kartac

Fynloski.AA scanable but unremovable

30 posts in this topic

Hy!

My nod32 scanned this thread but it says that it is unable to clean.So I scaned with Malwarebytes and also nothing happend.After all that I have installed a Microsoft Security Essentials and it cleaned it but the virus show up constantly.I have also saved my DDS and Attach files so if you know where is the problem please help me!Thank You!

post-110216-0-07616400-1333101289.jpg

post-110216-0-20851200-1333101348.jpg

Attach.txt

DDS.txt

Share this post


Link to post
Share on other sites

Hello kartac and :welcome:! My name is Maniac and I will be glad to help you solve your malware problem.

Please note:

  • If you are a paying customer, you have the privilege to contact the help desk at support@malwarebytes.org or here (http://helpdesk.malwarebytes.org/home). If you choose this option to get help, please let me know.
  • I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
  • Make sure you read all of the instructions and fixes thoroughly before continuing with them.
  • Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
  • Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.

Step 1

Please uninstall the following applications:

Ask Toolbar

Ask Toolbar Updater - Bundled with many third party applications. Please take a look: here

BrotherSoft Extreme Toolbar - A Conduit "Community Toolbar" - modifies the default IE URL search hook. Conduit toolbars are reputed to have a certain trackware functionality.

Searchqu Toolbar - Searchqu Toolbar, stealth installed, bundled with software from bandoo.com and others. More information here

vShare.tv plugin 1.3 - A Pugi type toolbar. Redirects home and search pages.

µTorrent - It is against our policy. Take a look: here.

Anti-Virus programs take up an enormous amount of your computer's resources when they are actively scanning your computer. Having two anti-virus programs running at the same time can cause your computer to run very slow, become unstable and even, in rare cases, crash. You have ESET NOD32 Antivirus and Microsoft Security Essentials. If you have a license for NOD32 leave it, if not I suggest you to uninstall it and to keep Microsoft Security Essentials.

Step 2

  • Launch Malwarebytes' Anti-Malware
  • Go to Update tab and select Check for Updates. If an update is found, it will download and install the latest version.
  • Go to Scanner tab and select Perform Quick Scan, then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer,please do so immediately.

In your next reply, post the following log files:

  • Malwarebytes' Anti-Malware log
  • a new fresh DDS log file

Share this post


Link to post
Share on other sites

Database version: v2012.03.31.05

Windows 7 Service Pack 1 x86 NTFS

Internet Explorer 8.0.7601.17514

Kartac :: KARTAC-PC [administrator]

Protection: Disabled

31.3.2012. 11:52:21

mbam-log-2012-03-31 (11-52-21).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 210260

Time elapsed: 4 minute(s), 16 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 7

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} (PUP.VShareRedir) -> Quarantined and deleted successfully.

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} (PUP.VShareRedir) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} (PUP.VShareRedir) -> Quarantined and deleted successfully.

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Quarantined and deleted successfully.

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Quarantined and deleted successfully.

HKCU\Software\DC3_FEXEC (Malware.Trace) -> Quarantined and deleted successfully.

Registry Values Detected: 3

HKCU\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser|{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Data: ;áĂzĘ;XAł0öm»áµ -> Quarantined and deleted successfully.

HKCU\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Data: -> Quarantined and deleted successfully.

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Windows Registry Service (Backdoor.Agent) -> Data: C:\Users\Kartac\AppData\Roaming\Microsoft\regsvr16.exe -> Quarantined and deleted successfully.

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 3

C:\Users\Kartac\AppData\Local\Temp\dclogs\2012-03-30-6.dc (Stolen.Data) -> Quarantined and deleted successfully.

C:\Users\Kartac\AppData\Local\Temp\dclogs\2012-03-31-7.dc (Stolen.Data) -> Quarantined and deleted successfully.

C:\Users\Kartac\AppData\Roaming\Microsoft\regsvr16.exe (Backdoor.Agent) -> Quarantined and deleted successfully.

*************************************************************DDS FILE*******************************************************************

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 8.0.7601.17514

Run by Kartac at 12:03:17 on 2012-03-31

Microsoft Windows 7 Ultimate 6.1.7601.1.1250.385.1033.18.2046.770 [GMT 2:00]

.

AV: ESET NOD32 Antivirus 4.2 *Enabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}

AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}

SP: ESET NOD32 Antivirus 4.2 *Enabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}

SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe

C:\Windows\system32\atiesrxx.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\atieclxx.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files\Common Files\BinarySense\disksvc.exe

C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe

C:\Program Files\LogMeIn\x86\RaMaint.exe

C:\Program Files\LogMeIn\x86\LogMeIn.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\LogMeIn\x86\LogMeInSystray.exe

C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe

C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe

C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe

C:\Windows\system32\svchost.exe -k bthsvcs

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe

C:\Program Files\Microsoft Security Client\msseces.exe

C:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Common Files\Apple\Internet Services\ubd.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\Rainmeter\Rainmeter.exe

C:\Program Files\Common Files\Apple\Apple Application Support\distnoted.exe

C:\Windows\system32\conhost.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Users\Kartac\AppData\Roaming\Dropbox\bin\Dropbox.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Skype\Phone\Skype.exe

C:\Windows\servicing\TrustedInstaller.exe

C:\Users\Kartac\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Kartac\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Kartac\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Windows\system32\rundll32.exe

C:\Users\Kartac\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Users\Kartac\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Kartac\AppData\Local\Google\Chrome\Application\chrome.exe

\\?\C:\Windows\system32\wbem\WMIADAP.EXE

C:\Windows\system32\DllHost.exe

C:\Windows\system32\conhost.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.searchnu.com/406

mStart Page = hxxp://www.google.com

uInternet Settings,ProxyServer = http=;ftp=;https=;

uURLSearchHooks: UrlSearchHook Class: {00000000-6e41-4fd3-8538-502f5495e5fc} - c:\program files\ask.com\GenericAskToolbar.dll

uURLSearchHooks: H - No File

BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

BHO: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll

TB: {51A86BB3-6602-4C85-92A5-130EE4864F13} - No File

uRun: [Google Update] "c:\users\kartac\appdata\local\google\update\GoogleUpdate.exe" /c

uRun: [HDDtemp4] c:\program files\binarysense\hddtemp4\\hddtemp4 /minimized

uRun: [Facebook Update] "c:\users\kartac\appdata\local\facebook\update\FacebookUpdate.exe" /c /nocrashserver

uRun: [AdobeBridge]

uRun: [<NO NAME>]

uRun: [MobileDocuments] c:\program files\common files\apple\internet services\ubd.exe

mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe -s

mRun: [egui] "c:\program files\eset\eset nod32 antivirus\egui.exe" /hide /waitservice

mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"

mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"

mRun: [VirtualCloneDrive] "c:\program files\elaborate bytes\virtualclonedrive\VCDDaemon.exe" /s

mRun: [googletalk] c:\program files\google\google talk\googletalk.exe /autostart

mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe"

mRun: [switchBoard] c:\program files\common files\adobe\switchboard\SwitchBoard.exe

mRun: [AdobeCS5ServiceManager] "c:\program files\common files\adobe\cs5servicemanager\CS5ServiceManager.exe" -launchedbylogin

mRun: [LWS] c:\program files\logitech\lws\webcam software\LWS.exe -hide

mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime

mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray

mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey

mRun: [NSU_agent] "c:\program files\nokia\nokia software updater\nsu3ui_agent.exe"

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [LogMeIn GUI] "c:\program files\logmein\x86\LogMeInSystray.exe"

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRun: [ApnUpdater] "c:\program files\ask.com\updater\Updater.exe"

mRun: [<NO NAME>]

StartupFolder: c:\users\kartac\appdata\roaming\micros~1\windows\startm~1\programs\startup\dropbox.lnk - c:\users\kartac\appdata\roaming\dropbox\bin\Dropbox.exe

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\rainme~1.lnk - c:\program files\rainmeter\Rainmeter.exe

mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableLUA = 0 (0x0)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

mPolicies-system: PromptOnSecureDesktop = 0 (0x0)

IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

TCP: DhcpNameServer = 89.18.32.2 89.18.32.20

TCP: Interfaces\{65A1A030-418A-4681-9CCD-61D089D0D10E} : DhcpNameServer = 89.18.32.2 89.18.32.20

Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll

SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

.

============= SERVICES / DRIVERS ===============

.

R0 hotcore3;hc3ServiceName;c:\windows\system32\drivers\hotcore3.sys [2011-11-27 40560]

R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2011-4-18 165648]

R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-9-8 176128]

R2 eamonm;eamonm;c:\windows\system32\drivers\eamonm.sys [2010-12-21 137144]

R2 ekrn;ESET Service;c:\program files\eset\eset nod32 antivirus\ekrn.exe [2011-1-12 810144]

R2 epfwwfpr;epfwwfpr;c:\windows\system32\drivers\epfwwfpr.sys [2010-12-21 95384]

R2 HDD & SSD access service;HDD & SSD access service;c:\program files\common files\binarysense\disksvc.exe [2009-4-20 205976]

R2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\logmein\x86\LMIGuardianSvc.exe [2012-1-31 374152]

R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\logmein\x86\rainfo.sys [2011-9-16 12856]

R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2012-3-21 47640]

R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-2-15 652360]

R2 NIHardwareService;NIHardwareService;c:\program files\common files\native instruments\hardware\NIHardwareService.exe [2011-4-7 3857408]

R2 UMVPFSrv;UMVPFSrv;c:\program files\common files\logishrd\lvmvfm\UMVPFSrv.exe [2012-1-18 450848]

R3 amdkmdag;amdkmdag;c:\windows\system32\drivers\atikmdag.sys [2011-9-8 8606208]

R3 amdkmdap;amdkmdap;c:\windows\system32\drivers\atikmpag.sys [2011-9-8 248832]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-2-15 20464]

R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\drivers\MpNWMon.sys [2011-4-18 43392]

R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2011-4-27 65024]

R3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\antimalware\NisSrv.exe [2011-4-27 208944]

R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2009-6-10 139776]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888]

S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2011-10-24 15872]

S3 SwitchBoard;SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]

S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-10-24 52224]

S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2011-10-25 1343400]

.

