24 replies to this topic

[milielba]

I have done verything that you said. Here is the log file from combofix:

ComboFix 09-11-25.03 - SYSTEM 11/26/2009 19:43.6.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2037.950 [GMT -6:00]
Running from: c:\windows\system32\config\systemprofile\Desktop\Trend Micro\ComboFix.exe
Command switches used :: c:\windows\system32\config\systemprofile\Desktop\Trend Micro\CFScript.txt
SP: Windows Defender *disabled* (Outdated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
* Created a new restore point
.

((((((((((((((((((((((((( Files Created from 2009-10-27 to 2009-11-27 )))))))))))))))))))))))))))))))
.

2009-11-27 01:54 . 2009-11-27 01:54 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp
2009-11-27 01:54 . 2009-11-27 01:54 -------- d-----w- c:\users\TEMP\AppData\Local\temp
2009-11-27 01:54 . 2009-11-27 01:54 -------- d-----w- c:\users\Public\AppData\Local\temp
2009-11-27 01:54 . 2009-11-27 01:54 -------- d-----w- c:\users\matt\AppData\Local\temp
2009-11-27 01:54 . 2009-11-27 01:54 -------- d-----w- c:\users\Liz\AppData\Local\temp
2009-11-27 01:54 . 2009-11-27 01:54 -------- d-----w- c:\users\Default\AppData\Local\temp
2009-11-27 01:54 . 2009-11-27 01:54 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2009-11-26 04:44 . 2009-11-03 02:42 195456 ------w- c:\windows\system32\MpSigStub.exe
2009-11-26 04:32 . 2009-11-26 04:32 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Roaming\Malwarebytes
2009-11-26 04:32 . 2009-09-10 20:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-11-26 04:32 . 2009-11-26 04:32 4096 d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-11-26 04:32 . 2009-11-26 04:32 -------- d-----w- c:\programdata\Malwarebytes
2009-11-26 04:32 . 2009-09-10 20:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-11-25 12:12 . 2009-11-25 12:12 -------- d-----w- c:\program files\Windows Portable Devices
2009-11-25 12:11 . 2009-09-10 02:01 3023360 ----a-w- c:\windows\system32\UIRibbon.dll
2009-11-25 12:11 . 2009-09-10 02:00 1164800 ----a-w- c:\windows\system32\UIRibbonRes.dll
2009-11-25 12:11 . 2009-09-10 02:00 92672 ----a-w- c:\windows\system32\UIAnimation.dll
2009-11-25 12:09 . 2009-10-08 21:08 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll
2009-11-25 12:09 . 2009-10-08 21:08 234496 ----a-w- c:\windows\system32\oleacc.dll
2009-11-25 12:09 . 2009-10-08 21:07 4096 ----a-w- c:\windows\system32\oleaccrc.dll
2009-11-25 05:03 . 2009-11-25 05:07 -------- d-----w- c:\windows\system32\ca-ES
2009-11-25 05:03 . 2009-11-25 05:07 -------- d-----w- c:\windows\system32\eu-ES
2009-11-25 05:03 . 2009-11-25 05:07 -------- d-----w- c:\windows\system32\vi-VN
2009-11-25 04:45 . 2009-11-25 04:45 4096 d-----w- c:\windows\system32\EventProviders
2009-11-25 04:28 . 2009-10-29 09:17 2048 ----a-w- c:\windows\system32\tzres.dll
2009-11-25 03:57 . 2009-09-10 14:58 310784 ----a-w- c:\windows\system32\unregmp2.exe
2009-11-25 03:57 . 2009-09-10 14:59 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2009-11-25 03:56 . 2009-08-11 16:44 1401856 ----a-w- c:\windows\system32\msxml6.dll
2009-11-25 03:56 . 2009-08-11 16:44 1248768 ----a-w- c:\windows\system32\msxml3.dll
2009-11-25 03:35 . 2009-08-14 13:27 2036736 ----a-w- c:\windows\system32\win32k.sys
2009-11-25 03:35 . 2009-08-10 12:35 355328 ----a-w- c:\windows\system32\WSDApi.dll
2009-11-25 02:39 . 2009-11-25 02:39 4096 d-----w- C:\JustZIPit
2009-11-25 02:39 . 2009-11-25 02:39 386560 ----a-w- c:\windows\System32\config\systemprofile\AppData\Roaming\Free-backup.info\JustZIPit\JustZIPit.exe
2009-11-25 02:39 . 2009-11-25 02:39 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Roaming\Free-backup.info
2009-11-25 00:45 . 2009-11-25 00:45 -------- d-----w- c:\program files\Trend Micro
2009-11-24 03:16 . 2009-11-24 03:16 10752 ----a-w- c:\windows\DCEBoot.exe
2009-11-24 00:53 . 2009-11-24 00:53 -------- d-----w- c:\programdata\WindowsSearch
2009-11-23 03:15 . 2009-11-23 03:15 -------- d-----w- c:\program files\AVG
2009-11-23 03:15 . 2009-11-26 01:01 4096 d-----w- c:\programdata\avg9
2009-11-22 19:06 . 2009-11-25 03:28 4096 d-----w- c:\program files\TrojanHunter 5.2
2009-11-22 18:30 . 2009-11-22 18:30 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Roaming\McAfee
2009-11-22 17:54 . 2009-11-22 17:54 -------- d-sh--w- c:\windows\system32\%APPDATA%
2009-11-22 15:32 . 2009-11-22 15:32 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Roaming\TrojanHunter
2009-11-22 06:17 . 2009-11-22 06:17 -------- d-----w- c:\program files\CCleaner
2009-11-22 06:11 . 2009-11-22 06:11 4096 d-----w- c:\program files\TrojanHunter 5.0
2009-11-22 05:50 . 2009-11-26 13:10 8192 d-----w- c:\programdata\PCPitstop
2009-11-22 05:50 . 2009-11-22 05:50 -------- d-----w- c:\program files\PCPitstop
2009-11-22 02:59 . 2009-11-04 22:53 34248 ----a-w- c:\windows\system32\drivers\mferkdk.sys
2009-11-22 02:59 . 2009-11-04 22:54 79816 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2009-11-22 02:59 . 2009-11-04 22:54 40552 ----a-w- c:\windows\system32\drivers\mfesmfk.sys
2009-11-22 02:59 . 2009-11-04 22:54 35272 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2009-11-22 02:59 . 2009-11-04 22:54 214664 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2009-11-22 02:59 . 2009-07-16 18:32 130424 ----a-w- c:\windows\system32\drivers\Mpfp.sys
2009-11-22 02:58 . 2009-11-22 02:59 -------- d-----w- c:\program files\McAfee.com
2009-11-22 02:58 . 2009-11-22 02:59 4096 d-----w- c:\program files\Common Files\McAfee
2009-11-22 02:58 . 2009-11-22 02:58 -------- d-----w- c:\users\TEMP\AppData\Local\Mozilla
2009-11-22 02:58 . 2009-11-26 13:09 4096 d-----w- c:\program files\McAfee
2009-11-22 02:46 . 2009-11-26 02:20 4096 d-----w- c:\programdata\McAfee
2009-11-22 02:38 . 2009-08-07 02:24 44768 ----a-w- c:\windows\system32\wups2.dll
2009-11-22 02:38 . 2009-08-07 02:24 53472 ----a-w- c:\windows\system32\wuauclt.exe
2009-11-22 02:38 . 2009-08-07 02:23 1929952 ----a-w- c:\windows\system32\wuaueng.dll
2009-11-22 02:38 . 2009-08-07 01:45 2421760 ----a-w- c:\windows\system32\wucltux.dll
2009-11-22 02:36 . 2009-08-07 02:24 35552 ----a-w- c:\windows\system32\wups.dll
2009-11-22 02:36 . 2009-08-07 02:23 575704 ----a-w- c:\windows\system32\wuapi.dll
2009-11-22 02:36 . 2009-08-07 01:44 87552 ----a-w- c:\windows\system32\wudriver.dll
2009-11-22 02:36 . 2009-08-07 01:23 171608 ----a-w- c:\windows\system32\wuwebv.dll
2009-11-22 02:36 . 2009-08-07 00:44 33792 ----a-w- c:\windows\system32\wuapp.exe
2009-11-22 02:08 . 2009-11-22 02:08 0 ----a-w- c:\windows\nsreg.dat
2009-11-22 02:07 . 2009-11-22 02:07 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\Mozilla
2009-10-31 15:51 . 2009-05-18 19:17 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2009-10-31 15:51 . 2008-04-17 18:12 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2009-10-31 15:50 . 2009-10-31 15:51 -------- d-----w- c:\programdata\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-10-31 15:47 . 2009-10-31 15:48 4096 d-----w- c:\program files\QuickTime

