Jump to content

Build Theme!
  •  
  • Unreplied Topics
  • Downloads
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 93125 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

Crazed Luddite attempts to save computer.

Started by Baruga , Mar 16 2011 03:29 PM

  • This topic is locked This topic is locked
150 replies to this topic

#46 Baruga

Baruga

    Authentic Member

  • Authentic Member
  • PipPip
  • 142 posts

Posted 17 March 2011 - 06:51 PM

omg There's so many things in there, that I have never seen before...it's like outer space jeez......bare with me while I figure this out.....holy....

    Advertisements

Register to Remove

#47 Baruga

Baruga

    Authentic Member

  • Authentic Member
  • PipPip
  • 142 posts

Posted 17 March 2011 - 06:57 PM

2011-03-17 17:59:08 . 2011-03-17 17:59:08 722 ----a-w- C:\Qoobox\Quarantine\Registry_backups\AddRemove-Octoshape add-in for Adobe Flash Player.reg.dat 2011-03-17 17:58:45 . 2011-03-17 17:58:45 137 ----a-w- C:\Qoobox\Quarantine\Registry_backups\HKLM-Run-AVG_TRAY.reg.dat 2011-03-17 17:58:44 . 2011-03-17 17:58:44 103 ----a-w- C:\Qoobox\Quarantine\Registry_backups\HKLM-Run-eRecoveryService.reg.dat 2011-03-17 17:58:44 . 2011-03-17 17:58:44 160 ----a-w- C:\Qoobox\Quarantine\Registry_backups\HKLM-Run-SiSTray.reg.dat 2011-03-17 17:58:44 . 2011-03-17 17:58:44 403 ----a-w- C:\Qoobox\Quarantine\Registry_backups\HKLM-Run-Acer Tour.reg.dat 2011-03-17 17:52:14 . 2011-03-17 17:52:14 4,433 ----a-w- C:\Qoobox\Quarantine\Registry_backups\tcpip.reg 2011-03-17 17:37:13 . 2011-03-17 17:44:20 113 ----a-w- C:\Qoobox\Quarantine\catchme.log 2007-09-07 22:16:28 . 2007-09-07 22:16:28 136,512 ----a-w- C:\Qoobox\Quarantine\C\Windows\Downloaded Program Files\popcaploader.dll.vir 2007-04-24 20:11:14 . 2007-04-24 20:11:14 365 ----a-w- C:\Qoobox\Quarantine\C\Windows\Downloaded Program Files\f3initialsetup1.0.1.0.inf.vir 2006-11-02 13:04:06 . 2011-03-17 14:56:31 4,194,304 ----a-w- C:\Qoobox\Quarantine\C\ProgramData\Microsoft\Network\Downloader\qmgr1.dat.vir 2006-11-02 13:04:06 . 2011-03-17 14:56:30 4,194,304 ----a-w- C:\Qoobox\Quarantine\C\ProgramData\Microsoft\Network\Downloader\qmgr0.dat.vir 2005-04-18 20:45:34 . 2005-04-18 20:45:34 242 ----a-w- C:\Qoobox\Quarantine\C\Windows\Downloaded Program Files\popcaploader.inf.vir ___________________________ Is that it? :(

#48 Tomk

Tomk

    Beguilement Monitor

  • Global Moderator
  • 20,451 posts

Posted 17 March 2011 - 07:02 PM

Baruga, That tells me what I need to know. Now please go back to where you downloaded ComboFix and attempt to run it again.
Tomk
------------------------------------------------------------
Microsoft MVP 2010-2014
 

#49 Baruga

Baruga

    Authentic Member

  • Authentic Member
  • PipPip
  • 142 posts

Posted 17 March 2011 - 07:06 PM

I think that I messed up...before.... I have to disable all of my security stuff first...is this correct?

#50 Baruga

Baruga

    Authentic Member

  • Authentic Member
  • PipPip
  • 142 posts

Posted 17 March 2011 - 07:25 PM

Do I disconnect the "Firewall" and "windows defender" before I start?

