1.0.17      63440 Bytes  05/10/2011 09:24:16
NETNT.DLL       : 12.1.0.17      17104 Bytes  05/10/2011 09:24:25
RCIMAGE.DLL     : 12.1.0.17    4493520 Bytes  05/10/2011 09:24:33
RCTEXT.DLL      : 12.1.0.16      96208 Bytes  23/09/2011 12:37:28

Configuration settings for the scan:
Jobname.............................: Complete system scan
Configuration file..................: C:\Program Files\Avira\AntiVir Desktop\sysscan.avp
Logging.............................: default
Primary action......................: interactive
Secondary action....................: ignore
Scan master boot sector.............: on
Scan boot sector....................: on
Boot sectors........................: C:,
Process scan........................: on
Extended process scan...............: on
Scan registry.......................: on
Search for rootkits.................: on
Integrity checking of system files..: on
Scan all files......................: All files
Scan archives.......................: on
Recursion depth.....................: 20
Smart extensions....................: on
Macro heuristic.....................: on
File heuristic......................: extended
Deviating risk categories...........: +PCK,

Start of the scan: 04 November 2011  11:53

Starting master boot sector scan:
Master boot sector HD0
    [INFO]      No virus was found!
Master boot sector HD1
    [INFO]      No virus was found!
Master boot sector HD2
    [INFO]      No virus was found!
Master boot sector HD3
    [INFO]      No virus was found!
Master boot sector HD4
    [INFO]      No virus was found!

Start scanning boot sectors:
Boot sector 'C:\'
    [INFO]      No virus was found!

Starting search for hidden objects.
c:\users\jenzo\appdata\local\microsoft\windows\temporary internet files\content.ie5\ygej5sb2\clients[1].txt
c:\users\jenzo\appdata\local\microsoft\windows\temporary internet files\content.ie5\ygej5sb2\clients[1].txt
  [NOTE]      The file is not visible.
c:\users\jenzo\appdata\local\microsoft\windows\temporary internet files\content.ie5\ygej5sb2\integrity-local[2].txt
c:\users\jenzo\appdata\local\microsoft\windows\temporary internet files\content.ie5\ygej5sb2\integrity-local[2].txt
  [NOTE]      The file is not visible.
HKEY_USERS\S-1-5-21-1443161755-3331647521-785343088-1000\Software\SecuROM\License information\datasecu
  [NOTE]      The registry entry is invisible.
HKEY_USERS\S-1-5-21-1443161755-3331647521-785343088-1000\Software\SecuROM\License information\rkeysecu
  [NOTE]      The registry entry is invisible.

