BleepingComputer.com: XP Total Security

delete files

• Copy all text in the quote box (below)...to Notepad.
  

  Quote

  @echo off
  del /f /s /q "C:\backup\WINDOWS\Profiles\Kids\Application Data\Phoenix\Profiles\default\bee1f31v.slt\Cache\176557A6d01 "
  del /f /s /q "C:\backup\Program Files\bfgtoolbar\bfgtoolbar.dll"
  del %0
  
  
• Save the Notepad file on your desktop...as delfile.bat... save type as "All Files"
  It should look like this: <--XP<--vista
  
• Double click on delfile.bat to execute it.
  A black CMD window will flash, then disappear...this is normal.
  
• The files and folders, if found...will have been deleted and the "delfile.bat" file will also be deleted.

Lets try this scan


F-Secure Online Scan

You can use either Internet Explorer or Mozilla FireFox for this scan.

Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

• Please go HERE to run an online scan from F-Secure
  
• Click on Start scanning
  
• This will open a new window
  
  In Interner Explorer
  
  • It will require an activex control, please install it
    
  • Click Accept
  
  
  
  In Firefox
  
  • It will require an Add-on to be installed, please install it
    
  • Order to install the Add-on Firefox needs to be restarted, please do so
  
  
• Click Full System Scan
  
• It will now download the scanner this may take a while please be patient
  
• It will then start scanning wait for the scan to finish
  
• Click Automatic cleaning (recommended)
  
• Wait for it finish the cleaning process
  
• Click show report
  
• This will open up a window with the results of the scan copy and paste those results as a reply to this topic

Hello again Gringo,

I did the F scan in IE, it would not finish.

First Error Message: Data Execution Prevention. To help protect your computer, Windows has closed this program: Name: Windows Explorer Publisher: Microsoft Corporation

Second Error Message: WE has encountered a problem and needs to close. We are sorry. . .

When the scan was about 31%.

It continued to the end, then I got this error message:
F-Secure Online Scanner 4.2 encountered an error. The program is running with insufficient user right to scan all targets for malware and spyware. Restart F-Secure Online Scanner 4.2. If this error repeats, contact the support (error id: 65)

I ran it again, same error messages.

I tried it in Firefox:

Message: F-Secure Online Scanner 4.2 has found 19 infected files

Then, same error as above. It would not clean or create a report.

Oh yeah: The Delfile.bat worked as you described, as far as I can tell.

please download Kaspersky Virus Removal Tool from here - http://support.kaspersky.com/viruses/utility skip anything it finds and let me have the report




gringo

Gringo,

I could not get online this morning. I tried creating a new user account, but even from there I could not get online at all.

I am at work and I will have access to this computer for a few hours. What can I do from here?

Thanks,

Janis

update combofix

I would like you to download an updated virsion of combofix.

Delete the version of combofix you have now on your desktop and download a new one from here


Link 1
Link 2
Link 3

**Note: It is important that it is saved directly to your desktop**

1. Close any open browsers.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note:Do not mouseclick combofix's window while it's running. That may cause it to stall

Gringo,

I am sorry. As I said, I am not very technically competent.

How do I go about downloading an updated scan when I cannot get online?

Do I save it to a flashdrive from my work computer, and install it when I get home?

Thanks. . .

This post has been edited by JanisQ: 04 May 2011 - 11:49 AM

Do I save it to a flashdrive from my work computer, and install it when I get home?

yes that is what you will have to do

print this out so you know what to do when you get home


do these as well in this order to see if it will get online



Check - Reset Proxy settings

Internet Explorer Proxy settings:

• Open Internet Explorer > click Tools > Internet Options > Connections tab.
  
• Click the LAN Settings... button and uncheck "Use a proxy server for your LAN"
  or change the settings to the proxy you normally use if you previously reconfigured it.
  
• Remove any unknown addresses from the Address box. 80 is the default Port so it does not have to be changed.
  
• Click OK... then click OK again.
  
• Close Internet Explorer and -restart- the computer.
  
• An example of how to do this with screenshots can be found >here<

Firefox Proxy settings:

• Open Firefox, click Tools > Options > Advanced and click the Network Tab.
  
• Under the Connection section click on the Settings... button.
  
• Under Configure Proxies to Access the Internet, check No proxy. This is the default option if you don't use a proxy.
  
• Click OK... then click OK again.
  
• Close Firefox and -restart- the computer.
  
• An example of how to do this with screenshots can be found >here<

For other browsers, please refer to How to configure browser proxy settings.

flush the DNS:

Can you please flush the DNS:

• click on Start
  
• select run
  
• enter cmd and hit enter
  
• a black window will open.
  
• please enter the following text into that window and hit enter:
  
  
  ipconfig /flushdns

Download and run WinSockFix. This is a two step process that will Back up the Registry and Reset the Winsock Stack.

• Double click on WinsockXPFix.exe to open.
  
• On the Winsock and TCP Repair Utility screen, click "ReG-Backup"
  
• On the ERDNT Welcome screen, click "OK".
  
• On the Backup to: screen, click "OK".
  
• On the Folder does not exist question screen click "Yes".
  
• You will see a status screen as your registry is being backed up.
  
• On the Registry backup is complete! screen, click "OK" and you will go back to the main window.
  
• On the Winsock and TCP Repair Utility screen, click "Fix".
  
• On the Apply the VB_Winsock fix? screen click "Yes".
  
• The screen will display a status message "repair completed please reboot."
  
• On the Repair Completed screen click "OK" to reboot your computer.
  
• If your computer was not using DHCP, you will need to reconfigure TCP/IP.
  
• You should have connectivity restored.

If you have internet back come back and let me know if not go to next step

Download LSPFix and save to your desktop.
alternate download site
alternate download site

• Disconnect from the Internet, go to the LSPfix file and extract (unzip) LSP-Fix into its own folder such as C:\lspfix. (Click here for information on how to do this if not sure. Win 9x/2000 users click here.
  
• Open the lspfix folder and double-click on LSPFix.exe to start the program.
  
• Check the "I know what I am doing" checkbox.
  
• Click "Finish" and LSPfix will restore the chain numbers.
  
• restart the computer

Gringo

Gringo,

I updated and ran ComboFix. I don't know if it did something or not, but I am now able to go online again.

Do I still need to reset proxy settings and fluxh the DNS?

Here is the ComboFix log:

ComboFix 11-05-04.04 - JanisM 05/05/2011 13:06:06.5.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2047.1537 [GMT -7:00]
Running from: E:\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
.
((((((((((((((((((((((((( Files Created from 2011-04-05 to 2011-05-05 )))))))))))))))))))))))))))))))
.
.
2011-05-05 15:55 . 2011-04-18 16:15 7071056 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{E49D12B1-36D9-4D81-AFE1-58E817F94470}\mpengine.dll
2011-05-04 03:17 . 2011-05-04 03:17 -------- d-----w- c:\documents and settings\All Users\Application Data\F-Secure
2011-05-03 21:34 . 2011-05-03 21:34 -------- d-----w- c:\program files\ESET
2011-05-03 03:10 . 2011-05-03 03:10 -------- d-----w- c:\program files\Trend Micro
2011-05-03 01:31 . 2011-05-03 01:31 -------- d-----w- c:\windows\system32\syncdb
2011-05-03 01:29 . 2011-05-03 01:29 -------- d-----w- c:\program files\Common Files\Java
2011-05-02 23:32 . 2011-05-03 00:24 -------- d-----w- c:\documents and settings\Help
2011-05-01 15:38 . 2011-04-18 16:15 7071056 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-04-30 00:09 . 2011-04-30 00:09 -------- d-----w- c:\program files\Cisco Systems
2011-04-29 22:50 . 2011-04-29 22:50 -------- d-----w- c:\documents and settings\All Users\Application Data\Cisco Systems
2011-04-28 08:23 . 2011-04-28 08:23 -------- d-----w- c:\documents and settings\Don\Local Settings\Application Data\Trusteer
2011-04-27 06:37 . 2011-04-27 06:38 -------- d-----w- c:\documents and settings\Administrator
2011-04-27 03:00 . 2010-12-21 01:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-04-27 03:00 . 2010-12-21 01:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-04-27 02:29 . 2011-04-27 02:29 0 ---ha-w- c:\documents and settings\Janis\Local Settings\Application Data\BIT55.tmp
2011-04-26 20:08 . 2011-04-26 20:09 -------- d-----w- c:\program files\Microsoft Security Client
2011-04-26 04:10 . 2011-04-26 05:53 -------- d-----w- c:\documents and settings\James Mercier
2011-04-26 01:41 . 2011-04-26 04:07 -------- d-----w- c:\documents and settings\James
2011-04-25 22:55 . 2011-05-02 03:21 142296 ----a-w- c:\program files\Mozilla Firefox\components\browsercomps.dll
2011-04-25 22:55 . 2011-05-02 03:21 16856 ----a-w- c:\program files\Mozilla Firefox\plugin-container.exe
2011-04-25 22:55 . 2011-05-02 03:21 781272 ----a-w- c:\program files\Mozilla Firefox\mozsqlite3.dll
2011-04-25 22:55 . 2011-05-02 03:21 1874904 ----a-w- c:\program files\Mozilla Firefox\mozjs.dll
2011-04-25 22:55 . 2011-05-02 03:21 719832 ----a-w- c:\program files\Mozilla Firefox\mozcpp19.dll
2011-04-25 22:55 . 2011-05-02 03:21 465880 ----a-w- c:\program files\Mozilla Firefox\libGLESv2.dll
2011-04-25 22:55 . 2011-05-02 03:21 15832 ----a-w- c:\program files\Mozilla Firefox\mozalloc.dll
2011-04-25 22:55 . 2011-05-02 03:21 89048 ----a-w- c:\program files\Mozilla Firefox\libEGL.dll
2011-04-25 22:55 . 2011-05-02 03:21 1892184 ----a-w- c:\program files\Mozilla Firefox\d3dx9_42.dll
2011-04-25 22:55 . 2011-05-02 03:21 1974616 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_42.dll
2011-04-25 22:49 . 2011-04-30 20:43 -------- d-----w- c:\documents and settings\JanisM
2011-04-23 02:56 . 2011-04-23 02:56 -------- d-----w- c:\documents and settings\Janis\Application Data\Atari
2011-04-22 23:24 . 2011-04-22 23:24 -------- d-----w- c:\documents and settings\Kids\Local Settings\Application Data\Trusteer
2011-04-22 22:27 . 2011-04-22 22:27 -------- d-----w- c:\documents and settings\LocalService\Application Data\TightVNC
2011-04-22 22:27 . 2011-04-27 02:39 -------- d-----w- c:\documents and settings\Janis\Local Settings\Application Data\CrossLoop
2011-04-22 18:30 . 2011-04-22 18:30 -------- d-----w- c:\program files\Stunt Track Driver
2011-04-21 00:59 . 2011-04-21 00:59 -------- d-----w- c:\documents and settings\FuguFish\Local Settings\Application Data\Trusteer
2011-04-20 19:59 . 2011-04-20 19:59 -------- d-----w- c:\documents and settings\Janis\Local Settings\Application Data\Trusteer
2011-04-19 05:03 . 2011-04-19 05:03 -------- d-----w- c:\program files\Bonjour
2011-04-13 19:32 . 2011-04-13 19:32 -------- d-----w- c:\program files\Epson Software
2011-04-13 19:21 . 2006-03-20 07:00 63488 ----a-w- c:\windows\system32\escwiad.dll
2011-04-08 17:17 . 2011-04-08 17:17 53816 ----a-w- c:\windows\system32\drivers\RapportKELL.sys
2011-04-06 23:20 . 2011-04-06 23:20 91424 ----a-w- c:\windows\system32\dnssd.dll
2011-04-06 23:20 . 2011-04-06 23:20 107808 ----a-w- c:\windows\system32\dns-sd.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-07 05:33 . 2006-02-08 01:43 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-03-04 06:37 . 2004-08-04 12:00 420864 ----a-w- c:\windows\system32\vbscript.dll
2011-03-03 13:21 . 2004-08-04 12:00 1857920 ----a-w- c:\windows\system32\win32k.sys
2011-02-22 23:06 . 2004-08-04 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2011-02-22 23:06 . 2004-08-04 12:00 43520 ------w- c:\windows\system32\licmgr10.dll
2011-02-22 23:06 . 2004-08-04 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-02-22 11:41 . 2004-08-04 12:00 385024 ----a-w- c:\windows\system32\html.iec
2011-02-19 00:36 . 2009-06-02 06:32 4184352 ----a-w- c:\windows\system32\usbaaplrc.dll
2011-02-19 00:36 . 2008-07-18 17:51 41984 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2011-02-17 13:18 . 2004-08-04 12:00 455936 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-02-17 13:18 . 2004-08-04 12:00 357888 ----a-w- c:\windows\system32\drivers\srv.sys
2011-02-17 12:32 . 2009-04-15 10:28 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2011-02-15 12:56 . 2004-08-04 12:00 290432 ----a-w- c:\windows\system32\atmfd.dll
2011-02-11 13:25 . 2008-08-05 13:42 229888 ----a-w- c:\windows\system32\fxscover.exe
2011-02-09 13:53 . 2004-08-04 12:00 270848 ----a-w- c:\windows\system32\sbe.dll
2011-02-09 13:53 . 2004-08-04 12:00 186880 ----a-w- c:\windows\system32\encdec.dll
2011-02-08 13:33 . 2004-08-04 12:00 978944 ------w- c:\windows\system32\mfc42.dll
2011-02-08 13:33 . 2004-08-04 12:00 974848 ----a-w- c:\windows\system32\mfc42u.dll
2011-05-02 03:21 . 2011-04-25 22:55 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2011-05-01_00.33.51 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-01-11 17:59 . 2011-01-11 17:59 51024 c:\windows\WinSxS\x86_Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_9.0.30729.5570_x-ww_214ee422\vcomp90.dll
+ 2011-01-11 17:59 . 2011-01-11 17:59 59728 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.5570_x-ww_467ea28b\mfc90rus.dll
+ 2011-01-11 17:59 . 2011-01-11 17:59 42832 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.5570_x-ww_467ea28b\mfc90kor.dll
+ 2011-01-11 17:59 . 2011-01-11 17:59 43344 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.5570_x-ww_467ea28b\mfc90jpn.dll
+ 2011-01-11 17:59 . 2011-01-11 17:59 61264 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.5570_x-ww_467ea28b\mfc90ita.dll
+ 2011-01-11 17:59 . 2011-01-11 17:59 62800 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.5570_x-ww_467ea28b\mfc90fra.dll
+ 2011-01-11 17:59 . 2011-01-11 17:59 61776 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.5570_x-ww_467ea28b\mfc90esp.dll
+ 2011-01-11 17:59 . 2011-01-11 17:59 61776 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.5570_x-ww_467ea28b\mfc90esn.dll
+ 2011-01-11 17:59 . 2011-01-11 17:59 53584 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.5570_x-ww_467ea28b\mfc90enu.dll
+ 2011-01-11 17:59 . 2011-01-11 17:59 63312 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.5570_x-ww_467ea28b\mfc90deu.dll
+ 2011-01-11 17:59 . 2011-01-11 17:59 36688 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.5570_x-ww_467ea28b\mfc90cht.dll
+ 2011-01-11 17:59 . 2011-01-11 17:59 35664 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.5570_x-ww_467ea28b\mfc90chs.dll
+ 2011-01-11 17:59 . 2011-01-11 17:59 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.5570_x-ww_d5fe2ecb\mfcm90u.dll
+ 2011-01-11 17:59 . 2011-01-11 17:59 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.5570_x-ww_d5fe2ecb\mfcm90.dll
+ 2011-01-11 06:03 . 2011-01-11 06:03 65536 c:\windows\WinSxS\x86_Microsoft.VC80.OpenMP_1fc8b3b9a1e18e3b_8.0.50727.5592_x-ww_189d6662\vcomp.dll
+ 2011-01-11 05:32 . 2011-01-11 05:32 49152 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.5592_x-ww_3dcd24cb\mfc80KOR.dll
+ 2011-01-11 05:32 . 2011-01-11 05:32 49152 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.5592_x-ww_3dcd24cb\mfc80JPN.dll
+ 2011-01-11 05:32 . 2011-01-11 05:32 61440 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.5592_x-ww_3dcd24cb\mfc80ITA.dll
+ 2011-01-11 05:32 . 2011-01-11 05:32 61440 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.5592_x-ww_3dcd24cb\mfc80FRA.dll
+ 2011-01-11 05:32 . 2011-01-11 05:32 61440 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.5592_x-ww_3dcd24cb\mfc80ESP.dll
+ 2011-01-11 05:32 . 2011-01-11 05:32 57344 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.5592_x-ww_3dcd24cb\mfc80ENU.dll
+ 2011-01-11 05:32 . 2011-01-11 05:32 65536 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.5592_x-ww_3dcd24cb\mfc80DEU.dll
+ 2011-01-11 05:32 . 2011-01-11 05:32 45056 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.5592_x-ww_3dcd24cb\mfc80CHT.dll
+ 2011-01-11 05:32 . 2011-01-11 05:32 40960 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.5592_x-ww_3dcd24cb\mfc80CHS.dll
+ 2011-01-11 11:05 . 2011-01-11 11:05 57856 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.5592_x-ww_e87e0bcd\mfcm80u.dll
+ 2011-01-11 11:23 . 2011-01-11 11:23 69632 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.5592_x-ww_e87e0bcd\mfcm80.dll
+ 2011-01-11 04:21 . 2011-01-11 04:21 97280 c:\windows\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.5592_x-ww_7837863c\ATL80.dll
+ 2011-05-05 19:44 . 2011-05-05 19:44 16384 c:\windows\Temp\Perflib_Perfdata_718.dat
+ 2011-05-05 19:44 . 2011-05-05 19:44 16384 c:\windows\Temp\Perflib_Perfdata_6bc.dat
+ 2010-06-08 19:37 . 2011-05-01 00:53 49152 c:\windows\Installer\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}\ConfigIcon.dll
- 2010-06-08 19:37 . 2011-02-15 17:36 49152 c:\windows\Installer\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}\ConfigIcon.dll
+ 2011-01-11 17:59 . 2011-01-11 17:59 653136 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.5570_x-ww_0517bbc6\msvcr90.dll
+ 2011-01-11 17:59 . 2011-01-11 17:59 569680 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.5570_x-ww_0517bbc6\msvcp90.dll
+ 2011-01-11 17:59 . 2011-01-11 17:59 225280 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.5570_x-ww_0517bbc6\msvcm90.dll
+ 2011-01-11 17:59 . 2011-01-11 17:59 159048 c:\windows\WinSxS\x86_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.30729.5570_x-ww_65b7a93a\atl90.dll
+ 2011-01-11 11:27 . 2011-01-11 11:27 632656 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.5592_x-ww_179798c8\msvcr80.dll
+ 2011-01-11 11:24 . 2011-01-11 11:24 554832 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.5592_x-ww_179798c8\msvcp80.dll
+ 2011-01-11 11:08 . 2011-01-11 11:08 479232 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.5592_x-ww_179798c8\msvcm80.dll
+ 2011-05-03 01:26 . 2011-02-03 04:40 157472 c:\windows\system32\javaws.exe
- 2011-01-24 02:29 . 2011-01-24 02:28 145184 c:\windows\system32\javaw.exe
+ 2011-05-03 01:26 . 2011-02-03 04:40 145184 c:\windows\system32\javaw.exe
+ 2011-05-03 01:26 . 2011-02-03 04:40 145184 c:\windows\system32\java.exe
- 2011-01-24 02:29 . 2011-01-24 02:28 145184 c:\windows\system32\java.exe
+ 2011-01-24 02:29 . 2011-02-03 04:40 472808 c:\windows\system32\deployJava1.dll
- 2011-01-24 02:29 . 2011-01-24 02:28 472808 c:\windows\system32\deployJava1.dll
+ 2011-05-03 01:29 . 2011-05-03 01:29 180224 c:\windows\Installer\679400.msi
+ 2011-05-04 14:23 . 2011-05-04 14:23 459264 c:\windows\Installer\126b27.msi
+ 2011-05-04 14:23 . 2011-05-04 14:23 223232 c:\windows\Installer\126b20.msi
+ 2011-04-19 05:07 . 2011-05-03 23:53 380928 c:\windows\Installer\{353FE16B-30FE-469A-BF55-B978F4218003}\iTunesIco.exe
- 2011-04-19 05:07 . 2011-04-27 20:30 380928 c:\windows\Installer\{353FE16B-30FE-469A-BF55-B978F4218003}\iTunesIco.exe
+ 2011-01-11 17:59 . 2011-01-11 17:59 3780936 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.5570_x-ww_d5fe2ecb\mfc90u.dll
+ 2011-01-11 17:59 . 2011-01-11 17:59 3766088 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.5570_x-ww_d5fe2ecb\mfc90.dll
+ 2011-01-11 05:50 . 2011-01-11 05:50 1093120 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.5592_x-ww_e87e0bcd\mfc80u.dll
+ 2011-01-11 05:50 . 2011-01-11 05:50 1101824 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.5592_x-ww_e87e0bcd\mfc80.dll
+ 2011-05-03 03:10 . 2011-05-03 03:10 1094656 c:\windows\Installer\484877.msi
+ 2006-02-08 02:46 . 2011-04-18 22:46 42181064 c:\windows\system32\MRT.exe
+ 2011-05-01 00:51 . 2011-05-01 00:51 20314624 c:\windows\Installer\4af80.msp
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{474597C5-AB09-49d6-A4D5-2E8D7341384E}]
2009-11-29 20:51 498688 ----a-w- c:\program files\iMesh Applications\MediaBar\DataMngr\IEBHO.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ABB49B3B-AB7D-4ED0-9135-93FD5AA4F69F}]
2009-11-20 17:34 87472 ----a-w- c:\program files\iMesh Applications\MediaBar\ToolBar\iMeshMediaBarDx.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{ABB49B3B-AB7D-4ED0-9135-93FD5AA4F69F}"= "c:\program files\iMesh Applications\MediaBar\ToolBar\iMeshMediaBarDx.dll" [2009-11-20 87472]
.
[HKEY_CLASSES_ROOT\clsid\{abb49b3b-ab7d-4ed0-9135-93fd5aa4f69f}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igndlm.exe"="c:\program files\Download Manager\DLM.exe" [2009-02-25 1103216]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2010-11-30 997408]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-04-14 421160]
.
c:\documents and settings\Kids\Start Menu\Programs\Startup\
RollerCoaster Tycoon 3 Registration.lnk - c:\documents and settings\Kids\Local Settings\Temp\{0E501C17-9979-4622-B6B5-99BC2E1A5CC0}\{907B4640-266B-4A21-92FB-CD1A86CD0F63}\ATR1.exe [N/A]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2008-05-02 09:42 72208 ----a-w- c:\program files\Common Files\Logitech\Bluetooth\LBTWLgn.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech SetPoint.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk
backup=c:\windows\pss\Logitech SetPoint.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
backup=c:\windows\pss\Windows Search.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Don^Start Menu^Programs^Startup^Axis & Allies Registration.lnk]
path=c:\documents and settings\Don\Start Menu\Programs\Startup\Axis & Allies Registration.lnk
backup=c:\windows\pss\Axis & Allies Registration.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Don^Start Menu^Programs^Startup^PowerReg Scheduler.exe]
path=c:\documents and settings\Don\Start Menu\Programs\Startup\PowerReg Scheduler.exe
backup=c:\windows\pss\PowerReg Scheduler.exeStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Janis^Start Menu^Programs^Startup^Picture Motion Browser Media Check Tool.lnk]
path=c:\documents and settings\Janis\Start Menu\Programs\Startup\Picture Motion Browser Media Check Tool.lnk
backup=c:\windows\pss\Picture Motion Browser Media Check Tool.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
2005-05-04 02:43 69632 ----a-w- c:\windows\ALCMTR.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
2010-09-22 07:28 47904 ----a-w- c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ArcSoft Connection Service]
2010-10-28 03:17 207424 ----a-w- c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ArcSoft MediaImpression Monitor]
2010-07-20 17:09 80384 ----a-w- c:\program files\Kodak\MediaImpression\ArcMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus Photo RX580 Series]
2006-05-23 11:00 139264 ----a-w- c:\windows\system32\spool\drivers\w32x86\3\E_FATIBPA.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igndlm.exe]
2009-02-25 02:20 1103216 ----a-w- c:\program files\Download Manager\DLM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-04-14 18:32 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\itype]
2009-01-07 19:23 1496968 ----a-w- c:\program files\Microsoft IntelliType Pro\itype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Kernel and Hardware Abstraction Layer]
2008-02-29 10:12 76304 ----a-w- c:\windows\KHALMNPR.Exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Hardware Abstraction Layer]
2008-02-29 10:12 76304 ----a-w- c:\windows\KHALMNPR.Exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSC]
2010-11-30 20:20 997408 ----a-w- c:\program files\Microsoft Security Client\msseces.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2010-04-04 02:23 13670504 ----a-w- c:\windows\system32\nvcpl.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2010-04-04 02:23 110696 ----a-w- c:\windows\system32\nvmctray.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PhotoShow Deluxe Media Manager]
2005-02-26 00:28 212992 ----a-w- c:\progra~1\Nero\data\Xtras\mssysmgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Picasa Media Detector]
2007-02-21 01:18 366400 ----a-w- c:\program files\Picasa2\PicasaMediaDetector.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PMBVolumeWatcher]
2010-11-27 08:55 648032 ----a-w- c:\program files\Sony\PMB\PMBVolumeWatcher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-30 01:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
2005-09-22 21:36 14854144 ----a-w- c:\windows\RTHDCPL.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-10-29 21:49 249064 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2010-03-11 20:50 202256 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WMPNetworkSvc"=2 (0x2)
"WTouchService"=2 (0x2)
"wlidsvc"=2 (0x2)
"TabletServicePen"=2 (0x2)
"SeaPort"=2 (0x2)
"PMBDeviceInfoProvider"=2 (0x2)
"ose"=3 (0x3)
"odserv"=3 (0x3)
"NVSvc"=2 (0x2)
"npggsvc"=3 (0x3)
"MsMpSvc"=2 (0x2)
"MDM"=2 (0x2)
"LBTServ"=3 (0x3)
"JavaQuickStarterService"=2 (0x2)
"iPod Service"=3 (0x3)
"idsvc"=3 (0x3)
"IDriverT"=3 (0x3)
"gusvc"=3 (0x3)
"gupdate"=2 (0x2)
"FLEXnet Licensing Service"=3 (0x3)
"EPSONStatusAgent2"=2 (0x2)
"Bonjour Service"=2 (0x2)
"Apple Mobile Device"=2 (0x2)
"AdobeActiveFileMonitor7.0"=2 (0x2)
"ACDaemon"=2 (0x2)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\fxsclnt.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1195:TCP"= 1195:TCP:Akamai NetSession Interface
"5000:UDP"= 5000:UDP:Akamai NetSession Interface
.
R0 iteraid;ITERAID_Service_Install;c:\windows\system32\drivers\iteraid.sys [8/4/2005 5:51 AM 26112]
R0 RapportKELL;RapportKELL;c:\windows\system32\drivers\RapportKELL.sys [4/8/2011 10:17 AM 53816]
R1 RapportCerberus_26169;RapportCerberus_26169;c:\documents and settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\26169\RapportCerberus_26169.sys [5/2/2011 2:24 PM 57144]
R1 RapportEI;RapportEI;c:\program files\Trusteer\Rapport\bin\RapportEI.sys [4/8/2011 10:17 AM 66360]
R1 RapportPG;RapportPG;c:\program files\Trusteer\Rapport\bin\RapportPG.sys [4/8/2011 10:17 AM 158904]
R2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe -k Akamai [8/4/2004 5:00 AM 14336]
R2 LBeepKE;LBeepKE;c:\windows\system32\drivers\LBeepKE.sys [6/25/2006 10:11 PM 3712]
R2 RapportMgmtService;Rapport Management Service;c:\program files\Trusteer\Rapport\bin\RapportMgmtService.exe [4/8/2011 10:17 AM 870200]
R2 TabletServicePen;TabletServicePen;c:\windows\system32\Pen_Tablet.exe [12/30/2009 9:54 AM 4408616]
R3 ArcCD;ArcCD Filter Driver Service;c:\windows\system32\drivers\ArcCD.sys [1/14/2011 10:27 PM 36224]
S1 MpKsl32ef51ba;MpKsl32ef51ba;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{4B63C910-8E26-4752-B63D-FF17C3C6C814}\MpKsl32ef51ba.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{4B63C910-8E26-4752-B63D-FF17C3C6C814}\MpKsl32ef51ba.sys [?]
S1 MpKsle9df33c1;MpKsle9df33c1;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{BC2DDAFD-D7C0-4458-9D66-9721B1DF8CD2}\MpKsle9df33c1.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{BC2DDAFD-D7C0-4458-9D66-9721B1DF8CD2}\MpKsle9df33c1.sys [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [12/4/2010 7:42 PM 135664]
S3 F-Secure Standalone Minifilter;F-Secure Standalone Minifilter;\??\c:\docume~1\Help2\LOCALS~1\Temp\OnlineScanner\Anti-Virus\fsgk.sys --> c:\docume~1\Help2\LOCALS~1\Temp\OnlineScanner\Anti-Virus\fsgk.sys [?]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [12/4/2010 7:42 PM 135664]
S3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\drivers\wacmoumonitor.sys [12/25/2009 12:37 PM 15656]
S4 ArcUdfs;ArcUdfs FileSystem Driver Service;c:\windows\system32\drivers\ArcUdfs.sys [1/14/2011 10:27 PM 134912]
S4 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
S4 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files\Sony\PMB\PMBDeviceInfoProvider.exe [11/27/2010 1:55 AM 398176]
S4 WTouchService;WTouch Service;c:\program files\WTouch\WTouchService.exe [12/25/2009 12:38 PM 112936]
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - ArcRec
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
Contents of the 'Scheduled Tasks' folder
.
2011-05-03 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 19:34]
.
2011-04-06 c:\windows\Tasks\backup week1.job
- c:\windows\system32\ntbackup.exe [2001-08-18 06:36]
.
2011-04-13 c:\windows\Tasks\backup2.job
- c:\windows\system32\ntbackup.exe [2001-08-18 06:36]
.
2011-04-20 c:\windows\Tasks\backup3.job
- c:\windows\system32\ntbackup.exe [2001-08-18 06:36]
.
2011-04-27 c:\windows\Tasks\backup4.job
- c:\windows\system32\ntbackup.exe [2001-08-18 06:36]
.
2011-05-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-12-05 02:42]
.
2011-05-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-12-05 02:42]
.
2011-05-05 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-746137067-1292428093-682003330-1004.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 06:09]
.
2011-05-05 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-746137067-1292428093-682003330-1005.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 06:09]
.
2011-05-05 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-746137067-1292428093-682003330-1009.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 06:09]
.
2011-04-29 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-746137067-1292428093-682003330-1004.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 06:09]
.
2011-04-29 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-746137067-1292428093-682003330-1005.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 06:09]
.
2011-05-01 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-746137067-1292428093-682003330-1009.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 06:09]
.
2011-05-05 c:\windows\Tasks\User_Feed_Synchronization-{2FB4AA50-B871-4532-BF23-5ED545B71100}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 12:31]
.
2011-05-05 c:\windows\Tasks\User_Feed_Synchronization-{E3E2E0E3-D15A-42A8-AD76-0308033C5AF4}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 12:31]
.
.
------- Supplementary Scan -------
.
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
Trusted Zone: microsoft.com\www.update
DPF: {226ACC34-3194-40E2-9AE8-834FCFE9E80D} - hxxp://www.shockwave.com/content/sharkisland/sis/MysteryOfSharkIslandWeb.1.0.0.8.cab
DPF: {75A6AEA3-F26E-4608-AE9B-8DA78C87576E} - hxxps://kingsisle.hs.llnwd.net/e1/static/themes/wizard101A/activex/Wizard101GameLauncher.CAB
DPF: {C0C0CB9B-BFEB-47C2-90FA-BE9692875ADB} - hxxp://www.shockwave.com/content/petshophop/sis/petshophopweb.1.0.0.17.cab
DPF: {DAF7E6E6-D53A-439A-B28D-12271406B8A9} - hxxp://mobileapps.blackberry.com/devicesoftware/AxLoader.cab
FF - ProfilePath - c:\documents and settings\JanisM\Application Data\Mozilla\Firefox\Profiles\xkmdw0tz.default\
.
- - - - ORPHANS REMOVED - - - -
.
MSConfigStartUp-Adobe ARM - c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
MSConfigStartUp-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-05-05 13:15
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10p_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10p_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(644)
c:\program files\common files\logitech\bluetooth\LBTWlgn.dll
c:\program files\common files\logitech\bluetooth\LBTServ.dll
.
- - - - - - - > 'explorer.exe'(1932)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2011-05-05 13:17:21
ComboFix-quarantined-files.txt 2011-05-05 20:17
ComboFix2.txt 2011-05-03 00:04
ComboFix3.txt 2011-05-02 22:18
ComboFix4.txt 2011-05-01 00:36
.
Pre-Run: 90,487,189,504 bytes free
Post-Run: 91,014,434,816 bytes free
.
- - End Of File - - CD71065E41EBD05DC14D9A8FFBAC4561

Very well done!! This is my general post for when your logs show no more signs of malware - Please let me know if you still are having problems with your computer and what these problems are.


The following procedure will implement some cleanup procedures. It will also reset your System Restore by flushing out previous restore points and create a new restore point. It will also remove all the backups our tools may have made.

Any programs and logs that are left over you can just be deleted from the desktop. TFC is a free temp file cleaner that is very easy to use, I would keep this and use before you do any scans or when you want to free up some space.

:DeFogger:

To re-enable your Emulation drivers, double click DeFogger to run the tool.

• The application window will appear
  
• Click the Re-enable button to re-enable your CD Emulation drivers
  
• Click Yes to continue
  
• A 'Finished!' message will appear
  
• Click OK
  
• DeFogger will now ask to reboot the machine - click OK

Your Emulation drivers are now re-enabled.

:Uninstall ComboFix:

• turn off all active protection software
  
• push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  
• please copy and past the following into the box ComboFix /Uninstall and click OK.
  
• Note the space between the X and the /Uninstall, it needs to be there.
  
• 

:remove tools:

Please download OTCleanIt and save it to desktop. This tool will remove all the tools we used to clean your pc.

• Double-click OTCleanIt.exe.
  
• Click the CleanUp! button.
  
• Select Yes when the "Begin cleanup Process?" prompt appears.
  
• If you are prompted to Reboot during the cleanup, select Yes.
  
• The tool will delete itself once it finishes, if not delete it by yourself.
  
• If asked to restart the computer, please do so

Note: If you receive a warning from your firewall or other security programs regarding OTCleanIt attempting to contact the internet, please allow it to do so.


:clear system restore points:

This is a good time to clear your existing system restore points and establish a new clean restore point:

• Go to Start > All Programs > Accessories > System Tools > System Restore
  
• Select Create a restore point, and Ok it.
  
• Next, go to Start > Run and type in cleanmgr
  
• choose your root drive (normally C:)
  
• after it calculates how much space you will save it will open up a new window
  
• Select the More options tab at the top of the window
  
• Choose the option to clean up system restore and OK it.
  
• go back to the disk clean up tab
  
• put a checkmark in all - except compress old files (leave this unchecked)
  
• click Ok then click yes

This will remove all restore points except the new one you just created and clean unneeded files


:Make your Internet Explorer more secure:

• From within Internet Explorer click on the Tools menu and then click on Options.
  
• Click once on the Security tab
  
• Click once on the Internet icon so it becomes highlighted.
  
• Click once on the Custom Level button.
  
• Change the Download signed ActiveX controls to Prompt
  
• Change the Download unsigned ActiveX controls to Disable
  
• Change the Initialise and script ActiveX controls not marked as safe to Disable
  
• Change the Installation of desktop items to Prompt
  
• Change the Launching programs and files in an IFRAME to Prompt
  
• When all these settings have been made, click on the OK button.
  
• If it prompts you as to whether or not you want to save the settings, press the Yes button.
  Next press the Apply button and then the OK to exit the Internet Properties page.

:Make Firefox more secure:

please visit this page to explain how to make Firefox more secure - How to Secure Firefox

Make sure your applications have all of their updates

It is also possible for other programs on your computer to have security vulnerability that can allow malware to infect you. Therefore, it is also a good idea to check for the latest versions of commonly installed applications that are regularly patched to fix vulnerabilities. You can check these by visiting Secunia Software Inspector


:Turn On Automatic Updates:

Turn On Automatic Updates
1. Click Start, click Run, type sysdm.cpl, and then press ENTER.
2. Click the Automatic Updates tab, and then click to select one of the following options. We recommend that you select the Automatic (recommended) Automatically download recommended updates for my computer and install them

If you click this setting, click to select the day and time for scheduled updates to occur. You can schedule Automatic Updates for any time of day. Remember, your computer must be on at the scheduled time for updates to be installed. After you set this option, Windows recognizes when you are online and uses your Internet connection to find updates on the Windows Update Web site or on the Microsoft Update Web site that apply to your computer. Updates are downloaded automatically in the background, and you are not notified or interrupted during this process. An icon appears in the notification area of your taskbar when the updates are being downloaded. You can point to the icon to view the download status. To pause or to resume the download, right-click the icon, and then click Pause or Resume. When the download is completed, another message appears in the notification area so that you can review the updates that are scheduled for installation. If you choose not to install at that time, Windows starts the installation on your set schedule.

or visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.

:antispyware programs:

I would reccomend the download and installation of some or all of the following programs (all free), and the updating of them regularly:

• WinPatrol As a robust security monitor, WinPatrol will alert you to hijackings, malware attacks and critical changes made to your computer without your permission. WinPatrol takes snapshot of your critical system resources and alerts you to any changes that may occur without your knowledge.
  
  
• Spyware Blaster - By altering your registry, this program stops harmful sites from installing things like ActiveX Controls on your machines.
  
  
• Malwarebytes' Anti-Malware Malwarebytes' Anti-Malware is a new and powerful anti-malware tool. It is
  totally free but for real-time protection you will have to pay a small one-time fee. We used this to help clean your computer and recomend keeping it and using often.

Here is some great reading about how to be safer online:

PC Safety and Security - What Do I Need? from my friends at Tech Support Forum
and
COMPUTER SECURITY - a short guide to staying safer online from my friends at Malware Removal

I'd be grateful if you could reply to this post so that I know you have read it and, if you've no other questions, the thread can then be closed.

I Will Keep This Open For About Three Days, If Anything Comes Up - Just Come Back And Let Me Know, after that time you will have to send me a PM

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here --><-- Don't worry every little bit helps.

Gringo

Gringo,

I cannot get DeFogger to run. It says "cannot open file".

That is ok means you do not have the software


gringo

I am not sure about that. It says: Choose the program you want to use to open the file.
How can I confirm the Emulation drivers are re-enabled?

Hello

Do you have any? If you don't know what they are then you don't have any.

They are a specialized group of software that makes a virtual drive on the computer.


Gringo

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.