=============== Created Last 30 ================

.

2012-03-31 09:27:22 6582328 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{c8e55227-37b9-48fb-803e-73c31fc82541}\mpengine.dll

2012-03-30 09:41:43 -------- d--h--w- c:\windows\PIF

2012-03-29 12:51:07 -------- d-----w- c:\users\kartac\appdata\local\Ilivid Player

2012-03-29 12:50:59 -------- d-----w- c:\program files\iLivid

2012-03-29 11:55:15 -------- d-----w- c:\program files\iPod

2012-03-27 10:39:57 -------- d-----w- c:\program files\WinSCP

2012-03-21 21:03:51 -------- d-----w- c:\users\kartac\appdata\local\LogMeIn

2012-03-21 21:03:49 52096 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\LMIproc.dll

2012-03-21 21:03:49 30592 ----a-w- c:\windows\system32\LMIport.dll

2012-03-21 21:03:48 83360 ----a-w- c:\windows\system32\LMIRfsClientNP.dll

2012-03-21 21:03:48 47640 ----a-w- c:\windows\system32\drivers\LMIRfsDriver.sys

2012-03-21 21:03:45 87424 ----a-w- c:\windows\system32\LMIinit.dll

2012-03-21 21:03:43 -------- d-----w- c:\programdata\LogMeIn

2012-03-21 21:03:31 -------- d-----w- c:\program files\LogMeIn

2012-03-13 20:49:13 -------- d-----w- c:\users\kartac\appdata\local\{2A5F8194-83B1-4F41-B344-FFB846D534CE}

2012-03-13 20:12:46 2343424 ----a-w- c:\windows\system32\win32k.sys

2012-03-13 20:12:42 1077248 ----a-w- c:\windows\system32\DWrite.dll

2012-03-13 19:55:57 8192 ----a-w- c:\windows\system32\rdrmemptylst.exe

2012-03-13 19:55:57 129536 ----a-w- c:\windows\system32\rdpcorekmts.dll

2012-03-13 19:55:56 58880 ----a-w- c:\windows\system32\rdpwsx.dll

2012-03-13 19:55:54 919040 ----a-w- c:\windows\system32\rdpcorets.dll

2012-03-13 19:55:54 826880 ----a-w- c:\windows\system32\rdpcore.dll

2012-03-13 19:55:53 24576 ----a-w- c:\windows\system32\drivers\tdtcp.sys

2012-03-13 19:55:52 183808 ----a-w- c:\windows\system32\drivers\rdpwd.sys

2012-03-13 19:30:47 -------- d-----w- c:\program files\iTunes

2012-03-09 16:03:33 -------- d-----w- c:\users\kartac\appdata\local\libimobiledevice

2012-03-08 19:24:47 -------- d-----w- c:\users\kartac\appdata\roaming\MusicBee

2012-03-08 19:17:10 -------- d-----w- c:\users\kartac\appdata\local\Luminescence_Software

2012-03-08 18:48:09 -------- d-----w- c:\users\kartac\appdata\local\MediaMonkey

2012-03-08 18:48:01 -------- d-----w- c:\users\kartac\appdata\roaming\MediaMonkey

2012-03-08 18:47:42 -------- d-----w- c:\programdata\MediaMonkey

2012-03-08 18:47:34 -------- d-----w- c:\program files\MediaMonkey

2012-03-08 18:35:33 -------- d-----w- c:\program files\TagScanner

2012-03-08 18:35:20 -------- d-----w- c:\users\kartac\appdata\roaming\TagJet

2012-03-08 18:25:49 -------- d-----w- c:\program files\TagJet

2012-03-07 12:24:18 -------- d-----w- c:\users\kartac\appdata\roaming\Nokia Suite

2012-03-07 12:03:25 -------- d-----w- c:\users\kartac\appdata\roaming\libimobiledevice

2012-03-07 11:36:05 -------- d-----w- c:\users\kartac\appdata\roaming\ImTOO

2012-03-07 11:34:15 -------- d-----w- c:\programdata\ImTOO

2012-03-07 11:34:15 -------- d-----w- c:\program files\ImTOO

2012-03-06 20:12:38 -------- d-----w- c:\users\kartac\appdata\local\NokiaAccount

2012-03-06 20:08:22 -------- d-----w- c:\programdata\Nokia

2012-03-06 20:07:25 -------- d-----w- c:\programdata\NokiaInstallerCache

2012-03-06 19:56:20 -------- d-----w- c:\program files\MSXML 4.0

2012-03-06 19:56:13 -------- d-----w- c:\program files\PC Connectivity Solution

2012-03-06 19:55:25 73728 ----a-r- c:\users\kartac\appdata\roaming\microsoft\installer\{7130468a-f53f-4698-8c09-a339ea3b05e6}\NewShortcut47_74B9CE5DF1F4447F982DCA29A461B529.exe

2012-03-06 19:55:25 73728 ----a-r- c:\users\kartac\appdata\roaming\microsoft\installer\{7130468a-f53f-4698-8c09-a339ea3b05e6}\NewShortcut46_74B9CE5DF1F4447F982DCA29A461B529.exe

2012-03-06 19:55:25 53248 ----a-r- c:\users\kartac\appdata\roaming\microsoft\installer\{7130468a-f53f-4698-8c09-a339ea3b05e6}\ARPPRODUCTICON.exe

2012-03-06 19:55:25 49152 ----a-r- c:\users\kartac\appdata\roaming\microsoft\installer\{7130468a-f53f-4698-8c09-a339ea3b05e6}\Uninstall_QA_OTI_H_FE5D756F71E147C4972AD6775344B40B.exe

2012-03-06 19:55:25 49152 ----a-r- c:\users\kartac\appdata\roaming\microsoft\installer\{7130468a-f53f-4698-8c09-a339ea3b05e6}\NewShortcut2_1C7B7089989A424FB39D41A32581C775.exe

2012-03-06 19:55:21 -------- d-----w- c:\users\kartac\appdata\local\Nokia

2012-03-06 19:19:43 -------- d-----w- c:\program files\common files\PCSuite

2012-03-06 19:19:38 -------- d-----w- c:\program files\common files\Nokia

2012-03-06 19:19:33 18816 ----a-w- c:\windows\system32\drivers\pccsmcfd.sys

2012-03-06 19:19:09 75264 ----a-w- c:\windows\system32\nmwcdcls.dll

2012-03-06 19:19:08 -------- d-----w- c:\program files\Nokia

2012-03-04 09:39:10 6582328 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll

2012-03-03 11:15:59 713784 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\{11661356-1412-41a9-bfb1-a64011a674bc}\gapaengine.dll

2012-03-03 11:13:20 -------- d-----w- c:\program files\Microsoft Security Client

.

==================== Find3M ====================

.

2012-03-12 17:34:38 472808 ----a-w- c:\windows\system32\deployJava1.dll

2012-02-29 15:22:07 16400 ----a-w- c:\windows\system32\drivers\LNonPnP.sys

2012-02-15 10:01:50 4547944 ----a-w- c:\windows\system32\usbaaplrc.dll

2012-02-15 10:01:50 43520 ----a-w- c:\windows\system32\drivers\usbaapl.sys

2012-01-29 04:10:42 237072 ------w- c:\windows\system32\MpSigStub.exe

2012-01-18 06:44:52 540960 ----a-w- c:\windows\system32\LVUI2RC.dll

2012-01-18 06:44:52 4332960 ----a-w- c:\windows\system32\drivers\LVUVC.sys

2012-01-18 06:44:40 545056 ----a-w- c:\windows\system32\LVUI2.dll

2012-01-18 06:44:28 312096 ----a-w- c:\windows\system32\drivers\lvrs.sys

2012-01-18 06:44:26 307488 ----a-w- c:\windows\system32\LVCodec2.dll

2012-01-18 06:44:26 196896 ----a-w- c:\windows\system32\lvci13311044.dll

2012-01-18 06:44:00 336408 ----a-w- c:\windows\system32\DevManagerCore.dll

2012-01-18 06:44:00 10920984 ----a-w- c:\windows\system32\LogiDPP.dll

2012-01-18 06:44:00 104472 ----a-w- c:\windows\system32\LogiDPPApp.exe

2012-01-09 16:28:20 8192 ----a-w- c:\windows\system32\drivers\usbser_lowerfltj.sys

2012-01-09 16:28:20 8192 ----a-w- c:\windows\system32\drivers\usbser_lowerflt.sys

2012-01-09 16:28:20 23168 ----a-w- c:\windows\system32\drivers\ccdcmbo.sys

2012-01-09 16:28:20 18176 ----a-w- c:\windows\system32\drivers\ccdcmb.sys

.

============= FINISH: 12:04:13,78 ===============

Share this post


Link to post
Share on other sites

Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please include the C:\ComboFix.txt in your next reply for further review.

Share this post


Link to post
Share on other sites

I think that Malwarebytes cleaned the virus because I dont get any errors from eset or microsoft essentials but here is my combofix txt...

ComboFix 12-03-31.03 - Kartac 1.04.2012. 13:52:29.1.2 - x86

Microsoft Windows 7 Ultimate 6.1.7601.1.1250.385.1033.18.2046.1000 [GMT 2:00]

Running from: c:\users\Kartac\Desktop\ComboFix.exe

AV: ESET NOD32 Antivirus 4.2 *Disabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}

AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}

SP: ESET NOD32 Antivirus 4.2 *Disabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}

SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\users\Kartac\AppData\Roaming\vso_ts_preview.xml

c:\users\Kartac\AppData\Roaming\winlog

c:\windows\pkunzip.pif

c:\windows\pkzip.pif

c:\windows\system32\restart.exe

.

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

-------\Service_RkHit

.

.

((((((((((((((((((((((((( Files Created from 2012-03-01 to 2012-04-01 )))))))))))))))))))))))))))))))

.

.