The scan of running processes will be started
Scan process 'taskeng.exe' - '38' Module(s) have been scanned
Scan process 'svchost.exe' - '44' Module(s) have been scanned
Scan process 'sdclt.exe' - '46' Module(s) have been scanned
Scan process 'taskeng.exe' - '39' Module(s) have been scanned
Scan process 'svchost.exe' - '34' Module(s) have been scanned
Scan process 'vssvc.exe' - '51' Module(s) have been scanned
Scan process 'avscan.exe' - '84' Module(s) have been scanned
Scan process 'avscan.exe' - '43' Module(s) have been scanned
Scan process 'SteamService.exe' - '43' Module(s) have been scanned
Scan process 'daemonu.exe' - '42' Module(s) have been scanned
Scan process 'mbamservice.exe' - '44' Module(s) have been scanned
Scan process 'SUPERANTISPYWARE.EXE' - '70' Module(s) have been scanned
Scan process 'PCCompanionInfo.exe' - '39' Module(s) have been scanned
Scan process 'Origin.exe' - '112' Module(s) have been scanned
Scan process 'PCCompanion.exe' - '128' Module(s) have been scanned
Scan process 'steam.exe' - '100' Module(s) have been scanned
Scan process 'wlcomm.exe' - '100' Module(s) have been scanned
Scan process 'ehmsas.exe' - '25' Module(s) have been scanned
Scan process 'ehtray.exe' - '29' Module(s) have been scanned
Scan process 'TeaTimer.exe' - '41' Module(s) have been scanned
Scan process 'msnmsgr.exe' - '172' Module(s) have been scanned
Scan process 'svchost.exe' - '28' Module(s) have been scanned
Scan process 'SDTray.exe' - '100' Module(s) have been scanned
Scan process 'mbamgui.exe' - '36' Module(s) have been scanned
Scan process 'wmpnetwk.exe' - '74' Module(s) have been scanned
Scan process 'wmpnscfg.exe' - '33' Module(s) have been scanned
Scan process 'avgnt.exe' - '75' Module(s) have been scanned
Scan process 'mobsync.exe' - '48' Module(s) have been scanned
Scan process 'AVWEBGRD.EXE' - '45' Module(s) have been scanned
Scan process 'avmailc.exe' - '40' Module(s) have been scanned
Scan process 'avshadow.exe' - '37' Module(s) have been scanned
Scan process 'SDWSCSvc.exe' - '21' Module(s) have been scanned
Scan process 'SDUpdSvc.exe' - '68' Module(s) have been scanned
Scan process 'SDWinSec.exe' - '50' Module(s) have been scanned
Scan process 'WUDFHost.exe' - '39' Module(s) have been scanned
Scan process 'WLIDSvcM.exe' - '21' Module(s) have been scanned
Scan process 'SearchIndexer.exe' - '73' Module(s) have been scanned
Scan process 'WLIDSVC.EXE' - '73' Module(s) have been scanned
Scan process 'svchost.exe' - '21' Module(s) have been scanned
Scan process 'svchost.exe' - '52' Module(s) have been scanned
Scan process 'SeaPort.exe' - '58' Module(s) have been scanned
Scan process 'htcUPCTLoader.exe' - '115' Module(s) have been scanned
Scan process 'SpybotSD.exe' - '75' Module(s) have been scanned
Scan process 'RtHDVCpl.exe' - '50' Module(s) have been scanned
Scan process 'nvtray.exe' - '57' Module(s) have been scanned
Scan process 'SDFSSvc.exe' - '59' Module(s) have been scanned
Scan process 'SDHookSvc.exe' - '23' Module(s) have been scanned
Scan process 'svchost.exe' - '47' Module(s) have been scanned
Scan process 'PnkBstrA.exe' - '37' Module(s) have been scanned
Scan process 'PassThruSvr.exe' - '31' Module(s) have been scanned
Scan process 'avguard.exe' - '82' Module(s) have been scanned
Scan process 'armsvc.exe' - '28' Module(s) have been scanned
Scan process 'SASCORE.EXE' - '21' Module(s) have been scanned
Scan process 'Explorer.EXE' - '178' Module(s) have been scanned
Scan process 'taskeng.exe' - '89' Module(s) have been scanned
Scan process 'Dwm.exe' - '38' Module(s) have been scanned
Scan process 'taskeng.exe' - '59' Module(s) have been scanned
Scan process 'svchost.exe' - '63' Module(s) have been scanned
Scan process 'sched.exe' - '55' Module(s) have been scanned
Scan process 'spoolsv.exe' - '82' Module(s) have been scanned
Scan process 'svchost.exe' - '92' Module(s) have been scanned
Scan process 'svchost.exe' - '89' Module(s) have been scanned
Scan process 'nvvsvc.exe' - '59' Module(s) have been scanned
Scan process 'nvxdsync.exe' - '57' Module(s) have been scanned
Scan process 'SLsvc.exe' - '26' Module(s) have been scanned
Scan process 'svchost.exe' - '43' Module(s) have been scanned
Scan process 'svchost.exe' - '152' Module(s) have been scanned
Scan process 'svchost.exe' - '86' Module(s) have been scanned
Scan process 'svchost.exe' - '71' Module(s) have been scanned
Scan process 'svchost.exe' - '45' Module(s) have been scanned
Scan process 'nvSCPAPISvr.exe' - '36' Module(s) have been scanned
Scan process 'nvvsvc.exe' - '41' Module(s) have been scanned
Scan process 'svchost.exe' - '46' Module(s) have been scanned
Scan process 'winlogon.exe' - '37' Module(s) have been scanned
Scan process 'lsm.exe' - '30' Module(s) have been scanned
Scan process 'lsass.exe' - '65' Module(s) have been scanned
Scan process 'services.exe' - '46' Module(s) have been scanned
Scan process 'csrss.exe' - '14' Module(s) have been scanned
Scan process 'wininit.exe' - '34' Module(s) have been scanned
Scan process 'csrss.exe' - '14' Module(s) have been scanned
Scan process 'smss.exe' - '2' Module(s) have been scanned

Initiating scan of system files:
Signed -> 'C:\Windows\system32\svchost.exe'
Signed -> 'C:\Windows\system32\winlogon.exe'
Signed -> 'C:\Windows\explorer.exe'
Signed -> 'C:\Windows\system32\smss.exe'
Signed -> 'C:\Windows\system32\wininet.DLL'
Signed -> 'C:\Windows\system32\wsock32.DLL'
Signed -> 'C:\Windows\system32\ws2_32.DLL'
Signed -> 'C:\Windows\system32\services.exe'
Signed -> 'C:\Windows\system32\lsass.exe'
Signed -> 'C:\Windows\system32\csrss.exe'
Signed -> 'C:\Windows\system32\drivers\kbdclass.sys'
Signed -> 'C:\Windows\system32\spoolsv.exe'
Signed -> 'C:\Windows\system32\alg.exe'
Signed -> 'C:\Windows\system32\wuauclt.exe'
Signed -> 'C:\Windows\system32\advapi32.DLL'
Signed -> 'C:\Windows\system32\user32.DLL'
Signed -> 'C:\Windows\system32\gdi32.DLL'
Signed -> 'C:\Windows\system32\kernel32.DLL'
Signed -> 'C:\Windows\system32\ntdll.DLL'
Signed -> 'C:\Windows\system32\ntoskrnl.exe'
Signed -> 'C:\Windows\system32\ctfmon.exe'
The system files were scanned ('21' files)

Starting to scan executable files (registry).
The registry was scanned ( '2147' files ).


Starting the file scan:

Begin scan in 'C:\' <Vista>


End of the scan: 04 November 2011  12:55
Used time:  1:01:38 Hour(s)

The scan has been done completely.

