Jump to content

Build Theme!
  •  
  • Unreplied Topics
  • Downloads
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 93084 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

Virtumonde - Windows 7, Can't run as Administrator

Started by dmocrsi , Aug 03 2010 07:57 PM

  • This topic is locked This topic is locked
12 replies to this topic

#1 dmocrsi

dmocrsi

    New Member

  • Authentic Member
  • Pip
  • 6 posts

Posted 03 August 2010 - 07:57 PM

I am using a 1.73Ghz w/ 2GB. Windows 7 Enterprise.

The other day I was utilizing Yahoo and it kept redirecting me to sites that I was not searching for. I realized trouble was afoot so I downloaded Spybot S&D and up popped Virtumonde.sdn S&D said that it was unable to remove the program because it was in memory. As I restarted the computer it read that it was"Installing Windows Updates" but I didn't download any updates. I restarted in safe mode and ran S&D again, and it did not detect any malware at that point. I restarted and it continued to have the same Yahoo Redirecting.

I looked up Virtumonde and realized just how viscious it was and so I downloaded MBM, VundoFix and Virtumondebegone and ran those programs.. and all of them scanned and "cleaned" the issues but each time as I shut down it would report that it was Installing Windows Updates, but I had the Network Connections shut off so there was no possible way to download any updates, I suspect it was the Virtumonde reinstalling itself each time.

So I decided to download HiJackThis... and it wouldn't allow me to run the program at first, and I didn't know how to run it as an Administrator because Right-Clicking would only allow me to run a Compatability Mode, and that's what I did .

I don't know if these results have been effected by running the program with that setting, but it's all I have. Please advise... I don't want to sign into my email or use any passwords at this point. Please help...




Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 6:31:34 PM, on 8/3/2010
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\McAfee\Common Framework\UdaterUI.exe
C:\Program Files\McAfee\VirusScan Enterprise\shstat.exe
C:\Program Files\Synaptics\SynTP\SynToshiba.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Windows\V0250Mon.exe
C:\Program Files\Creative\Creative Live! Cam\VideoFX\StartFX.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Logitech\Gaming Software\LWEMon.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10h_ActiveX.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: (no name) - {012D6E34-E653-4DBB-85CC-9B968F931AEb} - C:\ProgramData\bthci32.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\Spybot\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\udaterui.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Run: [AdobeCS5ServiceManager] "C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [V0250Mon.exe] C:\Windows\V0250Mon.exe
O4 - HKLM\..\Run: [AVFX Engine] C:\Program Files\Creative\Creative Live! Cam\VideoFX\StartFX.exe
O4 - HKLM\..\Run: [V0250Cfg.exe] V0250Cfg.exe /d:3
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [Start WingMan Profiler] C:\Program Files\Logitech\Gaming Software\LWEMon.exe /noui
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\DmOcRsI\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm
O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\Spybot\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\Spybot\SDHelper.dll
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebo...oUploader55.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.ad...Plus/1.6/gp.cab
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - McAfee, Inc. - C:\Windows\system32\mfevtps.exe

--
End of file - 7396 bytes

    Advertisements

Register to Remove

#2 CatByte

CatByte

    Classroom Administrator

  • Classroom Admin
  • 21,060 posts
  • MVP

Posted 04 August 2010 - 09:13 AM

Hi

Please do the following:



Please download MBRCheck.exe to your desktop.
  • Be sure to disable your security programs
  • Double click on the file to run it (Vista and Windows 7 users will have to confirm the UAC prompt)
  • A window will open on your desktop
  • if an unknown bootcode is found you will have further options available to you, at this time press N then press Enter twice.
  • If nothing unusual is found just press Enter
  • A .txt file named MBRCheck_mm.dd.yy_hh.mm.ss should appear on your desktop.
  • Please post the contents of that file.



NEXT


Please download DDS from either of these links

LINK 1
LINK 2

and save it to your desktop.
  • Disable any script blocking protection
  • Double click dds.pif to run the tool.
  • When done, two DDS.txt's will open.
  • Save both reports to your desktop.
---------------------------------------------------
Please include the contents of the following in your next reply:

DDS.txt
Attach.txt.



NEXT


Download GMER Rootkit Scanner from here to your desktop. It will be a randomly named executable.
  • Double click the exe file.
  • If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO, then use the following settings for a more complete scan.

    Posted Image
    Click the image to enlarge it
  • In the right panel, you will see several boxes that have been checked. Ensure the following are unchecked
    • IAT/EAT
    • Drives/Partition other than Systemdrive (typically C:\)
    • Show All (don't miss this one)
  • Then click the Scan button & wait for it to finish.
  • Once done click on the [Save..] button, and in the File name area, type in "Gmer.txt" or it will save as a .log file which cannot be uploaded to your post.
  • Save it where you can easily find it, such as your desktop, and attach it in reply.