2012-04-01 11:07 . 2012-03-14 02:15 6582328 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{0FE037D8-8F67-44EE-A608-B3BFA3F1E8C9}\mpengine.dll

2012-03-30 09:41 . 2012-03-30 09:41 -------- d--h--w- c:\windows\PIF

2012-03-29 12:51 . 2012-03-29 12:51 -------- d-----w- c:\users\Kartac\AppData\Local\Ilivid Player

2012-03-29 12:50 . 2012-03-29 12:55 -------- d-----w- c:\program files\iLivid

2012-03-29 11:55 . 2012-03-29 11:55 -------- d-----w- c:\program files\iPod

2012-03-27 10:39 . 2012-03-27 10:39 -------- d-----w- c:\program files\WinSCP

2012-03-21 21:05 . 2012-03-21 21:05 -------- d-----w- c:\users\LogMeInRemoteUser

2012-03-21 21:03 . 2012-03-21 21:03 -------- d-----w- c:\users\Kartac\AppData\Local\LogMeIn

2012-03-21 21:03 . 2012-01-31 20:30 52096 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\LMIproc.dll

2012-03-21 21:03 . 2012-01-31 20:30 30592 ----a-w- c:\windows\system32\LMIport.dll

2012-03-21 21:03 . 2012-01-31 20:30 83360 ----a-w- c:\windows\system32\LMIRfsClientNP.dll

2012-03-21 21:03 . 2011-09-16 13:10 47640 ----a-w- c:\windows\system32\drivers\LMIRfsDriver.sys

2012-03-21 21:03 . 2012-01-31 20:30 87424 ----a-w- c:\windows\system32\LMIinit.dll

2012-03-21 21:03 . 2012-04-01 10:56 -------- d-----w- c:\programdata\LogMeIn

2012-03-21 21:03 . 2012-03-22 09:48 -------- d-----w- c:\program files\LogMeIn

2012-03-13 20:12 . 2012-02-03 03:54 2343424 ----a-w- c:\windows\system32\win32k.sys

2012-03-13 20:12 . 2012-02-10 05:38 1077248 ----a-w- c:\windows\system32\DWrite.dll

2012-03-13 19:55 . 2012-01-25 05:32 129536 ----a-w- c:\windows\system32\rdpcorekmts.dll

2012-03-13 19:55 . 2012-01-25 05:27 8192 ----a-w- c:\windows\system32\rdrmemptylst.exe

2012-03-13 19:55 . 2012-01-25 05:32 58880 ----a-w- c:\windows\system32\rdpwsx.dll

2012-03-13 19:55 . 2012-02-17 05:34 919040 ----a-w- c:\windows\system32\rdpcorets.dll

2012-03-13 19:55 . 2012-02-17 05:34 826880 ----a-w- c:\windows\system32\rdpcore.dll

2012-03-13 19:55 . 2012-02-17 04:13 24576 ----a-w- c:\windows\system32\drivers\tdtcp.sys

2012-03-13 19:55 . 2012-02-17 04:14 183808 ----a-w- c:\windows\system32\drivers\rdpwd.sys

2012-03-13 19:30 . 2012-03-29 11:56 -------- d-----w- c:\program files\iTunes

2012-03-12 17:34 . 2012-03-12 17:34 -------- d-----w- c:\program files\Common Files\Java

2012-03-09 16:03 . 2012-03-09 16:03 -------- d-----w- c:\users\Kartac\AppData\Local\libimobiledevice

2012-03-08 19:24 . 2012-03-08 19:27 -------- d-----w- c:\users\Kartac\AppData\Roaming\MusicBee

2012-03-08 19:17 . 2012-03-08 19:19 -------- d-----w- c:\users\Kartac\AppData\Local\Luminescence_Software

2012-03-08 18:48 . 2012-03-08 18:48 -------- d-----w- c:\users\Kartac\AppData\Local\MediaMonkey

2012-03-08 18:48 . 2012-03-11 14:44 -------- d-----w- c:\users\Kartac\AppData\Roaming\MediaMonkey

2012-03-08 18:47 . 2012-03-08 18:47 -------- d-----w- c:\programdata\MediaMonkey

2012-03-08 18:47 . 2012-03-08 19:04 -------- d-----w- c:\program files\MediaMonkey

2012-03-08 18:35 . 2012-03-08 18:44 -------- d-----w- c:\program files\TagScanner

2012-03-08 18:35 . 2012-03-08 18:35 -------- d-----w- c:\users\Kartac\AppData\Roaming\TagJet

2012-03-08 18:25 . 2012-03-08 18:46 -------- d-----w- c:\program files\TagJet

2012-03-07 12:24 . 2012-03-07 12:24 -------- d-----w- c:\users\Kartac\AppData\Roaming\Nokia Suite

2012-03-07 12:03 . 2012-03-07 12:03 -------- d-----w- c:\users\Kartac\AppData\Roaming\libimobiledevice

2012-03-07 11:36 . 2012-03-07 11:53 -------- d-----w- c:\users\Kartac\AppData\Roaming\ImTOO

2012-03-07 11:34 . 2012-03-07 11:52 -------- d-----w- c:\programdata\ImTOO

2012-03-07 11:34 . 2012-03-07 11:52 -------- d-----w- c:\program files\ImTOO

2012-03-06 20:08 . 2012-03-06 20:08 -------- d-----w- c:\programdata\Nokia

2012-03-06 19:56 . 2012-03-06 19:56 -------- d-----w- c:\program files\MSXML 4.0

2012-03-06 19:56 . 2012-03-06 19:56 -------- d-----w- c:\program files\PC Connectivity Solution

2012-03-06 19:55 . 2012-03-06 19:55 73728 ----a-r- c:\users\Kartac\AppData\Roaming\Microsoft\Installer\{7130468A-F53F-4698-8C09-A339EA3B05E6}\NewShortcut47_74B9CE5DF1F4447F982DCA29A461B529.exe

2012-03-06 19:55 . 2012-03-06 19:55 73728 ----a-r- c:\users\Kartac\AppData\Roaming\Microsoft\Installer\{7130468A-F53F-4698-8C09-A339EA3B05E6}\NewShortcut46_74B9CE5DF1F4447F982DCA29A461B529.exe

2012-03-06 19:55 . 2012-03-06 19:55 53248 ----a-r- c:\users\Kartac\AppData\Roaming\Microsoft\Installer\{7130468A-F53F-4698-8C09-A339EA3B05E6}\ARPPRODUCTICON.exe

2012-03-06 19:55 . 2012-03-06 19:55 49152 ----a-r- c:\users\Kartac\AppData\Roaming\Microsoft\Installer\{7130468A-F53F-4698-8C09-A339EA3B05E6}\Uninstall_QA_OTI_H_FE5D756F71E147C4972AD6775344B40B.exe

2012-03-06 19:55 . 2012-03-06 19:55 49152 ----a-r- c:\users\Kartac\AppData\Roaming\Microsoft\Installer\{7130468A-F53F-4698-8C09-A339EA3B05E6}\NewShortcut2_1C7B7089989A424FB39D41A32581C775.exe

2012-03-06 19:55 . 2012-03-06 20:09 -------- d-----w- c:\users\Kartac\AppData\Local\Nokia

2012-03-06 19:20 . 2012-03-07 12:24 -------- d-----w- c:\users\Kartac\AppData\Roaming\Nokia

2012-03-06 19:20 . 2012-03-06 19:34 -------- d-----w- c:\users\Kartac\AppData\Roaming\PC Suite

2012-03-06 19:20 . 2012-03-06 19:25 -------- d-----w- c:\programdata\PC Suite

2012-03-06 19:19 . 2012-03-06 19:19 -------- d-----w- c:\program files\Common Files\PCSuite

2012-03-06 19:19 . 2012-03-06 19:55 -------- d-----w- c:\program files\Common Files\Nokia

2012-03-06 19:19 . 2012-03-06 19:19 -------- d-----w- c:\program files\DIFX

2012-03-06 19:19 . 2008-08-26 08:26 18816 ----a-w- c:\windows\system32\drivers\pccsmcfd.sys

2012-03-06 19:19 . 2012-01-09 16:28 75264 ----a-w- c:\windows\system32\nmwcdcls.dll

2012-03-06 19:19 . 2012-03-06 20:08 -------- d-----w- c:\program files\Nokia

2012-03-06 19:18 . 2012-03-06 19:39 -------- d-----w- c:\programdata\Installations

2012-03-04 09:39 . 2012-03-14 02:15 6582328 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2012-03-03 11:15 . 2012-03-03 11:15 713784 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{11661356-1412-41A9-BFB1-A64011A674BC}\gapaengine.dll

2012-03-03 11:13 . 2012-03-03 11:13 -------- d-----w- c:\program files\Microsoft Security Client

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-03-12 17:34 . 2011-12-22 22:49 472808 ----a-w- c:\windows\system32\deployJava1.dll

2012-02-29 15:22 . 2012-02-29 15:22 16400 ----a-w- c:\windows\system32\drivers\LNonPnP.sys

2012-02-15 10:01 . 2012-02-15 10:01 4547944 ----a-w- c:\windows\system32\usbaaplrc.dll

2012-02-15 10:01 . 2012-02-15 10:01 43520 ----a-w- c:\windows\system32\drivers\usbaapl.sys

2012-01-29 04:10 . 2011-10-22 19:15 237072 ------w- c:\windows\system32\MpSigStub.exe

2012-01-18 06:44 . 2011-08-19 09:26 540960 ----a-w- c:\windows\system32\LVUI2RC.dll

2012-01-18 06:44 . 2011-08-19 09:26 4332960 ----a-w- c:\windows\system32\drivers\LVUVC.sys

2012-01-18 06:44 . 2011-08-19 09:26 545056 ----a-w- c:\windows\system32\LVUI2.dll

2012-01-18 06:44 . 2012-01-18 06:44 312096 ----a-w- c:\windows\system32\drivers\lvrs.sys

2012-01-18 06:44 . 2012-01-18 06:44 196896 ----a-w- c:\windows\system32\lvci13311044.dll

2012-01-18 06:44 . 2011-08-19 09:26 307488 ----a-w- c:\windows\system32\LVCodec2.dll

2012-01-18 06:44 . 2012-01-18 06:44 336408 ----a-w- c:\windows\system32\DevManagerCore.dll

2012-01-18 06:44 . 2012-01-18 06:44 10920984 ----a-w- c:\windows\system32\LogiDPP.dll

2012-01-18 06:44 . 2012-01-18 06:44 104472 ----a-w- c:\windows\system32\LogiDPPApp.exe

2012-01-09 16:28 . 2012-01-09 16:28 8192 ----a-w- c:\windows\system32\drivers\usbser_lowerfltj.sys

2012-01-09 16:28 . 2012-01-09 16:28 8192 ----a-w- c:\windows\system32\drivers\usbser_lowerflt.sys

2012-01-09 16:28 . 2012-01-09 16:28 23168 ----a-w- c:\windows\system32\drivers\ccdcmbo.sys

2012-01-09 16:28 . 2012-01-09 16:28 18176 ----a-w- c:\windows\system32\drivers\ccdcmb.sys

2012-01-06 04:19 . 2012-02-14 20:38 6557240 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{3B71B5D3-ABFC-4145-90FB-2DFD01A89858}\mpengine.dll

.

