Jump to content


 

Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Audio Ad virus

Started by BrAcK6 , Nov 27 2011 01:18 AM

  • This topic is locked This topic is locked
3 replies to this topic

#1 BrAcK6

BrAcK6

    New Member

  • Members
  • Pip
  • 2 posts

Posted 27 November 2011 - 01:18 AM

This is my original topic: http://www.bleepingcomputer.com/forums/topic429484.html


And here are my logs for DDS... GMER wont run without crashing or taking forever, tried that yesterday... Anyway this is some sort of Rootkit?

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.19154
Run by Owner at 22:09:57 on 2011-11-26
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2038.1017 [GMT -8:00]
.
AV: Trend Micro AntiVirus *Disabled/Outdated* {48929DFC-7A52-A34F-8351-C4DBEDBD9C50}
SP: Trend Micro AntiVirus *Disabled/Outdated* {F3F37C18-5C68-ACC1-B9E1-FFA9963AD6ED}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Toshiba\Power Saver\TPwrMain.exe
C:\Program Files\Toshiba\SmoothView\SmoothView.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Toshiba\FlashCards\TCrdMain.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\ItSecMng.exe
C:\Program Files\Belkin\Router Setup and Monitor\BelkinService.exe
C:\Windows\system32\agrsmsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Windows\system32\FsUsbExService.Exe
C:\Program Files\iWin Games\iWinGamesInstaller.exe
C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Windows\system32\java.exe
C:\Toshiba\IVP\ISM\pinger.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\Windows\system32\svchost.exe -k imgsvc
c:\Toshiba\IVP\swupdate\swupdtmr.exe
C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
C:\Windows\system32\TODDSrv.exe
C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
C:\Program Files\Toshiba\Utilities\KeNotify.exe
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\EmbarqVALite\EMBARQHelpHelper.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
C:\Program Files\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Razer\razerhid.exe
C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
C:\Program Files\Microsoft Office2\Office\FINDFAST.EXE
C:\Program Files\Microsoft Office2\Office\OSA.EXE
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Belkin\Router Setup and Monitor\BelkinSetup.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Razer\razerofa.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\wuauclt.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Ventrilo\Ventrilo.exe
C:\Windows\system32\S6ovG.com
C:\Windows\system32\S6ovG.com
C:\Windows\system32\S6ovG.com
C:\Windows\system32\S6ovG.com
C:\Windows\system32\S6OVG~1.COM
C:\Windows\system32\S6ovG.com
C:\Windows\system32\S6OVG~1.COM
C:\Windows\system32\S6ovG.com
C:\Windows\system32\S6OVG~1.COM
C:\Windows\system32\S6OVG~1.COM
C:\Windows\system32\S6ovG.com
C:\Windows\system32\S6ovG.com
C:\Windows\system32\S6OVG~1.COM
C:\Windows\system32\S6ovG.com
C:\Windows\system32\S6ovG.com
C:\Windows\system32\S6OVG~1.COM
C:\Windows\system32\S6ovG.com
C:\Windows\system32\S6ovG.com
C:\Windows\system32\S6ovG.com
C:\Windows\system32\S6ovG.com
C:\Windows\system32\S6ovG.com
C:\Windows\system32\S6ovG.com
C:\Windows\system32\S6ovG.com
C:\Windows\system32\S6ovG.com
C:\Windows\system32\S6ovG.com
C:\Windows\system32\S6ovG.com
C:\Windows\system32\S6ovG.com
C:\Windows\system32\S6ovG.com
C:\Windows\system32\S6ovG.com
C:\Windows\system32\S6ovG.com
C:\Windows\system32\S6ovG.com
C:\Windows\system32\S6ovG.com
C:\Windows\system32\S6ovG.com
C:\Windows\system32\S6ovG.com
C:\Windows\system32\S6ovG.com
C:\Windows\system32\S6ovG.com
C:\Windows\system32\S6ovG.com
C:\Windows\system32\S6ovG.com
C:\Windows\system32\S6ovG.com
C:\Windows\system32\S6ovG.com
C:\Windows\system32\S6ovG.com
C:\Windows\system32\S6ovG.com
C:\Windows\system32\S6ovG.com
C:\Windows\system32\S6OVG~1.COM
C:\Windows\system32\S6ovG.com
C:\Windows\system32\S6ovG.com
C:\Windows\system32\S6ovG.com
C:\Windows\system32\S6OVG~1.COM
C:\Windows\system32\S6OVG~1.COM
C:\Windows\system32\S6ovG.com
