Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Epoclick Virus

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Epoclick Virus

Unread postby nicoledee » December 7th, 2010, 8:25 am

Hi,
I am almost positive my computer is infected with the Epoclick virus, I'm frequently redirected to websites such as epoclick.com & google-analytics.com (or similar), I also frequently get sent to all sorts of business websites.

Here is my HijackThis Log:


Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:39:12 PM, on 7/12/2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18943)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\bigpond\security\App\Console.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Users\nicole.dee\Desktop\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... on&pf=cnnb
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... on&pf=cnnb
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE= ... on&pf=cnnb
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=C:\Windows\system32\userinit.exe
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: E-Zsoft VideoDownloaderToolBar - {4322A444-92F8-4C3E-BD4C-013BA51E2871} - C:\Program Files\VersalSoft\InternetDownload\VDTB.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
O3 - Toolbar: E-Zsoft VideoDownloaderToolBar - {4322A444-92F8-4C3E-BD4C-013BA51E2871} - C:\Program Files\VersalSoft\InternetDownload\VDTB.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [ESP] "c:\Program Files\bigpond\security\app\start.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [3FWHZQA3LT] C:\Users\nicole.dee\AppData\Local\Temp\Fhw.exe
O4 - HKCU\..\Run: [gtvbpvfp] C:\Users\nicole.dee\AppData\Local\Temp\ctelvhact\jksfubryhsn.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: OneNote 2010 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE
O4 - Global Startup: Bluetooth.lnk = ?
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Download by VersalSoft Internet Download - C:\Program Files\VersalSoft\InternetDownload\adddownload.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O16 - DPF: {1B4F9DD7-2D7C-44B5-9126-73206DA0AE75} (CNavigationManager Object) - http://audownload.authentium.net/bigpon ... wizard.exe
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/200 ... ader55.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{23EB0F11-1A45-4036-B41F-DB625F69E17A}: NameServer = 93.188.162.83,93.188.161.223
O17 - HKLM\System\CCS\Services\Tcpip\..\{3A4A6474-0D79-437B-9C4C-5604288B9F24}: NameServer = 93.188.162.83,93.188.161.223
O17 - HKLM\System\CCS\Services\Tcpip\..\{FACD4DB2-EEE8-42C2-AE22-A502ED354279}: NameServer = 93.188.162.83,93.188.161.223
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 93.188.162.83,93.188.161.223
O17 - HKLM\System\CS1\Services\Tcpip\..\{23EB0F11-1A45-4036-B41F-DB625F69E17A}: NameServer = 93.188.162.83,93.188.161.223
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 93.188.162.83,93.188.161.223
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - (no file)
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_a7e996cd\aestsrv.exe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: AuthElementsSvc - Authentium, Inc - c:\Program Files\Bigpond\ESP Elements\AuthElementsSvc.exe
O23 - Service: BigPond Security System Service (AuthSysSvc) - Authentium, Inc. - c:\Program Files\bigpond\security\App\syssvcnt.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: HP Service (hpsrv) - Hewlett-Packard Corporation - C:\Windows\system32\Hpservice.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPAHelper.exe - Unknown owner - C:\Program Files\iPod Access for Windows\iPAHelper.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe
O23 - Service: MemeoBackgroundService - Memeo - C:\Program Files\Memeo\AutoBackup\MemeoBackgroundService.exe
O23 - Service: Microsoft Office Groove Audit Service - Memeo - (no file)
O23 - Service: Nero BackItUp Scheduler 4.0 - Unknown owner - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe (file missing)
O23 - Service: QuickPlay Background Capture Service (QBCS) (QPCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
O23 - Service: QuickPlay Task Scheduler (QTS) (QPSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe
O23 - Service: Recovery Service for Windows - Unknown owner - C:\Windows\SMINST\BLService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Anti-Spyware (SBAMSvc) - Sunbelt Software - c:\Program Files\Common Files\Sunbelt\SBAMSvc.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_a7e996cd\STacSV.exe
O23 - Service: vseamps - Authentium, Inc - c:\Program Files\Common Files\Authentium\AntiVirus5\vseamps.exe
O23 - Service: vsedsps - Authentium, Inc - c:\Program Files\Common Files\Authentium\AntiVirus5\vsedsps.exe
O23 - Service: vseqrts - Authentium, Inc - c:\Program Files\Common Files\Authentium\AntiVirus5\vseqrts.exe

--
End of file - 14087 bytes

Here is my uninstall list:


Acrobat.com
Acrobat.com
ActiveCheck component for HP Active Support Library
Adobe AIR
Adobe AIR
Adobe Community Help
Adobe Community Help
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Media Player
Adobe Media Player
Adobe Reader 9.4.1
Adobe Shockwave Player
Adobe Shockwave Player
Agere Systems HDA Modem
Akamai NetSession Interface
Anti-Spyware (Sunbelt3)
Anti-Virus (Command Software 5)
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Authentium Web Install Helper
AVSDK5
BigPond (BIUS)
Bigpond Desktop
BigPond Security
Bonjour
CalorieKing Nutrition and Exercise Manager - Australian Edition (remove only)
Camera RAW Plug-In for EPSON Creativity Suite
CleanCenter v2.8.1.1 Trial Version
CyberLink DVD Suite
CyberLink YouCam
CyberLink YouCam
Data Lifeguard Diagnostic for Windows
Definition update for Microsoft Office 2010 (KB982726)
DivX Codec
DivX Converter
DivX Player
DivX Plus DirectShow Filters
DivX Web Player
EPSON Attach To Email
EPSON Copy Utility 3
EPSON Easy Photo Print
EPSON File Manager
EPSON Printer Software
EPSON Scan
EPSON Scan Assistant
EPSON Stylus CX9300F_DX9400F Manual
ESP
e-tax 2010
Firewall (Core 2)
Firewall (User)
FLV Player 2.0 (build 25)
FrostWire 4.21.1
Google Chrome
Google Earth
Google Toolbar for Internet Explorer
Google Toolbar for Internet Explorer
Google Update Helper
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Active Support Library
HP Customer Experience Enhancements
HP Doc Viewer
HP Easy Setup - Frontend
HP Games
HP Help and Support
HP Integrated Module with Bluetooth wireless technology 6.0.1.6200
HP MULTIPLE MODEM INSTALLER for VISTA
HP Photosmart Essential 2.5
HP QuickPlay 3.7
HP Total Care Advisor
HP Update
HP User Guides 0102
HP Wireless Assistant
HPAsset component for HP Active Support Library
HPNetworkAssistant
IDT Audio
Intel(R) Graphics Media Accelerator Driver
Intel® Matrix Storage Manager
iPhone Configuration Utility
iPod Access for Windows v4.2.5
iTunes
Java(TM) 6 Update 22
Java(TM) 6 Update 5
Junk Mail filter update
LabelPrint
LightScribe System Software 1.14.17.1
McAfee Security Scan Plus
Memeo AutoBackup
Memeo AutoSync
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Client Profile
Microsoft Choice Guard
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Home and Student 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Single Image 2010
Microsoft Office Word MUI (English) 2010
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft SQL Server Native Client
Microsoft SQL Server Setup Support Files (English)
Microsoft SQL Server VSS Writer
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Works 2000
Microsoft Works 2000 Setup Launcher
Microsoft WSE 3.0 Runtime
Microsoft_VC80_ATL_x86
Microsoft_VC80_CRT_x86
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFCLOC_x86
Microsoft_VC90_ATL_x86
Microsoft_VC90_CRT_x86
Microsoft_VC90_MFC_x86
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
muvee autoProducer 6.1
neroxml
OGA Notifier 1.7.0105.35.0
Power2Go
PowerDirector
ProtectSmart Hard Drive Protection
QuickPlay SlingPlayer 0.4.6
QuickTime
Realtek 8169 8168 8101E 8102E Ethernet Driver
Realtek USB 2.0 Card Reader
Riva FLV Encoder 2.0
Safari
Spyware Doctor 7.0
Synaptics Pointing Device Driver
Third Party Prerequisites
Tracks Eraser Pro v7.0
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2010 (KB2202188)
Update for Microsoft OneNote 2010 (KB2288640)
Update for Microsoft Outlook Social Connector (KB2289116)
Update for Microsoft Outlook Social Connector (KB2289116)
VC80CRTRedist - 8.0.50727.4053
Web Filtering (Base 2)
Web Filtering (Base)
Web Filtering (Kids Page)
Web Filtering (RuleSpace CFI Anti-Phishing)
Web Filtering (Rulespace CFI)
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Essentials
Windows Live Family Safety
Windows Live Mail
Windows Live Messenger
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Toolbar
Windows Live Upload Tool
Windows Live Writer
Windows Media Player Firefox Plugin
WinRAR archiver
Word in Works Suite add-in
Xvid 1.2.2 final uninstall

Thanks,
Nicole.
nicoledee
Active Member
 
Posts: 11
Joined: December 7th, 2010, 8:09 am
Advertisement
Register to Remove

Re: Epoclick Virus

Unread postby Airscape » December 12th, 2010, 12:37 pm

Hello and welcome to the forum.
My name is Airscape and I'll be helping you with your malware issues.
The logs can take a while to research. Please be patient with me.

Take note of the following before we begin.
  • Post to this thread only and please stick to it until I say your pc is clean.
  • The instructions I give are for This computer only and should not be used on any other pc.
  • Do NOT run any tools/scans unless I instruct you to.
  • Try not to install/uninstall any programs while we work. This will add extra time researching your logs.
  • If you have found assistance elsewhere and no longer require our help, please say so, and this topic will be closed.
  • If you have any problems, please stop and ask before proceeding with any fixes.
  • ALL USERS OF THIS FORUM MUST READ THIS FIRST

Note: As I'm still in training, everything I post must be checked by a teacher first. So there may be a slight delay in between posts.

Important:
Please be aware that removing Malware is a hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

In light of this it would be wise for you to back up any important files and folders that you don't want to lose before we start.

And please let me know if the pc is used for business/work?

Thanks
User avatar
Airscape
Regular Member
 
Posts: 1858
Joined: November 1st, 2008, 11:06 pm

Re: Epoclick Virus

Unread postby nicoledee » December 12th, 2010, 9:09 pm

Hi thanks for your reply!
My computer is used for personal reasons- not business/work!
I will back all of my files up too.
nicoledee
Active Member
 
Posts: 11
Joined: December 7th, 2010, 8:09 am

Re: Epoclick Virus

Unread postby Airscape » December 13th, 2010, 5:01 pm

OK thanks for the update.

1 - Download/run Rkill
Please download Rkill and save it to the desktop.
http://download.bleepingcomputer.com/grinler/rkill.com
http://download.bleepingcomputer.com/grinler/rkill.exe
http://download.bleepingcomputer.com/gr ... NlOgOn.exe <--- renamed version

Right click on the Rkill desktop icon and select Run as Administrator
A command window will open then disappear upon completion, this is normal.
Please leave Rkill on the Desktop until otherwise advised.

Note: If your security software warns about Rkill, please ignore and allow it to continue.

------------------------------------------------------------

2 - Malwarebytes Anti-Malware
Go here:http://www.malwarebytes.org/mbam-download.php and save the file to your desktop.
  • Double-click mbam-setup.exe and follow the prompts to install the program.
    (if using Vista: right-click the file and select Run as Administrator)
  • At the end of installation make sure you leave a checkmark next to:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform Quick Scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. Save it somewhere you can find and post the results.
  • It may ask you to reboot the computer to finish cleaning. Please allow it.

--------------------------------------------

If you have problems with your internet connection after running the fix:

  • From Start > Network > Network and Sharing Center > Manage network connections
  • Then right click on your default connection, usually Local Area Connection or Dial-up Connection if you are using Dial-up, and left click on properties. (allow the prompts)
  • Under the Networking tab double-click on the Internet Protocol (TCP/IPv6) item and select the radio button that says Obtain DNS servers automatically.
  • Under the Networking tab double-click on the Internet Protocol (TCP/IPv4) item and select the radio button that says Obtain DNS servers automatically.
  • Click OK twice, and restart your computer.

Next
  • Click Start > All Programs > Accessories > Right-click on Command Prompt and select Run as Administrator
  • Type ipconfig /flushdns (note there's a space between ipconfig and / )
  • Hit enter.
  • You will receive a message "successfully flushed the dns resolver cache"
  • Type exit.
  • Hit enter.


===========================================

Remove P2P programs
IMPORTANT I notice there are signs of one or more P2P (Person to Person) File Sharing Programs on your computer.

FrostWire 4.21.1

Please read: Refusal to remove Peer-to-Peer (P2P) programmes
You can remove the above program/s via Control Panel > Programs and Features
Also take note that remnants of the above program/s and any other P2P program found will be removed when cleaning.

------------------------------------------

3- DDS (by sUBs)
Please download DDS ... by sUBs.
http://download.bleepingcomputer.com/sUBs/dds.com
Save it to your desktop. Alternate download link:here.
  1. Double click the tool to run it.
  2. A black Screen will open... read the contents but do nothing.
  3. When DDS finishes... Notepad will open with 2 reports... DDS.txt and Attach.txt
    Ignore the comments about zipping / attaching any of the report files. The 2 report files are not saved anywhere,
    if you close Notepad, before copying /pasting them... you will need to run DDS again.
  4. Copy/paste both DDS.txt and Attach.txt reports in your next reply.
  5. Once the reports have been posted, you can delete DDS from your desktop.

Please post the malwarebytes log and both dds logs
User avatar
Airscape
Regular Member
 
Posts: 1858
Joined: November 1st, 2008, 11:06 pm

Re: Epoclick Virus

Unread postby nicoledee » December 14th, 2010, 11:23 pm

Hi there thanks for that, have done as you said.

MBAM LOG:


Malwarebytes' Anti-Malware 1.50
www.malwarebytes.org

Database version: 5214

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18943

15/12/2010 1:10:28 PM
mbam-log-2010-12-15 (13-10-28).txt

Scan type: Quick scan
Objects scanned: 151943
Time elapsed: 34 minute(s), 16 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 5
Registry Values Infected: 0
Registry Data Items Infected: 5
Folders Infected: 3
Files Infected: 7

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\20W6RLKX65 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\3FWHZQA3LT (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\instkey (Trojan.Vundo) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\Internet Explorer\control panel\ConnectionsTab (Hijack.ConnectionControl) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Bad: (93.188.162.83,93.188.161.223) Good: () -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{23EB0F11-1A45-4036-B41F-DB625F69E17A}\NameServer (Trojan.DNSChanger) -> Bad: (93.188.162.83,93.188.161.223) Good: () -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{3A4A6474-0D79-437B-9C4C-5604288B9F24}\NameServer (Trojan.DNSChanger) -> Bad: (93.188.162.83,93.188.161.223) Good: () -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{FACD4DB2-EEE8-42C2-AE22-A502ED354279}\NameServer (Trojan.DNSChanger) -> Bad: (93.188.162.83,93.188.161.223) Good: () -> Quarantined and deleted successfully.

Folders Infected:
c:\Windows\System32\0F6226 (Worm.AutoRun) -> Quarantined and deleted successfully.
c:\Windows\System32\5A8DCC (Worm.AutoRun) -> Quarantined and deleted successfully.
c:\Windows\System32\76682F (Worm.AutoRun) -> Quarantined and deleted successfully.

Files Infected:
c:\Users\nicole.dee\AppData\Local\Temp\0.21061013888503366.exe (Rogue.Antivirus.Action) -> Quarantined and deleted successfully.
c:\Windows\Tasks\{22116563-108c-42c0-a7ce-60161b75e508}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\Windows\Tasks\{62c40aa6-4406-467a-a5a5-dfdf1b559b7a}.job (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\Windows\System32\5A8DCC\krnln.fnr (Worm.AutoRun) -> Quarantined and deleted successfully.
c:\Windows\System32\76682F\670df5.txt (Worm.AutoRun) -> Quarantined and deleted successfully.
c:\Windows\System32\76682F\6a0d8f.txt (Worm.AutoRun) -> Quarantined and deleted successfully.
c:\Users\nicole.dee\Desktop\WiNlOgOn.exe (Heuristics.Reserved.Word.Exploit) -> Quarantined and deleted successfully.

DDS.txt LOG:


DDS (Ver_10-12-12.02) - NTFSx86
Run by nicole.dee at 13:44:43.64 on Wed 15/12/2010
Internet Explorer: 8.0.6001.18943
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.61.1033.18.1978.821 [GMT 10.5:30]

AV: BP Security Anti-Virus *Enabled/Updated* {2AE60669-4A4D-9072-52C3-AE6DC7FBA827}
SP: BP Security Anti-Spyware *Enabled/Updated* {EB7B86C7-56E4-8851-2533-24C5CA20ABFA}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: BP Security Firewall *Enabled* {12DD874C-0022-912A-799C-07583928EF5C}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_a7e996cd\STacSV.exe
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\Hpservice.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\bigpond\security\App\Console.exe
C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_a7e996cd\aestsrv.exe
C:\Windows\system32\agrsmsvc.exe
C:\Windows\System32\svchost.exe -k Akamai
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\Program Files\Bigpond\ESP Elements\AuthElementsSvc.exe
c:\Program Files\bigpond\security\App\syssvcnt.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\iPod Access for Windows\iPAHelper.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Memeo\AutoBackup\MemeoBackgroundService.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe
C:\Windows\SMINST\BLService.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Windows\system32\svchost.exe -k imgsvc
c:\Program Files\Common Files\Authentium\AntiVirus5\vsedsps.exe
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
c:\Program Files\Common Files\Authentium\AntiVirus5\vseamps.exe
c:\Program Files\Common Files\Authentium\AntiVirus5\vseqrts.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\wbem\wmiprvse.exe
c:\Program Files\Common Files\Sunbelt\SBAMSvc.exe
C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
c:\Program Files\bigpond\security\App\WSCMgr.exe
c:\Program Files\Bigpond\ESP Elements\bigpond.exe
\\?\C:\Windows\system32\wbem\WMIADAP.EXE
c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Users\nicole.dee\Desktop\dds.com
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com.au/
uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE= ... on&pf=cnnb
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE= ... on&pf=cnnb
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE= ... on&pf=cnnb
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
mURLSearchHooks: H - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: E-Zsoft VideoDownloaderToolBar: {4322a444-92f8-4c3e-bd4c-013ba51e2871} - c:\program files\versalsoft\internetdownload\VDTB.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5612.1312\swg.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~2\office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB: E-Zsoft VideoDownloaderToolBar: {4322a444-92f8-4c3e-bd4c-013ba51e2871} - c:\program files\versalsoft\internetdownload\VDTB.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [hpWirelessAssistant] c:\program files\hewlett-packard\hp wireless assistant\HPWAMain.exe
mRun: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
mRun: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [ESP] "c:\program files\bigpond\security\app\start.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Download by VersalSoft Internet Download - c:\program files\versalsoft\internetdownload\adddownload.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office14\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: Se&nd to OneNote - c:\progra~1\micros~2\office14\ONBttnIE.dll/105
IE: Send image to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
LSP: c:\program files\common files\pc tools\lsp\PCTLsp.dll
Trusted Zone: microsoft.com\update
Trusted Zone: microsoft.com\windowsupdate
DPF: {1B4F9DD7-2D7C-44B5-9126-73206DA0AE75} - hxxp://audownload.authentium.net/bigpon ... wizard.exe
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/200 ... ader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Notify: igfxcui - igfxdev.dll
SEH: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - No File
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"
mASetup: {F8B9E5C0-4DCC-CFCF-ABA5-00401D608516} - c:\programdata\microsoft\windows\start menu\programs\administrative tools\recycle bin\kdja.exe

