Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Board index Malware Removal ForumsInfected? Virus, malware, adware, ransomware, oh my!

Malware called Security Shield

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.
Topic locked

Re: Malware called Security Shield

Unread postby riva10 » February 12th, 2011, 8:19 pm

Hi Airscape,

I've completed the various tasks as listed, installed Java, ran the FixIt & TFC programmes, as well as the ESET & RSITV scans, attached below are the relevant logs.

The PC is running OK.

ESET log :

C:\Qoobox\Quarantine\C\ProgramData\e01d\32.mof.vir Win32/RogueAV.A trojan

RSIT log :

Logfile of random's system information tool 1.08 (written by random/random)
Run by Scott at 2011-02-12 20:25:49
Microsoft® Windows Vista™ Home Premium Service Pack 2
System drive C: has 215 GB (73%) free of 295 GB
Total RAM: 3001 MB (59% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 20:25:55, on 12/02/2011
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.19019)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
C:\Program Files\EgisTec Egis Software Update\EgisUpdate.exe
C:\Program Files\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\system32\igfxext.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Users\Scott\AppData\Local\Temp\RtkBtMnt.exe
C:\Program Files\Launch Manager\LManager.exe
C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe
C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Avira\AntiVir Desktop\avcenter.exe
C:\Users\Scott\Desktop\RSIT.exe
C:\Program Files\trend micro\Scott.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACA ... 5t4792x23n
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll
O2 - BHO: Bing Bar BHO - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: @C:\Program Files\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll,-100 - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll
O3 - Toolbar: Sammsoft Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [Acer ePower Management] C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
O4 - HKLM\..\Run: [EgisTecLiveUpdate] "C:\Program Files\EgisTec Egis Software Update\EgisUpdate.exe"
O4 - HKLM\..\Run: [mwlDaemon] C:\Program Files\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [LManager] C:\Program Files\Launch Manager\LManager.exe
O4 - HKLM\..\Run: [CLMLServer] "C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe"
O4 - HKLM\..\Run: [PlayMovie] "C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Skytel] C:\Program Files\Realtek\Audio\HDA\Skytel.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
O9 - Extra button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files\Windows Live\Companion\companioncore.dll
O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://download.eset.com/special/eos/OnlineScanner.cab
O18 - Protocol: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll (file missing)
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: CLHNService - Unknown owner - C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe
O23 - Service: Acer ePower Service (ePowerSvc) - Acer Incorporated - C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
O23 - Service: Google Desktop Manager 5.9.1005.12335 (GoogleDesktopManager-051210-111108) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe (file missing)
O23 - Service: MyWinLocker Service (MWLService) - Egis Technology Inc. - C:\Program Files\EgisTec\MyWinLocker 3\x86\\MWLService.exe
O23 - Service: NTI Backup Now 5 Backup Service (NTIBackupSvc) - NewTech InfoSystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
O23 - Service: NTI Backup Now 5 Scheduler Service (NTISchedulerSvc) - NewTech Infosystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe

--
End of file - 9825 bytes

======Scheduled tasks folder======

C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
C:\Windows\tasks\User_Feed_Synchronization-{2F7F2CFF-8604-4080-A4D8-03EA19D0AE37}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}]
Search Helper - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll [2010-09-22 191792]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21 439168]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9FDDE16B-836F-4806-AB1F-1455CBEFF289}]
Windows Live Messenger Companion Helper - C:\Program Files\Windows Live\Companion\companioncore.dll [2010-09-22 393600]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2009-12-25 263280]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll [2010-09-10 842296]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d2ce3e00-f94a-4740-988e-03dc2f38c34f}]
Bing Bar BHO - C:\Program Files\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll [2010-09-22 612616]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
Sammsoft Toolbar - C:\Program Files\Ask.com\GenericAskToolbar.dll [2010-09-28 1400712]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2011-02-12 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2009-12-25 263280]
{8dcb7100-df86-4384-8842-8fa844297b3f} - @C:\Program Files\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll,-100 - C:\Program Files\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll [2010-09-22 612616]
{D4027C7F-154A-4066-A1AD-4243D8127440} - Sammsoft Toolbar - C:\Program Files\Ask.com\GenericAskToolbar.dll [2010-09-28 1400712]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"=C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [2009-02-11 6724128]
"Google Desktop Search"=C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2010-08-18 30192]
"Acer ePower Management"=C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [2009-06-23 703008]
"EgisTecLiveUpdate"=C:\Program Files\EgisTec Egis Software Update\EgisUpdate.exe [2009-05-13 199464]
"mwlDaemon"=C:\Program Files\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe [2009-05-14 345384]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2008-06-12 34672]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2009-01-09 1418536]
"LManager"=C:\Program Files\Launch Manager\LManager.exe [2009-06-16 1131016]
"CLMLServer"=C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe [2009-05-05 206120]
"PlayMovie"=C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe [2009-05-04 173288]
"GrooveMonitor"=C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2008-10-25 31072]
"Skytel"=C:\Program Files\Realtek\Audio\HDA\Skytel.exe [2009-02-11 1833504]
"IgfxTray"=C:\Windows\system32\igfxtray.exe [2010-08-25 136216]
"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2010-08-25 171032]
"Persistence"=C:\Windows\system32\igfxpers.exe [2010-08-25 170520]
"Malwarebytes' Anti-Malware (reboot)"=C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe [2010-12-20 963976]
"avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2011-01-10 281768]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-05-14 248552]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2009-12-25 39408]
"msnmsgr"=C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2010-09-22 4240760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="C:\PROGRA~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\Windows\system32\igfxdev.dll [2010-08-25 228864]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"= []

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorUser"=2
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"BindDirectlyToPropertySetStorage"=0
"NoDrives"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1

