Author Topic: Kaspersky Malicious URL Blocked -- Windows Explorer Shuts Down (Read 187940 times)

Peter Jordan · « **Reply #45 on:** June 04, 2012, 05:02:15 PM »

ComboFix 12-06-03.01 - Peter 06/04/2012 12:58:52.14.2 - x86
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.2814.1938 [GMT -4:00]
Running from: c:\users\Peter\Desktop\ComboFix.exe
AV: Kaspersky Anti-Virus *Disabled/Updated* {2EAA32A5-1EE1-1B22-95DA-337730C6E984}
SP: Kaspersky Anti-Virus *Disabled/Updated* {95CBD341-38DB-14AC-AF6A-08054B41A339}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-05-04 to 2012-06-04 )))))))))))))))))))))))))))))))
.
.
2012-06-04 17:10 . 2012-06-04 17:10   --------   d-----w-   c:\users\Public\AppData\Local\temp
2012-06-04 17:10 . 2012-06-04 17:10   --------   d-----w-   c:\users\Default\AppData\Local\temp
2012-06-03 18:57 . 2012-06-04 17:10   --------   d-----w-   c:\users\Peter\AppData\Local\temp
2012-06-03 16:38 . 2012-06-04 16:55   --------   d-----w-   c:\users\Peter\AppData\Local\CrashDumps
2012-06-03 16:26 . 2012-06-03 16:58   --------   d-----w-   c:\programdata\Norton
2012-06-02 18:45 . 2012-05-08 16:40   6737808   ----a-w-   c:\programdata\Microsoft\Windows Defender\Definition Updates\{A103669C-602D-4F68-AD2D-808DB3C024AF}\mpengine.dll
2012-06-02 15:44 . 2012-06-04 14:38   --------   d-----w-   C:\TDSSKiller_Quarantine
2012-06-02 14:03 . 2012-06-02 14:03   --------   d-----w-   c:\programdata\Sophos
2012-06-02 14:03 . 2012-06-02 18:11   --------   d-----w-   c:\program files\Sophos
2012-06-02 13:27 . 2012-06-02 13:27   --------   d-----w-   C:\VundoFix Backups
2012-06-01 01:23 . 2012-06-04 15:59   --------   d-----w-   c:\program files\Malwarebytes' Anti-Malware
2012-05-29 14:24 . 2012-05-29 14:24   --------   d-----w-   c:\users\Peter\AppData\Roaming\SUPERAntiSpyware.com
2012-05-29 14:23 . 2012-06-04 15:59   --------   d-----w-   c:\program files\SUPERAntiSpyware
2012-05-26 23:36 . 2012-05-26 23:36   --------   d-----w-   c:\program files\Trend Micro
2012-05-26 22:31 . 2012-05-26 22:31   --------   d-----w-   c:\program files\Common Files\Java
2012-05-26 22:29 . 2012-05-26 22:29   --------   d-----w-   c:\program files\Oracle
2012-05-26 22:28 . 2012-04-04 22:47   772504   ----a-w-   c:\windows\system32\npDeployJava1.dll
2012-05-17 11:42 . 2012-06-04 15:59   --------   d-----w-   c:\program files\RemoteAutomator
2012-05-17 11:42 . 2012-05-26 18:58   --------   d-----w-   c:\programdata\RemoteAutomator
2012-05-09 21:01 . 2012-03-30 10:23   1291632   ----a-w-   c:\windows\system32\drivers\tcpip.sys
2012-05-09 21:01 . 2012-03-31 04:29   936960   ----a-w-   c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2012-05-09 21:01 . 2012-03-31 04:30   1221632   ----a-w-   c:\program files\Windows Journal\NBDoc.DLL
2012-05-09 21:01 . 2012-03-31 04:29   989184   ----a-w-   c:\program files\Windows Journal\JNTFiltr.dll
2012-05-09 21:01 . 2012-03-31 04:29   969216   ----a-w-   c:\program files\Windows Journal\JNWDRV.dll
2012-05-09 21:01 . 2012-03-31 04:39   3968368   ----a-w-   c:\windows\system32\ntkrnlpa.exe
2012-05-09 21:01 . 2012-03-31 04:39   3913072   ----a-w-   c:\windows\system32\ntoskrnl.exe
2012-05-09 21:01 . 2012-03-31 02:36   2343424   ----a-w-   c:\windows\system32\win32k.sys
2012-05-09 21:01 . 2012-03-17 07:27   56176   ----a-w-   c:\windows\system32\drivers\partmgr.sys
2012-05-09 21:00 . 2012-03-03 05:31   1077248   ----a-w-   c:\windows\system32\DWrite.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-03 18:33 . 2010-06-24 15:33   19736   ----a-w-   c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-05-05 10:39 . 2012-03-29 22:59   419488   ----a-w-   c:\windows\system32\FlashPlayerApp.exe
2012-05-05 10:39 . 2011-05-13 13:08   70304   ----a-w-   c:\windows\system32\FlashPlayerCPLApp.cpl
2012-04-04 22:47 . 2010-08-16 11:32   687504   ----a-w-   c:\windows\system32\deployJava1.dll
2012-03-26 14:00 . 2012-04-13 11:20   112056   ----a-w-   c:\windows\system32\acaptuser32.dll
2011-02-27 00:14 . 2011-02-27 00:14   7808600   ----a-w-   c:\program files\PowerPack3.exe
2011-02-27 00:13 . 2011-02-27 00:13   5404768   ----a-w-   c:\program files\RegCleaner603.exe
2010-08-19 16:59 . 2010-08-19 16:59   197632   ----a-w-   c:\program files\Common Files\OnlineFilesManager.dll
2012-04-21 01:19 . 2012-06-02 19:30   97208   ----a-w-   c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12   94208   ----a-w-   c:\users\Peter\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12   94208   ----a-w-   c:\users\Peter\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12   94208   ----a-w-   c:\users\Peter\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Online Files]
@="{B82655E9-B81D-4A97-8154-0D84A4C048E4}"
[HKEY_CLASSES_ROOT\CLSID\{B82655E9-B81D-4A97-8154-0D84A4C048E4}]
2010-08-19 16:59   197632   ----a-w-   c:\program files\Common Files\OnlineFilesManager.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-05-21 3905920]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-07-02 98304]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-08-06 7703072]
"VitaKeyPdtWzd"="c:\program files\Acer Bio Protection\PdtWzd.exe" [2009-08-06 3575808]
"LManager"="c:\program files\Launch Manager\LManager.exe" [2009-08-28 1130504]
"ePower_DMC"="c:\program files\Acer\Empowering Technology\ePower\ePower_DMC.exe" [2009-07-21 421888]
"Acer Assist Launcher"="c:\program files\Acer\Acer Assist\launcher.exe" [2007-11-19 1261568]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe" [2011-04-25 202296]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"DisableCAD"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\spba]
2009-06-26 17:05   568072   ----a-w-   c:\program files\Common Files\SPBA\homefus2.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages   REG_MULTI_SZ     kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKLM\~\startupfolder\C:^Users^Peter^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^CaptureWiz.lnk]
path=
backup=c:\windows\pss\CaptureWiz.lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^Peter^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk]
path=
backup=c:\windows\pss\Dropbox.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2012-02-21 01:28   59240   ----a-w-   c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2011-07-28 23:08   1259376   ----a-w-   c:\program files\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Garmin Lifetime Updater]
2011-07-28 13:10   1406824   ----a-w-   c:\program files\Garmin\Lifetime Updater\GarminLifetime.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2012-03-06 23:05   421736   ----a-w-   c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MobileDocuments]
2012-02-23 16:30   59240   ----a-w-   c:\program files\Common Files\Apple\Internet Services\ubd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
2012-05-21 20:38   3905920   ----a-w-   c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Wisdom-soft ScreenHunter 5.1 Free]
2010-08-08 01:40   5324800   ----a-w-   c:\program files\Wisdom-soft ScreenHunter 5 Free\ScreenHunter.exe
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-05 257696]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2009-04-08 29472]
R3 esgiguard;esgiguard;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys

R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys [2009-11-03 19984]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [2012-04-25 129976]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4640000]
R4 ETService;Empowering Technology Service;c:\program files\Acer\Empowering Technology\Service\ETService.exe [2009-08-11 24576]
R4 Greg_Service;GRegService;c:\program files\Acer\Registration\GregHSRW.exe [2009-08-28 1150496]
R4 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-06-18 135664]
R4 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-06-18 135664]
R4 IGBASVC;EgisTec Service;c:\program files\Acer Bio Protection\BASVC.exe [2009-08-06 3453440]
R4 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2009-06-18 50432]
R4 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2009-06-18 144640]
S1 kl2;kl2;c:\windows\system32\DRIVERS\kl2.sys [2011-03-04 11352]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [2011-03-10 23856]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [2011-08-11 116608]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-07-02 176128]
S2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe [2009-07-14 20992]
S2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-04-18 11032]
S3 O2MDRDR;O2MDRDR;c:\windows\system32\DRIVERS\o2media.sys [2009-05-07 52128]
S3 O2SDRDR;O2SDRDR;c:\windows\system32\DRIVERS\o2sd.sys [2009-05-07 42144]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation   REG_MULTI_SZ     SSDPSRV upnphost SCardSvr TBS FontCache fdrespub AppIDSvc QWAVE wcncsvc SensrSvc Mcx2Svc
HsfXAudioService   REG_MULTI_SZ     HsfXAudioService
HPZ12   REG_MULTI_SZ     Pml Driver HPZ12 Net Driver HPZ12
.
Contents of the 'Scheduled Tasks' folder
.
2012-06-04 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-29 10:39]
.
2012-06-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-06-18 01:22]
.
2012-06-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-06-18 01:22]
.
2012-06-04 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task 60fc887a-e1bc-430b-8168-7cc7eb16481f.job
- c:\program files\SUPERAntiSpyware\SASTask.exe [2011-05-04 17:52]
.
2012-06-04 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task c06bd2ec-6f4c-4c57-9272-dde63d1a23fb.job
- c:\program files\SUPERAntiSpyware\SASTask.exe [2011-05-04 17:52]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://mls.gsmls.com/member/index.jsp/
mStart Page = hxxp://www.comcast.net/
mWindow Title = Windows Internet Explorer provided by Comcast
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Free YouTube to Mp3 Converter - c:\users\Peter\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
Trusted Zone: realtytools.com
Trusted Zone: toolkitcma.com
Trusted Zone: toolkitcma2.com
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{E8231A03-DFF0-4AB2-A7B4-7FC36769BFC9}: DhcpNameServer = 75.75.75.75 75.75.76.76
FF - ProfilePath - c:\users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\m4fqy7os.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-tyc&p=
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
.
- - - - ORPHANS REMOVED - - - -
.
SafeBoot-87069146.sys
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(5408)
c:\users\Peter\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
Completion time: 2012-06-04 13:14:05
ComboFix-quarantined-files.txt 2012-06-04 17:14
ComboFix2.txt 2012-06-04 12:41
ComboFix3.txt 2012-06-03 18:56
ComboFix4.txt 2012-05-31 23:15
ComboFix5.txt 2012-06-04 16:57
.
Pre-Run: 62,599,823,360 bytes free
Post-Run: 62,152,830,976 bytes free
.
- - End Of File - - 6CB547863C8EACD9D9892367DCFE0AFD

Peter Jordan · « **Reply #46 on:** June 04, 2012, 05:02:51 PM »

Misc FireFox Information
==============================================================

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\extensions]
"{0329E7D6-6F54-462D-93F6-F5C3118BADF2}"=" "
"{23fcfd51-4958-4f00-80a3-ae97e717ed8b}"="C:\\Program Files\\DivX\\DivX Plus Web Player\\firefox\\DivXHTML5"
*Blocked Russian URL*"="C:\\Program Files\\Kaspersky Lab\\Kaspersky Anti-Virus *Blocked Russian URL*"
*Blocked Russian URL*"="C:\\Program Files\\Kaspersky Lab\\Kaspersky Anti-Virus *Blocked Russian URL*"

Locating all files created in "C:\Users\Peter\Local Settings\Application Data\"

No matches found.

Locating files created in C:\Program Files\Mozilla Firefox\extensions in the last 90 days.

"C:\Program Files\Mozilla Firefox\extensions\"
*Blocked Russian URL* Jun 2 2012 *Blocked Russian URL*"
{972CE~1 Jun 2 2012 "{972ce4c6-7e08-4474-a285-3208198ce6fd}"

"C:\Program Files\Mozilla *Blocked Russian URL*\"
COMPON~1 Jun 2 2012 "components"
CONTENT Jun 2 2012 "content"
LOCALE Jun 2 2012 "locale"
SKIN Jun 2 2012 "skin"

"C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}\"
icon.png Apr 20 2012 2185 "icon.png"
install.rdf Apr 20 2012 1106 "install.rdf"
preview.png Apr 20 2012 9303 "preview.png"

"C:\Program Files\Mozilla *Blocked Russian URL*\locale\"
EN Jun 2 2012 "en"

10 items found: 3 files, 7 directories.
Total of file sizes: 12,594 bytes 12.30 K

******************************************************************************

Locating files created in C:\Program Files\Mozilla Firefox\plugins in the last 90 days.