============= SERVICES / DRIVERS ===============

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2010-12-6 217032]
R1 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys [2009-8-5 93872]
R2 AMP;Active Malware Protection Minifilter Driver;c:\windows\system32\drivers\amp.sys [2010-8-2 132648]
R2 AMPSE;Active Malware Protection Support Driver;c:\windows\system32\drivers\ampse.sys [2010-10-19 1123880]
R2 sbapifs;sbapifs;c:\windows\system32\drivers\sbapifs.sys [2009-8-10 69936]
R3 authfwco;authfwco;c:\windows\system32\drivers\authfwco.sys [2010-10-19 22792]
R3 enecir;ENE CIR Receiver;c:\windows\system32\drivers\enecir.sys [2008-1-24 52736]
R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2008-5-8 113152]
R3 NETw5v32;Intel(R) Wireless WiFi Link Adapter Driver for Windows Vista 32 Bit ;c:\windows\system32\drivers\NETw5v32.sys [2008-7-11 3658752]
S3 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr.sys [2009-11-22 54632]
S3 iscFlash;iscFlash;c:\swsetup\sp43819\iscflash.sys [2009-2-3 11520]
S3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\drivers\netaapl.sys [2009-5-29 17408]

=============== Created Last 30 ================

2010-12-15 02:05:04 -------- d-----w- c:\users\nicole.dee\appdata\roaming\Malwarebytes
2010-12-15 01:42:33 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-15 01:42:30 -------- d-----w- c:\progra~2\Malwarebytes
2010-12-15 01:42:25 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-12-15 01:42:24 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-12-06 08:26:41 233136 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2010-12-06 08:26:41 100136 ----a-w- c:\windows\system32\drivers\pctwfpfilter.sys
2010-12-06 08:26:32 88040 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2010-12-06 08:26:32 217032 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2010-12-06 08:26:06 70408 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2010-12-06 08:25:26 -------- d-----w- c:\program files\common files\PC Tools
2010-12-06 08:25:25 -------- d-----w- c:\users\nicole.dee\appdata\roaming\PC Tools
2010-12-06 08:25:25 -------- d-----w- c:\program files\Spyware Doctor
2010-12-06 08:25:25 -------- d-----w- c:\progra~2\PC Tools
2010-11-29 07:08:30 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-11-29 07:08:30 69632 ----a-w- c:\windows\system32\QuickTime.qts
2010-11-17 10:55:56 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2010-11-17 10:55:56 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2010-11-17 10:52:06 -------- d-----w- c:\program files\iPod
2010-11-17 10:51:58 -------- d-----w- c:\program files\iTunes
2010-11-15 10:09:17 -------- d-----w- c:\users\nicole.dee\appdata\roaming\FrostWire

==================== Find3M ====================

2010-11-19 09:33:29 87608 ----a-w- c:\users\nicole.dee\appdata\roaming\inst.exe
2010-11-19 09:33:28 47360 ----a-w- c:\users\nicole.dee\appdata\roaming\pcouffin.sys
2010-09-28 05:14:52 4184352 ----a-w- c:\windows\system32\usbaaplrc.dll
2010-09-26 09:30:57 155648 --sha-r- c:\windows\system32\WGATrayj.dll

=================== ROOTKIT ====================

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 6.0.6002 Disk: WDC_WD32 rev.11.0 -> Harddisk0\DR0 -> \Device\Ide\iaStor0

device: opened successfully
user: MBR read successfully

Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys hpdskflt.sys hal.dll PCTCore.sys >>UNKNOWN [0x870A5EC5]<<
c:\windows\system32\drivers\hpdskflt.sys Hewlett-Packard Corporation Hewlett-Packard Corporation Mobile Data Protection System
c:\windows\system32\drivers\PCTCore.sys PC Tools Kernel Driver Suite
_asm { PUSH EBP; MOV EBP, ESP; SUB ESP, 0x1c; PUSH EBX; PUSH ESI; MOV DWORD [EBP-0x4], 0x86d2b872; SUB DWORD [EBP-0x4], 0x86d2b12e; PUSH EDI; CALL 0xffffffffffffdf33; }
1 ntkrnlpa!IofCallDriver[0x82295962] -> \Device\Harddisk0\DR0[0x86A21A20]
3 CLASSPNP[0x885528B3] -> ntkrnlpa!IofCallDriver[0x82295962] -> [0x863F3280]
5 hpdskflt[0x893A806E] -> ntkrnlpa!IofCallDriver[0x82295962] -> [0x863F39C0]
7 PCTCore[0x88B77AC6] -> ntkrnlpa!IofCallDriver[0x82295962] -> [0x858D7028]
[0x8589EC60] -> IRP_MJ_CREATE -> 0x870A5EC5
kernel: MBR read successfully
_asm { XOR DI, DI; MOV SI, 0x200; MOV SS, DI; MOV SP, 0x7a00; MOV BX, 0x7a0; MOV CX, SI; MOV DS, BX; MOV ES, BX; REP MOVSB ; JMP FAR 0x7a0:0x72; }
detected disk devices:
\Device\Ide\IAAStorageDevice-1 -> \??\IDE#DiskWDC_WD3200BEVT-60ZCT0___________________11.01A11#4&126f26d8&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found
detected hooks:
\Driver\atapi -> 0x857b31f8
\Driver\iaStor DriverStartIo -> 0x870A5AEA
user & kernel MBR OK
sectors 625142446 (+255): user != kernel
Warning: possible TDL3 rootkit infection !

============= FINISH: 13:50:19.97 ===============



ATTACH.txt LOG:


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-12-12.02)

Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 11/07/2008 7:57:29 AM
System Uptime: 15/12/2010 1:37:34 PM (0 hours ago)

Motherboard: Quanta | | 3602
Processor: Intel(R) Core(TM)2 Duo CPU P7350 @ 2.00GHz | CPU | 800/1066mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 289 GiB total, 128.42 GiB free.
D: is FIXED (NTFS) - 10 GiB total, 1.708 GiB free.
E: is CDROM ()
F: is CDROM ()

==== Disabled Device Manager Items =============

Class GUID:
Description: Bluetooth Peripheral Device
Device ID: BTHENUM\{00000000-DECA-FADE-DECA-DEAFDECACAFE}_VID&000205AC_PID&7777\7&2E015ABA&0&0026B082A44E_C00000000
Manufacturer:
Name: Bluetooth Peripheral Device
PNP Device ID: BTHENUM\{00000000-DECA-FADE-DECA-DEAFDECACAFE}_VID&000205AC_PID&7777\7&2E015ABA&0&0026B082A44E_C00000000
Service:

Class GUID:
Description: Bluetooth Peripheral Device
Device ID: BTHENUM\{00005005-0000-1000-8000-0002EE000001}_LOCALMFG&000F\7&2E015ABA&0&001BAF21223E_C00000000
Manufacturer:
Name: Bluetooth Peripheral Device
PNP Device ID: BTHENUM\{00005005-0000-1000-8000-0002EE000001}_LOCALMFG&000F\7&2E015ABA&0&001BAF21223E_C00000000
Service:

Class GUID:
Description: Bluetooth Peripheral Device
Device ID: BTHENUM\{00005601-0000-1000-8000-0002EE000001}_LOCALMFG&000F\7&2E015ABA&0&001BAF21223E_C00000000
Manufacturer:
Name: Bluetooth Peripheral Device
PNP Device ID: BTHENUM\{00005601-0000-1000-8000-0002EE000001}_LOCALMFG&000F\7&2E015ABA&0&001BAF21223E_C00000000
Service:

==== System Restore Points ===================


==== Installed Programs ======================

Acrobat.com
ActiveCheck component for HP Active Support Library
Adobe AIR
Adobe Community Help
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Media Player
Adobe Reader 9.4.1
Adobe Shockwave Player
Agere Systems HDA Modem
Akamai NetSession Interface
Anti-Spyware (Sunbelt3)
Anti-Virus (Command Software 5)
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Authentium Web Install Helper
AVSDK5
BigPond (BIUS)
Bigpond Desktop
BigPond Security
BlService Web Update
Bonjour
CalorieKing Nutrition and Exercise Manager - Australian Edition (remove only)
Camera RAW Plug-In for EPSON Creativity Suite
Cards_Calendar_OrderGift_DoMorePlugout
CleanCenter v2.8.1.1 Trial Version
CyberLink DVD Suite
CyberLink YouCam
Data Lifeguard Diagnostic for Windows
Definition update for Microsoft Office 2010 (KB982726)
DivX Codec
DivX Converter
DivX Player
DivX Plus DirectShow Filters
DivX Web Player
e-tax 2010
EPSON Attach To Email
EPSON Copy Utility 3
EPSON Easy Photo Print
EPSON File Manager
EPSON Printer Software
EPSON Scan
EPSON Scan Assistant
EPSON Stylus CX9300F_DX9400F Manual
ESP
Facebook Plug-In
Firewall (Core 2)
Firewall (User)
FLV Player 2.0 (build 25)
Google Chrome
Google Earth
Google Toolbar for Internet Explorer
Google Update Helper
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Active Support Library
HP Customer Experience Enhancements
HP Doc Viewer
HP Easy Setup - Frontend
HP Games
HP Help and Support
HP Integrated Module with Bluetooth wireless technology 6.0.1.6200
HP MULTIPLE MODEM INSTALLER for VISTA
HP Photosmart Essential 2.5
HP QuickPlay 3.7
HP Total Care Advisor
HP Update
HP User Guides 0102
HP Wireless Assistant
HPAsset component for HP Active Support Library
HPNetworkAssistant
HPPhotoSmartDiscLabel_PaperLabel
HPPhotoSmartDiscLabel_PrintOnDisc
HPPhotoSmartDiscLabel_Tattoo
HPPhotoSmartDiscLabelContent1
hpphotosmartdisclabelplugin
HPPhotoSmartPhotobookHolidayPack1
HPPhotoSmartPhotobookModernPack1
HPPhotoSmartPhotobookPlayfulPack1
HPPhotoSmartPhotobookScrapbookPack1
HPPhotoSmartPhotobookWebPack1
IDT Audio
ImagXpress
Intel(R) Graphics Media Accelerator Driver
Intel® Matrix Storage Manager
iPhone Configuration Utility
iPod Access for Windows v4.2.5
iTunes
Java Auto Updater
Java(TM) 6 Update 22
Java(TM) 6 Update 5
Junk Mail filter update
LabelPrint
LightScribe System Software 1.14.17.1
Malwarebytes' Anti-Malware
McAfee Security Scan Plus
Memeo AutoBackup
Memeo AutoSync
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Home and Student 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Single Image 2010
Microsoft Office Word MUI (English) 2010
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft SQL Server Native Client
Microsoft SQL Server Setup Support Files (English)
Microsoft SQL Server VSS Writer
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Works 2000
Microsoft Works 2000 Setup Launcher
Microsoft WSE 3.0 Runtime
Microsoft_VC80_ATL_x86
Microsoft_VC80_CRT_x86
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFCLOC_x86
Microsoft_VC90_ATL_x86
Microsoft_VC90_CRT_x86
Microsoft_VC90_MFC_x86
MobileMe Control Panel
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
muvee autoProducer 6.1
neroxml
OGA Notifier 1.7.0105.35.0
Power2Go
PowerDirector
ProtectSmart Hard Drive Protection
PSSWCORE
QuickPlay SlingPlayer 0.4.6
QuickTime
Realtek 8169 8168 8101E 8102E Ethernet Driver
Realtek USB 2.0 Card Reader
Riva FLV Encoder 2.0
Safari
Spyware Doctor 7.0
Synaptics Pointing Device Driver
Third Party Prerequisites
Tracks Eraser Pro v7.0
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2010 (KB2202188)
Update for Microsoft OneNote 2010 (KB2288640)
Update for Microsoft Outlook Social Connector (KB2289116)
VC80CRTRedist - 8.0.50727.4053
VideoToolkit01
Web Filtering (Base 2)
Web Filtering (Base)
Web Filtering (Kids Page)
Web Filtering (RuleSpace CFI Anti-Phishing)
Web Filtering (Rulespace CFI)
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live Mail
Windows Live Messenger
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Toolbar
Windows Live Upload Tool
Windows Live Writer
Windows Media Player Firefox Plugin
WinRAR archiver
Word in Works Suite add-in
Xvid 1.2.2 final uninstall

==== End Of File ===========================

Thanks.
nicoledee
Active Member
 
Posts: 11
Joined: December 7th, 2010, 8:09 am

Re: Epoclick Virus

Unread postby nicoledee » December 14th, 2010, 11:58 pm

Oh- an update, I just scanned with Windows Update (it previously wouldn't work!) and now it has, I'm currently installing 36 important updates & 8 optional. Thanks, look forward to your reply!

EDIT: I tried to delete dds twice now, and I get a blue error screen and my computer restarts each time? Not sure why, have left it for now.
nicoledee
Active Member
 
Posts: 11
Joined: December 7th, 2010, 8:09 am

Re: Epoclick Virus

Unread postby Airscape » December 16th, 2010, 12:48 pm

Hello,

I see you don't have any System Restore Points created!
Click the Start button, type sysdm.cpl into the search box, then press Enter (allow the prompts)
On the System Protection tab if there is no tick beside Local Disk (C:) please tick it and click on Apply then create
Name it something you will remember then click Create again on the new box that opens.
Wait for it to finish then click OK twice.
Important- do not proceed until you create a system restore point.

------------------------------------------------------------

You will need to print off this post or copy the instructions to notepad as you won't have internet access during the fix.


Download and Run Combofix
Download ComboFix from one of the links below (Delete any previous versions, this is a new one I need you to download)

http://download.bleepingcomputer.com/sUBs/ComboFix.exe
http://www.infospyware.net/antimalware/combofix/

IMPORTANT !!! Save ComboFix.exe to your Desktop
  • Disable your AntiVirus and AntiSpyware applications, so they do not interfere with Combofix.
    Disable Windows Defender
    • Go to Start > All Programs > Windows Defender.
    • Click on Tools at the top.
    • Under Settings, click on Options.
    • Under Automatic scanning, uncheck (untick) Automatically scan my computer (recommended) box.
    • Under Real-time protection options, uncheck (untick) Use real-time protection (recommended) box.
    • Click on the Save button at the bottom right hand corner.
    • Note: Please do not Re-enable this until i tell you to do so.

    Disable BigPond security
    Method 1: Shutdown the BigPond Security Suite
    Use this method to close the BigPond Security bundle and shutdown all its components.
    1. Double click the BigPond Security icon in the system tray (a blue padlock)
    2. Click on the 'X' in the top right hand corner
    3. Select Shutdown BigPond Security To enable the BigPond Security suite:
    Double click the BigPond Security icon on the desktop, or Click Start -> Programs -> BigPond -> BigPond Security

    Method 2: Disable a component within the BigPond Security suite
    Use this method to disable a specific component within the BigPond Security e.g. switch off the Firewall or Anti-virus. Any components which have been disabled appear greyed out in the main console.
    1. Double click the BigPond Security icon in the system tray, a blue padlock
    2. Click the 'X' on the top right hand corner
    3. Select BP Security Setup
    4. Select Features in the left hand menu under Setup
    5. Untick Firewall and/or Anti-virus
    6. Click Apply
    7. Click OK
  • Double click on ComboFix.exe & follow the prompts. (you may be required to reboot the computer)
  • When finished, it shall produce a log for you. Please include the contents of C:\ComboFix.txt in your next reply.
  • If CF does not restore your internet connection, reboot (restart) the computer and try to re-connect.
Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall
A word of warning: Neither I nor sUBs are responsible for any damage you may cause to your machine by running ComboFix on your own. This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper


If you need help, see this link:
http://www.bleepingcomputer.com/combofi ... e-combofix

-----------------------------------------------

Please post the combofix log, a new dds log, and an update on how the pc is running?
User avatar
Airscape
Regular Member
 
Posts: 1858
Joined: November 1st, 2008, 11:06 pm

Re: Epoclick Virus

Unread postby nicoledee » December 17th, 2010, 7:05 am

Hi there!

COMBOFIX LOG:


ComboFix 10-12-16.02 - nicole.dee 17/12/2010 20:20:40.2.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.61.1033.18.1978.1037 [GMT 10.5:30]
Running from: c:\users\nicole.dee\Desktop\Hello.exe
AV: BP Security Anti-Virus *Enabled/Updated* {2AE60669-4A4D-9072-52C3-AE6DC7FBA827}
FW: BP Security Firewall *Enabled* {12DD874C-0022-912A-799C-07583928EF5C}
SP: BP Security Anti-Spyware *Enabled/Updated* {EB7B86C7-56E4-8851-2533-24C5CA20ABFA}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\users\nicole.dee\AppData\Roaming\inst.exe

.
((((((((((((((((((((((((( Files Created from 2010-11-17 to 2010-12-17 )))))))))))))))))))))))))))))))
.

2010-12-17 10:17 . 2010-12-17 10:23 -------- d-----w- c:\users\nicole.dee\AppData\Local\temp
2010-12-17 10:17 . 2010-12-17 10:17 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-12-15 04:41 . 2010-12-15 04:41 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin7.dll
2010-12-15 04:41 . 2010-12-15 04:41 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin6.dll
2010-12-15 04:41 . 2010-12-15 04:41 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin5.dll
2010-12-15 04:41 . 2010-12-15 04:41 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin4.dll
2010-12-15 04:41 . 2010-12-15 04:41 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin3.dll
2010-12-15 04:41 . 2010-12-15 04:41 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin2.dll
2010-12-15 04:41 . 2010-12-15 04:40 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin.dll
2010-12-15 02:40 . 2010-12-15 04:39 -------- d-----w- c:\program files\QuickTime
2010-12-15 02:05 . 2010-12-15 02:05 -------- d-----w- c:\users\nicole.dee\AppData\Roaming\Malwarebytes
2010-12-15 01:42 . 2010-11-29 07:12 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-15 01:42 . 2010-12-15 01:42 -------- d-----w- c:\programdata\Malwarebytes
2010-12-15 01:42 . 2010-11-29 07:12 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-12-15 01:42 . 2010-12-15 04:50 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-12-06 08:26 . 2010-02-04 22:48 100136 ----a-w- c:\windows\system32\drivers\pctwfpfilter.sys
2010-12-06 08:26 . 2010-02-04 22:47 233136 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2010-12-06 08:26 . 2010-03-10 01:06 217032 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2010-12-06 08:26 . 2009-11-23 03:24 88040 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2010-12-06 08:26 . 2010-02-04 22:55 70408 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2010-12-06 08:25 . 2010-12-06 08:28 -------- d-----w- c:\program files\Common Files\PC Tools
2010-12-06 08:25 . 2010-12-07 11:46 -------- d-----w- c:\program files\Spyware Doctor
2010-12-06 08:25 . 2010-12-06 08:25 -------- d-----w- c:\users\nicole.dee\AppData\Roaming\PC Tools
2010-12-06 08:25 . 2010-12-06 08:25 -------- d-----w- c:\programdata\PC Tools
2010-11-17 10:55 . 2009-05-18 02:47 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2010-11-17 10:55 . 2008-04-17 01:42 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2010-11-17 10:52 . 2010-11-17 10:52 -------- d-----w- c:\program files\iPod
2010-11-17 10:51 . 2010-11-17 10:55 -------- d-----w- c:\program files\iTunes

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-11-19 09:33 . 2009-03-17 06:26 47360 ----a-w- c:\users\nicole.dee\AppData\Roaming\pcouffin.sys
2010-09-28 05:14 . 2010-09-28 05:14 41984 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2010-09-28 05:14 . 2010-09-28 05:14 4184352 ----a-w- c:\windows\system32\usbaaplrc.dll
2010-09-26 09:30 . 2010-09-26 09:30 155648 --sha-r- c:\windows\system32\WGATrayj.dll
2009-09-25 16:41 . 2009-09-25 16:41 1044480 ----a-w- c:\program files\opera\program\plugins\libdivx.dll
2009-09-25 16:41 . 2009-09-25 16:41 200704 ----a-w- c:\program files\opera\program\plugins\ssldivx.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-08-21 39408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-04-16 178712]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-11-20 488752]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-22 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]
"ESP"="c:\program files\bigpond\security\app\start.exe" [2010-08-26 62952]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-05 500208]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-11-10 421160]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-10-08 47904]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-06-04 150040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-10-28 178712]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-10-28 154136]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-09-08 421888]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-1-17 727592]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sr.sys]
@="FSFilter System Recovery"