======List of files/folders created in the last 1 months======

2011-02-12 19:07:39 ----D---- C:\Program Files\ESET
2011-02-12 18:30:27 ----D---- C:\ProgramData\Sun
2011-02-12 18:30:26 ----D---- C:\Program Files\Common Files\Java
2011-02-12 18:28:34 ----A---- C:\Windows\system32\javaws.exe
2011-02-12 18:28:34 ----A---- C:\Windows\system32\javaw.exe
2011-02-12 18:28:34 ----A---- C:\Windows\system32\java.exe
2011-02-12 18:28:34 ----A---- C:\Windows\system32\deployJava1.dll
2011-02-12 18:27:51 ----D---- C:\Program Files\Java
2011-02-11 06:23:49 ----D---- C:\Windows\temp
2011-02-10 18:56:20 ----SHD---- C:\$RECYCLE.BIN
2011-02-10 18:56:15 ----A---- C:\ComboFix.txt
2011-02-10 18:48:52 ----A---- C:\Windows\zip.exe
2011-02-10 18:48:52 ----A---- C:\Windows\SWSC.exe
2011-02-10 18:48:52 ----A---- C:\Windows\SWREG.exe
2011-02-10 18:48:52 ----A---- C:\Windows\sed.exe
2011-02-10 18:48:52 ----A---- C:\Windows\PEV.exe
2011-02-10 18:48:52 ----A---- C:\Windows\NIRCMD.exe
2011-02-10 18:48:52 ----A---- C:\Windows\MBR.exe
2011-02-10 18:48:52 ----A---- C:\Windows\grep.exe
2011-02-10 18:48:48 ----D---- C:\Windows\ERDNT
2011-02-10 18:48:47 ----D---- C:\ComboFix
2011-02-10 18:48:29 ----A---- C:\Windows\SWXCACLS.exe
2011-02-10 18:41:47 ----D---- C:\Qoobox
2011-02-10 18:38:02 ----D---- C:\Users\Scott\AppData\Roaming\Avira
2011-02-10 18:25:05 ----A---- C:\Windows\system32\win32k.sys
2011-02-10 18:25:00 ----A---- C:\Windows\system32\ntkrnlpa.exe
2011-02-10 18:25:00 ----A---- C:\Windows\system32\ntdll.dll
2011-02-10 18:24:59 ----A---- C:\Windows\system32\ntoskrnl.exe
2011-02-10 18:24:49 ----A---- C:\Windows\system32\XpsRasterService.dll
2011-02-10 18:24:49 ----A---- C:\Windows\system32\XpsPrint.dll
2011-02-10 18:24:49 ----A---- C:\Windows\system32\XpsGdiConverter.dll
2011-02-10 18:24:49 ----A---- C:\Windows\system32\MFH264Dec.dll
2011-02-10 18:24:49 ----A---- C:\Windows\system32\FntCache.dll
2011-02-10 18:24:49 ----A---- C:\Windows\system32\DWrite.dll
2011-02-10 18:24:49 ----A---- C:\Windows\system32\d3d10warp.dll
2011-02-10 18:24:49 ----A---- C:\Windows\system32\d2d1.dll
2011-02-10 18:24:48 ----A---- C:\Windows\system32\xpsservices.dll
2011-02-10 18:24:48 ----A---- C:\Windows\system32\OpcServices.dll
2011-02-10 18:24:48 ----A---- C:\Windows\system32\mfreadwrite.dll
2011-02-10 18:24:48 ----A---- C:\Windows\system32\mfmp4src.dll
2011-02-10 18:24:48 ----A---- C:\Windows\system32\MFHEAACdec.dll
2011-02-10 18:24:48 ----A---- C:\Windows\system32\drivers\dxgkrnl.sys
2011-02-10 18:24:47 ----A---- C:\Windows\system32\shdocvw.dll
2011-02-10 18:24:47 ----A---- C:\Windows\system32\printfilterpipelinesvc.exe
2011-02-10 18:24:47 ----A---- C:\Windows\system32\mf.dll
2011-02-10 18:24:47 ----A---- C:\Windows\system32\dxgi.dll
2011-02-10 18:24:47 ----A---- C:\Windows\system32\d3d10core.dll
2011-02-10 18:24:47 ----A---- C:\Windows\system32\d3d10_1core.dll
2011-02-10 18:24:47 ----A---- C:\Windows\system32\d3d10_1.dll
2011-02-10 18:24:47 ----A---- C:\Windows\system32\d3d10.dll
2011-02-10 18:24:46 ----A---- C:\Windows\system32\stobject.dll
2011-02-10 18:24:46 ----A---- C:\Windows\system32\mfplat.dll
2011-02-10 18:24:46 ----A---- C:\Windows\system32\d3d10level9.dll
2011-02-10 18:24:45 ----A---- C:\Windows\system32\printfilterpipelineprxy.dll
2011-02-10 18:24:45 ----A---- C:\Windows\system32\mfps.dll
2011-02-10 18:24:45 ----A---- C:\Windows\system32\cdd.dll
2011-02-10 18:24:35 ----A---- C:\Windows\system32\mshtml.dll
2011-02-10 18:24:35 ----A---- C:\Windows\system32\ieframe.dll
2011-02-10 18:24:34 ----A---- C:\Windows\system32\wininet.dll
2011-02-10 18:24:34 ----A---- C:\Windows\system32\urlmon.dll
2011-02-10 18:24:34 ----A---- C:\Windows\system32\occache.dll
2011-02-10 18:24:34 ----A---- C:\Windows\system32\mstime.dll
2011-02-10 18:24:34 ----A---- C:\Windows\system32\msfeeds.dll
2011-02-10 18:24:34 ----A---- C:\Windows\system32\iertutil.dll
2011-02-10 18:24:34 ----A---- C:\Windows\system32\iedkcs32.dll
2011-02-10 18:24:33 ----A---- C:\Windows\system32\mshtmled.dll
2011-02-10 18:24:33 ----A---- C:\Windows\system32\msfeedssync.exe
2011-02-10 18:24:33 ----A---- C:\Windows\system32\msfeedsbs.dll
2011-02-10 18:24:33 ----A---- C:\Windows\system32\licmgr10.dll
2011-02-10 18:24:33 ----A---- C:\Windows\system32\jsproxy.dll
2011-02-10 18:24:33 ----A---- C:\Windows\system32\ieUnatt.exe
2011-02-10 18:24:33 ----A---- C:\Windows\system32\ieui.dll
2011-02-10 18:24:33 ----A---- C:\Windows\system32\iesysprep.dll
2011-02-10 18:24:33 ----A---- C:\Windows\system32\iesetup.dll
2011-02-10 18:24:33 ----A---- C:\Windows\system32\iernonce.dll
2011-02-10 18:24:33 ----A---- C:\Windows\system32\iepeers.dll
2011-02-10 18:24:33 ----A---- C:\Windows\system32\ie4uinit.exe
2011-02-10 18:24:31 ----A---- C:\Windows\system32\shell32.dll
2011-02-10 18:24:30 ----A---- C:\Windows\system32\shlwapi.dll
2011-02-10 18:24:28 ----A---- C:\Windows\system32\atmlib.dll
2011-02-10 18:24:28 ----A---- C:\Windows\system32\atmfd.dll
2011-02-06 11:08:13 ----D---- C:\rsit
2011-02-06 11:08:13 ----D---- C:\Program Files\trend micro
2011-02-06 11:04:37 ----A---- C:\Windows\system32\drivers\ssmdrv.sys
2011-02-06 11:04:36 ----D---- C:\ProgramData\Avira
2011-02-06 11:04:36 ----D---- C:\Program Files\Avira
2011-02-06 11:04:36 ----A---- C:\Windows\system32\drivers\avipbb.sys
2011-02-06 11:04:36 ----A---- C:\Windows\system32\drivers\avgntflt.sys
2011-02-06 10:43:58 ----D---- C:\Users\Scott\AppData\Roaming\Malwarebytes
2011-02-06 10:43:36 ----D---- C:\ProgramData\Malwarebytes
2011-02-06 10:43:36 ----A---- C:\Windows\system32\drivers\mbamswissarmy.sys
2011-02-06 10:43:33 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2011-02-06 10:43:33 ----A---- C:\Windows\system32\drivers\mbam.sys
2011-02-06 09:52:17 ----D---- C:\Windows\system32\x64
2011-02-03 20:01:25 ----D---- C:\Program Files\CCleaner
2011-02-01 22:53:59 ----D---- C:\ProgramData\PC Tools
2011-02-01 10:44:52 ----D---- C:\Program Files\Ask.com