No matches found.

******************************************************************************

Locating files created in C:\Program Files\Mozilla Firefox\searchlugins in the last 90 days.

"C:\Program Files\Mozilla Firefox\searchplugins\"
amazon~1.xml Apr 20 2012 1394 "amazondotcom.xml"
bing.xml Apr 20 2012 2252 "bing.xml"
ebay.xml Apr 20 2012 1131 "eBay.xml"
google.xml Apr 20 2012 3413 "google.xml"
twitter.xml Apr 20 2012 2040 "twitter.xml"
wikipe~1.xml Apr 20 2012 1178 "wikipedia.xml"
yahoo.xml Apr 20 2012 1096 "yahoo.xml"

7 items found: 7 files, 0 directories.
Total of file sizes: 12,504 bytes 12.21 K
******************************************************************************

Dumping FireFox's google.xml searchplugin contents. Use XML Notepad or Notepad++ to view clearly.

<SearchPlugin xmlns="http://www.mozilla.org/2006/browser/search/">
<ShortName>Google</ShortName>
<Description>Google Search</Description>
<InputEncoding>UTF-8</InputEncoding>
<Image width="16" height="16">data:image/png;base64,AAABAAEAEBAAAAEAGABoAwAAFgAAACgAAAAQAAAAIAAAAAEA
GAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD s9Pt8xetPtu9FsfFNtu%2BTzvb2%2B%2Fne4dFJeBw0egA%2FfAJAfAA8
ewBBegAAAAD%2B%2FPtft98Mp%2BwWsfAVsvEbs%2FQeqvF8xO7%2F%2F%2F63yqkxdgM7gwE%2FggM%2BfQA%2Be
gBDeQDe7PIbotgQufcMufEPtfIPsvAbs%2FQvq%2Bfz%2Bf%2F%2B%2B%2FZKhR05hgBBhQI8hgBAgAI9ewD0%2B%2Fg
3pswAtO8Cxf4Kw%2FsJvvYAqupKsNv%2B%2Fv7%2F%2FP5VkSU0iQA7jQA9hgBDgQU%2BfQH%2F%2Ff%2FQ6fM4sM4K
sN8AteMCruIqqdbZ7PH8%2Fv%2Fg6Nc%2Fhg05kAA8jAM9iQI%2BhQA%2BgQDQu6b97uv%2F%2F%2F7V8Pqw3eiWz97
q8%2Ff%2F%2F%2F%2F7%2FPptpkkqjQE4kwA7kAA5iwI8iAA8hQCOSSKdXjiyflbAkG7u2s%2F%2B%2F%2F39%2F%2F7r8utrqEYtjQE8lgA7kwA7kwA9jwA9igA9hACiWSekVRyeSgiYSBHx6N%2F%2B%2Fv7k7OFRmiYtlAA5lwI7lwI4lAA7kgI9jw
E9iwI4iQCoVhWcTxCmb0K%2BooT8%2Fv%2F7%2F%2F%2FJ2r8fdwI1mwA3mQA3mgA8lAE8lAE4jwA9iwE%2BhwGfXifWv
qz%2B%2Ff%2F58u%2Fev6Dt4tr%2B%2F%2F2ZuIUsggA7mgM6mAM3lgA5lgA6kQE%2FkwBChwHt4dv%2F%2F%2F728
ei1bCi7VAC5XQ7kz7n%2F%2F%2F6bsZkgcB03lQA9lgM7kwA2iQktZToPK4r9%2F%2F%2F9%2F%2F%2FSqYK5UwDKZAS9
WALIkFn%2B%2F%2F3%2F%2BP8oKccGGcIRJrERILYFEMwAAuEAAdX%2F%2Ff7%2F%2FP%2B%2BfDvGXQLIZgLEWgLOjlf
7%2F%2F%2F%2F%2F%2F9QU90EAPQAAf8DAP0AAfMAAOUDAtr%2F%2F%2F%2F7%2B%2Fu2bCTIYwDPZgDBWQDSr
4P%2F%2Fv%2F%2F%2FP5GRuABAPkAA%2FwBAfkDAPAAAesAAN%2F%2F%2B%2Fz%2F%2F%2F64g1C5VwDM
YwK8Yg7y5tz8%2Fv%2FV1PYKDOcAAP0DAf4AAf0AAfYEAOwAAuAAAAD%2F%2FPvi28ymXyChTATRrIb8%2F%2F3v8fk6P8MAAdUCAvoAAP0CAP0AAfYAAO4AAACAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAAQAA</Image>
<Url type="application/x-suggestions+json" method="GET" template="http://suggestqueries.google.com/complete/search?output=firefox&client=firefox&hl={moz:locale}&q={searchTerms}"/>
<Url type="text/html" method="GET" template="http://www.google.com/search">
<Param name="q" value="{searchTerms}"/><Param name="ie" value="utf-8"/><Param name="oe"
value="utf-8"/><Param name="aq" value="t"/><Param name="rls" value="{moz:distributionID}:{moz:locale}:{moz:official}"/>
<MozParam name="client" condition="defaultEngine" trueValue="firefox-a" falseValue="firefox"/>
</Url>

<Url type="application/x-moz-keywordsearch" method="GET" template="http://www.google.com/search">
<Param name="q" value="{searchTerms}"/><Param name="ie" value="utf-8"/><Param name="oe"
value="utf-8"/><Param name="aq" value="t"/><Param name="rls" value="{moz:distributionID}:{moz:locale}:{moz:official}"/>
<MozParam name="client" condition="defaultEngine" trueValue="firefox-a" falseValue="firefox"/>
<Param name="channel" value="fflb"/>
</Url>

<Url type="application/x-moz-contextsearch" method="GET" template="http://www.google.com/search">
<Param name="q" value="{searchTerms}"/><Param name="ie" value="utf-8"/><Param name="oe"
value="utf-8"/><Param name="aq" value="t"/><Param name="rls" value="{moz:distributionID}:{moz:locale}:{moz:official}"/>
<MozParam name="client" condition="defaultEngine" trueValue="firefox-a" falseValue="firefox"/>
<Param name="channel" value="rcs"/>
</Url>
<SearchForm>http://www.google.com/</SearchForm>
</SearchPlugin>

Zipping ffdata.txt

Peter Jordan · « **Reply #47 on:** June 04, 2012, 05:03:22 PM »

******************************************************************************
MGtools installation folder and files at Start of Scans
******************************************************************************
Volume in drive C is ACER
Volume Serial Number is 7C0F-03FC