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
backup=c:\windows\pss\McAfee Security Scan Plus.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Microsoft Works Calendar Reminders.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Works Calendar Reminders.lnk
backup=c:\windows\pss\Microsoft Works Calendar Reminders.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^Users^nicole.dee^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2010 Screen Clipper and Launcher.lnk]
path=c:\users\nicole.dee\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
backup=c:\windows\pss\OneNote 2010 Screen Clipper and Launcher.lnk.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe]
2008-01-21 02:25 125952 ----a-w- c:\windows\ehome\ehtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus CX9300F Series]
2007-03-23 06:00 182272 ----a-w- c:\windows\System32\spool\drivers\w32x86\3\E_FATICFP.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpqSRMon]
2007-08-22 23:31 80896 ----a-w- c:\program files\HP\Digital Imaging\bin\HpqSRmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InternetDownload_upgrade]
2009-09-08 11:30 364544 ----a-w- c:\program files\VersalSoft\InternetDownload\InternetDownload.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-11-10 14:10 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]
2008-06-09 00:46 2363392 ----a-w- c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Memeo AutoBackup]
2008-11-07 19:38 144608 ----a-w- c:\program files\Memeo\AutoBackup\MemeoLauncher2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Memeo AutoSync]
2008-11-06 18:20 144608 ----a-w- c:\program files\Memeo\AutoSync\MemeoLauncher2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QPService]
2008-04-24 06:51 468264 ----a-w- c:\program files\HP\QuickPlay\QPService.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-09-08 01:47 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2009-08-21 10:55 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UCam_Menu]
2007-12-24 22:55 222504 ------w- c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
2008-01-21 02:25 202240 ----a-w- c:\program files\Windows Media Player\wmpnscfg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe"
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"HP Health Check Scheduler"=c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-2134303352-1733512035-1346837893-1003]
"EnableNotificationsRef"=dword:00000002

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-02-01 135664]
R3 iscFlash;iscFlash;c:\swsetup\sp43819\iscflash.sys [2009-02-02 11520]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl.sys [2009-05-29 17408]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000]
R3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [2010-03-11 366840]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2010-03-10 217032]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2009-01-07 717296]
S1 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys [2009-08-05 93872]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_a7e996cd\aestsrv.exe [2008-06-27 77824]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2008-01-21 21504]
S2 AMP;Active Malware Protection Minifilter Driver;c:\windows\system32\Drivers\amp.sys [2010-08-02 132648]
S2 AMPSE;Active Malware Protection Support Driver;c:\windows\system32\Drivers\ampse.sys [2010-08-02 1123880]
S2 AuthElementsSvc;AuthElementsSvc;c:\program files\Bigpond\ESP Elements\AuthElementsSvc.exe [2010-08-13 242952]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2008-08-07 24880]
S2 MemeoBackgroundService;MemeoBackgroundService;c:\program files\Memeo\AutoBackup\MemeoBackgroundService.exe [2008-11-07 25824]
S2 Recovery Service for Windows;Recovery Service for Windows;c:\windows\SMINST\BLService.exe [2008-08-22 361808]
S2 SBAMSvc;Anti-Spyware;c:\program files\Common Files\Sunbelt\SBAMSvc.exe [2009-09-08 1012040]
S2 sbapifs;sbapifs;c:\windows\system32\DRIVERS\sbapifs.sys [2009-08-10 69936]
S2 vseamps;vseamps;c:\program files\Common Files\Authentium\AntiVirus5\vseamps.exe [2010-08-02 96808]
S2 vsedsps;vsedsps;c:\program files\Common Files\Authentium\AntiVirus5\vsedsps.exe [2010-08-02 96808]
S2 vseqrts;vseqrts;c:\program files\Common Files\Authentium\AntiVirus5\vseqrts.exe [2010-08-02 137768]
S3 authfwco;authfwco;c:\windows\system32\DRIVERS\authfwco.sys [2010-08-26 22792]
S3 enecir;ENE CIR Receiver;c:\windows\system32\DRIVERS\enecir.sys [2008-01-24 52736]
S3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2008-05-07 113152]
S3 NETw5v32;Intel(R) Wireless WiFi Link Adapter Driver for Windows Vista 32 Bit ;c:\windows\system32\DRIVERS\NETw5v32.sys [2008-04-28 3658752]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
Akamai REG_MULTI_SZ Akamai

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-06-09 00:44 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder

2010-12-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-01 07:43]

2010-12-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-01 07:43]

2010-12-17 c:\windows\Tasks\lqzvhck.job
- c:\windows\system32\WGATrayj.dll [2010-09-26 09:30]

2010-12-17 c:\windows\Tasks\User_Feed_Synchronization-{F6202F01-1407-4389-8A19-DCE5AEDB6A15}.job
- c:\windows\system32\msfeedssync.exe [2010-08-20 04:24]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com.au/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE= ... on&pf=cnnb
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: Download by VersalSoft Internet Download - c:\program files\VersalSoft\InternetDownload\adddownload.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
LSP: c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll
Trusted Zone: microsoft.com\update
Trusted Zone: microsoft.com\windowsupdate
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
DPF: {1B4F9DD7-2D7C-44B5-9126-73206DA0AE75} - hxxp://audownload.authentium.net/bigpon ... wizard.exe
.
- - - - ORPHANS REMOVED - - - -

Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKLM-Run-SynTPEnh - %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
HKLM-Run-SysTrayApp - %ProgramFiles%\IDT\WDM\sttray.exe
SafeBoot-dmboot.sys
SafeBoot-dmio.sys
SafeBoot-dmload.sys
SafeBoot-dmadmin
SafeBoot-dmserver
SafeBoot-SRService
MSConfigStartUp-3FWHZQA3LT - c:\users\nicole.dee\AppData\Local\Temp\Fhw.exe
MSConfigStartUp-Google Desktop Search - c:\program files\Google\Google Desktop Search\GoogleDesktop.exe
MSConfigStartUp-gtvbpvfp - c:\users\nicole.dee\AppData\Local\Temp\ctelvhact\jksfubryhsn.exe
MSConfigStartUp-OODefragTray - c:\windows\system32\oodtray.exe
MSConfigStartUp-Symantec PIF AlertEng - c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
MSConfigStartUp-{0228e555-4f9c-4e35-a3ec-b109a192b4c2} - c:\program files\Google\Gmail Notifier\gnotify.exe
ActiveSetup-{F8B9E5C0-4DCC-CFCF-ABA5-00401D608516} - c:\programdata\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Recycle Bin\kdja.exe
AddRemove-EPSON Scanner - c:\program files\epson\escndv\setup\setup.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-12-17 20:53
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 6.0.6002 Disk: WDC_WD32 rev.11.0 -> Harddisk0\DR0 -> \Device\Ide\iaStor0

device: opened successfully
user: MBR read successfully

Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys hpdskflt.sys hal.dll PCTCore.sys >>UNKNOWN [0x8745EEC5]<<
c:\windows\system32\DRIVERS\hpdskflt.sys Hewlett-Packard Corporation Hewlett-Packard Corporation Mobile Data Protection System
c:\windows\system32\drivers\PCTCore.sys PC Tools Kernel Driver Suite
_asm { PUSH EBP; MOV EBP, ESP; SUB ESP, 0x1c; PUSH EBX; PUSH ESI; MOV DWORD [EBP-0x4], 0x86d2b872; SUB DWORD [EBP-0x4], 0x86d2b12e; PUSH EDI; CALL 0xffffffffffffdf33; }
1 ntkrnlpa!IofCallDriver[0x82495962] -> \Device\Harddisk0\DR0[0x86DDAAC8]
3 CLASSPNP[0x82B478B3] -> ntkrnlpa!IofCallDriver[0x82495962] -> [0x867ED7F8]
5 hpdskflt[0x895AD06E] -> ntkrnlpa!IofCallDriver[0x82495962] -> [0x867CE110]
7 PCTCore[0x88D7CAC6] -> ntkrnlpa!IofCallDriver[0x82495962] -> [0x86227028]
[0x866F7418] -> IRP_MJ_CREATE -> 0x8745EEC5
kernel: MBR read successfully
_asm { XOR DI, DI; MOV SI, 0x200; MOV SS, DI; MOV SP, 0x7a00; MOV BX, 0x7a0; MOV CX, SI; MOV DS, BX; MOV ES, BX; REP MOVSB ; JMP FAR 0x7a0:0x72; }
detected disk devices:
\Device\Ide\IAAStorageDevice-1 -> \??\IDE#DiskWDC_WD3200BEVT-60ZCT0___________________11.01A11#4&126f26d8&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found
detected hooks:
\Driver\atapi -> 0x85bb31f8
\Driver\iaStor DriverStartIo -> 0x8745EAEA
user & kernel MBR OK
sectors 625142446 (+255): user != kernel
Warning: possible TDL3 rootkit infection !

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,18,0d,bb,64,24,a1,37,44,9b,ac,d2,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,18,0d,bb,64,24,a1,37,44,9b,ac,d2,\

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG11.00.00.01WORKSTATION"="E6A998F69BDE7861944D1E9D4981D0D9827A3F2CB0792EF9DFF9965516D9BC133FF7ECDA68C2D37E6C8A9FD35E8E68D34C8B90CE20D4876A4EBAB43B80B8E830F440A5A5C98E0B4B606D49C495C4E214F5580BD7B82A16D392451B503E7DD0D9C8DC4ED0714BA0E5BA34FCF5F822615575A87DF8FC0F3CAB66062A956BF0B8E4E07EF7CAB519D99DA9F419E436B94B0420143BDC16A9A19CEC394681476F27D7C5A737F60FFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933A6171C11EC38DE3DA6171C11EC38DE3DA2D97226D213B55501CD3B496A820523846DF67F6A8240FE884B8A83D4DB7754A3653285DDA0F7D21A864B2AEF83A919681BE4476CB79444298B2A3E2A4FA7063F2D0CD754385755DE3E54B9903F0920D675EC687525CF9BB2228C595AC97A20ACD92996665FEC0FEFB3B97180B050CF241CCDC182780CD85030723DC5C917CE0D2BE255F8040C25026A12ADCB57A066BAF27B9B61E258F1C099C8B9A0D1185E12A9470C4698FD5F5DA828AE51B70F4497229D9D3817B5005508B501F4E40E43031E9594DB137DA85EFA7A99C2D9A46ECB978F55FCCF1B4175E812A89E8F7A943B16452F9AEF3A12F3AFBAF429485D8EFB0060B37BC871171A6EE8AACE5E540D2B650180392DD84E23D9D02E5C13ABEFE353D40FD4C11708D20CFB670AE2080C54A1230DC24CF13605D0D5178DCDF404CD47E1217C01DDBD417B3FA02932F3134FA4BF4391D59046C5311A613E9010E09C583786B84F0D079B3ADB7CD8E56A4B478C1C705A52351C25D69D28C4F6CB3DC54730C1A677DCD3AB89AC841A1EB3FC7B3BAF49A252547D76E719664E206978D018E2B536CB7D3BD16E4428C1F90A193ED72A6442E7D552234AF57BD6301C92DD92952E2B9F0EF77D31E639F81F1CB1F84B6CBCE82995A52829D3ADB2CD8EAE9BC344579BCC27E5375F8CED3CB88E7DA4C48C3397B0622894F3042588265D18D07A9FC3F5AE5289184B61625B7276D651B6538AA49E81AC8D5E8D6DD26799BA56CB0967F7A78C86CD09C513FB01DF3EA2D5BDE938132B2CC95E2A77DFC64828990F199D369A48271DF1CFE31796C8564F9DFEDCD2388BC2982F4A9754F9E1149AE11C219872EB5AD923461979EE26E4A3CA7A524434C1AED6D08E06A4BE53D771A21016D91952B1EEFEA65F42C75D557D614B9E323A62557A864FDE9CD37FF0C4F729008B01C7625B28A0C46962CAB751A5BF79187A75BE0C5616A4DB7C397FD2C6CF48109E0FC630091A3AB404BC3D2623577C422BF616A60CA038D2014B4AEBBD9E3E9F6B5DDC954FAB964275753D1727C8A7D109562B7CB7E1644B2CF037774C649146E0DEC6C36C9F950386AC32D2447C603E50F772CF2A81D5DD4F5DD4ECA5A5"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'Explorer.exe'(5476)
c:\windows\system32\btmmhook.dll
c:\windows\system32\btncopy.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\DriverStore\FileRepository\stwrt.inf_a7e996cd\STacSV.exe
c:\windows\system32\AUDIODG.EXE
c:\windows\system32\rundll32.exe
c:\windows\system32\agrsmsvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\bigpond\security\App\syssvcnt.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\program files\iPod Access for Windows\iPAHelper.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
c:\program files\HP\QuickPlay\Kernel\TV\QPSched.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Synaptics\SynTP\SynTPEnh.exe
c:\program files\IDT\WDM\sttray.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\bigpond\security\App\Console.exe
c:\program files\WIDCOMM\Bluetooth Software\BtStackServer.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Hewlett-Packard\Shared\HpqToaster.exe
c:\program files\Hewlett-Packard\HP Health Check\hphc_service.exe
.
**************************************************************************
.
Completion time: 2010-12-17 21:10:46 - machine was rebooted
ComboFix-quarantined-files.txt 2010-12-17 10:40

Pre-Run: 149,453,844,480 bytes free
Post-Run: 149,622,521,856 bytes free

Current=1 Default=1 Failed=0 LastKnownGood=4 Sets=1,2,3,4
- - End Of File - - 5195846F4EBBB74EC7B84B2B6DC1E81E



DDS.txt LOG:



DDS (Ver_10-12-12.02) - NTFSx86
Run by nicole.dee at 21:12:06.69 on Fri 17/12/2010
Internet Explorer: 8.0.6001.18943
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.61.1033.18.1978.936 [GMT 10.5:30]

AV: BP Security Anti-Virus *Enabled/Updated* {2AE60669-4A4D-9072-52C3-AE6DC7FBA827}
SP: BP Security Anti-Spyware *Enabled/Updated* {EB7B86C7-56E4-8851-2533-24C5CA20ABFA}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: BP Security Firewall *Enabled* {12DD874C-0022-912A-799C-07583928EF5C}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_a7e996cd\STacSV.exe
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\Hpservice.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\taskeng.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\rundll32.exe
C:\Windows\system32\taskeng.exe
C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_a7e996cd\aestsrv.exe
C:\Windows\system32\agrsmsvc.exe
C:\Windows\System32\svchost.exe -k Akamai
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\Program Files\Bigpond\ESP Elements\AuthElementsSvc.exe
c:\Program Files\bigpond\security\App\syssvcnt.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\iPod Access for Windows\iPAHelper.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Memeo\AutoBackup\MemeoBackgroundService.exe
C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe
C:\Windows\SMINST\BLService.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Windows\system32\svchost.exe -k imgsvc
c:\Program Files\Common Files\Authentium\AntiVirus5\vsedsps.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
c:\Program Files\Common Files\Authentium\AntiVirus5\vseamps.exe
c:\Program Files\Common Files\Authentium\AntiVirus5\vseqrts.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\bigpond\security\App\Console.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
c:\Program Files\Common Files\Sunbelt\SBAMSvc.exe
C:\Windows\Explorer.exe
C:\Windows\system32\notepad.exe
C:\Users\nicole.dee\Desktop\Virus fix stuff\dds.com
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com.au/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE= ... on&pf=cnnb
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
mURLSearchHooks: H - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: E-Zsoft VideoDownloaderToolBar: {4322a444-92f8-4c3e-bd4c-013ba51e2871} - c:\program files\versalsoft\internetdownload\VDTB.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5612.1312\swg.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~2\office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: E-Zsoft VideoDownloaderToolBar: {4322a444-92f8-4c3e-bd4c-013ba51e2871} - c:\program files\versalsoft\internetdownload\VDTB.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [hpWirelessAssistant] c:\program files\hewlett-packard\hp wireless assistant\HPWAMain.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [ESP] "c:\program files\bigpond\security\app\start.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Download by VersalSoft Internet Download - c:\program files\versalsoft\internetdownload\adddownload.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office14\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: Se&nd to OneNote - c:\progra~1\micros~2\office14\ONBttnIE.dll/105
IE: Send image to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
LSP: c:\program files\common files\pc tools\lsp\PCTLsp.dll
Trusted Zone: microsoft.com\update
Trusted Zone: microsoft.com\windowsupdate
DPF: {1B4F9DD7-2D7C-44B5-9126-73206DA0AE75} - hxxp://audownload.authentium.net/bigpon ... wizard.exe
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/200 ... ader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Notify: igfxcui - igfxdev.dll
SEH: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - No File
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"

============= SERVICES / DRIVERS ===============

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2010-12-6 217032]
R1 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys [2009-8-5 93872]
R2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\driverstore\filerepository\stwrt.inf_a7e996cd\AEstSrv.exe [2008-6-27 77824]
R2 Akamai;Akamai NetSession Interface;c:\windows\system32\svchost.exe -k Akamai [2008-1-21 21504]
R2 AMP;Active Malware Protection Minifilter Driver;c:\windows\system32\drivers\amp.sys [2010-8-2 132648]
R2 AMPSE;Active Malware Protection Support Driver;c:\windows\system32\drivers\ampse.sys [2010-10-19 1123880]
R2 AuthElementsSvc;AuthElementsSvc;c:\program files\bigpond\esp elements\AuthElementsSvc.exe [2010-8-13 242952]
R2 hpsrv;HP Service;c:\windows\system32\hpservice.exe [2008-3-19 24880]
R2 MemeoBackgroundService;MemeoBackgroundService;c:\program files\memeo\autobackup\MemeoBackgroundService.exe [2008-11-8 25824]
R2 Recovery Service for Windows;Recovery Service for Windows;c:\windows\sminst\BLService.exe [2008-8-22 361808]
R2 SBAMSvc;Anti-Spyware;c:\program files\common files\sunbelt\SBAMSvc.exe [2009-9-8 1012040]
R2 sbapifs;sbapifs;c:\windows\system32\drivers\sbapifs.sys [2009-8-10 69936]
R2 vseamps;vseamps;c:\program files\common files\authentium\antivirus5\vseamps.exe [2010-8-2 96808]
R2 vsedsps;vsedsps;c:\program files\common files\authentium\antivirus5\vsedsps.exe [2010-8-2 96808]
R2 vseqrts;vseqrts;c:\program files\common files\authentium\antivirus5\vseqrts.exe [2010-8-2 137768]
R3 authfwco;authfwco;c:\windows\system32\drivers\authfwco.sys [2010-10-19 22792]
R3 enecir;ENE CIR Receiver;c:\windows\system32\drivers\enecir.sys [2008-1-24 52736]
R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2008-5-8 113152]
R3 NETw5v32;Intel(R) Wireless WiFi Link Adapter Driver for Windows Vista 32 Bit ;c:\windows\system32\drivers\NETw5v32.sys [2008-7-11 3658752]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-2-1 135664]
S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-21 21504]
S3 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr.sys [2009-11-22 54632]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2009-8-5 704864]
S3 iscFlash;iscFlash;c:\swsetup\sp43819\iscflash.sys [2009-2-3 11520]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
S3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\drivers\netaapl.sys [2009-5-29 17408]
S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\spyware doctor\pctsAuxs.exe [2010-12-6 366840]
S3 sdCoreService;PC Tools Security Service;c:\program files\spyware doctor\pctsSvc.exe [2010-12-6 1142224]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