======List of files/folders modified in the last 1 months======

2011-02-12 19:07:40 ----SD---- C:\Windows\Downloaded Program Files
2011-02-12 19:07:39 ----RD---- C:\Program Files
2011-02-12 19:06:18 ----D---- C:\Windows\System32
2011-02-12 19:06:18 ----D---- C:\Windows\inf
2011-02-12 19:06:18 ----A---- C:\Windows\system32\PerfStringBackup.INI
2011-02-12 18:53:50 ----SHD---- C:\Windows\Installer
2011-02-12 18:53:34 ----D---- C:\Config.Msi
2011-02-12 18:53:06 ----SHD---- C:\System Volume Information
2011-02-12 18:41:33 ----D---- C:\Windows\rescache
2011-02-12 18:36:51 ----D---- C:\Windows\system32\drivers\etc
2011-02-12 18:30:27 ----D---- C:\ProgramData
2011-02-12 18:30:26 ----D---- C:\Program Files\Common Files
2011-02-11 07:10:00 ----HD---- C:\Windows\system32\GroupPolicy
2011-02-11 06:47:14 ----D---- C:\Windows\winsxs
2011-02-11 06:37:06 ----D---- C:\Windows\system32\catroot
2011-02-11 06:34:23 ----D---- C:\Program Files\Windows Mail
2011-02-11 06:34:21 ----D---- C:\Windows\system32\migration
2011-02-11 06:34:21 ----D---- C:\Windows\system32\drivers
2011-02-11 06:34:21 ----D---- C:\Program Files\Internet Explorer
2011-02-11 06:29:50 ----D---- C:\Windows\Debug
2011-02-11 06:29:49 ----A---- C:\Windows\system32\mrt.exe
2011-02-11 06:29:02 ----D---- C:\ProgramData\Microsoft Help
2011-02-11 06:23:49 ----D---- C:\Windows
2011-02-10 18:54:51 ----A---- C:\Windows\system.ini
2011-02-10 18:52:36 ----D---- C:\Windows\AppPatch
2011-02-10 18:24:12 ----D---- C:\Windows\system32\catroot2
2011-02-10 18:23:33 ----D---- C:\ProgramData\AVG10
2011-02-10 18:23:33 ----D---- C:\ProgramData\AVG Security Toolbar
2011-02-06 10:56:10 ----D---- C:\Windows\system
2011-02-06 10:23:08 ----D---- C:\ProgramData\McAfee
2011-02-06 10:23:08 ----D---- C:\Program Files\McAfee
2011-02-03 21:42:20 ----D---- C:\Windows\system32\WDI
2011-02-03 21:12:35 ----D---- C:\Windows\Prefetch
2011-02-03 20:29:57 ----D---- C:\ProgramData\MFAData
2011-02-03 19:45:17 ----D---- C:\Windows\Logs
2011-02-02 09:56:22 ----D---- C:\Windows\system32\Tasks

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 avipbb;avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [2011-01-10 135096]
R1 DPMemGridVista;Physical Memory I/O for GridVista; \??\C:\Program Files\GridVista\DPMemGridVista.sys [2008-10-01 10504]
R1 mwlPSDFilter;mwlPSDFilter; C:\Windows\system32\DRIVERS\mwlPSDFilter.sys [2008-12-04 19504]
R1 mwlPSDNServ;mwlPSDNServ; C:\Windows\system32\DRIVERS\mwlPSDNServ.sys [2008-12-04 16432]
R1 mwlPSDVDisk;mwlPSDVDisk; C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys [2008-12-04 59952]
R1 ssmdrv;ssmdrv; C:\Windows\system32\DRIVERS\ssmdrv.sys [2010-06-17 28520]
R2 avgntflt;avgntflt; C:\Windows\system32\DRIVERS\avgntflt.sys [2011-01-10 61960]
R3 athr;Atheros Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athr.sys [2009-06-23 1181184]
R3 DKbFltr;Dritek Keyboard Filter Driver; C:\Windows\system32\DRIVERS\DKbFltr.sys [2009-03-26 21000]
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd32.sys [2010-08-25 9024512]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2009-02-11 2324512]
R3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller; C:\Windows\system32\DRIVERS\L1C60x86.sys [2009-01-15 49664]
R3 NTIDrvr;NTIDrvr; \??\C:\Windows\system32\drivers\NTIDrvr.sys [2009-05-05 15360]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2009-01-09 204976]
R3 UBHelper;UBHelper; \??\C:\Windows\system32\drivers\UBHelper.sys [2009-05-05 14336]
S3 BCM43XX;Broadcom 802.11 Network Adapter Driver; C:\Windows\system32\DRIVERS\bcmwl6.sys [2009-02-20 1882616]
S3 catchme;catchme; \??\C:\Users\Scott\AppData\Local\Temp\catchme.sys []
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2008-01-21 5632]
S3 fssfltr;FssFltr; C:\Windows\system32\DRIVERS\fssfltr.sys [2010-09-22 39272]
S3 HdAudAddService;Microsoft 1.1 UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-21 8192]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-21 5888]
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2008-01-21 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2008-01-21 6016]
S3 usbvideo;USB Video Device (WDM); C:\Windows\System32\Drivers\usbvideo.sys [2008-01-21 134016]
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-21 83328]
S4 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys [2008-01-21 6656]
S4 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys [2008-01-21 386616]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AntiVirSchedulerService;Avira AntiVir Scheduler; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2011-01-10 135336]
R2 AntiVirService;Avira AntiVir Guard; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2011-01-10 267944]
R2 CLHNService;CLHNService; C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe [2009-04-14 75048]
R2 ePowerSvc;Acer ePower Service; C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe [2009-06-23 723488]
R2 FontCache;@%systemroot%\system32\FntCache.dll,-100; C:\Windows\system32\svchost.exe [2008-01-21 21504]
R2 MWLService;MyWinLocker Service; C:\Program Files\EgisTec\MyWinLocker 3\x86\\MWLService.exe [2009-05-14 305448]
R2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service; C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2009-06-17 144640]
R2 SeaPort;SeaPort; C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2010-09-22 249136]
R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2010-09-21 1710464]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 gupdate;Google Update Service (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-01-25 135664]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service; C:\Program Files\McAfee\SiteAdvisor\McSACore.exe []
S3 fsssvc;Windows Live Family Safety Service; C:\Program Files\Windows Live\Family Safety\fsssvc.exe [2010-09-22 1493352]
S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335; C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2010-08-18 30192]
S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-12-25 182768]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2008-10-25 65888]
S3 NTIBackupSvc;NTI Backup Now 5 Backup Service; C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2009-06-17 50432]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 WPFFontCache_v0400;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100; C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S4 wlcrasvc;Windows Live Mesh remote connections service; C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]

-----------------EOF-----------------
riva10
Regular Member
 
Posts: 31
Joined: August 4th, 2008, 3:32 am
Top
Advertisement
Register to Remove

Re: Malware called Security Shield

Unread postby riva10 » February 12th, 2011, 8:19 pm

Hi Airscape,

I've completed the various tasks as listed, installed Java, ran the FixIt & TFC programmes, as well as the ESET & RSITV scans, attached below are the relevant logs.

The PC is running OK.