**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries

Microsoft MVP 2010, 2011, 2012, 2013, 2014, 2015

#3 dmocrsi

dmocrsi

    New Member

  • Authentic Member
  • Pip
  • 6 posts

Posted 04 August 2010 - 04:09 PM

MBRCheck, version 1.2.3 © 2010, AD Command-line: Windows Version: Windows 7 Enterprise Edition Windows Information: (build 7600), 32-bit Base Board Manufacturer: TOSHIBA BIOS Manufacturer: TOSHIBA System Manufacturer: TOSHIBA System Product Name: Satellite A135 Logical Drives Mask: 0x0000000c Kernel Drivers (total 197): 0x81C48000 \SystemRoot\system32\ntoskrnl.exe 0x81C11000 \SystemRoot\system32\halmacpi.dll 0x817D9000 \SystemRoot\system32\kdcom.dll 0x88034000 \SystemRoot\system32\mcupdate_GenuineIntel.dll 0x880AC000 \SystemRoot\system32\PSHED.dll 0x880BD000 \SystemRoot\system32\BOOTVID.dll 0x880C5000 \SystemRoot\system32\CLFS.SYS 0x88107000 \SystemRoot\system32\CI.dll 0x881B2000 \SystemRoot\system32\drivers\Wdf01000.sys 0x88223000 \SystemRoot\system32\drivers\WDFLDR.SYS 0x88231000 \SystemRoot\system32\DRIVERS\ACPI.sys 0x88279000 \SystemRoot\system32\DRIVERS\WMILIB.SYS 0x88282000 \SystemRoot\system32\DRIVERS\msisadrv.sys 0x8828A000 \SystemRoot\system32\DRIVERS\pci.sys 0x882B4000 \SystemRoot\system32\DRIVERS\vdrvroot.sys 0x882BF000 \SystemRoot\System32\drivers\partmgr.sys 0x882D0000 \SystemRoot\system32\DRIVERS\compbatt.sys 0x882D8000 \SystemRoot\system32\DRIVERS\BATTC.SYS 0x882E3000 \SystemRoot\system32\DRIVERS\volmgr.sys 0x882F3000 \SystemRoot\System32\drivers\volmgrx.sys 0x8833E000 \SystemRoot\system32\DRIVERS\pciide.sys 0x88345000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS 0x88353000 \SystemRoot\system32\DRIVERS\pcmcia.sys 0x88381000 \SystemRoot\System32\drivers\mountmgr.sys 0x88397000 \SystemRoot\system32\DRIVERS\atapi.sys 0x883A0000 \SystemRoot\system32\DRIVERS\ataport.SYS 0x883C3000 \SystemRoot\system32\DRIVERS\amdxata.sys 0x883CC000 \SystemRoot\system32\drivers\fltmgr.sys 0x88000000 \SystemRoot\system32\drivers\fileinfo.sys 0x88422000 \SystemRoot\System32\Drivers\Ntfs.sys 0x88551000 \SystemRoot\System32\Drivers\msrpc.sys 0x8857C000 \SystemRoot\System32\Drivers\ksecdd.sys 0x8858F000 \SystemRoot\System32\Drivers\cng.sys 0x885EC000 \SystemRoot\System32\drivers\pcw.sys 0x885FA000 \SystemRoot\System32\Drivers\Fs_Rec.sys 0x88603000 \SystemRoot\system32\drivers\ndis.sys 0x886BA000 \SystemRoot\system32\drivers\NETIO.SYS 0x886F8000 \SystemRoot\System32\Drivers\ksecpkg.sys 0x8883B000 \SystemRoot\System32\drivers\tcpip.sys 0x88984000 \SystemRoot\System32\drivers\fwpkclnt.sys 0x889B5000 \SystemRoot\system32\DRIVERS\vmstorfl.sys 0x889BE000 \SystemRoot\system32\DRIVERS\volsnap.sys 0x889FD000 \SystemRoot\system32\DRIVERS\TVALZ_O.SYS 0x88A02000 \SystemRoot\System32\Drivers\spldr.sys 0x88A0A000 \SystemRoot\System32\drivers\rdyboost.sys 0x88A37000 \SystemRoot\System32\Drivers\mup.sys 0x88A47000 \SystemRoot\system32\drivers\mfehidk.sys 0x88A99000 \SystemRoot\System32\drivers\hwpolicy.sys 0x88AA1000 \SystemRoot\System32\DRIVERS\fvevol.sys 0x88AD3000 \SystemRoot\system32\DRIVERS\disk.sys 0x88AE4000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS 0x88B3B000 \SystemRoot\system32\DRIVERS\cdrom.sys 0x88B5A000 \SystemRoot\system32\DRIVERS\MpFilter.sys 0x88B7D000 \SystemRoot\System32\Drivers\Null.SYS 0x88B84000 \SystemRoot\System32\Drivers\Beep.SYS 0x88B8B000 \SystemRoot\System32\drivers\vga.sys 0x88B97000 \SystemRoot\System32\drivers\VIDEOPRT.SYS 0x88BB8000 \SystemRoot\System32\drivers\watchdog.sys 0x88BC5000 \SystemRoot\System32\DRIVERS\RDPCDD.sys 0x88BCD000 \SystemRoot\system32\drivers\rdpencdd.sys 0x88BD5000 \SystemRoot\system32\drivers\rdprefmp.sys 0x88BDD000 \SystemRoot\System32\Drivers\Msfs.SYS 0x88BE8000 \SystemRoot\System32\Drivers\Npfs.SYS 0x88800000 \SystemRoot\system32\DRIVERS\tdx.sys 0x88817000 \SystemRoot\system32\DRIVERS\TDI.SYS 0x88822000 \SystemRoot\system32\drivers\mfetdik.sys 0x8871D000 \SystemRoot\System32\DRIVERS\netbt.sys 0x8874F000 \SystemRoot\system32\drivers\afd.sys 0x88830000 \SystemRoot\system32\DRIVERS\wfplwf.sys 0x887A9000 \SystemRoot\system32\DRIVERS\pacer.sys 0x887C8000 \SystemRoot\system32\DRIVERS\vwififlt.sys 0x887D9000 \SystemRoot\system32\DRIVERS\netbios.sys 0x887E7000 \SystemRoot\system32\DRIVERS\wanarp.sys 0x88400000 \SystemRoot\system32\DRIVERS\termdd.sys 0x8B419000 \SystemRoot\system32\DRIVERS\rdbss.sys 0x8B45A000 \SystemRoot\system32\drivers\nsiproxy.sys 0x8B464000 \SystemRoot\system32\ckldrv.sys 0x8B469000 \SystemRoot\system32\DRIVERS\mssmbios.sys 0x8B473000 \SystemRoot\System32\drivers\discache.sys 0x8B47F000 \SystemRoot\system32\drivers\csc.sys 0x8B4E3000 \SystemRoot\System32\Drivers\dfsc.sys 0x8B4FB000 \SystemRoot\system32\DRIVERS\blbdrive.sys 0x8B509000 \SystemRoot\system32\DRIVERS\tunnel.sys 0x8B52A000 \SystemRoot\system32\DRIVERS\intelppm.sys 0x8D01F000 \SystemRoot\system32\DRIVERS\atikmdag.sys 0x8D607000 \SystemRoot\System32\drivers\dxgkrnl.sys 0x8D6BE000 \SystemRoot\System32\drivers\dxgmms1.sys 0x8B53C000 \SystemRoot\system32\DRIVERS\athr.sys 0x8D6F7000 \SystemRoot\system32\DRIVERS\vwifibus.sys 0x8D701000 \SystemRoot\system32\DRIVERS\usbohci.sys 0x8D70B000 \SystemRoot\system32\DRIVERS\USBPORT.SYS 0x8D756000 \SystemRoot\system32\DRIVERS\usbehci.sys 0x8D765000 \SystemRoot\system32\DRIVERS\HDAudBus.sys 0x8D784000 \SystemRoot\system32\DRIVERS\CmBatt.sys 0x8D788000 \SystemRoot\system32\DRIVERS\i8042prt.sys 0x8D7A0000 \SystemRoot\system32\DRIVERS\kbdclass.sys 0x8D7AD000 \SystemRoot\system32\DRIVERS\SynTP.sys 0x8D7DD000 \SystemRoot\system32\DRIVERS\USBD.SYS 0x8D7DF000 \SystemRoot\system32\DRIVERS\mouclass.sys 0x8D7EC000 \SystemRoot\system32\DRIVERS\Rtnicxp.sys 0x8D000000 \SystemRoot\system32\DRIVERS\CompositeBus.sys 0x8D00D000 \SystemRoot\system32\DRIVERS\AgileVpn.sys 0x8B669000 \SystemRoot\system32\DRIVERS\rasl2tp.sys 0x8B681000 \SystemRoot\system32\DRIVERS\ndistapi.sys 0x8B68C000 \SystemRoot\system32\DRIVERS\ndiswan.sys 0x8B6AE000 \SystemRoot\system32\DRIVERS\raspppoe.sys 0x8B6C6000 \SystemRoot\system32\DRIVERS\raspptp.sys 0x8B6DD000 \SystemRoot\system32\DRIVERS\rassstp.sys 0x8B6F4000 \SystemRoot\system32\DRIVERS\rdpbus.sys 0x8D7FB000 \SystemRoot\system32\DRIVERS\swenum.sys 0x8B6FE000 \SystemRoot\system32\DRIVERS\ks.sys 0x8B732000 \SystemRoot\system32\drivers\WmBEnum.sys 0x8B736000 \SystemRoot\system32\drivers\WmXlCore.sys 0x8B745000 \SystemRoot\system32\DRIVERS\umbus.sys 0x8B753000 \SystemRoot\system32\DRIVERS\usbhub.sys 0x8B797000 \SystemRoot\System32\Drivers\NDProxy.SYS 0x8EC09000 \SystemRoot\system32\DRIVERS\AGRSM.sys 0x8ED0F000 \SystemRoot\system32\drivers\modem.sys 0x8ED1C000 \SystemRoot\system32\drivers\HdAudio.sys 0x8ED6C000 \SystemRoot\system32\drivers\portcls.sys 0x8ED9B000 \SystemRoot\system32\drivers\drmk.sys 0x8EDB4000 \SystemRoot\System32\Drivers\crashdmp.sys 0x8EDC1000 \SystemRoot\System32\Drivers\dump_dumpata.sys 0x8EDCC000 \SystemRoot\System32\Drivers\dump_atapi.sys 0x8EDD5000 \SystemRoot\System32\Drivers\dump_dumpfve.sys 0x8F040000 \SystemRoot\System32\win32k.sys 0x8EDE6000 \SystemRoot\System32\drivers\Dxapi.sys 0x8EDF0000 \SystemRoot\system32\DRIVERS\monitor.sys 0x8F2A0000 \SystemRoot\System32\TSDDD.dll 0x8F2D0000 \SystemRoot\System32\cdd.dll 0x8F2F0000 \SystemRoot\System32\ATMFD.DLL 0x8EDFB000 \SystemRoot\system32\drivers\luafv.sys 0x8EE16000 \SystemRoot\system32\drivers\WudfPf.sys 0x8EE30000 \SystemRoot\system32\DRIVERS\lltdio.sys 0x8EE40000 \SystemRoot\system32\DRIVERS\nwifi.sys 0x8EE86000 \SystemRoot\system32\DRIVERS\ndisuio.sys 0x8EE96000 \SystemRoot\system32\DRIVERS\rspndr.sys 0x8EEA9000 \SystemRoot\system32\DRIVERS\vwifimp.sys 0x8EEB2000 \SystemRoot\system32\drivers\HTTP.sys 0x8EF37000 \SystemRoot\system32\DRIVERS\bowser.sys 0x8EF50000 \SystemRoot\System32\drivers\mpsdrv.sys 0x8EF62000 \SystemRoot\system32\DRIVERS\mrxsmb.sys 0x8EF85000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys 0x8EFC0000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys 0x8EFDB000 \SystemRoot\System32\Drivers\SENTINEL.SYS 0x97033000 \SystemRoot\system32\drivers\peauth.sys 0x970CA000 \SystemRoot\System32\Drivers\secdrv.SYS 0x970D4000 \SystemRoot\System32\DRIVERS\srvnet.sys 0x970F5000 \SystemRoot\System32\drivers\tcpipreg.sys 0x97102000 \SystemRoot\System32\DRIVERS\srv2.sys 0x97151000 \SystemRoot\System32\DRIVERS\srv.sys 0x971A2000 \SystemRoot\system32\DRIVERS\MpNWMon.sys 0x971AB000 \SystemRoot\system32\drivers\WmVirHid.sys 0x971AE000 \SystemRoot\system32\drivers\HIDCLASS.SYS 0x971C1000 \SystemRoot\system32\drivers\HIDPARSE.SYS 0x971C8000 \SystemRoot\system32\DRIVERS\kbdhid.sys 0x971D4000 \SystemRoot\system32\DRIVERS\mouhid.sys 0x97249000 \SystemRoot\system32\DRIVERS\asyncmac.sys 0x777B0000 \Windows\System32\ntdll.dll 0x47FD0000 \Windows\System32\smss.exe 0x779F0000 \Windows\System32\apisetschema.dll 0x00630000 \Windows\System32\autochk.exe 0x76B60000 \Windows\System32\shell32.dll 0x77930000 \Windows\System32\rpcrt4.dll 0x76960000 \Windows\System32\iertutil.dll 0x76800000 \Windows\System32\ole32.dll 0x767A0000 \Windows\System32\shlwapi.dll 0x77920000 \Windows\System32\nsi.dll 0x766C0000 \Windows\System32\kernel32.dll 0x76640000 \Windows\System32\comdlg32.dll 0x76590000 \Windows\System32\msvcrt.dll 0x77900000 \Windows\System32\imm32.dll 0x778F0000 \Windows\System32\lpk.dll 0x76500000 \Windows\System32\clbcatq.dll 0x76360000 \Windows\System32\setupapi.dll 0x762D0000 \Windows\System32\oleaut32.dll 0x76280000 \Windows\System32\Wldap32.dll 0x76270000 \Windows\System32\normaliz.dll 0x76260000 \Windows\System32\psapi.dll 0x76200000 \Windows\System32\difxapi.dll 0x760C0000 \Windows\System32\urlmon.dll 0x76090000 \Windows\System32\imagehlp.dll 0x76050000 \Windows\System32\ws2_32.dll 0x75F80000 \Windows\System32\msctf.dll 0x75EE0000 \Windows\System32\advapi32.dll 0x75E10000 \Windows\System32\user32.dll 0x75D70000 \Windows\System32\usp10.dll 0x75D20000 \Windows\System32\gdi32.dll 0x75C20000 \Windows\System32\wininet.dll 0x75C00000 \Windows\System32\sechost.dll 0x75BD0000 \Windows\System32\cfgmgr32.dll 0x75BB0000 \Windows\System32\devobj.dll 0x75A90000 \Windows\System32\crypt32.dll 0x75A40000 \Windows\System32\KernelBase.dll 0x759B0000 \Windows\System32\comctl32.dll 0x75980000 \Windows\System32\wintrust.dll 0x75970000 \Windows\System32\msasn1.dll Processes (total 55): 0 System Idle Process 4 System 284 C:\Windows\System32\smss.exe 388 csrss.exe 460 C:\Windows\System32\wininit.exe 472 csrss.exe 516 C:\Windows\System32\services.exe 548 C:\Windows\System32\winlogon.exe 560 C:\Windows\System32\lsass.exe 568 C:\Windows\System32\lsm.exe 700 C:\Windows\System32\svchost.exe 780 C:\Windows\System32\svchost.exe 884 C:\Program Files\Microsoft Security Essentials\MsMpEng.exe 952 C:\Windows\System32\svchost.exe 992 C:\Windows\System32\svchost.exe 1016 C:\Windows\System32\svchost.exe 1092 C:\Windows\System32\audiodg.exe 1172 C:\Windows\System32\svchost.exe 1340 C:\Windows\System32\svchost.exe 1464 C:\Windows\System32\spoolsv.exe 1520 C:\Windows\System32\svchost.exe 1656 C:\Program Files\Common Files\microsoft shared\VS7DEBUG\mdm.exe 1680 C:\Windows\System32\mfevtps.exe 1752 C:\Windows\System32\svchost.exe 2080 C:\Windows\servicing\TrustedInstaller.exe 2124 C:\Windows\System32\taskhost.exe 2132 C:\Windows\System32\dwm.exe 2192 C:\Windows\explorer.exe 2412 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe 2448 C:\Program Files\Synaptics\SynTP\SynToshiba.exe 2468 C:\Program Files\McAfee\Common Framework\UdaterUI.exe 2520 C:\Program Files\McAfee\VirusScan Enterprise\shstat.exe 2556 C:\Program Files\Common Files\Java\Java Update\jusched.exe 2564 C:\Program Files\Common Files\Real\Update_OB\realsched.exe 2700 C:\Windows\V0250Mon.exe 2728 C:\Program Files\Creative\Creative Live! Cam\VideoFX\StartFX.exe 2748 C:\Program Files\Microsoft IntelliPoint\ipoint.exe 2760 C:\Program Files\Logitech\Gaming Software\LWEMon.exe 2776 C:\Program Files\Microsoft Security Essentials\msseces.exe 2976 C:\Program Files\Synaptics\SynTP\SynTPHelper.exe 3012 C:\Windows\System32\SearchIndexer.exe 3200 C:\Program Files\Windows Media Player\wmpnetwk.exe 3372 C:\Program Files\Internet Explorer\iexplore.exe 3436 C:\Windows\System32\svchost.exe 3532 C:\Program Files\Internet Explorer\iexplore.exe 3836 C:\Program Files\McAfee\Common Framework\McTray.exe 892 C:\Windows\System32\Macromed\Flash\FlashUtil10h_ActiveX.exe 2340 C:\Program Files\Internet Explorer\iexplore.exe 2336 WmiPrvSE.exe 3672 C:\Windows\System32\SearchProtocolHost.exe 2948 C:\Windows\System32\SearchFilterHost.exe 3624 C:\Windows\System32\dllhost.exe 1204 C:\Users\DmOcRsI\Desktop\MBRCheck.exe 3820 C:\Windows\System32\conhost.exe 452 C:\Program Files\Skype\Toolbars\Shared\SkypeNames2.exe \\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`06500000 (NTFS) PhysicalDrive0 Model Number: WDCWD3200BEKT-00A25T0, Rev: 01.01A01 Size Device Name MBR Status -------------------------------------------- 298 GB \\.