How to remove "Privacy Protection"
unpeumanon
Posted messages
3
Status
Member
-
g3n-h@ckm@n -
g3n-h@ckm@n -
Hello everyone :),
I really need help, the damn "Privacy Protection" has taken over my netbook; so I no longer have internet access (except in safe mode), my programs, antivirus... basically, I can't use my beloved little PC anymore!
I've tried several methods I found on forums (like "trojan-killer", etc.) and "oh surprise" NOTHING, it’s blocked and on top of that I've caught a fucking Trojan horse, so:
how do I get rid of it, please?
Configuration: Windows 7 / Firefox 7.0.1
I really need help, the damn "Privacy Protection" has taken over my netbook; so I no longer have internet access (except in safe mode), my programs, antivirus... basically, I can't use my beloved little PC anymore!
I've tried several methods I found on forums (like "trojan-killer", etc.) and "oh surprise" NOTHING, it’s blocked and on top of that I've caught a fucking Trojan horse, so:
how do I get rid of it, please?
Configuration: Windows 7 / Firefox 7.0.1
6 answers
Hello, I have the same problem but I can't go online, what should I do????
Thank you very much for your help.
Thank you very much for your help.
tant pis
Hello, open a new topic please, thank you.
elduende
Start in safe mode (F8 at startup) then access Tools in programs, system restore (1 month prior by security) and there you go! Well, at least in theory ;)
@ unpeumanon
you were severely infected
please do this
1)
Download AdwCleaner (by Xplode) to your desktop.
http://general-changelog-team.fr/telechargements/logiciels/viewdownload/75-outils-de-xplode/28-adwcleaner
Run it, click on DELETE then wait for the scan to finish.
Once the scan is complete, a report will open. Please post its content in your next response.
Note: The report is also saved under C:\AdwCleaner.txt
....................
2)
Download MalwareByte's Anti-Malware (which you can keep afterwards)
https://www.commentcamarche.net/telecharger/securite/14361-malwarebytes-anti-malware/
Save it to the desktop
. Double-click on the downloaded file to start the installation process.
. In the "update" tab, click on the Check for Updates button
. If the firewall asks for permission to connect for Malwarebytes, accept
. Once the update is complete
. Go to the Scan tab
. Select Perform a Full Scan (this will take a while)
. Click on Scan
. The scan starts.
. At the end of the analysis, a message will display: The scan has finished normally. Click on 'Show Results' to see all detected items.
. Click on Ok to continue.
. If any malware has been detected, click on Show Results
. Select all (or leave checked) and click on Remove Selection. Malwarebytes will destroy the files and registry keys and put a copy in quarantine.
. Malwarebytes will open Notepad and copy the scan report there.
. Go to the report/log tab
. Click on it to display it, once it is displayed
. Click on edit at the top of Notepad, and then on select all
. Click on edit again and then on copy, and return to the forum in your reply
. Right-click in the reply box and paste
If you need help, check out these tutorials:
Help: https://www.malekal.com/tutoriel-malwarebyte-anti-malware/
http://www.infos-du-net.com/forum/278396-11-tuto-malwarebytes-anti-malware-mbam
......................
3)
Download ZHPDiag (by Nicolas Coolman).
https://www.zebulon.fr/telechargements/securite/systeme/zhpdiag.html
(diagnostic tool)
Double-click on the installation file, then install it with the default settings (Don't forget to check "Create a desktop icon")
Run ZHPDiag by double-clicking on the icon on your desktop (Right-click -> Run as admin (Vista/Seven)
Click on the magnifying glass at the top left, then let the tool scan.
Once the scan is complete, click on the floppy disk icon and save the file to your desktop.
Go to http://pjjoint.malekal.com/
Click on "Browse"
Select the ZHPdiag.txt report located on your desktop
Then click on "Send the file" and copy/paste the link in your next message
--
SECURITY CONTRIBUTOR
In disinfection, this is the most important part!
"Stay" until the end...thank you
you were severely infected
please do this
1)
Download AdwCleaner (by Xplode) to your desktop.
http://general-changelog-team.fr/telechargements/logiciels/viewdownload/75-outils-de-xplode/28-adwcleaner
Run it, click on DELETE then wait for the scan to finish.
Once the scan is complete, a report will open. Please post its content in your next response.
Note: The report is also saved under C:\AdwCleaner.txt
....................
2)
Download MalwareByte's Anti-Malware (which you can keep afterwards)
https://www.commentcamarche.net/telecharger/securite/14361-malwarebytes-anti-malware/
Save it to the desktop
. Double-click on the downloaded file to start the installation process.
. In the "update" tab, click on the Check for Updates button
. If the firewall asks for permission to connect for Malwarebytes, accept
. Once the update is complete
. Go to the Scan tab
. Select Perform a Full Scan (this will take a while)
. Click on Scan
. The scan starts.
. At the end of the analysis, a message will display: The scan has finished normally. Click on 'Show Results' to see all detected items.
. Click on Ok to continue.
. If any malware has been detected, click on Show Results
. Select all (or leave checked) and click on Remove Selection. Malwarebytes will destroy the files and registry keys and put a copy in quarantine.
. Malwarebytes will open Notepad and copy the scan report there.
. Go to the report/log tab
. Click on it to display it, once it is displayed
. Click on edit at the top of Notepad, and then on select all
. Click on edit again and then on copy, and return to the forum in your reply
. Right-click in the reply box and paste
If you need help, check out these tutorials:
Help: https://www.malekal.com/tutoriel-malwarebyte-anti-malware/
http://www.infos-du-net.com/forum/278396-11-tuto-malwarebytes-anti-malware-mbam
......................
3)
Download ZHPDiag (by Nicolas Coolman).
https://www.zebulon.fr/telechargements/securite/systeme/zhpdiag.html
(diagnostic tool)
Double-click on the installation file, then install it with the default settings (Don't forget to check "Create a desktop icon")
Run ZHPDiag by double-clicking on the icon on your desktop (Right-click -> Run as admin (Vista/Seven)
Click on the magnifying glass at the top left, then let the tool scan.
Once the scan is complete, click on the floppy disk icon and save the file to your desktop.
Go to http://pjjoint.malekal.com/
Click on "Browse"
Select the ZHPdiag.txt report located on your desktop
Then click on "Send the file" and copy/paste the link in your next message
--
SECURITY CONTRIBUTOR
In disinfection, this is the most important part!