.

------- Sigcheck -------

Note: Unsigned files aren't necessarily malware.

.

[-] 2011-10-25 . 7BD7F45FF37FA0669CD32CA0EF46E22C . 811520 . . [6.1.7601.17514] . . c:\windows\System32\user32.dll

[7] 2010-11-20 . F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 . 811520 . . [6.1.7601.17514] . . c:\windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_cf3fd62ccb9e983d\user32.dll

[7] 2009-07-14 . 34B7E222E81FAFA885F0C5F2CFA56861 . 811520 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2011-12-05 19:17 94208 ----a-w- c:\users\Kartac\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2011-12-05 19:17 94208 ----a-w- c:\users\Kartac\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2011-12-05 19:17 94208 ----a-w- c:\users\Kartac\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]

@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]

2011-12-05 19:17 94208 ----a-w- c:\users\Kartac\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"HDDtemp4"="c:\program files\BinarySense\HDDTemp4\\hddtemp4" [X]

"Facebook Update"="c:\users\Kartac\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2011-10-28 137536]

"MobileDocuments"="c:\program files\Common Files\Apple\Internet Services\ubd.exe" [2012-02-23 59240]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2011-08-09 10807912]

"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2011-01-12 2219184]

"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240]

"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]

"VirtualCloneDrive"="c:\program files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2011-03-07 89456]

"googletalk"="c:\program files\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]

"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]

"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]

"AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-07-22 402432]

"LWS"="c:\program files\Logitech\LWS\Webcam Software\LWS.exe" [2011-11-11 205336]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888]

"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]

"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]

"NSU_agent"="c:\program files\Nokia\Nokia Software Updater\nsu3ui_agent.exe" [2012-02-28 190768]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]

"LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2011-09-16 63048]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-03-27 421736]

.

c:\users\Kartac\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Dropbox.lnk - c:\users\Kartac\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-2-15 24246216]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Rainmeter.lnk - c:\program files\Rainmeter\Rainmeter.exe [2011-11-13 100352]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 0 (0x0)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]

2011-09-27 19:03 66328 ----a-w- c:\program files\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

.

[HKLM\~\startupfolder\C:^Users^Kartac^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^MagicDisc.lnk]

path=c:\users\Kartac\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagicDisc.lnk

backup=c:\windows\pss\MagicDisc.lnk.Startup

backupExtension=.Startup

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EvtMgr6]

2011-10-07 09:40 1387288 ----a-w- c:\program files\Logitech\SetPointP\SetPoint.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaSuite.exe]

2012-01-10 17:36 1083264 ----a-w- c:\program files\Nokia\Nokia Suite\NokiaSuite.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]

2011-12-16 10:04 1508408 ----a-w- c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]

2011-09-08 12:27 343168 ----a-w- c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe

.

R1 MpKslcf43e37b;MpKslcf43e37b;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C8E55227-37B9-48FB-803E-73C31FC82541}\MpKslcf43e37b.sys [x]

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2011-04-18 43392]

R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2011-04-27 65024]

R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 208944]

R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 15872]

R3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]

R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]

R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]

R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-10-25 1343400]

S0 hotcore3;hc3ServiceName;c:\windows\system32\DRIVERS\hotcore3.sys [2010-07-13 40560]

S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2010-12-21 115008]

S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-09-08 176128]

S2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [2010-12-21 137144]

S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2011-01-12 810144]

S2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys [2010-12-21 95384]

S2 HDD & SSD access service;HDD & SSD access service;c:\program files\Common Files\BinarySense\disksvc.exe [2009-04-20 205976]

S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\LogMeIn\x86\LMIGuardianSvc.exe [2012-01-31 374152]

S2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\RaInfo.sys [2011-09-16 12856]

S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-13 652360]

S2 NIHardwareService;NIHardwareService;c:\program files\Common Files\Native Instruments\Hardware\NIHardwareService.exe [2011-04-07 3857408]

S2 UMVPFSrv;UMVPFSrv;c:\program files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2012-01-18 450848]

S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2011-09-08 8606208]

S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2011-09-08 248832]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-12-10 20464]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-07-13 139776]

.

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - WS2IFSL

.

Contents of the 'Scheduled Tasks' folder

.

2012-03-31 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1701530913-2192808265-494866498-1000Core.job

- c:\users\Kartac\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-10-28 17:56]

.

2012-04-01 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1701530913-2192808265-494866498-1000UA.job

- c:\users\Kartac\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-10-28 17:56]

.

2012-03-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1701530913-2192808265-494866498-1000Core.job

- c:\users\Kartac\AppData\Local\Google\Update\GoogleUpdate.exe [2011-10-23 00:12]

.

2012-04-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1701530913-2192808265-494866498-1000UA.job

- c:\users\Kartac\AppData\Local\Google\Update\GoogleUpdate.exe [2011-10-23 00:12]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.searchnu.com/406

mStart Page = hxxp://www.google.com

uInternet Settings,ProxyServer = http=;ftp=;https=;

IE: Download with iphone-transfer-platinum - c:\program files\ImTOO\iPhone Transfer Platinum\upod_link.HTM

IE: Download with Xilisoft YouTube Video Converter - c:\program files\Xilisoft\YouTube Video Converter\upod_link.HTM

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

TCP: DhcpNameServer = 89.18.32.2 89.18.32.20

.

- - - - ORPHANS REMOVED - - - -

.

URLSearchHooks-{00000000-6E41-4FD3-8538-502F5495E5FC} - c:\program files\Ask.com\GenericAskToolbar.dll

URLSearchHooks-{51a86bb3-6602-4c85-92a5-130ee4864f13} - (no file)

BHO-{D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files\Ask.com\GenericAskToolbar.dll

Toolbar-10 - (no file)

Toolbar-{D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files\Ask.com\GenericAskToolbar.dll

WebBrowser-{51A86BB3-6602-4C85-92A5-130EE4864F13} - (no file)

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files\Ask.com\GenericAskToolbar.dll

HKCU-Run-AdobeBridge - (no file)

HKLM-Run-ApnUpdater - c:\program files\Ask.com\Updater\Updater.exe

.

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\DeviceClasses\{65E8773D-8F56-11D0-A3B9-00A0C9223196}\##?#HDAUDIO#FUNC_01&VEN_10EC&DEV_0885&SUBSYS_1458A002&REV_1001#4&808A433&0&0201#{65e8773d-8f56-11d0-a3b9-00a0c9223196}\#SkypeVoiceInWave\Device Parameters]

@DACL=(02 0000)

"FriendlyName"="Realtek Voice In Device"

"CLSID"="{17CCA71B-ECD7-11D0-B908-00A0C9223196}"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\DeviceClasses\{65E8773E-8F56-11D0-A3B9-00A0C9223196}\##?#HDAUDIO#FUNC_01&VEN_10EC&DEV_0885&SUBSYS_1458A002&REV_1001#4&808A433&0&0201#{65e8773e-8f56-11d0-a3b9-00a0c9223196}\#SkypeVoiceWave\Device Parameters]

@DACL=(02 0000)

"FriendlyName"="Realtek Voice Out Device"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?#HDAUDIO#FUNC_01&VEN_1002&DEV_AA01&SUBSYS_00AA0100&REV_1000#5&17B64151&0&0001#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\#skypevoiceintopo\Device Parameters]

@DACL=(02 0000)

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?#HDAUDIO#FUNC_01&VEN_1002&DEV_AA01&SUBSYS_00AA0100&REV_1000#5&17B64151&0&0001#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\#skypevoicetopo\Device Parameters]

@DACL=(02 0000)

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?#HDAUDIO#FUNC_01&VEN_10EC&DEV_0885&SUBSYS_1458A002&REV_1001#4&808A433&0&0201#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\#SkypeVoiceInTopo\Device Parameters]

@DACL=(02 0000)

"FriendlyName"="Realtek Voice In mixer"

"CLSID"="{17CCA71B-ECD7-11D0-B908-00A0C9223196}"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?#HDAUDIO#FUNC_01&VEN_10EC&DEV_0885&SUBSYS_1458A002&REV_1001#4&808A433&0&0201#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\#SkypeVoiceInWave\Device Parameters]

@DACL=(02 0000)

"FriendlyName"="Realtek Voice In Device"

"CLSID"="{17CCA71B-ECD7-11D0-B908-00A0C9223196}"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?#HDAUDIO#FUNC_01&VEN_10EC&DEV_0885&SUBSYS_1458A002&REV_1001#4&808A433&0&0201#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\#SkypeVoiceTopo\Device Parameters]

@DACL=(02 0000)

"FriendlyName"="Realtek Voice Out mixer"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?#HDAUDIO#FUNC_01&VEN_10EC&DEV_0885&SUBSYS_1458A002&REV_1001#4&808A433&0&0201#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\#SkypeVoiceWave\Device Parameters]

@DACL=(02 0000)

"FriendlyName"="Realtek Voice Out Device"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\DeviceClasses\{DDA54A40-1E4C-11D1-A050-405705C10000}\##?#HDAUDIO#FUNC_01&VEN_10EC&DEV_0885&SUBSYS_1458A002&REV_1001#4&808A433&0&0201#{dda54a40-1e4c-11d1-a050-405705c10000}\#SkypeVoiceInTopo\Device Parameters]

@DACL=(02 0000)

"FriendlyName"="Realtek Voice In mixer"

"CLSID"="{17CCA71B-ECD7-11D0-B908-00A0C9223196}"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\DeviceClasses\{DDA54A40-1E4C-11D1-A050-405705C10000}\##?#HDAUDIO#FUNC_01&VEN_10EC&DEV_0885&SUBSYS_1458A002&REV_1001#4&808A433&0&0201#{dda54a40-1e4c-11d1-a050-405705c10000}\#SkypeVoiceTopo\Device Parameters]

@DACL=(02 0000)

"FriendlyName"="Realtek Voice Out mixer"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'Explorer.exe'(4528)

c:\users\Kartac\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

c:\program files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll

c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL

c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_eng.nlr

c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr

c:\program files\WinSCP\DragExt.dll

.