\PhysicalDrive0 Windows 7 MBR code detected SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79 Done! DDS (Ver_10-03-17.01) - NTFSx86 Run by DmOcRsI at 15:02:31.86 on Wed 08/04/2010 Internet Explorer: 8.0.7600.16385 Microsoft Windows 7 Enterprise 6.1.7600.0.1252.1.1033.18.1918.1008 [GMT -7:00] AV: McAfee VirusScan Enterprise *On-access scanning disabled* (Updated) {918A2B0B-2C60-4016-A4AB-E868DEABF7F0} SP: Spybot - Search and Destroy *disabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9} ============== Running Processes =============== C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS c:\Program Files\Microsoft Security Essentials\MsMpEng.exe C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe C:\Windows\system32\mfevtps.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Windows\system32\taskhost.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Synaptics\SynTP\SynToshiba.exe C:\Program Files\McAfee\Common Framework\UdaterUI.exe C:\Program Files\McAfee\VirusScan Enterprise\shstat.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Windows\V0250Mon.exe C:\Program Files\Creative\Creative Live! Cam\VideoFX\StartFX.exe C:\Program Files\Microsoft IntelliPoint\ipoint.exe C:\Program Files\Logitech\Gaming Software\LWEMon.exe C:\Program Files\Microsoft Security Essentials\msseces.exe C:\Program Files\Synaptics\SynTP\SynTPHelper.exe C:\Windows\system32\SearchIndexer.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\McAfee\Common Framework\McTray.exe C:\Windows\system32\Macromed\Flash\FlashUtil10h_ActiveX.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\vssvc.exe C:\Windows\System32\svchost.exe -k swprv C:\Windows\system32\DllHost.exe C:\Windows\system32\DllHost.exe C:\Users\DmOcRsI\Desktop\dds.com C:\Windows\system32\conhost.exe ============== Pseudo HJT Report =============== uStart Page = hxxp://www.yahoo.com/ BHO: {012d6e34-e653-4dbb-85cc-9b968f931aeb} - c:\programdata\bthci32.dll BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\programdata\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot\SDHelper.dll BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll BHO: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn0\YTSingleInstance.dll TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe" mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" mRun: [McAfeeUpdaterUI] "c:\program files\mcafee\common framework\udaterui.exe" /StartedFromRunKey mRun: [ShStatEXE] "c:\program files\mcafee\virusscan enterprise\SHSTAT.EXE" /STANDALONE mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe" mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe" mRun: [SwitchBoard] c:\program files\common files\adobe\switchboard\SwitchBoard.exe mRun: [AdobeCS5ServiceManager] "c:\program files\common files\adobe\cs5servicemanager\CS5ServiceManager.exe" -launchedbylogin mRun: [V0250Mon.exe] c:\windows\V0250Mon.exe mRun: [AVFX Engine] c:\program files\creative\creative live! cam\videofx\StartFX.exe mRun: [V0250Cfg.exe] V0250Cfg.exe /d:3 mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe" mRun: [Start WingMan Profiler] c:\program files\logitech\gaming software\LWEMon.exe /noui mRun: [MSSE] "c:\program files\microsoft security essentials\msseces.exe" -hide -runkey mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) mPolicies-system: PromptOnSecureDesktop = 0 (0x0) IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000 IE: Free YouTube to Mp3 Converter - c:\users\dmocrsi\appdata\roaming\dvdvideosoftiehelpers\youtubetomp3.htm IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot\SDHelper.dll DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL Hosts: 127.0.0.1 www.spywareinfo.com ============= SERVICES / DRIVERS =============== R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2010-5-17 340592] R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-3-25 151216] R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128] R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2010-5-17 67904] R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\drivers\MpNWMon.sys [2010-3-25 42368] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888] S3 BrSerIb;Brother MFC Serial Interface Driver(WDM);c:\windows\system32\drivers\BrSerIb.sys [2009-7-13 265088] S3 BrUsbSIb;Brother MFC Serial USB Driver(WDM);c:\windows\system32\drivers\BrUsbSIb.sys [2009-7-13 11904] S3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2010-5-17 90360] S3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2010-5-17 42424] S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2010-5-17 64432] S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992] S3 V0250Dev;Live! Cam Notebook Pro;c:\windows\system32\drivers\V0250Dev.sys [2010-6-10 185504] S3 V0250Vfx;V0250Vfx;c:\windows\system32\drivers\V0250Vfx.sys [2010-6-10 6272] S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\drivers\vwifimp.sys [2009-7-13 14336] S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-5-17 1343400] S4 McAfeeEngineService;McAfee Engine Service;c:\program files\mcafee\virusscan enterprise\EngineServer.exe [2008-9-29 19456] S4 McAfeeFramework;McAfee Framework Service;c:\program files\mcafee\common framework\FrameworkService.exe [2008-3-14 103744] S4 McShield;McAfee McShield;c:\program files\mcafee\virusscan enterprise\Mcshield.exe [2008-9-29 143088] S4 McTaskManager;McAfee Task Manager;c:\program files\mcafee\virusscan enterprise\VsTskMgr.exe [2008-9-29 62800] S4 SAiAdmin;SAiAdmin;c:\windows\system32\SAiAdmin.exe [2010-5-18 65536] S4 SAiDownloaderVista;SAiDownloaderVista;c:\windows\system32\SAiDownloaderVista.exe [2010-5-18 77824] S4 SAiLicSvr;SAiLicSvr;c:\windows\system32\SAiLicSvr.exe [2010-5-18 86016] S4 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot\SDWinSec.exe [2010-8-2 1153368] S4 SentinelKeysServer;Sentinel Keys Server;c:\program files\common files\safenet sentinel\sentinel keys server\sntlkeyssrvr.exe [2007-4-27 316992] S4 SwitchBoard;Adobe SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096] =============== Created Last 30 ================ 2010-08-04 09:25:11 0 d-----w- c:\program files\Microsoft Security Essentials 2010-08-03 18:24:03 0 d-----w- c:\program files\Trend Micro 2010-08-03 11:14:37 684128 ----a-w- c:\windows\system32\perfh019.dat 2010-08-03 11:14:37 39446 ----a-w- c:\windows\system32\perfd019.dat 2010-08-03 11:14:37 336704 ----a-w- c:\windows\system32\perfi019.dat 2010-08-03 11:14:37 132650 ----a-w- c:\windows\system32\perfc019.dat 2010-08-03 11:13:14 0 d-----w- c:\windows\system32\drivers\ru-RU 2010-08-03 11:13:12 0 d-----w- c:\windows\system32\ru 2010-08-03 11:13:10 0 d-----w- c:\windows\system32\wbem\ru-RU 2010-08-03 11:12:57 0 d-----w- c:\windows\ru-RU 2010-08-03 10:57:44 641536 ----a-w- c:\windows\system32\CPFilters.dll 2010-08-03 10:57:43 417792 ----a-w- c:\windows\system32\msdri.dll 2010-08-03 10:57:43 199680 ----a-w- c:\windows\system32\mpg2splt.ax 2010-08-03 10:57:42 204288 ----a-w- c:\windows\system32\MSNP.ax 2010-08-03 10:57:40 1286456 ----a-w- c:\windows\system32\ntdll.dll 2010-08-03 06:56:47 0 d-----w- c:\users\dmocrsi\appdata\roaming\Malwarebytes 2010-08-03 06:56:35 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-08-03 06:56:34 0 d-----w- c:\programdata\Malwarebytes 2010-08-03 06:56:32 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-08-03 06:56:32 0 d-----w- c:\program files\Malwarebytes 2010-08-03 06:07:43 0 d-----w- C:\VundoFix Backups 2010-08-02 23:33:15 0 d-----w- c:\programdata\Spybot - Search & Destroy 2010-08-02 23:33:15 0 d-----w- c:\program files\Spybot 2010-08-02 22:11:31 315392 ----a-w- c:\programdata\bthci32.dll 2010-08-02 11:01:33 315392 ----a-w- c:\programdata\bitsperf32.dll 2010-08-02 07:47:18 324608 ----a-w- c:\windows\system32\CRPPresentation32.dll 2010-08-02 07:45:24 0 d-----w- c:\windows\system32\?0?? 2010-08-02 07:45:24 0 d-----w- c:\windows\system32\????0?? 2010-08-01 20:09:06 324608 ----a-w- c:\windows\system32\Ati2evxx32.dll 2010-08-01 20:08:44 0 d-sh--w- c:\programdata\SysWoW32 2010-08-01 20:08:29 203776 --sh--w- c:\programdata\unrar.exe 2010-08-01 20:08:22 313344 ----a-w- c:\programdata\bcrypt32.dll 2010-08-01 20:08:14 324608 ----a-w- c:\windows\system32\AuthFWSnapin32.dll 2010-08-01 20:08:13 207872 ----a-w- c:\windows\system32\authfwcfg32.dll 2010-08-01 19:19:24 2240 ----a-w- c:\windows\system32\esnecil.nlp 2010-08-01 19:19:24 2240 ----a-w- c:\windows\system32\esnecil.ind 2010-08-01 18:50:02 68 ----a-w- c:\windows\Crypkey.ini 2010-08-01 18:49:41 65536 ----a-w- c:\windows\system32\Crypserv.exe 2010-08-01 18:49:41 29414 ----a-w- c:\windows\system32\Ckldrv.sys 2010-08-01 18:49:41 27648 ----a-r- c:\windows\Setup_ck.exe 2010-08-01 18:49:41 18432 ----a-w- c:\windows\Setup_ck.dll 2010-08-01 18:49:41 165888 ----a-w- c:\windows\Ckconfig.exe 2010-08-01 18:49:41 11776 ----a-w- c:\windows\Ckrfresh.exe 2010-08-01 18:49:36 724992 ----a-w- c:\windows\iun6002.exe 2010-08-01 18:49:31 0 d-----w- c:\program files\VisTool6.1 2010-08-01 18:49:30 0 d-----w- C:\idapi 2010-07-29 10:21:01 0 d-----w- c:\program files\AnyToISO 2010-07-29 03:10:31 0 d-----w- c:\program files\common files\Logitech 2010-07-28 06:55:11 0 d-----w- c:\users\dmocrsi\appdata\roaming\SignCut 2010-07-28 06:55:11 0 d-----w- c:\program files\SignCut 2010-07-27 11:57:25 0 d-----w- c:\program files\DVD Decrypter 2010-07-27 11:34:44 0 d-----w- c:\users\dmocrsi\appdata\roaming\Canneverbe Limited 2010-07-27 11:34:43 0 d-----w- c:\programdata\Canneverbe Limited 2010-07-27 11:34:32 7168 ----a-w- c:\windows\system32\drivers\StarOpen.sys 2010-07-27 09:34:42 0 d-----w- c:\program files\Ask.com 2010-07-27 09:34:32 0 d-----w- c:\program files\uTorrent 2010-07-27 09:33:40 0 d-----w- c:\users\dmocrsi\appdata\roaming\uTorrent 2010-07-26 21:33:23 56832 ------w- c:\windows\system32\iyvu9_32.dll 2010-07-26 21:33:23 143872 ------w- c:\windows\system32\iacenc.dll 2010-07-26 21:29:45 0 d-----w- c:\windows\BBSTORE 2010-07-26 21:29:45 0 d-----w- c:\program files\The Learning Company 2010-07-26 21:29:43 306688 ----a-w- c:\windows\IsUninst.exe 2010-07-26 21:29:38 0 ----a-w- c:\windows\SETUP32.INI 2010-07-26 20:40:43 0 d-----w- C:\DOSGames 2010-07-26 20:31:08 0 d-----w- c:\program files\DOSBox-0.74 2010-07-26 03:55:11 0 d-----w- c:\program files\Planetarium0261 2010-07-26 00:40:02 218 ----a-w- c:\users\dmocrsi\.recently-used.xbel 2010-07-25 23:51:37 0 d-----w- c:\users\dmocrsi\appdata\roaming\inkscape 2010-07-25 23:36:30 0 d-----w- c:\program files\Inkscape 2010-07-21 03:20:55 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_point32k_01009.Wdf 2010-07-21 03:20:50 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_NuidFltr_01005.Wdf 2010-07-21 03:20:39 0 d-----w- c:\program files\Microsoft IntelliPoint 2010-07-20 05:36:45 0 d-----w- c:\program files\Microsoft Games 2010-07-17 08:25:05 0 d-----w- c:\program