"Stay" until the end...thank you
Hello, I have just retrieved privacy protection as well, and I was able to access the net with the software below.. I am posting the report to check if my PC is okay and the file is properly deleted?
thank you
alwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org
Database version: 8123
Windows 6.1.7601 Service Pack 1
Internet Explorer 8.0.7601.17514
11/09/2011 13:28:16
mbam-log-2011-11-09 (13-28-16).txt
Scan type: Quick scan
Item(s) scanned: 175896
Elapsed time: 7 minute(s), 58 second(s)
Infected memory process(es): 0
Infected memory module(s): 0
Infected registry key(s): 0
Infected registry value(s): 1
Infected registry data item(s): 0
Infected folder(s): 0
Infected file(s): 6
Infected memory process(es):
(No harmful item detected)
Infected memory module(s):
(No harmful item detected)
Infected registry key(s):
(No harmful item detected)
Infected registry value(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Privacy Protection (Exploit.Drop.Gen) -> Value: Privacy Protection -> Quarantined and deleted successfully.
Infected registry data item(s):
(No harmful item detected)
Infected folder(s):
(No harmful item detected)
Infected file(s):
c:\Users\Flo\AppData\Roaming\privacy.exe (Exploit.Drop.Gen) -> Quarantined and deleted successfully.
c:\Users\Flo\AppData\Local\Temp\0.18949726071829276.exe (Trojan.Inject.adb) -> Quarantined and deleted successfully.
c:\Users\Flo\AppData\Local\Temp\BF7D.tmp (Exploit.Drop.Gen) -> Quarantined and deleted successfully.
c:\Users\Flo\AppData\Local\Temp\D1E6.tmp (Exploit.Drop.Gen) -> Quarantined and deleted successfully.
c:\Users\Flo\AppData\Local\Temp\msimg32.dll (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Flo\AppData\Local\Temp\~!#2300.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
thank you
alwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org
Database version: 8123
Windows 6.1.7601 Service Pack 1
Internet Explorer 8.0.7601.17514
11/09/2011 13:28:16
mbam-log-2011-11-09 (13-28-16).txt
Scan type: Quick scan
Item(s) scanned: 175896
Elapsed time: 7 minute(s), 58 second(s)
Infected memory process(es): 0
Infected memory module(s): 0
Infected registry key(s): 0
Infected registry value(s): 1
Infected registry data item(s): 0
Infected folder(s): 0
Infected file(s): 6
Infected memory process(es):
(No harmful item detected)
Infected memory module(s):
(No harmful item detected)
Infected registry key(s):
(No harmful item detected)
Infected registry value(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Privacy Protection (Exploit.Drop.Gen) -> Value: Privacy Protection -> Quarantined and deleted successfully.
Infected registry data item(s):
(No harmful item detected)
Infected folder(s):
(No harmful item detected)
Infected file(s):
c:\Users\Flo\AppData\Roaming\privacy.exe (Exploit.Drop.Gen) -> Quarantined and deleted successfully.
c:\Users\Flo\AppData\Local\Temp\0.18949726071829276.exe (Trojan.Inject.adb) -> Quarantined and deleted successfully.
c:\Users\Flo\AppData\Local\Temp\BF7D.tmp (Exploit.Drop.Gen) -> Quarantined and deleted successfully.
c:\Users\Flo\AppData\Local\Temp\D1E6.tmp (Exploit.Drop.Gen) -> Quarantined and deleted successfully.
c:\Users\Flo\AppData\Local\Temp\msimg32.dll (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Flo\AppData\Local\Temp\~!#2300.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
Hello
Attention, before you begin, read the procedure carefully and print it out
Usage Help
https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix
Download ComboFix from sUBs to your Desktop:
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
/!\ Disconnect from the internet and <bold>DISABLE ALL DEFENSES, including antivirus and antispyware /!\ </bold>
---> Double-click on ComboFix.exe
A "pop-up" will appear saying that ComboFix is used at your own risk and without any guarantee... Click yes to accept
MAKE SURE TO INSTALL THE RECOVERY CONSOLE
(if it offers to install it, reconnect to the internet)
---> Set it to French F
Press the 1 key (Yes) to start the scan.
Do not touch anything (mouse, keyboard) until the scan is finished, as you risk crashing your PC
At the end of the scan, ComboFix may need to restart your PC to finalize the disinfection, let it do so.
Once the scan is complete, a report will be displayed: Post its contents
/!\ Reactivate the real-time protection of your antivirus and antispyware before reconnecting to the Internet. /!\
Note: The report can also be found here: C:\ComboFix.txt
--
SECURITY CONTRIBUTOR
In disinfection, the end is the most important!
"Stay" until the end...thank you
Attention, before you begin, read the procedure carefully and print it out
Usage Help
https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix
Download ComboFix from sUBs to your Desktop:
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
/!\ Disconnect from the internet and <bold>DISABLE ALL DEFENSES, including antivirus and antispyware /!\ </bold>
---> Double-click on ComboFix.exe
A "pop-up" will appear saying that ComboFix is used at your own risk and without any guarantee... Click yes to accept
MAKE SURE TO INSTALL THE RECOVERY CONSOLE
(if it offers to install it, reconnect to the internet)
---> Set it to French F
Press the 1 key (Yes) to start the scan.
Do not touch anything (mouse, keyboard) until the scan is finished, as you risk crashing your PC
At the end of the scan, ComboFix may need to restart your PC to finalize the disinfection, let it do so.
Once the scan is complete, a report will be displayed: Post its contents
/!\ Reactivate the real-time protection of your antivirus and antispyware before reconnecting to the Internet. /!\
Note: The report can also be found here: C:\ComboFix.txt
--
SECURITY CONTRIBUTOR
In disinfection, the end is the most important!
"Stay" until the end...thank you
ComboFix 11-11-07.03 - Manon 08/11/2011 1:17:22.1.4 - x86 NETWORK
Microsoft Windows 7 Starter Edition 6.1.7600.0.1252.33.1036.18.1013.421 [GMT 1:00]
Started from: C:\Users\Manon\Desktop\ComboFix.exe
AV: Norton Internet Security *Disabled/Outdated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton Internet Security *Disabled/Outdated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* A new restore point has been created
/wow section - STAGE 5
The process cannot access the file because it is being used by another process.
The process cannot access the file because it is being used by another process.
The process cannot access the file because it is being used by another process.
The process cannot access the file because it is being used by another process.
The process cannot access the file because it is being used by another process.