------------------------ Other Running Processes ------------------------

.

c:\program files\Microsoft Security Client\Antimalware\MsMpEng.exe

c:\windows\system32\AUDIODG.EXE

c:\windows\system32\atieclxx.exe

c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\windows\system32\taskhost.exe

c:\program files\Bonjour\mDNSResponder.exe

c:\program files\LogMeIn\x86\RaMaint.exe

c:\program files\LogMeIn\x86\LogMeIn.exe

c:\windows\system32\conhost.exe

c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

c:\program files\Logitech\LWS\Webcam Software\CameraHelperShell.exe

c:\program files\Common Files\Logishrd\LQCVFX\COCIManager.exe

c:\program files\iPod\bin\iPodService.exe

c:\program files\Common Files\Apple\Apple Application Support\distnoted.exe

c:\windows\system32\conhost.exe

c:\program files\Windows Media Player\wmpnetwk.exe

c:\windows\servicing\TrustedInstaller.exe

.

**************************************************************************

.

Completion time: 2012-04-01 14:11:22 - machine was rebooted

ComboFix-quarantined-files.txt 2012-04-01 12:11

.

Pre-Run: 56.841.412.608 bytes free

Post-Run: 56.487.591.936 bytes free

.

- - End Of File - - A1D1471F974C08E5B185C02B1553B77E

Share this post


Link to post
Share on other sites

Please visit www.virustotal.com and upload the following file:

c:\windows\System32\user32.dll

Wait until scan finished and then copy/paste the link here.

Next, locate to C:\Qoobox and copy/paste the content of Add-Remove Programs.txt in your next reply.

Share this post


Link to post
Share on other sites

Post a new fresh DDS log files.

Share this post


Link to post
Share on other sites

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 8.0.7601.17514

Run by Kartac at 16:52:31 on 2012-04-02

Microsoft Windows 7 Ultimate 6.1.7601.1.1250.385.1033.18.2046.1113 [GMT 2:00]

.

AV: ESET NOD32 Antivirus 4.2 *Enabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}

AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}

SP: ESET NOD32 Antivirus 4.2 *Enabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}

SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe

C:\Windows\system32\atiesrxx.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\atieclxx.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Windows\system32\Dwm.exe

C:\Windows\system32\taskhost.exe

C:\Windows\Explorer.EXE

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files\Common Files\BinarySense\disksvc.exe

C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe

C:\Program Files\LogMeIn\x86\RaMaint.exe

C:\Program Files\LogMeIn\x86\LogMeIn.exe

C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe

C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe

C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe

C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files\LogMeIn\x86\LogMeInSystray.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe

C:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe

C:\Program Files\Microsoft Security Client\msseces.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Common Files\Apple\Internet Services\ubd.exe

C:\Program Files\Rainmeter\Rainmeter.exe

C:\Program Files\Common Files\Apple\Apple Application Support\distnoted.exe

C:\Windows\system32\conhost.exe

C:\Users\Kartac\AppData\Roaming\Dropbox\bin\Dropbox.exe

C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Windows\system32\svchost.exe -k bthsvcs

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Windows\system32\AUDIODG.EXE

C:\Program Files\Skype\Phone\Skype.exe

C:\Users\Kartac\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Kartac\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Kartac\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Kartac\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Windows\system32\rundll32.exe

C:\Users\Kartac\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Kartac\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\conhost.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.searchnu.com/406

mStart Page = hxxp://www.google.com

uInternet Settings,ProxyServer = http=;ftp=;https=;

BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

uRun: [HDDtemp4] c:\program files\binarysense\hddtemp4\\hddtemp4 /minimized

uRun: [Facebook Update] "c:\users\kartac\appdata\local\facebook\update\FacebookUpdate.exe" /c /nocrashserver

uRun: [MobileDocuments] c:\program files\common files\apple\internet services\ubd.exe

mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe -s

mRun: [egui] "c:\program files\eset\eset nod32 antivirus\egui.exe" /hide /waitservice

mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"

mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"

mRun: [VirtualCloneDrive] "c:\program files\elaborate bytes\virtualclonedrive\VCDDaemon.exe" /s

mRun: [googletalk] c:\program files\google\google talk\googletalk.exe /autostart

mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe"

mRun: [switchBoard] c:\program files\common files\adobe\switchboard\SwitchBoard.exe

mRun: [AdobeCS5ServiceManager] "c:\program files\common files\adobe\cs5servicemanager\CS5ServiceManager.exe" -launchedbylogin

mRun: [LWS] c:\program files\logitech\lws\webcam software\LWS.exe -hide

mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime

mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray

mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey

mRun: [NSU_agent] "c:\program files\nokia\nokia software updater\nsu3ui_agent.exe"

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [LogMeIn GUI] "c:\program files\logmein\x86\LogMeInSystray.exe"

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

StartupFolder: c:\users\kartac\appdata\roaming\micros~1\windows\startm~1\programs\startup\dropbox.lnk - c:\users\kartac\appdata\roaming\dropbox\bin\Dropbox.exe

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\rainme~1.lnk - c:\program files\rainmeter\Rainmeter.exe

mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableLUA = 0 (0x0)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

mPolicies-system: PromptOnSecureDesktop = 0 (0x0)

IE: Download with iphone-transfer-platinum - c:\program files\imtoo\iphone transfer platinum\upod_link.HTM

IE: Download with Xilisoft YouTube Video Converter - c:\program files\xilisoft\youtube video converter\upod_link.HTM

IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

TCP: DhcpNameServer = 89.18.32.2 89.18.32.20

TCP: Interfaces\{65A1A030-418A-4681-9CCD-61D089D0D10E} : DhcpNameServer = 89.18.32.2 89.18.32.20

Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll

SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

.

============= SERVICES / DRIVERS ===============

.

R0 hotcore3;hc3ServiceName;c:\windows\system32\drivers\hotcore3.sys [2011-11-27 40560]

R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2011-4-18 165648]

R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-9-8 176128]

R2 eamonm;eamonm;c:\windows\system32\drivers\eamonm.sys [2010-12-21 137144]

R2 ekrn;ESET Service;c:\program files\eset\eset nod32 antivirus\ekrn.exe [2011-1-12 810144]

R2 epfwwfpr;epfwwfpr;c:\windows\system32\drivers\epfwwfpr.sys [2010-12-21 95384]

R2 HDD & SSD access service;HDD & SSD access service;c:\program files\common files\binarysense\disksvc.exe [2009-4-20 205976]

R2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\logmein\x86\LMIGuardianSvc.exe [2012-1-31 374152]

R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\logmein\x86\rainfo.sys [2011-9-16 12856]

R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2012-3-21 47640]

R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-2-15 652360]

R2 NIHardwareService;NIHardwareService;c:\program files\common files\native instruments\hardware\NIHardwareService.exe [2011-4-7 3857408]

R2 UMVPFSrv;UMVPFSrv;c:\program files\common files\logishrd\lvmvfm\UMVPFSrv.exe [2012-1-18 450848]

R3 amdkmdag;amdkmdag;c:\windows\system32\drivers\atikmdag.sys [2011-9-8 8606208]

R3 amdkmdap;amdkmdap;c:\windows\system32\drivers\atikmpag.sys [2011-9-8 248832]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-2-15 20464]

R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2011-4-27 65024]

R3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\antimalware\NisSrv.exe [2011-4-27 208944]

R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2009-6-10 139776]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888]

S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\drivers\MpNWMon.sys [2011-4-18 43392]

S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2011-10-24 15872]

S3 SwitchBoard;SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]

S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-10-24 52224]

S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2011-10-25 1343400]

.

=============== Created Last 30 ================

.

2012-04-02 10:51:35 56200 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{276b32e2-50b0-4f55-aeda-954354ac11b6}\offreg.dll

2012-04-01 16:20:32 6582328 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{276b32e2-50b0-4f55-aeda-954354ac11b6}\mpengine.dll

2012-04-01 12:07:40 -------- d-----w- C:\$RECYCLE.BIN

2012-04-01 12:06:11 -------- d-----w- c:\users\kartac\appdata\local\temp

2012-03-30 09:41:43 -------- d--h--w- c:\windows\PIF

2012-03-29 12:51:07 -------- d-----w- c:\users\kartac\appdata\local\Ilivid Player

2012-03-29 12:50:59 -------- d-----w- c:\program files\iLivid

2012-03-29 11:55:15 -------- d-----w- c:\program files\iPod

2012-03-27 10:39:57 -------- d-----w- c:\program files\WinSCP

2012-03-21 21:03:51 -------- d-----w- c:\users\kartac\appdata\local\LogMeIn

2012-03-21 21:03:49 52096 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\LMIproc.dll

2012-03-21 21:03:49 30592 ----a-w- c:\windows\system32\LMIport.dll

2012-03-21 21:03:48 83360 ----a-w- c:\windows\system32\LMIRfsClientNP.dll

2012-03-21 21:03:48 47640 ----a-w- c:\windows\system32\drivers\LMIRfsDriver.sys

2012-03-21 21:03:45 87424 ----a-w- c:\windows\system32\LMIinit.dll

2012-03-21 21:03:43 -------- d-----w- c:\programdata\LogMeIn

2012-03-21 21:03:31 -------- d-----w- c:\program files\LogMeIn

2012-03-13 20:49:13 -------- d-----w- c:\users\kartac\appdata\local\{2A5F8194-83B1-4F41-B344-FFB846D534CE}