ESET log :

C:\Qoobox\Quarantine\C\ProgramData\e01d\32.mof.vir Win32/RogueAV.A trojan

RSIT log :

Logfile of random's system information tool 1.08 (written by random/random)
Run by Scott at 2011-02-12 20:25:49
Microsoft® Windows Vista™ Home Premium Service Pack 2
System drive C: has 215 GB (73%) free of 295 GB
Total RAM: 3001 MB (59% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 20:25:55, on 12/02/2011
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.19019)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
C:\Program Files\EgisTec Egis Software Update\EgisUpdate.exe
C:\Program Files\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\system32\igfxext.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Users\Scott\AppData\Local\Temp\RtkBtMnt.exe
C:\Program Files\Launch Manager\LManager.exe
C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe
C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Avira\AntiVir Desktop\avcenter.exe
C:\Users\Scott\Desktop\RSIT.exe
C:\Program Files\trend micro\Scott.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACA ... 5t4792x23n
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll
O2 - BHO: Bing Bar BHO - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: @C:\Program Files\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll,-100 - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll
O3 - Toolbar: Sammsoft Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [Acer ePower Management] C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
O4 - HKLM\..\Run: [EgisTecLiveUpdate] "C:\Program Files\EgisTec Egis Software Update\EgisUpdate.exe"
O4 - HKLM\..\Run: [mwlDaemon] C:\Program Files\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [LManager] C:\Program Files\Launch Manager\LManager.exe
O4 - HKLM\..\Run: [CLMLServer] "C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe"
O4 - HKLM\..\Run: [PlayMovie] "C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Skytel] C:\Program Files\Realtek\Audio\HDA\Skytel.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
O9 - Extra button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files\Windows Live\Companion\companioncore.dll
O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://download.eset.com/special/eos/OnlineScanner.cab
O18 - Protocol: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll (file missing)
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: CLHNService - Unknown owner - C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe
O23 - Service: Acer ePower Service (ePowerSvc) - Acer Incorporated - C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
O23 - Service: Google Desktop Manager 5.9.1005.12335 (GoogleDesktopManager-051210-111108) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe (file missing)
O23 - Service: MyWinLocker Service (MWLService) - Egis Technology Inc. - C:\Program Files\EgisTec\MyWinLocker 3\x86\\MWLService.exe
O23 - Service: NTI Backup Now 5 Backup Service (NTIBackupSvc) - NewTech InfoSystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
O23 - Service: NTI Backup Now 5 Scheduler Service (NTISchedulerSvc) - NewTech Infosystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe

--
End of file - 9825 bytes

======Scheduled tasks folder======

C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
C:\Windows\tasks\User_Feed_Synchronization-{2F7F2CFF-8604-4080-A4D8-03EA19D0AE37}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}]
Search Helper - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll [2010-09-22 191792]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21 439168]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9FDDE16B-836F-4806-AB1F-1455CBEFF289}]
Windows Live Messenger Companion Helper - C:\Program Files\Windows Live\Companion\companioncore.dll [2010-09-22 393600]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2009-12-25 263280]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll [2010-09-10 842296]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d2ce3e00-f94a-4740-988e-03dc2f38c34f}]
Bing Bar BHO - C:\Program Files\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll [2010-09-22 612616]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
Sammsoft Toolbar - C:\Program Files\Ask.com\GenericAskToolbar.dll [2010-09-28 1400712]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2011-02-12 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2009-12-25 263280]
{8dcb7100-df86-4384-8842-8fa844297b3f} - @C:\Program Files\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll,-100 - C:\Program Files\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll [2010-09-22 612616]
{D4027C7F-154A-4066-A1AD-4243D8127440} - Sammsoft Toolbar - C:\Program Files\Ask.com\GenericAskToolbar.dll [2010-09-28 1400712]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"=C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [2009-02-11 6724128]
"Google Desktop Search"=C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2010-08-18 30192]
"Acer ePower Management"=C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [2009-06-23 703008]
"EgisTecLiveUpdate"=C:\Program Files\EgisTec Egis Software Update\EgisUpdate.exe [2009-05-13 199464]
"mwlDaemon"=C:\Program Files\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe [2009-05-14 345384]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2008-06-12 34672]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2009-01-09 1418536]
"LManager"=C:\Program Files\Launch Manager\LManager.exe [2009-06-16 1131016]
"CLMLServer"=C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe [2009-05-05 206120]
"PlayMovie"=C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe [2009-05-04 173288]
"GrooveMonitor"=C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2008-10-25 31072]
"Skytel"=C:\Program Files\Realtek\Audio\HDA\Skytel.exe [2009-02-11 1833504]
"IgfxTray"=C:\Windows\system32\igfxtray.exe [2010-08-25 136216]
"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2010-08-25 171032]
"Persistence"=C:\Windows\system32\igfxpers.exe [2010-08-25 170520]
"Malwarebytes' Anti-Malware (reboot)"=C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe [2010-12-20 963976]
"avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2011-01-10 281768]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-05-14 248552]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2009-12-25 39408]
"msnmsgr"=C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2010-09-22 4240760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="C:\PROGRA~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\Windows\system32\igfxdev.dll [2010-08-25 228864]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"= []

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorUser"=2
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"BindDirectlyToPropertySetStorage"=0
"NoDrives"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1

======List of files/folders created in the last 1 months======

2011-02-12 19:07:39 ----D---- C:\Program Files\ESET
2011-02-12 18:30:27 ----D---- C:\ProgramData\Sun
2011-02-12 18:30:26 ----D---- C:\Program Files\Common Files\Java
2011-02-12 18:28:34 ----A---- C:\Windows\system32\javaws.exe
2011-02-12 18:28:34 ----A---- C:\Windows\system32\javaw.exe
2011-02-12 18:28:34 ----A---- C:\Windows\system32\java.exe
2011-02-12 18:28:34 ----A---- C:\Windows\system32\deployJava1.dll
2011-02-12 18:27:51 ----D---- C:\Program Files\Java
2011-02-11 06:23:49 ----D---- C:\Windows\temp
2011-02-10 18:56:20 ----SHD---- C:\$RECYCLE.BIN
2011-02-10 18:56:15 ----A---- C:\ComboFix.txt
2011-02-10 18:48:52 ----A---- C:\Windows\zip.exe
2011-02-10 18:48:52 ----A---- C:\Windows\SWSC.exe
2011-02-10 18:48:52 ----A---- C:\Windows\SWREG.exe
2011-02-10 18:48:52 ----A---- C:\Windows\sed.exe
2011-02-10 18:48:52 ----A---- C:\Windows\PEV.exe
2011-02-10 18:48:52 ----A---- C:\Windows\NIRCMD.exe
2011-02-10 18:48:52 ----A---- C:\Windows\MBR.exe
2011-02-10 18:48:52 ----A---- C:\Windows\grep.exe
2011-02-10 18:48:48 ----D---- C:\Windows\ERDNT
2011-02-10 18:48:47 ----D---- C:\ComboFix
2011-02-10 18:48:29 ----A---- C:\Windows\SWXCACLS.exe
2011-02-10 18:41:47 ----D---- C:\Qoobox
2011-02-10 18:38:02 ----D---- C:\Users\Scott\AppData\Roaming\Avira
2011-02-10 18:25:05 ----A---- C:\Windows\system32\win32k.sys
2011-02-10 18:25:00 ----A---- C:\Windows\system32\ntkrnlpa.exe
2011-02-10 18:25:00 ----A---- C:\Windows\system32\ntdll.dll
2011-02-10 18:24:59 ----A---- C:\Windows\system32\ntoskrnl.exe
2011-02-10 18:24:49 ----A---- C:\Windows\system32\XpsRasterService.dll
2011-02-10 18:24:49 ----A---- C:\Windows\system32\XpsPrint.dll
2011-02-10 18:24:49 ----A---- C:\Windows\system32\XpsGdiConverter.dll
2011-02-10 18:24:49 ----A---- C:\Windows\system32\MFH264Dec.dll
2011-02-10 18:24:49 ----A---- C:\Windows\system32\FntCache.dll
2011-02-10 18:24:49 ----A---- C:\Windows\system32\DWrite.dll
2011-02-10 18:24:49 ----A---- C:\Windows\system32\d3d10warp.dll
2011-02-10 18:24:49 ----A---- C:\Windows\system32\d2d1.dll
2011-02-10 18:24:48 ----A---- C:\Windows\system32\xpsservices.dll
2011-02-10 18:24:48 ----A---- C:\Windows\system32\OpcServices.dll
2011-02-10 18:24:48 ----A---- C:\Windows\system32\mfreadwrite.dll
2011-02-10 18:24:48 ----A---- C:\Windows\system32\mfmp4src.dll
2011-02-10 18:24:48 ----A---- C:\Windows\system32\MFHEAACdec.dll
2011-02-10 18:24:48 ----A---- C:\Windows\system32\drivers\dxgkrnl.sys
2011-02-10 18:24:47 ----A---- C:\Windows\system32\shdocvw.dll
2011-02-10 18:24:47 ----A---- C:\Windows\system32\printfilterpipelinesvc.exe
2011-02-10 18:24:47 ----A---- C:\Windows\system32\mf.dll
2011-02-10 18:24:47 ----A---- C:\Windows\system32\dxgi.dll
2011-02-10 18:24:47 ----A---- C:\Windows\system32\d3d10core.dll
2011-02-10 18:24:47 ----A---- C:\Windows\system32\d3d10_1core.dll
2011-02-10 18:24:47 ----A---- C:\Windows\system32\d3d10_1.dll
2011-02-10 18:24:47 ----A---- C:\Windows\system32\d3d10.dll
2011-02-10 18:24:46 ----A---- C:\Windows\system32\stobject.dll
2011-02-10 18:24:46 ----A---- C:\Windows\system32\mfplat.dll
2011-02-10 18:24:46 ----A---- C:\Windows\system32\d3d10level9.dll
2011-02-10 18:24:45 ----A---- C:\Windows\system32\printfilterpipelineprxy.dll
2011-02-10 18:24:45 ----A---- C:\Windows\system32\mfps.dll
2011-02-10 18:24:45 ----A---- C:\Windows\system32\cdd.dll
2011-02-10 18:24:35 ----A---- C:\Windows\system32\mshtml.dll
2011-02-10 18:24:35 ----A---- C:\Windows\system32\ieframe.dll
2011-02-10 18:24:34 ----A---- C:\Windows\system32\wininet.dll
2011-02-10 18:24:34 ----A---- C:\Windows\system32\urlmon.dll
2011-02-10 18:24:34 ----A---- C:\Windows\system32\occache.dll
2011-02-10 18:24:34 ----A---- C:\Windows\system32\mstime.dll
2011-02-10 18:24:34 ----A---- C:\Windows\system32\msfeeds.dll
2011-02-10 18:24:34 ----A---- C:\Windows\system32\iertutil.dll
2011-02-10 18:24:34 ----A---- C:\Windows\system32\iedkcs32.dll
2011-02-10 18:24:33 ----A---- C:\Windows\system32\mshtmled.dll
2011-02-10 18:24:33 ----A---- C:\Windows\system32\msfeedssync.exe
2011-02-10 18:24:33 ----A---- C:\Windows\system32\msfeedsbs.dll
2011-02-10 18:24:33 ----A---- C:\Windows\system32\licmgr10.dll
2011-02-10 18:24:33 ----A---- C:\Windows\system32\jsproxy.dll
2011-02-10 18:24:33 ----A---- C:\Windows\system32\ieUnatt.exe
2011-02-10 18:24:33 ----A---- C:\Windows\system32\ieui.dll
2011-02-10 18:24:33 ----A---- C:\Windows\system32\iesysprep.dll
2011-02-10 18:24:33 ----A---- C:\Windows\system32\iesetup.dll
2011-02-10 18:24:33 ----A---- C:\Windows\system32\iernonce.dll
2011-02-10 18:24:33 ----A---- C:\Windows\system32\iepeers.dll
2011-02-10 18:24:33 ----A---- C:\Windows\system32\ie4uinit.exe
2011-02-10 18:24:31 ----A---- C:\Windows\system32\shell32.dll
2011-02-10 18:24:30 ----A---- C:\Windows\system32\shlwapi.dll
2011-02-10 18:24:28 ----A---- C:\Windows\system32\atmlib.dll
2011-02-10 18:24:28 ----A---- C:\Windows\system32\atmfd.dll
2011-02-06 11:08:13 ----D---- C:\rsit
2011-02-06 11:08:13 ----D---- C:\Program Files\trend micro
2011-02-06 11:04:37 ----A---- C:\Windows\system32\drivers\ssmdrv.sys
2011-02-06 11:04:36 ----D---- C:\ProgramData\Avira
2011-02-06 11:04:36 ----D---- C:\Program Files\Avira
2011-02-06 11:04:36 ----A---- C:\Windows\system32\drivers\avipbb.sys
2011-02-06 11:04:36 ----A---- C:\Windows\system32\drivers\avgntflt.sys
2011-02-06 10:43:58 ----D---- C:\Users\Scott\AppData\Roaming\Malwarebytes
2011-02-06 10:43:36 ----D---- C:\ProgramData\Malwarebytes
2011-02-06 10:43:36 ----A---- C:\Windows\system32\drivers\mbamswissarmy.sys
2011-02-06 10:43:33 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2011-02-06 10:43:33 ----A---- C:\Windows\system32\drivers\mbam.sys
2011-02-06 09:52:17 ----D---- C:\Windows\system32\x64
2011-02-03 20:01:25 ----D---- C:\Program Files\CCleaner
2011-02-01 22:53:59 ----D---- C:\ProgramData\PC Tools
2011-02-01 10:44:52 ----D---- C:\Program Files\Ask.com

======List of files/folders modified in the last 1 months======

2011-02-12 19:07:40 ----SD---- C:\Windows\Downloaded Program Files
2011-02-12 19:07:39 ----RD---- C:\Program Files
2011-02-12 19:06:18 ----D---- C:\Windows\System32
2011-02-12 19:06:18 ----D---- C:\Windows\inf
2011-02-12 19:06:18 ----A---- C:\Windows\system32\PerfStringBackup.INI
2011-02-12 18:53:50 ----SHD---- C:\Windows\Installer
2011-02-12 18:53:34 ----D---- C:\Config.Msi
2011-02-12 18:53:06 ----SHD---- C:\System Volume Information
2011-02-12 18:41:33 ----D---- C:\Windows\rescache
2011-02-12 18:36:51 ----D---- C:\Windows\system32\drivers\etc
2011-02-12 18:30:27 ----D---- C:\ProgramData
2011-02-12 18:30:26 ----D---- C:\Program Files\Common Files
2011-02-11 07:10:00 ----HD---- C:\Windows\system32\GroupPolicy
2011-02-11 06:47:14 ----D---- C:\Windows\winsxs
2011-02-11 06:37:06 ----D---- C:\Windows\system32\catroot
2011-02-11 06:34:23 ----D---- C:\Program Files\Windows Mail
2011-02-11 06:34:21 ----D---- C:\Windows\system32\migration
2011-02-11 06:34:21 ----D---- C:\Windows\system32\drivers
2011-02-11 06:34:21 ----D---- C:\Program Files\Internet Explorer
2011-02-11 06:29:50 ----D---- C:\Windows\Debug
2011-02-11 06:29:49 ----A---- C:\Windows\system32\mrt.exe
2011-02-11 06:29:02 ----D---- C:\ProgramData\Microsoft Help
2011-02-11 06:23:49 ----D---- C:\Windows
2011-02-10 18:54:51 ----A---- C:\Windows\system.ini
2011-02-10 18:52:36 ----D---- C:\Windows\AppPatch
2011-02-10 18:24:12 ----D---- C:\Windows\system32\catroot2
2011-02-10 18:23:33 ----D---- C:\ProgramData\AVG10
2011-02-10 18:23:33 ----D---- C:\ProgramData\AVG Security Toolbar
2011-02-06 10:56:10 ----D---- C:\Windows\system
2011-02-06 10:23:08 ----D---- C:\ProgramData\McAfee
2011-02-06 10:23:08 ----D---- C:\Program Files\McAfee
2011-02-03 21:42:20 ----D---- C:\Windows\system32\WDI
2011-02-03 21:12:35 ----D---- C:\Windows\Prefetch
2011-02-03 20:29:57 ----D---- C:\ProgramData\MFAData
2011-02-03 19:45:17 ----D---- C:\Windows\Logs
2011-02-02 09:56:22 ----D---- C:\Windows\system32\Tasks

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 avipbb;avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [2011-01-10 135096]
R1 DPMemGridVista;Physical Memory I/O for GridVista; \??\C:\Program Files\GridVista\DPMemGridVista.sys [2008-10-01 10504]
R1 mwlPSDFilter;mwlPSDFilter; C:\Windows\system32\DRIVERS\mwlPSDFilter.sys [2008-12-04 19504]
R1 mwlPSDNServ;mwlPSDNServ; C:\Windows\system32\DRIVERS\mwlPSDNServ.sys [2008-12-04 16432]
R1 mwlPSDVDisk;mwlPSDVDisk; C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys [2008-12-04 59952]
R1 ssmdrv;ssmdrv; C:\Windows\system32\DRIVERS\ssmdrv.sys [2010-06-17 28520]
R2 avgntflt;avgntflt; C:\Windows\system32\DRIVERS\avgntflt.sys [2011-01-10 61960]
R3 athr;Atheros Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athr.sys [2009-06-23 1181184]
R3 DKbFltr;Dritek Keyboard Filter Driver; C:\Windows\system32\DRIVERS\DKbFltr.sys [2009-03-26 21000]
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd32.sys [2010-08-25 9024512]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2009-02-11 2324512]
R3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller; C:\Windows\system32\DRIVERS\L1C60x86.sys [2009-01-15 49664]
R3 NTIDrvr;NTIDrvr; \??\C:\Windows\system32\drivers\NTIDrvr.sys [2009-05-05 15360]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2009-01-09 204976]
R3 UBHelper;UBHelper; \??\C:\Windows\system32\drivers\UBHelper.sys [2009-05-05 14336]
S3 BCM43XX;Broadcom 802.11 Network Adapter Driver; C:\Windows\system32\DRIVERS\bcmwl6.sys [2009-02-20 1882616]
S3 catchme;catchme; \??\C:\Users\Scott\AppData\Local\Temp\catchme.sys []
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2008-01-21 5632]
S3 fssfltr;FssFltr; C:\Windows\system32\DRIVERS\fssfltr.sys [2010-09-22 39272]
S3 HdAudAddService;Microsoft 1.1 UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-21 8192]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-21 5888]
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2008-01-21 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2008-01-21 6016]
S3 usbvideo;USB Video Device (WDM); C:\Windows\System32\Drivers\usbvideo.sys [2008-01-21 134016]
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-21 83328]
S4 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys [2008-01-21 6656]
S4 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys [2008-01-21 386616]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AntiVirSchedulerService;Avira AntiVir Scheduler; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2011-01-10 135336]
R2 AntiVirService;Avira AntiVir Guard; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2011-01-10 267944]
R2 CLHNService;CLHNService; C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe [2009-04-14 75048]
R2 ePowerSvc;Acer ePower Service; C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe [2009-06-23 723488]
R2 FontCache;@%systemroot%\system32\FntCache.dll,-100; C:\Windows\system32\svchost.exe [2008-01-21 21504]
R2 MWLService;MyWinLocker Service; C:\Program Files\EgisTec\MyWinLocker 3\x86\\MWLService.exe [2009-05-14 305448]
R2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service; C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2009-06-17 144640]
R2 SeaPort;SeaPort; C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2010-09-22 249136]
R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2010-09-21 1710464]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 gupdate;Google Update Service (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-01-25 135664]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service; C:\Program Files\McAfee\SiteAdvisor\McSACore.exe []
S3 fsssvc;Windows Live Family Safety Service; C:\Program Files\Windows Live\Family Safety\fsssvc.exe [2010-09-22 1493352]
S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335; C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2010-08-18 30192]
S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-12-25 182768]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2008-10-25 65888]
S3 NTIBackupSvc;NTI Backup Now 5 Backup Service; C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2009-06-17 50432]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 WPFFontCache_v0400;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100; C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S4 wlcrasvc;Windows Live Mesh remote connections service; C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]

-----------------EOF-----------------
riva10
Regular Member
 
Posts: 31
Joined: August 4th, 2008, 3:32 am
Top

Re: Malware called Security Shield

Unread postby Airscape » February 13th, 2011, 5:44 pm

Hello,

  • You should Download and Install the newest version of Adobe Reader for reading pdf files.
  • Older versions may have vulnerabilities that malware can use to infect your system.
  • Go Here to download and install Adobe Reader X.
  • Note: Uncheck Free McAfee® Security Scan Plus (optional)

If it still remains Uninstall the old Adobe Reader via Program and Features.
---------------------------------------------------------------------
Backup the Registry:
  • Please go here and download ERUNT.
  • Right-click on erunt-setup.exe and select Run as Admin to install the program.
  • Use the default install settings but say no to the portion that asks you to add ERUNT to the Start-Up folder.
  • Choose a location for the backup. Note: the default location is C:\WINDOWS\ERDNT\todays date
  • I recommend you UNcheck to create NTREGOPT desktop shortcut option.
  • Click on OK
  • Then click on YES to create the backup folder.

Note: to restore the registry (if needed) goto the backup folder and start ERDNT.exe
------------------------------------------------------------------
Download and Run OTM
Download OTM by OldTimer Here or Here & save it to your desktop.
  • Right click OTM and select Run as Admin to run it
  • Copy & paste the contents of the Code box below into Paste Instructions for Items to be Moved
Note: Do not type it out to minimize the risk of typo error
Code: Select all
:Reg
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"=-
[-HKEY_CLASSES_ROOT\CLSID\{00000000-6e41-4fd3-8538-502f5495e5fc}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
[-HKEY_CLASSES_ROOT\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
[-HKEY_CLASSES_ROOT\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"=-
[-HKEY_CLASSES_ROOT\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}]
[-HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
[-HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[-HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"=-
[-HKEY_CLASSES_ROOT\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\avgsecuritytoolbar]
[-HKEY_CLASSES_ROOT\CLSID\{F2DDE6B2-9684-4A55-86D4-E255E237B77C}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{7530BFB8-7293-4D34-9923-61A11451AFC5}]
[-HKEY_CLASSES_ROOT\CLSID\{7530BFB8-7293-4D34-9923-61A11451AFC5}]
:Files
C:\Program Files\Ask.com
C:\ProgramData\AVG
C:\ProgramData\AVG Security Toolbar
:Commands
[ClearAllRestorePoints]
[EmptyTemp]
[Start Explorer]
[Reboot]

  • Click on MoveIt!
  • When done, click on Exit
Note: If a file or folder can't be moved immediately, you may be asked to restart your computer. Choose Yes.
A log will be produced at C:\_OTM\MovedFiles\date_time.log, where date_time are numbers.
Please copy/paste this log in your next reply. It should appear after restarting the computer, if not locate it manually.

Please post the OTM log and a new HijackThis log.
User avatar
Airscape
Regular Member
 
Posts: 1858
Joined: November 1st, 2008, 11:06 pm
Top

Re: Malware called Security Shield

Unread postby Airscape » February 15th, 2011, 5:53 pm

Do you still need help?
User avatar
Airscape
Regular Member
 
Posts: 1858
Joined: November 1st, 2008, 11:06 pm
Top

Re: Malware called Security Shield

Unread postby riva10 » February 16th, 2011, 7:47 pm

Apologies Airscape, I missed your first message, and will carry out the latest instructions tomorrow 17th Feb.
riva10
Regular Member
 
Posts: 31
Joined: August 4th, 2008, 3:32 am
Top

Re: Malware called Security Shield

Unread postby Airscape » February 16th, 2011, 8:55 pm

No problem. After that we can just clean up etc so there's no rush.
User avatar
Airscape
Regular Member
 
Posts: 1858
Joined: November 1st, 2008, 11:06 pm
Top

Re: Malware called Security Shield

Unread postby riva10 » February 18th, 2011, 3:13 am

Hi Airscape, while processing the various tasks I encountered a problem.

I had installed the Adobe update, ERUNT and OTM programmes, but after running the MoveIt segment, the laptop powered down (my fault, I didn't have the power lead plugged in !) and I didn't get the option to Exit the programme.

The OTM\MovedFiles log entry is there, but there is no data in it.

I haven't done anything else now, and await your further instructions.

Sorry .... Andy
riva10
Regular Member
 
Posts: 31
Joined: August 4th, 2008, 3:32 am
Top

Re: Malware called Security Shield

Unread postby Airscape » February 18th, 2011, 9:37 am

Hello Andy,

That's not a problem you can just run the instructions again with the power lead plugged in.

Thanks.
User avatar
Airscape
Regular Member
 
Posts: 1858
Joined: November 1st, 2008, 11:06 pm
Top

Re: Malware called Security Shield

Unread postby riva10 » February 18th, 2011, 4:21 pm

Hi Airscape, I ran the instructions as advised, and the OTM programme froze halfway through before being completed (Not Responding)

On the left of the screen, the following instructions remain :-

[-HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[-HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"=-
[-HKEY_CLASSES_ROOT\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\avgsecuritytoolbar]
[-HKEY_CLASSES_ROOT\CLSID\{F2DDE6B2-9684-4A55-86D4-E255E237B77C}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{7530BFB8-7293-4D34-9923-61A11451AFC5}]
[-HKEY_CLASSES_ROOT\CLSID\{7530BFB8-7293-4D34-9923-61A11451AFC5}]
:Files
C:\Program Files\Ask.com
C:\ProgramData\AVG
C:\ProgramData\AVG Security Toolbar
:Commands
[ClearAllRestorePoints]
[EmptyTemp]
[Start Explorer]
[Reboot]

On the right are a list of processes killed, under the heading REGISTRY

The last entry reads :

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found
riva10
Regular Member
 
Posts: 31
Joined: August 4th, 2008, 3:32 am
Top

Re: Malware called Security Shield

Unread postby Airscape » February 18th, 2011, 4:34 pm

Can you please continue on with the rest and post the HijackThis log.

Thanks.
User avatar
Airscape
Regular Member
 
Posts: 1858
Joined: November 1st, 2008, 11:06 pm
Top

Re: Malware called Security Shield

Unread postby riva10 » February 18th, 2011, 7:22 pm

Hi Airscapre, here is the HJT log

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 23:20:05, on 18/02/2011
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.19019)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
C:\Program Files\EgisTec Egis Software Update\EgisUpdate.exe
C:\Program Files\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Launch Manager\LManager.exe
C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe
C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\system32\igfxext.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
C:\Users\Scott\AppData\Local\Temp\RtkBtMnt.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe
C:\Users\Scott\Desktop\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACA ... 5t4792x23n
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll
O2 - BHO: Bing Bar BHO - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: @C:\Program Files\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll,-100 - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll
O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [Acer ePower Management] C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
O4 - HKLM\..\Run: [EgisTecLiveUpdate] "C:\Program Files\EgisTec Egis Software Update\EgisUpdate.exe"
O4 - HKLM\..\Run: [mwlDaemon] C:\Program Files\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [LManager] C:\Program Files\Launch Manager\LManager.exe
O4 - HKLM\..\Run: [CLMLServer] "C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe"
O4 - HKLM\..\Run: [PlayMovie] "C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Skytel] C:\Program Files\Realtek\Audio\HDA\Skytel.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - Global Startup: McAfee Security Scan Plus.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
O9 - Extra button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files\Windows Live\Companion\companioncore.dll
O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll (file missing)
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: CLHNService - Unknown owner - C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe
O23 - Service: Acer ePower Service (ePowerSvc) - Acer Incorporated - C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
O23 - Service: Google Desktop Manager 5.9.1005.12335 (GoogleDesktopManager-051210-111108) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe (file missing)
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe
O23 - Service: MyWinLocker Service (MWLService) - Egis Technology Inc. - C:\Program Files\EgisTec\MyWinLocker 3\x86\\MWLService.exe
O23 - Service: NTI Backup Now 5 Backup Service (NTIBackupSvc) - NewTech InfoSystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
O23 - Service: NTI Backup Now 5 Scheduler Service (NTISchedulerSvc) - NewTech Infosystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe

--
End of file - 9573 bytes
riva10
Regular Member
 
Posts: 31
Joined: August 4th, 2008, 3:32 am
Top

Re: Malware called Security Shield

Unread postby Airscape » February 19th, 2011, 11:43 am

Hello

Backup the registry
Click Start > All Programs > Accessories
Right-click Command Prompt and select Run as Administrator
Copy/Paste the line below into the Prompt and press Enter