#51 Tomk

Tomk

    Beguilement Monitor

  • Global Moderator
  • 20,451 posts

Posted 17 March 2011 - 08:16 PM

Neither of those should cause you any trouble. It's just the real-time protection that is a part of most Anti-virus programs that can cause issues with the tool running.
Tomk
------------------------------------------------------------
Microsoft MVP 2010-2014
 

#52 Baruga

Baruga

    Authentic Member

  • Authentic Member
  • PipPip
  • 142 posts

Posted 17 March 2011 - 08:20 PM

Ok, I will start the process right away then. Thanks so much for your patience and guidance, Tom.

#53 Baruga

Baruga

    Authentic Member

  • Authentic Member
  • PipPip
  • 142 posts

Posted 17 March 2011 - 08:58 PM

Oh man.... So I ran the thing. Then I copied the thing, AND I saved the log somewhere inside this thing... Then, when I tried to open up my browser again, it said I was attempting to do an illegal action that was marked for deletion. I panicked, cause I could not get a browser to open....internet explorer.... It did ask at one point if I wanted to take google chrome off of the marked list, and I said yes...that still did not work. So I rebooted. Now I am here....and the logstuff that is in my mouse won't paste to here..... ??????

#54 Baruga

Baruga

    Authentic Member

  • Authentic Member
  • PipPip
  • 142 posts

Posted 17 March 2011 - 09:29 PM

2011-03-18 00:48:30 . 2011-03-18 00:48:31 3,656 --sha-w- C:\Qoobox\Quarantine\C\Windows\Downloaded Program Files\OneNote Table Of Contents.onetoc2 2011-03-18 00:48:30 . 2011-03-18 00:48:30 3,656 --sha-w- C:\Qoobox\Quarantine\C\ProgramData\Microsoft\Network\Downloader\OneNote Table Of Contents.onetoc2 2011-03-18 00:48:30 . 2011-03-18 00:48:31 4,744 --sha-w- C:\Qoobox\Quarantine\C\ProgramData\Microsoft\Network\OneNote Table Of Contents.onetoc2 2011-03-18 00:48:29 . 2011-03-18 00:48:31 4,744 --sha-w- C:\Qoobox\Quarantine\C\ProgramData\Microsoft\OneNote Table Of Contents.onetoc2 2011-03-18 00:48:29 . 2011-03-18 00:48:31 4,744 --sha-w- C:\Qoobox\Quarantine\C\Windows\OneNote Table Of Contents.onetoc2 2011-03-18 00:48:28 . 2011-03-18 00:48:31 4,744 --sha-w- C:\Qoobox\Quarantine\C\ProgramData\OneNote Table Of Contents.onetoc2 2011-03-18 00:48:28 . 2011-03-18 00:48:28 3,656 --sha-w- C:\Qoobox\Quarantine\Registry_backups\OneNote Table Of Contents.onetoc2 2011-03-18 00:48:26 . 2011-03-18 00:48:31 4,784 --sha-w- C:\Qoobox\Quarantine\C\OneNote Table Of Contents.onetoc2 2011-03-18 00:48:24 . 2011-03-18 00:48:32 4,784 --sha-w- C:\Qoobox\Quarantine\OneNote Table Of Contents.onetoc2 2011-03-17 17:59:08 . 2011-03-17 17:59:08 722 ----a-w- C:\Qoobox\Quarantine\Registry_backups\AddRemove-Octoshape add-in for Adobe Flash Player.reg.dat 2011-03-17 17:58:45 . 2011-03-17 17:58:45 137 ----a-w- C:\Qoobox\Quarantine\Registry_backups\HKLM-Run-AVG_TRAY.reg.dat 2011-03-17 17:58:44 . 2011-03-17 17:58:44 103 ----a-w- C:\Qoobox\Quarantine\Registry_backups\HKLM-Run-eRecoveryService.reg.dat 2011-03-17 17:58:44 . 2011-03-17 17:58:44 160 ----a-w- C:\Qoobox\Quarantine\Registry_backups\HKLM-Run-SiSTray.reg.dat 2011-03-17 17:58:44 . 2011-03-17 17:58:44 403 ----a-w- C:\Qoobox\Quarantine\Registry_backups\HKLM-Run-Acer Tour.reg.dat 2011-03-17 17:52:14 . 2011-03-18 02:33:11 4,379 ----a-w- C:\Qoobox\Quarantine\Registry_backups\tcpip.reg 2011-03-17 17:37:13 . 2011-03-18 02:24:14 226 ----a-w- C:\Qoobox\Quarantine\catchme.log 2007-09-07 22:16:28 . 2007-09-07 22:16:28 136,512 ----a-w- C:\Qoobox\Quarantine\C\Windows\Downloaded Program Files\popcaploader.dll.vir 2007-04-24 20:11:14 . 2007-04-24 20:11:14 365 ----a-w- C:\Qoobox\Quarantine\C\Windows\Downloaded Program Files\f3initialsetup1.0.1.0.inf.vir 2006-11-02 13:04:06 . 2011-03-17 14:56:31 4,194,304 ----a-w- C:\Qoobox\Quarantine\C\ProgramData\Microsoft\Network\Downloader\qmgr1.dat.vir 2006-11-02 13:04:06 . 2011-03-17 14:56:30 4,194,304 ----a-w- C:\Qoobox\Quarantine\C\ProgramData\Microsoft\Network\Downloader\qmgr0.dat.vir 2005-04-18 20:45:34 . 2005-04-18 20:45:34 242 ----a-w- C:\Qoobox\Quarantine\C\Windows\Downloaded Program Files\popcaploader.inf.vir