2012-03-13 20:12:46 2343424 ----a-w- c:\windows\system32\win32k.sys

2012-03-13 20:12:42 1077248 ----a-w- c:\windows\system32\DWrite.dll

2012-03-13 19:55:57 8192 ----a-w- c:\windows\system32\rdrmemptylst.exe

2012-03-13 19:55:57 129536 ----a-w- c:\windows\system32\rdpcorekmts.dll

2012-03-13 19:55:56 58880 ----a-w- c:\windows\system32\rdpwsx.dll

2012-03-13 19:55:54 919040 ----a-w- c:\windows\system32\rdpcorets.dll

2012-03-13 19:55:54 826880 ----a-w- c:\windows\system32\rdpcore.dll

2012-03-13 19:55:53 24576 ----a-w- c:\windows\system32\drivers\tdtcp.sys

2012-03-13 19:55:52 183808 ----a-w- c:\windows\system32\drivers\rdpwd.sys

2012-03-13 19:30:47 -------- d-----w- c:\program files\iTunes

2012-03-09 16:03:33 -------- d-----w- c:\users\kartac\appdata\local\libimobiledevice

2012-03-08 19:24:47 -------- d-----w- c:\users\kartac\appdata\roaming\MusicBee

2012-03-08 19:17:10 -------- d-----w- c:\users\kartac\appdata\local\Luminescence_Software

2012-03-08 18:48:09 -------- d-----w- c:\users\kartac\appdata\local\MediaMonkey

2012-03-08 18:48:01 -------- d-----w- c:\users\kartac\appdata\roaming\MediaMonkey

2012-03-08 18:47:42 -------- d-----w- c:\programdata\MediaMonkey

2012-03-08 18:47:34 -------- d-----w- c:\program files\MediaMonkey

2012-03-08 18:35:33 -------- d-----w- c:\program files\TagScanner

2012-03-08 18:35:20 -------- d-----w- c:\users\kartac\appdata\roaming\TagJet

2012-03-08 18:25:49 -------- d-----w- c:\program files\TagJet

2012-03-07 12:24:18 -------- d-----w- c:\users\kartac\appdata\roaming\Nokia Suite

2012-03-07 12:03:25 -------- d-----w- c:\users\kartac\appdata\roaming\libimobiledevice

2012-03-07 11:36:05 -------- d-----w- c:\users\kartac\appdata\roaming\ImTOO

2012-03-07 11:34:15 -------- d-----w- c:\programdata\ImTOO

2012-03-07 11:34:15 -------- d-----w- c:\program files\ImTOO

2012-03-06 20:12:38 -------- d-----w- c:\users\kartac\appdata\local\NokiaAccount

2012-03-06 20:08:22 -------- d-----w- c:\programdata\Nokia

2012-03-06 20:07:25 -------- d-----w- c:\programdata\NokiaInstallerCache

2012-03-06 19:56:20 -------- d-----w- c:\program files\MSXML 4.0

2012-03-06 19:56:13 -------- d-----w- c:\program files\PC Connectivity Solution

2012-03-06 19:55:25 73728 ----a-r- c:\users\kartac\appdata\roaming\microsoft\installer\{7130468a-f53f-4698-8c09-a339ea3b05e6}\NewShortcut47_74B9CE5DF1F4447F982DCA29A461B529.exe

2012-03-06 19:55:25 73728 ----a-r- c:\users\kartac\appdata\roaming\microsoft\installer\{7130468a-f53f-4698-8c09-a339ea3b05e6}\NewShortcut46_74B9CE5DF1F4447F982DCA29A461B529.exe

2012-03-06 19:55:25 53248 ----a-r- c:\users\kartac\appdata\roaming\microsoft\installer\{7130468a-f53f-4698-8c09-a339ea3b05e6}\ARPPRODUCTICON.exe

2012-03-06 19:55:25 49152 ----a-r- c:\users\kartac\appdata\roaming\microsoft\installer\{7130468a-f53f-4698-8c09-a339ea3b05e6}\Uninstall_QA_OTI_H_FE5D756F71E147C4972AD6775344B40B.exe

2012-03-06 19:55:25 49152 ----a-r- c:\users\kartac\appdata\roaming\microsoft\installer\{7130468a-f53f-4698-8c09-a339ea3b05e6}\NewShortcut2_1C7B7089989A424FB39D41A32581C775.exe

2012-03-06 19:55:21 -------- d-----w- c:\users\kartac\appdata\local\Nokia

2012-03-06 19:19:43 -------- d-----w- c:\program files\common files\PCSuite

2012-03-06 19:19:38 -------- d-----w- c:\program files\common files\Nokia

2012-03-06 19:19:33 18816 ----a-w- c:\windows\system32\drivers\pccsmcfd.sys

2012-03-06 19:19:09 75264 ----a-w- c:\windows\system32\nmwcdcls.dll

2012-03-06 19:19:08 -------- d-----w- c:\program files\Nokia

2012-03-04 09:39:10 6582328 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll

.

==================== Find3M ====================

.

2012-03-12 17:34:38 472808 ----a-w- c:\windows\system32\deployJava1.dll

2012-02-29 15:22:07 16400 ----a-w- c:\windows\system32\drivers\LNonPnP.sys

2012-02-15 10:01:50 4547944 ----a-w- c:\windows\system32\usbaaplrc.dll

2012-02-15 10:01:50 43520 ----a-w- c:\windows\system32\drivers\usbaapl.sys

2012-01-29 04:10:42 237072 ------w- c:\windows\system32\MpSigStub.exe

2012-01-18 06:44:52 540960 ----a-w- c:\windows\system32\LVUI2RC.dll

2012-01-18 06:44:52 4332960 ----a-w- c:\windows\system32\drivers\LVUVC.sys

2012-01-18 06:44:40 545056 ----a-w- c:\windows\system32\LVUI2.dll

2012-01-18 06:44:28 312096 ----a-w- c:\windows\system32\drivers\lvrs.sys

2012-01-18 06:44:26 307488 ----a-w- c:\windows\system32\LVCodec2.dll

2012-01-18 06:44:26 196896 ----a-w- c:\windows\system32\lvci13311044.dll

2012-01-18 06:44:00 336408 ----a-w- c:\windows\system32\DevManagerCore.dll

2012-01-18 06:44:00 10920984 ----a-w- c:\windows\system32\LogiDPP.dll

2012-01-18 06:44:00 104472 ----a-w- c:\windows\system32\LogiDPPApp.exe

2012-01-09 16:28:20 8192 ----a-w- c:\windows\system32\drivers\usbser_lowerfltj.sys

2012-01-09 16:28:20 8192 ----a-w- c:\windows\system32\drivers\usbser_lowerflt.sys

2012-01-09 16:28:20 23168 ----a-w- c:\windows\system32\drivers\ccdcmbo.sys

2012-01-09 16:28:20 18176 ----a-w- c:\windows\system32\drivers\ccdcmb.sys

.

============= FINISH: 16:53:15,81 ===============

Share this post


Link to post
Share on other sites

Did you uninstall Microsoft Security Essentials or ESET NOD32 Antivirus?

Share this post


Link to post
Share on other sites

No I didn't because if have licensed ESET and I found Microfost Securitiy Essentials very usefull!Should I uninstall it or ?

Share this post


Link to post
Share on other sites

" If you have a license for NOD32 leave it, if not I suggest you to uninstall it and to keep Microsoft Security Essentials."Thats why you said so I have listened for what you said and left my NOD32 because I have license for it!

Share this post


Link to post
Share on other sites

But why don't you uninstall Microsoft Security Essentials? Uninstall it, delete your copy of ComboFix, download a new fresh one and run it again. Post the log file in your next reply.

Share this post


Link to post
Share on other sites

ComboFix 12-04-02.01 - Kartac 3.04.2012. 21:44:07.2.2 - x86

Microsoft Windows 7 Ultimate 6.1.7601.1.1250.385.1033.18.2046.1444 [GMT 2:00]

Running from: c:\users\Kartac\Downloads\ComboFix.exe

AV: ESET NOD32 Antivirus 4.2 *Disabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}

SP: ESET NOD32 Antivirus 4.2 *Disabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}

SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

* Created a new restore point

.

.

((((((((((((((((((((((((( Files Created from 2012-03-03 to 2012-04-03 )))))))))))))))))))))))))))))))

.

.

2012-04-03 19:50 . 2012-04-03 19:50 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-03-30 09:41 . 2012-03-30 09:41 -------- d--h--w- c:\windows\PIF

2012-03-29 12:51 . 2012-03-29 12:51 -------- d-----w- c:\users\Kartac\AppData\Local\Ilivid Player

2012-03-29 12:50 . 2012-03-29 12:55 -------- d-----w- c:\program files\iLivid

2012-03-29 11:55 . 2012-03-29 11:55 -------- d-----w- c:\program files\iPod

2012-03-27 10:39 . 2012-03-27 10:39 -------- d-----w- c:\program files\WinSCP

2012-03-21 21:05 . 2012-03-21 21:05 -------- d-----w- c:\users\LogMeInRemoteUser

2012-03-21 21:03 . 2012-03-21 21:03 -------- d-----w- c:\users\Kartac\AppData\Local\LogMeIn

2012-03-21 21:03 . 2012-01-31 20:30 52096 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\LMIproc.dll

2012-03-21 21:03 . 2012-01-31 20:30 30592 ----a-w- c:\windows\system32\LMIport.dll

2012-03-21 21:03 . 2012-01-31 20:30 83360 ----a-w- c:\windows\system32\LMIRfsClientNP.dll

2012-03-21 21:03 . 2011-09-16 13:10 47640 ----a-w- c:\windows\system32\drivers\LMIRfsDriver.sys

2012-03-21 21:03 . 2012-01-31 20:30 87424 ----a-w- c:\windows\system32\LMIinit.dll

2012-03-21 21:03 . 2012-04-03 08:57 -------- d-----w- c:\programdata\LogMeIn

2012-03-21 21:03 . 2012-03-22 09:48 -------- d-----w- c:\program files\LogMeIn

2012-03-13 20:12 . 2012-02-03 03:54 2343424 ----a-w- c:\windows\system32\win32k.sys

2012-03-13 20:12 . 2012-02-10 05:38 1077248 ----a-w- c:\windows\system32\DWrite.dll

2012-03-13 19:55 . 2012-01-25 05:32 129536 ----a-w- c:\windows\system32\rdpcorekmts.dll