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-26 02:54 . 2007-10-07 06:53 4096 d-----w- c:\program files\Yahoo!
2009-11-26 02:54 . 2007-10-08 01:00 4096 d-----w- c:\programdata\Yahoo!
2009-11-26 02:54 . 2008-11-11 02:11 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Roaming\Yahoo!
2009-11-26 02:51 . 2007-12-25 17:43 -------- d-----w- c:\program files\Common Files\Apple
2009-11-25 12:12 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
2009-11-25 12:12 . 2009-11-25 12:12 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
2009-11-25 12:12 . 2009-11-25 12:12 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_07_00.Wdf
2009-11-25 05:08 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Calendar
2009-11-25 05:08 . 2006-11-02 11:18 4096 d-----w- c:\program files\Windows Mail
2009-11-25 05:08 . 2006-11-02 12:37 4096 d-----w- c:\program files\Windows Sidebar
2009-11-25 05:08 . 2006-11-02 12:37 4096 d-----w- c:\program files\Windows Journal
2009-11-25 05:08 . 2006-11-02 12:37 4096 d-----w- c:\program files\Windows Collaboration
2009-11-25 05:08 . 2006-11-02 12:37 4096 d-----w- c:\program files\Windows Photo Gallery
2009-11-25 05:08 . 2006-11-02 12:37 4096 d-----w- c:\program files\Windows Defender
2009-11-25 05:01 . 2009-11-25 05:01 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
2009-11-25 04:28 . 2007-10-06 20:20 8192 d-----w- c:\programdata\Microsoft Help
2009-11-22 06:03 . 2007-04-10 09:04 8192 d--h--w- c:\program files\InstallShield Installation Information
2009-10-31 15:53 . 2008-11-24 01:32 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Roaming\Apple Computer
2009-10-19 02:33 . 2009-10-19 02:33 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Roaming\ooVoo Details
2009-10-17 13:02 . 2007-10-07 06:48 58896 ----a-w- c:\windows\system32\config\systemprofile\AppData\Local\GDIPFONTCACHEV1.DAT
2009-10-11 00:36 . 2009-10-11 00:28 -------- d-----w- c:\program files\PlaySushi
2009-10-01 01:02 . 2009-11-25 12:10 2537472 ----a-w- c:\windows\system32\wpdshext.dll
2009-10-01 01:02 . 2009-11-25 12:10 30208 ----a-w- c:\windows\system32\WPDShextAutoplay.exe
2009-10-01 01:02 . 2009-11-25 12:10 334848 ----a-w- c:\windows\system32\PortableDeviceApi.dll
2009-10-01 01:02 . 2009-11-25 12:10 87552 ----a-w- c:\windows\system32\WPDShServiceObj.dll
2009-10-01 01:02 . 2009-11-25 12:10 31232 ----a-w- c:\windows\system32\BthMtpContextHandler.dll
2009-10-01 01:01 . 2009-11-25 12:10 546816 ----a-w- c:\windows\system32\wpd_ci.dll
2009-10-01 01:01 . 2009-11-25 12:10 160256 ----a-w- c:\windows\system32\PortableDeviceTypes.dll
2009-10-01 01:01 . 2009-11-25 12:10 60928 ----a-w- c:\windows\system32\PortableDeviceConnectApi.dll
2009-10-01 01:01 . 2009-11-25 12:10 350208 ----a-w- c:\windows\system32\WPDSp.dll
2009-10-01 01:01 . 2009-11-25 12:10 196608 ----a-w- c:\windows\system32\PortableDeviceWMDRM.dll
2009-10-01 01:01 . 2009-11-25 12:10 100864 ----a-w- c:\windows\system32\PortableDeviceClassExtension.dll
2009-10-01 01:01 . 2009-11-25 12:10 81920 ----a-w- c:\windows\system32\wpdbusenum.dll
2009-10-01 01:01 . 2009-11-25 12:10 40448 ----a-w- c:\windows\system32\drivers\WpdUsb.sys
2009-10-01 01:01 . 2009-11-25 12:10 226816 ----a-w- c:\windows\system32\WpdMtp.dll
2009-10-01 01:01 . 2009-11-25 12:10 61952 ----a-w- c:\windows\system32\WpdMtpUS.dll
2009-10-01 01:01 . 2009-11-25 12:10 33280 ----a-w- c:\windows\system32\WpdConns.dll
2009-09-30 01:34 . 2007-11-25 15:41 58896 ----a-w- c:\users\matt\AppData\Local\GDIPFONTCACHEV1.DAT
2009-09-25 02:10 . 2009-11-25 12:10 974848 ----a-w- c:\windows\system32\WindowsCodecs.dll
2009-09-25 02:07 . 2009-11-25 12:10 189440 ----a-w- c:\windows\system32\WindowsCodecsExt.dll
2009-09-25 02:04 . 2009-11-25 12:10 321024 ----a-w- c:\windows\system32\PhotoMetadataHandler.dll
2009-09-25 01:49 . 2009-11-25 12:10 1554432 ----a-w- c:\windows\system32\xpsservices.dll
2009-09-25 01:48 . 2009-11-25 12:10 351232 ----a-w- c:\windows\system32\XpsPrint.dll
2009-09-25 01:38 . 2009-11-25 12:10 847360 ----a-w- c:\windows\system32\OpcServices.dll
2009-09-25 01:36 . 2009-11-25 12:10 280064 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2009-09-25 01:35 . 2009-11-25 12:10 135680 ----a-w- c:\windows\system32\XpsRasterService.dll
2009-09-25 01:33 . 2009-11-25 12:10 195584 ----a-w- c:\windows\system32\dxdiagn.dll
2009-09-25 01:33 . 2009-11-25 12:10 829440 ----a-w- c:\windows\system32\d3d10warp.dll
2009-09-25 01:33 . 2009-11-25 12:10 369664 ----a-w- c:\windows\system32\WMPhoto.dll
2009-09-25 01:32 . 2009-11-25 12:10 252928 ----a-w- c:\windows\system32\dxdiag.exe
2009-09-25 01:31 . 2009-11-25 12:10 519680 ----a-w- c:\windows\system32\d3d11.dll
2009-09-25 01:31 . 2009-11-25 12:10 486912 ----a-w- c:\windows\system32\d3d10level9.dll
2009-09-25 01:31 . 2009-11-25 12:10 161280 ----a-w- c:\windows\system32\d3d10_1.dll
2009-09-25 01:31 . 2009-11-25 12:10 218112 ----a-w- c:\windows\system32\d3d10_1core.dll
2009-09-25 01:31 . 2009-11-25 12:10 1030144 ----a-w- c:\windows\system32\d3d10.dll
2009-09-25 01:31 . 2009-11-25 12:10 828928 ----a-w- c:\windows\system32\d2d1.dll
2009-09-25 01:30 . 2009-11-25 12:10 481792 ----a-w- c:\windows\system32\dxgi.dll
2009-09-25 01:30 . 2009-11-25 12:10 190464 ----a-w- c:\windows\system32\d3d10core.dll
2009-09-25 01:27 . 2009-11-25 12:10 634880 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2009-09-25 01:27 . 2009-11-25 12:10 37888 ----a-w- c:\windows\system32\cdd.dll
2009-09-25 01:27 . 2009-11-25 12:10 793088 ----a-w- c:\windows\system32\FntCache.dll
2009-09-25 01:27 . 2009-11-25 12:10 1064448 ----a-w- c:\windows\system32\DWrite.dll
2009-09-24 22:54 . 2009-11-25 12:10 258048 ----a-w- c:\windows\system32\winspool.drv
2009-09-24 22:54 . 2009-11-25 12:10 667648 ----a-w- c:\windows\system32\printfilterpipelinesvc.exe
2009-09-24 22:54 . 2009-11-25 12:10 26112 ----a-w- c:\windows\system32\printfilterpipelineprxy.dll
2009-09-20 04:39 . 2008-10-29 17:27 58896 ----a-w- c:\users\Administrator\AppData\Local\GDIPFONTCACHEV1.DAT
2009-09-14 09:29 . 2009-10-14 21:29 144896 ----a-w- c:\windows\system32\drivers\srv2.sys
2009-09-12 13:00 . 2008-11-11 00:48 58896 ----a-w- c:\users\TEMP\AppData\Local\GDIPFONTCACHEV1.DAT
2009-09-10 16:48 . 2009-10-14 21:32 218624 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-04 11:41 . 2009-10-14 21:29 60928 ----a-w- c:\windows\system32\msasn1.dll
.