#55 Tomk

Tomk

    Beguilement Monitor

  • Global Moderator
  • 20,451 posts

Posted 17 March 2011 - 09:36 PM

Let's do this:

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2
  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:
    :filefind
combofix.txt
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt
Tomk
------------------------------------------------------------
Microsoft MVP 2010-2014
 

    Advertisements

Register to Remove

#56 Baruga

Baruga

    Authentic Member

  • Authentic Member
  • PipPip
  • 142 posts

Posted 17 March 2011 - 09:44 PM

SystemLook 04.09.10 by jpshortstuff Log created at 00:39 on 18/03/2011 by Owner Administrator - Elevation successful No Context: CODE ========== filefind ========== Searching for "combofix.txt" C:\ComboFix.txt --a---- 17350 bytes [02:39 18/03/2011] [02:39 18/03/2011] 8A1DCB000F4C505285C965EE695C4027 -= EOF =-

#57 Tomk

Tomk

    Beguilement Monitor

  • Global Moderator
  • 20,451 posts

Posted 17 March 2011 - 09:55 PM

Click on the start button in the lower left of your screen and then select Computer.

Double click on your C: drive and look for ComboFix.txt . Double click on it and the log should open in notepad. Copy and paste it here please.
Tomk
------------------------------------------------------------
Microsoft MVP 2010-2014
 