2012-03-13 19:55 . 2012-01-25 05:27 8192 ----a-w- c:\windows\system32\rdrmemptylst.exe

2012-03-13 19:55 . 2012-01-25 05:32 58880 ----a-w- c:\windows\system32\rdpwsx.dll

2012-03-13 19:55 . 2012-02-17 05:34 919040 ----a-w- c:\windows\system32\rdpcorets.dll

2012-03-13 19:55 . 2012-02-17 05:34 826880 ----a-w- c:\windows\system32\rdpcore.dll

2012-03-13 19:55 . 2012-02-17 04:13 24576 ----a-w- c:\windows\system32\drivers\tdtcp.sys

2012-03-13 19:55 . 2012-02-17 04:14 183808 ----a-w- c:\windows\system32\drivers\rdpwd.sys

2012-03-13 19:30 . 2012-03-29 11:56 -------- d-----w- c:\program files\iTunes

2012-03-12 17:34 . 2012-03-12 17:34 -------- d-----w- c:\program files\Common Files\Java

2012-03-09 16:03 . 2012-03-09 16:03 -------- d-----w- c:\users\Kartac\AppData\Local\libimobiledevice

2012-03-08 19:24 . 2012-03-08 19:27 -------- d-----w- c:\users\Kartac\AppData\Roaming\MusicBee

2012-03-08 19:17 . 2012-03-08 19:19 -------- d-----w- c:\users\Kartac\AppData\Local\Luminescence_Software

2012-03-08 18:48 . 2012-03-08 18:48 -------- d-----w- c:\users\Kartac\AppData\Local\MediaMonkey

2012-03-08 18:48 . 2012-03-11 14:44 -------- d-----w- c:\users\Kartac\AppData\Roaming\MediaMonkey

2012-03-08 18:47 . 2012-03-08 18:47 -------- d-----w- c:\programdata\MediaMonkey

2012-03-08 18:47 . 2012-03-08 19:04 -------- d-----w- c:\program files\MediaMonkey

2012-03-08 18:35 . 2012-03-08 18:44 -------- d-----w- c:\program files\TagScanner

2012-03-08 18:35 . 2012-03-08 18:35 -------- d-----w- c:\users\Kartac\AppData\Roaming\TagJet

2012-03-08 18:25 . 2012-03-08 18:46 -------- d-----w- c:\program files\TagJet

2012-03-07 12:24 . 2012-03-07 12:24 -------- d-----w- c:\users\Kartac\AppData\Roaming\Nokia Suite

2012-03-07 12:03 . 2012-03-07 12:03 -------- d-----w- c:\users\Kartac\AppData\Roaming\libimobiledevice

2012-03-07 11:36 . 2012-03-07 11:53 -------- d-----w- c:\users\Kartac\AppData\Roaming\ImTOO

2012-03-07 11:34 . 2012-03-07 11:52 -------- d-----w- c:\programdata\ImTOO

2012-03-07 11:34 . 2012-03-07 11:52 -------- d-----w- c:\program files\ImTOO

2012-03-06 20:08 . 2012-03-06 20:08 -------- d-----w- c:\programdata\Nokia

2012-03-06 19:56 . 2012-03-06 19:56 -------- d-----w- c:\program files\MSXML 4.0

2012-03-06 19:56 . 2012-03-06 19:56 -------- d-----w- c:\program files\PC Connectivity Solution

2012-03-06 19:55 . 2012-03-06 19:55 73728 ----a-r- c:\users\Kartac\AppData\Roaming\Microsoft\Installer\{7130468A-F53F-4698-8C09-A339EA3B05E6}\NewShortcut47_74B9CE5DF1F4447F982DCA29A461B529.exe

2012-03-06 19:55 . 2012-03-06 19:55 73728 ----a-r- c:\users\Kartac\AppData\Roaming\Microsoft\Installer\{7130468A-F53F-4698-8C09-A339EA3B05E6}\NewShortcut46_74B9CE5DF1F4447F982DCA29A461B529.exe

2012-03-06 19:55 . 2012-03-06 19:55 53248 ----a-r- c:\users\Kartac\AppData\Roaming\Microsoft\Installer\{7130468A-F53F-4698-8C09-A339EA3B05E6}\ARPPRODUCTICON.exe

2012-03-06 19:55 . 2012-03-06 19:55 49152 ----a-r- c:\users\Kartac\AppData\Roaming\Microsoft\Installer\{7130468A-F53F-4698-8C09-A339EA3B05E6}\Uninstall_QA_OTI_H_FE5D756F71E147C4972AD6775344B40B.exe

2012-03-06 19:55 . 2012-03-06 19:55 49152 ----a-r- c:\users\Kartac\AppData\Roaming\Microsoft\Installer\{7130468A-F53F-4698-8C09-A339EA3B05E6}\NewShortcut2_1C7B7089989A424FB39D41A32581C775.exe

2012-03-06 19:55 . 2012-03-06 20:09 -------- d-----w- c:\users\Kartac\AppData\Local\Nokia

2012-03-06 19:20 . 2012-03-07 12:24 -------- d-----w- c:\users\Kartac\AppData\Roaming\Nokia

2012-03-06 19:20 . 2012-03-06 19:34 -------- d-----w- c:\users\Kartac\AppData\Roaming\PC Suite

2012-03-06 19:20 . 2012-03-06 19:25 -------- d-----w- c:\programdata\PC Suite

2012-03-06 19:19 . 2012-03-06 19:19 -------- d-----w- c:\program files\Common Files\PCSuite

2012-03-06 19:19 . 2012-03-06 19:55 -------- d-----w- c:\program files\Common Files\Nokia

2012-03-06 19:19 . 2012-03-06 19:19 -------- d-----w- c:\program files\DIFX

2012-03-06 19:19 . 2008-08-26 08:26 18816 ----a-w- c:\windows\system32\drivers\pccsmcfd.sys

2012-03-06 19:19 . 2012-01-09 16:28 75264 ----a-w- c:\windows\system32\nmwcdcls.dll

2012-03-06 19:19 . 2012-03-06 20:08 -------- d-----w- c:\program files\Nokia

2012-03-06 19:18 . 2012-03-06 19:39 -------- d-----w- c:\programdata\Installations

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-03-12 17:34 . 2011-12-22 22:49 472808 ----a-w- c:\windows\system32\deployJava1.dll

2012-02-29 15:22 . 2012-02-29 15:22 16400 ----a-w- c:\windows\system32\drivers\LNonPnP.sys

2012-02-15 10:01 . 2012-02-15 10:01 4547944 ----a-w- c:\windows\system32\usbaaplrc.dll

2012-02-15 10:01 . 2012-02-15 10:01 43520 ----a-w- c:\windows\system32\drivers\usbaapl.sys

2012-01-29 04:10 . 2011-10-22 19:15 237072 ------w- c:\windows\system32\MpSigStub.exe

2012-01-18 06:44 . 2011-08-19 09:26 540960 ----a-w- c:\windows\system32\LVUI2RC.dll

2012-01-18 06:44 . 2011-08-19 09:26 4332960 ----a-w- c:\windows\system32\drivers\LVUVC.sys

2012-01-18 06:44 . 2011-08-19 09:26 545056 ----a-w- c:\windows\system32\LVUI2.dll

2012-01-18 06:44 . 2012-01-18 06:44 312096 ----a-w- c:\windows\system32\drivers\lvrs.sys

2012-01-18 06:44 . 2012-01-18 06:44 196896 ----a-w- c:\windows\system32\lvci13311044.dll

2012-01-18 06:44 . 2011-08-19 09:26 307488 ----a-w- c:\windows\system32\LVCodec2.dll

2012-01-18 06:44 . 2012-01-18 06:44 336408 ----a-w- c:\windows\system32\DevManagerCore.dll

2012-01-18 06:44 . 2012-01-18 06:44 10920984 ----a-w- c:\windows\system32\LogiDPP.dll

2012-01-18 06:44 . 2012-01-18 06:44 104472 ----a-w- c:\windows\system32\LogiDPPApp.exe

2012-01-09 16:28 . 2012-01-09 16:28 8192 ----a-w- c:\windows\system32\drivers\usbser_lowerfltj.sys

2012-01-09 16:28 . 2012-01-09 16:28 8192 ----a-w- c:\windows\system32\drivers\usbser_lowerflt.sys

2012-01-09 16:28 . 2012-01-09 16:28 23168 ----a-w- c:\windows\system32\drivers\ccdcmbo.sys

2012-01-09 16:28 . 2012-01-09 16:28 18176 ----a-w- c:\windows\system32\drivers\ccdcmb.sys

2012-01-06 04:19 . 2012-02-14 20:38 6557240 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{3B71B5D3-ABFC-4145-90FB-2DFD01A89858}\mpengine.dll

.

.

------- Sigcheck -------

Note: Unsigned files aren't necessarily malware.

.