(((((((((((((((((((((((((((((((((((( Other deletions ))))))))))))))))))))))))))))))))))))))))))))))))
C:\Program Files\ClickPotatoLite
C:\Program Files\ClickPotatoLite\bin\10.0.630.0\firefox\extensions\install.rdf
C:\Program Files\ResultBar
C:\ProgramData\2ACA5CC3-0F83-453D-A079-1076FE1A8B65
C:\ProgramData\ClickPotatoLiteSA
C:\ProgramData\ClickPotatoLiteSA\ClickPotatoLiteSA.dat
C:\ProgramData\ClickPotatoLiteSA\ClickPotatoLiteSA_kyf.dat
C:\ProgramData\ClickPotatoLiteSA\ClickPotatoLiteSAAbout.mht
C:\ProgramData\ClickPotatoLiteSA\ClickPotatoLiteSAau.dat
C:\ProgramData\ClickPotatoLiteSA\ClickPotatoLiteSAEULA.mht
C:\ProgramData\FullRemove.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ClickPotato
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ClickPotato\About Us.lnk
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ClickPotato\ClickPotato Customer Support.lnk
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ClickPotato\ClickPotato Uninstall Instructions.lnk
C:\ProgramData\ResultBar
C:\Users\Manon\AppData\Roaming\ClickPotatoLite
C:\Users\Manon\AppData\Roaming\D1A.tmp
C:\Users\Manon\AppData\Roaming\privacy.exe
C:\windows\system32\system32
C:\windows\system32\system32\3DAudio.ax
C:\windows\system32\system32\avrt.dll
C:\windows\system32\system32\cis-2.4.dll
C:\windows\system32\system32\issacapi_bs-2.3.dll
C:\windows\system32\system32\issacapi_pe-2.3.dll
C:\windows\system32\system32\issacapi_se-2.3.dll
C:\windows\system32\system32\MACXMLProto.dll
C:\windows\system32\system32\MaDRM.dll
C:\windows\system32\system32\MaJGUILib.dll
C:\windows\system32\system32\MAMACExtract.dll
C:\windows\system32\system32\MASetupCleaner.exe
C:\windows\system32\system32\MaXMLProto.dll
C:\windows\system32\system32\mfplat.dll
C:\windows\system32\system32\MK_Lyric.dll
C:\windows\system32\system32\MSCLib.dll
C:\windows\system32\system32\MSFLib.dll
C:\windows\system32\system32\MSLUR71.dll
C:\windows\system32\system32\msvcp60.dll
C:\windows\system32\system32\MTTELECHIP.dll
C:\windows\system32\system32\MTXSYNCICON.dll
C:\windows\system32\system32\muzaf1.dll
C:\windows\system32\system32\muzapp.dll
C:\windows\system32\system32\muzapp.exe
C:\windows\system32\system32\muzdecode.ax
C:\windows\system32\system32\muzeffect.ax
C:\windows\system32\system32\muzmp4sp.ax
C:\windows\system32\system32\muzmpgsp.ax
C:\windows\system32\system32\muzoggsp.ax
C:\windows\system32\system32\muzwmts.dll
C:\windows\system32\system32\psapi.dll
An infected copy of C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe was found and disinfected
Copy restored from - C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
An infected copy of C:\Program Files\Google\Update\GoogleUpdate.exe was found and disinfected
Copy restored from - C:\Program Files\Google\Update\
An infected copy of C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe was found and disinfected
Copy restored from - C:\Program Files\Microsoft Application Virtualization Client\
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Service_ef4039b4
((((((((((((((((((((((((((((( Files created from 2011-10-08 to 2011-11-08 ))))))))))))))))))))))))))))))))))))
2011-11-08 00:35:31 . 2011-11-08 00:39:39 -------- d-----w- C:\Users\Manon\AppData\Local\temp
2011-11-08 00:35:31 . 2011-11-08 00:35:31 -------- d-----w- C:\Users\Default\AppData\Local\temp
2011-11-08 00:14:10 . 2011-11-08 00:14:10 56200 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{E4BE3208-FFF8-4E20-81C0-361CD2CCEDC2}\offreg.dll
2011-11-07 22:55:32 . 2011-11-07 23:17:48 -------- d-----w- C:\Program Files\GridinSoft Trojan Killer
2011-11-07 22:23:02 . 2011-11-07 22:23:02 -------- d-sh--w- C:\windows\system32\%APPDATA%
2011-11-05 21:09:29 . 2011-10-07 03:48:07 6668624 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{E4BE3208-FFF8-4E20-81C0-361CD2CCEDC2}\mpengine.dll
2011-11-05 21:07:55 . 2011-08-15 04:25:59 6144 ----a-w- C:\Program Files\Internet Explorer\iecompat.dll
2011-10-16 15:16:41 . 2011-10-16 15:16:47 -------- d-----w- C:\Users\Manon\AppData\Local\Ilivid Player
2011-10-16 15:15:02 . 2011-10-16 15:15:02 -------- d-----w- C:\Program Files\Windows iLivid Toolbar
2011-10-16 15:15:00 . 2011-10-16 15:58:32 -------- d-----w- C:\ProgramData\boost_interprocess
2011-10-16 15:14:32 . 2011-10-16 15:14:32 -------- d-----w- C:\Users\Manon\AppData\Local\PackageAware
2011-10-15 23:39:53 . 2011-10-15 23:39:53 -------- d-----w- C:\windows\system32\%LOCALAPPDATA%
2011-10-15 19:11:23 . 2011-10-15 19:11:23 -------- d-----w- C:\Users\Manon\AppData\Roaming\RGE
2011-10-15 19:10:47 . 2011-10-15 19:10:49 -------- d-----w- C:\Program Files\StarterBackgroundChanger
2011-10-15 19:03:02 . 2011-09-06 20:36:12 20568 ----a-w- C:\windows\system32\drivers\aswFsBlk.sys
2011-10-15 19:03:01 . 2011-09-06 20:37:53 320856 ----a-w- C:\windows\system32\drivers\aswSP.sys
2011-10-15 19:02:56 . 2011-09-06 20:36:38 34392 ----a-w- C:\windows\system32\drivers\aswRdr.sys
2011-10-15 19:02:55 . 2011-09-06 20:36:36 52568 ----a-w- C:\windows\system32\drivers\aswTdi.sys
2011-10-15 19:02:53 . 2011-09-06 20:38:05 442200 ----a-w- C:\windows\system32\drivers\aswSnx.sys
2011-10-15 19:02:50 . 2011-09-06 20:36:26 54616 ----a-w- C:\windows\system32\drivers\aswMonFlt.sys
2011-10-15 19:01:57 . 2011-09-06 20:45:29 41184 ----a-w- C:\windows\avastSS.scr
2011-10-15 19:01:57 . 2011-09-06 20:45:29 199304 ----a-w- C:\windows\system32\aswBoot.exe
2011-10-15 19:01:37 . 2011-10-15 19:01:37 -------- d-----w- C:\ProgramData\AVAST Software
2011-10-15 19:01:37 . 2011-10-15 19:01:37 -------- d-----w- C:\Program Files\AVAST Software
2011-10-14 09:16:15 . 2011-08-17 04:26:02 465408 ----a-w- C:\windows\system32\psisdecd.dll
2011-10-14 09:16:15 . 2011-08-17 04:22:23 75776 ----a-w- C:\windows\system32\psisrndr.ax
2011-10-14 09:16:14 . 2011-08-17 04:22:23 72704 ----a-w- C:\windows\system32\Mpeg2Data.ax
2011-10-14 09:16:14 . 2011-08-17 04:22:23 204288 ----a-w- C:\windows\system32\MSNP.ax
2011-10-14 09:16:13 . 2011-08-17 04:22:23 59904 ----a-w- C:\windows\system32\MSDvbNP.ax
2011-10-14 09:16:09 . 2011-08-27 04:43:07 571904 ----a-w- C:\windows\system32\oleaut32.dll
2011-10-14 09:16:09 . 2011-08-27 04:43:06 233472 ----a-w- C:\windows\system32\oleacc.dll
2011-10-14 09:16:04 . 2011-09-06 02:38:14 2332672 ----a-w- C:\windows\system32\win32k.sys
.