=============== Created Last 30 ================

2010-12-17 10:36:23 -------- d-sh--w- C:\$RECYCLE.BIN
2010-12-17 10:17:58 -------- d-----w- c:\users\nicole.dee\appdata\local\temp
2010-12-17 08:47:23 98816 ----a-w- c:\windows\sed.exe
2010-12-17 08:47:23 89088 ----a-w- c:\windows\MBR.exe
2010-12-17 08:47:23 256512 ----a-w- c:\windows\PEV.exe
2010-12-17 08:47:23 161792 ----a-w- c:\windows\SWREG.exe
2010-12-15 04:41:20 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin7.dll
2010-12-15 04:41:19 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin6.dll
2010-12-15 04:41:17 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin5.dll
2010-12-15 04:41:16 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin4.dll
2010-12-15 04:41:15 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin3.dll
2010-12-15 04:41:13 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin2.dll
2010-12-15 04:41:12 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin.dll
2010-12-15 02:05:04 -------- d-----w- c:\users\nicole.dee\appdata\roaming\Malwarebytes
2010-12-15 01:42:33 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-15 01:42:30 -------- d-----w- c:\progra~2\Malwarebytes
2010-12-15 01:42:25 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-12-15 01:42:24 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-12-06 08:26:41 233136 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2010-12-06 08:26:41 100136 ----a-w- c:\windows\system32\drivers\pctwfpfilter.sys
2010-12-06 08:26:32 88040 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2010-12-06 08:26:32 217032 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2010-12-06 08:26:06 70408 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2010-12-06 08:25:26 -------- d-----w- c:\program files\common files\PC Tools
2010-12-06 08:25:25 -------- d-----w- c:\users\nicole.dee\appdata\roaming\PC Tools
2010-12-06 08:25:25 -------- d-----w- c:\program files\Spyware Doctor
2010-12-06 08:25:25 -------- d-----w- c:\progra~2\PC Tools
2010-11-17 10:55:56 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2010-11-17 10:55:56 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2010-11-17 10:52:06 -------- d-----w- c:\program files\iPod
2010-11-17 10:51:58 -------- d-----w- c:\program files\iTunes

==================== Find3M ====================

2010-11-19 09:33:28 47360 ----a-w- c:\users\nicole.dee\appdata\roaming\pcouffin.sys
2010-09-28 05:14:52 4184352 ----a-w- c:\windows\system32\usbaaplrc.dll
2010-09-26 09:30:57 155648 --sha-r- c:\windows\system32\WGATrayj.dll

=================== ROOTKIT ====================

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 6.0.6002 Disk: WDC_WD32 rev.11.0 -> Harddisk0\DR0 -> \Device\Ide\iaStor0

device: opened successfully
user: MBR read successfully

Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys hpdskflt.sys hal.dll PCTCore.sys >>UNKNOWN [0x8745EEC5]<<
c:\windows\system32\drivers\hpdskflt.sys Hewlett-Packard Corporation Hewlett-Packard Corporation Mobile Data Protection System
c:\windows\system32\drivers\PCTCore.sys PC Tools Kernel Driver Suite
_asm { PUSH EBP; MOV EBP, ESP; SUB ESP, 0x1c; PUSH EBX; PUSH ESI; MOV DWORD [EBP-0x4], 0x86d2b872; SUB DWORD [EBP-0x4], 0x86d2b12e; PUSH EDI; CALL 0xffffffffffffdf33; }
1 ntkrnlpa!IofCallDriver[0x82495962] -> \Device\Harddisk0\DR0[0x86DDAAC8]
3 CLASSPNP[0x82B478B3] -> ntkrnlpa!IofCallDriver[0x82495962] -> [0x867ED7F8]
5 hpdskflt[0x895AD06E] -> ntkrnlpa!IofCallDriver[0x82495962] -> [0x867CE110]
7 PCTCore[0x88D7CAC6] -> ntkrnlpa!IofCallDriver[0x82495962] -> [0x86227028]
[0x866F7418] -> IRP_MJ_CREATE -> 0x8745EEC5
kernel: MBR read successfully
_asm { XOR DI, DI; MOV SI, 0x200; MOV SS, DI; MOV SP, 0x7a00; MOV BX, 0x7a0; MOV CX, SI; MOV DS, BX; MOV ES, BX; REP MOVSB ; JMP FAR 0x7a0:0x72; }
detected disk devices:
\Device\Ide\IAAStorageDevice-1 -> \??\IDE#DiskWDC_WD3200BEVT-60ZCT0___________________11.01A11#4&126f26d8&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found
detected hooks:
\Driver\atapi -> 0x85bb31f8
\Driver\iaStor DriverStartIo -> 0x8745EAEA
user & kernel MBR OK
sectors 625142446 (+255): user != kernel
Warning: possible TDL3 rootkit infection !

============= FINISH: 21:15:37.04 ===============


ATTACH.txt LOG:



UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-12-12.02)

Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 11/07/2008 7:57:29 AM
System Uptime: 17/12/2010 8:49:46 PM (1 hours ago)

Motherboard: Quanta | | 3602
Processor: Intel(R) Core(TM)2 Duo CPU P7350 @ 2.00GHz | CPU | 800/1066mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 289 GiB total, 139.4 GiB free.
D: is FIXED (NTFS) - 10 GiB total, 1.708 GiB free.
E: is CDROM ()
F: is CDROM ()

==== Disabled Device Manager Items =============

Class GUID:
Description: Bluetooth Peripheral Device
Device ID: BTHENUM\{00000000-DECA-FADE-DECA-DEAFDECACAFE}_VID&000205AC_PID&7777\7&2E015ABA&0&0026B082A44E_C00000000
Manufacturer:
Name: Bluetooth Peripheral Device
PNP Device ID: BTHENUM\{00000000-DECA-FADE-DECA-DEAFDECACAFE}_VID&000205AC_PID&7777\7&2E015ABA&0&0026B082A44E_C00000000
Service:

Class GUID:
Description: Bluetooth Peripheral Device
Device ID: BTHENUM\{00005005-0000-1000-8000-0002EE000001}_LOCALMFG&000F\7&2E015ABA&0&001BAF21223E_C00000000
Manufacturer:
Name: Bluetooth Peripheral Device
PNP Device ID: BTHENUM\{00005005-0000-1000-8000-0002EE000001}_LOCALMFG&000F\7&2E015ABA&0&001BAF21223E_C00000000
Service:

Class GUID:
Description: Bluetooth Peripheral Device
Device ID: BTHENUM\{00005601-0000-1000-8000-0002EE000001}_LOCALMFG&000F\7&2E015ABA&0&001BAF21223E_C00000000
Manufacturer:
Name: Bluetooth Peripheral Device
PNP Device ID: BTHENUM\{00005601-0000-1000-8000-0002EE000001}_LOCALMFG&000F\7&2E015ABA&0&001BAF21223E_C00000000
Service:

==== System Restore Points ===================


==== Installed Programs ======================

Acrobat.com
ActiveCheck component for HP Active Support Library
Adobe AIR
Adobe Community Help
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Media Player
Adobe Reader 9.4.1
Adobe Shockwave Player
Agere Systems HDA Modem
Akamai NetSession Interface
Anti-Spyware (Sunbelt3)
Anti-Virus (Command Software 5)
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Authentium Web Install Helper
AVSDK5
BigPond (BIUS)
Bigpond Desktop
BigPond Security
BlService Web Update
Bonjour
CalorieKing Nutrition and Exercise Manager - Australian Edition (remove only)
Camera RAW Plug-In for EPSON Creativity Suite
Cards_Calendar_OrderGift_DoMorePlugout
CleanCenter v2.8.1.1 Trial Version
CyberLink DVD Suite
CyberLink YouCam
Data Lifeguard Diagnostic for Windows
Definition update for Microsoft Office 2010 (KB982726)
DivX Codec
DivX Converter
DivX Player
DivX Plus DirectShow Filters
DivX Web Player
e-tax 2010
EPSON Attach To Email
EPSON Copy Utility 3
EPSON Easy Photo Print
EPSON File Manager
EPSON Printer Software
EPSON Scan Assistant
EPSON Stylus CX9300F_DX9400F Manual
ESP
Facebook Plug-In
Firewall (Core 2)
Firewall (User)
FLV Player 2.0 (build 25)
Google Chrome
Google Earth
Google Toolbar for Internet Explorer
Google Update Helper
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Active Support Library
HP Customer Experience Enhancements
HP Doc Viewer
HP Easy Setup - Frontend
HP Games
HP Help and Support
HP Integrated Module with Bluetooth wireless technology 6.0.1.6200
HP MULTIPLE MODEM INSTALLER for VISTA
HP Photosmart Essential 2.5
HP QuickPlay 3.7
HP Total Care Advisor
HP Update
HP User Guides 0102
HP Wireless Assistant
HPAsset component for HP Active Support Library
HPNetworkAssistant
HPPhotoSmartDiscLabel_PaperLabel
HPPhotoSmartDiscLabel_PrintOnDisc
HPPhotoSmartDiscLabel_Tattoo
HPPhotoSmartDiscLabelContent1
hpphotosmartdisclabelplugin
HPPhotoSmartPhotobookHolidayPack1
HPPhotoSmartPhotobookModernPack1
HPPhotoSmartPhotobookPlayfulPack1
HPPhotoSmartPhotobookScrapbookPack1
HPPhotoSmartPhotobookWebPack1
IDT Audio
ImagXpress
Intel(R) Graphics Media Accelerator Driver
Intel® Matrix Storage Manager
iPhone Configuration Utility
iPod Access for Windows v4.2.5
iTunes
Java Auto Updater
Java(TM) 6 Update 22
Java(TM) 6 Update 5
Junk Mail filter update
LabelPrint
LightScribe System Software 1.14.17.1
Malwarebytes' Anti-Malware
McAfee Security Scan Plus
Memeo AutoBackup
Memeo AutoSync
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Home and Student 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Single Image 2010
Microsoft Office Word MUI (English) 2010
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft SQL Server Native Client
Microsoft SQL Server Setup Support Files (English)
Microsoft SQL Server VSS Writer
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Works 2000
Microsoft Works 2000 Setup Launcher
Microsoft WSE 3.0 Runtime
Microsoft_VC80_ATL_x86
Microsoft_VC80_CRT_x86
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFCLOC_x86
Microsoft_VC90_ATL_x86
Microsoft_VC90_CRT_x86
Microsoft_VC90_MFC_x86
MobileMe Control Panel
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
muvee autoProducer 6.1
neroxml
OGA Notifier 1.7.0105.35.0
Power2Go
PowerDirector
ProtectSmart Hard Drive Protection
PSSWCORE
QuickPlay SlingPlayer 0.4.6
QuickTime
Realtek 8169 8168 8101E 8102E Ethernet Driver
Realtek USB 2.0 Card Reader
Riva FLV Encoder 2.0
Safari
Spyware Doctor 7.0
Synaptics Pointing Device Driver
Third Party Prerequisites
Tracks Eraser Pro v7.0
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2010 (KB2202188)
Update for Microsoft OneNote 2010 (KB2288640)
Update for Microsoft Outlook Social Connector (KB2289116)
VC80CRTRedist - 8.0.50727.4053
VideoToolkit01
Web Filtering (Base 2)
Web Filtering (Base)
Web Filtering (Kids Page)
Web Filtering (RuleSpace CFI Anti-Phishing)
Web Filtering (Rulespace CFI)
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live Mail
Windows Live Messenger
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Toolbar
Windows Live Upload Tool
Windows Live Writer
Windows Media Player Firefox Plugin
WinRAR archiver
Word in Works Suite add-in
Xvid 1.2.2 final uninstall

==== End Of File ===========================


PC is not running too bad, I am yet to install updates as they didn't complete the other day.
Have not had any more virus popups, so that's fantastic.
Thanks.
nicoledee
Active Member
 
Posts: 11
Joined: December 7th, 2010, 8:09 am

Re: Epoclick Virus

Unread postby Airscape » December 17th, 2010, 6:49 pm

Hello,

Are you still having redirects?

----------------------------------------------
Go to VirusTotal or Jotti to upload/analyze a file.
Click on Browse then copy/paste the file and path (in red) below into the file name box.
Once the line is pasted into the file name box, click on Open, then click send file.
When it's finished, copy/paste the results from each antivirus (or you can use the link/URL whichever is easier)

c:\windows\Tasks\lqzvhck.job
You may recieve a message stating "
"The file you uploaded is 0 bytes. It is very likely a firewall or a piece of malware is prohibiting you from uploading this file"

Just let me know if that is what you saw.

-------------------------------------------------------------------

Please download This Tool and save it to your desktop.
Double click MGADiag.exe to run it. (right-click and Run as Admin in Vista)
Click Continue. The program will run, please be patient.
Click Resolve Now (if available) and follow the prompts.
Once done, click on Copy then Paste the contents into your next reply.

---------------------------------------------------

Security Application Check
  • Please download SecurityCheck by screen317 from Here or Here and save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt
  • Please post the contents of that document in your next reply.

-------------------------------------------------

Download and Run TDSSKiller
Please download TDSSKiller and save it to your desktop.
http://support.kaspersky.com/downloads/ ... killer.exe
  • Double-click the file TDSSKiller.exe then press Start scan.
    (If using Windows Vista: right-click the file and select Run as Admin)
  • For malicious (the malware has been identified) objects make sure Cure is selected.
  • For suspicious (the malware cannot be identified) objects make sure Skip is selected.
  • Click on Next/Continue then Restart the computer.
  • By default, the log will be saved in the root of the drive (usually C:\TDSSKiller.txt)

Note: If you ran this program previously look for any other logs and post them.
If the program fails to run then rename it to f5y47Dk.com and try again.

-----------------------------------------------

Please post the following:
VirusTotal results
MGADiag results
Ckeckup.txt
Tdsskiller log
User avatar
Airscape
Regular Member
 
Posts: 1858
Joined: November 1st, 2008, 11:06 pm

Re: Epoclick Virus

Unread postby nicoledee » December 17th, 2010, 10:53 pm

Hi,
No I haven't had redirects since the first process I think.

The VIRUS TOTAL url:
http://www.virustotal.com/file-scan/rep ... 1292638979

The JOTTI url:
http://virusscan.jotti.org/en/scanresul ... c1506a8e04

MGADIAG LOG:

Diagnostic Report (1.9.0027.0):
-----------------------------------------
Windows Validation Data-->
Validation Status: Genuine
Validation Code: 0
Cached Online Validation Code: 0x0
Windows Product Key: *****-*****-27HYQ-XTKW2-WQD8Q
Windows Product Key Hash: U8YEZzymoD4DMyaMb32rPrNIS90=
Windows Product ID: 89578-OEM-7332157-00061
Windows Product ID Type: 2
Windows License Type: OEM SLP
Windows OS version: 6.0.6002.2.00010300.2.0.003
ID: {B2AC9B07-E6B1-419B-A5F4-1C18781E6806}(1)
Is Admin: Yes
TestCab: 0x0
LegitcheckControl ActiveX: N/A, hr = 0x80070002
Signed By: N/A, hr = 0x80070002
Product Name: Windows Vista (TM) Home Premium
Architecture: 0x00000000
Build lab: 6002.vistasp2_gdr.100608-0458
TTS Error: M:20101217201712440-
Validation Diagnostic:
Resolution Status: N/A

Vista WgaER Data-->
ThreatID(s): N/A, hr = 0x80070002
Version: 6.0.6002.16398

Windows XP Notifications Data-->
Cached Result: N/A, hr = 0x80004005
File Exists: No
Version: 1.7.105.35
WgaTray.exe Signed By: Microsoft
WgaLogon.dll Signed By: N/A, hr = 0x80070002

OGA Notifications Data-->
Cached Result: 100
Version: 1.7.105.35
OGAExec.exe Signed By: N/A, hr = 0x80070002
OGAAddin.dll Signed By: Microsoft

OGA Data-->
Office Status: 109 N/A
OGA Version: Registered, 1.7.105.35
Signed By: Microsoft
Office Diagnostics: B4D0AA8B-604-645_B4D0AA8B-604-645_025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3

Browser Data-->
Proxy settings: N/A
User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
Default Browser: C:\Program Files\Internet Explorer\iexplore.exe
Download signed ActiveX controls: Prompt
Download unsigned ActiveX controls: Disabled
Run ActiveX controls and plug-ins: Allowed
Initialize and script ActiveX controls not marked as safe: Disabled
Allow scripting of Internet Explorer Webbrowser control: Disabled
Active scripting: Allowed
Script ActiveX controls marked as safe for scripting: Allowed

File Scan Data-->

Other data-->
Office Details: <GenuineResults><MachineData><UGUID>{B2AC9B07-E6B1-419B-A5F4-1C18781E6806}</UGUID><Version>1.9.0027.0</Version><OS>6.0.6002.2.00010300.2.0.003</OS><Architecture>x32</Architecture><PKey>*****-*****-*****-*****-WQD8Q</PKey><PID>89578-OEM-7332157-00061</PID><PIDType>2</PIDType><SID>S-1-5-21-2134303352-1733512035-1346837893</SID><SYSTEM><Manufacturer>Hewlett-Packard</Manufacturer><Model>HP Pavilion dv5 Notebook PC</Model></SYSTEM><BIOS><Manufacturer>Hewlett-Packard</Manufacturer><Version>F.16</Version><SMBIOSVersion major="2" minor="4"/><Date>20090506000000.000000+000</Date></BIOS><HWID>BB333507018400F8</HWID><UserLCID>0C09</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Cen. Australia Standard Time(GMT+09:30)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM><OEMID>HPQOEM</OEMID><OEMTableID>SLIC-MPC</OEMTableID></OEM><GANotification><File Name="WgaTray.exe" Version="1.7.105.35"/><File Name="OGAAddin.dll" Version="1.7.105.35"/><File Name="OGAVerify.exe" Version="1.7.105.35"/></GANotification></MachineData><Software><Office><Result>109</Result><Products/><Applications/></Office></Software></GenuineResults>