#58 Baruga

Baruga

    Authentic Member

  • Authentic Member
  • PipPip
  • 142 posts

Posted 17 March 2011 - 10:07 PM

I'm not finding anything with that name. Variations on it, but not with the txt at the end. And i have to go through an extra step the qoobox thing to get to it..... 2011-03-18 00:48:30 . 2011-03-18 00:48:31 3,656 --sha-w- C:\Qoobox\Quarantine\C\Windows\Downloaded Program Files\OneNote Table Of Contents.onetoc2 2011-03-18 00:48:30 . 2011-03-18 00:48:30 3,656 --sha-w- C:\Qoobox\Quarantine\C\ProgramData\Microsoft\Network\Downloader\OneNote Table Of Contents.onetoc2 2011-03-18 00:48:30 . 2011-03-18 00:48:31 4,744 --sha-w- C:\Qoobox\Quarantine\C\ProgramData\Microsoft\Network\OneNote Table Of Contents.onetoc2 2011-03-18 00:48:29 . 2011-03-18 00:48:31 4,744 --sha-w- C:\Qoobox\Quarantine\C\ProgramData\Microsoft\OneNote Table Of Contents.onetoc2 2011-03-18 00:48:29 . 2011-03-18 00:48:31 4,744 --sha-w- C:\Qoobox\Quarantine\C\Windows\OneNote Table Of Contents.onetoc2 2011-03-18 00:48:28 . 2011-03-18 00:48:31 4,744 --sha-w- C:\Qoobox\Quarantine\C\ProgramData\OneNote Table Of Contents.onetoc2 2011-03-18 00:48:28 . 2011-03-18 00:48:28 3,656 --sha-w- C:\Qoobox\Quarantine\Registry_backups\OneNote Table Of Contents.onetoc2 2011-03-18 00:48:26 . 2011-03-18 00:48:31 4,784 --sha-w- C:\Qoobox\Quarantine\C\OneNote Table Of Contents.onetoc2 2011-03-18 00:48:24 . 2011-03-18 00:48:32 4,784 --sha-w- C:\Qoobox\Quarantine\OneNote Table Of Contents.onetoc2 2011-03-17 17:59:08 . 2011-03-17 17:59:08 722 ----a-w- C:\Qoobox\Quarantine\Registry_backups\AddRemove-Octoshape add-in for Adobe Flash Player.reg.dat 2011-03-17 17:58:45 . 2011-03-17 17:58:45 137 ----a-w- C:\Qoobox\Quarantine\Registry_backups\HKLM-Run-AVG_TRAY.reg.dat 2011-03-17 17:58:44 . 2011-03-17 17:58:44 103 ----a-w- C:\Qoobox\Quarantine\Registry_backups\HKLM-Run-eRecoveryService.reg.dat 2011-03-17 17:58:44 . 2011-03-17 17:58:44 160 ----a-w- C:\Qoobox\Quarantine\Registry_backups\HKLM-Run-SiSTray.reg.dat 2011-03-17 17:58:44 . 2011-03-17 17:58:44 403 ----a-w- C:\Qoobox\Quarantine\Registry_backups\HKLM-Run-Acer Tour.reg.dat 2011-03-17 17:52:14 . 2011-03-18 02:33:11 4,379 ----a-w- C:\Qoobox\Quarantine\Registry_backups\tcpip.reg 2011-03-17 17:37:13 . 2011-03-18 02:24:14 226 ----a-w- C:\Qoobox\Quarantine\catchme.log 2007-09-07 22:16:28 . 2007-09-07 22:16:28 136,512 ----a-w- C:\Qoobox\Quarantine\C\Windows\Downloaded Program Files\popcaploader.dll.vir 2007-04-24 20:11:14 . 2007-04-24 20:11:14 365 ----a-w- C:\Qoobox\Quarantine\C\Windows\Downloaded Program Files\f3initialsetup1.0.1.0.inf.vir 2006-11-02 13:04:06 . 2011-03-17 14:56:31 4,194,304 ----a-w- C:\Qoobox\Quarantine\C\ProgramData\Microsoft\Network\Downloader\qmgr1.dat.vir 2006-11-02 13:04:06 . 2011-03-17 14:56:30 4,194,304 ----a-w- C:\Qoobox\Quarantine\C\ProgramData\Microsoft\Network\Downloader\qmgr0.dat.vir 2005-04-18 20:45:34 . 2005-04-18 20:45:34 242 ----a-w- C:\Qoobox\Quarantine\C\Windows\Downloaded Program Files\popcaploader.inf.vir

#59 Baruga

Baruga

    Authentic Member

  • Authentic Member
  • PipPip
  • 142 posts

Posted 17 March 2011 - 10:10 PM

And then there is this...but I think I already sent this before....
___________________________________---