  22638 Scanned directories
 496548 Files were scanned
      0 Viruses and/or unwanted programs were found
      0 Files were classified as suspicious
      0 Files were deleted
      0 Viruses and unwanted programs were repaired
      0 Files were moved to quarantine
      0 Files were renamed
      0 Files cannot be scanned
 496548 Files not concerned
   3596 Archives were scanned
      0 Warnings
      4 Notes
 743542 Objects were scanned with rootkit scan
      4 Hidden objects were found

MBAM Logs :

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 8083

Windows 6.0.6002 Service Pack 2
Internet Explorer 9.0.8112.16421

04/11/2011 14:48:14
mbam-log-2011-11-04 (14-48-14).txt

Scan type: Quick scan
Objects scanned: 177007
Time elapsed: 4 minute(s), 53 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


SuperantiSpyware Logs :

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 11/04/2011 at 02:31 PM

Application Version : 5.0.1134

Core Rules Database Version : 7896
Trace Rules Database Version: 5708

Scan type       : Complete Scan
Total Scan Time : 01:12:25

Operating System Information
Windows Vista Home Premium 32-bit, Service Pack 2 (Build 6.00.6002)
UAC On - Limited User (Administrator User)

Memory items scanned      : 759
Memory threats detected   : 0
Registry items scanned    : 37546
Registry threats detected : 0
File items scanned        : 133231
File threats detected     : 0

Anything else you need just put in reply will do it A.S.A.P for you ok

THANK YOU FOR ALL HELP
JENZO

[SuperDave]

Hello and welcome to Computer Hope Forum. My name is Dave. I will be helping you out with your particular problem on your computer.

1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.
2. The fixes are specific to your problem and should only be used for this issue on this machine.
3. If you don't know or understand something, please don't hesitate to ask.
4. Please DO NOT run any other tools or scans while I am helping you.
5. It is important that you reply to this thread. Do not start a new topic.
6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
7. Absence of symptoms does not mean that everything is clear.

If you can't access the internet with your infected computer you will have to download and transfer any programs to the computer you're using now and transfer them to the infected computer with a CD-RW or a USB storage device. I prefer a CD because a storage device can get infected. If you use a storage device hold the shift key down while inserting the USB storage device for about 10 secs. You will also have to transfer the logs you receive back to the good computer using the same method until we can get the computer back on-line.
*************************************************************************
Download DDS from HERE or HERE and save it to your desktop.

Vista users right click on dds and select Run as administrator (you will receive a UAC prompt, please allow it)

* XP users Double click on dds to run it.
* If your antivirus or firewall try to block DDS then please allow it to run.
* When finished DDS will open two (2) logs.
* Save both reports to your desktop.
* The instructions here ask you to attach the Attach.txt.



1) DDS.txt
2) Attach.txt
Instead of attaching, please copy/past both logs into your Thread

Note: DDS will instruct you to post the Attach.txt log as an attachment.
Please just post it as you would any other log by copying and pasting it into the reply.

•Close the program window, and delete the program from your desktop.

Please note: You may have to disable any script protection running if the scan fails to run.
After downloading the tool, disconnect from the internet and disable all antivirus protection.
Run the scan, enable your A/V and reconnect to the internet.
Information on A/V control HERE .Then post your DDS logs. (DDS.txt and Attach.txt )

[jenzo]

Sorry SuperDave i have tried to download the DDS from the 2 HERE clicks but i just get a screensaver on 1st one & just a ms-dos on 2nd one that none open or it tells me i dont have a program that is for that ??

Did as said on list took off internet ,anti virus, But nothing when i tried to get the 2nd HERE click my anti virus would not let me log to page cos of saying Malaware but i took it off to get the download but just got a MS-DOS ??

Sorry must be doing something wrong but cannot see what have tried loads of times now different ways but all the same !!

Thanks for the help SuperDave

[SuperDave]

Download ComboFix by sUBs from one of the below links.  Be sure to save it to the Desktop.

link # 1
Link # 2
If you are using Firefox, make sure that your download settings are as follows:

* Tools->Options->Main tab
* Set to "Always ask me where to Save the files".

Close any open web browsers (Firefox, Internet Explorer, etc) before starting ComboFix.

Temporarily disable your anti-virus, and any anti-spyware real-time protection before performing a scan. Click this link to see a list of security programs that should be disabled and how to disable them.

Right-click combofix.exe and select Run as Administrator and follow the prompts.
When finished, ComboFix will produce a log for you.
Post the ComboFix login your next reply.

NOTE: Do not mouseclick ComboFix's window while it is running. That may cause it to stall.

Remember to re-enable your anti-virus and anti-spyware protection when ComboFix is complete.

[jenzo]

Here is the COMBOFIX log as asked for :