((((((((((((((((((((((((((((( SnapShot_2009-11-26_01.59.22 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-04-10 08:59 . 2009-11-26 13:11 79786 c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2006-11-02 13:05 . 2009-11-26 13:11 74564 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2008-10-29 18:12 . 2009-11-26 01:34 18008 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3771958223-2023274512-727475370-1002_UserData.bin
+ 2008-10-29 18:12 . 2009-11-26 13:11 18008 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3771958223-2023274512-727475370-1002_UserData.bin
- 2008-11-25 04:13 . 2009-11-17 12:16 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\Low\index.dat
+ 2008-11-25 04:13 . 2009-11-26 18:42 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\Low\index.dat
- 2008-11-25 04:13 . 2009-11-17 12:16 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\index.dat
+ 2008-11-25 04:13 . 2009-11-26 18:42 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\index.dat
+ 2008-11-25 04:13 . 2009-11-26 18:42 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\Low\History.IE5\index.dat
- 2008-11-25 04:13 . 2009-11-17 12:16 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\Low\History.IE5\index.dat
+ 2009-11-26 12:50 . 2009-11-26 13:09 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012009112620091127\index.dat
+ 2009-11-26 01:06 . 2009-11-26 04:56 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012009112520091126\index.dat
- 2009-11-26 01:06 . 2009-11-26 01:33 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012009112520091126\index.dat
+ 2009-11-26 19:00 . 2009-11-26 19:00 30208 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Last Active\{EEE5E023-DABD-11DE-8348-001B3821E94F}.dat
+ 2009-11-27 01:36 . 2009-11-27 01:37 19456 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{4EA17C47-DAF5-11DE-8348-001B3821E94F}.dat
+ 2009-10-27 01:01 . 2009-11-26 18:43 27080 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\frameiconcache.dat
- 2008-11-11 00:48 . 2009-11-26 01:41 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Feeds Cache\index.dat
+ 2008-11-11 00:48 . 2009-11-27 01:36 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Feeds Cache\index.dat
+ 2009-11-22 02:09 . 2009-11-26 18:39 8129 c:\windows\System32\config\systemprofile\AppData\Roaming\Mozilla\Firefox\Profiles\pf0onznw.default\pluginreg.dat
+ 2009-11-16 02:23 . 2009-11-26 19:00 4608 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Last Active\RecoveryStore.{F2DC0014-D256-11DE-9797-001B3821E94F}.dat
- 2009-11-16 02:23 . 2009-11-26 01:45 4608 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Last Active\RecoveryStore.{F2DC0014-D256-11DE-9797-001B3821E94F}.dat
+ 2009-11-27 01:36 . 2009-11-27 01:36 3584 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{4EA17C46-DAF5-11DE-8348-001B3821E94F}.dat
- 2009-11-26 01:32 . 2009-11-26 01:32 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2009-11-26 13:09 . 2009-11-26 13:09 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2009-11-26 13:09 . 2009-11-26 13:09 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-11-26 01:32 . 2009-11-26 01:32 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2006-11-02 10:33 . 2009-11-26 13:14 595684 c:\windows\System32\perfh009.dat
- 2006-11-02 10:33 . 2009-11-26 01:38 595684 c:\windows\System32\perfh009.dat
+ 2006-11-02 10:33 . 2009-11-26 13:14 101350 c:\windows\System32\perfc009.dat
- 2006-11-02 10:33 . 2009-11-26 01:38 101350 c:\windows\System32\perfc009.dat
+ 2009-11-25 01:48 . 2009-11-26 16:53 524800 c:\windows\System32\config\systemprofile\Desktop\Trend Micro\dds.pif
- 2009-09-04 12:17 . 2009-11-26 01:33 245760 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2009-09-04 12:17 . 2009-11-26 13:09 245760 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
- 2007-10-07 06:49 . 2009-11-26 01:58 475136 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2007-10-07 06:49 . 2009-11-27 01:43 475136 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-11-25 03:17 . 2009-11-27 01:43 409600 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2007-10-07 06:50 . 2009-11-26 01:58 966656 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2007-10-07 06:50 . 2009-11-27 01:43 966656 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-09-04 12:17 . 2009-11-26 01:41 12582912 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\PrivacIE\index.dat
+ 2009-09-04 12:17 . 2009-11-27 01:36 12582912 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\PrivacIE\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
"EA Core"="c:\program files\Electronic Arts\EADM\Core.exe" [2009-09-03 3342336]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-10-23 815104]
"AcerOrbicamRibbon"="c:\program files\Acer\OrbiCam10\OrbiCam.exe" [2006-11-29 754712]
"LogitechCommunicationsManager"="c:\program files\Common Files\Logitech\LComMgr\Communications_Helper.exe" [2006-10-31 304664]
"LVCOMSX"="c:\program files\Common Files\Logitech\LComMgr\LVComSX.exe" [2006-11-29 244512]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2009-10-29 1218008]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2007-03-01 4390912]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Exetender"="c:\program files\Free Ride Games\GPlayer.exe" [2008-11-10 2057216]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Empowering Technology Launcher.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Empowering Technology Launcher.lnk
backup=c:\windows\pss\Empowering Technology Launcher.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^Users^Liz^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
path=c:\users\Liz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(:56,74,85,70,8e,6d,ca,01