Spsys.log Content: U1BMRwEAAAAAAQAABAAAAJUTAAAAAAAAYWECAORPprEhLPwTJm/LARhy9171jCizkdIEkQaJZ66HEZNKW7P6Rfvt4cdBY87qgoVimwhTjVF4+/VVI4+iYgQokzn13D2vIQWJj+yy8ZkGjD54GJQj3fNU06hutIxaBtU6zyz3v9Z2MrIHa9x3W3cNP6YJJRzZ3sGPZMdauCpB28UWdzFHrZPNCjSPxzetUHxhcf38akJWjrTFmdio3G4MbsZdJFBl6ID8Z6PgzOFiAgd8gXL9twaWlpHw8NMJ801+h+MsTFkRlJ2ZAjRAiDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwYcvde9Ywos5HSBJEGiWeut+ewV9j5er4Sv8zVLZ4oNp6A/jj67pNDrFJ+GSSyQNwEKJM59dw9ryEFiY/ssvGZ6HEcEjnR3nnyLSzUKkvxHAbVOs8s97/WdjKyB2vcd1t3DT+mCSUc2d7Bj2THWrgqQdvFFncxR62TzQo0j8c3rVB8YXH9/GpCVo60xZnYqNxuDG7GXSRQZeiA/Gej4MzhYgIHfIFy/bcGlpaR8PDTCfNNfofjLExZEZSdmQI0QIgzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMGHL3XvWMKLOR0gSRBolnrpoknLWDRo3m6umNlBUtjobrTK2qPXZwGAI2YSwExM1rBCiTOfXcPa8hBYmP7LLxmfn+uTCLakX4+TdpFCiq0dUG1TrPLPe/1nYysgdr3Hdbdw0/pgklHNnewY9kx1q4KkHbxRZ3MUetk80KNI/HN61QfGFx/fxqQlaOtMWZ2Kjcbgxuxl0kUGXogPxno+DM4WICB3yBcv23BpaWkfDw0wnzTX6H4yxMWRGUnZkCNECIM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDBhy9171jCizkdIEkQaJZ67vVP5r3Od7XnMbvyAmNxTI/xJFhmRssujsIetmT3AfEAQokzn13D2vIQWJj+yy8ZmiPrLteryL9MmLSKYl3uebBtU6zyz3v9Z2MrIHa9x3W3cNP6YJJRzZ3sGPZMdauCpB28UWdzFHrZPNCjSPxzetUHxhcf38akJWjrTFmdio3G4MbsZdJFBl6ID8Z6PgzOFiAgd8gXL9twaWlpHw8NMJ801+h+MsTFkRlJ2ZAjRAiDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwYcvde9Ywos5HSBJEGiWeudMMdE8uAv7LVtf5e2MQVQAkaolY9BuLaA0QvUCv7UFoEKJM59dw9ryEFiY/ssvGZAy0guwP2v+Kgn9usTCCG0wbVOs8s97/WdjKyB2vcd1t3DT+mCSUc2d7Bj2THWrgqQdvFFncxR62TzQo0j8c3rVB8YXH9/GpCVo60xZnYqNxuDG7GXSRQZeiA/Gej4MzhYgIHfIFy/bcGlpaR8PDTCfNNfofjLExZEZSdmQI0QIgzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMGHL3XvWMKLOR0gSRBolnrvpX5xxE/Gt4Oh8Sm0R8LgN0Qe0DWAjN21/j5OpWnmCuBCiTOfXcPa8hBYmP7LLxmcEBU2zYPAtUM9I0bSoMm8UG1TrPLPe/1nYysgdr3Hdbdw0/pgklHNnewY9kx1q4KkHbxRZ3MUetk80KNI/HN61QfGFx/fxqQlaOtMWZ2Kjcbgxuxl0kUGXogPxno+DM4WICB3yBcv23BpaWkfDw0wnzTX6H4yxMWRGUnZkCNECIM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDBhy9171jCizkdIEkQaJZ663E+RPvi1X9q0SRd66ceDuShrJzeG7C4Xs34Jniu6xjQQokzn13D2vIQWJj+yy8ZnqIpxatvfKpOIBelFZyUNaBtU6zyz3v9Z2MrIHa9x3W3cNP6YJJRzZ3sGPZMdauCpB28UWdzFHrZPNCjSPxzetUHxhcf38akJWjrTFmdio3G4MbsZdJFBl6ID8Z6PgzOFiAgd8gXL9twaWlpHw8NMJ801+h+MsTFkRlJ2ZAjRAiDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwYcvde9Ywos5HSBJEGiWeucNLvi00cD0D2sN/MR9KSWULvHaMrDBqbXxn92kI5x/kEKJM59dw9ryEFiY/ssvGZTjaiYeAQh0NqOj29Vj3I7gbVOs8s97/WdjKyB2vcd1t3DT+mCSUc2d7Bj2THWrgqQdvFFncxR62TzQo0j8c3rVB8YXH9/GpCVo60xZnYqNxuDG7GXSRQZeiA/Gej4MzhYgIHfIFy/bcGlpaR8PDTCfNNfofjLExZEZSdmQI0QIgzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMGHL3XvWMKLOR0gSRBolnrreZ2hUerdERr+CCALEAHihDlm+G7HyBCTBSS7ozYKm4BCiTOfXcPa8hBYmP7LLxmUGxF6aAjagnGpfhD0GNRQgG1TrPLPe/1nYysgdr3Hdbdw0/pgklHNnewY9kx1q4KkHbxRZ3MUetk80KNI/HN61QfGFx/fxqQlaOtMWZ2Kjcbgxuxl0kUGXogPxno+DM4WICB3yBcv23BpaWkfDw0wnzTX6H4yxMWRGUnZkCNECIM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDBhy9171jCizkdIEkQaJZ65Fl5Q3avy3xRexDLeVBfR+fD9zhPusmIwcpmwXkd88GwQokzn13D2vIQWJj+yy8ZkasAC/2VtsdExFoX1TB3G/BtU6zyz3v9Z2MrIHa9x3W3cNP6YJJRzZ3sGPZMdauCpB28UWdzFHrZPNCjSPxzetUHxhcf38akJWjrTFmdio3G4MbsZdJFBl6ID8Z6PgzOFiAgd8gXL9twaWlpHw8NMJ801+h+MsTFkRlJ2ZAjRAiDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAw=

Licensing Data-->
Software licensing service version: 6.0.6002.18005
Name: Windows(TM) Vista, HomePremium edition
Description: Windows Operating System - Vista, OEM_SLP channel
Activation ID: bffdc375-bbd5-499d-8ef1-4f37b61c895f
Application ID: 55c92734-d682-4d71-983e-d6ec3f16059f
Extended PID: 89578-00146-321-500061-02-3081-6001.0000-3602008
Installation ID: 013396603520988742536105018922601930610413945836221996
Processor Certificate URL: http://go.microsoft.com/fwlink/?LinkID=43473
Machine Certificate URL: http://go.microsoft.com/fwlink/?LinkID=43474
Use License URL: http://go.microsoft.com/fwlink/?LinkID=43476
Product Key Certificate URL: http://go.microsoft.com/fwlink/?LinkID=43475
Partial Product Key: WQD8Q
License Status: Licensed

Windows Activation Technologies-->
N/A

HWID Data-->
HWID Hash Current: OAAAAAIAAQABAAIAAgACAAAAAwABAAEAJJQYry559/DkWYo4bAgKMd9x8vQt4vRyTw3U+bJgRso=

OEM Activation 1.0 Data-->
N/A

OEM Activation 2.0 Data-->
BIOS valid for OA 2.0: yes
Windows marker version: 0x20000
OEMID and OEMTableID Consistent: yes
BIOS Information:
ACPI Table Name OEMID Value OEMTableID Value
APIC HPQOEM SLIC-MPC
FACP HPQOEM SLIC-MPC
HPET HPQOEM SLIC-MPC
BOOT HPQOEM SLIC-MPC
MCFG HPQOEM SLIC-MPC
ASF! HPQOEM SLIC-MPC
SLIC HPQOEM SLIC-MPC
SSDT PmRef CpuPm


SECURITY APPLICATION CHECKUP LOG:

Results of screen317's Security Check version 0.99.7
Windows Vista Service Pack 2 (UAC is disabled!)
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:

Windows Security Center service is not running! This report may not be accurate!
Windows Firewall Disabled!
Anti-Virus (Command Software 5)
Firewall (User)
Firewall (Core 2)
McAfee Security Scan Plus
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:

Malwarebytes' Anti-Malware
Java(TM) 6 Update 22
Java(TM) 6 Update 5
Out of date Java installed!
Adobe Flash Player 10.1.53.64
Adobe Reader 9.4.1
Out of date Adobe Reader installed!
````````````````````````````````
Process Check:
objlist.exe by Laurent

Common Files Authentium AntiVirus5 vsedsps.exe
Common Files Authentium AntiVirus5 vseamps.exe
Common Files Authentium AntiVirus5 vseqrts.exe
``````````End of Log````````````


TDSSKILLER log:

2010/12/18 13:10:23.0353 TDSS rootkit removing tool 2.4.12.0 Dec 16 2010 09:46:46
2010/12/18 13:10:23.0353 ================================================================================
2010/12/18 13:10:23.0354 SystemInfo:
2010/12/18 13:10:23.0354
2010/12/18 13:10:23.0354 OS Version: 6.0.6002 ServicePack: 2.0
2010/12/18 13:10:23.0354 Product type: Workstation
2010/12/18 13:10:23.0354 ComputerName: NICOLE-DEE-PC
2010/12/18 13:10:23.0355 UserName: nicole.dee
2010/12/18 13:10:23.0355 Windows directory: C:\Windows
2010/12/18 13:10:23.0355 System windows directory: C:\Windows
2010/12/18 13:10:23.0355 Processor architecture: Intel x86
2010/12/18 13:10:23.0355 Number of processors: 2
2010/12/18 13:10:23.0355 Page size: 0x1000
2010/12/18 13:10:23.0355 Boot type: Normal boot
2010/12/18 13:10:23.0355 ================================================================================
2010/12/18 13:10:25.0305 Initialize success
2010/12/18 13:10:35.0978 ================================================================================
2010/12/18 13:10:35.0979 Scan started
2010/12/18 13:10:35.0979 Mode: Manual;
2010/12/18 13:10:35.0979 ================================================================================
2010/12/18 13:10:36.0765 Accelerometer (aef9ee4451d5c46370142cb06d0f3591) C:\Windows\system32\DRIVERS\Accelerometer.sys
2010/12/18 13:10:36.0900 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
2010/12/18 13:10:37.0036 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
2010/12/18 13:10:37.0169 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
2010/12/18 13:10:37.0257 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
2010/12/18 13:10:37.0338 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
2010/12/18 13:10:37.0558 AFD (a201207363aa900abf1a388468688570) C:\Windows\system32\drivers\afd.sys
2010/12/18 13:10:37.0795 AgereSoftModem (1cfeba39fc613e45b49d3eddfbcda289) C:\Windows\system32\DRIVERS\AGRSM.sys
2010/12/18 13:10:37.0996 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
2010/12/18 13:10:38.0098 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
2010/12/18 13:10:38.0217 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
2010/12/18 13:10:38.0288 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
2010/12/18 13:10:38.0368 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
2010/12/18 13:10:38.0447 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
2010/12/18 13:10:38.0523 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\DRIVERS\amdk8.sys
2010/12/18 13:10:38.0650 AMP (a9d90d1524bd292c2d77e8478f6f7777) c:\Windows\system32\Drivers\amp.sys
2010/12/18 13:10:38.0789 AMPSE (831ea986b4895e48bf7580684e38e15f) c:\Windows\system32\Drivers\ampse.sys
2010/12/18 13:10:39.0045 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
2010/12/18 13:10:39.0128 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
2010/12/18 13:10:39.0219 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
2010/12/18 13:10:39.0288 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
2010/12/18 13:10:39.0446 authfwco (5d2f11d5c68208865142f7b6a5085259) C:\Windows\system32\DRIVERS\authfwco.sys
2010/12/18 13:10:39.0583 BCM43XV (cf6a67c90951e3e763d2135dede44b85) C:\Windows\system32\DRIVERS\bcmwl6.sys
2010/12/18 13:10:39.0721 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
2010/12/18 13:10:39.0854 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
2010/12/18 13:10:39.0958 bowser (74b442b2be1260b7588c136177ceac66) C:\Windows\system32\DRIVERS\bowser.sys
2010/12/18 13:10:40.0186 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
2010/12/18 13:10:40.0277 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
2010/12/18 13:10:40.0377 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
2010/12/18 13:10:40.0509 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
2010/12/18 13:10:40.0653 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
2010/12/18 13:10:40.0681 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
2010/12/18 13:10:40.0759 BthEnum (6d39c954799b63ba866910234cf7d726) C:\Windows\system32\DRIVERS\BthEnum.sys
2010/12/18 13:10:40.0888 BTHMODEM (9a966a8e86d1771911ae34a20d11bff3) C:\Windows\system32\DRIVERS\bthmodem.sys
2010/12/18 13:10:40.0968 BthPan (5904efa25f829bf84ea6fb045134a1d8) C:\Windows\system32\DRIVERS\bthpan.sys
2010/12/18 13:10:41.0092 BTHPORT (5a3abaa2f8eece7aefb942773766e3db) C:\Windows\system32\Drivers\BTHport.sys
2010/12/18 13:10:41.0209 BTHUSB (94e2941280e3756a5e0bcb467865c43a) C:\Windows\system32\Drivers\BTHUSB.sys
2010/12/18 13:10:41.0332 btwaudio (99aeea7cefdfc6e4151a8f620d682088) C:\Windows\system32\drivers\btwaudio.sys
2010/12/18 13:10:41.0423 btwavdt (195872e48a7fb01f8bc9b800f70f4054) C:\Windows\system32\drivers\btwavdt.sys
2010/12/18 13:10:41.0584 btwrchid (0724e7d6c9b6a289eddda33fa8176e80) C:\Windows\system32\DRIVERS\btwrchid.sys
2010/12/18 13:10:41.0799 BVRPMPR5 (248dfa5762dde38dfddbbd44149e9d7a) C:\Windows\system32\drivers\BVRPMPR5.SYS
2010/12/18 13:10:42.0014 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
2010/12/18 13:10:42.0124 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
2010/12/18 13:10:42.0232 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\DRIVERS\circlass.sys
2010/12/18 13:10:42.0350 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
2010/12/18 13:10:42.0504 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
2010/12/18 13:10:42.0606 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
2010/12/18 13:10:42.0667 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
2010/12/18 13:10:42.0771 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
2010/12/18 13:10:42.0842 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
2010/12/18 13:10:43.0007 DfsC (218d8ae46c88e82014f5d73d0236d9b2) C:\Windows\system32\Drivers\dfsc.sys
2010/12/18 13:10:43.0148 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
2010/12/18 13:10:43.0284 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
2010/12/18 13:10:43.0434 DXGKrnl (5c7e2097b91d689ded7a6ff90f0f3a25) C:\Windows\System32\drivers\dxgkrnl.sys
2010/12/18 13:10:43.0512 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
2010/12/18 13:10:43.0748 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
2010/12/18 13:10:43.0907 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
2010/12/18 13:10:44.0079 enecir (4cd6b056c5fd9e97c06fe74c81479517) C:\Windows\system32\DRIVERS\enecir.sys
2010/12/18 13:10:44.0200 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
2010/12/18 13:10:44.0313 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
2010/12/18 13:10:44.0418 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
2010/12/18 13:10:44.0588 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
2010/12/18 13:10:44.0673 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
2010/12/18 13:10:44.0742 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
2010/12/18 13:10:44.0819 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
2010/12/18 13:10:44.0925 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
2010/12/18 13:10:45.0092 fssfltr (b74b0578fd1d3f897e95f2a2b69ea051) C:\Windows\system32\DRIVERS\fssfltr.sys
2010/12/18 13:10:45.0257 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
2010/12/18 13:10:45.0332 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
2010/12/18 13:10:45.0447 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
2010/12/18 13:10:45.0589 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
2010/12/18 13:10:45.0724 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
2010/12/18 13:10:45.0782 HidBth (fcb3f4be408f72c1bd81bcaba87fc22f) C:\Windows\system32\DRIVERS\hidbth.sys
2010/12/18 13:10:45.0858 HidIr (d8df3722d5e961baa1292aa2f12827e2) C:\Windows\system32\DRIVERS\hidir.sys
2010/12/18 13:10:45.0977 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
2010/12/18 13:10:46.0088 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
2010/12/18 13:10:46.0169 hpdskflt (64637b65c90df48c94bb9346afb3ac61) C:\Windows\system32\DRIVERS\hpdskflt.sys
2010/12/18 13:10:46.0276 HpqKbFiltr (35956140e686d53bf676cf0c778880fc) C:\Windows\system32\DRIVERS\HpqKbFiltr.sys
2010/12/18 13:10:46.0388 HpqRemHid (115c0933b3ed51dfbec4449348c8065b) C:\Windows\system32\DRIVERS\HpqRemHid.sys
2010/12/18 13:10:46.0532 HSFHWAZL (46d67209550973257601a533e2ac5785) C:\Windows\system32\DRIVERS\VSTAZL3.SYS
2010/12/18 13:10:46.0671 HSF_DPV (ec36f1d542ed4252390d446bf6d4dfd0) C:\Windows\system32\DRIVERS\VSTDPV3.SYS
2010/12/18 13:10:46.0854 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
2010/12/18 13:10:46.0974 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
2010/12/18 13:10:47.0087 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
2010/12/18 13:10:47.0203 iaStor (db0cc620b27a928d968c1a1e9cd9cb87) C:\Windows\system32\DRIVERS\iaStor.sys
2010/12/18 13:10:47.0253 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
2010/12/18 13:10:47.0471 igfx (d97e70e4e243c9660f91c1112e36c73b) C:\Windows\system32\DRIVERS\igdkmd32.sys
2010/12/18 13:10:47.0647 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
2010/12/18 13:10:47.0795 IntcHdmiAddService (55bd24342dd3d0019393a001e97dec80) C:\Windows\system32\drivers\IntcHdmi.sys
2010/12/18 13:10:47.0909 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
2010/12/18 13:10:47.0993 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
2010/12/18 13:10:48.0079 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2010/12/18 13:10:48.0206 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
2010/12/18 13:10:48.0281 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
2010/12/18 13:10:48.0403 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
2010/12/18 13:10:48.0487 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
2010/12/18 13:10:48.0630 iscFlash (b3c02712caa7e2949f2d95f9ae99e0f6) C:\SwSetup\sp43819\iscflash.sys
2010/12/18 13:10:48.0748 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
2010/12/18 13:10:48.0781 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
2010/12/18 13:10:48.0862 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
2010/12/18 13:10:48.0944 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
2010/12/18 13:10:49.0025 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
2010/12/18 13:10:49.0180 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
2010/12/18 13:10:49.0336 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
2010/12/18 13:10:49.0457 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
2010/12/18 13:10:49.0531 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
2010/12/18 13:10:49.0607 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
2010/12/18 13:10:49.0686 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
2010/12/18 13:10:49.0863 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
2010/12/18 13:10:49.0960 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
2010/12/18 13:10:50.0109 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
2010/12/18 13:10:50.0191 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
2010/12/18 13:10:50.0237 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
2010/12/18 13:10:50.0318 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
2010/12/18 13:10:50.0395 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
2010/12/18 13:10:50.0496 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
2010/12/18 13:10:50.0685 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
2010/12/18 13:10:50.0770 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
2010/12/18 13:10:50.0859 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
2010/12/18 13:10:50.0962 mrxsmb (454341e652bdf5e01b0f2140232b073e) C:\Windows\system32\DRIVERS\mrxsmb.sys
2010/12/18 13:10:51.0056 mrxsmb10 (2a4901aff069944fa945ed5bbf4dcde3) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2010/12/18 13:10:51.0150 mrxsmb20 (28b3f1ab44bdd4432c041581412f17d9) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2010/12/18 13:10:51.0259 msahci (28023e86f17001f7cd9b15a5bc9ae07d) C:\Windows\system32\drivers\msahci.sys
2010/12/18 13:10:51.0332 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
2010/12/18 13:10:51.0476 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
2010/12/18 13:10:51.0612 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
2010/12/18 13:10:51.0831 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
2010/12/18 13:10:51.0950 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
2010/12/18 13:10:52.0058 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
2010/12/18 13:10:52.0171 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
2010/12/18 13:10:52.0287 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
2010/12/18 13:10:52.0318 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
2010/12/18 13:10:52.0421 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
2010/12/18 13:10:52.0522 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
2010/12/18 13:10:52.0679 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
2010/12/18 13:10:52.0804 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
2010/12/18 13:10:52.0899 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
2010/12/18 13:10:53.0019 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
2010/12/18 13:10:53.0096 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
2010/12/18 13:10:53.0232 Netaapl (29c45722e20572b6440b57e3359e73ee) C:\Windows\system32\DRIVERS\netaapl.sys
2010/12/18 13:10:53.0294 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
2010/12/18 13:10:53.0385 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
2010/12/18 13:10:53.0654 NETw5v32 (e559ea9138c77b5d1fda8c558764a25f) C:\Windows\system32\DRIVERS\NETw5v32.sys
2010/12/18 13:10:53.0974 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
2010/12/18 13:10:54.0084 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
2010/12/18 13:10:54.0208 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
2010/12/18 13:10:54.0361 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
2010/12/18 13:10:54.0600 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
2010/12/18 13:10:54.0740 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
2010/12/18 13:10:54.0846 NVENETFD (1657f3fbd9061526c14ff37e79306f98) C:\Windows\system32\DRIVERS\nvm60x32.sys
2010/12/18 13:10:54.0977 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
2010/12/18 13:10:55.0045 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
2010/12/18 13:10:55.0123 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
2010/12/18 13:10:55.0320 ohci1394 (790e27c3db53410b40ff9ef2fd10a1d9) C:\Windows\system32\DRIVERS\ohci1394.sys
2010/12/18 13:10:55.0486 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
2010/12/18 13:10:55.0575 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
2010/12/18 13:10:55.0653 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
2010/12/18 13:10:55.0764 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
2010/12/18 13:10:55.0879 pciide (fc175f5ddab666d7f4d17449a547626f) C:\Windows\system32\drivers\pciide.sys
2010/12/18 13:10:55.0968 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
2010/12/18 13:10:56.0111 pcouffin (5b6c11de7e839c05248ced8825470fef) C:\Windows\system32\Drivers\pcouffin.sys
2010/12/18 13:10:56.0250 PCTCore (d9f8e37834eff27442e384d495ee5232) C:\Windows\system32\drivers\PCTCore.sys
2010/12/18 13:10:56.0416 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
2010/12/18 13:10:56.0676 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
2010/12/18 13:10:56.0776 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
2010/12/18 13:10:56.0865 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
2010/12/18 13:10:56.0956 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
2010/12/18 13:10:57.0130 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
2010/12/18 13:10:57.0259 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
2010/12/18 13:10:57.0343 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
2010/12/18 13:10:57.0430 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
2010/12/18 13:10:57.0533 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
2010/12/18 13:10:57.0626 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
2010/12/18 13:10:57.0749 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
2010/12/18 13:10:57.0842 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
2010/12/18 13:10:57.0948 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
2010/12/18 13:10:58.0034 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
2010/12/18 13:10:58.0141 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
2010/12/18 13:10:58.0308 RFCOMM (6482707f9f4da0ecbab43b2e0398a101) C:\Windows\system32\DRIVERS\rfcomm.sys
2010/12/18 13:10:58.0462 RimUsb (f17713d108aca124a139fde877eef68a) C:\Windows\system32\Drivers\RimUsb.sys
2010/12/18 13:10:58.0638 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
2010/12/18 13:10:58.0759 RTL8169 (174b9514cd1a0c33ce4bbc02a3c81a62) C:\Windows\system32\DRIVERS\Rtlh86.sys
2010/12/18 13:10:58.0852 RTSTOR (4f31cfdebd0a5bc27d45e7ebfefaaf6f) C:\Windows\system32\drivers\RTSTOR.SYS
2010/12/18 13:10:58.0977 sbapifs (545f05311f9653c17fd43d024985f787) C:\Windows\system32\DRIVERS\sbapifs.sys
2010/12/18 13:10:59.0093 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
2010/12/18 13:10:59.0210 SBRE (e121185abcc7f6f2875843ed3236d245) C:\Windows\system32\drivers\SBREdrv.sys
2010/12/18 13:10:59.0427 sdbus (126ea89bcc413ee45e3004fb0764888f) C:\Windows\system32\DRIVERS\sdbus.sys
2010/12/18 13:10:59.0576 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2010/12/18 13:10:59.0671 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
2010/12/18 13:10:59.0762 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
2010/12/18 13:10:59.0888 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
2010/12/18 13:11:00.0033 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
2010/12/18 13:11:00.0112 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
2010/12/18 13:11:00.0187 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
2010/12/18 13:11:00.0267 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
2010/12/18 13:11:00.0385 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
2010/12/18 13:11:00.0517 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
2010/12/18 13:11:00.0584 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
2010/12/18 13:11:00.0742 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
2010/12/18 13:11:00.0873 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
2010/12/18 13:11:01.0015 sptd (71e276f6d189413266ea22171806597b) C:\Windows\system32\Drivers\sptd.sys
2010/12/18 13:11:01.0095 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: 71e276f6d189413266ea22171806597b
2010/12/18 13:11:01.0115 sptd - detected Locked file (1)
2010/12/18 13:11:01.0194 srv (96a5e2c642af8f591a7366429809506b) C:\Windows\system32\DRIVERS\srv.sys
2010/12/18 13:11:01.0304 srv2 (71da2d64880c97e5ffc3c81761632751) C:\Windows\system32\DRIVERS\srv2.sys
2010/12/18 13:11:01.0466 srvnet (2d10de9022822772adaa120b15a9bd03) C:\Windows\system32\DRIVERS\srvnet.sys
2010/12/18 13:11:01.0711 STHDA (21cc262ab5f42f7a6b91dc7304c2f267) C:\Windows\system32\DRIVERS\stwrt.sys
2010/12/18 13:11:01.0835 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
2010/12/18 13:11:01.0959 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
2010/12/18 13:11:02.0025 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
2010/12/18 13:11:02.0116 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
2010/12/18 13:11:02.0247 SynTP (6bef3acd6ee22eec55b68699e8aace09) C:\Windows\system32\DRIVERS\SynTP.sys
2010/12/18 13:11:02.0494 Tcpip (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\drivers\tcpip.sys
2010/12/18 13:11:02.0709 Tcpip6 (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\DRIVERS\tcpip.sys
2010/12/18 13:11:02.0755 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
2010/12/18 13:11:02.0846 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
2010/12/18 13:11:02.0930 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
2010/12/18 13:11:03.0030 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
2010/12/18 13:11:03.0175 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
2010/12/18 13:11:03.0342 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
2010/12/18 13:11:03.0421 tunnel (119b8184e106baedc83fce5ddf3950da) C:\Windows\system32\DRIVERS\tunnel.sys
2010/12/18 13:11:03.0504 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
2010/12/18 13:11:03.0616 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
2010/12/18 13:11:03.0810 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
2010/12/18 13:11:03.0900 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
2010/12/18 13:11:04.0048 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
2010/12/18 13:11:04.0142 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
2010/12/18 13:11:04.0244 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
2010/12/18 13:11:04.0378 USBAAPL (5c2bdc152bbab34f36473deaf7713f22) C:\Windows\system32\Drivers\usbaapl.sys
2010/12/18 13:11:04.0480 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
2010/12/18 13:11:04.0570 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
2010/12/18 13:11:04.0689 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
2010/12/18 13:11:04.0791 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
2010/12/18 13:11:04.0913 usbohci (7bdb7b0e7d45ac0402d78b90789ef47c) C:\Windows\system32\DRIVERS\usbohci.sys
2010/12/18 13:11:05.0001 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
2010/12/18 13:11:05.0125 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
2010/12/18 13:11:05.0231 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2010/12/18 13:11:05.0311 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
2010/12/18 13:11:05.0420 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys
2010/12/18 13:11:05.0568 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
2010/12/18 13:11:05.0650 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
2010/12/18 13:11:05.0730 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
2010/12/18 13:11:05.0820 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
2010/12/18 13:11:05.0954 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
2010/12/18 13:11:06.0032 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
2010/12/18 13:11:06.0145 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
2010/12/18 13:11:06.0261 volsnap (dc7e02d75ddb5187001ebfb5dd1ee696) C:\Windows\system32\drivers\volsnap.sys
2010/12/18 13:11:06.0269 Suspicious file (Forged): C:\Windows\system32\drivers\volsnap.sys. Real md5: dc7e02d75ddb5187001ebfb5dd1ee696, Fake md5: 147281c01fcb1df9252de2a10d5e7093
2010/12/18 13:11:06.0283 volsnap - detected Rootkit.Win32.TDSS.tdl3 (0)
2010/12/18 13:11:06.0356 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
2010/12/18 13:11:06.0476 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
2010/12/18 13:11:06.0653 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2010/12/18 13:11:06.0734 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2010/12/18 13:11:06.0822 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
2010/12/18 13:11:06.0922 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
2010/12/18 13:11:07.0238 winachsf (5c7bdcf5864db00323fe2d90fa26a8a2) C:\Windows\system32\DRIVERS\VSTCNXT3.SYS
2010/12/18 13:11:07.0457 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
2010/12/18 13:11:07.0571 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
2010/12/18 13:11:07.0701 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
2010/12/18 13:11:07.0881 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
2010/12/18 13:11:08.0129 ================================================================================
2010/12/18 13:11:08.0129 Scan finished
2010/12/18 13:11:08.0129 ================================================================================
2010/12/18 13:11:08.0160 Detected object count: 2
2010/12/18 13:11:50.0999 Locked file(sptd) - User select action: Skip
2010/12/18 13:11:51.0111 volsnap (dc7e02d75ddb5187001ebfb5dd1ee696) C:\Windows\system32\drivers\volsnap.sys
2010/12/18 13:11:51.0115 Suspicious file (Forged): C:\Windows\system32\drivers\volsnap.sys. Real md5: dc7e02d75ddb5187001ebfb5dd1ee696, Fake md5: 147281c01fcb1df9252de2a10d5e7093
2010/12/18 13:11:52.0447 Backup copy found, using it..
2010/12/18 13:11:52.0537 C:\Windows\system32\drivers\volsnap.sys - will be cured after reboot
2010/12/18 13:11:52.0537 Rootkit.Win32.TDSS.tdl3(volsnap) - User select action: Cure
2010/12/18 13:11:58.0123 Deinitialize success