ComboFix 11-11-05.01 - Jenzo 05/11/2011   5:32.1.4 - x86
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.44.1033.18.3069.1974 [GMT 0:00]
Running from: c:\users\Jenzo\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Spybot - Search & Destroy *Disabled/Updated* {1EAF1D03-5480-F3B2-EB14-11F0F5EE2699}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\users\Jenzo\AppData\Roaming\vso_ts_preview.xml
.
.
(((((((((((((((((((((((((   Files Created from 2011-10-05 to 2011-11-05  )))))))))))))))))))))))))))))))
.
.
2011-11-04 11:28 . 2011-11-04 11:28   --------   d-----w-   c:\users\Jenzo\AppData\Roaming\SUPERAntiSpyware.com
2011-11-04 11:27 . 2011-11-04 11:29   --------   d-----w-   c:\program files\SUPERAntiSpyware
2011-11-04 11:27 . 2011-11-04 11:27   --------   d-----w-   c:\programdata\SUPERAntiSpyware.com
2011-10-31 06:37 . 2011-10-31 16:56   --------   d-----w-   c:\users\Jenzo\AppData\Local\ESN Sonar
2011-10-28 02:24 . 2011-11-05 04:58   --------   d-----w-   c:\program files\Battlelog Web Plugins
2011-10-27 23:40 . 2011-10-30 22:13   --------   d-----w-   c:\users\Jenzo\AppData\Roaming\Origin
2011-10-27 23:40 . 2011-10-27 23:40   --------   d-----w-   c:\users\Jenzo\AppData\Local\Origin
2011-10-27 23:39 . 2011-10-30 22:12   --------   d-----w-   c:\program files\Origin
2011-10-27 23:39 . 2011-10-27 23:54   --------   d-----w-   c:\programdata\Origin
2011-10-25 06:35 . 2011-10-15 08:53   61248   ----a-w-   c:\windows\system32\OpenCL.dll
2011-10-25 06:35 . 2011-10-15 08:53   2401088   ----a-w-   c:\windows\system32\nvcuvid.dll
2011-10-25 06:35 . 2011-10-15 08:53   18871616   ----a-w-   c:\windows\system32\nvoglv32.dll
2011-10-25 06:35 . 2011-10-15 08:53   10327360   ----a-w-   c:\windows\system32\drivers\nvlddmkm.sys
2011-10-25 06:35 . 2011-10-15 08:53   5578560   ----a-w-   c:\windows\system32\nvcuda.dll
2011-10-25 06:35 . 2011-10-15 08:53   2099520   ----a-w-   c:\windows\system32\nvcuvenc.dll
2011-10-25 06:35 . 2011-10-15 08:53   17248576   ----a-w-   c:\windows\system32\nvcompiler.dll
2011-10-22 19:12 . 2011-10-22 19:12   --------   d-----w-   c:\windows\E10DB5DAE57640EAA7FC1CB2A7B283A6.TMP
2011-10-22 19:11 . 2011-10-22 19:11   --------   d-----w-   c:\program files\Common Files\Wise Installation Wizard
2011-10-14 23:54 . 2011-10-14 23:54   321856   ----a-w-   c:\windows\system32\nvStreaming.exe
2011-10-13 21:26 . 2011-07-29 16:01   293376   ----a-w-   c:\windows\system32\psisdecd.dll
2011-10-13 21:26 . 2011-07-29 16:01   217088   ----a-w-   c:\windows\system32\psisrndr.ax
2011-10-13 21:26 . 2011-07-29 16:00   57856   ----a-w-   c:\windows\system32\MSDvbNP.ax
2011-10-13 21:26 . 2011-07-29 16:00   69632   ----a-w-   c:\windows\system32\Mpeg2Data.ax
2011-10-13 21:26 . 2011-09-06 13:30   2043392   ----a-w-   c:\windows\system32\win32k.sys
2011-10-13 21:26 . 2011-09-14 10:51   2409784   ----a-w-   c:\program files\Windows Mail\OESpamFilter.dat
2011-10-13 21:26 . 2011-08-25 16:14   238080   ----a-w-   c:\windows\system32\oleacc.dll
2011-10-13 21:26 . 2011-08-25 16:15   555520   ----a-w-   c:\windows\system32\UIAutomationCore.dll
2011-10-13 21:26 . 2011-08-25 16:14   563712   ----a-w-   c:\windows\system32\oleaut32.dll
2011-10-13 21:26 . 2011-08-25 13:31   4096   ----a-w-   c:\windows\system32\oleaccrc.dll
2011-10-13 16:31 . 2011-10-13 16:31   --------   d-----w-   c:\program files\Common Files\Java
2011-10-13 15:18 . 2009-01-25 12:14   15224   ----a-w-   c:\windows\system32\sdnclean.exe
2011-10-13 15:18 . 2011-10-14 11:56   --------   d-----w-   c:\program files\Spybot - Search & Destroy 2
2011-10-13 15:09 . 2011-10-13 15:09   --------   d--h--w-   c:\windows\msdownld.tmp
2011-10-13 14:45 . 2011-10-13 14:45   --------   d-----w-   c:\users\Jenzo\AppData\Roaming\Malwarebytes
2011-10-13 14:45 . 2011-10-13 14:45   --------   d-----w-   c:\programdata\Malwarebytes
2011-10-13 14:45 . 2011-10-13 14:45   --------   d-----w-   c:\program files\Malwarebytes' Anti-Malware
2011-10-13 14:45 . 2011-08-31 16:00   22216   ----a-w-   c:\windows\system32\drivers\mbam.sys
2011-10-13 11:37 . 2011-10-13 11:37   --------   d-----w-   c:\users\Jenzo\AppData\Roaming\Avira
2011-10-13 11:36 . 2011-09-18 07:39   134344   ----a-w-   c:\windows\system32\drivers\avipbb.sys
2011-10-13 11:36 . 2011-09-15 22:55   36000   ----a-w-   c:\windows\system32\drivers\avkmgr.sys
2011-10-13 11:36 . 2011-09-15 22:55   74640   ----a-w-   c:\windows\system32\drivers\avgntflt.sys
2011-10-13 11:36 . 2011-10-13 11:36   --------   d-----w-   c:\program files\Avira
2011-10-12 11:00 . 2011-10-12 11:00   --------   d-----w-   c:\users\Jenzo\AppData\Local\Sony Ericsson
2011-10-12 10:56 . 2011-10-12 10:57   --------   d-----w-   c:\program files\Common Files\Sony Shared
2011-10-12 10:54 . 2011-10-12 10:55   --------   d-----w-   c:\program files\Sony Media Go Install
2011-10-12 10:40 . 2011-10-12 10:57   --------   d-----w-   c:\users\Jenzo\AppData\Local\Sony
2011-10-12 10:38 . 2011-10-12 10:38   --------   d-----w-   c:\users\Jenzo\Podcasts
2011-10-12 10:37 . 2011-10-12 10:57   --------   d-----w-   c:\programdata\Sony Corporation
2011-10-12 10:37 . 2011-10-12 10:55   --------   d-----w-   c:\program files\Sony
2011-10-12 10:36 . 2011-10-12 10:38   --------   d-----w-   c:\users\Jenzo\AppData\Roaming\Sony
2011-10-12 10:29 . 2011-10-12 10:29   --------   d-----w-   c:\programdata\Sony Ericsson
2011-10-12 10:29 . 2011-10-12 10:29   --------   d-----w-   c:\program files\Sony Ericsson
2011-10-11 13:09 . 2011-10-11 13:09   19416   ----a-w-   c:\program files\Mozilla Firefox\AccessibleMarshal.dll
2011-10-10 13:35 . 2011-10-10 13:35   --------   d-----w-   c:\program files\7-Zip