Directory of C:\MGtools

06/04/2012 06:51 PM <DIR> .
06/04/2012 06:51 PM <DIR> ..
04/23/2010 02:18 AM 388,608 analyse.exe
10/07/2010 01:11 AM 6,806 BamFix.bat
12/04/2010 06:49 PM 372 bamRCfix.txt
06/07/2007 01:24 AM 6,146 chodefix.bat
12/13/2009 04:25 PM 1,954 config.reg
10/13/2011 09:54 PM 3,114 DebugMGT.bat
08/01/2007 11:13 PM 120 DisableUAC.reg
08/07/2008 03:27 PM 61,440 download.exe
08/01/2007 11:13 PM 120 EnableUAC.reg
06/04/2012 06:37 PM 7,060 ffdata.txt
06/04/2012 06:56 PM 228 filelog.txt
04/18/2009 02:48 AM 320 FindOVL.bat
08/14/2010 03:40 PM 2,027 FindRN.bat
11/05/2011 12:19 PM 6,355 FixACLS.bat
05/27/2011 02:08 PM 1,588 FixAttr.bat
07/10/2008 01:50 AM 1,897 FixBagle.bat
01/27/2009 12:27 AM 3,765 fixBagle.reg
12/04/2010 06:42 PM 1,623 FixbamRC.bat
01/14/2009 12:28 AM 1,034 FixCF.bat
01/02/2009 09:44 PM 581 fixCF.reg
06/07/2007 01:14 AM 738 fixChode.reg
12/29/2008 01:29 AM 438 FixFA.bat
05/27/2011 01:35 PM 23,678 fixFA.reg
12/30/2011 02:53 AM 3,191 FixNet.bat
08/30/2011 11:41 PM 7,584 FixPerm.bat
08/14/2010 03:12 PM 439 FixSBM.bat
12/04/2006 02:20 PM 12,924 fixSBM.reg
12/12/2011 04:04 PM 107,019 FixW7BFE.reg
12/12/2011 04:05 PM 3,768 FixW7FW.reg
12/12/2011 04:05 PM 1,812 FixW7FWdrv.reg
12/12/2011 04:07 PM 469 FixWFW.bat
12/12/2011 12:38 AM 9,270 fixXPnetbt.reg
10/30/2006 12:17 PM 245,760 GetDetails.exe
01/27/2012 12:23 AM 11,238 GetLogs.Bat
12/23/2010 09:38 PM 3,054 GetMBR.bat
03/03/2012 01:31 AM 14,849 GetMsrv.bat
01/19/2012 02:31 AM 26,334 GetNetInf.bat
12/01/2011 02:37 AM 123,493 GetRunKey.bat
06/04/2012 06:51 PM 34 GetUnKey.txt
01/23/2009 05:00 PM 2,949 GetUnKeys.bat
04/14/2003 01:00 AM 80,412 grep.exe
12/01/2011 03:14 AM 125,169 GRK64.bat
06/22/2009 10:48 PM 393 hide.reg
06/04/2012 06:38 PM 8,149 hijackthis.log
04/07/2012 02:44 PM 55,636 history.txt
03/06/2009 03:30 AM 6,606 HTAfind.bat
04/02/2004 07:44 PM 1,756 IEFIX.reg
01/13/2005 10:41 PM 11,254 locate.com
10/28/1986 12:51 PM 13,184 ltime.exe
03/05/2010 12:39 AM 220 mbrfix.bat
04/07/2012 02:35 PM 6,092 MGclean.bat
01/26/2012 10:37 PM 6,878 MIalt.bat
01/25/2012 01:02 AM 15,116 MiscInfo.bat
06/04/2012 06:37 PM 74,245 miscinfo.txt
06/04/2012 06:37 PM 68,446 miscinfo2.txt
06/04/2012 06:37 PM 30,081 msrvlog.txt
06/04/2012 06:37 PM 7,313 msrvstate.txt
06/04/2012 06:37 PM 194,672 netinflong.txt
06/04/2012 06:37 PM 7,671 netinfo.txt
06/04/2012 06:37 PM 171,322 newfiles.txt
12/30/2011 05:18 PM 33,978 NwkTst.bat
06/04/2012 06:37 PM 11,152 nwktst.txt
12/22/2011 11:59 PM 3,029 perm.cmd
12/31/2011 08:09 PM 249,344 pevFind.exe
06/04/2012 06:40 PM 56,281 procdll.txt
06/05/2003 09:13 PM 53,248 Process.exe
08/01/2006 09:14 AM 6,656 ProcessDll.exe
04/18/2007 01:55 PM 145 Regfix.bat
07/30/2009 11:09 PM 497 RemMWS.bat
12/22/2011 05:09 PM 1,544 resetperm-x64.cmd
12/22/2011 04:59 PM 1,539 resetperm.cmd
06/15/2009 10:01 PM 195 RunMB.bat
06/04/2012 06:56 PM 52 scantime.txt
08/31/2000 09:00 AM 98,816 sed.exe
03/26/2012 11:00 PM 123,969 ShowNew.bat
03/26/2012 11:00 PM 135,249 SN64.bat
12/22/2011 01:31 AM 4,905 SRVen.bat
06/04/2012 06:40 PM 3,846 srven.txt
12/16/2007 06:36 PM 156,160 swreg.exe
12/16/2007 06:47 PM 66,048 swwhoami.exe
09/11/2009 12:37 AM 5,841 SysBU.bat
06/04/2012 06:40 PM 15,265,086 sysinfo.txt
09/10/2009 10:31 PM <DIR> temp
08/03/2007 05:11 PM 213 unhide.reg
05/30/2010 07:15 PM 1,755 UnKeys.bat
01/25/2012 01:22 AM 4,022 UserInfo.bat
06/04/2012 06:37 PM 9,310 UserInfo.txt
12/28/2007 03:42 PM 49,152 vfind.exe
12/28/2007 04:16 PM 861 VunFind.bat
06/04/2012 06:37 PM 551,389 winfiles.txt
06/04/2012 06:37 PM 137,418 winsock.txt
03/26/2012 09:58 PM 2,201 za.bat
06/04/2012 06:51 PM 294 zia04240
01/13/2005 10:41 PM 126,976 zip.exe
93 File(s) 19,139,985 bytes
3 Dir(s) 61,910,503,424 bytes free
******************************************************************************

******************************************************************************
* File Versions Used: *
* GetLogs.Bat - 01/27/2012 Version 2.39 *
* 32 bit Windows OS found *
* GetUnKeys.Bat - 01/23/2009 Version 0.19 *
* 32 bit Windows OS found *
* GetRunKey.bat - 12/01/2011 Version 2.64 *
* ShowNew.bat - 03/26/2012 Version 2.93 *
* UserInfo.Bat - 01/25/2012 Version 1.05 *
* NwkTst.bat - 12/30/2011 Version 0.34 *
* GetNetInf.bat - 01/19/2011 Version 0.13 *
* MiscInfo.Bat - 01/25/2012 Version 0.07 *
* MIalt.bat - 01/25/2012 Version 0.02 *
* SRVen.bat - 12/22/2011 Version 0.01 *
******************************************************************************