Thanks, and no, no redirects lately.
Thanks again!
nicoledee
Active Member
 
Posts: 11
Joined: December 7th, 2010, 8:09 am

Re: Epoclick Virus

Unread postby Airscape » December 20th, 2010, 3:58 pm

Hello,

Do you use a router to connect to the internet (if so what is the model/brand)?

CFScript
Download a new version of Combofix to your desktop: (delete the old version)
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
http://www.infospyware.net/antimalware/combofix/

Close any open browsers.
Open notepad and copy/paste the text in the code box below into it:

Code: Select all
Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000000

[-HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

[-HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

Reglock::
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}]

Regnull::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\System*]

DDS::
mURLSearchHooks: H - No File
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
Trusted Zone: microsoft.com\update
Trusted Zone: microsoft.com\windowsupdate
SEH: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - No File

File::
c:\windows\system32\WGATrayj.dll
c:\windows\Tasks\lqzvhck.job


Save this as CFScript.txt, in the same location as ComboFix.exe

Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions.

Image

Refering to the picture above, drag CFScript into ComboFix.exe
When finished, it shall produce a log for you. Please save it somewhere you can find and post the results.
Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall
A word of warning: Neither I nor sUBs are responsible for any damage you may cause to your machine by running ComboFix on your own. This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper


==================================================

TFC(Temp File Cleaner)
  • Please download TFC to your desktop.
  • Save any unsaved work. TFC will close all open application windows.
  • Double-click TFC.exe to run the program.
    (if using Vista: right-click the file and select Run as Admin)
  • Click the Start button in bottom left of TFC.
  • If prompted, click "Yes" to reboot.
Note: Save your work. TFC will automatically close any open programs, let it run uninterrupted.
It should not take longer than a couple of minutes, and may only take a few seconds. Only if needed will you be prompted to reboot.

================================================

ESET online scannner

Note: You can use either Internet Explorer or Mozilla FireFox for this scan.

Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

  • Hold down Control then click on the following link to open a new window to ESET online scannner
  • Then click on: Image
    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
    All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.
  • Select the option YES, I accept the Terms of Use then click on: Image
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on: Image
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
  • Now click on: Image
  • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.

=============================

Post the following:

Combofixlog
Eset log
New HijackThis log --- remember to right click > Run as Admin
Answer to question re using a router
One more update on how the pc is doing?
User avatar
Airscape
Regular Member
 
Posts: 1858
Joined: November 1st, 2008, 11:06 pm

Re: Epoclick Virus

Unread postby nicoledee » December 21st, 2010, 8:18 pm

Hi,
Yeah I do use a router it is a Netgear Wireless - N ADSL +2 Modem Router DGN2000.
BUT I do believe that the virus may be in my boyfriend's router, as he has the virus on his computer too, but maybe we should deal with that in a separate post, I don't want to get confused.

COMBOFIX LOG:


ComboFix 10-12-20.01 - nicole.dee 21/12/2010 10:26:16.3.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.61.1033.18.1978.1022 [GMT 10.5:30]
Running from: c:\users\nicole.dee\Desktop\ComboFix.exe
Command switches used :: c:\users\nicole.dee\Desktop\CFScript.txt
AV: BP Security Anti-Virus *Enabled/Updated* {2AE60669-4A4D-9072-52C3-AE6DC7FBA827}
FW: BP Security Firewall *Enabled* {12DD874C-0022-912A-799C-07583928EF5C}
SP: BP Security Anti-Spyware *Enabled/Updated* {EB7B86C7-56E4-8851-2533-24C5CA20ABFA}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

FILE ::
"c:\windows\system32\WGATrayj.dll"
"c:\windows\Tasks\lqzvhck.job"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\WGATrayj.dll
c:\windows\Tasks\lqzvhck.job
c:\windows\twain_16.dll

.
((((((((((((((((((((((((( Files Created from 2010-11-21 to 2010-12-21 )))))))))))))))))))))))))))))))
.

2010-12-21 00:15 . 2010-12-21 00:16 -------- d-----w- c:\users\nicole.dee\AppData\Local\temp
2010-12-21 00:15 . 2010-12-21 00:15 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-12-20 03:24 . 2010-12-20 03:24 -------- d-----w- c:\windows\en
2010-12-20 03:24 . 2010-09-22 13:51 39272 ----a-w- c:\windows\system32\drivers\fssfltr.sys
2010-12-20 03:17 . 2010-12-20 03:17 -------- d-----w- c:\program files\MSN Toolbar
2010-12-20 03:16 . 2010-12-20 03:17 -------- d-----w- c:\program files\Bing Bar Installer
2010-12-20 03:16 . 2009-09-04 07:14 69464 ----a-w- c:\windows\system32\XAPOFX1_3.dll
2010-12-20 03:16 . 2009-09-04 07:14 515416 ----a-w- c:\windows\system32\XAudio2_5.dll
2010-12-20 03:16 . 2009-09-04 06:59 453456 ----a-w- c:\windows\system32\d3dx10_42.dll
2010-12-20 03:14 . 2010-12-20 03:14 469256 ----a-w- c:\program files\Common Files\Windows Live\.cache\60468e01cb9ff419\InstallManager_WLE_WLE.exe
2010-12-20 03:13 . 2010-12-20 03:13 525656 ----a-w- c:\program files\Common Files\Windows Live\.cache\ea2677d01cb9ff318\DXSETUP.exe
2010-12-20 03:13 . 2010-12-20 03:13 94040 ----a-w- c:\program files\Common Files\Windows Live\.cache\ea2677d01cb9ff318\DSETUP.dll
2010-12-20 03:13 . 2010-12-20 03:13 1691480 ----a-w- c:\program files\Common Files\Windows Live\.cache\ea2677d01cb9ff318\dsetup32.dll
2010-12-20 03:13 . 2010-12-20 03:14 94040 ----a-w- c:\program files\Common Files\Windows Live\.cache\de3d9c001cb9ff317\DSETUP.dll
2010-12-20 03:13 . 2010-12-20 03:14 525656 ----a-w- c:\program files\Common Files\Windows Live\.cache\de3d9c001cb9ff317\DXSETUP.exe
2010-12-20 03:13 . 2010-12-20 03:14 1691480 ----a-w- c:\program files\Common Files\Windows Live\.cache\de3d9c001cb9ff317\dsetup32.dll
2010-12-20 03:09 . 2010-12-20 03:09 -------- d-----w- c:\users\nicole.dee\AppData\Local\Windows Live
2010-12-20 03:08 . 2009-08-04 08:02 754688 ----a-w- c:\windows\system32\webservices.dll
2010-12-20 02:59 . 2009-10-09 21:56 2048 ----a-w- c:\windows\system32\winrsmgr.dll
2010-12-20 02:58 . 2009-10-09 21:56 12800 ----a-w- c:\windows\system32\wsmprovhost.exe
2010-12-20 02:58 . 2009-10-09 21:56 20480 ----a-w- c:\windows\system32\winrshost.exe
2010-12-20 02:58 . 2009-10-09 21:56 40448 ----a-w- c:\windows\system32\winrs.exe
2010-12-20 02:54 . 2010-12-20 02:54 -------- d-----w- c:\windows\system32\SRSLabs
2010-12-20 02:48 . 2010-12-20 02:48 -------- d-----w- c:\windows\system32\x64
2010-12-20 02:34 . 2010-12-20 02:34 -------- d-----w- c:\program files\LSI SoftModem
2010-12-19 14:18 . 2010-12-19 14:18 -------- d-----w- c:\program files\iPod
2010-12-19 14:17 . 2010-12-19 14:21 -------- d-----w- c:\program files\iTunes
2010-12-19 14:00 . 2010-12-19 14:00 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin7.dll
2010-12-19 14:00 . 2010-12-19 14:00 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin6.dll
2010-12-19 14:00 . 2010-12-19 14:00 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin5.dll
2010-12-19 14:00 . 2010-12-19 14:00 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin4.dll
2010-12-19 14:00 . 2010-12-19 14:00 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin3.dll
2010-12-19 14:00 . 2010-12-19 14:00 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin2.dll
2010-12-19 14:00 . 2010-12-19 14:00 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin.dll
2010-12-18 03:54 . 2010-09-13 13:56 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2010-12-18 03:54 . 2010-09-13 13:56 168960 ----a-w- c:\program files\Windows Media Player\wmplayer.exe
2010-12-18 03:44 . 2010-12-18 03:44 -------- d-----w- c:\programdata\Synaptics
2010-12-18 03:43 . 2010-12-18 03:43 -------- d-----w- c:\users\nicole.dee\AppData\Roaming\Synaptics
2010-12-18 03:35 . 2010-12-18 03:35 -------- d-----w- c:\program files\Synaptics
2010-12-18 03:28 . 2009-08-07 00:19 1461992 ----a-w- c:\windows\system32\WdfCoInstaller01009.dll
2010-12-18 03:28 . 2010-05-27 12:01 120104 ----a-w- c:\windows\system32\SynTPCo4.dll
2010-12-18 03:28 . 2010-05-27 12:01 173352 ----a-w- c:\windows\system32\SynCOM.dll
2010-12-18 03:28 . 2010-05-27 12:01 165160 ----a-w- c:\windows\system32\SynTPAPI.dll
2010-12-18 02:32 . 2010-12-18 02:32 -------- d-----w- C:\MGADiagToolOutput
2010-12-17 08:24 . 2010-09-06 16:20 125952 ----a-w- c:\windows\system32\srvsvc.dll
2010-12-17 08:24 . 2010-09-06 13:45 304128 ----a-w- c:\windows\system32\drivers\srv.sys
2010-12-17 08:24 . 2010-09-06 13:45 102400 ----a-w- c:\windows\system32\drivers\srvnet.sys
2010-12-17 08:24 . 2010-09-06 13:45 145408 ----a-w- c:\windows\system32\drivers\srv2.sys
2010-12-17 08:24 . 2010-09-06 16:19 17920 ----a-w- c:\windows\system32\netevent.dll
2010-12-17 08:22 . 2009-08-11 16:44 1401856 ----a-w- c:\windows\system32\msxml6.dll
2010-12-17 08:20 . 2010-08-20 16:05 867328 ----a-w- c:\windows\system32\wmpmde.dll
2010-12-17 08:19 . 2010-08-10 15:53 274944 ----a-w- c:\windows\system32\schannel.dll
2010-12-17 08:11 . 2010-11-04 18:55 601600 ----a-w- c:\windows\system32\schedsvc.dll
2010-12-17 08:11 . 2010-11-04 18:55 352768 ----a-w- c:\windows\system32\taskschd.dll
2010-12-17 08:11 . 2010-11-04 18:56 345600 ----a-w- c:\windows\system32\wmicmiplugin.dll
2010-12-17 08:11 . 2010-11-04 18:55 270336 ----a-w- c:\windows\system32\taskcomp.dll
2010-12-17 08:11 . 2010-11-04 16:34 171520 ----a-w- c:\windows\system32\taskeng.exe
2010-12-15 04:58 . 2010-08-31 15:46 954752 ----a-w- c:\windows\system32\mfc40.dll
2010-12-15 04:58 . 2010-08-31 15:46 954288 ----a-w- c:\windows\system32\mfc40u.dll
2010-12-15 04:58 . 2010-08-26 16:34 1696256 ----a-w- c:\windows\system32\gameux.dll
2010-12-15 04:58 . 2010-08-26 16:33 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2010-12-15 04:56 . 2010-11-02 05:01 385024 ----a-w- c:\windows\system32\html.iec
2010-12-15 04:56 . 2010-11-02 05:57 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-12-15 04:56 . 2010-11-02 06:03 638232 ----a-w- c:\program files\Internet Explorer\iexplore.exe
2010-12-15 04:56 . 2010-11-02 04:26 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-12-15 04:42 . 2010-10-28 13:20 2048 ----a-w- c:\windows\system32\tzres.dll
2010-12-15 04:37 . 2010-08-26 16:37 157184 ----a-w- c:\windows\system32\t2embed.dll
2010-12-15 04:37 . 2010-10-28 13:27 292352 ----a-w- c:\windows\system32\atmfd.dll
2010-12-15 04:37 . 2010-10-28 15:44 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-12-15 04:37 . 2010-06-16 15:30 72704 ----a-w- c:\windows\system32\fontsub.dll
2010-12-15 04:37 . 2010-10-18 13:37 81920 ----a-w- c:\windows\system32\consent.exe
2010-12-15 04:37 . 2010-10-12 13:41 515584 ----a-w- c:\program files\Windows Mail\wab.exe
2010-12-15 04:37 . 2010-10-12 13:41 66048 ----a-w- c:\program files\Windows Mail\wabmig.exe
2010-12-15 04:37 . 2010-10-12 15:53 33280 ----a-w- c:\program files\Windows Mail\wabfind.dll
2010-12-15 04:36 . 2010-10-19 04:27 7680 ----a-w- c:\program files\Internet Explorer\iecompat.dll
2010-12-15 04:36 . 2010-06-28 17:00 1316864 ----a-w- c:\windows\system32\ole32.dll
2010-12-15 04:36 . 2010-06-28 14:54 339968 ----a-w- c:\program files\Windows NT\Accessories\wordpad.exe
2010-12-15 04:08 . 2010-11-03 10:51 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2010-12-15 04:03 . 2010-08-31 15:44 531968 ----a-w- c:\windows\system32\comctl32.dll
2010-12-15 04:03 . 2010-05-04 19:13 231424 ----a-w- c:\windows\system32\msshsq.dll
2010-12-15 02:40 . 2010-12-19 14:00 -------- d-----w- c:\program files\QuickTime
2010-12-15 02:05 . 2010-12-15 02:05 -------- d-----w- c:\users\nicole.dee\AppData\Roaming\Malwarebytes
2010-12-15 01:42 . 2010-11-29 07:12 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-15 01:42 . 2010-12-15 01:42 -------- d-----w- c:\programdata\Malwarebytes
2010-12-15 01:42 . 2010-11-29 07:12 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-12-15 01:42 . 2010-12-15 04:50 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-11-29 07:08 . 2010-11-29 07:08 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-11-29 07:08 . 2010-11-29 07:08 69632 ----a-w- c:\windows\system32\QuickTime.qts