2011-10-10 09:31 . 2011-10-27 12:16   --------   d-----w-   c:\users\Jenzo\AppData\Local\GameSpy
2011-10-10 09:28 . 2011-10-25 05:44   --------   d-----w-   c:\users\Jenzo\AppData\Local\ApplicationHistory
2011-10-09 03:16 . 2011-10-09 03:16   --------   d-----w-   c:\windows\system32\URTTEMP
2011-10-06 19:19 . 2011-10-06 19:19   --------   d-----w-   c:\users\Jenzo\AppData\Local\Real
2011-10-06 19:19 . 2004-01-11 22:00   348160   ----a-w-   c:\windows\system32\msvcr71.dll
2011-10-06 19:19 . 2003-03-19 03:14   499712   ----a-w-   c:\windows\system32\msvcp71.dll
2011-10-06 19:19 . 2009-04-02 14:21   84480   ----a-w-   c:\windows\system32\ff_vfw.dll
2011-10-06 19:19 . 2008-06-08 22:58   60273   ----a-w-   c:\windows\system32\pthreadGC2.dll
2011-10-06 19:19 . 2011-10-06 19:19   --------   d-----w-   c:\windows\system32\system
2011-10-06 19:19 . 2005-10-28 07:44   308224   ----a-w-   c:\windows\system32\avisynth.dll
2011-10-06 19:19 . 2004-02-21 23:11   719872   ----a-w-   c:\windows\system32\devil.dll
2011-10-06 19:19 . 2011-10-06 19:22   --------   d-----w-   c:\program files\Magic Video Converter
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-04 23:14 . 2011-08-20 13:20   140072   ----a-w-   c:\windows\system32\drivers\PnkBstrK.sys
2011-11-04 23:14 . 2011-09-30 02:03   280904   ----a-w-   c:\windows\system32\PnkBstrB.xtr
2011-11-04 23:14 . 2011-08-20 13:20   280904   ----a-w-   c:\windows\system32\PnkBstrB.exe
2011-11-04 22:17 . 2011-08-20 13:20   280904   ----a-w-   c:\windows\system32\PnkBstrB.ex0
2011-10-28 02:22 . 2011-08-20 13:20   138056   ----a-w-   c:\users\Jenzo\AppData\Roaming\PnkBstrK.sys
2011-10-28 02:21 . 2011-08-20 13:20   75136   ----a-w-   c:\windows\system32\PnkBstrA.exe
2011-10-20 13:51 . 2011-05-22 23:38   544656   ----a-w-   c:\windows\system32\deployJava1.dll
2011-10-15 08:53 . 2011-08-12 13:38   919872   ----a-w-   c:\windows\system32\nvdispco32.dll
2011-10-15 08:53 . 2011-08-12 13:38   877376   ----a-w-   c:\windows\system32\nvgenco32.dll
2011-10-15 08:53 . 2011-05-10 15:34   7041856   ----a-w-   c:\windows\system32\nvwgf2um.dll
2011-10-15 08:53 . 2011-04-07 21:43   602432   ----a-w-   c:\windows\system32\easyUpdatusAPIU.dll
2011-10-15 08:53 . 2011-04-07 21:43   203072   ----a-w-   c:\windows\system32\nvmctray.dll
2011-10-15 08:53 . 2011-04-07 21:43   123712   ----a-w-   c:\windows\system32\nvshext.dll
2011-10-15 08:53 . 2011-04-07 21:43   1136448   ----a-w-   c:\windows\system32\nvvsvc.exe
2011-10-15 08:53 . 2011-04-07 21:43   6350144   ----a-w-   c:\windows\system32\nvcpl.dll
2011-10-15 08:53 . 2011-04-07 21:43   3840320   ----a-w-   c:\windows\system32\nvsvc.dll
2011-10-15 08:53 . 2009-02-18 13:44   2458432   ----a-w-   c:\windows\system32\nvapi.dll
2011-10-15 08:53 . 2009-02-18 13:44   13205312   ----a-w-   c:\windows\system32\nvd3dum.dll
2011-10-13 15:04 . 2011-05-16 09:58   414368   ----a-w-   c:\windows\system32\FlashPlayerCPLApp.cpl
2011-10-09 03:14 . 2011-08-23 10:29   669184   ----a-w-   c:\windows\system32\pbsvc.exe
2011-08-12 16:56 . 2011-08-12 16:56   108144   ----a-w-   c:\windows\system32\CmdLineExt.dll
2011-08-12 13:28 . 2010-06-24 10:33   18328   ----a-w-   c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-10-11 13:09 . 2011-05-10 14:50   134104   ----a-w-   c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-10 1233920]
"WindowsWelcomeCenter"="oobefldr.dll" [2009-04-10 2153472]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"Steam"="c:\program files\Steam\steam.exe" [2011-08-12 1242448]
"Sony Ericsson PC Companion"="c:\program files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe" [2011-07-25 433360]
"EADM"="c:\program files\Origin\Origin.exe" [2011-10-20 28651144]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-11-04 4615552]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-03-04 6957600]
"Skytel"="c:\program files\Realtek\Audio\HDA\Skytel.exe" [2009-03-04 1833504]
"SpybotSnD"="c:\program files\Spybot - Search & Destroy\SpybotSD.exe" [2009-01-26 5365592]
"HTC Sync Loader"="c:\program files\HTC\HTC Sync 3.0\htcUPCTLoader.exe" [2011-08-22 593920]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-10-05 258512]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"SDTray"="c:\program files\Spybot - Search & Destroy 2\SDTray.exe" [2011-10-05 3578272]
"Spybot-S&D Cleaning"="c:\program files\Spybot - Search & Destroy 2\SDCleaner.exe" [2011-10-05 3025304]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54   551296   ----a-w-   c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute   REG_MULTI_SZ      autocheck autochk *\0\0sdnclean.exe
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKLM\~\startupfolder\C:^Users^Jenzo^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^IMVU.lnk]
path=c:\users\Jenzo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\IMVU.lnk
backup=c:\windows\pss\IMVU.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2011-05-13 15:03   4283256   ----a-w-   c:\program files\Windows Live\Messenger\msnmsgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2008-01-21 02:23   1008184   ----a-w-   c:\program files\Windows Defender\MSASCui.exe
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 SDHookService;Spybot S&D 2 Live Protection Service;c:\program files\Spybot - Search & Destroy 2\SDHookSvc.exe [2011-10-05 130976]
R2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files\Spybot - Search & Destroy 2\SDFSSvc.exe [2011-10-05 892336]
R2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files\Spybot - Search & Destroy 2\SDUpdSvc.exe [2011-10-05 955816]
R2 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files\Spybot - Search & Destroy 2\SDWSCSvc.exe [2011-10-05 169624]
R3 FXDrv32;FXDrv32;K:\FXDrv32.sys