[-] 2011-10-25 . 7BD7F45FF37FA0669CD32CA0EF46E22C . 811520 . . [6.1.7601.17514] . . c:\windows\System32\user32.dll

[7] 2010-11-20 . F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 . 811520 . . [6.1.7601.17514] . . c:\windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_cf3fd62ccb9e983d\user32.dll

[7] 2009-07-14 . 34B7E222E81FAFA885F0C5F2CFA56861 . 811520 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2011-12-05 19:17 94208 ----a-w- c:\users\Kartac\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2011-12-05 19:17 94208 ----a-w- c:\users\Kartac\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2011-12-05 19:17 94208 ----a-w- c:\users\Kartac\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]

@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]

2011-12-05 19:17 94208 ----a-w- c:\users\Kartac\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"HDDtemp4"="c:\program files\BinarySense\HDDTemp4\\hddtemp4" [X]

"Facebook Update"="c:\users\Kartac\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2011-10-28 137536]

"MobileDocuments"="c:\program files\Common Files\Apple\Internet Services\ubd.exe" [2012-02-23 59240]

"VoipBuster"="c:\program files\VoipBuster.com\VoipBuster\VoipBuster.exe" [2012-03-21 17834880]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2011-08-09 10807912]

"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2011-01-12 2219184]

"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240]

"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]

"VirtualCloneDrive"="c:\program files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2011-03-07 89456]

"googletalk"="c:\program files\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]

"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]

"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]

"AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-07-22 402432]

"LWS"="c:\program files\Logitech\LWS\Webcam Software\LWS.exe" [2011-11-11 205336]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888]

"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]

"NSU_agent"="c:\program files\Nokia\Nokia Software Updater\nsu3ui_agent.exe" [2012-02-28 190768]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]

"LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2011-09-16 63048]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-03-27 421736]

.

c:\users\Kartac\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Dropbox.lnk - c:\users\Kartac\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-2-15 24246216]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Rainmeter.lnk - c:\program files\Rainmeter\Rainmeter.exe [2011-11-13 100352]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 0 (0x0)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]

2011-09-27 19:03 66328 ----a-w- c:\program files\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

[HKLM\~\startupfolder\C:^Users^Kartac^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^MagicDisc.lnk]

path=c:\users\Kartac\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagicDisc.lnk

backup=c:\windows\pss\MagicDisc.lnk.Startup

backupExtension=.Startup

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EvtMgr6]

2011-10-07 09:40 1387288 ----a-w- c:\program files\Logitech\SetPointP\SetPoint.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaSuite.exe]

2012-01-10 17:36 1083264 ----a-w- c:\program files\Nokia\Nokia Suite\NokiaSuite.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]

2011-12-16 10:04 1508408 ----a-w- c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]

2011-09-08 12:27 343168 ----a-w- c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe

.

R1 MpKslcf43e37b;MpKslcf43e37b;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C8E55227-37B9-48FB-803E-73C31FC82541}\MpKslcf43e37b.sys [x]

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 15872]

R3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]

R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]

R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]

R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-10-25 1343400]

S0 hotcore3;hc3ServiceName;c:\windows\system32\DRIVERS\hotcore3.sys [2010-07-13 40560]

S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2010-12-21 115008]

S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-09-08 176128]

S2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [2010-12-21 137144]

S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2011-01-12 810144]

S2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys [2010-12-21 95384]

S2 HDD & SSD access service;HDD & SSD access service;c:\program files\Common Files\BinarySense\disksvc.exe [2009-04-20 205976]

S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\LogMeIn\x86\LMIGuardianSvc.exe [2012-01-31 374152]

S2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\RaInfo.sys [2011-09-16 12856]

S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-13 652360]

S2 NIHardwareService;NIHardwareService;c:\program files\Common Files\Native Instruments\Hardware\NIHardwareService.exe [2011-04-07 3857408]

S2 UMVPFSrv;UMVPFSrv;c:\program files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2012-01-18 450848]

S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2011-09-08 8606208]

S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2011-09-08 248832]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-12-10 20464]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-07-13 139776]

.

.

--- Other Services/Drivers In Memory ---

.

*Deregistered* - MpNWMon

*Deregistered* - NisDrv

.

Contents of the 'Scheduled Tasks' folder

.

2012-04-03 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1701530913-2192808265-494866498-1000Core.job

- c:\users\Kartac\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-10-28 17:56]

.

2012-04-03 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1701530913-2192808265-494866498-1000UA.job

- c:\users\Kartac\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-10-28 17:56]

.

2012-04-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1701530913-2192808265-494866498-1000Core.job

- c:\users\Kartac\AppData\Local\Google\Update\GoogleUpdate.exe [2011-10-23 00:12]

.

2012-04-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1701530913-2192808265-494866498-1000UA.job

- c:\users\Kartac\AppData\Local\Google\Update\GoogleUpdate.exe [2011-10-23 00:12]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.searchnu.com/406

mStart Page = hxxp://www.google.com

uInternet Settings,ProxyServer = http=;ftp=;https=;

IE: Download with iphone-transfer-platinum - c:\program files\ImTOO\iPhone Transfer Platinum\upod_link.HTM

IE: Download with Xilisoft YouTube Video Converter - c:\program files\Xilisoft\YouTube Video Converter\upod_link.HTM

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

TCP: DhcpNameServer = 89.18.32.2 89.18.32.20

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\DeviceClasses\{65E8773D-8F56-11D0-A3B9-00A0C9223196}\##?#HDAUDIO#FUNC_01&VEN_10EC&DEV_0885&SUBSYS_1458A002&REV_1001#4&808A433&0&0201#{65e8773d-8f56-11d0-a3b9-00a0c9223196}\#SkypeVoiceInWave\Device Parameters]

@DACL=(02 0000)

"FriendlyName"="Realtek Voice In Device"

"CLSID"="{17CCA71B-ECD7-11D0-B908-00A0C9223196}"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\DeviceClasses\{65E8773E-8F56-11D0-A3B9-00A0C9223196}\##?#HDAUDIO#FUNC_01&VEN_10EC&DEV_0885&SUBSYS_1458A002&REV_1001#4&808A433&0&0201#{65e8773e-8f56-11d0-a3b9-00a0c9223196}\#SkypeVoiceWave\Device Parameters]

@DACL=(02 0000)

"FriendlyName"="Realtek Voice Out Device"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?#HDAUDIO#FUNC_01&VEN_1002&DEV_AA01&SUBSYS_00AA0100&REV_1000#5&17B64151&0&0001#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\#skypevoiceintopo\Device Parameters]

@DACL=(02 0000)

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?#HDAUDIO#FUNC_01&VEN_1002&DEV_AA01&SUBSYS_00AA0100&REV_1000#5&17B64151&0&0001#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\#skypevoicetopo\Device Parameters]

@DACL=(02 0000)

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?#HDAUDIO#FUNC_01&VEN_10EC&DEV_0885&SUBSYS_1458A002&REV_1001#4&808A433&0&0201#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\#SkypeVoiceInTopo\Device Parameters]

@DACL=(02 0000)

"FriendlyName"="Realtek Voice In mixer"

"CLSID"="{17CCA71B-ECD7-11D0-B908-00A0C9223196}"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?#HDAUDIO#FUNC_01&VEN_10EC&DEV_0885&SUBSYS_1458A002&REV_1001#4&808A433&0&0201#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\#SkypeVoiceInWave\Device Parameters]

@DACL=(02 0000)

"FriendlyName"="Realtek Voice In Device"

"CLSID"="{17CCA71B-ECD7-11D0-B908-00A0C9223196}"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?#HDAUDIO#FUNC_01&VEN_10EC&DEV_0885&SUBSYS_1458A002&REV_1001#4&808A433&0&0201#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\#SkypeVoiceTopo\Device Parameters]

@DACL=(02 0000)

"FriendlyName"="Realtek Voice Out mixer"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?#HDAUDIO#FUNC_01&VEN_10EC&DEV_0885&SUBSYS_1458A002&REV_1001#4&808A433&0&0201#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\#SkypeVoiceWave\Device Parameters]

@DACL=(02 0000)

"FriendlyName"="Realtek Voice Out Device"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\DeviceClasses\{DDA54A40-1E4C-11D1-A050-405705C10000}\##?#HDAUDIO#FUNC_01&VEN_10EC&DEV_0885&SUBSYS_1458A002&REV_1001#4&808A433&0&0201#{dda54a40-1e4c-11d1-a050-405705c10000}\#SkypeVoiceInTopo\Device Parameters]

@DACL=(02 0000)

"FriendlyName"="Realtek Voice In mixer"

"CLSID"="{17CCA71B-ECD7-11D0-B908-00A0C9223196}"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\DeviceClasses\{DDA54A40-1E4C-11D1-A050-405705C10000}\##?#HDAUDIO#FUNC_01&VEN_10EC&DEV_0885&SUBSYS_1458A002&REV_1001#4&808A433&0&0201#{dda54a40-1e4c-11d1-a050-405705c10000}\#SkypeVoiceTopo\Device Parameters]

@DACL=(02 0000)

"FriendlyName"="Realtek Voice Out mixer"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'Explorer.exe'(5712)

c:\users\Kartac\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

Completion time: 2012-04-03 21:52:03

ComboFix-quarantined-files.txt 2012-04-03 19:52

ComboFix2.txt 2012-04-01 12:11

.

Pre-Run: 60.836.425.728 bytes free

Post-Run: 60.645.302.272 bytes free

.

- - End Of File - - 68A7A541B8196BF35DCDB0E1F39C80EE

Share this post


Link to post
Share on other sites

Looks good. I suggest you to make sure your MSE is up-to-date and to perform a full system scan. Let me know.

Share this post


Link to post
Share on other sites

You said I need to delete MSE so I have deleted it :D

Share this post


Link to post
Share on other sites

:D Sorry, I mean NOD32.

First April is over I guess. :D

Share this post


Link to post
Share on other sites

hehehe :D I was thinking about uninstalling my NOD32 because I found this microsoft one better and it is not anoying that much It would be a big problem because I got license for NOD for free...What do you think?Which one would you keep?

Share this post


Link to post
Share on other sites

If you prefer MSE then NOD32, just change it. That was my suggestion, but the choice is yours. :)

What needs to change is the version of NOD32. The current version is 5, but you have 4.2 . This is important because in version 5 has many important improvements. Take a look:

http://kb.eset.com/esetkb/index?page=content&id=SOLN2808&actp=search&viewlocale=en_US&searchid=1333636818609

If you want to upgrade:

http://kb.eset.com/esetkb/index?page=content&id=SOLN2476&actp=search&viewlocale=en_US&searchid=1333636858765

I found this microsoft one better

The comparisons between the antivirus programs has always been a difficult task and it is difficult to say which is better, but NOD32 has more security features. There are special test organizations involved to monitor the level of antivirus software. One such example is AV-Comparatives. You can see their tests (there are also NOD32 and MSE) here:

http://av-comparatives.org/en/comparativesreviews

it is not anoying that much

What do you mean? Because it asks you questions as to delete something or not? You can change the automatic mode and will not be asked, can be made to not show you any windows and messages. There are settings, which can be changed to your requirements. You are a licensed user and have the right to free technical support. You can ask them anything that bothers you.

Share this post


Link to post
Share on other sites

Ok thank's alot I will see what I will do about this NOD32 and MSE thing but for now everything is fine!Thank you once more!Cheers!

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

  • Recently Browsing   0 members

    No registered users viewing this page.