(((((((((((((((((((((((((((((((((( Find3M report ))))))))))))))))))))))))))))))))))))))))))))))))
2011-10-03 20:11:40 . 2011-07-11 12:30:24 134104 ----a-w- C:\Program Files\mozilla firefox\components\browsercomps.dll
(((((((((((((((((((((((((((((((( Registry Load Points ))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty items & legitimate initial items are not listed
REGEDIT4
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-09-06 20:45:22 122512 ----a-w- C:\Program Files\AVAST Software\Avast\ashShell.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2010-04-16 21:12:52 3872080]
"KiesHelper"="C:\Program Files\Samsung\Kies\KiesHelper.exe" [2011-06-24 06:54:30 941968]
"KiesTrayAgent"="C:\Program Files\Samsung\Kies\KiesTrayAgent.exe" [2011-06-24 06:54:36 3373968]
"KiesPDLR"="C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe" [2011-06-24 06:54:46 20880]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe" [2010-08-04 02:07:12 9398888]
"ETDCtrl"="C:\Program Files\Elantech\ETDCtrl.exe" [2010-08-30 10:59:40 1806728]
"BDMCon"="C:\Program Files\Softwin\BitDefender10\bdmcon.exe" [2007-04-02 14:48:40 290816]
"BDAgent"="C:\Program Files\Softwin\BitDefender10\bdagent.exe" [2007-03-26 13:49:46 69632]
"avast"="C:\Program Files\AVAST Software\Avast\avastUI.exe" [2011-09-06 20:45:30 3722416]
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [2010-7-21 836896]
SRS Premium Sound.lnk - C:\windows\Installer\{E5CF6B9C-3ABE-43C9-9413-AD5FFC98F049}\NewShortcut4_E9C83B3EDF9141A39DA5EC05C79BBB91.exe [2010-8-31 156952]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer1"=wdmaud.drv
R1 BHDrvx86;BHDrvx86;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\BASHDefs\20110723.001\BHDrvx86.sys [2011-07-25 18:15:12 815736]
R1 SymNetS;Symantec Network Security WFP Driver;C:\windows\System32\Drivers\NIS\1301000.01C\SYMNETS.SYS [2011-07-25 18:18:40 314488]
R2 gupdate;Google Update Service (gupdate);C:\Program Files\Google\Update\GoogleUpdate.exe [x]
R2 NIS;Norton Internet Security;C:\Program Files\Norton Internet Security\Engine\19.1.0.28\ccSvcHst.exe [2011-09-21 14:35:28 138760]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2011-05-14 11:45:52 105592]
R3 gupdatem;Google Update Service (gupdatem);C:\Program Files\Google\Update\GoogleUpdate.exe [x]
R3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 20:37:50 4640000]
R3 RTL8167;Realtek 8167 NT Driver;C:\windows\system32\DRIVERS\Rt86win7.sys [2009-07-13 22:02:52 139776]
R3 Samsung UPD Service;Samsung UPD Service;C:\windows\System32\SUPDSvc.exe [2010-08-09 19:04:04 131888]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);C:\windows\system32\DRIVERS\ssadbus.sys [2011-06-02 05:47:22 121064]
R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);C:\windows\system32\DRIVERS\ssadmdfl.sys [2011-06-02 05:47:22 12776]
R3 ssadmdm;SAMSUNG Android USB Modem Drivers;C:\windows\system32\DRIVERS\ssadmdm.sys [2011-06-02 05:47:22 136808]
R3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);C:\windows\system32\DRIVERS\ssadserd.sys [2011-06-02 05:47:22 114280]
S0 SymDS;Symantec Data Store;C:\windows\system32\drivers\NIS\1301000.01C\SYMDS.SYS [2011-07-25 18:18:36 340088]
S0 SymEFA;Symantec Extended File Attributes;C:\windows\system32\drivers\NIS\1301000.01C\SYMEFA.SYS [2011-07-28 19:20:02 897656]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 ccSet_NIS;Norton Internet Security Settings Manager;C:\windows\system32\drivers\NIS\1301000.01C\ccSetx86.sys [2011-08-08 15:38:12 132744]
S1 IDSVix86;IDSVix86;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\IPSDefs\20110726.001\IDSVix86.sys [2011-07-20 17:43:24 368248]
S1 SABI;SAMSUNG Kernel Driver For Windows 7;C:\windows\system32\Drivers\SABI.sys [2009-05-28 06:38:12 10752]
S1 SymIRON;Symantec Iron Driver;C:\windows\system32\drivers\NIS\1301000.01C\Ironx86.SYS [2011-07-25 18:15:52 149624]
S1 vwififlt;Virtual WiFi Filter Driver;C:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 23:52:04 48128]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;C:\windows\system32\drivers\aswMonFlt.sys [2011-09-06 20:36:26 54616]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2009-06-10 21:23:09 66384]
S2 cvhsvc;Client Virtualization Handler;C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2011-09-21 14:23:24 821664]
S2 sftlist;Application Virtualization Client;C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe [2011-11-08 00:35:30 508264]
S3 btwampfl;Bluetooth AMP USB Filter;C:\windows\system32\drivers\btwampfl.sys [2010-07-13 23:25:08 297000]