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-3771958223-2023274512-727475370-1002]
"EnableNotificationsRef"=dword:00000001

R2 ALaunchService;ALaunch Service;c:\acer\ALaunch\ALaunchSvc.exe [4/10/2007 4:11 AM 50688]
R2 PCPitstop Scheduling;PCPitstop Scheduling;c:\program files\PCPitstop\PCPitstopScheduleService.exe [11/21/2009 11:50 PM 90352]
R2 X4HSX32Ex;X4HSX32Ex;c:\program files\Free Ride Games\X4HSX32Ex.sys [12/19/2008 10:02 PM 29856]
S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [6/24/2008 7:48 PM 21504]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder

2009-11-22 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-11-22 18:22]

2009-11-22 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-11-22 18:22]

2009-11-27 c:\windows\Tasks\User_Feed_Synchronization-{63A03D36-4E5F-4208-A186-418FA1F8141A}.job
- c:\windows\system32\msfeedssync.exe [2009-10-14 03:41]

2009-11-27 c:\windows\Tasks\User_Feed_Synchronization-{E63C9BD3-FBDC-4D57-B6E9-3C60F118C076}.job
- c:\windows\system32\msfeedssync.exe [2009-10-14 03:41]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
mStart Page = hxxp://en.us.acer.yahoo.com
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
Trusted Zone: mcafee.com
FF - ProfilePath - c:\windows\System32\config\systemprofile\AppData\Roaming\Mozilla\Firefox\Profiles\pf0onznw.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - plugin: c:\progra~1\SONYON~1\npsoe.dll
FF - plugin: c:\program files\Free Ride Games\npExentCtl.dll
FF - plugin: c:\program files\Unity\WebPlayer\loader\npUnity3D32.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-11-26 19:54
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2009-11-26 19:57
ComboFix-quarantined-files.txt 2009-11-27 01:57
ComboFix2.txt 2009-11-26 02:04
ComboFix3.txt 2009-11-25 03:53

Pre-Run: 34,353,700,864 bytes free
Post-Run: 34,430,730,240 bytes free

- - End Of File - - 98DA7568E65906884043DB9FCBF795D4

[CatByte]

Please post a fresh DDS log and advise how the computer is running now.

[milielba]