ComboFix 11-03-16.06 - Owner 17/03/2011 23:24:14.2.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.2.1033.18.895.200 [GMT -3:00]
Running from: c:\users\Owner\Downloads\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2011-02-18 to 2011-03-18 )))))))))))))))))))))))))))))))
.
.
2011-03-18 02:35 . 2011-03-18 02:35 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-03-16 23:48 . 2011-03-16 23:48 -------- d-----w- c:\users\Owner\AppData\Roaming\Malwarebytes
2011-03-16 23:47 . 2010-12-20 21:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-03-16 23:47 . 2011-03-16 23:47 -------- d-----w- c:\programdata\Malwarebytes
2011-03-16 23:47 . 2011-03-17 00:57 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-03-16 23:47 . 2010-12-20 21:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-03-15 14:13 . 2011-02-23 13:35 5943120 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{58230BAD-B9AC-43C5-B2AF-BC8AC9EF63EF}\mpengine.dll
2011-03-12 17:00 . 2011-03-12 17:00 -------- d-----w- c:\program files\Common Files\Java
2011-03-12 16:41 . 2011-03-12 16:41 -------- d-----w- c:\programdata\McAfee
2011-03-11 17:47 . 2010-12-29 18:28 322560 ----a-w- c:\windows\system32\sbe.dll
2011-03-11 17:47 . 2010-12-29 18:28 429056 ----a-w- c:\windows\system32\EncDec.dll
2011-03-11 17:47 . 2010-12-29 18:26 177664 ----a-w- c:\windows\system32\mpg2splt.ax
2011-03-11 17:47 . 2010-12-29 18:28 153088 ----a-w- c:\windows\system32\sbeio.dll
2011-03-11 17:41 . 2010-12-17 15:45 2067968 ----a-w- c:\windows\system32\mstscax.dll
2011-03-11 17:41 . 2010-12-17 13:54 677888 ----a-w- c:\windows\system32\mstsc.exe
2011-03-02 23:04 . 2011-03-02 23:04 -------- d-----w- c:\program files\iPod
2011-03-02 23:04 . 2011-03-02 23:05 -------- d-----w- c:\program files\iTunes
2011-03-02 22:59 . 2011-03-02 22:59 -------- d-----w- c:\program files\Bonjour
2011-02-23 20:39 . 2009-10-09 21:56 2048 ----a-w- c:\windows\system32\winrsmgr.dll
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-02-03 01:40 . 2010-05-05 18:41 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-02-02 21:11 . 2009-10-03 11:33 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-01-20 16:37 . 2011-02-09 14:26 638336 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2011-01-20 16:08 . 2011-02-09 14:26 478720 ----a-w- c:\windows\system32\dxgi.dll
2011-01-20 16:08 . 2011-02-09 14:26 219648 ----a-w- c:\windows\system32\d3d10_1core.dll
2011-01-20 16:08 . 2011-02-09 14:26 160768 ----a-w- c:\windows\system32\d3d10_1.dll
2011-01-20 16:08 . 2011-02-09 14:26 1029120 ----a-w- c:\windows\system32\d3d10.dll
2011-01-20 16:08 . 2011-02-09 14:26 189952 ----a-w- c:\windows\system32\d3d10core.dll
2011-01-20 16:07 . 2011-02-09 14:26 37376 ----a-w- c:\windows\system32\cdd.dll
2011-01-20 16:07 . 2011-02-09 14:26 258048 ----a-w- c:\windows\system32\winspool.drv
2011-01-20 16:07 . 2011-02-09 14:26 586240 ----a-w- c:\windows\system32\stobject.dll
2011-01-20 16:06 . 2011-02-09 14:26 2873344 ----a-w- c:\windows\system32\mf.dll
2011-01-20 16:06 . 2011-02-09 14:26 26112 ----a-w- c:\windows\system32\printfilterpipelineprxy.dll
2011-01-20 16:04 . 2011-02-09 14:26 209920 ----a-w- c:\windows\system32\mfplat.dll
2011-01-20 16:04 . 2011-02-09 14:26 98816 ----a-w- c:\windows\system32\mfps.dll
2011-01-20 14:28 . 2011-02-09 14:26 1554432 ----a-w- c:\windows\system32\xpsservices.dll
2011-01-20 14:27 . 2011-02-09 14:26 876032 ----a-w- c:\windows\system32\XpsPrint.dll
2011-01-20 14:26 . 2011-02-09 14:26 667648 ----a-w- c:\windows\system32\printfilterpipelinesvc.exe
2011-01-20 14:25 . 2011-02-09 14:26 847360 ----a-w- c:\windows\system32\OpcServices.dll
2011-01-20 14:24 . 2011-02-09 14:26 288768 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-01-20 14:24 . 2011-02-09 14:26 135680 ----a-w- c:\windows\system32\XpsRasterService.dll
2011-01-20 14:15 . 2011-02-09 14:26 979456 ----a-w- c:\windows\system32\MFH264Dec.dll
2011-01-20 14:14 . 2011-02-09 14:26 357376 ----a-w- c:\windows\system32\MFHEAACdec.dll
2011-01-20 14:14 . 2011-02-09 14:26 261632 ----a-w- c:\windows\system32\mfreadwrite.dll
2011-01-20 14:14 . 2011-02-09 14:26 302592 ----a-w- c:\windows\system32\mfmp4src.dll
2011-01-20 14:12 . 2011-02-09 14:26 1172480 ----a-w- c:\windows\system32\d3d10warp.dll
2011-01-20 14:11 . 2011-02-09 14:26 486400 ----a-w- c:\windows\system32\d3d10level9.dll