files\Microsoft Windows 7 Upgrade Advisor 2010-07-16 09:38:57 0 d-----w- c:\program files\NaTCH 2010-07-16 09:38:51 249856 ------w- c:\windows\Setup1.exe 2010-07-16 09:38:50 73216 ----a-w- c:\windows\ST6UNST.EXE 2010-07-16 09:37:28 0 d-----w- c:\windows\system32\appmgmt 2010-07-13 04:53:54 292864 ----a-w- c:\windows\system32\apphelp.dll ==================== Find3M ==================== 2010-08-04 21:26:17 99468 ----a-w- c:\windows\system32\prfc0404.dat 2010-08-04 21:26:17 701624 ----a-w- c:\windows\system32\perfh00A.dat 2010-08-04 21:26:17 396688 ----a-w- c:\windows\system32\perfh011.dat 2010-08-04 21:26:17 386040 ----a-w- c:\windows\system32\prfh0404.dat 2010-08-04 21:26:17 369938 ----a-w- c:\windows\system32\prfh0804.dat 2010-08-04 21:26:17 137196 ----a-w- c:\windows\system32\perfc00A.dat 2010-08-04 21:26:17 106522 ----a-w- c:\windows\system32\perfc011.dat 2010-08-04 21:26:17 104382 ----a-w- c:\windows\system32\prfc0804.dat 2010-08-03 11:12:41 39446 ----a-w- c:\windows\inf\perflib\0419\perfd.dat 2010-08-03 11:12:41 39446 ----a-w- c:\windows\inf\perflib\0419\perfc.dat 2010-08-03 11:12:41 336704 ----a-w- c:\windows\inf\perflib\0419\perfi.dat 2010-08-03 11:12:41 336704 ----a-w- c:\windows\inf\perflib\0419\perfh.dat 2010-06-01 17:37:48 221568 ------w- c:\windows\system32\MpSigStub.exe 2010-05-29 02:39:16 411368 ----a-w- c:\windows\system32\deployJava1.dll 2010-05-27 07:24:13 34304 ----a-w- c:\windows\system32\atmlib.dll 2010-05-27 03:49:37 293888 ----a-w- c:\windows\system32\atmfd.dll 2010-05-21 05:18:06 977920 ----a-w- c:\windows\system32\wininet.dll 2010-05-18 09:11:29 56 ---ha-w- c:\programdata\ezsidmv.dat 2010-05-18 05:05:43 31548 ----a-w- c:\windows\system32\perfd011.dat 2010-05-18 05:05:43 31548 ----a-w- c:\windows\inf\perflib\0411\perfd.dat 2010-05-18 05:05:43 31548 ----a-w- c:\windows\inf\perflib\0411\perfc.dat 2010-05-18 05:05:43 141988 ----a-w- c:\windows\system32\perfi011.dat 2010-05-18 05:05:43 141988 ----a-w- c:\windows\inf\perflib\0411\perfi.dat 2010-05-18 05:05:43 141988 ----a-w- c:\windows\inf\perflib\0411\perfh.dat 2010-05-18 04:57:59 41390 ----a-w- c:\windows\system32\perfd00A.dat 2010-05-18 04:57:59 41390 ----a-w- c:\windows\inf\perflib\0c0a\perfd.dat 2010-05-18 04:57:59 41390 ----a-w- c:\windows\inf\perflib\0c0a\perfc.dat 2010-05-18 04:57:59 341432 ----a-w- c:\windows\system32\perfi00A.dat 2010-05-18 04:57:59 341432 ----a-w- c:\windows\inf\perflib\0c0a\perfi.dat 2010-05-18 04:57:59 341432 ----a-w- c:\windows\inf\perflib\0c0a\perfh.dat 2010-05-18 04:50:56 31548 ----a-w- c:\windows\system32\prfd0404.dat 2010-05-18 04:50:56 31548 ----a-w- c:\windows\inf\perflib\0404\perfd.dat 2010-05-18 04:50:56 31548 ----a-w- c:\windows\inf\perflib\0404\perfc.dat 2010-05-18 04:50:56 117840 ----a-w- c:\windows\system32\prfi0404.dat 2010-05-18 04:50:56 117840 ----a-w- c:\windows\inf\perflib\0404\perfi.dat 2010-05-18 04:50:56 117840 ----a-w- c:\windows\inf\perflib\0404\perfh.dat 2010-05-18 04:46:18 31548 ----a-w- c:\windows\system32\prfd0804.dat 2010-05-18 04:46:18 31548 ----a-w- c:\windows\inf\perflib\0804\perfd.dat 2010-05-18 04:46:18 31548 ----a-w- c:\windows\inf\perflib\0804\perfc.dat 2010-05-18 04:46:18 111310 ----a-w- c:\windows\system32\prfi0804.dat 2010-05-18 04:46:18 111310 ----a-w- c:\windows\inf\perflib\0804\perfi.dat 2010-05-18 04:46:18 111310 ----a-w- c:\windows\inf\perflib\0804\perfh.dat 2009-07-14 04:56:42 31548 ----a-w- c:\windows\inf\perflib\0409\perfd.dat 2009-07-14 04:56:42 31548 ----a-w- c:\windows\inf\perflib\0409\perfc.dat 2009-07-14 04:56:42 291294 ----a-w- c:\windows\inf\perflib\0409\perfi.dat 2009-07-14 04:56:42 291294 ----a-w- c:\windows\inf\perflib\0409\perfh.dat 2009-07-14 04:41:57 174 --sha-w- c:\program files\desktop.ini 2009-07-14 00:34:40 291294 ----a-w- c:\windows\inf\perflib\0000\perfi.dat 2009-07-14 00:34:40 291294 ----a-w- c:\windows\inf\perflib\0000\perfh.dat 2009-07-14 00:34:38 31548 ----a-w- c:\windows\inf\perflib\0000\perfd.dat 2009-07-14 00:34:38 31548 ----a-w- c:\windows\inf\perflib\0000\perfc.dat 2009-06-10 21:26:35 9633792 --sha-r- c:\windows\fonts\StaticCache.dat 2009-07-14 01:14:45 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe ============= FINISH: 15:03:12.37 =============== DDS (Ver_10-03-17.01) Microsoft Windows 7 Enterprise Boot Device: \Device\HarddiskVolume1 Install Date: 5/17/2010 7:48:13 PM System Uptime: 8/4/2010 2:20:55 PM (1 hours ago) Motherboard: TOSHIBA | | IAYAA Processor: Genuine Intel® CPU T2080 @ 1.73GHz | U1 | 1733/mhz ==== Disk Partitions ========================= C: is FIXED (NTFS) - 298 GiB total, 178.568 GiB free. D: is CDROM () ==== Disabled Device Manager Items ============= ==== System Restore Points =================== RP94: 8/2/2010 5:49:09 PM - Windows Update RP95: 8/2/2010 6:20:21 PM - Windows Update RP96: 8/2/2010 9:45:15 PM - Windows Update RP97: 8/2/2010 10:34:20 PM - Windows Update RP98: 8/3/2010 1:52:22 AM - Windows Update RP99: 8/3/2010 3:57:54 AM - Windows Update RP100: 8/3/2010 4:41:37 AM - Windows Update RP101: 8/3/2010 11:23:41 AM - Installed HiJackThis RP102: 8/4/2010 2:26:33 AM - Windows Update ==== Installed Programs ====================== µTorrent Acrobat.com Adobe AIR Adobe Community Help Adobe Flash Player 10 ActiveX Adobe Media Player Adobe Photoshop CS5 Adobe Reader 9.3.3 Advanced Video FX Engine AIM 7 AnyToISO Ask Toolbar Asynx Planetarium Version 2.61 ATC & Motiv Express CDBurnerXP Creative Live! Cam Notebook Pro Driver (1.02.06.0627) Download Updater (AOL LLC) DVD Decrypter (Remove Only) FlexiSTARTER FlexiSTARTER1 Free Audio CD Burner version 1.2 Free YouTube to MP3 Converter version 3.3 HiJackThis Java Auto Updater Java™ 6 Update 20 Logitech Gaming Software 5.08 Malwarebytes' Anti-Malware McAfee Agent McAfee VirusScan Enterprise MechWarrior 4 Mercenaries Microsoft .NET Framework 4 Client Profile Microsoft Antimalware Microsoft Application Error Reporting Microsoft Choice Guard Microsoft Flight Simulator 2004 A Century of Flight Microsoft IntelliPoint 7.1 Microsoft MechCommander 2 Microsoft Office 2007 Service Pack 2 (SP2) Microsoft Office Access MUI (English) 2007 Microsoft Office Access Setup Metadata MUI (English) 2007 Microsoft Office Enterprise 2007 Microsoft Office Excel MUI (English) 2007 Microsoft Office Groove MUI (English) 2007 Microsoft Office Groove Setup Metadata MUI (English) 2007 Microsoft Office InfoPath MUI (English) 2007 Microsoft Office OneNote MUI (English) 2007 Microsoft Office Outlook MUI (English) 2007 Microsoft Office PowerPoint MUI (English) 2007 Microsoft Office Proof (English) 2007 Microsoft Office Proof (French) 2007 Microsoft Office Proof (Spanish) 2007 Microsoft Office Proofing (English) 2007 Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) Microsoft Office Publisher MUI (English) 2007 Microsoft Office Shared MUI (English) 2007 Microsoft Office Shared Setup Metadata MUI (English) 2007 Microsoft Office Word MUI (English) 2007 Microsoft Security Essentials Microsoft Silverlight Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft_VC80_ATL_x86 Microsoft_VC80_CRT_x86 Microsoft_VC80_MFC_x86 Microsoft_VC80_MFCLOC_x86 Microsoft_VC90_ATL_x86 Microsoft_VC90_CRT_x86 Microsoft_VC90_MFC_x86 Movie Torrent MSVCRT NaTCH SigJenny v0.989 OGA Notifier 2.0.0048.0 PDF Settings CS5 RarZilla Free Unrar RealPlayer RealUpgrade 1.0 Security Update for 2007 Microsoft Office System (KB969559) Security Update for 2007 Microsoft Office System (KB976321) Security Update for 2007 Microsoft Office System (KB982312) Security Update for 2007 Microsoft Office System (KB982331) Security Update for Microsoft Office Access 2007 (KB979440) Security Update for Microsoft Office Excel 2007 (KB982308) Security Update for Microsoft Office InfoPath 2007 (KB979441) Security Update for Microsoft Office Outlook 2007 (KB980376) Security Update for Microsoft Office PowerPoint 2007 (KB982158) Security Update for Microsoft Office Publisher 2007 (KB982124) Security Update for Microsoft Office system 2007 (972581) Security Update for Microsoft Office system 2007 (KB969613) Security Update for Microsoft Office system 2007 (KB974234) Security Update for Microsoft Office Visio Viewer 2007 (KB973709) Security Update for Microsoft Office Word 2007 (KB982135) Sentinel Protection Installer 7.4.0 SignCut (remove only) Skype Toolbars Skype™ 4.2 Spybot - Search & Destroy Synaptics Pointing Device Driver Uninstall 1.0.0.1 Update for 2007 Microsoft Office System (KB967642) Update for Microsoft Office OneNote 2007 (KB980729) Update for Outlook 2007 Junk Email Filter (kb2202131) Vistool 6 Windows 7 Upgrade Advisor Windows Live Call Windows Live Communications Platform Windows Live Essentials Windows Live Messenger Windows Live Sign-in Assistant Windows Live Upload Tool Yahoo! Messenger Yahoo! Software Update Yahoo! Toolbar ==== Event Viewer Messages From Past Week ======== 8/3/2010 3:52:14 AM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start. 8/3/2010 2:06:10 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service MDM with arguments "" in order to run the server: {0C0A3666-30C9-11D0-8F20-00805F2CD064} 8/3/2010 2:06:09 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030} 8/3/2010 2:06:09 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39} 8/3/2010 2:06:07 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89} 8/3/2010 2:06:07 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E} 8/3/2010 2:06:06 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF} 8/3/2010 2:06:00 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC} 8/3/2010 2:05:45 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD CSC DfsC discache mfehidk mfetdik NetBIOS NetBT NetworkX nsiproxy Psched rdbss spldr tdx vwififlt Wanarpv6 WfpLwf 8/3/2010 2:05:45 AM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start. 8/3/2010 2:05:45 AM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning. 8/3/2010 2:05:45 AM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning. 8/3/2010 2:05:45 AM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start. 8/3/2010 2:05:45 AM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start. 8/3/2010 2:05:45 AM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning. 8/3/2010 2:05:45 AM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start. 8/3/2010 2:05:45 AM, Error: Service Control Manager [7001] - The McAfee Validation Trust Protection Service service depends on the McAfee Inc. mfehidk service which failed to start because of the following error: A device attached to the system is not functioning. 8/3/2010 2:05:45 AM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start. 8/3/2010 2:05:45 AM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning. 8/3/2010 2:05:45 AM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning. 8/2/2010 6:22:31 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft Office Access 2007 (KB979440). 8/2/2010 6:21:55 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2202131). 8/2/2010 6:21:20 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft Office Outlook 2007 (KB980376). 8/2/2010 11:57:28 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Windows 7 (KB2286198). 8/2/2010 10:46:24 PM, Error: Service Control Manager [7001] - The McAfee McShield service depends on the McAfee Validation Trust Protection Service service which failed to start because of the following error: The dependency service or group failed to start. 8/1/2010 10:31:01 AM, Error: ACPI [13] - : The embedded controller (EC) did not respond within the specified timeout period. This may indicate that there is an error in the EC hardware or firmware or that the BIOS is accessing the EC incorrectly. You should check with your computer manufacturer for an upgraded BIOS. In some situations, this error may cause the computer to function incorrectly. ==== End Of File ===========================

Attached Files

  • Attached File  gmer.txt   13.32KB   184 downloads

#4 CatByte

CatByte

    Classroom Administrator

  • Classroom Admin
  • 21,060 posts
  • MVP

Posted 04 August 2010 - 06:42 PM

Hi,

Please do the following:

Download Combofix from either of the links below, and save it to your desktop.

Link 1
Link 2



**Note: It is important that it is saved directly to your desktop**

--------------------------------------------------------------------
IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
--------------------------------------------------------------------

Double click on ComboFix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt for further review.

Microsoft MVP 2010, 2011, 2012, 2013, 2014, 2015

#5 dmocrsi

dmocrsi

    New Member

  • Authentic Member
  • Pip
  • 6 posts

Posted 04 August 2010 - 08:00 PM

ComboFix 10-08-04.04 - DmOcRsI 08/04/2010 17:54:36.1.2 - x86 Microsoft Windows 7 Enterprise 6.1.7600.0.1252.1.1033.18.1918.1168 [GMT -7:00] Running from: c:\users\DmOcRsI\Desktop\ComboFix.exe AV: McAfee VirusScan Enterprise *On-access scanning disabled* (Updated) {918A2B0B-2C60-4016-A4AB-E868DEABF7F0} SP: Spybot - Search and Destroy *disabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9} . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\programdata\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk c:\programdata\unrar.exe c:\users\DmOcRsI\AppData\Roaming\02000000790d216c973C.manifest c:\users\DmOcRsI\AppData\Roaming\02000000790d216c973O.manifest c:\users\DmOcRsI\AppData\Roaming\02000000790d216c973P.manifest c:\users\DmOcRsI\AppData\Roaming\02000000790d216c973S.manifest c:\users\DmOcRsI\AppData\Roaming\ECBD.tmp c:\windows\system32\wuauclt.exe . . . is infected!! c:\windows\system32\ctfmon.exe . . . is infected!! . ((((((((((((((((((((((((( Files Created from 2010-07-05 to 2010-08-05 ))))))))))))))))))))))))))))))) . 2010-08-05 01:46 . 2010-08-05 01:46 -------- d-----w- c:\users\Default\AppData\Local\temp 2010-08-04 09:25 . 2010-08-04 09:25 -------- d-----w- c:\program files\Microsoft Security Essentials 2010-08-03 18:24 . 2010-08-03 18:24 -------- d-----w- c:\program files\Trend Micro 2010-08-03 11:14 . 2010-08-04 21:26 684128 ----a-w- c:\windows\system32\perfh019.dat 2010-08-03 11:14 . 2010-08-04 21:26 132650 ----a-w- c:\windows\system32\perfc019.dat 2010-08-03 11:14 . 2010-08-03 11:12 39446 ----a-w- c:\windows\system32\perfd019.dat 2010-08-03 11:14 . 2010-08-03 11:12 336704 ----a-w- c:\windows\system32\perfi019.dat 2010-08-03 11:13 . 2010-08-03 11:13 -------- d-----w- c:\windows\system32\drivers\ru-RU 2010-08-03 11:13 . 2010-08-03 11:13 -------- d-----w- c:\windows\system32\ru 2010-08-03 11:13 . 2010-08-03 11:13 -------- d-----w- c:\windows\system32\Spool\prtprocs\w32x86\ru-RU 2010-08-03 11:13 . 2010-08-03 11:13 -------- d-----w- c:\windows\system32\wbem\ru-RU 2010-08-03 11:12 . 2010-08-03 11:12 -------- d-----w- c:\windows\ru-RU 2010-08-03 11:04 . 2010-08-03 11:04 -------- d-----w- c:\program files\Microsoft Silverlight 2010-08-03 10:57 . 2010-05-09 09:14 641536 ----a-w- c:\windows\system32\CPFilters.dll 2010-08-03 10:57 . 2010-05-09 09:14 417792 ----a-w- c:\windows\system32\msdri.dll 2010-08-03 10:57 . 2010-03-24 06:37 1286456 ----a-w- c:\windows\system32\ntdll.dll 2010-08-03 06:56 . 2010-08-03 06:56 -------- d-----w- c:\users\DmOcRsI\AppData\Roaming\Malwarebytes 2010-08-03 06:56 . 2010-04-29 22:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-08-03 06:56 . 2010-08-03 06:56 -------- d-----w- c:\programdata\Malwarebytes 2010-08-03 06:56 . 2010-08-03 06:56 -------- d-----w- c:\program files\Malwarebytes 2010-08-03 06:56 . 2010-04-29 22:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-08-03 06:07 . 2010-08-03 06:07 -------- d-----w- C:\VundoFix Backups 2010-08-02 23:33 . 2010-08-03 00:24 -------- d-----w- c:\programdata\Spybot - Search & Destroy 2010-08-02 23:33 . 2010-08-02 23:33 -------- d-----w- c:\program files\Spybot 2010-08-02 07:47 . 2010-08-02 07:47 324608 ----a-w- c:\windows\system32\CRPPresentation32.dll 2010-08-02 07:45 . 2010-08-02 07:45 -------- d-----w- c:\windows\system32\?0?? 2010-08-02 07:45 . 2010-08-02 07:45 -------- d-----w- c:\windows\system32\????0?? 2010-08-01 20:09 . 2010-08-01 20:09 324608 ----a-w- c:\windows\system32\Ati2evxx32.dll 2010-08-01 20:08 . 2010-08-04 12:37 -------- d-sh--w- c:\programdata\SysWoW32 2010-08-01 20:08 . 2010-08-01 20:08 324608 ----a-w- c:\windows\system32\AuthFWSnapin32.dll 2010-08-01 20:08 . 2010-08-01 20:08 207872 ----a-w- c:\windows\system32\authfwcfg32.dll 2010-08-01 18:49 . 2002-10-25 02:17 65536 ----a-w- c:\windows\system32\Crypserv.exe 2010-08-01 18:49 . 2002-10-25 02:17 29414 ----a-w- c:\windows\system32\Ckldrv.sys 2010-08-01 18:49 . 1999-06-18 21:49 165888 ----a-w- c:\windows\Ckconfig.exe 2010-08-01 18:49 . 1996-05-03 17:21 27648 ----a-r- c:\windows\Setup_ck.exe 2010-08-01 18:49 . 1996-05-03 15:36 18432 ----a-w- c:\windows\Setup_ck.dll 2010-08-01 18:49 . 1995-07-04 18:33 11776 ----a-w- c:\windows\Ckrfresh.exe 2010-08-01 18:49 . 2010-08-01 18:48 724992 ----a-w- c:\windows\iun6002.exe 2010-08-01 18:49 . 2010-08-01 18:49 -------- d-----w- c:\program files\VisTool6.1 2010-08-01 18:49 . 2010-08-01 18:49 -------- d-----w- C:\idapi 2010-07-29 10:21 . 2010-07-29 10:21 -------- d-----w- c:\program files\AnyToISO 2010-07-29 09:46 . 2010-07-29 09:46 -------- d-----w- c:\users\DmOcRsI\AppData\Local\Logitech 2010-07-29 03:10 . 2010-07-29 03:10 -------- d-----w- c:\program files\Common Files\Logitech 2010-07-29 03:10 . 2010-07-29 03:10 -------- d-----w- c:\program files\Logitech 2010-07-28 06:55 . 2010-08-02 11:55 -------- d-----w- c:\program files\SignCut 2010-07-28 06:55 . 2010-08-01 20:12 -------- d-----w- c:\users\DmOcRsI\AppData\Roaming\SignCut 2010-07-27 11:57 . 2010-07-27 11:57 -------- d-----w- c:\program files\DVD Decrypter 2010-07-27 11:34 . 2010-07-27 11:34 -------- d-----w- c:\users\DmOcRsI\AppData\Roaming\Canneverbe Limited 2010-07-27 11:34 . 2010-07-27 11:34 -------- d-----w- c:\programdata\Canneverbe Limited 2010-07-27 11:34 . 2009-11-12 21:48 7168 ----a-w- c:\windows\system32\drivers\StarOpen.sys 2010-07-27 11:34 . 2010-07-27 11:34 -------- d-----w- c:\program files\CDBurnerXP 2010-07-27 09:34 . 2010-07-27 09:34 -------- d-----w- c:\program files\Ask.com 2010-07-27 09:34 . 2010-07-27 09:34 -------- d-----w- c:\program files\uTorrent 2010-07-27 09:33 . 2010-08-02 20:03 -------- d-----w- c:\users\DmOcRsI\AppData\Roaming\uTorrent 2010-07-26 21:33 . 2010-07-26 21:33 56832 ------w- c:\windows\system32\iyvu9_32.dll 2010-07-26 21:33 . 2010-07-26 21:33 143872 ------w- c:\windows\system32\iacenc.dll 2010-07-26 21:29 . 2010-07-29 11:11 -------- d-----w- c:\windows\BBSTORE 2010-07-26 21:29 . 2010-07-26 21:29 -------- d-----w- c:\program files\The Learning Company 2010-07-26 21:29 . 1998-10-29 23:45 306688 ----a-w- c:\windows\IsUninst.exe 2010-07-26 20:40 . 2010-07-26 20:49 -------- d-----w- C:\DOSGames 2010-07-26 20:35 . 2010-07-26 20:35 -------- d-----w- c:\users\DmOcRsI\AppData\Local\DOSBox 2010-07-26 20:31 . 2010-07-26 20:31 -------- d-----w- c:\program files\DOSBox-0.74 2010-07-26 03:55 . 2010-07-26 03:55 -------- d-----w- c:\program files\Planetarium0261 2010-07-25 23:51 . 2010-07-26 20:32 -------- d-----w- c:\users\DmOcRsI\AppData\Roaming\inkscape 2010-07-25 23:36 . 2010-07-26 20:33 -------- d-----w- c:\program files\Inkscape 2010-07-21 03:20 . 2010-07-21 03:20 -------- d-----w- c:\program files\Microsoft IntelliPoint 2010-07-20 05:36 . 2010-07-29 18:10 -------- d-----w- c:\program files\Microsoft Games 2010-07-17 08:25 . 2010-07-17 08:25 -------- d-----w- c:\users\DmOcRsI\AppData\Local\Microsoft Corporation 2010-07-17 08:25 . 2010-07-17 08:25 -------- d-----w- c:\program files\Microsoft Windows 7 Upgrade Advisor 2010-07-16 09:38 . 2010-07-16 09:38 -------- d-----w- c:\program files\NaTCH 2010-07-16 09:38 . 2010-07-16 09:38 249856 ------w- c:\windows\Setup1.exe 2010-07-16 09:38 . 2010-07-16 09:38 73216 ----a-w- c:\windows\ST6UNST.EXE 2010-07-16 09:34 . 2010-07-16 09:34 -------- d-----w- c:\users\DmOcRsI\AppData\Local\Pico Technology 2010-07-16 09:07 . 2010-07-16 09:07 -------- d-----w- c:\users\DmOcRsI\AppData\Local\Downloaded Installations 2010-07-13 04:53 . 2009-12-08 11:32 292864 ----a-w- c:\windows\system32\apphelp.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-08-04 21:26 . 2010-05-18 05:17 99468 ----a-w- c:\windows\system32\prfc0404.dat 2010-08-04 21:26 . 2010-05-18 05:17 701624 ----a-w- c:\windows\system32\perfh00A.dat 2010-08-04 21:26 . 2010-05-18 05:17 386040 ----a-w- c:\windows\system32\prfh0404.dat 2010-08-04 21:26 . 2010-05-18 05:17 369938 ----a-w- c:\windows\system32\prfh0804.dat 2010-08-04 21:26 . 2010-05-18 05:17 137196 ----a-w- c:\windows\system32\perfc00A.dat 2010-08-04 21:26 . 2010-05-18 05:17 104382 ----a-w- c:\windows\system32\prfc0804.dat 2010-08-04 21:26 . 2010-05-18 05:17 396688 ----a-w- c:\windows\system32\perfh011.dat 2010-08-04 21:26 . 2010-05-18 05:17 106522 ----a-w- c:\windows\system32\perfc011.dat 2010-08-03 18:24 . 2010-08-03 18:24 388096 ----a-r- c:\users\DmOcRsI\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2010-08-03 11:13 . 2009-07-14 07:20 -------- d-----w- c:\program files\Windows Journal 2010-08-03 11:13 . 2009-07-14 04:52 -------- d-----w- c:\program files\Windows Sidebar 2010-08-03 11:13 . 2009-07-14 04:52 -------- d-----w- c:\program files\DVD Maker 2010-08-03 11:13 . 2009-07-14 02:37 -------- d-----w- c:\program files\Windows Mail 2010-08-03 11:13 . 2009-07-14 04:52 -------- d-----w- c:\program files\Windows Photo Viewer 2010-08-03 11:13 . 2009-07-14 04:52 -------- d-----w- c:\program files\Windows Defender 2010-08-03 11:12 . 2010-08-03 11:13 39446 ----a-w- c:\windows\inf\PERFLIB\0419\perfd.dat 2010-08-03 11:12 . 2010-08-03 11:13 39446 ----a-w- c:\windows\inf\PERFLIB\0419\perfc.dat 2010-08-03 11:12 . 2010-08-03 11:13 336704 ----a-w- c:\windows\inf\PERFLIB\0419\perfi.dat 2010-08-03 11:12 . 2010-08-03 11:13 336704 ----a-w- c:\windows\inf\PERFLIB\0419\perfh.dat 2010-08-03 11:00 . 2010-05-18 18:32 -------- d-----w- c:\program files\Microsoft.NET 2010-08-03 05:36 . 2010-05-18 18:28 -------- d-----w- c:\programdata\Microsoft Help 2010-08-02 22:11 . 2010-08-02 22:11 315392 ----a-w- c:\programdata\bthci32.dll 2010-08-02 22:11 . 2010-08-02 22:11 315392 ----a-w- c:\programdata\bthci32.dll 2010-08-02 11:01 . 2010-08-02 11:01 315392 ----a-w- c:\programdata\bitsperf32.dll 2010-08-02 11:01 . 2010-08-02 11:01 315392 ----a-w- c:\programdata\bitsperf32.dll 2010-08-02 10:58 . 2010-05-18 09:08 -------- d-----w- c:\users\DmOcRsI\AppData\Roaming\Skype 2010-08-02 07:50 . 2010-05-18 09:11 -------- d-----w- c:\users\DmOcRsI\AppData\Roaming\skypePM 2010-08-01 20:08 . 2010-08-01 20:08 313344 ----a-w- c:\programdata\bcrypt32.dll 2010-08-01 20:08 . 2010-08-01 20:08 313344 ----a-w- c:\programdata\bcrypt32.dll 2010-07-29 10:11 . 2010-05-18 05:55 113624 ----a-w- c:\users\DmOcRsI\AppData\Local\GDIPFONTCACHEV1.DAT 2010-07-27 13:06 . 2010-05-29 02:39 -------- d-----w- c:\users\DmOcRsI\AppData\Roaming\Movie Torrent 2010-07-26 20:32 . 2010-05-18 19:27 -------- d-----w- c:\program files\Common Files\InstallShield 2010-07-26 20:32 . 2010-05-18 20:21 -------- d--h--w- c:\program files\InstallShield Installation Information 2010-07-21 03:20 . 2010-07-21 03:20 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_point32k_01009.Wdf 2010-07-21 03:20 . 2010-07-21 03:20 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_NuidFltr_01005.Wdf 2010-07-04 02:28 . 2010-07-04 02:28 34 ----a-w- c:\windows\system32\BD7340.DAT 2010-07-01 10:31 . 2010-07-01 10:31 -------- d-----r- c:\users\DmOcRsI\AppData\Roaming\Brother 2010-06-24 02:41 . 2010-06-24 02:41 0 ----a-w- c:\windows\PowerReg.dat 2010-06-13 20:02 . 2010-06-13 20:01 -------- d-----w- c:\program files\MP3 Converter 2010-06-13 20:02 . 2010-06-13 20:02 -------- d-----w- c:\users\DmOcRsI\AppData\Roaming\DVDVideoSoftIEHelpers 2010-06-13 20:02 . 2010-06-13 20:01 -------- d-----w- c:\program files\Common Files\DVDVideoSoft 2010-06-13 20:01 . 2010-06-13 20:01 -------- d-----w- c:\program files\DVDVideoSoft 2010-06-10 23:01 . 2010-06-10 23:01 -------- d-----w- c:\program files\Creative 2010-06-10 22:06 . 2010-05-18 20:21 -------- d-----w- c:\program files\SAi 2010-06-01 17:37 . 2010-05-18 04:11 221568 ------w- c:\windows\system32\MpSigStub.exe 2010-05-31 04:33 . 2010-05-31 04:33 49152 ----a-w- c:\programdata\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\Components\nprpffbrowserrecordext.dll 2010-05-31 04:33 . 2010-05-31 04:33 45056 ----a-w- c:\programdata\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimwmp.dll 2010-05-31 04:33 . 2010-05-31 04:33 45056 ----a-w- c:\programdata\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimswf.dll 2010-05-31 04:33 . 2010-05-31 04:33 45056 ----a-w- c:\programdata\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimrp.dll 2010-05-31 04:33 . 2010-05-31 04:33 45056 ----a-w- c:\programdata\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimqt.dll 2010-05-31 04:33 . 2010-05-31 04:33 308808 ----a-w- c:\programdata\Real\RealPlayer\BrowserRecordPlugin\Common\rpmainbrowserrecordplugin.dll 2010-05-31 04:33 . 2010-05-31 04:33 14848 ----a-w- c:\programdata\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll 2010-05-31 04:33 . 2010-05-31 04:33 40960 ----a-w- c:\programdata\Real\RealPlayer\BrowserRecordPlugin\Chrome\Hook\rpchromebrowserrecordhelper.dll 2010-05-31 04:33 . 2010-05-31 04:33 341600 ----a-w- c:\programdata\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll 2010-05-29 02:39 . 2010-05-29 02:39 411368 ----a-w- c:\windows\system32\deployJava1.dll 2010-05-27 07:24 . 2010-06-11 01:52 34304 ----a-w- c:\windows\system32\atmlib.dll 2010-05-27 03:49 . 2010-06-11 01:52 293888 ----a-w- c:\windows\system32\atmfd.dll 2010-05-21 05:18 . 2010-06-11 01:59 977920 ----a-w- c:\windows\system32\wininet.dll 2010-05-18 09:11 . 2010-05-18 09:11 56 ---ha-w- c:\programdata\ezsidmv.dat 2010-05-18 06:05 . 2010-05-18 06:05 86016 ----a-w- c:\programdata\NOS\Adobe_Downloads\arh.exe 2010-05-18 05:14 . 2010-05-18 05:14 0 ----a-w- c:\windows\ativpsrm.bin 2010-05-18 05:05 . 2010-05-18 05:17 31548 ----a-w- c:\windows\system32\perfd011.dat 2010-05-18 05:05 . 2010-05-18 05:17 141988 ----a-w- c:\windows\system32\perfi011.dat 2010-05-18 05:05 . 2010-05-18 05:10 31548 ----a-w- c:\windows\inf\PERFLIB\0411\perfd.dat 2010-05-18 05:05 . 2010-05-18 05:10 31548 ----a-w- c:\windows\inf\PERFLIB\0411\perfc.dat 2010-05-18 05:05 . 2010-05-18 05:10 141988 ----a-w- c:\windows\inf\PERFLIB\0411\perfi.dat 2010-05-18 05:05 . 2010-05-18 05:10 141988 ----a-w- c:\windows\inf\PERFLIB\0411\perfh.dat 2010-05-18 04:57 . 2010-05-18 05:17 41390 ----a-w- c:\windows\system32\perfd00A.dat 2010-05-18 04:57 . 2010-05-18 05:17 341432 ----a-w- c:\windows\system32\perfi00A.dat 2010-05-18 04:57 . 2010-05-18 05:10 41390 ----a-w- c:\windows\inf\PERFLIB\0C0A\perfd.dat 2010-05-18 04:57 . 2010-05-18 05:10 41390 ----a-w- c:\windows\inf\PERFLIB\0C0A\perfc.dat 2010-05-18 04:57 . 2010-05-18 05:10 341432 ----a-w- c:\windows\inf\PERFLIB\0C0A\perfi.dat 2010-05-18 04:57 . 2010-05-18 05:10 341432 ----a-w- c:\windows\inf\PERFLIB\0C0A\perfh.dat 2010-05-18 04:50 . 2010-05-18 05:17 31548 ----a-w- c:\windows\system32\prfd0404.dat 2010-05-18 04:50 . 2010-05-18 05:17 117840 ----a-w- c:\windows\system32\prfi0404.dat 2010-05-18 04:50 . 2010-05-18 05:10 31548 ----a-w- c:\windows\inf\PERFLIB\0404\perfd.dat 2010-05-18 04:50 . 2010-05-18 05:10 31548 ----a-w- c:\windows\inf\PERFLIB\0404\perfc.dat 2010-05-18 04:50 . 2010-05-18 05:10 117840 ----a-w- c:\windows\inf\PERFLIB\0404\perfi.dat 2010-05-18 04:50 . 2010-05-18 05:10 117840 ----a-w- c:\windows\inf\PERFLIB\0404\perfh.dat 2010-05-18 04:46 . 2010-05-18 05:17 31548 ----a-w- c:\windows\system32\prfd0804.dat 2010-05-18 04:46 . 2010-05-18 05:17 111310 ----a-w- c:\windows\system32\prfi0804.dat 2010-05-18 04:46 . 2010-05-18 05:09 31548 ----a-w- c:\windows\inf\PERFLIB\0804\perfd.dat 2010-05-18 04:46 . 2010-05-18 05:09 31548 ----a-w- c:\windows\inf\PERFLIB\0804\perfc.dat 2010-05-18 04:46 . 2010-05-18 05:09 111310 ----a-w- c:\windows\inf\PERFLIB\0804\perfi.dat 2010-05-18 04:46 . 2010-05-18 05:09 111310 ----a-w- c:\windows\inf\PERFLIB\0804\perfh.dat 2009-06-10 21:26 . 2009-07-14 02:04 9633792 --sha-r- c:\windows\Fonts\StaticCache.dat 2009-07-14 01:14 . 2009-07-13 23:42 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{012D6E34-E653-4DBB-85CC-9B968F931AEb}] 2010-08-02 22:11 315392 ----a-w- c:\programdata\bthci32.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}] 2010-05-26 22:23 1385864 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-05-26 1385864] [HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1] [HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser] "{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-05-26 1385864] [HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1] [HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-06-20 1316136] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832] "McAfeeUpdaterUI"="c:\program files\McAfee\Common Framework\udaterui.exe" [2008-03-14 136512] "ShStatEXE"="c:\program files\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2008-09-29 124240] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040] "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-05-31 202256] "AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208] "SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096] "AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992] "V0250Mon.exe"="c:\windows\V0250Mon.exe" [2006-06-08 32768] "AVFX Engine"="c:\program files\Creative\Creative Live! Cam\VideoFX\StartFX.exe" [2006-06-09 24576] "V0250Cfg.exe"="V0250Cfg.exe" [2005-12-16 20480] "IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2009-11-12 1468256] "Start WingMan Profiler"="c:\program files\Logitech\Gaming Software\LWEMon.exe" [2009-09-17 153608] "MSSE"="c:\program files\Microsoft Security Essentials\msseces.exe" [2010-06-01 1093208] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "aux"=wdmaud.drv [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\McAfeeEngineService] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R3 BrSerIb;Brother MFC Serial Interface Driver(WDM);c:\windows\system32\DRIVERS\BrSerIb.sys [2009-07-14 265088] R3 BrUsbSIb;Brother MFC Serial USB Driver(WDM);c:\windows\system32\DRIVERS\BrUsbSIb.sys [2009-07-13 11904] R3 dc3d;MS Hardware Device Detection Driver (HID);c:\windows\system32\DRIVERS\dc3d.sys [2009-11-11 22384] R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2008-09-29 64432] R3 V0250Dev;Live! Cam Notebook Pro;c:\windows\system32\DRIVERS\V0250Dev.sys [2006-06-27 185504] R3 V0250Vfx;V0250Vfx;c:\windows\system32\DRIVERS\V0250Vfx.sys [2006-03-24 6272] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-05-18 1343400] R4 McAfeeEngineService;McAfee Engine Service;c:\program files\McAfee\VirusScan Enterprise\EngineServer.exe [2008-09-29 19456] R4 SAiAdmin;SAiAdmin;c:\windows\System32\SAiAdmin.exe [2007-08-27 65536] R4 SAiDownloaderVista;SAiDownloaderVista;c:\windows\System32\SAiDownloaderVista.exe [2007-09-11 77824] R4 SAiLicSvr;SAiLicSvr;c:\windows\system32\SAiLicSvr.exe [2007-12-19 86016] R4 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot\SDWinSec.exe [2009-01-26 1153368] R4 SentinelKeysServer;Sentinel Keys Server;c:\program files\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe [2007-04-27 316992] R4 SwitchBoard;Adobe SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128] S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2008-09-29 67904] S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2010-03-26 42368] S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.yahoo.com/ IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 IE: Free YouTube to Mp3 Converter - c:\users\DmOcRsI\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm . . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 "MSCurrentCountry"=dword:000000b5 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Other Running Processes ------------------------ . c:\program files\Microsoft Security Essentials\MsMpEng.exe c:\program files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe c:\windows\system32\taskhost.exe c:\windows\servicing\TrustedInstaller.exe c:\windows\system32\conhost.exe c:\program files\Synaptics\SynTP\SynToshiba.exe c:\program files\Synaptics\SynTP\SynTPHelper.exe c:\program files\Windows Media Player\wmpnetwk.exe c:\program files\McAfee\Common Framework\McTray.exe c:\windows\system32\sppsvc.exe . ************************************************************************** . Completion time: 2010-08-04 18:54:05 - machine was rebooted ComboFix-quarantined-files.txt 2010-08-05 01:54 Pre-Run: 190,428,860,416 bytes free Post-Run: 190,331,252,736 bytes free - - End Of File - - 81971586C70D325121E95FA5779489DA

#6 CatByte

CatByte

    Classroom Administrator

  • Classroom Admin
  • 21,060 posts
  • MVP

Posted 04 August 2010 - 08:47 PM

Hi

Please do the following:



  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below.
  • They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
Copy/paste the text inside the Codebox below into notepad:

Here's how to do that:
Click Start > Run type Notepad click OK.
This will open an empty notepad file:

Copy all the text inside of the code box - Press Ctrl+C (or right click on the highlighted section and choose 'copy')

RESTORE::
c:\windows\system32\wuauclt.exe 
c:\windows\system32\ctfmon.exe 

DirLook::
c:\windows\system32\?0??
c:\windows\system32\????0??

Now paste the copied text into the open notepad - press CTRL+V (or right click and choose 'paste')

Save this file to your desktop, Save this as "CFScript"

Here's how to do that:

1.Click File;
2.Click Save As... Change the directory to your desktop;
3.Change the Save as type to "All Files";
4.Type in the file name: CFScript
5.Click Save ...

Posted Image
  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you.
  • Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.

Microsoft MVP 2010, 2011, 2012, 2013, 2014, 2015

#7 dmocrsi

dmocrsi

    New Member

  • Authentic Member
  • Pip
  • 6 posts

Posted 04 August 2010 - 11:10 PM

ComboFix 10-08-04.04 - DmOcRsI 08/04/2010 21:51:38.2.2 - x86 Microsoft Windows 7 Enterprise 6.1.7600.0.1252.1.1033.18.1918.1237 [GMT -7:00] Running from: c:\users\DmOcRsI\Desktop\ComboFix.exe Command switches used :: c:\users\DmOcRsI\Desktop\CFScript.txt AV: McAfee VirusScan Enterprise *On-access scanning disabled* (Updated) {918A2B0B-2C60-4016-A4AB-E868DEABF7F0} SP: Spybot - Search and Destroy *disabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9} . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\programdata\SysWoW32 c:\programdata\SysWoW32\mu2116885578v4 c:\programdata\SysWoW32\mu2116885578v4.kwd c:\programdata\SysWoW32\mu2116885578v5 c:\programdata\SysWoW32\mu2116885578v5.kwd c:\programdata\SysWoW32\mu2116885578v6 c:\programdata\SysWoW32\mu2116885578v6.kwd c:\programdata\SysWoW32\mu2116885578v7 c:\programdata\SysWoW32\mu2116885578v7.kwd c:\programdata\SysWoW32\wu2116885578v0 c:\programdata\SysWoW32\wu2116885578v0.kwd c:\programdata\SysWoW32\wu2116885578v1.kwd c:\programdata\SysWoW32\wu2116885578v2.kwd c:\programdata\SysWoW32\wu2116885578v3.kwd c:\windows\system32\%appdata% Infected copy of c:\windows\system32\ctfmon.exe was found and disinfected Restored copy from - c:\windows\ERDNT\cache\ctfmon.exe Infected copy of c:\windows\system32\wuauclt.exe was found and disinfected Restored copy from - c:\windows\ERDNT\cache\wuauclt.exe . ((((((((((((((((((((((((( Files Created from 2010-07-05 to 2010-08-05 ))))))))))))))))))))))))))))))) . 2010-08-05 04:58 . 2010-08-05 04:58 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp 2010-08-05 04:58 . 2010-08-05 04:58 -------- d-----w- c:\users\Public\AppData\Local\temp 2010-08-05 04:58 . 2010-08-05 04:58 -------- d-----w- c:\users\Default\AppData\Local\temp 2010-08-04 09:25 . 2010-08-04 09:25 -------- d-----w- c:\program files\Microsoft Security Essentials 2010-08-03 18:24 . 2010-08-03 18:24 388096 ----a-r- c:\users\DmOcRsI\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2010-08-03 18:24 . 2010-08-03 18:24 -------- d-----w- c:\program files\Trend Micro 2010-08-03 11:14 . 2010-08-05 01:53 684128 ----a-w- c:\windows\system32\perfh019.dat 2010-08-03 11:14 . 2010-08-05 01:53 132650 ----a-w- c:\windows\system32\perfc019.dat 2010-08-03 11:14 . 2010-08-03 11:12 39446 ----a-w- c:\windows\system32\perfd019.dat 2010-08-03 11:14 . 2010-08-03 11:12 336704 ----a-w- c:\windows\system32\perfi019.dat 2010-08-03 11:13 . 2010-08-03 11:13 -------- d-----w- c:\windows\system32\drivers\ru-RU 2010-08-03 11:13 . 2010-08-03 11:13 -------- d-----w- c:\windows\system32\ru 2010-08-03 11:13 . 2010-08-03 11:13 -------- d-----w- c:\windows\system32\Spool\prtprocs\w32x86\ru-RU 2010-08-03 11:13 . 2010-08-03 11:13 -------- d-----w- c:\windows\system32\wbem\ru-RU 2010-08-03 11:12 . 2010-08-03 11:12 -------- d-----w- c:\windows\ru-RU 2010-08-03 11:04 . 2010-08-03 11:04 -------- d-----w- c:\program files\Microsoft Silverlight 2010-08-03 10:57 . 2010-05-09 09:14 641536 ----a-w- c:\windows\system32\CPFilters.dll 2010-08-03 10:57 . 2010-05-09 09:14 417792 ----a-w- c:\windows\system32\msdri.dll 2010-08-03 10:57 . 2010-03-24 06:37 1286456 ----a-w- c:\windows\system32\ntdll.dll 2010-08-03 06:56 . 2010-08-03 06:56 -------- d-----w- c:\users\DmOcRsI\AppData\Roaming\Malwarebytes 2010-08-03 06:56 . 2010-04-29 22:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-08-03 06:56 . 2010-08-03 06:56 -------- d-----w- c:\programdata\Malwarebytes 2010-08-03 06:56 . 2010-08-03 06:56 -------- d-----w- c:\program files\Malwarebytes 2010-08-03 06:56 . 2010-04-29 22:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-08-03 06:07 . 2010-08-03 06:07 -------- d-----w- C:\VundoFix Backups 2010-08-02 23:33 . 2010-08-03 00:24 -------- d-----w- c:\programdata\Spybot - Search & Destroy 2010-08-02 23:33 . 2010-08-02 23:33 -------- d-----w- c:\program files\Spybot 2010-08-02 22:11 . 2010-08-02 22:11 315392 ----a-w- c:\programdata\bthci32.dll 2010-08-02 11:01 . 2010-08-02 11:01 315392 ----a-w- c:\programdata\bitsperf32.dll 2010-08-02 07:47 . 2010-08-02 07:47 324608 ----a-w- c:\windows\system32\CRPPresentation32.dll 2010-08-02 07:45 . 2010-08-02 07:45 -------- d-----w- c:\windows\system32\?0?? 2010-08-02 07:45 . 2010-08-02 07:45 -------- d-----w- c:\windows\system32\????0?? 2010-08-01 20:09 . 2010-08-01 20:09 324608 ----a-w- c:\windows\system32\Ati2evxx32.dll 2010-08-01 20:08 . 2010-08-01 20:08 313344 ----a-w- c:\programdata\bcrypt32.dll 2010-08-01 20:08 . 2010-08-01 20:08 324608 ----a-w- c:\windows\system32\AuthFWSnapin32.dll 2010-08-01 20:08 . 2010-08-01 20:08 207872 ----a-w- c:\windows\system32\authfwcfg32.dll 2010-08-01 18:49 . 2002-10-25 02:17 65536 ----a-w- c:\windows\system32\Crypserv.exe 2010-08-01 18:49 . 2002-10-25 02:17 29414 ----a-w- c:\windows\system32\Ckldrv.sys 2010-08-01 18:49 . 1999-06-18 21:49 165888 ----a-w- c:\windows\Ckconfig.exe 2010-08-01 18:49 . 1996-05-03 17:21 27648 ----a-r- c:\windows\Setup_ck.exe 2010-08-01 18:49 . 1996-05-03 15:36 18432 ----a-w- c:\windows\Setup_ck.dll 2010-08-01 18:49 . 1995-07-04 18:33 11776 ----a-w- c:\windows\Ckrfresh.exe 2010-08-01 18:49 . 2010-08-01 18:48 724992 ----a-w- c:\windows\iun6002.exe 2010-08-01 18:49 . 2010-08-01 18:49 -------- d-----w- c:\program files\VisTool6.1 2010-08-01 18:49 . 2010-08-01 18:49 -------- d-----w- C:\idapi 2010-07-29 10:21 . 2010-07-29 10:21 -------- d-----w- c:\program files\AnyToISO 2010-07-29 09:46 . 2010-07-29 09:46 -------- d-----w- c:\users\DmOcRsI\AppData\Local\Logitech 2010-07-29 03:10 . 2010-07-29 03:10 -------- d-----w- c:\program files\Common Files\Logitech 2010-07-29 03:10 . 2010-07-29 03:10 -------- d-----w- c:\program files\Logitech 2010-07-28 06:55 . 2010-08-02 11:55 -------- d-----w- c:\program files\SignCut 2010-07-28 06:55 . 2010-08-01 20:12 -------- d-----w- c:\users\DmOcRsI\AppData\Roaming\SignCut 2010-07-27 11:57 . 2010-07-27 11:57 -------- d-----w- c:\program files\DVD Decrypter 2010-07-27 11:34 . 2010-07-27 11:34 -------- d-----w- c:\users\DmOcRsI\AppData\Roaming\Canneverbe Limited 2010-07-27 11:34 . 2010-07-27 11:34 -------- d-----w- c:\programdata\Canneverbe Limited 2010-07-27 11:34 . 2009-11-12 21:48 7168 ----a-w- c:\windows\system32\drivers\StarOpen.sys 2010-07-27 11:34 . 2010-07-27 11:34 -------- d-----w- c:\program files\CDBurnerXP 2010-07-27 09:34 . 2010-07-27 09:34 -------- d-----w- c:\program files\Ask.com 2010-07-27 09:34 . 2010-07-27 09:34 -------- d-----w- c:\program files\uTorrent 2010-07-27 09:33 . 2010-08-05 04:49 -------- d-----w- c:\users\DmOcRsI\AppData\Roaming\uTorrent 2010-07-26 21:33 . 2010-07-26 21:33 56832 ------w- c:\windows\system32\iyvu9_32.dll 2010-07-26 21:33 . 2010-07-26 21:33 143872 ------w- c:\windows\system32\iacenc.dll 2010-07-26 21:29 . 2010-07-29 11:11 -------- d-----w- c:\windows\BBSTORE 2010-07-26 21:29 . 2010-07-26 21:29 -------- d-----w- c:\program files\The Learning Company 2010-07-26 21:29 . 1998-10-29 23:45 306688 ----a-w- c:\windows\IsUninst.exe 2010-07-26 20:40 . 2010-07-26 20:49 -------- d-----w- C:\DOSGames 2010-07-26 20:35 . 2010-07-26 20:35 -------- d-----w- c:\users\DmOcRsI\AppData\Local\DOSBox 2010-07-26 20:31 . 2010-07-26 20:31 -------- d-----w- c:\program files\DOSBox-0.74 2010-07-26 03:55 . 2010-07-26 03:55 -------- d-----w- c:\program files\Planetarium0261 2010-07-25 23:51 . 2010-07-26 20:32 -------- d-----w- c:\users\DmOcRsI\AppData\Roaming\inkscape 2010-07-25 23:36 . 2010-07-26 20:33 -------- d-----w- c:\program files\Inkscape 2010-07-21 03:20 . 2010-07-21 03:20 -------- d-----w- c:\program files\Microsoft IntelliPoint 2010-07-20 05:36 . 2010-07-29 18:10 -------- d-----w- c:\program files\Microsoft Games 2010-07-17 08:25 . 2010-07-17 08:25 -------- d-----w- c:\users\DmOcRsI\AppData\Local\Microsoft Corporation 2010-07-17 08:25 . 2010-07-17 08:25 -------- d-----w- c:\program files\Microsoft Windows 7 Upgrade Advisor 2010-07-16 09:38 . 2010-07-16 09:38 -------- d-----w- c:\program files\NaTCH 2010-07-16 09:38 . 2010-07-16 09:38 249856 ------w- c:\windows\Setup1.exe 2010-07-16 09:38 . 2010-07-16 09:38 73216 ----a-w- c:\windows\ST6UNST.EXE 2010-07-16 09:34 . 2010-07-16 09:34 -------- d-----w- c:\users\DmOcRsI\AppData\Local\Pico Technology 2010-07-16 09:07 . 2010-07-16 09:07 -------- d-----w- c:\users\DmOcRsI\AppData\Local\Downloaded Installations 2010-07-13 04:53 . 2009-12-08 11:32 292864 ----a-w- c:\windows\system32\apphelp.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-08-05 01:53 . 2010-05-18 05:17 99468 ----a-w- c:\windows\system32\prfc0404.dat 2010-08-05 01:53 . 2010-05-18 05:17 386040 ----a-w- c:\windows\system32\prfh0404.dat 2010-08-05 01:53 . 2010-05-18 05:17 369938 ----a-w- c:\windows\system32\prfh0804.dat 2010-08-05 01:53 . 2010-05-18 05:17 104382 ----a-w- c:\windows\system32\prfc0804.dat 2010-08-05 01:53 . 2010-05-18 05:17 701624 ----a-w- c:\windows\system32\perfh00A.dat 2010-08-05 01:53 . 2010-05-18 05:17 137196 ----a-w- c:\windows\system32\perfc00A.dat 2010-08-05 01:53 . 2010-05-18 05:17 396688 ----a-w- c:\windows\system32\perfh011.dat 2010-08-05 01:53 . 2010-05-18 05:17 106522 ----a-w- c:\windows\system32\perfc011.dat 2010-08-03 11:13 . 2009-07-14 07:20 -------- d-----w- c:\program files\Windows Journal 2010-08-03 11:13 . 2009-07-14 04:52 -------- d-----w- c:\program files\Windows Sidebar 2010-08-03 11:13 . 2009-07-14 04:52 -------- d-----w- c:\program files\DVD Maker 2010-08-03 11:13 . 2009-07-14 02:37 -------- d-----w- c:\program files\Windows Mail 2010-08-03 11:13 . 2009-07-14 04:52 -------- d-----w- c:\program files\Windows Photo Viewer 2010-08-03 11:13 . 2009-07-14 04:52 -------- d-----w- c:\program files\Windows Defender 2010-08-03 11:12 . 2010-08-03 11:13 39446 ----a-w- c:\windows\inf\PERFLIB\0419\perfd.dat 2010-08-03 11:12 . 2010-08-03 11:13 39446 ----a-w- c:\windows\inf\PERFLIB\0419\perfc.dat 2010-08-03 11:12 . 2010-08-03 11:13 336704 ----a-w- c:\windows\inf\PERFLIB\0419\perfi.dat 2010-08-03 11:12 . 2010-08-03 11:13 336704 ----a-w- c:\windows\inf\PERFLIB\0419\perfh.dat 2010-08-03 11:00 . 2010-05-18 18:32 -------- d-----w- c:\program files\Microsoft.NET 2010-08-03 05:36 . 2010-05-18 18:28 -------- d-----w- c:\programdata\Microsoft Help 2010-08-02 10:58 . 2010-05-18 09:08 -------- d-----w- c:\users\DmOcRsI\AppData\Roaming\Skype 2010-08-02 07:50 . 2010-05-18 09:11 -------- d-----w- c:\users\DmOcRsI\AppData\Roaming\skypePM 2010-07-29 10:11 . 2010-05-18 05:55 113624 ----a-w- c:\users\DmOcRsI\AppData\Local\GDIPFONTCACHEV1.DAT 2010-07-27 13:06 . 2010-05-29 02:39 -------- d-----w- c:\users\DmOcRsI\AppData\Roaming\Movie Torrent 2010-07-26 20:32 . 2010-05-18 19:27 -------- d-----w- c:\program files\Common Files\InstallShield 2010-07-26 20:32 . 2010-05-18 20:21 -------- d--h--w- c:\program files\InstallShield Installation Information 2010-07-21 03:20 . 2010-07-21 03:20 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_point32k_01009.Wdf 2010-07-21 03:20 . 2010-07-21 03:20 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_NuidFltr_01005.Wdf 2010-07-04 02:28 . 2010-07-04 02:28 34 ----a-w- c:\windows\system32\BD7340.DAT 2010-07-01 10:31 . 2010-07-01 10:31 -------- d-----r- c:\users\DmOcRsI\AppData\Roaming\Brother 2010-06-24 02:41 . 2010-06-24 02:41 0 ----a-w- c:\windows\PowerReg.dat 2010-06-13 20:02 . 2010-06-13 20:01 -------- d-----w- c:\program files\MP3 Converter 2010-06-13 20:02 . 2010-06-13 20:02 -------- d-----w- c:\users\DmOcRsI\AppData\Roaming\DVDVideoSoftIEHelpers 2010-06-13 20:02 . 2010-06-13 20:01 -------- d-----w- c:\program files\Common Files\DVDVideoSoft 2010-06-13 20:01 . 2010-06-13 20:01 -------- d-----w- c:\program files\DVDVideoSoft 2010-06-10 23:01 . 2010-06-10 23:01 -------- d-----w- c:\program files\Creative 2010-06-10 22:06 . 2010-05-18 20:21 -------- d-----w- c:\program files\SAi 2010-06-01 17:37 . 2010-05-18 04:11 221568 ------w- c:\windows\system32\MpSigStub.exe 2010-05-31 04:33 . 2010-05-31 04:33 49152 ----a-w- c:\programdata\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\Components\nprpffbrowserrecordext.dll 2010-05-31 04:33 . 2010-05-31 04:33 45056 ----a-w- c:\programdata\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimwmp.dll 2010-05-31 04:33 . 2010-05-31 04:33 45056 ----a-w- c:\programdata\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimswf.dll 2010-05-31 04:33 . 2010-05-31 04:33 45056 ----a-w- c:\programdata\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimrp.dll 2010-05-31 04:33 . 2010-05-31 04:33 45056 ----a-w- c:\programdata\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimqt.dll 2010-05-31 04:33 . 2010-05-31 04:33 308808 ----a-w- c:\programdata\Real\RealPlayer\BrowserRecordPlugin\Common\rpmainbrowserrecordplugin.dll 2010-05-31 04:33 . 2010-05-31 04:33 14848 ----a-w- c:\programdata\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll 2010-05-31 04:33 . 2010-05-31 04:33 40960 ----a-w- c:\programdata\Real\RealPlayer\BrowserRecordPlugin\Chrome\Hook\rpchromebrowserrecordhelper.dll 2010-05-31 04:33 . 2010-05-31 04:33 341600 ----a-w- c:\programdata\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll 2010-05-29 02:39 . 2010-05-29 02:39 411368 ----a-w- c:\windows\system32\deployJava1.dll 2010-05-27 07:24 . 2010-06-11 01:52 34304 ----a-w- c:\windows\system32\atmlib.dll 2010-05-27 03:49 . 2010-06-11 01:52 293888 ----a-w- c:\windows\system32\atmfd.dll 2010-05-21 05:18 . 2010-06-11 01:59 977920 ----a-w- c:\windows\system32\wininet.dll 2010-05-18 09:11 . 2010-05-18 09:11 56 ---ha-w- c:\programdata\ezsidmv.dat 2010-05-18 06:05 . 2010-05-18 06:05 86016 ----a-w- c:\programdata\NOS\Adobe_Downloads\arh.exe 2010-05-18 05:14 . 2010-05-18 05:14 0 ----a-w- c:\windows\ativpsrm.bin 2010-05-18 05:05 . 2010-05-18 05:17 31548 ----a-w- c:\windows\system32\perfd011.dat 2010-05-18 05:05 . 2010-05-18 05:17 141988 ----a-w- c:\windows\system32\perfi011.dat 2010-05-18 05:05 . 2010-05-18 05:10 31548 ----a-w- c:\windows\inf\PERFLIB\0411\perfd.dat 2010-05-18 05:05 . 2010-05-18 05:10 31548 ----a-w- c:\windows\inf\PERFLIB\0411\perfc.dat 2010-05-18 05:05 . 2010-05-18 05:10 141988 ----a-w- c:\windows\inf\PERFLIB\0411\perfi.dat 2010-05-18 05:05 . 2010-05-18 05:10 141988 ----a-w- c:\windows\inf\PERFLIB\0411\perfh.dat 2010-05-18 04:57 . 2010-05-18 05:17 41390 ----a-w- c:\windows\system32\perfd00A.dat 2010-05-18 04:57 . 2010-05-18 05:17 341432 ----a-w- c:\windows\system32\perfi00A.dat 2010-05-18 04:57 . 2010-05-18 05:10 41390 ----a-w- c:\windows\inf\PERFLIB\0C0A\perfd.dat 2010-05-18 04:57 . 2010-05-18 05:10 41390 ----a-w- c:\windows\inf\PERFLIB\0C0A\perfc.dat 2010-05-18 04:57 . 2010-05-18 05:10 341432 ----a-w- c:\windows\inf\PERFLIB\0C0A\perfi.dat 2010-05-18 04:57 . 2010-05-18 05:10 341432 ----a-w- c:\windows\inf\PERFLIB\0C0A\perfh.dat 2010-05-18 04:50 . 2010-05-18 05:17 31548 ----a-w- c:\windows\system32\prfd0404.dat 2010-05-18 04:50 . 2010-05-18 05:17 117840 ----a-w- c:\windows\system32\prfi0404.dat 2010-05-18 04:50 . 2010-05-18 05:10 31548 ----a-w- c:\windows\inf\PERFLIB\0404\perfd.dat 2010-05-18 04:50 . 2010-05-18 05:10 31548 ----a-w- c:\windows\inf\PERFLIB\0404\perfc.dat 2010-05-18 04:50 . 2010-05-18 05:10 117840 ----a-w- c:\windows\inf\PERFLIB\0404\perfi.dat 2010-05-18 04:50 . 2010-05-18 05:10 117840 ----a-w- c:\windows\inf\PERFLIB\0404\perfh.dat 2010-05-18 04:46 . 2010-05-18 05:17 31548 ----a-w- c:\windows\system32\prfd0804.dat 2010-05-18 04:46 . 2010-05-18 05:17 111310 ----a-w- c:\windows\system32\prfi0804.dat 2010-05-18 04:46 . 2010-05-18 05:09 31548 ----a-w- c:\windows\inf\PERFLIB\0804\perfd.dat 2010-05-18 04:46 . 2010-05-18 05:09 31548 ----a-w- c:\windows\inf\PERFLIB\0804\perfc.dat 2010-05-18 04:46 . 2010-05-18 05:09 111310 ----a-w- c:\windows\inf\PERFLIB\0804\perfi.dat 2010-05-18 04:46 . 2010-05-18 05:09 111310 ----a-w- c:\windows\inf\PERFLIB\0804\perfh.dat 2009-06-10 21:26 . 2009-07-14 02:04 9633792 --sha-r- c:\windows\Fonts\StaticCache.dat 2009-07-14 01:14 . 2009-07-13 23:42 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe . (((((((((((((((((((((((((((((((((((((((((((( Look ))))))))))))))))))))))))))))))))))))))))))))))))))))))))) . ---- Directory of c:\windows\system32\????0?? ---- ---- Directory of c:\windows\system32\?0?? ---- ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{012D6E34-E653-4DBB-85CC-9B968F931AEb}] 2010-08-02 22:11 315392 ----a-w- c:\programdata\bthci32.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}] 2010-05-26 22:23 1385864 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-05-26 1385864] [HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1] [HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser] "{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-05-26 1385864] [HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1] [HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-06-20 1316136] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832] "McAfeeUpdaterUI"="c:\program files\McAfee\Common Framework\udaterui.exe" [2008-03-14 136512] "ShStatEXE"="c:\program files\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2008-09-29 124240] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040] "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-05-31 202256] "AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208] "SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096] "AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992] "V0250Mon.exe"="c:\windows\V0250Mon.exe" [2006-06-08 32768] "AVFX Engine"="c:\program files\Creative\Creative Live! Cam\VideoFX\StartFX.exe" [2006-06-09 24576] "V0250Cfg.exe"="V0250Cfg.exe" [2005-12-16 20480] "IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2009-11-12 1468256] "Start WingMan Profiler"="c:\program files\Logitech\Gaming Software\LWEMon.exe" [2009-09-17 153608] "MSSE"="c:\program files\Microsoft Security Essentials\msseces.exe" [2010-06-01 1093208] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "aux"=wdmaud.drv [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\McAfeeEngineService] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R3 BrSerIb;Brother MFC Serial Interface Driver(WDM);c:\windows\system32\DRIVERS\BrSerIb.sys [2009-07-14 265088] R3 BrUsbSIb;Brother MFC Serial USB Driver(WDM);c:\windows\system32\DRIVERS\BrUsbSIb.sys [2009-07-13 11904] R3 dc3d;MS Hardware Device Detection Driver (HID);c:\windows\system32\DRIVERS\dc3d.sys [2009-11-11 22384] R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2008-09-29 64432] R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2010-03-26 42368] R3 V0250Dev;Live! Cam Notebook Pro;c:\windows\system32\DRIVERS\V0250Dev.sys [2006-06-27 185504] R3 V0250Vfx;V0250Vfx;c:\windows\system32\DRIVERS\V0250Vfx.sys [2006-03-24 6272] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-05-18 1343400] R4 McAfeeEngineService;McAfee Engine Service;c:\program files\McAfee\VirusScan Enterprise\EngineServer.exe [2008-09-29 19456] R4 SAiAdmin;SAiAdmin;c:\windows\System32\SAiAdmin.exe [2007-08-27 65536] R4 SAiDownloaderVista;SAiDownloaderVista;c:\windows\System32\SAiDownloaderVista.exe [2007-09-11 77824] R4 SAiLicSvr;SAiLicSvr;c:\windows\system32\SAiLicSvr.exe [2007-12-19 86016] R4 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot\SDWinSec.exe [2009-01-26 1153368] R4 SentinelKeysServer;Sentinel Keys Server;c:\program files\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe [2007-04-27 316992] R4 SwitchBoard;Adobe SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128] S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2008-09-29 67904] S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.yahoo.com/ IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 IE: Free YouTube to Mp3 Converter - c:\users\DmOcRsI\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm . . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 "MSCurrentCountry"=dword:000000b5 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Other Running Processes ------------------------ . c:\program files\Microsoft Security Essentials\MsMpEng.exe c:\program files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe c:\windows\servicing\TrustedInstaller.exe c:\windows\system32\taskhost.exe c:\windows\system32\conhost.exe c:\program files\Synaptics\SynTP\SynToshiba.exe c:\program files\Synaptics\SynTP\SynTPHelper.exe c:\program files\Windows Media Player\wmpnetwk.exe c:\program files\McAfee\Common Framework\McTray.exe . ************************************************************************** . Completion time: 2010-08-04 22:07:47 - machine was rebooted ComboFix-quarantined-files.txt 2010-08-05 05:07 ComboFix2.txt 2010-08-05 01:54 Pre-Run: 189,317,832,704 bytes free Post-Run: 189,324,161,024 bytes free - - End Of File - - 0BA319DA8886145BF19EAD260C022679