The computer is running great, no issues noticed. Here are the logs: DDS (Ver_09-11-24.02) - NTFSx86 Run by SYSTEM at 8:27:25.54 on Fri 11/27/2009 Internet Explorer: 8.0.6001.18828 BrowserJavaVersion: 1.6.0_17 Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2037.1125 [GMT -6:00] SP: Windows Defender *disabled* (Outdated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46} ============== Running Processes =============== C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k rpcss C:\Windows\System32\svchost.exe -k secsvcs C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k GPSvcGroup C:\Windows\system32\SLsvc.exe C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Acer\ALaunch\ALaunchSvc.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe C:\Acer\Empowering Technology\eNet\eNet Service.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe C:\Acer\Mobility Center\MobilityService.exe C:\Program Files\McAfee\MPF\MPFSrv.exe C:\Program Files\PCPitstop\PCPitstopScheduleService.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\system32\svchost.exe -k imgsvc C:\Windows\System32\svchost.exe -k WerSvcGroup C:\Windows\system32\SearchIndexer.exe C:\Windows\system32\Dwm.exe C:\Windows\system32\taskeng.exe C:\Windows\Explorer.EXE C:\Windows\system32\DRIVERS\xaudio.exe C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe C:\Windows\system32\taskeng.exe C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe C:\Windows\system32\rundll32.exe C:\Acer\Empowering Technology\ePower\ePowerSvc.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\wbem\unsecapp.exe C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe c:\PROGRA~1\mcafee.com\agent\mcagent.exe c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\config\systemprofile\Desktop\Trend Micro\dds.pif ============== Pseudo HJT Report =============== uStart Page = hxxp://www.yahoo.com/ mStart Page = hxxp://en.us.acer.yahoo.com mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html uURLSearchHooks: H - No File BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan\scriptsn.dll BHO: ShowBarObj Class: {83a2f9b1-01a2-4aa5-87d1-45b6b8505e96} - c:\windows\system32\ActiveToolBand.dll BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll TB: Acer eDataSecurity Management: {5cbe3b7c-1e47-477e-a7dd-396db0476e29} - c:\windows\system32\eDStoolbar.dll uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe uRun: [EA Core] "c:\program files\electronic arts\eadm\Core.exe" -silent mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe mRun: [RtHDVCpl] RtHDVCpl.exe mRun: [AcerOrbicamRibbon] "c:\program files\acer\orbicam10\OrbiCam.exe" /hide mRun: [LogitechCommunicationsManager] "c:\program files\common files\logitech\lcommgr\Communications_Helper.exe" mRun: [LVCOMSX] "c:\program files\common files\logitech\lcommgr\LVComSX.exe" mRun: [mcagent_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe" mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe" mRunOnce: [Uninstall Adobe Download Manager] "c:\windows\system32\rundll32.exe" "c:\program files\nos\bin\getPlus_Helper.dll",Uninstall /IE2883E8F-472F-4fb0-9522-AC9BF37916A7 /Get1noarp dRun: [Exetender] "c:\program files\free ride games\GPlayer.exe /runonstartup" mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0) mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0) mPolicies-system: EnableLUA = 0 (0x0) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000 IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL Trusted Zone: mcafee.com DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - hxxp://www.pcpitstop.com/betapit/PCPitStop.CAB DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} - hxxp://utilities.pcpitstop.com/Optimize3/pcpitstop2.dll Notify: igfxcui - igfxdev.dll ================= FIREFOX =================== FF - ProfilePath - c:\windows\system32\config\system~1\appdata\roaming\mozilla\firefox\profiles\pf0onznw.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/ FF - plugin: c:\progra~1\sonyon~1\npsoe.dll FF - plugin: c:\program files\free ride games\npExentCtl.dll FF - plugin: c:\program files\unity\webplayer\loader\npUnity3D32.