S3 btwl2cap;Bluetooth L2CAP Service;C:\windows\system32\DRIVERS\btwl2cap.sys [2010-03-02 07:37:36 33320]
S3 ETD;ELAN PS/2 Port Input Device;C:\windows\system32\DRIVERS\ETD.sys [2010-08-30 08:13:18 100744]
S3 Sftfs;Sftfs;C:\windows\system32\DRIVERS\Sftfslh.sys [2010-09-14 03:46:14 577384]
S3 Sftplay;Sftplay;C:\windows\system32\DRIVERS\Sftplaylh.sys [2010-09-14 03:46:18 194408]
S3 Sftredir;Sftredir;C:\windows\system32\DRIVERS\Sftredirlh.sys [2010-09-14 03:46:22 21864]
S3 Sftvol;Sftvol;C:\windows\system32\DRIVERS\Sftvollh.sys [2010-09-14 03:46:26 19304]
S3 sftvsa;Application Virtualization Service Agent;C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe [2011-09-21 14:24:47 219496]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\windows\system32\DRIVERS\yk62x86.sys [2010-07-08 08:28:46 322336]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS FontCache fdrespub AppIDSvc QWAVE wcncsvc
Contents of the 'Task Scheduler' folder
------- Additional examination -------
uStart Page = hxxp://www.searchqu.com/406
mStart Page = about:blank
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - C:\windows\system32\GPhotos.scr/200
IE: Send to &Bluetooth device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: Send &image to Bluetooth device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
IE: {{328ECD19-C167-40eb-A0C7-16FE7634105E} - {94BB0C4C-B957-479A-85E4-42F53B89F681} - C:\Program Files\Samsung AnyWeb Print\W2PBrowser.dll
TCP: DhcpNameServer = 212.27.40.241 212.27.40.240
FF - ProfilePath - C:\Users\Manon\AppData\Roaming\Mozilla\Firefox\Profiles\oda1z0bv.default\
FF - prefs.js: browser.search.selectedEngine - iLivid Web Search
FF - prefs.js: browser.startup.homepage - hxxp://www.searchqu.com/406
FF - prefs.js: keyword.URL - hxxp://www.searchqu.com/web?src=ffb&appid=119&systemid=406&sr=0&q=
- - - - ORPHANS REMOVED - - - -
URLSearchHooks-{22e03916-85c5-44b0-8dc9-1830c11238d9} - (no file)
URLSearchHooks-{38542454-dfb6-44f5-b052-d4e071a3d073} - (no file)
Toolbar-Locked - (no file)
Toolbar-{22e03916-85c5-44b0-8dc9-1830c11238d9} - (no file)
Toolbar-{30F9B915-B755-4826-820B-08FBA6BD249D} - (no file)
Toolbar-10 - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
WebBrowser-{22E03916-85C5-44B0-8DC9-1830C11238D9} - (no file)
WebBrowser-{38542454-DFB6-44F5-B052-D4E071A3D073} - (no file)
HKCU-Run-Privacy Protection - C:\Users\Manon\AppData\Roaming\privacy.exe
AddRemove-01_Simmental - C:\Program Files\Samsung\USB Drivers\01_Simmental\Uninstall.exe
AddRemove-02_Siberian - C:\Program Files\Samsung\USB Drivers\02_Siberian\Uninstall.exe
AddRemove-03_Swallowtail - C:\Program Files\Samsung\USB Drivers\03_Swallowtail\Uninstall.exe
AddRemove-04_semseyite - C:\Program Files\Samsung\USB Drivers\04_semseyite\Uninstall.exe
AddRemove-05_Sloan - C:\Program Files\Samsung\USB Drivers\05_Sloan\Uninstall.exe
AddRemove-06_Spencer - C:\Program Files\Samsung\USB Drivers\06_Spencer\Uninstall.exe
AddRemove-07_Schorl - C:\Program Files\Samsung\USB Drivers\07_Schorl\Uninstall.exe
AddRemove-08_EMPChipset - C:\Program Files\Samsung\USB Drivers\08_EMPChipset\Uninstall.exe
AddRemove-09_Hsp - C:\Program Files\Samsung\USB Drivers\09_Hsp\Uninstall.exe
AddRemove-11_HSP_Plus_Default - C:\Program Files\Samsung\USB Drivers\11_HSP_Plus_Default\Uninstall.exe
AddRemove-16_Shrewsbury - C:\Program Files\Samsung\USB Drivers\16_Shrewsbury\Uninstall.exe
AddRemove-17_EMP_Chipset2 - C:\Program Files\Samsung\USB Drivers\17_EMP_Chipset2\Uninstall.exe
AddRemove-18_Zinia_Serial_Driver - C:\Program Files\Samsung\USB Drivers\18_Zinia_Serial_Driver\Uninstall.exe
AddRemove-19_VIA_driver - C:\Program Files\Samsung\USB Drivers\19_VIA_driver\Uninstall.exe
AddRemove-20_NXP_Driver - C:\Program Files\Samsung\USB Drivers\20_NXP_Driver\Uninstall.exe
AddRemove-21_Searsburg - C:\Program Files\Samsung\USB Drivers\21_Searsburg\Uninstall.exe
AddRemove-22_WiBro_WiMAX - C:\Program Files\Samsung\USB Drivers\22_WiBro_WiMAX\Uninstall.exe
AddRemove-24_flashusbdriver - C:\Program Files\Samsung\USB Drivers\24_flashusbdriver\Uninstall.exe
AddRemove-25_escape - C:\Program Files\Samsung\USB Drivers\25_escape\Uninstall.exe
Microsoft Windows 7 Starter Edition 6.1.7600.0.1252.33.1036.18.1013.421 [GMT 1:00]
Started from: C:\Users\Manon\Desktop\ComboFix.exe
AV: Norton Internet Security *Disabled/Outdated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton Internet Security *Disabled/Outdated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* A new restore point has been created
/wow section - STAGE 5
The process cannot access the file because it is being used by another process.
The process cannot access the file because it is being used by another process.
The process cannot access the file because it is being used by another process.
The process cannot access the file because it is being used by another process.
The process cannot access the file because it is being used by another process.
(((((((((((((((((((((((((((((((((((( Other deletions ))))))))))))))))))))))))))))))))))))))))))))))))
C:\Program Files\ClickPotatoLite
C:\Program Files\ClickPotatoLite\bin\10.0.630.0\firefox\extensions\install.rdf
C:\Program Files\ResultBar
C:\ProgramData\2ACA5CC3-0F83-453D-A079-1076FE1A8B65
C:\ProgramData\ClickPotatoLiteSA
C:\ProgramData\ClickPotatoLiteSA\ClickPotatoLiteSA.dat
C:\ProgramData\ClickPotatoLiteSA\ClickPotatoLiteSA_kyf.dat
C:\ProgramData\ClickPotatoLiteSA\ClickPotatoLiteSAAbout.mht
C:\ProgramData\ClickPotatoLiteSA\ClickPotatoLiteSAau.dat
C:\ProgramData\ClickPotatoLiteSA\ClickPotatoLiteSAEULA.mht
C:\ProgramData\FullRemove.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ClickPotato
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ClickPotato\About Us.lnk
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ClickPotato\ClickPotato Customer Support.lnk
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ClickPotato\ClickPotato Uninstall Instructions.lnk
C:\ProgramData\ResultBar
C:\Users\Manon\AppData\Roaming\ClickPotatoLite
C:\Users\Manon\AppData\Roaming\D1A.tmp
C:\Users\Manon\AppData\Roaming\privacy.exe
C:\windows\system32\system32
C:\windows\system32\system32\3DAudio.ax
C:\windows\system32\system32\avrt.dll
C:\windows\system32\system32\cis-2.4.dll
C:\windows\system32\system32\issacapi_bs-2.3.dll
C:\windows\system32\system32\issacapi_pe-2.3.dll
C:\windows\system32\system32\issacapi_se-2.3.dll
C:\windows\system32\system32\MACXMLProto.dll
C:\windows\system32\system32\MaDRM.dll
C:\windows\system32\system32\MaJGUILib.dll
C:\windows\system32\system32\MAMACExtract.dll
C:\windows\system32\system32\MASetupCleaner.exe
C:\windows\system32\system32\MaXMLProto.dll
C:\windows\system32\system32\mfplat.dll
C:\windows\system32\system32\MK_Lyric.dll
C:\windows\system32\system32\MSCLib.dll
C:\windows\system32\system32\MSFLib.dll
C:\windows\system32\system32\MSLUR71.dll
C:\windows\system32\system32\msvcp60.dll
C:\windows\system32\system32\MTTELECHIP.dll
C:\windows\system32\system32\MTXSYNCICON.dll
C:\windows\system32\system32\muzaf1.dll
C:\windows\system32\system32\muzapp.dll
C:\windows\system32\system32\muzapp.exe
C:\windows\system32\system32\muzdecode.ax
C:\windows\system32\system32\muzeffect.ax
C:\windows\system32\system32\muzmp4sp.ax
C:\windows\system32\system32\muzmpgsp.ax
C:\windows\system32\system32\muzoggsp.ax
C:\windows\system32\system32\muzwmts.dll
C:\windows\system32\system32\psapi.dll
An infected copy of C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe was found and disinfected
Copy restored from - C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
An infected copy of C:\Program Files\Google\Update\GoogleUpdate.exe was found and disinfected
Copy restored from - C:\Program Files\Google\Update\
An infected copy of C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe was found and disinfected
Copy restored from - C:\Program Files\Microsoft Application Virtualization Client\
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Service_ef4039b4
((((((((((((((((((((((((((((( Files created from 2011-10-08 to 2011-11-08 ))))))))))))))))))))))))))))))))))))
2011-11-08 00:35:31 . 2011-11-08 00:39:39 -------- d-----w- C:\Users\Manon\AppData\Local\temp
2011-11-08 00:35:31 . 2011-11-08 00:35:31 -------- d-----w- C:\Users\Default\AppData\Local\temp
2011-11-08 00:14:10 . 2011-11-08 00:14:10 56200 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{E4BE3208-FFF8-4E20-81C0-361CD2CCEDC2}\offreg.dll
2011-11-07 22:55:32 . 2011-11-07 23:17:48 -------- d-----w- C:\Program Files\GridinSoft Trojan Killer
2011-11-07 22:23:02 . 2011-11-07 22:23:02 -------- d-sh--w- C:\windows\system32\%APPDATA%
2011-11-05 21:09:29 . 2011-10-07 03:48:07 6668624 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{E4BE3208-FFF8-4E20-81C0-361CD2CCEDC2}\mpengine.dll
2011-11-05 21:07:55 . 2011-08-15 04:25:59 6144 ----a-w- C:\Program Files\Internet Explorer\iecompat.dll
2011-10-16 15:16:41 . 2011-10-16 15:16:47 -------- d-----w- C:\Users\Manon\AppData\Local\Ilivid Player
2011-10-16 15:15:02 . 2011-10-16 15:15:02 -------- d-----w- C:\Program Files\Windows iLivid Toolbar
2011-10-16 15:15:00 . 2011-10-16 15:58:32 -------- d-----w- C:\ProgramData\boost_interprocess
2011-10-16 15:14:32 . 2011-10-16 15:14:32 -------- d-----w- C:\Users\Manon\AppData\Local\PackageAware
2011-10-15 23:39:53 . 2011-10-15 23:39:53 -------- d-----w- C:\windows\system32\%LOCALAPPDATA%
2011-10-15 19:11:23 . 2011-10-15 19:11:23 -------- d-----w- C:\Users\Manon\AppData\Roaming\RGE
2011-10-15 19:10:47 . 2011-10-15 19:10:49 -------- d-----w- C:\Program Files\StarterBackgroundChanger
2011-10-15 19:03:02 . 2011-09-06 20:36:12 20568 ----a-w- C:\windows\system32\drivers\aswFsBlk.sys
2011-10-15 19:03:01 . 2011-09-06 20:37:53 320856 ----a-w- C:\windows\system32\drivers\aswSP.sys
2011-10-15 19:02:56 . 2011-09-06 20:36:38 34392 ----a-w- C:\windows\system32\drivers\aswRdr.sys
2011-10-15 19:02:55 . 2011-09-06 20:36:36 52568 ----a-w- C:\windows\system32\drivers\aswTdi.sys
2011-10-15 19:02:53 . 2011-09-06 20:38:05 442200 ----a-w- C:\windows\system32\drivers\aswSnx.sys
2011-10-15 19:02:50 . 2011-09-06 20:36:26 54616 ----a-w- C:\windows\system32\drivers\aswMonFlt.sys
2011-10-15 19:01:57 . 2011-09-06 20:45:29 41184 ----a-w- C:\windows\avastSS.scr
2011-10-15 19:01:57 . 2011-09-06 20:45:29 199304 ----a-w- C:\windows\system32\aswBoot.exe
2011-10-15 19:01:37 . 2011-10-15 19:01:37 -------- d-----w- C:\ProgramData\AVAST Software
2011-10-15 19:01:37 . 2011-10-15 19:01:37 -------- d-----w- C:\Program Files\AVAST Software
2011-10-14 09:16:15 . 2011-08-17 04:26:02 465408 ----a-w- C:\windows\system32\psisdecd.dll
2011-10-14 09:16:15 . 2011-08-17 04:22:23 75776 ----a-w- C:\windows\system32\psisrndr.ax
2011-10-14 09:16:14 . 2011-08-17 04:22:23 72704 ----a-w- C:\windows\system32\Mpeg2Data.ax
2011-10-14 09:16:14 . 2011-08-17 04:22:23 204288 ----a-w- C:\windows\system32\MSNP.ax
2011-10-14 09:16:13 . 2011-08-17 04:22:23 59904 ----a-w- C:\windows\system32\MSDvbNP.ax
2011-10-14 09:16:09 . 2011-08-27 04:43:07 571904 ----a-w- C:\windows\system32\oleaut32.dll
2011-10-14 09:16:09 . 2011-08-27 04:43:06 233472 ----a-w- C:\windows\system32\oleacc.dll
2011-10-14 09:16:04 . 2011-09-06 02:38:14 2332672 ----a-w- C:\windows\system32\win32k.sys
.
(((((((((((((((((((((((((((((((((( Find3M report ))))))))))))))))))))))))))))))))))))))))))))))))
2011-10-03 20:11:40 . 2011-07-11 12:30:24 134104 ----a-w- C:\Program Files\mozilla firefox\components\browsercomps.dll
(((((((((((((((((((((((((((((((( Registry Load Points ))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty items & legitimate initial items are not listed
REGEDIT4
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-09-06 20:45:22 122512 ----a-w- C:\Program Files\AVAST Software\Avast\ashShell.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2010-04-16 21:12:52 3872080]
"KiesHelper"="C:\Program Files\Samsung\Kies\KiesHelper.exe" [2011-06-24 06:54:30 941968]
"KiesTrayAgent"="C:\Program Files\Samsung\Kies\KiesTrayAgent.exe" [2011-06-24 06:54:36 3373968]
"KiesPDLR"="C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe" [2011-06-24 06:54:46 20880]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe" [2010-08-04 02:07:12 9398888]
"ETDCtrl"="C:\Program Files\Elantech\ETDCtrl.exe" [2010-08-30 10:59:40 1806728]
"BDMCon"="C:\Program Files\Softwin\BitDefender10\bdmcon.exe" [2007-04-02 14:48:40 290816]
"BDAgent"="C:\Program Files\Softwin\BitDefender10\bdagent.exe" [2007-03-26 13:49:46 69632]
"avast"="C:\Program Files\AVAST Software\Avast\avastUI.exe" [2011-09-06 20:45:30 3722416]
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [2010-7-21 836896]
SRS Premium Sound.lnk - C:\windows\Installer\{E5CF6B9C-3ABE-43C9-9413-AD5FFC98F049}\NewShortcut4_E9C83B3EDF9141A39DA5EC05C79BBB91.exe [2010-8-31 156952]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer1"=wdmaud.drv
R1 BHDrvx86;BHDrvx86;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\BASHDefs\20110723.001\BHDrvx86.sys [2011-07-25 18:15:12 815736]
R1 SymNetS;Symantec Network Security WFP Driver;C:\windows\System32\Drivers\NIS\1301000.01C\SYMNETS.SYS [2011-07-25 18:18:40 314488]
R2 gupdate;Google Update Service (gupdate);C:\Program Files\Google\Update\GoogleUpdate.exe [x]
R2 NIS;Norton Internet Security;C:\Program Files\Norton Internet Security\Engine\19.1.0.28\ccSvcHst.exe [2011-09-21 14:35:28 138760]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2011-05-14 11:45:52 105592]
R3 gupdatem;Google Update Service (gupdatem);C:\Program Files\Google\Update\GoogleUpdate.exe [x]
R3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 20:37:50 4640000]
R3 RTL8167;Realtek 8167 NT Driver;C:\windows\system32\DRIVERS\Rt86win7.sys [2009-07-13 22:02:52 139776]
R3 Samsung UPD Service;Samsung UPD Service;C:\windows\System32\SUPDSvc.exe [2010-08-09 19:04:04 131888]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);C:\windows\system32\DRIVERS\ssadbus.sys [2011-06-02 05:47:22 121064]
R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);C:\windows\system32\DRIVERS\ssadmdfl.sys [2011-06-02 05:47:22 12776]
R3 ssadmdm;SAMSUNG Android USB Modem Drivers;C:\windows\system32\DRIVERS\ssadmdm.sys [2011-06-02 05:47:22 136808]
R3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);C:\windows\system32\DRIVERS\ssadserd.sys [2011-06-02 05:47:22 114280]
S0 SymDS;Symantec Data Store;C:\windows\system32\drivers\NIS\1301000.01C\SYMDS.SYS [2011-07-25 18:18:36 340088]
S0 SymEFA;Symantec Extended File Attributes;C:\windows\system32\drivers\NIS\1301000.01C\SYMEFA.SYS [2011-07-28 19:20:02 897656]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 ccSet_NIS;Norton Internet Security Settings Manager;C:\windows\system32\drivers\NIS\1301000.01C\ccSetx86.sys [2011-08-08 15:38:12 132744]
S1 IDSVix86;IDSVix86;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\IPSDefs\20110726.001\IDSVix86.sys [2011-07-20 17:43:24 368248]
S1 SABI;SAMSUNG Kernel Driver For Windows 7;C:\windows\system32\Drivers\SABI.sys [2009-05-28 06:38:12 10752]
S1 SymIRON;Symantec Iron Driver;C:\windows\system32\drivers\NIS\1301000.01C\Ironx86.SYS [2011-07-25 18:15:52 149624]
S1 vwififlt;Virtual WiFi Filter Driver;C:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 23:52:04 48128]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;C:\windows\system32\drivers\aswMonFlt.sys [2011-09-06 20:36:26 54616]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2009-06-10 21:23:09 66384]
S2 cvhsvc;Client Virtualization Handler;C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2011-09-21 14:23:24 821664]
S2 sftlist;Application Virtualization Client;C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe [2011-11-08 00:35:30 508264]
S3 btwampfl;Bluetooth AMP USB Filter;C:\windows\system32\drivers\btwampfl.sys [2010-07-13 23:25:08 297000]
S3 btwl2cap;Bluetooth L2CAP Service;C:\windows\system32\DRIVERS\btwl2cap.sys [2010-03-02 07:37:36 33320]
S3 ETD;ELAN PS/2 Port Input Device;C:\windows\system32\DRIVERS\ETD.sys [2010-08-30 08:13:18 100744]
S3 Sftfs;Sftfs;C:\windows\system32\DRIVERS\Sftfslh.sys [2010-09-14 03:46:14 577384]
S3 Sftplay;Sftplay;C:\windows\system32\DRIVERS\Sftplaylh.sys [2010-09-14 03:46:18 194408]
S3 Sftredir;Sftredir;C:\windows\system32\DRIVERS\Sftredirlh.sys [2010-09-14 03:46:22 21864]
S3 Sftvol;Sftvol;C:\windows\system32\DRIVERS\Sftvollh.sys [2010-09-14 03:46:26 19304]
S3 sftvsa;Application Virtualization Service Agent;C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe [2011-09-21 14:24:47 219496]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\windows\system32\DRIVERS\yk62x86.sys [2010-07-08 08:28:46 322336]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS FontCache fdrespub AppIDSvc QWAVE wcncsvc
Contents of the 'Task Scheduler' folder
------- Additional examination -------
uStart Page = hxxp://www.searchqu.com/406
mStart Page = about:blank
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - C:\windows\system32\GPhotos.scr/200
IE: Send to &Bluetooth device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: Send &image to Bluetooth device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
IE: {{328ECD19-C167-40eb-A0C7-16FE7634105E} - {94BB0C4C-B957-479A-85E4-42F53B89F681} - C:\Program Files\Samsung AnyWeb Print\W2PBrowser.dll
TCP: DhcpNameServer = 212.27.40.241 212.27.40.240
FF - ProfilePath - C:\Users\Manon\AppData\Roaming\Mozilla\Firefox\Profiles\oda1z0bv.default\
FF - prefs.js: browser.search.selectedEngine - iLivid Web Search
FF - prefs.js: browser.startup.homepage - hxxp://www.searchqu.com/406
FF - prefs.js: keyword.URL - hxxp://www.searchqu.com/web?src=ffb&appid=119&systemid=406&sr=0&q=
- - - - ORPHANS REMOVED - - - -
URLSearchHooks-{22e03916-85c5-44b0-8dc9-1830c11238d9} - (no file)
URLSearchHooks-{38542454-dfb6-44f5-b052-d4e071a3d073} - (no file)
Toolbar-Locked - (no file)
Toolbar-{22e03916-85c5-44b0-8dc9-1830c11238d9} - (no file)
Toolbar-{30F9B915-B755-4826-820B-08FBA6BD249D} - (no file)
Toolbar-10 - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
WebBrowser-{22E03916-85C5-44B0-8DC9-1830C11238D9} - (no file)
WebBrowser-{38542454-DFB6-44F5-B052-D4E071A3D073} - (no file)
HKCU-Run-Privacy Protection - C:\Users\Manon\AppData\Roaming\privacy.exe
AddRemove-01_Simmental - C:\Program Files\Samsung\USB Drivers\01_Simmental\Uninstall.exe
AddRemove-02_Siberian - C:\Program Files\Samsung\USB Drivers\02_Siberian\Uninstall.exe
AddRemove-03_Swallowtail - C:\Program Files\Samsung\USB Drivers\03_Swallowtail\Uninstall.exe
AddRemove-04_semseyite - C:\Program Files\Samsung\USB Drivers\04_semseyite\Uninstall.exe
AddRemove-05_Sloan - C:\Program Files\Samsung\USB Drivers\05_Sloan\Uninstall.exe
AddRemove-06_Spencer - C:\Program Files\Samsung\USB Drivers\06_Spencer\Uninstall.exe
AddRemove-07_Schorl - C:\Program Files\Samsung\USB Drivers\07_Schorl\Uninstall.exe
AddRemove-08_EMPChipset - C:\Program Files\Samsung\USB Drivers\08_EMPChipset\Uninstall.exe
AddRemove-09_Hsp - C:\Program Files\Samsung\USB Drivers\09_Hsp\Uninstall.exe
AddRemove-11_HSP_Plus_Default - C:\Program Files\Samsung\USB Drivers\11_HSP_Plus_Default\Uninstall.exe
AddRemove-16_Shrewsbury - C:\Program Files\Samsung\USB Drivers\16_Shrewsbury\Uninstall.exe
AddRemove-17_EMP_Chipset2 - C:\Program Files\Samsung\USB Drivers\17_EMP_Chipset2\Uninstall.exe
AddRemove-18_Zinia_Serial_Driver - C:\Program Files\Samsung\USB Drivers\18_Zinia_Serial_Driver\Uninstall.exe
AddRemove-19_VIA_driver - C:\Program Files\Samsung\USB Drivers\19_VIA_driver\Uninstall.exe
AddRemove-20_NXP_Driver - C:\Program Files\Samsung\USB Drivers\20_NXP_Driver\Uninstall.exe
AddRemove-21_Searsburg - C:\Program Files\Samsung\USB Drivers\21_Searsburg\Uninstall.exe
AddRemove-22_WiBro_WiMAX - C:\Program Files\Samsung\USB Drivers\22_WiBro_WiMAX\Uninstall.exe
AddRemove-24_flashusbdriver - C:\Program Files\Samsung\USB Drivers\24_flashusbdriver\Uninstall.exe
AddRemove-25_escape - C:\Program Files\Samsung\USB Drivers\25_escape\Uninstall.exe