"C:\Program Files\ERUNT\ERUNT.EXE" %SystemRoot%\ERDNT\riva10

Allow Erunt to backup the registry then type Exit > Enter
--------------------------------------------------
  • Open Notepad.
  • Copy and Paste everything from the Code Box below into Notepad: (Do not include the word Code:)
    Code: Select all
    @echo off
reg delete "HKCR\GenericAskToolbar.ToolbarWnd.1" /f
reg delete "HKCR\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}" /f
reg delete "HKCU\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser" /v "{D4027C7F-154A-4066-A1AD-4243D8127440}" /f
reg delete "HKCR\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}" /f
reg delete "HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\avgsecuritytoolbar" /f
reg delete "HKCR\CLSID\{F2DDE6B2-9684-4A55-86D4-E255E237B77C}" /f
reg delete "HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{7530BFB8-7293-4D34-9923-61A11451AFC5}" /f
reg delete "HKCR\CLSID\{7530BFB8-7293-4D34-9923-61A11451AFC5}" /f
rd C:\Program Files\Ask.com /s/q
rd C:\ProgramData\AVG /s/q
rd C:\ProgramData\AVG Security Toolbar /s/q
del %0
  • Go to File >> Save As
  • Save File name as Fix.bat
  • Change Save as Type to All Files and save the file to your Desktop.
Now right click on Fix.bat and select Run as Admin to run the batch file. It will self-delete when completed.
-----------------------------------------------------
Please post the following:
New HijackThis log
If no other problems we can finish up with the last instructions... please let me know?
User avatar
Airscape
Regular Member
 
Posts: 1858
Joined: November 1st, 2008, 11:06 pm
Top

Re: Malware called Security Shield

Unread postby riva10 » February 19th, 2011, 9:33 pm

Hi Airscape, here is hte latest HJT log

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 01:31:40, on 20/02/2011
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.19019)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
C:\Program Files\EgisTec Egis Software Update\EgisUpdate.exe
C:\Program Files\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\system32\igfxext.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Launch Manager\LManager.exe
C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe
C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Users\Scott\AppData\Local\Temp\RtkBtMnt.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe
C:\Windows\system32\taskeng.exe
C:\Users\Scott\Desktop\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACA ... 5t4792x23n
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll
O2 - BHO: Bing Bar BHO - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: @C:\Program Files\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll,-100 - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll
O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [Acer ePower Management] C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
O4 - HKLM\..\Run: [EgisTecLiveUpdate] "C:\Program Files\EgisTec Egis Software Update\EgisUpdate.exe"
O4 - HKLM\..\Run: [mwlDaemon] C:\Program Files\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [LManager] C:\Program Files\Launch Manager\LManager.exe
O4 - HKLM\..\Run: [CLMLServer] "C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe"
O4 - HKLM\..\Run: [PlayMovie] "C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Skytel] C:\Program Files\Realtek\Audio\HDA\Skytel.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - Global Startup: McAfee Security Scan Plus.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
O9 - Extra button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files\Windows Live\Companion\companioncore.dll
O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: CLHNService - Unknown owner - C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe
O23 - Service: Acer ePower Service (ePowerSvc) - Acer Incorporated - C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
O23 - Service: Google Desktop Manager 5.9.1005.12335 (GoogleDesktopManager-051210-111108) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe (file missing)
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe
O23 - Service: MyWinLocker Service (MWLService) - Egis Technology Inc. - C:\Program Files\EgisTec\MyWinLocker 3\x86\\MWLService.exe
O23 - Service: NTI Backup Now 5 Backup Service (NTIBackupSvc) - NewTech InfoSystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
O23 - Service: NTI Backup Now 5 Scheduler Service (NTISchedulerSvc) - NewTech Infosystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe

--
End of file - 9430 bytes

Andy
riva10
Regular Member
 
Posts: 31
Joined: August 4th, 2008, 3:32 am
Top

Re: Malware called Security Shield

Unread postby Airscape » February 20th, 2011, 6:57 pm

Hi Andy,

The pc seems clean now. If you have no other problems please do the following now.

The Java I had you download earlier is now out of date.
Please Uninstall the old one via Programs and Features then install this version.

You can also remove Mcaffe security scan if you want to.

Uninstall ComboFix
Click on Start > All Programs > Accessories > Run...
Copy/paste in ComboFix /Uninstall and click OK.
(if you type it out note the space in the middle)
If you get a "can't find file" message. Right click combofix.exe and rename it to Uninstall.exe
Disable Avira antivirus, then double click Uninstall.exe and ComboFix should uninstall.
The above will implement some cleanup procedures as well as reset System Restore points.
--------------------------------------------------------------------------------
Clean up with OTC
Download OTC by Old Timer here and save it to your desktop.
Right click on OTC.exe and select Run as Admin to run it.
Click on CleanUp!
Click on Yes then Reboot the computer.
The above will remove the majority of tools/logs used in the removal process. If any still exist, please delete them yourself.
-----------------------------------------------------------------------------------
Finally please follow these steps to prevent reinfection and keep your pc safe and secure for the future.

Make sure that you keep your antivirus updated
New viruses come out every minute, so it is essential that you have the latest signatures for your antivirus program to provide you with the best possible protection from malicious software.

Security Updates for Windows, Internet Explorer & Microsoft Office
Whenever a security problem in its software is found, Microsoft will usually create a patch so that after the patch is installed, attackers can't use the vulnerability to install malicious software on your PC. Keeping up with these patches will help to prevent malicious software being installed on your PC.

First go here if not done so already: http://www.update.microsoft.com/windows ... ankspage=5

Click Start > All Programs > Windows Update > Change Settings
Under Important updates choose Install updates automatically (recommended)
Choose a day/time when you know the pc will be on and connected to the internet, to automatically download then install the new updates
Under Recommended updates Check Give me recommended updates the same way I recieve important updates
Under Microsoft Update Check Give me updates for Microsoft products and check for new optional Microsoft software when I update Windows
Under Who can install updates Check Allow all users to install updates on this computer
Click OK
Click Check for updates at the main Windows Update screen and let it download then install them... reboot if required.

Update other Programs
Microsoft isn't the only company whose products can contain security vulnerabilities. To check whether other programs running on your PC are in need of an update, you can use the Secunia Software Inspector or F-secure Health Check. I suggest that you run one of them at least once a month.

Further reading:

Finally I am trying to make one point very clear. It is ABSOLUTELY ESSENTIAL to keep all of your security programs up to date.

I'd be grateful if you could reply to this post so that I know you have read it and, if you've no other questions, the thread can be closed.

Happy surfing and stay clean!
User avatar
Airscape
Regular Member
 
Posts: 1858
Joined: November 1st, 2008, 11:06 pm
Top

Re: Malware called Security Shield

Unread postby riva10 » February 21st, 2011, 3:46 am

Hi Airscape,

I have completed the remaining tasks, many thanks for your assistance & patience, it has been greatly appreciated.

Andy
riva10
Regular Member
 
Posts: 31
Joined: August 4th, 2008, 3:32 am
Top
Advertisement
Register to Remove
PreviousNext
Topic locked
  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 159 guests

The teamDelete all board cookiesAll times are UTC - 5 hours [ DST ]

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware

Board index