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\ FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} ---- FIREFOX POLICIES ---- c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true); ============= SERVICES / DRIVERS =============== R2 ALaunchService;ALaunch Service;c:\acer\alaunch\ALaunchSvc.exe [2007-4-10 50688] R2 PCPitstop Scheduling;PCPitstop Scheduling;c:\program files\pcpitstop\PCPitstopScheduleService.exe [2009-11-21 90352] R2 X4HSX32Ex;X4HSX32Ex;c:\program files\free ride games\X4HSX32Ex.sys [2008-12-19 29856] S2 0089831259325048mcinstcleanup;McAfee Application Installer Cleanup (0089831259325048);c:\windows\temp\008983~1.exe c:\progra~1\common~1\mcafee\instal~1\cleanup.ini -cleanup -nolog -service --> c:\windows\temp\008983~1.exe c:\progra~1\common~1\mcafee\instal~1\cleanup.ini -cleanup -nolog -service [?] S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-6-24 21504] S3 getPlusHelper;getPlus® Helper;c:\windows\system32\svchost.exe -k getPlusHelper [2008-6-24 21504] =============== Created Last 30 ================ 2009-11-27 02:13:11 0 d-----w- c:\programdata\Adobe 2009-11-27 02:08:44 0 d-----w- c:\programdata\NOS 2009-11-27 01:42:01 0 d-----w- C:\ComboFix 2009-11-26 04:44:42 195456 ------w- c:\windows\system32\MpSigStub.exe 2009-11-26 04:32:21 0 d-----w- c:\windows\system32\config\system~1\appdata\roaming\Malwarebytes 2009-11-26 04:32:10 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-11-26 04:32:08 19160 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-11-26 04:32:08 0 d-----w- c:\programdata\Malwarebytes 2009-11-26 04:32:08 0 d-----w- c:\program files\Malwarebytes' Anti-Malware 2009-11-25 12:12:55 0 d-----w- c:\program files\Windows Portable Devices 2009-11-25 12:12:35 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf 2009-11-25 12:12:11 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_07_00.Wdf 2009-11-25 12:11:04 92672 ----a-w- c:\windows\system32\UIAnimation.dll 2009-11-25 12:11:04 3023360 ----a-w- c:\windows\system32\UIRibbon.dll 2009-11-25 12:11:04 1164800 ----a-w- c:\windows\system32\UIRibbonRes.dll 2009-11-25 12:09:16 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll 2009-11-25 12:09:16 4096 ----a-w- c:\windows\system32\oleaccrc.dll 2009-11-25 12:09:16 234496 ----a-w- c:\windows\system32\oleacc.dll 2009-11-25 05:03:42 0 d-----w- c:\windows\system32\eu-ES 2009-11-25 05:03:42 0 d-----w- c:\windows\system32\ca-ES 2009-11-25 05:03:36 0 d-----w- c:\windows\system32\vi-VN 2009-11-25 05:01:06 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf 2009-11-25 04:45:09 0 d-----w- c:\windows\system32\EventProviders 2009-11-25 04:28:03 2048 ----a-w- c:\windows\system32\tzres.dll 2009-11-25 03:57:19 1638912 ----a-w- c:\windows\system32\mshtml.tlb 2009-11-25 03:57:05 310784 ----a-w- c:\windows\system32\unregmp2.exe 2009-11-25 03:57:04 8147456 ----a-w- c:\windows\system32\wmploc.DLL 2009-11-25 03:56:37 1401856 ----a-w- c:\windows\system32\msxml6.dll 2009-11-25 03:56:37 1248768 ----a-w- c:\windows\system32\msxml3.dll 2009-11-25 03:56:30 714240 ----a-w- c:\windows\system32\timedate.cpl 2009-11-25 03:35:54 2036736 ----a-w- c:\windows\system32\win32k.sys 2009-11-25 03:35:04 355328 ----a-w- c:\windows\system32\WSDApi.dll 2009-11-25 03:04:08 98816 ----a-w- c:\windows\sed.exe 2009-11-25 03:04:08 77312 ----a-w- c:\windows\MBR.exe 2009-11-25 03:04:08 260608 ----a-w- c:\windows\PEV.exe 2009-11-25 03:04:08 161792 ----a-w- c:\windows\SWREG.exe 2009-11-25 02:39:27 1401 ----a-w- C:\JustZIPit.lnk 2009-11-25 02:39:27 0 d-----w- c:\windows\system32\config\system~1\appdata\roaming\Free-backup.info 2009-11-25 02:39:27 0 d-----w- C:\JustZIPit 2009-11-25 00:45:06 0 d-----w- c:\program files\Trend Micro 2009-11-24 03:16:36 10752 ----a-w- c:\windows\DCEBoot.exe 2009-11-24 00:53:10 0 d-----w- c:\programdata\WindowsSearch 2009-11-23 03:15:41 0 d-----w- c:\program files\AVG 2009-11-23 03:15:25 0 d-----w- c:\programdata\avg9 2009-11-22 19:06:12 0 d-----w- c:\program files\TrojanHunter 5.2 2009-11-22 18:30:27 0 d-----w- c:\windows\system32\config\system~1\appdata\roaming\McAfee 2009-11-22 17:54:08 0 d-sh--w- c:\windows\system32\%APPDATA% 2009-11-22 15:32:57 0 d-----w- c:\windows\system32\config\system~1\appdata\roaming\TrojanHunter 2009-11-22 06:17:05 0 d-----w- c:\program files\CCleaner 2009-11-22 06:11:22 0 d-----w- c:\program files\TrojanHunter 5.0 2009-11-22 05:50:59 0 d-----w- c:\programdata\PCPitstop 2009-11-22 05:50:58 0 d-----w- c:\program files\PCPitstop 2009-11-22 03:02:17 11835 ----a-w- c:\windows\system32\Config.MPF 2009-11-22 02:59:51 34248 ----a-w- c:\windows\system32\drivers\mferkdk.sys 2009-11-22 02:59:48 79816 ----a-w- c:\windows\system32\drivers\mfeavfk.sys 2009-11-22 02:59:48 40552 ----a-w- c:\windows\system32\drivers\mfesmfk.sys 2009-11-22 02:59:48 35272 ----a-w- c:\windows\system32\drivers\mfebopk.sys 2009-11-22 02:59:48 214664 ----a-w- c:\windows\system32\drivers\mfehidk.sys 2009-11-22 02:59:42 130424 ----a-w- c:\windows\system32\drivers\Mpfp.sys 2009-11-22 02:58:56 0 d-----w- c:\program files\McAfee.com 2009-11-22 02:58:52 0 d-----w- c:\program files\common files\McAfee 2009-11-22 02:58:40 0 d-----w- c:\program files\McAfee 2009-11-22 02:46:06 0 d-----w- c:\programdata\McAfee 2009-11-22 