R3 HTCAND32;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys [2009-06-09 24576]
R3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\DRIVERS\htcnprot.sys [2010-06-23 23040]
R3 Sony Ericsson PCCompanion;Sony Ericsson PCCompanion;c:\program files\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe [2011-06-29 155344]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2011-09-15 36000]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2011-07-22 12880]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2011-07-12 67664]
S1 SDHookDriver;Spybot-S&D 2 Hook Driver;c:\program files\Spybot - Search & Destroy 2\SDHookDrv32.sys [2011-10-05 38504]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [2011-08-11 116608]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 AntiVirMailService;Avira Mail Protection;c:\program files\Avira\AntiVir Desktop\avmailc.exe [2011-10-05 342480]
S2 AntiVirSchedulerService;Avira Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2011-10-05 86224]
S2 AntiVirWebService;Avira Web Protection;c:\program files\Avira\AntiVir Desktop\AVWEBGRD.EXE [2011-10-05 463824]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-08-31 366152]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-10-15 2253120]
S2 PassThru Service;Internet Pass-Through Service;c:\program files\HTC\Internet Pass-Through\PassThruSvr.exe [2011-08-12 87040]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-10-14 381248]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-08-31 22216]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation   REG_MULTI_SZ      FontCache
.
Contents of the 'Scheduled Tasks' folder
.
2011-10-31 c:\windows\Tasks\Check for updates (Spybot - Search & Destroy).job
- c:\program files\Spybot - Search & Destroy 2\SDUpdate.exe [2011-10-13 14:46]
.
2011-11-03 c:\windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job
- c:\program files\Spybot - Search & Destroy 2\SDImmunize.exe [2011-10-13 14:46]
.
2011-10-31 c:\windows\Tasks\Scan the system (Spybot - Search & Destroy).job
- c:\program files\Spybot - Search & Destroy 2\SDScan.exe [2011-10-13 14:46]
.
2011-10-29 c:\windows\Tasks\Spybot - Search & Destroy -  Scheduled Task.job
- c:\program files\Spybot - Search & Destroy\SpybotSD.exe [2011-05-15 14:31]
.
.
------- Supplementary Scan -------
.
mStart Page = about:blank
LSP: c:\program files\Avira\AntiVir Desktop\avsda.dll
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Jenzo\AppData\Roaming\Mozilla\Firefox\Profiles\0f5ajmik.default\
FF - prefs.js: browser.search.selectedEngine - WOT Safe Search
.
- - - - ORPHANS REMOVED - - - -
.
Notify-SDWinLogon - SDWinLogon.dll
SafeBoot-BsScanner
AddRemove-Battlelog Web Plugins - c:\program files\Battlelog Web Plugins\uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-11-05 05:39
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ... 
.
scanning hidden autostart entries ...
.
scanning hidden files ... 
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
   1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{53707962-6F74-2D53-2644-206D7942484F}"=hex:51,66,7a,6c,4c,1d,38,12,0c,7a,63,
   57,46,21,3d,68,59,52,63,2d,7c,1c,0c,5b
"{6EBF7485-159F-4BFF-A14F-B9E3AAC4465B}"=hex:51,66,7a,6c,4c,1d,38,12,eb,77,ac,
   6a,ad,5b,91,0e,de,59,fa,a3,af,9a,02,4f
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
   94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
"{9FDDE16B-836F-4806-AB1F-1455CBEFF289}"=hex:51,66,7a,6c,4c,1d,38,12,05,e2,ce,
   9b,5d,cd,68,0d,d4,09,57,15,ce,b1,b6,9d
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
   df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:a0,05,0c,9a,9b,89,cc,01
.
[HKEY_USERS\S-1-5-21-1443161755-3331647521-785343088-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
"??"=hex:03,38,fa,c4,0f,b7,cb,47,40,a4,28,df,ee,a2,95,44,52,1b,51,f4,42,cb,06,
   d4,85,af,0d,ba,67,ab,0f,0c,9a,c2,38,31,c0,b1,55,bf,05,db,5c,87,83,81,7a,21,\
"??"=hex:a1,5e,47,db,25,65,bb,27,8b,92,55,34,10,3f,d9,49
.
[HKEY_USERS\S-1-5-21-1443161755-3331647521-785343088-1000\Software\SecuROM\License information*]
"datasecu"=hex:e9,57,9c,78,0b,99,fd,28,46,6f,9e,a9,0c,ff,ad,4b,4f,20,eb,a6,5f,
   7d,32,03,9c,c2,24,fd,fb,ba,c3,0c,f5,9c,db,18,cf,63,f8,14,51,9a,08,09,1b,ab,\
"rkeysecu"=hex:e4,90,f2,8c,a7,0f,62,b7,fd,cd,2a,98,eb,8a,9a,94
.
Completion time: 2011-11-05  05:41:39
ComboFix-quarantined-files.txt  2011-11-05 05:41
.
Pre-Run: 269,358,796,800 bytes free
Post-Run: 269,272,657,920 bytes free
.
- - End Of File - - B1955F58376E2AEF77995C4006D66CE2

Hope it helps

[SuperDave]

SysProt Antirootkit

Download
SysProt Antirootkit from the link below (you will find it at the bottom
of the page under attachments, or you can get it from one of the
mirrors).

http://sites.google.com/site/sysprotantirootkit/

Unzip it into a folder on your desktop.

• Double click Sysprot.exe to start the program.
• Click on the Log tab.
• In the Write to log box select the following items.
• Process << Selected
  
• Kernel Modules << Selected
  
• SSDT << Selected
  
• Kernel Hooks << Selected
  
• IRP Hooks << NOT Selected
  
• Ports << NOT Selected
  
• Hidden Files << Selected
  
• At the bottom of the page
• Hidden Objects Only << Selected
  
• Click on the Create Log button on the bottom right.
• After a few seconds a new window should appear.
• Select Scan Root Drive. Click on the Start button.
• When it is complete a new window will appear to indicate that the scan is finished.
• The log will be saved automatically in the same folder Sysprot.exe was extracted to. Open the text file and copy/paste the log here.

[jenzo]

Here is the SysProt RootKit Logs :

SysProt AntiRootkit v1.0.1.0
by swatkat

******************************************************************************************
******************************************************************************************

No Hidden Processes found

******************************************************************************************
******************************************************************************************
Kernel Modules:
Module Name: \SystemRoot\System32\Drivers\dump_dumpata.sys
Service Name: ---
Module Base: 89FF3000
Module End: 89FFE000
Hidden: Yes

Module Name: \SystemRoot\System32\Drivers\dump_atapi.sys
Service Name: ---
Module Base: 89E00000
Module End: 89E08000
Hidden: Yes

******************************************************************************************
******************************************************************************************
SSDT:
Function Name: ZwCreateSection
Address: 8C178DE6
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

Function Name: ZwCreateSymbolicLinkObject
Address: 8C178DBE
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

Function Name: ZwLoadDriver
Address: 8C178DC3
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

Function Name: ZwOpenSection
Address: 8C178DB9
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

Function Name: ZwRequestWaitReplyPort
Address: 8C178DF0
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

Function Name: ZwSetContextThread
Address: 8C178DEB
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

Function Name: ZwSetSecurityObject
Address: 8C178DF5
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

Function Name: ZwSetSystemInformation
Address: 8C178DC8
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

Function Name: ZwSystemDebugControl
Address: 8C178DFA
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

Function Name: ZwTerminateProcess
Address: 8E904640
Driver Base: 8E8FA000
Driver End: 8E91C000
Driver Name: \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS

Function Name: ZwWriteVirtualMemory
Address: 8C178D82
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

******************************************************************************************
******************************************************************************************
No Kernel Hooks found

******************************************************************************************
******************************************************************************************
Hidden files/folders:
Object: C:\Program Files\Origin Games\Battlefield 3 Limited Edition\Support\readme\Ctimne.txt
Status: Hidden

Object: C:\Qoobox\BackEnv\AppData.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Cache.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Cookies.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Desktop.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Favorites.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\History.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\LocalAppData.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\LocalSettings.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Music.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\NetHood.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Personal.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Pictures.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\PrintHood.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Profiles.Folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Profiles.Folder.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Programs.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Recent.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\SendTo.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\SetPath.bat
Status: Access denied

Object: C:\Qoobox\BackEnv\StartMenu.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\StartUp.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\SysPath.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Templates.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\VikPev00
Status: Access denied

Object: C:\Users\Jenzo\AppData\Roaming\SecuROM\UserData\??p???
Status: Hidden

Object: C:\Users\Jenzo\AppData\Roaming\SecuROM\UserData\??p???
Status: Hidden

Object: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTDiagLog.etl
Status: Access denied

Object: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-Application.etl
Status: Access denied

Object: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventlog-Security.etl
Status: Access denied

Object: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-System.etl
Status: Access denied

Thanks SuperDave for your time 

[SuperDave]

Things look good in that log. How's your computer functioning now?

I'd like to scan your machine with ESET OnlineScan

•Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan
•Click the button.
•For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

• Click on to download the ESET Smart Installer. Save it to your desktop.
  
• Double click on the icon on your desktop.
  

•Check
•Click the button.
•Accept any security warnings from your browser.
•Check
•Push the Start button.
•ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
•When the scan completes, push
•Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
•Push the button.
•Push
A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt

[jenzo]

Computer is running ok now ?? Just wanted to ask you SuperDave the anti-virus & spyware you use do you use the free stuff or donate to get the full versions & is it worth getting the full version cos have tried few of them but some how the virus got passed.

I also noticed on the Combo log that was installed at same time, If this was the file that was making computer go funny can you tell me what it is. I will also look on the net what the program is as well & to see where it comes from so don't get it again. Oh ok just checked the Wise Wizard it is the program that helps set up when you have programs at the start  but saw that could be left over from old program that have removed so think i get RevoUninstaller back cos that seems to take everything away when removing stuff , Hope you don't mind me asking you about this stuff Dave 

2011-10-22 19:11 . 2011-10-22 19:11   --------   d-----w-   c:\program files\Common Files\Wise Installation Wizard
2011-10-22 19:12 . 2011-10-22 19:12   --------   d-----w-   c:\windows\E10DB5DAE57640EAA7FC1CB2A7B283A6.TMP

The Log from ESET Online :

all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=2051b64cf73c3941935be541ea97370f
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-11-07 07:55:15
# local_time=2011-11-07 07:55:15 (+0000, GMT Standard Time)
# country="United Kingdom"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=1792 16777215 100 0 2137792 2137792 0 0
# compatibility_mode=5892 16776574 100 100 15358425 158176321 0 0
# compatibility_mode=8192 67108863 100 0 3703 3703 0 0
# scanned=140190
# found=0
# cleaned=0
# scan_time=8922

Thanks
Jenzo

[SuperDave]

Just wanted to ask you SuperDave the anti-virus & spyware you use do you use the free stuff or donate to get the full versions & is it worth getting the full version cos have tried few of them but some how the virus got passed.

I use all freeware for my protection. Just because you pay for something doesn't mean it's the best.

If this was the file that was making computer go funny can you tell me what it is.

I would prefer not to discuss this in an open forum.
We can do some cleanup now.

To uninstall ComboFix

• Click the Start button. Click Run. For Vista: type in Run in the Start search, and click on Run in the results pane.
  
• In the field, type in ComboFix /uninstall
  

(Note: Make sure there's a space between the word ComboFix and the forward-slash.)

• Then, press Enter, or click OK.
  
• This will uninstall ComboFix, delete its folders and files, hides System files and folders, and resets System Restore.
  

************************************************
Clean out your temporary internet files and temp files.

Download TFC by OldTimer to your desktop.

Double-click TFC.exe to run it.

Note: If you are running on Vista, right-click on the file and choose Run As Administrator

TFC will close all programs when run, so make sure you have saved all your work before you begin.

* Click the Start button to begin the cleaning process.
* Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two.
* Please let TFC run uninterrupted until it is finished.

Once TFC is finished it should restart your computer. If it does not, please manually restart the computer yourself to ensure a complete cleaning.
******************************************************
Looking over your log it seems you don't have any evidence of a third party firewall.

Firewalls protect against hackers and malicious intruders. You need to download a free firewall from one of these reliable vendors.

Remember only install ONE firewall

1) Comodo Personal Firewall (Uncheck during installation "Install Comodo SafeSurf..", Make Comodo my default search provider" and "Make Comodo Search my homepage" and uncheck any HopSurf and/or Ask.com options if you choose this one)
2) Online Armor
3) Agnitum Outpost
4) PC Tools Firewall Plus

If you are using the built-in Windows XP firewall, it is not recommended as it does not block outgoing connections. This means that any malware on your computer is free to "phone home" for more instructions. Simply put, Windows XP contains a mediocre firewall. This firewall is NO replacement for a dedicated software solution. Remember to use only one firewall at the same time.
********************************************************
Go to Microsoft Windows Update and get all critical updates.

----------

I suggest using WOT - Web of Trust. WOT is a free Internet security addon for your browser. It will keep you safe from online scams, identity theft, spyware, spam, viruses and unreliable shopping sites. WOT warns you before you interact with a risky website. It's easy and it's free.

SpywareBlaster- Secure your Internet Explorer to make it harder for ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox.
* Using SpywareBlaster to protect your computer from Spyware and Malware
* If you don't know what ActiveX controls are, see here

Protect yourself against spyware using the Immunize feature in Spybot - Search & Destroy. Guide: Use Spybot's Immunize Feature to prevent spyware infection in real-time. Note: To ensure you have the latest Immunizations always update Spybot - Search & Destroy before Immunizing. Spybot - Search & Destroy FAQ

Check out Keeping Yourself Safe On The Web for tips and free tools to help keep you safe in the future.

Also see Slow Computer? It may not be Malware for free cleaning/maintenance tools to help keep your computer running smoothly.
Safe Surfing!

[jenzo]

Thanks alot SuperDave computer runing faster as well now so great !!!

I thought had windows firewall on but seems not so took look at what you use so downloaded COMODO Firewall , Also i know what you mean about don't wanna talk about a program in open Forum no worries you helped me enough 

Once again Cheers SuperDave for all the time you spent on this & advice you have given me !!

All the best Take Care

[SuperDave]

You're welcome. I will lock this thread. If you need it re-opened, please send me a pm.