#8 CatByte

CatByte

    Classroom Administrator

  • Classroom Admin
  • 21,060 posts
  • MVP

Posted 05 August 2010 - 06:30 AM

Hi

Please do the following:

  • Please open your MalwareBytes AntiMalware Program
  • Click the Update Tab and search for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected. <-- very important
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note:If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.



NEXT

**Vista users - right click on the IE icon and run as administrator

Run an on-line scan with Kaspersky

Using Internet Explorer or Firefox, visit Kaspersky On-line Scanner

1. Click Accept, when prompted to download and install the program files and database of malware definitions.
2. To optimize scanning time and produce a more sensible report for review:
  • Close any open programs
  • Turn off the real time scanner of any existing antivirus program while performing the online scan
3. Click Run at the Security prompt.
The program will then begin downloading and installing and will also update the database.
Please be patient as this can take several minutes.
  • Once the update is complete, click on My Computer under the green Scan bar to the left to start the scan.
  • Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
  • Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.
  • Click View scan report at the bottom.

    Posted Image
  • Click the Save as Text button to save the file to your desktop so that you may post it in your next reply

Microsoft MVP 2010, 2011, 2012, 2013, 2014, 2015

#9 dmocrsi

dmocrsi

    New Member

  • Authentic Member
  • Pip
  • 6 posts

Posted 06 August 2010 - 12:45 AM

Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Database version: 4395 Windows 6.1.7600 Internet Explorer 8.0.7600.16385 8/5/2010 1:23:05 PM mbam-log-2010-08-05 (13-23-05).txt Scan type: Quick scan Objects scanned: 134001 Time elapsed: 6 minute(s), 56 second(s) Memory Processes Infected: 0 Memory Modules Infected: 1 Registry Keys Infected: 4 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 7 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: C:\ProgramData\bthci32.dll (Trojan.Tracur) -> Delete on reboot. Registry Keys Infected: HKEY_CLASSES_ROOT\CLSID\{012d6e34-e653-4dbb-85cc-9b968f931aeb} (Trojan.Tracur) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{012d6e34-e653-4dbb-85cc-9b968f931aeb} (Trojan.Tracur) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{012d6e34-e653-4dbb-85cc-9b968f931aeb} (Trojan.Tracur) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{012d6e34-e653-4dbb-85cc-9b968f931aeb} (Trojan.Tracur) -> Quarantined and deleted successfully. Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: C:\ProgramData\bthci32.dll (Trojan.Tracur) -> Delete on reboot. C:\ProgramData\bcrypt32.dll (Trojan.Tracur) -> Quarantined and deleted successfully. C:\ProgramData\bitsperf32.dll (Trojan.Tracur) -> Quarantined and deleted successfully. C:\Windows\System32\Ati2evxx32.dll (Trojan.Tracur) -> Quarantined and deleted successfully. C:\Windows\System32\authfwcfg32.dll (Trojan.Tracur) -> Quarantined and deleted successfully. C:\Windows\System32\AuthFWSnapin32.dll (Trojan.Tracur) -> Quarantined and deleted successfully. C:\Windows\System32\CRPPresentation32.dll (Trojan.Tracur) -> Quarantined and deleted successfully. KASPERSKY ONLINE SCANNER 7.0: scan report Thursday, August 5, 2010 Operating system: Microsoft Professional (build 7600) Kaspersky Online Scanner version: 7.0.26.13 Last database update: Thursday, August 05, 2010 14:32:50 Records in database: 4144846 -------------------------------------------------------------------------------- Scan settings: scan using the following database: extended Scan archives: yes Scan e-mail databases: yes Scan area - My Computer: C:\ D:\ Scan statistics: Objects scanned: 205428 Threats found: 4 Infected objects found: 4 Suspicious objects found: 0 Scan duration: 03:15:38 File name / Threat / Threats count C:\Qoobox\Quarantine\C\ProgramData\SysWoW32\mu2116885578v4.vir Infected: Exploit.Win32.QuickLoad.b 1 C:\Users\DmOcRsI\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\16\7964b810-2c946166 Infected: Trojan-Downloader.Java.Agent.ft 1 C:\Users\DmOcRsI\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\16\7964b810-2c946166 Infected: Trojan-Downloader.Java.Agent.fu 1 C:\Users\DmOcRsI\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\16\7964b810-2c946166 Infected: Trojan-Downloader.Java.Agent.fv 1 Selected area has been scanned.

#10 CatByte

CatByte

    Classroom Administrator

  • Classroom Admin
  • 21,060 posts
  • MVP

Posted 06 August 2010 - 06:45 AM

Hi,

we just need to delete your Java cache, then we have some housekeeping to do:

Posted Image Your Java is out of date.
Java™ 6 Update 20 can be updated from the Java control panel Start > Control Panel (Classic View) > Java (looks like a coffee cup) > Update Tab > Update Now.
An update should begin; > follow the prompts.


Clear Sun Jave cache

Go into the Control Panel and double-click the Java Icon. (looks like a coffee cup) If you do not see the icon, look to your left and click 'Switch to Classic View'.
  • On the General tab, under Temporary Internet Files, click the Settings button.
  • Next, click on the Delete Files button
  • There are two options in the window to clear the cache - Leave BOTH Checked
    • Applications and Applets
      Trace and Log Files
  • Click OK on Delete Temporary Files Window
    Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.
  • Click OK to leave the Temporary Files Window
  • Click OK to leave the Java Control Panel.


NEXT

You can delete the MBRCheck, DDS and GMER logs and programs from your desktop.


NEXT

Follow these steps to uninstall Combofix

  • Make sure your security programs are totally disabled.
  • Click START then RUN
  • Now copy/paste Combofix /uninstall into the runbox and click OK. Note the space between the ..X and the /U, it needs to be there.

Posted Image


If there are any logs/tools remaining > right click and delete them.


NEXT


Below I have included a number of recommendations for how to protect your computer against malware infections.

  • It is good security practice to change your passwords to all your online accounts on a fairly regular basis, this is especially true after an infection. Refer to this Microsoft article
    Strong passwords: How to create and use them     Then consider a password keeper, to keep all your passwords safe.

  • Keep Windows updated by regularly checking their website at :
    http://windowsupdate.microsoft.com/
    This will ensure your computer has always the latest security updates available installed on your computer.

  • Make Internet Explorer more secure
    • Click Start > Run
    • Type Inetcpl.cpl & click OK
    • Click on the Security tab
    • Click Reset all zones to default level
    • Make sure the Internet Zone is selected & Click Custom level
    • In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".
    • Next Click OK, then Apply button and then OK to exit the Internet Properties page.

  • Download TFC to your desktop
    • Close any open windows.
    • Double click the TFC icon to run the program
    • TFC will close all open programs itself in order to run,
    • Click the Start button to begin the process.
    • Allow TFC to run uninterrupted.
    • The program should not take long to finish it's job
    • Once its finished it should automatically reboot your machine,
    • if it doesn't, manually reboot to ensure a complete clean
    It's normal after running TFC cleaner that the PC will be slower to boot the first time.

  • WOT, Web of Trust, warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:
    • Green to go
    • Yellow for caution
    • Red to stop
    WOT has an addon available for both Firefox and IE

  • Keep a backup of your important files - Now, more than ever, it's especially important to protect your digital files and memories. This article is full of good information on alternatives for home backup solutions.

  • ERUNT (Emergency Recovery Utility NT) allows you to keep a complete backup of your registry and restore it when needed. The standard registry backup options that come with Windows back up most of the registry but not all of it. ERUNT however creates a complete backup set, including the Security hive and user related sections. ERUNT is easy to use and since it creates a full backup, there are no options or choices other than to select the location of the backup files. The backup set includes a small executable that will launch the registry restore if needed.

  • In light of your recent issue, I'm sure you'd like to avoid any future infections. Please take a look at these well written articles:
    Think Prevention.
    PC Safety and Security--What Do I Need?.


**Be very wary with any security software that is advertised in popups or in other ways. They are not only usually of no use, but often have malware in them.


Thank you for your patience, and performing all of the procedures requested.

Please respond one last time so we can consider the thread resolved and close it, thank-you.

Microsoft MVP 2010, 2011, 2012, 2013, 2014, 2015

#11 dmocrsi

dmocrsi

    New Member

  • Authentic Member
  • Pip
  • 6 posts

Posted 06 August 2010 - 03:00 PM

I don't think over this machine I can communicate my thoughts and gratitude for your time. For over a year now I've been unemployed and my job-hunt is based around my access to the internet and my email, and knowing I was infected made it so that I'd be too scared to sign on. So know that you've effected my life in more than just helping someone fix a Gaming Computer, but as my lifeline to hopefully getting my life back on track. I know that you dedicate your time selflessly in that you're volunteering... so please accept my thanks and my gratitude. Your years of knowledge and experience have, I believe, helped make a difference in many peoples day-to-day lives as you are the front-line to combat these insane viruses and programs that are developed to infect our lives and steal our identities. So thank you... a million times over, thank you. Very Sincerely and Respectfully, -Steve J.

#12 CatByte

CatByte

    Classroom Administrator

  • Classroom Admin
  • 21,060 posts
  • MVP

Posted 06 August 2010 - 03:13 PM

I really appreciate your thanks, it means a lot to me and is the reason I keep doing this, I truly hope good things happen for you, things WILL turn around, keep a positive attitude and don't give up. Good luck :)

Microsoft MVP 2010, 2011, 2012, 2013, 2014, 2015

#13 CatByte

CatByte

    Classroom Administrator

  • Classroom Admin
  • 21,060 posts
  • MVP

Posted 10 August 2010 - 12:49 PM

Since this issue appears to be resolved ... this Topic has been closed. Glad we could be of assistance.

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please follow the instructions here http://forums.whatth...ed_t106388.html
and start a New Topic.

Microsoft MVP 2010, 2011, 2012, 2013, 2014, 2015

Related Topics

Back to Virus, Spyware & Malware Removal · Next Unread Topic →

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. What the Tech
  2. Spyware / Malware / Virus Removal
  3. Virus, Spyware & Malware Removal
  4. Privacy Policy
  5. Terms of Use ·