02:38:49 2421760 ----a-w- c:\windows\system32\wucltux.dll 2009-11-22 02:36:22 87552 ----a-w- c:\windows\system32\wudriver.dll 2009-11-22 02:36:07 33792 ----a-w- c:\windows\system32\wuapp.exe 2009-11-22 02:36:07 171608 ----a-w- c:\windows\system32\wuwebv.dll 2009-10-31 15:51:48 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys 2009-10-31 15:51:48 107368 ----a-w- c:\windows\system32\GEARAspi.dll 2009-10-31 15:50:45 0 d-----w- c:\programdata\{755AC846-7372-4AC8-8550-C52491DAA8BD} ==================== Find3M ==================== 2009-11-27 02:23:51 411368 ----a-w- c:\windows\system32\deploytk.dll 2009-11-26 01:00:34 51200 ----a-w- c:\windows\inf\infpub.dat 2009-11-26 01:00:34 143360 ----a-w- c:\windows\inf\infstrng.dat 2009-11-26 01:00:34 143360 ----a-w- c:\windows\inf\infstor.dat 2009-11-25 12:12:43 665600 ----a-w- c:\windows\inf\drvindex.dat 2009-11-25 04:53:53 37665 ----a-w- c:\windows\fonts\GlobalUserInterface.CompositeFont 2009-10-01 01:02:17 2537472 ----a-w- c:\windows\system32\wpdshext.dll 2009-10-01 01:02:05 30208 ----a-w- c:\windows\system32\WPDShextAutoplay.exe 2009-10-01 01:02:04 334848 ----a-w- c:\windows\system32\PortableDeviceApi.dll 2009-10-01 01:02:02 87552 ----a-w- c:\windows\system32\WPDShServiceObj.dll 2009-10-01 01:02:00 31232 ----a-w- c:\windows\system32\BthMtpContextHandler.dll 2009-10-01 01:01:59 546816 ----a-w- c:\windows\system32\wpd_ci.dll 2009-10-01 01:01:59 160256 ----a-w- c:\windows\system32\PortableDeviceTypes.dll 2009-10-01 01:01:56 60928 ----a-w- c:\windows\system32\PortableDeviceConnectApi.dll 2009-10-01 01:01:56 350208 ----a-w- c:\windows\system32\WPDSp.dll 2009-10-01 01:01:56 196608 ----a-w- c:\windows\system32\PortableDeviceWMDRM.dll 2009-10-01 01:01:56 100864 ----a-w- c:\windows\system32\PortableDeviceClassExtension.dll 2009-10-01 01:01:54 81920 ----a-w- c:\windows\system32\wpdbusenum.dll 2009-10-01 01:01:54 40448 ----a-w- c:\windows\system32\drivers\WpdUsb.sys 2009-10-01 01:01:50 226816 ----a-w- c:\windows\system32\WpdMtp.dll 2009-10-01 01:01:49 61952 ----a-w- c:\windows\system32\WpdMtpUS.dll 2009-10-01 01:01:49 33280 ----a-w- c:\windows\system32\WpdConns.dll 2009-09-25 02:10:10 974848 ----a-w- c:\windows\system32\WindowsCodecs.dll 2009-09-25 02:07:08 189440 ----a-w- c:\windows\system32\WindowsCodecsExt.dll 2009-09-25 02:04:32 321024 ----a-w- c:\windows\system32\PhotoMetadataHandler.dll 2009-09-25 01:49:22 1554432 ----a-w- c:\windows\system32\xpsservices.dll 2009-09-25 01:48:08 351232 ----a-w- c:\windows\system32\XpsPrint.dll 2009-09-25 01:38:29 847360 ----a-w- c:\windows\system32\OpcServices.dll 2009-09-25 01:36:13 280064 ----a-w- c:\windows\system32\XpsGdiConverter.dll 2009-09-25 01:35:31 135680 ----a-w- c:\windows\system32\XpsRasterService.dll 2009-09-25 01:33:25 195584 ----a-w- c:\windows\system32\dxdiagn.dll 2009-09-25 01:33:15 829440 ----a-w- c:\windows\system32\d3d10warp.dll 2009-09-25 01:33:01 369664 ----a-w- c:\windows\system32\WMPhoto.dll 2009-09-25 01:32:59 252928 ----a-w- c:\windows\system32\dxdiag.exe 2009-09-25 01:31:53 519680 ----a-w- c:\windows\system32\d3d11.dll 2009-09-25 01:31:26 486912 ----a-w- c:\windows\system32\d3d10level9.dll 2009-09-25 01:31:21 161280 ----a-w- c:\windows\system32\d3d10_1.dll 2009-09-25 01:31:19 218112 ----a-w- c:\windows\system32\d3d10_1core.dll 2009-09-25 01:31:16 1030144 ----a-w- c:\windows\system32\d3d10.dll 2009-09-25 01:31:15 828928 ----a-w- c:\windows\system32\d2d1.dll 2009-09-25 01:30:23 481792 ----a-w- c:\windows\system32\dxgi.dll 2009-09-25 01:30:23 190464 ----a-w- c:\windows\system32\d3d10core.dll 2009-09-25 01:27:04 793088 ----a-w- c:\windows\system32\FntCache.dll 2009-09-25 01:27:04 37888 ----a-w- c:\windows\system32\cdd.dll 2009-09-25 01:27:04 1064448 ----a-w- c:\windows\system32\DWrite.dll 2009-09-24 22:54:55 258048 ----a-w- c:\windows\system32\winspool.drv 2009-09-24 22:54:53 667648 ----a-w- c:\windows\system32\printfilterpipelinesvc.exe 2009-09-24 22:54:52 26112 ----a-w- c:\windows\system32\printfilterpipelineprxy.dll 2009-09-10 16:48:01 218624 ----a-w- c:\windows\system32\msv1_0.dll 2009-09-04 11:41:59 60928 ----a-w- c:\windows\system32\msasn1.dll 2008-10-29 19:31:28 174 --sha-w- c:\program files\desktop.ini 2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat 2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat 2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat 2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat 2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat 2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat 2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat 2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat ============= FINISH: 8:27:46.85 ===============