******************************************************************************
MGtools installation folder and files at End of Scans
******************************************************************************
Volume in drive C is ACER
Volume Serial Number is 7C0F-03FC

Directory of C:\MGtools

06/04/2012 07:07 PM <DIR> .
06/04/2012 07:07 PM <DIR> ..
04/23/2010 02:18 AM 388,608 analyse.exe
10/07/2010 01:11 AM 6,806 BamFix.bat
12/04/2010 06:49 PM 372 bamRCfix.txt
06/07/2007 01:24 AM 6,146 chodefix.bat
12/13/2009 04:25 PM 1,954 config.reg
10/13/2011 09:54 PM 3,114 DebugMGT.bat
08/01/2007 11:13 PM 120 DisableUAC.reg
08/07/2008 03:27 PM 61,440 download.exe
08/01/2007 11:13 PM 120 EnableUAC.reg
06/04/2012 07:03 PM 7,060 ffdata.txt
06/04/2012 07:07 PM 6,899 filelog.txt
04/18/2009 02:48 AM 320 FindOVL.bat
08/14/2010 03:40 PM 2,027 FindRN.bat
11/05/2011 12:19 PM 6,355 FixACLS.bat
05/27/2011 02:08 PM 1,588 FixAttr.bat
07/10/2008 01:50 AM 1,897 FixBagle.bat
01/27/2009 12:27 AM 3,765 fixBagle.reg
12/04/2010 06:42 PM 1,623 FixbamRC.bat
01/14/2009 12:28 AM 1,034 FixCF.bat
01/02/2009 09:44 PM 581 fixCF.reg
06/07/2007 01:14 AM 738 fixChode.reg
12/29/2008 01:29 AM 438 FixFA.bat
05/27/2011 01:35 PM 23,678 fixFA.reg
12/30/2011 02:53 AM 3,191 FixNet.bat
08/30/2011 11:41 PM 7,584 FixPerm.bat
08/14/2010 03:12 PM 439 FixSBM.bat
12/04/2006 02:20 PM 12,924 fixSBM.reg
12/12/2011 04:04 PM 107,019 FixW7BFE.reg
12/12/2011 04:05 PM 3,768 FixW7FW.reg
12/12/2011 04:05 PM 1,812 FixW7FWdrv.reg
12/12/2011 04:07 PM 469 FixWFW.bat
12/12/2011 12:38 AM 9,270 fixXPnetbt.reg
10/30/2006 12:17 PM 245,760 GetDetails.exe
01/27/2012 12:23 AM 11,238 GetLogs.Bat
12/23/2010 09:38 PM 3,054 GetMBR.bat
03/03/2012 01:31 AM 14,849 GetMsrv.bat
01/19/2012 02:31 AM 26,334 GetNetInf.bat
12/01/2011 02:37 AM 123,493 GetRunKey.bat
06/04/2012 06:56 PM 436,523 GetUnKey.txt
01/23/2009 05:00 PM 2,949 GetUnKeys.bat
04/14/2003 01:00 AM 80,412 grep.exe
12/01/2011 03:14 AM 125,169 GRK64.bat
06/22/2009 10:48 PM 393 hide.reg
06/04/2012 07:03 PM 8,587 hijackthis.log
04/07/2012 02:44 PM 55,636 history.txt
03/06/2009 03:30 AM 6,606 HTAfind.bat
04/02/2004 07:44 PM 1,756 IEFIX.reg
01/13/2005 10:41 PM 11,254 locate.com
10/28/1986 12:51 PM 13,184 ltime.exe
03/05/2010 12:39 AM 220 mbrfix.bat
04/07/2012 02:35 PM 6,092 MGclean.bat
01/26/2012 10:37 PM 6,878 MIalt.bat
01/25/2012 01:02 AM 15,116 MiscInfo.bat
06/04/2012 07:03 PM 85,570 miscinfo.txt
06/04/2012 07:03 PM 72,521 miscinfo2.txt
06/04/2012 07:03 PM 30,105 msrvlog.txt
06/04/2012 07:03 PM 7,289 msrvstate.txt
06/04/2012 07:03 PM 194,672 netinflong.txt
06/04/2012 07:03 PM 7,671 netinfo.txt
06/04/2012 07:03 PM 172,325 newfiles.txt
12/30/2011 05:18 PM 33,978 NwkTst.bat
06/04/2012 07:03 PM 9,105 nwktst.txt
12/22/2011 11:59 PM 3,029 perm.cmd
12/31/2011 08:09 PM 249,344 pevFind.exe
06/04/2012 07:07 PM 154,376 procdll.txt
06/05/2003 09:13 PM 53,248 Process.exe
08/01/2006 09:14 AM 6,656 ProcessDll.exe
04/18/2007 01:55 PM 145 Regfix.bat
07/30/2009 11:09 PM 497 RemMWS.bat
12/22/2011 05:09 PM 1,544 resetperm-x64.cmd
12/22/2011 04:59 PM 1,539 resetperm.cmd
06/04/2012 06:58 PM 65,370 runkeys.txt
06/15/2009 10:01 PM 195 RunMB.bat
06/04/2012 06:56 PM 52 scantime.txt
08/31/2000 09:00 AM 98,816 sed.exe
03/26/2012 11:00 PM 123,969 ShowNew.bat
03/26/2012 11:00 PM 135,249 SN64.bat
12/22/2011 01:31 AM 4,905 SRVen.bat
06/04/2012 07:07 PM 3,963 srven.txt
12/16/2007 06:36 PM 156,160 swreg.exe
12/16/2007 06:47 PM 66,048 swwhoami.exe
09/11/2009 12:37 AM 5,841 SysBU.bat
06/04/2012 07:06 PM 15,375,392 sysinfo.txt
06/04/2012 07:07 PM <DIR> temp
08/03/2007 05:11 PM 213 unhide.reg
05/30/2010 07:15 PM 1,755 UnKeys.bat
01/25/2012 01:22 AM 4,022 UserInfo.bat
06/04/2012 07:03 PM 9,264 UserInfo.txt
12/28/2007 03:42 PM 49,152 vfind.exe
12/28/2007 04:16 PM 861 VunFind.bat
06/04/2012 07:03 PM 551,389 winfiles.txt
06/04/2012 07:03 PM 137,418 winsock.txt
03/26/2012 09:58 PM 2,201 za.bat
06/04/2012 06:51 PM 294 zia04240
01/13/2005 10:41 PM 126,976 zip.exe
94 File(s) 19,871,781 bytes
3 Dir(s) 61,767,061,504 bytes free
******************************************************************************
Begin scan time
Mon 06/04/2012 at 18:56:09.16
End scan time
Mon 06/04/2012 at 19:07:02.22