C:\Windows\system32\S6ovG.com
C:\Windows\system32\S6ovG.com
C:\Windows\system32\S6ovG.com
C:\Windows\system32\S6ovG.com
C:\Windows\system32\S6ovG.com
C:\Windows\system32\S6ovG.com
C:\Windows\system32\S6ovG.com
C:\Windows\system32\S6ovG.com
C:\Windows\system32\S6ovG.com
C:\Windows\system32\S6OVG~1.COM
C:\Windows\system32\S6OVG~1.COM
C:\Windows\system32\S6ovG.com
C:\Windows\system32\S6OVG~1.COM
C:\Windows\system32\S6OVG~1.COM
C:\Windows\system32\S6ovG.com
C:\Windows\system32\S6OVG~1.COM
C:\Windows\system32\S6ovG.com
C:\Windows\system32\S6ovG.com
C:\Windows\system32\S6ovG.com
C:\Windows\system32\S6ovG.com
C:\Windows\system32\S6ovG.com
C:\Windows\system32\S6ovG.com
C:\Windows\system32\S6ovG.com
C:\Windows\system32\S6ovG.com
C:\Windows\system32\S6ovG.com
C:\Windows\system32\S6ovG.com
C:\Windows\system32\S6ovG.com
C:\Windows\system32\S6ovG.com
C:\Windows\system32\S6OVG~1.COM
C:\Windows\system32\S6OVG~1.COM
C:\Windows\system32\S6ovG.com
C:\Windows\system32\S6ovG.com
C:\Windows\system32\S6ovG.com
C:\Windows\system32\S6ovG.com
C:\Windows\system32\S6ovG.com
C:\Windows\system32\S6ovG.com
C:\Windows\system32\S6ovG.com
C:\Windows\system32\S6ovG.com
C:\Windows\system32\S6OVG~1.COM
C:\Windows\system32\S6OVG~1.COM
C:\Windows\system32\S6ovG.com
C:\Windows\system32\S6ovG.com
C:\Windows\system32\S6ovG.com
C:\Windows\system32\S6ovG.com
C:\Windows\system32\S6ovG.com
C:\Windows\system32\S6ovG.com
C:\Windows\system32\S6ovG.com
C:\Windows\system32\S6ovG.com
C:\Windows\system32\S6OVG~1.COM
C:\Windows\system32\S6ovG.com
C:\Windows\system32\S6ovG.com
C:\Windows\system32\S6ovG.com
C:\Windows\system32\S6OVG~1.COM
C:\Windows\system32\S6ovG.com
C:\Windows\system32\S6ovG.com
C:\Windows\system32\S6ovG.com
C:\Windows\system32\S6ovG.com
C:\Windows\system32\S6ovG.com
C:\Windows\system32\S6ovG.com
C:\Windows\system32\S6ovG.com
C:\Windows\system32\S6OVG~1.COM
C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\S6ovG.com
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\S6ovG.com
C:\Windows\system32\S6ovG.com
C:\Windows\system32\S6ovG.com
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\S6ovG.com
C:\Windows\system32\S6OVG~1.COM
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\S6ovG.com
.
============== Pseudo HJT Report ===============
.
uSearch Page = hxxp://www.google.com
uStart Page = hxxp://www.google.com/
uSearch Bar = Preserve
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
mURLSearchHooks: YTNavAssist.YTNavAssistPlugin Class: {81017ea9-9aa8-4a6a-9734-7af40e7d593f} - c:\program files\yahoo!\companion\installs\cpn0\YTNavAssist.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: {1FD79A59-37B1-459B-9097-09F9FAB8A523} - No File
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_03\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.6406.1642\swg.dll
BHO: Yontoo Layers: {fd72061e-9fde-484d-a58a-0bab4151cad8} - c:\program files\yontoo layers client\YontooIEClient.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn0\YTSingleInstance.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: {9565115D-C7D6-46D3-BD63-B67B481A4368} - No File
uRun: [TOSCDSPD] TOSCDSPD.EXE
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [Messenger (Yahoo!)] "c:\program files\yahoo!\messenger\YahooMessenger.exe" -quiet
uRun: [AutoStartNPSAgent] c:\program files\samsung\samsung new pc studio\NPSAgent.exe
uRun: [AlcoholAutomount] "c:\program files\alcohol soft\alcohol 120\AxAutoMntSrv.exe" -automount
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [Facebook Update] "c:\users\owner\appdata\local\facebook\update\FacebookUpdate.exe" /c /nocrashserver
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [TPwrMain] "c:\program files\toshiba\power saver\TPwrMain.EXE"
mRun: [SmoothView] "c:\program files\toshiba\smoothview\SmoothView.exe"
mRun: [00TCrdMain] "c:\program files\toshiba\flashcards\TCrdMain.exe"
mRun: [Apoint] "c:\program files\apoint2k\Apoint.exe"
mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide
mRun: [ITSecMng] "c:\program files\toshiba\bluetooth toshiba stack\ItSecMng.exe" /START
mRun: [HWSetup] \HWSetup.exe hwSetUP
mRun: [SVPWUTIL] "c:\program files\toshiba\utilities\SVPWUTIL.exe" SVPwUTIL
mRun: [KeNotify] "c:\program files\toshiba\utilities\KeNotify.exe"
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [UfSeAgnt.exe] "c:\program files\trend micro\internet security\UfSeAgnt.exe"
mRun: [EmbarqVALite_McciTrayApp] c:\program files\embarqvalite\EMBARQHelpHelper.exe
mRun: [Skytel] Skytel.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [nmctxth] "c:\program files\common files\pure networks shared\platform\nmctxth.exe"
mRun: [NPSStartup]
mRun: [InstaLAN] "c:\program files\belkin\router setup and monitor\BelkinRouterMonitor.exe" startup
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRun: [razer] c:\program files\razer\razerhid.exe
dRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil10w_ActiveX.exe -update activex
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\2.0.181\SSScheduler.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\micros~2.lnk - c:\program files\microsoft office2\office\FINDFAST.EXE
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office2\office\MSOFFICE.EXE
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\office~1.lnk - c:\program files\microsoft office2\office\OSA.EXE
uPolicies-explorer: NoDesktopCleanupWizard = 1 (0x1)
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_03\bin\ssv.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
LSP: mswsock.dll
Trusted Zone: curse.com\www
DPF: {2E28242B-A689-11D4-80F2-0040266CBB8D} - hxxp://cam74444.miemasu.net:81/kxhcm10.ocx
DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/player/DivXBrowserPlugin.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} - hxxp://lads.myspace.com/upload/MySpaceUploader2.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.3.1
TCP: Interfaces\{0A29C51E-9B8F-45B4-AC2B-8779E546A69F} : DhcpNameServer = 192.168.3.1
TCP: Interfaces\{38345E4D-9E2C-42F5-AC8A-C5DAC44F2AD7} : DhcpNameServer = 192.168.3.1
Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - c:\program files\common files\pure networks shared\platform\puresp4.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: c:\progra~1\google\google~1\GOEC62~1.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\owner\appdata\roaming\mozilla\firefox\profiles\uhgeeduz.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2418376&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig
FF - prefs.js: keyword.URL - chrome://browser-region/locale/region.properties
FF - prefs.js: network.proxy.http - 128.119.41.211
FF - prefs.js: network.proxy.http_port - 3128
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\program files\google\google updater\2.4.2432.1652\npCIDetect14.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60831.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npMozCouponPrinter.dll
FF - plugin: c:\users\owner\appdata\local\facebook\video\skype\npFacebookVideoCalling.dll
FF - plugin: c:\users\owner\appdata\locallow\unity\webplayer\loader\npUnity3D32.dll
FF - plugin: c:\users\owner\appdata\roaming\facebook\npfbplugin_1_0_3.dll
FF - plugin: c:\users\owner\appdata\roaming\move networks\plugins\npqmp071505000011.dll
.
============= SERVICES / DRIVERS ===============
.
R1 jswpslwf;JumpStart Wireless Filter Driver;c:\windows\system32\drivers\jswpslwf.sys [2008-3-19 20352]
R2 ConfigFree Service;ConfigFree Service;c:\program files\toshiba\configfree\CFSvcs.exe [2007-12-25 40960]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
R2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [2010-8-22 238952]
R2 iWinGamesInstaller;iWinGamesInstaller;c:\program files\iwin games\iWinGamesInstaller.exe [2008-7-16 78104]
R2 LinksysUpdater;Linksys Updater;c:\program files\linksys\linksys updater\bin\LinksysUpdater.exe [2008-11-13 204800]
R2 StarWindServiceAE;StarWind AE Service;c:\program files\alcohol soft\alcohol 120\starwind\StarWindServiceAE.exe [2009-12-23 370688]
R2 tmpreflt;tmpreflt;c:\windows\system32\drivers\tmpreflt.sys [2008-2-15 36368]
R2 TOSHIBA SMART Log Service;TOSHIBA SMART Log Service;c:\program files\toshiba\smartlogservice\TosIPCSrv.exe [2007-12-3 126976]
R3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [2010-8-22 36608]
R3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\drivers\ManyCam.sys [2008-1-14 21632]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 tmevtmgr;tmevtmgr;c:\windows\system32\drivers\tmevtmgr.sys [2008-2-15 52240]
S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\google\google desktop search\GoogleDesktop.exe [2008-2-18 30192]
S3 jswpsapi;Jumpstart Wifi Protected Setup;c:\program files\jumpstart\jswpsapi.exe [2008-3-19 937984]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
S3 ssecbus;Samsung Mobile Modem Device driver (WDM);c:\windows\system32\drivers\ssecbus.sys [2010-8-22 86528]
S3 ssecmdfl;Samsung Mobile Modem Device 2 Filter;c:\windows\system32\drivers\ssecmdfl.sys [2010-8-22 14976]
S3 ssecmdm;Samsung Mobile Modem Device 2 Driver;c:\windows\system32\drivers\ssecmdm.sys [2010-8-22 114304]
S3 tmproxy;Trend Micro Proxy Service;c:\program files\trend micro\internet security\TmProxy.exe [2008-4-12 648456]
.
=============== Created Last 30 ================
.
2011-11-27 02:43:28 111616 ----a-w- c:\windows\system32\S6ovG.com
2011-11-27 00:07:05 -------- d-----w- C:\skins
2011-11-26 13:40:53 56200 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{807336d0-65e3-49f7-8a83-b41b09130bbc}\offreg.dll
2011-11-26 06:50:17 111616 ----a-w- c:\programdata\2jFf5J64.exe
2011-11-26 05:44:22 -------- d-----w- C:\e
2011-11-26 05:44:20 -------- d-----w- C:\w
2011-11-26 05:44:18 -------- d-----w- C:\Data
2011-11-26 05:19:10 -------- d-sh--w- c:\windows\system32\%APPDATA%
2011-11-26 02:51:40 -------- d-----w- C:\Cache
2011-11-25 23:01:58 111616 ----a-w- c:\windows\system32\S6ovG.com_
2011-11-25 19:25:52 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2011-11-25 19:25:52 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-11-25 09:49:21 6668624 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{807336d0-65e3-49f7-8a83-b41b09130bbc}\mpengine.dll
2011-11-20 02:30:49 -------- d-----w- c:\users\owner\appdata\roaming\Mumble
2011-11-20 02:29:21 -------- d-----w- c:\program files\Mumble
2011-11-10 14:30:44 -------- d-----w- c:\users\owner\appdata\roaming\SkIVrlONtPuSiDo
2011-11-10 14:30:44 -------- d-----w- c:\users\owner\appdata\roaming\qG4aQH6sW7E9TqY
2011-11-10 14:28:37 -------- d-----w- c:\users\owner\appdata\roaming\y6dWK7fRLgXjCkV
2011-11-10 14:28:37 -------- d-----w- c:\users\owner\appdata\roaming\JONtxA0uc2b3n4Q
2011-11-10 14:25:01 -------- d-----w- c:\users\owner\appdata\roaming\gqhYCwkUVlB
2011-11-10 14:24:59 -------- d-----w- c:\users\owner\appdata\roaming\JH6dWK7fR9TqYeI
2011-11-09 22:53:30 2409784 ----a-w- c:\program files\windows mail\OESpamFilter.dat
2011-11-09 22:53:06 905088 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-11-09 22:53:04 707584 ----a-w- c:\program files\common files\system\wab32.dll
2011-11-02 08:47:52 -------- d-----w- c:\users\owner\appdata\local\Facebook
.
==================== Find3M ====================
.
2011-11-26 09:17:12 65936 ----a-w- c:\windows\system32\drivers\tmtdi.sys
2011-09-30 23:06:24 916480 ----a-w- c:\windows\system32\wininet.dll
2011-09-30 23:02:06 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-09-30 23:01:51 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-09-30 23:01:34 71680 ----a-w- c:\windows\system32\iesetup.dll
2011-09-30 23:01:34 109056 ----a-w- c:\windows\system32\iesysprep.dll
2011-09-30 22:07:25 385024 ----a-w- c:\windows\system32\html.iec
2011-09-30 21:29:54 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2011-09-30 21:28:36 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2011-09-11 05:36:51 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-09-06 13:30:12 2043392 ----a-w- c:\windows\system32\win32k.sys
2011-09-01 00:00:50 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
.
============= FINISH: 22:12:00.22 ===============

Attached Files


 

  • BC Ads
  • BleepingComputer.com

#2 gringo_pr

gringo_pr

    Bleepin Gringo

  • Malware Response Team
  • PipPipPipPipPipPip
  • 120,374 posts
  • Gender:Male
  • Location:Puerto rico

Posted 27 November 2011 - 11:56 PM

Hello and Welcome to the forums!

My name is Gringo and I'll be glad to help you with your computer problems.

Somethings to remember while we are working together.

  • Do not run any other tool untill instructed to do so!
  • please Do not Attach logs or put in code boxes.
  • Tell me about any problems that have occurred during the fix.
  • Tell me of any other symptoms you may be having as these can help also.
  • Do not run anything while running a fix.
  • Do not run any other tool untill instructed to do so!


Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic

Please Only Copy And Paste Reports Into Topic - Do Not Attach

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

#3 gringo_pr

gringo_pr

    Bleepin Gringo

  • Malware Response Team
  • PipPipPipPipPipPip
  • 120,374 posts
  • Gender:Male
  • Location:Puerto rico

Posted 02 December 2011 - 08:47 PM

Hello

48 Hour bump

It has been more than 48 hours since my last post.

  • do you still need help with this?
  • do you need more time?
  • are you having problems following my instructions?
  • if after 48hrs you have not replied to this thread then it will have to be closed!

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic

Please Only Copy And Paste Reports Into Topic - Do Not Attach

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

#4 gringo_pr

gringo_pr

    Bleepin Gringo

  • Malware Response Team
  • PipPipPipPipPipPip
  • 120,374 posts
  • Gender:Male
  • Location:Puerto rico

Posted 05 December 2011 - 12:17 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic

Please Only Copy And Paste Reports Into Topic - Do Not Attach

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Back to Virus, Trojan, Spyware, and Malware Removal Logs


0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users


  1. BleepingComputer.com
  2. Security
  3. Virus, Trojan, Spyware, and Malware Removal Logs
  4. Privacy Policy
  5. Rules ·