Attached Files

•  Attach3.zip   3.92KB   244 downloads

[CatByte]

hi,

Your logs look clean.

just some housekeeping to do now.

please do the following:


Open Programs and Features by clicking the Start button , clicking Control Panel, clicking Programs, and then clicking Programs and Features.

Select Fast Browser Search (My Web Tattoo)(if still listed), and then click Uninstall. If you are prompted for an administrator password or confirmation, type the password or provide confirmation.

NEXT:

Follow these steps to uninstall Combofix

• Click START then RUN
• Now type Combofix /uninstall in the runbox and click OK. Note the space between the ..X and the /U, it needs to be there.

NEXT

Now to remove the rest of the tools that we have used in fixing your machine:

• Make sure you have an Internet Connection.
• Download OTC to your desktop and run it
• A list of tool components used in the Cleanup of malware will be downloaded.
• If your Firewall or Real Time protection attempts to block OTC to reach the Internet, please allow the application to do so.
• Click Yes to begin the Cleanup process and remove these components, including this application.
• You will be asked to reboot the machine to finish the Cleanup process. If you are asked to reboot the machine choose Yes.

If any logs remain after using this tool > right click and delete them.

NEXT

Below I have included a number of recommendations for how to protect your computer against malware infections.

• It is good security practice to change your passwords to all your online accounts on a fairly regular basis, this is especially true after an infection. Refer to this Microsoft article
  Strong passwords: How to create and use them
  Then consider a password keeper, to keep all your passwords safe.
  
• Keep Windows updated by regularly checking their website at :
  http://windowsupdate.microsoft.com/
  This will ensure your computer has always the latest security updates available installed on your computer.
  
  
• SpywareBlaster protects against bad ActiveX, it immunizes your PC against them.
  
  
• SpywareGuard offers realtime protection from spyware installation attempts. Make sure you are only running one real-time anti-spyware protection program ( eg : TeaTimer, Windows Defender ) or there will be a conflict.
  
  
• Make Internet Explorer more secure
  
  • Click Start > Run
  • Type Inetcpl.cpl & click OK
  • Click on the Security tab
  • Click Reset all zones to default level
  • Make sure the Internet Zone is selected & Click Custom level
  • In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".
  • Next Click OK, then Apply button and then OK to exit the Internet Properties page.
• ATF Cleaner - Cleans temporary files from IE and Windows, empties the recycle bin and more. Great tool to help speed up your computer and knock out those nasties that like to reside in the temp folders.
  
  
• MVPS Hosts file replaces your current HOSTS file with one containing well known ad sites and other bad sites. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer, meaning it will be difficult to infect yourself in the future.
  
  WOT, Web of Trust, warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:
  • Green to go
  • Yellow for caution
  • Red to stop
  WOT has an addon available for both Firefox and IE
  
  
• For Firefox, I highly recommend this add-on to keep your PC even more secure.
  
  • NoScript - for blocking ads and other potential website attacks
• Keep a backup of your important files - Now, more than ever, it's especially important to protect your digital files and memories. This article is full of good information on alternatives for home backup solutions.
  
• ERUNT (Emergency Recovery Utility NT) allows you to keep a complete backup of your registry and restore it when needed. The standard registry backup options that come with Windows back up most of the registry but not all of it. ERUNT however creates a complete backup set, including the Security hive and user related sections. ERUNT is easy to use and since it creates a full backup, there are no options or choices other than to select the location of the backup files. The backup set includes a small executable that will launch the registry restore if needed.
  
• In light of your recent issue, I'm sure you'd like to avoid any future infections. Please take a look at these well written articles:
  Think Prevention.
  PC Safety and Security--What Do I Need?.

**Be very wary with any security software that is advertised in popups or in other ways. They are not only usually of no use, but often have malware in them.


Thank you for your patience, and performing all of the procedures requested.

Please respond one last time so we can consider the thread resolved and close it, thank-you.

[milielba]

I can't use add remove programs to remove Fast Browser Search (My Web Tattoo). Wnen I click on it and hit remove nothing happens. I have not done any other of the removal processes yet.

[CatByte]

Hi, Just continue on with the rest of the directions, it probably no longer exists as I removed the componants of it with ComboFix, It showed on your Attach.txt, but is probably just the name on the list.

[milielba]

OK, I have finish with all of your recommendations and everything is perfect. Thank you very much for your time to help me. You are awesome!!!!!!!

[CatByte]

You are more than welcome stay safe ~CB

[milielba]

I plan on it!!!!

[CatByte]

Since this issue appears to be resolved ... this Topic has been closed. Glad we could be of assistance. If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread. Everyone else please begin a New Topic.