2011-01-20 13:47 . 2011-02-09 14:26 683008 ----a-w- c:\windows\system32\d2d1.dll
2011-01-20 13:44 . 2011-02-09 14:26 1068544 ----a-w- c:\windows\system32\DWrite.dll
2011-01-20 13:44 . 2011-02-09 14:26 797184 ----a-w- c:\windows\system32\FntCache.dll
2011-01-08 08:47 . 2011-02-09 14:25 34304 ----a-w- c:\windows\system32\atmlib.dll
2011-01-08 06:28 . 2011-02-09 14:25 292352 ----a-w- c:\windows\system32\atmfd.dll
2010-12-31 13:57 . 2011-02-09 14:27 2039808 ----a-w- c:\windows\system32\win32k.sys
2010-12-28 15:55 . 2011-01-12 14:46 413696 ----a-w- c:\windows\system32\odbc32.dll
2010-12-18 06:27 . 2011-02-09 14:26 916480 ----a-w- c:\windows\system32\wininet.dll
2010-12-18 06:22 . 2011-02-09 14:26 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-12-18 06:22 . 2011-02-09 14:26 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2010-12-18 06:22 . 2011-02-09 14:26 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-12-18 06:22 . 2011-02-09 14:26 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-12-18 05:25 . 2011-02-09 14:26 385024 ----a-w- c:\windows\system32\html.iec
2010-12-18 04:48 . 2011-02-09 14:26 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-12-18 04:47 . 2011-02-09 14:26 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2010-06-18 18:42 . 2008-08-12 04:37 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2004-04-17 196608]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-03-26 68856]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"Google Update"="c:\users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe" [2009-04-19 133104]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-12-03 14944136]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Acer Empowering Technology Monitor"="c:\acer\Empowering Technology\SysMonitor.exe" [2007-05-31 326440]
"eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2007-04-25 457216]
"Acer Product Registration"="c:\program files\Acer Registration\ACE1.exe" [2007-02-02 3383296]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-04-13 69632]
"SpiralFrog"="c:\program files\SpiralFrog\Spiralfrog.exe" [2007-12-18 163128]
"WHITNEY_S2P"="c:\program files\Samsung\Samsung SCX-4x21 Series\PSU\Scan2pc.exe" [2007-01-08 274432]
"PCMMediaSharing"="c:\program files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe" [2007-06-22 204908]
"Acer Tour Reminder"="c:\acer\AcerTour\Reminder.exe" [2007-05-22 151552]
"Acer Assist Launcher"="c:\program files\Acer Assist\launcher.exe" [2007-02-02 1261568]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-06-18 30192]
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="c:\program files\Google\Gmail Notifier\gnotify.exe" [2005-07-15 479232]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-12-14 47904]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"TkBellExe"="c:\program files\Real\realplayer\update\realsched.exe" [2010-11-26 274608]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-09-16 1164584]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-03-02 421160]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-12-20 963976]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Acer Tour Reminder"="c:\acer\AcerTour\Reminder.exe" [2007-05-22 151552]
.
c:\users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Acer Product Registration.lnk - c:\program files\Acer Registration\ACE1.exe [2007-2-2 3383296]
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [N/A]
APC UPS Status.lnk - c:\program files\APC\APC PowerChute Personal Edition\Display.exe [2008-1-12 221247]
Empowering Technology Launcher.lnk - c:\acer\Empowering Technology\eAPLauncher.exe [2007-9-14 535336]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~4\GoogleDesktopNetwork3.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\AVGIDSEH.Sys [x]
R1 avgfwfd;AVG network filter service;c:\windows\system32\DRIVERS\avgfwd6x.sys [2010-07-12 54112]
R2 avgfws;AVG Firewall;c:\program files\AVG\AVG10\avgfws.exe [x]
R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG10\avgwdsvc.exe [x]
R2 gupdate1c9c6d11bff959c;Google Update Service (gupdate1c9c6d11bff959c);c:\program files\Google\Update\GoogleUpdate.exe [2009-04-27 133104]
R3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\AVG\AVG10\Toolbar\ToolbarBroker.exe [x]