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-12-18 02:43 . 2010-09-13 12:02 226280 ----a-w- c:\windows\system32\drivers\volsnap.sys
2010-11-19 09:33 . 2009-03-17 06:26 47360 ----a-w- c:\users\nicole.dee\AppData\Roaming\pcouffin.sys
2010-09-28 05:14 . 2010-09-28 05:14 41984 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2010-09-28 05:14 . 2010-09-28 05:14 4184352 ----a-w- c:\windows\system32\usbaaplrc.dll
2010-09-22 14:17 . 2010-09-22 14:17 49016 ----a-w- c:\windows\system32\sirenacm.dll
2010-09-22 14:02 . 2010-09-22 14:02 301936 ----a-w- c:\windows\WLXPGSS.SCR
2009-09-25 16:41 . 2009-09-25 16:41 1044480 ----a-w- c:\program files\opera\program\plugins\libdivx.dll
2009-09-25 16:41 . 2009-09-25 16:41 200704 ----a-w- c:\program files\opera\program\plugins\ssldivx.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-08-21 39408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-04-16 178712]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-11-20 488752]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-22 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]
"ESP"="c:\program files\bigpond\security\app\start.exe" [2010-08-26 62952]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-05 500208]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-10-08 47904]
"SynTPEnh"="%ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe" [BU]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-12-13 421160]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-25 136216]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-25 171032]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-25 170520]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2009-07-21 458844]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-1-17 727592]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sr.sys]
@="FSFilter System Recovery"

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
backup=c:\windows\pss\McAfee Security Scan Plus.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Microsoft Works Calendar Reminders.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Works Calendar Reminders.lnk
backup=c:\windows\pss\Microsoft Works Calendar Reminders.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^Users^nicole.dee^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2010 Screen Clipper and Launcher.lnk]
path=c:\users\nicole.dee\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
backup=c:\windows\pss\OneNote 2010 Screen Clipper and Launcher.lnk.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe]
2008-01-21 02:25 125952 ----a-w- c:\windows\ehome\ehtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus CX9300F Series]
2007-03-23 06:00 182272 ----a-w- c:\windows\System32\spool\drivers\w32x86\3\E_FATICFP.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpqSRMon]
2007-08-22 23:31 80896 ----a-w- c:\program files\HP\Digital Imaging\bin\HpqSRmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InternetDownload_upgrade]
2009-09-08 11:30 364544 ----a-w- c:\program files\VersalSoft\InternetDownload\InternetDownload.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]
2008-06-09 00:46 2363392 ----a-w- c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Memeo AutoBackup]
2008-11-07 19:38 144608 ----a-w- c:\program files\Memeo\AutoBackup\MemeoLauncher2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Memeo AutoSync]
2008-11-06 18:20 144608 ----a-w- c:\program files\Memeo\AutoSync\MemeoLauncher2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QPService]
2008-04-24 06:51 468264 ----a-w- c:\program files\HP\QuickPlay\QPService.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-29 07:08 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2009-08-21 10:55 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UCam_Menu]
2007-12-24 22:55 222504 ------w- c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
2008-01-21 02:25 202240 ----a-w- c:\program files\Windows Media Player\wmpnscfg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe"
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"HP Health Check Scheduler"=c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-2134303352-1733512035-1346837893-1003]
"EnableNotificationsRef"=dword:00000002

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-02-01 135664]
R3 iscFlash;iscFlash;c:\swsetup\sp43819\iscflash.sys [2009-02-02 11520]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl.sys [2009-05-29 17408]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2009-01-07 717296]
S1 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys [2009-08-05 93872]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_e2247046\aestsrv.exe [2009-03-02 81920]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2008-01-21 21504]
S2 AMP;Active Malware Protection Minifilter Driver;c:\windows\system32\Drivers\amp.sys [2010-08-02 132648]
S2 AMPSE;Active Malware Protection Support Driver;c:\windows\system32\Drivers\ampse.sys [2010-08-02 1123880]
S2 AuthElementsSvc;AuthElementsSvc;c:\program files\Bigpond\ESP Elements\AuthElementsSvc.exe [2010-08-13 242952]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2010-07-16 26168]
S2 MemeoBackgroundService;MemeoBackgroundService;c:\program files\Memeo\AutoBackup\MemeoBackgroundService.exe [2008-11-07 25824]
S2 Recovery Service for Windows;Recovery Service for Windows;c:\windows\SMINST\BLService.exe [2008-08-22 361808]
S2 SBAMSvc;Anti-Spyware;c:\program files\Common Files\Sunbelt\SBAMSvc.exe [2009-09-08 1012040]
S2 sbapifs;sbapifs;c:\windows\system32\DRIVERS\sbapifs.sys [2009-08-10 69936]
S2 vseamps;vseamps;c:\program files\Common Files\Authentium\AntiVirus5\vseamps.exe [2010-08-02 96808]
S2 vsedsps;vsedsps;c:\program files\Common Files\Authentium\AntiVirus5\vsedsps.exe [2010-08-02 96808]
S2 vseqrts;vseqrts;c:\program files\Common Files\Authentium\AntiVirus5\vseqrts.exe [2010-08-02 137768]
S3 authfwco;authfwco;c:\windows\system32\DRIVERS\authfwco.sys [2010-08-26 22792]
S3 enecir;ENE CIR Receiver;c:\windows\system32\DRIVERS\enecir.sys [2008-01-24 52736]
S3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2008-05-07 113152]
S3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\NETw5v32.sys [2008-11-17 3668480]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
Akamai REG_MULTI_SZ Akamai

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-06-09 00:44 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder

2010-12-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-01 07:43]

2010-12-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-01 07:43]

2010-12-21 c:\windows\Tasks\User_Feed_Synchronization-{F6202F01-1407-4389-8A19-DCE5AEDB6A15}.job
- c:\windows\system32\msfeedssync.exe [2010-12-15 04:25]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com.au/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE= ... on&pf=cnnb
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: Download by VersalSoft Internet Download - c:\program files\VersalSoft\InternetDownload\adddownload.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
.
- - - - ORPHANS REMOVED - - - -

SafeBoot-klmdb.sys
AddRemove-Agere Systems Soft Modem - c:\windows\agrsmdel



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-12-21 10:45
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


c:\users\nicole.dee\AppData\Local\Temp\catchme.dll 53248 bytes executable

scan completed successfully
hidden files: 1

**************************************************************************
.
Completion time: 2010-12-21 11:08:15
ComboFix-quarantined-files.txt 2010-12-21 00:37
ComboFix2.txt 2010-12-17 10:40

Pre-Run: 162,207,784,960 bytes free
Post-Run: 162,318,954,496 bytes free

- - End Of File - - 2A60EFBDA549B954C30206802172F41D


ESET LOG:


ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6419
# api_version=3.0.2
# EOSSerial=b187c860f094184ea903153871c3f45b
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2010-12-21 04:16:32
# local_time=2010-12-21 02:46:32 (+0930, Cen. Australia Daylight Time)
# country="Australia"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=5892 16776574 100 100 6656004 130424121 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=229809
# found=1
# cleaned=0
# scan_time=11798
C:\Qoobox\Quarantine\C\Windows\system32\WGATrayj.dll.vir Win32/Agent.RRJ trojan (unable to clean) 00000000000000000000000000000000 I


HIJACK THIS LOG:


Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 4:32:53 PM, on 21/12/2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18999)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\explorer.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Users\nicole.dee\Desktop\Virus fix stuff\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: E-Zsoft VideoDownloaderToolBar - {4322A444-92F8-4C3E-BD4C-013BA51E2871} - C:\Program Files\VersalSoft\InternetDownload\VDTB.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: E-Zsoft VideoDownloaderToolBar - {4322A444-92F8-4C3E-BD4C-013BA51E2871} - C:\Program Files\VersalSoft\InternetDownload\VDTB.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [ESP] "c:\Program Files\bigpond\security\app\start.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe
O4 - Global Startup: Bluetooth.lnk = ?
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - (no file)
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_e2247046\aestsrv.exe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: AuthElementsSvc - Authentium, Inc - c:\Program Files\Bigpond\ESP Elements\AuthElementsSvc.exe
O23 - Service: BigPond Security System Service (AuthSysSvc) - Authentium, Inc. - c:\Program Files\bigpond\security\App\syssvcnt.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: HP Service (hpsrv) - Hewlett-Packard Company - C:\Windows\system32\Hpservice.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPAHelper.exe - Unknown owner - C:\Program Files\iPod Access for Windows\iPAHelper.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe
O23 - Service: MemeoBackgroundService - Memeo - C:\Program Files\Memeo\AutoBackup\MemeoBackgroundService.exe
O23 - Service: Microsoft Office Groove Audit Service - Memeo - (no file)
O23 - Service: Nero BackItUp Scheduler 4.0 - Unknown owner - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe (file missing)
O23 - Service: QuickPlay Background Capture Service (QBCS) (QPCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
O23 - Service: QuickPlay Task Scheduler (QTS) (QPSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe
O23 - Service: Recovery Service for Windows - Unknown owner - C:\Windows\SMINST\BLService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Anti-Spyware (SBAMSvc) - Sunbelt Software - c:\Program Files\Common Files\Sunbelt\SBAMSvc.exe
O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_e2247046\STacSV.exe
O23 - Service: vseamps - Authentium, Inc - c:\Program Files\Common Files\Authentium\AntiVirus5\vseamps.exe
O23 - Service: vsedsps - Authentium, Inc - c:\Program Files\Common Files\Authentium\AntiVirus5\vsedsps.exe
O23 - Service: vseqrts - Authentium, Inc - c:\Program Files\Common Files\Authentium\AntiVirus5\vseqrts.exe

--
End of file - 9930 bytes


Computer is going well, seems to be faster and working more efficiently. No redirects for a while now, which is such a relief!
Thanks
nicoledee
Active Member
 
Posts: 11
Joined: December 7th, 2010, 8:09 am

Re: Epoclick Virus

Unread postby nicoledee » December 21st, 2010, 8:19 pm

Hi,
Yeah I do use a router it is a Netgear Wireless - N ADSL +2 Modem Router DGN2000.
BUT I do believe that the virus may be in my boyfriend's router, as he has the virus on his computer too, but maybe we should deal with that in a separate post, I don't want to get confused.

COMBOFIX LOG:


ComboFix 10-12-20.01 - nicole.dee 21/12/2010 10:26:16.3.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.61.1033.18.1978.1022 [GMT 10.5:30]
Running from: c:\users\nicole.dee\Desktop\ComboFix.exe
Command switches used :: c:\users\nicole.dee\Desktop\CFScript.txt
AV: BP Security Anti-Virus *Enabled/Updated* {2AE60669-4A4D-9072-52C3-AE6DC7FBA827}
FW: BP Security Firewall *Enabled* {12DD874C-0022-912A-799C-07583928EF5C}
SP: BP Security Anti-Spyware *Enabled/Updated* {EB7B86C7-56E4-8851-2533-24C5CA20ABFA}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

FILE ::
"c:\windows\system32\WGATrayj.dll"
"c:\windows\Tasks\lqzvhck.job"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\WGATrayj.dll
c:\windows\Tasks\lqzvhck.job
c:\windows\twain_16.dll

.
((((((((((((((((((((((((( Files Created from 2010-11-21 to 2010-12-21 )))))))))))))))))))))))))))))))
.