Peter Jordan · « **Reply #48 on:** June 04, 2012, 05:04:38 PM »

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 7:03:57 PM, on 6/4/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Acer Bio Protection\PdtWzd.exe
C:\Program Files\Launch Manager\LManager.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Users\Peter\Desktop\MGtools.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\ntvdm.exe
C:\Windows\Explorer.EXE
C:\MGTools\analyse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mls.gsmls.com/member/index.jsp/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\ievkbd.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~3\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\klwtbbho.dll
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s
O4 - HKLM\..\Run: [VitaKeyPdtWzd] "c:\Program Files\Acer Bio Protection\PdtWzd.exe"
O4 - HKLM\..\Run: [LManager] C:\Program Files\Launch Manager\LManager.exe
O4 - HKLM\..\Run: [ePower_DMC] C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe
O4 - HKLM\..\Run: [Acer Assist Launcher] C:\Program Files\Acer\Acer Assist\launcher.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Peter\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
O9 - Extra button: Quick-Launch Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - c:\Program Files\Acer Bio Protection\PwdBank.exe
O9 - Extra 'Tools' menuitem: Quick-Launch Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - c:\Program Files\Acer Bio Protection\PwdBank.exe
O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: &Virtual Keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\ievkbd.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\klwtbbho.dll
O9 - Extra button: (no name) - {316FDCC0-C0CC-4896-AACE-D073621B68C3} - C:\Users\Peter\Documents\Hostblock.exe (HKCU)
O9 - Extra 'Tools' menuitem: Hostblock - {316FDCC0-C0CC-4896-AACE-D073621B68C3} - C:\Users\Peter\Documents\Hostblock.exe (HKCU)
O9 - Extra button: Hostblock - {5213F412-918A-496c-B0E1-BC0CB8EE039D} - C:\Users\Peter\Documents\Hostblock.exe (HKCU)
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: http://*.realtytools.com
O15 - Trusted Zone: http://*.toolkitcma.com
O15 - Trusted Zone: http://*.toolkitcma2.com
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Acer\Acer VCM\Skype4COM.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O20 - Winlogon Notify: spba - C:\Program Files\Common Files\SPBA\homefus2.dll
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Kaspersky Anti-Virus Service (AVP) - Kaspersky Lab ZAO - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe

--
End of file - 8586 bytes

Peter Jordan · « **Reply #49 on:** June 04, 2012, 05:07:43 PM »

MGtools produced a zip file -- many of the individual files are too large to post.

Is there a way for me to upload the zip file directly?

evilfantasy · « **Reply #50 on:** June 04, 2012, 05:16:00 PM »

Upload the file to File Dropper

Click Upload
Locate the file and double click it.
Copy the link under Share This Link: and post it back here.

Peter Jordan · « **Reply #51 on:** June 04, 2012, 05:20:39 PM »

http://www.filedropper.com/mglogs

evilfantasy · « **Reply #52 on:** June 04, 2012, 07:18:21 PM »

I have sent a message to someone asking a second opinion. I will be back to you ASAP so don't think I am abandoning this topic please.

evilfantasy · « **Reply #53 on:** June 04, 2012, 08:00:30 PM »

Please go to VirusTotal.com
(If more than one file needs scanned they must be done separately and logs posted for each one)

1. Copy the file path in the below Code box:

Code: [Select]

C:\Program Files\Common Files\Data\hd438A_module.dat
2. At the upload site, click once inside the window next to Browse.
3. Press Ctrl+V on the keyboard (both at the same time) to paste the file path into the window.
4. Next click Send File
Your file will possibly be entered into a queue which normally takes less than a minute to clear.
This will perform a scan across multiple different virus scanning engines.
Important: Wait for all of the scanning engines to complete.
5. Copy and then Paste the link to the results in the next reply.

Important! If you get a page that says 'File has already been analysed' in the results then please use the Reanalyze option.

Peter Jordan · « **Reply #54 on:** June 05, 2012, 12:25:43 PM »

https://www.virustotal.com/file/db78a362f48ee8b0f1e71dcfed78fa3027d329e0c4c3d981ecd8dc447bfa43da/analysis/1338921212/

evilfantasy · « **Reply #55 on:** June 05, 2012, 01:04:52 PM »

Many thanks to thisisu from MajorGeeks for his input.

@Peter Jordan - The file may not be malicious but is believed to be the problem so we need to remove it.

Note: the below instructions were created specifically for this user. If you are not this user, DO NOT follow these directions as they could damage the workings of your system

Delete these files/folders, as follows:

1. Go to Start > Run > type Notepad.exe and click OK to open Notepad.
It must be Notepad, not Wordpad.
2. Copy the text in the below code box by highlighting all the text and pressing Ctrl+C

Code: [Select]

File::
C:\Program Files\Common Files\Data\hd438A_module.dat

3. Go to the Notepad window and click Edit > Paste
4. Then click File > Save
5. Name the file CFScript.txt - Save the file to your Desktop
6. Then drag the CFScript (hold the left mouse button while dragging the file) and drop it (release the left mouse button) into ComboFix.exe as you see in the screenshot below. Important: Perform this instruction carefully!

ComboFix will begin to execute, just follow the prompts.
After reboot (in case it asks to reboot), it will produce a log for you.
Post that log (Combofix.txt) in your next reply.

Note: Do not mouseclick ComboFix's window while it is running. That may cause your system to freeze

Let me know how the computer is doing now.

Peter Jordan · « **Reply #56 on:** June 05, 2012, 01:45:00 PM »

Wish I could report it helped, but no difference.

ComboFix 12-06-05.03 - Peter 06/05/2012 15:27:09.1.2 - x86
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.2814.2065 [GMT -4:00]
Running from: c:\users\Peter\Desktop\ComboFix.exe
Command switches used :: c:\users\Peter\Desktop\CFScript.txt
AV: Kaspersky Anti-Virus *Disabled/Updated* {2EAA32A5-1EE1-1B22-95DA-337730C6E984}
SP: Kaspersky Anti-Virus *Disabled/Updated* {95CBD341-38DB-14AC-AF6A-08054B41A339}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\program files\Common Files\Data\hd438A_module.dat"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\1322197141.dll
c:\windows\system32\13382918041.dll
c:\windows\system32\17204299641.dll
c:\windows\system32\17385840641.dll
c:\windows\system32\22341217841.dll
.
.
((((((((((((((((((((((((( Files Created from 2012-05-05 to 2012-06-05 )))))))))))))))))))))))))))))))
.
.
2012-06-05 19:39 . 2012-06-05 19:39   --------   d-----w-   c:\users\Peter\AppData\Local\temp
2012-06-05 19:39 . 2012-06-05 19:39   --------   d-----w-   c:\windows\system32\config\systemprofile\AppData\Local\temp
2012-06-05 19:39 . 2012-06-05 19:39   --------   d-----w-   c:\users\Public\AppData\Local\temp
2012-06-05 19:39 . 2012-06-05 19:39   --------   d-----w-   c:\users\Default\AppData\Local\temp
2012-06-05 13:01 . 2012-06-05 13:02   34560   ----a-w-   c:\windows\system32\drivers\Normandy.sys
2012-06-05 12:47 . 2012-05-08 16:40   6737808   ----a-w-   c:\programdata\Microsoft\Windows Defender\Definition Updates\{9E81F26A-F463-425C-8AF2-E839A425D563}\mpengine.dll
2012-06-04 22:23 . 2012-06-04 23:51   --------   d-----w-   C:\MGtools
2012-06-04 18:31 . 2012-04-04 19:56   22344   ----a-w-   c:\windows\system32\drivers\mbam.sys
2012-06-03 16:38 . 2012-06-05 19:23   --------   d-----w-   c:\users\Peter\AppData\Local\CrashDumps
2012-06-03 16:26 . 2012-06-03 16:58   --------   d-----w-   c:\programdata\Norton
2012-06-02 14:03 . 2012-06-02 14:03   --------   d-----w-   c:\programdata\Sophos
2012-06-02 14:03 . 2012-06-02 18:11   --------   d-----w-   c:\program files\Sophos
2012-06-02 13:27 . 2012-06-02 13:27   --------   d-----w-   C:\VundoFix Backups
2012-06-01 01:23 . 2012-06-04 18:31   --------   d-----w-   c:\program files\Malwarebytes' Anti-Malware
2012-05-29 14:24 . 2012-05-29 14:24   --------   d-----w-   c:\users\Peter\AppData\Roaming\SUPERAntiSpyware.com
2012-05-29 14:23 . 2012-06-04 15:59   --------   d-----w-   c:\program files\SUPERAntiSpyware
2012-05-26 23:36 . 2012-05-26 23:36   --------   d-----w-   c:\program files\Trend Micro
2012-05-26 22:31 . 2012-05-26 22:31   --------   d-----w-   c:\program files\Common Files\Java
2012-05-26 22:29 . 2012-05-26 22:29   --------   d-----w-   c:\program files\Oracle
2012-05-26 22:28 . 2012-04-04 22:47   772504   ----a-w-   c:\windows\system32\npDeployJava1.dll
2012-05-17 11:42 . 2012-06-04 15:59   --------   d-----w-   c:\program files\RemoteAutomator
2012-05-17 11:42 . 2012-05-26 18:58   --------   d-----w-   c:\programdata\RemoteAutomator
2012-05-09 21:01 . 2012-03-30 10:23   1291632   ----a-w-   c:\windows\system32\drivers\tcpip.sys
2012-05-09 21:01 . 2012-03-31 04:29   936960   ----a-w-   c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2012-05-09 21:01 . 2012-03-31 04:30   1221632   ----a-w-   c:\program files\Windows Journal\NBDoc.DLL
2012-05-09 21:01 . 2012-03-31 04:29   989184   ----a-w-   c:\program files\Windows Journal\JNTFiltr.dll
2012-05-09 21:01 . 2012-03-31 04:29   969216   ----a-w-   c:\program files\Windows Journal\JNWDRV.dll
2012-05-09 21:01 . 2012-03-31 04:39   3968368   ----a-w-   c:\windows\system32\ntkrnlpa.exe
2012-05-09 21:01 . 2012-03-31 04:39   3913072   ----a-w-   c:\windows\system32\ntoskrnl.exe
2012-05-09 21:01 . 2012-03-31 02:36   2343424   ----a-w-   c:\windows\system32\win32k.sys
2012-05-09 21:01 . 2012-03-17 07:27   56176   ----a-w-   c:\windows\system32\drivers\partmgr.sys
2012-05-09 21:00 . 2012-03-03 05:31   1077248   ----a-w-   c:\windows\system32\DWrite.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-04 23:07 . 2012-06-04 22:33   1021195   ----a-w-   C:\MGlogs.zip
2012-06-03 18:33 . 2010-06-24 15:33   19736   ----a-w-   c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-05-05 10:39 . 2012-03-29 22:59   419488   ----a-w-   c:\windows\system32\FlashPlayerApp.exe
2012-05-05 10:39 . 2011-05-13 13:08   70304   ----a-w-   c:\windows\system32\FlashPlayerCPLApp.cpl
2012-04-04 22:47 . 2010-08-16 11:32   687504   ----a-w-   c:\windows\system32\deployJava1.dll
2012-03-26 14:00 . 2012-04-13 11:20   112056   ----a-w-   c:\windows\system32\acaptuser32.dll
2011-02-27 00:14 . 2011-02-27 00:14   7808600   ----a-w-   c:\program files\PowerPack3.exe
2011-02-27 00:13 . 2011-02-27 00:13   5404768   ----a-w-   c:\program files\RegCleaner603.exe
2010-08-19 16:59 . 2010-08-19 16:59   197632   ----a-w-   c:\program files\Common Files\OnlineFilesManager.dll
2012-04-21 01:19 . 2012-06-02 19:30   97208   ----a-w-   c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12   94208   ----a-w-   c:\users\Peter\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12   94208   ----a-w-   c:\users\Peter\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12   94208   ----a-w-   c:\users\Peter\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Online Files]
@="{B82655E9-B81D-4A97-8154-0D84A4C048E4}"
[HKEY_CLASSES_ROOT\CLSID\{B82655E9-B81D-4A97-8154-0D84A4C048E4}]
2010-08-19 16:59   197632   ----a-w-   c:\program files\Common Files\OnlineFilesManager.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-05-21 3905920]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-07-02 98304]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-08-06 7703072]
"VitaKeyPdtWzd"="c:\program files\Acer Bio Protection\PdtWzd.exe" [2009-08-06 3575808]
"LManager"="c:\program files\Launch Manager\LManager.exe" [2009-08-28 1130504]
"ePower_DMC"="c:\program files\Acer\Empowering Technology\ePower\ePower_DMC.exe" [2009-07-21 421888]
"Acer Assist Launcher"="c:\program files\Acer\Acer Assist\launcher.exe" [2007-11-19 1261568]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe" [2011-04-25 202296]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"DisableCAD"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\spba]
2009-06-26 17:05   568072   ----a-w-   c:\program files\Common Files\SPBA\homefus2.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages   REG_MULTI_SZ     kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKLM\~\startupfolder\C:^Users^Peter^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^CaptureWiz.lnk]
path=
backup=c:\windows\pss\CaptureWiz.lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^Peter^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk]
path=
backup=c:\windows\pss\Dropbox.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2012-02-21 01:28   59240   ----a-w-   c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2011-07-28 23:08   1259376   ----a-w-   c:\program files\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Garmin Lifetime Updater]
2011-07-28 13:10   1406824   ----a-w-   c:\program files\Garmin\Lifetime Updater\GarminLifetime.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2012-03-06 23:05   421736   ----a-w-   c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MobileDocuments]
2012-02-23 16:30   59240   ----a-w-   c:\program files\Common Files\Apple\Internet Services\ubd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
2012-05-21 20:38   3905920   ----a-w-   c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Wisdom-soft ScreenHunter 5.1 Free]
2010-08-08 01:40   5324800   ----a-w-   c:\program files\Wisdom-soft ScreenHunter 5 Free\ScreenHunter.exe
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-05 257696]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2009-04-08 29472]
R3 esgiguard;esgiguard;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys

R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys [2009-11-03 19984]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [2012-04-25 129976]
R3 Normandy;Normandy SR2;

R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4640000]
R4 ETService;Empowering Technology Service;c:\program files\Acer\Empowering Technology\Service\ETService.exe [2009-08-11 24576]
R4 Greg_Service;GRegService;c:\program files\Acer\Registration\GregHSRW.exe [2009-08-28 1150496]
R4 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-06-18 135664]
R4 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-06-18 135664]
R4 IGBASVC;EgisTec Service;c:\program files\Acer Bio Protection\BASVC.exe [2009-08-06 3453440]
R4 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2009-06-18 50432]
R4 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2009-06-18 144640]
S1 kl2;kl2;c:\windows\system32\DRIVERS\kl2.sys [2011-03-04 11352]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [2011-03-10 23856]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [2011-08-11 116608]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-07-02 176128]
S2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe [2009-07-14 20992]
S2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-04-18 11032]
S3 O2MDRDR;O2MDRDR;c:\windows\system32\DRIVERS\o2media.sys [2009-05-07 52128]
S3 O2SDRDR;O2SDRDR;c:\windows\system32\DRIVERS\o2sd.sys [2009-05-07 42144]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation   REG_MULTI_SZ     SSDPSRV upnphost SCardSvr TBS FontCache fdrespub AppIDSvc QWAVE wcncsvc SensrSvc Mcx2Svc
HsfXAudioService   REG_MULTI_SZ     HsfXAudioService
HPZ12   REG_MULTI_SZ     Pml Driver HPZ12 Net Driver HPZ12
.
Contents of the 'Scheduled Tasks' folder
.
2012-06-05 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-29 10:39]
.
2012-06-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-06-18 01:22]
.
2012-06-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-06-18 01:22]
.
2012-06-04 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task 60fc887a-e1bc-430b-8168-7cc7eb16481f.job
- c:\program files\SUPERAntiSpyware\SASTask.exe [2011-05-04 17:52]
.
2012-06-04 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task c06bd2ec-6f4c-4c57-9272-dde63d1a23fb.job
- c:\program files\SUPERAntiSpyware\SASTask.exe [2011-05-04 17:52]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://mls.gsmls.com/member/index.jsp/
mStart Page = hxxp://www.comcast.net/
mWindow Title = Windows Internet Explorer provided by Comcast
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Free YouTube to Mp3 Converter - c:\users\Peter\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
Trusted Zone: realtytools.com
Trusted Zone: toolkitcma.com
Trusted Zone: toolkitcma2.com
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{E8231A03-DFF0-4AB2-A7B4-7FC36769BFC9}: DhcpNameServer = 75.75.75.75 75.75.76.76
FF - ProfilePath - c:\users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\m4fqy7os.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-tyc&p=
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(5696)
c:\users\Peter\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
c:\program files\WIDCOMM\Bluetooth Software\btncopy.dll
.
Completion time: 2012-06-05 15:42:53
ComboFix-quarantined-files.txt 2012-06-05 19:42
ComboFix2.txt 2012-06-04 17:14
ComboFix3.txt 2012-06-04 12:41
ComboFix4.txt 2012-06-03 18:56
ComboFix5.txt 2012-06-05 19:25
.
Pre-Run: 61,042,704,384 bytes free
Post-Run: 60,731,781,120 bytes free
.
- - End Of File - - 5F95F421A2171DAEB7D9F9232C73D7E1

evilfantasy · « **Reply #57 on:** June 05, 2012, 01:47:46 PM »

Are the errors still present?

Peter Jordan · « **Reply #58 on:** June 05, 2012, 05:26:18 PM »

Yes, everything's the same

evilfantasy · « **Reply #59 on:** June 05, 2012, 07:42:16 PM »

Try this and see if the error still happens using the new user account.

How to create a new user account in Windows 7 and Windows Vista

Computer Hope Forum

News:

Author Topic: Kaspersky Malicious URL Blocked -- Windows Explorer Shuts Down (Read 187940 times)

Peter Jordan

Re: Kaspersky Malicious URL Blocked -- Windows Explorer Shuts Down

Peter Jordan

Re: Kaspersky Malicious URL Blocked -- Windows Explorer Shuts Down

Peter Jordan

Re: Kaspersky Malicious URL Blocked -- Windows Explorer Shuts Down

Peter Jordan

Re: Kaspersky Malicious URL Blocked -- Windows Explorer Shuts Down

Peter Jordan

Re: Kaspersky Malicious URL Blocked -- Windows Explorer Shuts Down

evilfantasy

Re: Kaspersky Malicious URL Blocked -- Windows Explorer Shuts Down

Peter Jordan

Re: Kaspersky Malicious URL Blocked -- Windows Explorer Shuts Down

evilfantasy

Re: Kaspersky Malicious URL Blocked -- Windows Explorer Shuts Down

evilfantasy

Re: Kaspersky Malicious URL Blocked -- Windows Explorer Shuts Down

Peter Jordan

Re: Kaspersky Malicious URL Blocked -- Windows Explorer Shuts Down

evilfantasy

Re: Kaspersky Malicious URL Blocked -- Windows Explorer Shuts Down

Peter Jordan

Re: Kaspersky Malicious URL Blocked -- Windows Explorer Shuts Down

evilfantasy

Re: Kaspersky Malicious URL Blocked -- Windows Explorer Shuts Down

Peter Jordan

Re: Kaspersky Malicious URL Blocked -- Windows Explorer Shuts Down

evilfantasy

Re: Kaspersky Malicious URL Blocked -- Windows Explorer Shuts Down