R3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2010-06-18 30192]
R4 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\AVGIDSDriver.Sys [x]
R4 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\AVGIDSFilter.Sys [x]
R4 AVGIDSShim;AVGIDSShim;c:\windows\system32\DRIVERS\AVGIDSShim.Sys [x]
S2 Acer HomeMedia Connect Service;Acer HomeMedia Connect Service;c:\program files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe [2007-06-22 269448]
S2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys [2007-01-08 5120]
S3 SiS6350;SiS6350;c:\windows\system32\DRIVERS\SISGRKMD.sys [2007-06-05 454520]
S3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSGB6.sys [2007-01-22 46592]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder
.
2011-03-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-27 00:42]
.
2011-03-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-27 00:42]
.
2011-03-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4230733952-2736013862-825621023-1000Core.job
- c:\users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe [2009-04-19 00:45]
.
2011-03-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4230733952-2736013862-825621023-1000UA.job
- c:\users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe [2009-04-19 00:45]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.ca/
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
mStart Page = hxxp://en.ca.acer.yahoo.com
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://ca.rd.yahoo.com/customize/ycomp/defaults/su/*http://ca.yahoo.com
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\r1yjv0iq.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Yahoo! Search
FF - prefs.js: keyword.URL - hxxp://www.mywebsearch.com/jsp/cfg_redir2.jsp?id=ZRfox000&fl=0&ptb=3MvANHFNQxb.yvOnb3UHZg&url=http://search.mywebsearch.com/mywebsearch/dft_redir.jhtml&st=kwd&searchfor=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Google Toolbar for Firefox: {3112ca9c-de6d-4884-a869-9855de68056c} - c:\programdata\Mozilla\Firefox Extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\programdata\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF - Ext: Google Toolbar for Firefox: {3112ca9c-de6d-4884-a869-9855de68056c} - %profile%\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-03-17 23:35
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(7064)
c:\windows\system32\MsnChatHook.dll
c:\windows\system32\ShowErrMsg.dll
c:\windows\system32\sysenv.dll
c:\windows\system32\BatchCrypto.dll
c:\windows\system32\CryptoAPI.dll
c:\windows\system32\keyManager.dll
.
Completion time: 2011-03-17 23:39:49
ComboFix-quarantined-files.txt 2011-03-18 02:39
ComboFix2.txt 2011-03-17 18:00
.
Pre-Run: 32,463,708,160 bytes free
Post-Run: 32,439,939,072 bytes free
.
- - End Of File - - 43E021AF7FD2B6431388D89BCB34CCA4

#60 Tomk

Tomk

    Beguilement Monitor

  • Global Moderator
  • 20,451 posts

Posted 17 March 2011 - 10:32 PM

Baruga,

Perfect. That is exactly what we've been looking for. :thumbup:

Now I'd like you to run an online scan. It will probably take a couple hours to run so do it when you are doing something else.

ESET Online Scanner:

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.

Vista users: You will need to to right-click on the either the IE or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator from the context menu.

  • Please go here then click on: Posted Image

    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
    All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.

  • Select the option YES, I accept the Terms of Use then click on: Posted Image
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on: Posted Image
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
  • Now click on: Posted Image
  • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.

Note: Do not forget to re-enable your Anti-Virus application after running the above scan!
Tomk
------------------------------------------------------------
Microsoft MVP 2010-2014
 

Related Topics

Back to Virus, Spyware & Malware Removal · Next Unread Topic →

1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users

  1. What the Tech
  2. Spyware / Malware / Virus Removal
  3. Virus, Spyware & Malware Removal
  4. Privacy Policy
  5. Terms of Use ·