2010-12-21 00:15 . 2010-12-21 00:16 -------- d-----w- c:\users\nicole.dee\AppData\Local\temp
2010-12-21 00:15 . 2010-12-21 00:15 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-12-20 03:24 . 2010-12-20 03:24 -------- d-----w- c:\windows\en
2010-12-20 03:24 . 2010-09-22 13:51 39272 ----a-w- c:\windows\system32\drivers\fssfltr.sys
2010-12-20 03:17 . 2010-12-20 03:17 -------- d-----w- c:\program files\MSN Toolbar
2010-12-20 03:16 . 2010-12-20 03:17 -------- d-----w- c:\program files\Bing Bar Installer
2010-12-20 03:16 . 2009-09-04 07:14 69464 ----a-w- c:\windows\system32\XAPOFX1_3.dll
2010-12-20 03:16 . 2009-09-04 07:14 515416 ----a-w- c:\windows\system32\XAudio2_5.dll
2010-12-20 03:16 . 2009-09-04 06:59 453456 ----a-w- c:\windows\system32\d3dx10_42.dll
2010-12-20 03:14 . 2010-12-20 03:14 469256 ----a-w- c:\program files\Common Files\Windows Live\.cache\60468e01cb9ff419\InstallManager_WLE_WLE.exe
2010-12-20 03:13 . 2010-12-20 03:13 525656 ----a-w- c:\program files\Common Files\Windows Live\.cache\ea2677d01cb9ff318\DXSETUP.exe
2010-12-20 03:13 . 2010-12-20 03:13 94040 ----a-w- c:\program files\Common Files\Windows Live\.cache\ea2677d01cb9ff318\DSETUP.dll
2010-12-20 03:13 . 2010-12-20 03:13 1691480 ----a-w- c:\program files\Common Files\Windows Live\.cache\ea2677d01cb9ff318\dsetup32.dll
2010-12-20 03:13 . 2010-12-20 03:14 94040 ----a-w- c:\program files\Common Files\Windows Live\.cache\de3d9c001cb9ff317\DSETUP.dll
2010-12-20 03:13 . 2010-12-20 03:14 525656 ----a-w- c:\program files\Common Files\Windows Live\.cache\de3d9c001cb9ff317\DXSETUP.exe
2010-12-20 03:13 . 2010-12-20 03:14 1691480 ----a-w- c:\program files\Common Files\Windows Live\.cache\de3d9c001cb9ff317\dsetup32.dll
2010-12-20 03:09 . 2010-12-20 03:09 -------- d-----w- c:\users\nicole.dee\AppData\Local\Windows Live
2010-12-20 03:08 . 2009-08-04 08:02 754688 ----a-w- c:\windows\system32\webservices.dll
2010-12-20 02:59 . 2009-10-09 21:56 2048 ----a-w- c:\windows\system32\winrsmgr.dll
2010-12-20 02:58 . 2009-10-09 21:56 12800 ----a-w- c:\windows\system32\wsmprovhost.exe
2010-12-20 02:58 . 2009-10-09 21:56 20480 ----a-w- c:\windows\system32\winrshost.exe
2010-12-20 02:58 . 2009-10-09 21:56 40448 ----a-w- c:\windows\system32\winrs.exe
2010-12-20 02:54 . 2010-12-20 02:54 -------- d-----w- c:\windows\system32\SRSLabs
2010-12-20 02:48 . 2010-12-20 02:48 -------- d-----w- c:\windows\system32\x64
2010-12-20 02:34 . 2010-12-20 02:34 -------- d-----w- c:\program files\LSI SoftModem
2010-12-19 14:18 . 2010-12-19 14:18 -------- d-----w- c:\program files\iPod
2010-12-19 14:17 . 2010-12-19 14:21 -------- d-----w- c:\program files\iTunes
2010-12-19 14:00 . 2010-12-19 14:00 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin7.dll
2010-12-19 14:00 . 2010-12-19 14:00 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin6.dll
2010-12-19 14:00 . 2010-12-19 14:00 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin5.dll
2010-12-19 14:00 . 2010-12-19 14:00 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin4.dll
2010-12-19 14:00 . 2010-12-19 14:00 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin3.dll
2010-12-19 14:00 . 2010-12-19 14:00 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin2.dll
2010-12-19 14:00 . 2010-12-19 14:00 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin.dll
2010-12-18 03:54 . 2010-09-13 13:56 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2010-12-18 03:54 . 2010-09-13 13:56 168960 ----a-w- c:\program files\Windows Media Player\wmplayer.exe
2010-12-18 03:44 . 2010-12-18 03:44 -------- d-----w- c:\programdata\Synaptics
2010-12-18 03:43 . 2010-12-18 03:43 -------- d-----w- c:\users\nicole.dee\AppData\Roaming\Synaptics
2010-12-18 03:35 . 2010-12-18 03:35 -------- d-----w- c:\program files\Synaptics
2010-12-18 03:28 . 2009-08-07 00:19 1461992 ----a-w- c:\windows\system32\WdfCoInstaller01009.dll
2010-12-18 03:28 . 2010-05-27 12:01 120104 ----a-w- c:\windows\system32\SynTPCo4.dll
2010-12-18 03:28 . 2010-05-27 12:01 173352 ----a-w- c:\windows\system32\SynCOM.dll
2010-12-18 03:28 . 2010-05-27 12:01 165160 ----a-w- c:\windows\system32\SynTPAPI.dll
2010-12-18 02:32 . 2010-12-18 02:32 -------- d-----w- C:\MGADiagToolOutput
2010-12-17 08:24 . 2010-09-06 16:20 125952 ----a-w- c:\windows\system32\srvsvc.dll
2010-12-17 08:24 . 2010-09-06 13:45 304128 ----a-w- c:\windows\system32\drivers\srv.sys
2010-12-17 08:24 . 2010-09-06 13:45 102400 ----a-w- c:\windows\system32\drivers\srvnet.sys
2010-12-17 08:24 . 2010-09-06 13:45 145408 ----a-w- c:\windows\system32\drivers\srv2.sys
2010-12-17 08:24 . 2010-09-06 16:19 17920 ----a-w- c:\windows\system32\netevent.dll
2010-12-17 08:22 . 2009-08-11 16:44 1401856 ----a-w- c:\windows\system32\msxml6.dll
2010-12-17 08:20 . 2010-08-20 16:05 867328 ----a-w- c:\windows\system32\wmpmde.dll
2010-12-17 08:19 . 2010-08-10 15:53 274944 ----a-w- c:\windows\system32\schannel.dll
2010-12-17 08:11 . 2010-11-04 18:55 601600 ----a-w- c:\windows\system32\schedsvc.dll
2010-12-17 08:11 . 2010-11-04 18:55 352768 ----a-w- c:\windows\system32\taskschd.dll
2010-12-17 08:11 . 2010-11-04 18:56 345600 ----a-w- c:\windows\system32\wmicmiplugin.dll
2010-12-17 08:11 . 2010-11-04 18:55 270336 ----a-w- c:\windows\system32\taskcomp.dll
2010-12-17 08:11 . 2010-11-04 16:34 171520 ----a-w- c:\windows\system32\taskeng.exe
2010-12-15 04:58 . 2010-08-31 15:46 954752 ----a-w- c:\windows\system32\mfc40.dll
2010-12-15 04:58 . 2010-08-31 15:46 954288 ----a-w- c:\windows\system32\mfc40u.dll
2010-12-15 04:58 . 2010-08-26 16:34 1696256 ----a-w- c:\windows\system32\gameux.dll
2010-12-15 04:58 . 2010-08-26 16:33 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2010-12-15 04:56 . 2010-11-02 05:01 385024 ----a-w- c:\windows\system32\html.iec
2010-12-15 04:56 . 2010-11-02 05:57 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-12-15 04:56 . 2010-11-02 06:03 638232 ----a-w- c:\program files\Internet Explorer\iexplore.exe
2010-12-15 04:56 . 2010-11-02 04:26 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-12-15 04:42 . 2010-10-28 13:20 2048 ----a-w- c:\windows\system32\tzres.dll
2010-12-15 04:37 . 2010-08-26 16:37 157184 ----a-w- c:\windows\system32\t2embed.dll
2010-12-15 04:37 . 2010-10-28 13:27 292352 ----a-w- c:\windows\system32\atmfd.dll
2010-12-15 04:37 . 2010-10-28 15:44 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-12-15 04:37 . 2010-06-16 15:30 72704 ----a-w- c:\windows\system32\fontsub.dll
2010-12-15 04:37 . 2010-10-18 13:37 81920 ----a-w- c:\windows\system32\consent.exe
2010-12-15 04:37 . 2010-10-12 13:41 515584 ----a-w- c:\program files\Windows Mail\wab.exe
2010-12-15 04:37 . 2010-10-12 13:41 66048 ----a-w- c:\program files\Windows Mail\wabmig.exe
2010-12-15 04:37 . 2010-10-12 15:53 33280 ----a-w- c:\program files\Windows Mail\wabfind.dll
2010-12-15 04:36 . 2010-10-19 04:27 7680 ----a-w- c:\program files\Internet Explorer\iecompat.dll
2010-12-15 04:36 . 2010-06-28 17:00 1316864 ----a-w- c:\windows\system32\ole32.dll
2010-12-15 04:36 . 2010-06-28 14:54 339968 ----a-w- c:\program files\Windows NT\Accessories\wordpad.exe
2010-12-15 04:08 . 2010-11-03 10:51 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2010-12-15 04:03 . 2010-08-31 15:44 531968 ----a-w- c:\windows\system32\comctl32.dll
2010-12-15 04:03 . 2010-05-04 19:13 231424 ----a-w- c:\windows\system32\msshsq.dll
2010-12-15 02:40 . 2010-12-19 14:00 -------- d-----w- c:\program files\QuickTime
2010-12-15 02:05 . 2010-12-15 02:05 -------- d-----w- c:\users\nicole.dee\AppData\Roaming\Malwarebytes
2010-12-15 01:42 . 2010-11-29 07:12 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-15 01:42 . 2010-12-15 01:42 -------- d-----w- c:\programdata\Malwarebytes
2010-12-15 01:42 . 2010-11-29 07:12 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-12-15 01:42 . 2010-12-15 04:50 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-11-29 07:08 . 2010-11-29 07:08 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-11-29 07:08 . 2010-11-29 07:08 69632 ----a-w- c:\windows\system32\QuickTime.qts

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-12-18 02:43 . 2010-09-13 12:02 226280 ----a-w- c:\windows\system32\drivers\volsnap.sys
2010-11-19 09:33 . 2009-03-17 06:26 47360 ----a-w- c:\users\nicole.dee\AppData\Roaming\pcouffin.sys
2010-09-28 05:14 . 2010-09-28 05:14 41984 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2010-09-28 05:14 . 2010-09-28 05:14 4184352 ----a-w- c:\windows\system32\usbaaplrc.dll
2010-09-22 14:17 . 2010-09-22 14:17 49016 ----a-w- c:\windows\system32\sirenacm.dll
2010-09-22 14:02 . 2010-09-22 14:02 301936 ----a-w- c:\windows\WLXPGSS.SCR
2009-09-25 16:41 . 2009-09-25 16:41 1044480 ----a-w- c:\program files\opera\program\plugins\libdivx.dll
2009-09-25 16:41 . 2009-09-25 16:41 200704 ----a-w- c:\program files\opera\program\plugins\ssldivx.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-08-21 39408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-04-16 178712]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-11-20 488752]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-22 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]
"ESP"="c:\program files\bigpond\security\app\start.exe" [2010-08-26 62952]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-05 500208]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-10-08 47904]
"SynTPEnh"="%ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe" [BU]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-12-13 421160]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-25 136216]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-25 171032]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-25 170520]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2009-07-21 458844]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-1-17 727592]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sr.sys]
@="FSFilter System Recovery"

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
backup=c:\windows\pss\McAfee Security Scan Plus.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Microsoft Works Calendar Reminders.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Works Calendar Reminders.lnk
backup=c:\windows\pss\Microsoft Works Calendar Reminders.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^Users^nicole.dee^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2010 Screen Clipper and Launcher.lnk]
path=c:\users\nicole.dee\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
backup=c:\windows\pss\OneNote 2010 Screen Clipper and Launcher.lnk.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe]
2008-01-21 02:25 125952 ----a-w- c:\windows\ehome\ehtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus CX9300F Series]
2007-03-23 06:00 182272 ----a-w- c:\windows\System32\spool\drivers\w32x86\3\E_FATICFP.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpqSRMon]
2007-08-22 23:31 80896 ----a-w- c:\program files\HP\Digital Imaging\bin\HpqSRmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InternetDownload_upgrade]
2009-09-08 11:30 364544 ----a-w- c:\program files\VersalSoft\InternetDownload\InternetDownload.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]
2008-06-09 00:46 2363392 ----a-w- c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Memeo AutoBackup]
2008-11-07 19:38 144608 ----a-w- c:\program files\Memeo\AutoBackup\MemeoLauncher2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Memeo AutoSync]
2008-11-06 18:20 144608 ----a-w- c:\program files\Memeo\AutoSync\MemeoLauncher2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QPService]
2008-04-24 06:51 468264 ----a-w- c:\program files\HP\QuickPlay\QPService.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-29 07:08 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2009-08-21 10:55 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UCam_Menu]
2007-12-24 22:55 222504 ------w- c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
2008-01-21 02:25 202240 ----a-w- c:\program files\Windows Media Player\wmpnscfg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe"
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"HP Health Check Scheduler"=c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-2134303352-1733512035-1346837893-1003]
"EnableNotificationsRef"=dword:00000002

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-02-01 135664]
R3 iscFlash;iscFlash;c:\swsetup\sp43819\iscflash.sys [2009-02-02 11520]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl.sys [2009-05-29 17408]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2009-01-07 717296]
S1 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys [2009-08-05 93872]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_e2247046\aestsrv.exe [2009-03-02 81920]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2008-01-21 21504]
S2 AMP;Active Malware Protection Minifilter Driver;c:\windows\system32\Drivers\amp.sys [2010-08-02 132648]
S2 AMPSE;Active Malware Protection Support Driver;c:\windows\system32\Drivers\ampse.sys [2010-08-02 1123880]
S2 AuthElementsSvc;AuthElementsSvc;c:\program files\Bigpond\ESP Elements\AuthElementsSvc.exe [2010-08-13 242952]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2010-07-16 26168]
S2 MemeoBackgroundService;MemeoBackgroundService;c:\program files\Memeo\AutoBackup\MemeoBackgroundService.exe [2008-11-07 25824]
S2 Recovery Service for Windows;Recovery Service for Windows;c:\windows\SMINST\BLService.exe [2008-08-22 361808]
S2 SBAMSvc;Anti-Spyware;c:\program files\Common Files\Sunbelt\SBAMSvc.exe [2009-09-08 1012040]
S2 sbapifs;sbapifs;c:\windows\system32\DRIVERS\sbapifs.sys [2009-08-10 69936]
S2 vseamps;vseamps;c:\program files\Common Files\Authentium\AntiVirus5\vseamps.exe [2010-08-02 96808]
S2 vsedsps;vsedsps;c:\program files\Common Files\Authentium\AntiVirus5\vsedsps.exe [2010-08-02 96808]
S2 vseqrts;vseqrts;c:\program files\Common Files\Authentium\AntiVirus5\vseqrts.exe [2010-08-02 137768]
S3 authfwco;authfwco;c:\windows\system32\DRIVERS\authfwco.sys [2010-08-26 22792]
S3 enecir;ENE CIR Receiver;c:\windows\system32\DRIVERS\enecir.sys [2008-01-24 52736]
S3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2008-05-07 113152]
S3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\NETw5v32.sys [2008-11-17 3668480]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
Akamai REG_MULTI_SZ Akamai

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-06-09 00:44 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder

2010-12-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-01 07:43]

2010-12-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-01 07:43]

2010-12-21 c:\windows\Tasks\User_Feed_Synchronization-{F6202F01-1407-4389-8A19-DCE5AEDB6A15}.job
- c:\windows\system32\msfeedssync.exe [2010-12-15 04:25]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com.au/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE= ... on&pf=cnnb
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: Download by VersalSoft Internet Download - c:\program files\VersalSoft\InternetDownload\adddownload.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
.
- - - - ORPHANS REMOVED - - - -

SafeBoot-klmdb.sys
AddRemove-Agere Systems Soft Modem - c:\windows\agrsmdel



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-12-21 10:45
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


c:\users\nicole.dee\AppData\Local\Temp\catchme.dll 53248 bytes executable

scan completed successfully
hidden files: 1

**************************************************************************
.
Completion time: 2010-12-21 11:08:15
ComboFix-quarantined-files.txt 2010-12-21 00:37
ComboFix2.txt 2010-12-17 10:40

Pre-Run: 162,207,784,960 bytes free
Post-Run: 162,318,954,496 bytes free

- - End Of File - - 2A60EFBDA549B954C30206802172F41D


ESET LOG:


ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6419
# api_version=3.0.2
# EOSSerial=b187c860f094184ea903153871c3f45b
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2010-12-21 04:16:32
# local_time=2010-12-21 02:46:32 (+0930, Cen. Australia Daylight Time)
# country="Australia"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=5892 16776574 100 100 6656004 130424121 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=229809
# found=1
# cleaned=0
# scan_time=11798
C:\Qoobox\Quarantine\C\Windows\system32\WGATrayj.dll.vir Win32/Agent.RRJ trojan (unable to clean) 00000000000000000000000000000000 I


HIJACK THIS LOG:


Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 4:32:53 PM, on 21/12/2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18999)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\explorer.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Users\nicole.dee\Desktop\Virus fix stuff\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: E-Zsoft VideoDownloaderToolBar - {4322A444-92F8-4C3E-BD4C-013BA51E2871} - C:\Program Files\VersalSoft\InternetDownload\VDTB.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: E-Zsoft VideoDownloaderToolBar - {4322A444-92F8-4C3E-BD4C-013BA51E2871} - C:\Program Files\VersalSoft\InternetDownload\VDTB.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [ESP] "c:\Program Files\bigpond\security\app\start.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe
O4 - Global Startup: Bluetooth.lnk = ?
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - (no file)
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_e2247046\aestsrv.exe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: AuthElementsSvc - Authentium, Inc - c:\Program Files\Bigpond\ESP Elements\AuthElementsSvc.exe
O23 - Service: BigPond Security System Service (AuthSysSvc) - Authentium, Inc. - c:\Program Files\bigpond\security\App\syssvcnt.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: HP Service (hpsrv) - Hewlett-Packard Company - C:\Windows\system32\Hpservice.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPAHelper.exe - Unknown owner - C:\Program Files\iPod Access for Windows\iPAHelper.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe
O23 - Service: MemeoBackgroundService - Memeo - C:\Program Files\Memeo\AutoBackup\MemeoBackgroundService.exe
O23 - Service: Microsoft Office Groove Audit Service - Memeo - (no file)
O23 - Service: Nero BackItUp Scheduler 4.0 - Unknown owner - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe (file missing)
O23 - Service: QuickPlay Background Capture Service (QBCS) (QPCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
O23 - Service: QuickPlay Task Scheduler (QTS) (QPSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe
O23 - Service: Recovery Service for Windows - Unknown owner - C:\Windows\SMINST\BLService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Anti-Spyware (SBAMSvc) - Sunbelt Software - c:\Program Files\Common Files\Sunbelt\SBAMSvc.exe
O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_e2247046\STacSV.exe
O23 - Service: vseamps - Authentium, Inc - c:\Program Files\Common Files\Authentium\AntiVirus5\vseamps.exe
O23 - Service: vsedsps - Authentium, Inc - c:\Program Files\Common Files\Authentium\AntiVirus5\vsedsps.exe
O23 - Service: vseqrts - Authentium, Inc - c:\Program Files\Common Files\Authentium\AntiVirus5\vseqrts.exe

--
End of file - 9930 bytes


Computer is going well, seems to be faster and working more efficiently. No redirects for a while now, which is such a relief!
Thanks
nicoledee
Active Member
 
Posts: 11
Joined: December 7th, 2010, 8:09 am

Re: Epoclick Virus

Unread postby Airscape » December 22nd, 2010, 4:09 pm

BUT I do believe that the virus may be in my boyfriend's router, as he has the virus on his computer too, but maybe we should deal with that in a separate post, I don't want to get confused.

Yes start a new topic for the other computer (if the pc is for home use only). The reason I asked if you used a router is the malware had changed settings in the router. Are you aware if the routers default password was changed?

You need to reset the router:
Press the Wireless On/Off and WPS buttons simultaneously for 6 seconds to reset to its factory default settings
Then change the default password to something different. You may need to also contact your isp for details, etc.

Reset and Restore the NETGEAR device to Factory Default Settings
How to View or Change Your Wireless Network Password

You will need to also do this on any other routers you mentioned.

==============================================

Fix HijackThis lines
Run HijackThis.exe (right-click > run as admin) and click on scan
Place a tick next to the following lines (if still present)

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - (no file)

Close all open windows except Hijackthis and click Fix Checked
Click Yes when prompted and Close HJT.

--------------------------------------------

Uninstall ComboFix
Make sure ComboFix.exe is on the desktop.
Click on Start > All Programs > Accessories > Run...
Copy/paste in ComboFix /Uninstall and click OK.
(if you type it out note the space in the middle)
You should get a success message.

The above will implement some cleanup procedures as well as reset System Restore points.


Clean up with OTC
Download OTC by Old Timer here and save it to your desktop.
Right click on OTC.exe and select "Run as Admin" to run it.
Click on CleanUp!
At the "begin cleanup process" prompt, click Yes.
It will restart your computer automatically. If it doesn't, please restart your computer manually.

The above will remove the majority of tools/logs used in the removal process. If any still exist, please delete them yourself.

==============================================================

Finally please follow these steps to prevent reinfection and keep your pc safe and secure for the future.


Make sure that you keep your antivirus updated
New viruses come out every minute, so it is essential that you have the latest signatures for your antivirus program to provide you with the best possible protection from malicious software.

Security Updates for Windows, Internet Explorer & Microsoft Office
Whenever a security problem in its software is found, Microsoft will usually create a patch so that after the patch is installed, attackers can't use the vulnerability to install malicious software on your PC. Keeping up with these patches will help to prevent malicious software being installed on your PC.

Click Start > All Programs > Windows Update > Change Settings
Under Important updates choose Install updates automatically (recommended)
Choose a day/time when you know the pc will be on and connected to the internet, to automatically download then install the new updates
Under Recommended updates Check Give me recommended updates the same way I recieve important updates
Under Microsoft Update Check Give me updates for Microsoft products and check for new optional Microsoft software when I update Windows
Under Who can install updates Check Allow all users to install updates on this computer
Click OK
Click Check for updates at the main Windows Update screen and let it download then install them... reboot if required.

Update Non-Microsoft Programs
Microsoft isn't the only company whose products can contain security vulnerabilities. To check whether other programs running on your PC are in need of an update, you can use the Secunia Software Inspector or F-secure Health Check. I suggest that you run one of them at least once a month.

Install the latest Java Runtime Environment from here:
http://javadl.sun.com/webapps/download/ ... leId=44457
Run jre-6u23-windows-i586.exe and follow the prompts.

After that:
Uninstall these via Control Panel > Programs and Features
Java(TM) 6 Update 22
Java(TM) 6 Update 5

Launch Adobe Reader > Help > Check for updates > allow it to update to the latest version.

Further reading:
viewtopic.php?p=557960#p557960

Finally I am trying to make one point very clear. It is ABSOLUTELY ESSENTIAL to keep all of your security programs up to date.

I'd be grateful if you could reply to this post so that I know you have read it, and if you've no other questions, the thread can be closed.

Happy surfing and stay clean!
User avatar
Airscape
Regular Member
 
Posts: 1858
Joined: November 1st, 2008, 11:06 pm

Re: Epoclick Virus

Unread postby nicoledee » December 22nd, 2010, 9:54 pm

My router has always had a complicated password, and other computers used only at my house, do not have the infection, so I didn't reset mine, however I won't be taking my nice sparkley, clean computer to my boyfriends until the virus is dealt with there.
I will post his after Christmas.

Also- I ran F- Secure health check- and it said I didn't have a firewall, anti virus and anti spyware, despite the fact that I have Bigpond Security installed, so I'm wondering whether it didn't pick it up.. When I originally installed BPSecurity, I was told to uninstall all other security programs so they don't interfere.
So I'm hoping that's the case.

Aside from that everything is fantastic.
Thankyou so much for your help.
Will get on to fixing my partner's now!

Thankyou, and have a very Merry Christmas!
nicoledee
Active Member
 
Posts: 11
Joined: December 7th, 2010, 8:09 am
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 480 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware