BleepingComputer.com: Infected with malware virus-svchost.exe plus others

Jump to content

Forum Guidelines

Posted Image Read the following topic before creating a new topic in this forum. It contains instructions on the what we would like you to post, which will enable us to help you more quickly.

Preparation Guide For Use Before Using Malware Removal Tools and Requesting Help


Posted Image Unfortunately, with the amount of logs we receive per day, the average response time is 5 days. I want to assure you, though, that your topic will be looked at and responded to. So please be patient.


Posted Image DO NOT RUN ComboFix unless requested to.


Posted Image Only members of the Malware Response Team or Moderators are allowed to help people with logs. Anyone else should refrain from posting to another user's log.


Posted Image When posting a log please put the type of infection you have in the topic title. IE: Winfixer, Virtumonde, WinTools, WebSearch, Home Search Assistant, etc.


Posted Image Do not bump your topic. We try to resolve logs on a first come/first served basis. By bumping your log you will be pushed back in line due to the new date of your bump.
  • 2 Pages +
  • 1
  • 2
  • You cannot start a new topic
  • This topic is locked

Infected with malware virus-svchost.exe plus others unable to remove it.

#1 User is offline   donnad2006 

  • New Member
  • Pip
  • Find Topics
  • Group: Members
  • Posts: 8
  • Joined: 18-August 07
  • Gender:Female

Posted 08 August 2011 - 07:51 PM

It all started when I received a Microsoft-Red screen; Enhanced protection mode. It removed my antivirus programs, Avast and McAfee. I was able to get Bit Defender installed and it did find virus', one of which is svchost.exe. I tried the Bleeping computer removal, and I was able to save the DDS.txt file and the Attach.txt file, but when I tried to run the GMER scan, it started up like it should, then a screen with GMER and a red circle with an X in it came on; c:\windows\system32\config\system: Insufficient system resources exist to complete the requested service. OK, then the screen went white and kept going through a loop of repeated warnings: Windows Delayed Write Failed; Windows was unable to save all the data for the file \Device\Harddisk Volume 4\WINDOWS\system 32\config\sysEvent.Evt. The data has been lost. This error may be caused by a failure of your computer hardware or network connection. Please try to save this file elsewhere. OK. The loop contained many of these with different (\Device\Harddisk Volume 4\$Mft; \Device Harddisk Volume 4\Documents and settings\All Users.\WINDOWS\application Data\Bit Defender\Desktop; \Device\Harddisk Volume 4\$Mft; etc.). After many attempts to solve this issue, I managed to get some of my computer programs to work, but there is no way I can get Face Book to work, and as you know, I have a lot more concerns than that!
.
DDS (Ver_2011-06-23.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by Mom at 14:49:47 on 2011-08-07
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1918.1167 [GMT -5:00]
.
AV: BitDefender Antivirus *Enabled/Updated* {6C4BB89C-B0ED-4F41-A29C-4373888923BB}
AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: BitDefender Firewall *Enabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\BitDefender\BitDefender 2011\vsserv.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
C:\WINDOWS\system32\igfxtray.exe
C:\DOWNLO~1\PROGRA~1\SCANJE~1\hpupdate.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\Corel\Corel Photo Album 7\CorelIOMonitor.exe
C:\Program Files\BitDefender\BitDefender 2011\bdagent.exe
C:\Program Files\Corel\Corel Photo Album 7\Corel Photo Downloader.exe
svchost.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\WINDOWS\system32\PSIService.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\BitDefender\BitDefender 2011\updatesrv.exe
C:\Program Files\BitDefender\BitDefender 2011\pchooklaunch32.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\Program Files\Hallmark\Hallmark Card Studio Photo Card Edition\Planner\PLNRnote.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\BitDefender\BitDefender 2011\downloader.exe
C:\WINDOWS\system32\REGSVR32.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
uWindow Title = Windows Internet Explorer provided by MSN & Bing
mStart Page = about:blank
uInternet Settings,ProxyServer = http=127.0.0.1:58505
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
TB: Bitdefender Toolbar: {381ffde8-2394-4f90-b10d-fc6124a40f8c} - c:\program files\bitdefender\bitdefender 2011\IEToolbar.dll
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [tray_ico4]
mRun: [tray_ico3]
mRun: [tray_ico]
mRun: [SunJavaUpdateSched] "c:\program files\java\jre1.6.0_02\bin\jusched.exe"
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [nwiz] c:\program files\nvidia corporation\nview\nwiz.exe /installquiet
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [mmtask] c:\program files\musicmatch\musicmatch jukebox\mmtask.exe
mRun: [IntelMeM] c:\program files\intel\modem event monitor\IntelMEM.exe
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [hplampc] c:\windows\system32\hplampc.exe
mRun: [HPHUPD08] c:\program files\hp\digital imaging\{33d6cc28-9f75-4d1b-a11d-98895b3a3729}\hphupd08.exe
mRun: [HP Update 4200C] c:\downlo~1\progra~1\scanje~1\hpupdate.exe 4200C+
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [DVDLauncher] "c:\program files\cyberlink\powerdvd\DVDLauncher.exe"
mRun: [DMXLauncher] c:\program files\dell\media experience\DMXLauncher.exe
mRun: [dla] c:\windows\system32\dla\tfswctrl.exe
mRun: [Corel File Shell Monitor] c:\program files\corel\corel photo album 7\CorelIOMonitor.exe
mRun: [BitDefender Antiphishing Helper] "c:\program files\bitdefender\bitdefender 2011\ieshow.exe"
mRun: [BDAgent] "c:\program files\bitdefender\bitdefender 2011\bdagent.exe"
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
mRun: [Corel Photo Downloader] "c:\program files\corel\corel photo album 7\Corel Photo Downloader.exe" -startup
StartupFolder: c:\docume~1\mom~1.don\startm~1\programs\startup\tdsint~1.lnk - e:\program files\tds internet call manager\ICM.EXE
StartupFolder: c:\docume~1\mom~1.don\startm~1\programs\startup\zooskm~1.lnk - c:\program files\zooskmessenger\ZooskMessenger.exe
StartupFolder: c:\docume~1\alluse~1.win\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1.win\startm~1\programs\startup\eventr~1.lnk - c:\program files\printmaster 16\pmremind.exe
StartupFolder: c:\docume~1\alluse~1.win\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\2.0.181\SSScheduler.exe
StartupFolder: c:\docume~1\alluse~1.win\startm~1\programs\startup\photoc~1.lnk - c:\windows\installer\{c885990f-a824-41a1-82fb-61e3859b4ce2}\Shortcut_Event_Pla_C885990FA82441A182FB61E3859B4CE2.exe
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableSecureUIAPaths = 0 (0x0)
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
Trusted Zone: facebook.com
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: DhcpNameServer = 192.168.0.1 216.165.129.157
TCP: Interfaces\{97006E99-BB37-4A22-8CC8-881AAED3922D} : DhcpNameServer = 192.168.0.1 216.165.129.157
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\mom.donna-b101ed461\application data\mozilla\firefox\profiles\x5r4a0l5.default\
FF - prefs.js: browser.startup.homepage - hxxp://portal.tds.net/
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\documents and settings\mom.donna-b101ed461\application data\mozilla\firefox\profiles\x5r4a0l5.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
.
============= SERVICES / DRIVERS ===============
.
R1 BdRawPr;BdRawPr;c:\windows\system32\drivers\bdrawpr.sys [2011-7-19 12960]
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2011-4-18 165648]
R2 Updatesrv;BitDefender Desktop Update Service;c:\program files\bitdefender\bitdefender 2011\updatesrv.exe [2011-3-24 43936]
R3 bdfm;BDFM;c:\windows\system32\drivers\bdfm.sys [2010-4-22 153440]
R3 Bdfndisf;BitDefender Firewall NDIS Filter Service;c:\program files\common files\bitdefender\bitdefender firewall\bdfndisf.sys [2010-8-20 111696]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 srvbtcclient;srvbtcclient;c:\windows\update.5.0\svchost.exe srv --> c:\windows\update.5.0\svchost.exe srv [?]
S2 srviecheck;srviecheck;c:\windows\update.2\svchost.exe srv --> c:\windows\update.2\svchost.exe srv [?]
S2 srvsysdriver32;srvsysdriver32;c:\windows\sysdriver32.exe srv --> c:\windows\sysdriver32.exe srv [?]
S2 wxpdrivers;wxpdrivers;c:\windows\update.1\svchost.exe srv --> c:\windows\update.1\svchost.exe srv [?]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2011-2-5 1684736]
S3 McComponentHostService;McAfee Security Scan Component Host Service;"c:\program files\mcafee security scan\2.0.181\mcchsvc.exe" --> c:\program files\mcafee security scan\2.0.181\McCHSvc.exe [?]
S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys [2008-8-21 18688]
S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys [2008-8-21 8320]
S3 motport;Motorola USB Diagnostic Port;c:\windows\system32\drivers\motport.sys [2007-6-18 23680]
S3 Update Server;BitDefender Update Server v2;c:\program files\common files\bitdefender\bitdefender arrakis server\bin\arrakis3.exe [2010-11-30 307544]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S4 avc3;avc3;c:\windows\system32\drivers\avc3.sys [2010-11-29 535824]
S4 avckf;avckf;c:\windows\system32\drivers\avckf.sys [2010-11-29 1066232]
.
=============== Created Last 30 ================
.
2011-07-20 18:31:10 274288 ----a-w- c:\windows\system32\mucltui.dll
2011-07-20 18:31:10 16736 ----a-w- c:\windows\system32\mucltui.dll.mui
2011-07-20 14:17:33 -------- d-----w- c:\documents and settings\all users.windows\application data\bdch
2011-07-20 03:27:01 -------- d-----w- c:\documents and settings\mom.donna-b101ed461\application data\BitDefender
2011-07-20 03:26:33 -------- d-----w- c:\program files\BitDefender
2011-07-20 03:05:41 -------- d-----w- c:\program files\common files\BitDefender
2011-07-20 03:05:41 -------- d-----w- c:\documents and settings\all users.windows\application data\BitDefender
2011-07-20 03:05:28 306320 ----a-w- c:\windows\system32\drivers\trufos.sys
2011-07-20 03:05:28 12960 ----a-w- c:\windows\system32\drivers\bdrawpr.sys
2011-07-20 03:05:27 986979 ----a-w- c:\documents and settings\all users.windows\application data\bdinstall.bin
2011-07-20 03:05:27 353096 ----a-w- c:\windows\system32\drivers\bdfsfltr.sys
2011-07-20 02:24:14 -------- d-----w- c:\documents and settings\mom.donna-b101ed461\application data\QuickScan
2011-07-20 00:20:48 -------- d--h--w- c:\windows\update.tray-14-0-lnk
2011-07-20 00:20:48 -------- d--h--w- c:\windows\update.tray-14-0
2011-07-20 00:17:28 -------- d-----w- c:\program files\Microsoft Security Client
2011-07-19 23:07:28 -------- d-----w- c:\windows\ufa
2011-07-19 23:07:27 -------- d--h--w- c:\windows\update.1
2011-07-19 23:07:27 -------- d-----w- c:\windows\av_ico
2011-07-19 23:07:27 -------- d-----w- C:\Microsoft
2011-07-19 22:42:02 -------- d-----w- c:\documents and settings\all users.windows\application data\SEAGATE
2011-07-17 21:53:16 246272 ----a-w- c:\windows\unrar.exe
2011-07-17 21:36:04 -------- d--h--w- c:\windows\update.2
2011-07-17 21:28:43 -------- d--h--w- c:\windows\update.5.0
2011-07-17 21:26:14 -------- d--h--w- c:\windows\update.tray-9-0-lnk
2011-07-17 21:26:14 -------- d--h--w- c:\windows\update.tray-9-0
2011-07-17 21:26:14 -------- d--h--w- c:\windows\update.tray-7-0-lnk
2011-07-17 21:26:14 -------- d--h--w- c:\windows\update.tray-7-0
2011-07-13 08:26:31 -------- d-sh--w- C:\found.000
.
==================== Find3M ====================
.
2011-07-20 04:04:46 153440 ----a-w- c:\windows\system32\drivers\bdfm.sys
2011-07-16 20:08:11 5018 ----a-w- c:\windows\system32\KGyGaAvL.sys
2011-06-30 00:55:23 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-06-02 14:02:05 1858944 ------w- c:\windows\system32\win32k.sys
2010-07-08 15:37:14 101544 ----a-w- c:\program files\common files\LinkInstaller.exe
.
============= FINISH: 14:50:53.95 ===============

Attached File(s)


#2 User is offline   CatByte 

  • Bleepin' curls!
  • PipPipPipPipPipPip
  • Find Topics
  • Group: Malware Response Team
  • Posts: 7,857
  • Joined: 09-November 08
  • Gender:Not Telling
  • Location:Canada

Posted 12 August 2011 - 05:52 PM

Hi,

Please do the following:


Please download aswMBR ( 511KB ) to your desktop.
  • Double click the aswMBR.exe icon to run it
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

The help you receive here is free. If you wish to show your appreciation, then you may Posted Image
Microsoft MVP - 2010, 2011

#3 User is offline   donnad2006 

  • New Member
  • Pip
  • Find Topics
  • Group: Members
  • Posts: 8
  • Joined: 18-August 07
  • Gender:Female

Posted 12 August 2011 - 09:02 PM

Hi. Thank you for your help. I have done as you have asked and included the attachment.

Attached File(s)


#4 User is offline   CatByte 

  • Bleepin' curls!
  • PipPipPipPipPipPip
  • Find Topics
  • Group: Malware Response Team
  • Posts: 7,857
  • Joined: 09-November 08
  • Gender:Not Telling
  • Location:Canada

Posted 12 August 2011 - 09:08 PM

Hi,

Please do the following:

Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
  • Double click on ComboFix.exe & follow the prompts.

As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image

  • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:


Posted Image

  • Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.
The help you receive here is free. If you wish to show your appreciation, then you may Posted Image
Microsoft MVP - 2010, 2011

#5 User is offline   donnad2006 

  • New Member
  • Pip
  • Find Topics
  • Group: Members
  • Posts: 8
  • Joined: 18-August 07
  • Gender:Female

Posted 13 August 2011 - 09:35 PM

I followed your instructions on running the scan, which took over 12 hours, not sure when it was finished, as I wasn't home. Got home and it was running the log.txt. I've included this program, as I don't think the combo fix program worked. It popped up again on its own and wants to start again. My computer also, keeps shutting down my foxfire program, randomly.Attached File  log.txt (20.58K)
Number of downloads: 1

#6 User is offline   CatByte 

  • Bleepin' curls!
  • PipPipPipPipPipPip
  • Find Topics
  • Group: Malware Response Team
  • Posts: 7,857
  • Joined: 09-November 08
  • Gender:Not Telling
  • Location:Canada

Posted 14 August 2011 - 08:00 AM

Hi

You have three AV programs installed, having more than one AV can cause conflicts, system slowdowns and crashes, causing less protection, not more, so you need to uninstall two of them.

If you have a paid for up to date subscription to BitDefender, then keep it, and uninstall the other two.

Please do the following:

  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below.
  • They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".

Copy/paste the text inside the Codebox below into notepad:

Here's how to do that:
Click Start > Run type Notepad click OK.
This will open an empty notepad file:

Copy all the text inside of the code box - Press Ctrl+C (or right click on the highlighted section and choose 'copy')

File::
c:\windows\system32\SET9ED.tmp
c:\windows\system32\SET7EE.tmp
c:\windows\system32\SET7E6.tmp
c:\windows\system32\SET7F4.tmp
c:\windows\system32\SET7EC.tmp
c:\windows\system32\SET7ED.tmp
c:\windows\system32\SET7F3.tmp
c:\windows\system32\SET7E8.tmp
c:\windows\system32\SET7F2.tmp
c:\windows\system32\SET9EA.tmp
c:\windows\system32\SET7A7.tmp
c:\windows\system32\SET7A1.tmp
c:\windows\system32\SET7A9.tmp
c:\windows\system32\SET7A8.tmp
c:\windows\system32\SET7AD.tmp
c:\windows\system32\SET7A2.tmp
c:\windows\system32\SET7A3.tmp
c:\windows\system32\SET7AF.tmp

DDS::
uInternet Settings,ProxyServer = http=127.0.0.1:58505


Now paste the copied text into the open notepad - press CTRL+V (or right click and choose 'paste')

Save this file to your desktop, Save this as "CFScript"

Here's how to do that:

1.Click File;
2.Click Save As... Change the directory to your desktop;
3.Change the Save as type to "All Files";
4.Type in the file name: CFScript
5.Click Save ...

Posted Image
  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you.
  • Copy and paste the contents of the log in your next reply.


CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.


NEXT


Please download Malwarebytes' Anti-Malware
  • Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected. <-- very important
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.


Extra Note:If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.



NEXT


Go here to run an online scanner from ESET.
  • Note: You will need to use Internet explorer for this scan
  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activeX control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • When the scan completes, press the LIST OF THREATS FOUND button
  • Press EXPORT TO TEXT FILE , name the file ESETSCAN and save it to your desktop
  • Include the contents of this report in your next reply.
  • Press the BACK button.
  • Press Finish

The help you receive here is free. If you wish to show your appreciation, then you may Posted Image
Microsoft MVP - 2010, 2011

#7 User is offline   donnad2006 

  • New Member
  • Pip
  • Find Topics
  • Group: Members
  • Posts: 8
  • Joined: 18-August 07
  • Gender:Female

Posted 14 August 2011 - 08:16 PM

I tried to disable any of the anti virus programs, but Avast and McAfee and Microsoft Security Essential, all said unable to find short cut and I was able to open any of these. I ran the programs that you sent me in your last post reply. I received an Upload Failed window; Web server seems to be temporarily inaccessible. For your convenience, Combo Fix created a submission form located at *C:\CR-Submit.htm .Please use that to manually upload it later. OK. Not sure what I am suppose to do with that.
How do I know when the viruses are gone? When do I turn my BitDefender back on and is BitDefender as good as any of the similar programs for anti virus detection or is there a better one?

Attached File(s)


#8 User is offline   CatByte 

  • Bleepin' curls!
  • PipPipPipPipPipPip
  • Find Topics
  • Group: Malware Response Team
  • Posts: 7,857
  • Joined: 09-November 08
  • Gender:Not Telling
  • Location:Canada

Posted 14 August 2011 - 08:51 PM

Hi

BitDefender has a good reputation, no one Antivirus is perfect, malware changes too often and no one antivirus can find everything. I find using one antivirus, an anti spyware program like malwarebytes, being behind a secured router and the Web of Trust(I'll link to that at the end) is sufficient. I can try scripting the two other AV's out with Combofix.

Please do the following

  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below.
  • They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".

Copy/paste the text inside the Codebox below into notepad:

Here's how to do that:
Click Start > Run type Notepad click OK.
This will open an empty notepad file:

Copy all the text inside of the code box - Press Ctrl+C (or right click on the highlighted section and choose 'copy')

File::
C:\Documents and Settings\Ryan\Local Settings\Temporary Internet Files\Content.IE5\09EFS567\.footer_01[1].htm	
C:\Documents and Settings\Ryan\Local Settings\Temporary Internet Files\Content.IE5\GXOVG3GZ\.footer_01[1].htm	
C:\Program Files\Common Files\BitDefender\SetupInformation\{B6CA7A3C-35FD-401F-9335-FFFD2BCD5FF3}\bdeleven.msi	
C:\WINDOWS\system32\F0D2D00c__.tmp	
E:\Documents and Settings\Ryan\Local Settings\Temporary Internet Files\Content.IE5\09EFS567\.footer_01[1].htm	
E:\Documents and Settings\Ryan\Local Settings\Temporary Internet Files\Content.IE5\GXOVG3GZ\.footer_01[1].htm	
E:\WINDOWS\system32\093BA00c__.ini	
E:\WINDOWS\system32\18B3C00c__.ini	
E:\WINDOWS\system32\29CEC00c__.ini	
E:\WINDOWS\system32\353EA00c__.ini	
E:\WINDOWS\system32\4CABF00c__.ini	
E:\WINDOWS\system32\6230E00c__.ini	
E:\WINDOWS\system32\6B22E00c__.ini	
E:\WINDOWS\system32\6CD4300c__.ini	
E:\WINDOWS\system32\E842B00c__.ini	
E:\WINDOWS\system32\F0D2D00c__.ini	
E:\WINDOWS\system32\F0D2D00c__.tmp	
E:\WINDOWS\system32\F139100c__.ini


Now paste the copied text into the open notepad - press CTRL+V (or right click and choose 'paste')

Save this file to your desktop, Save this as "CFScript"

Here's how to do that:

1.Click File;
2.Click Save As... Change the directory to your desktop;
3.Change the Save as type to "All Files";
4.Type in the file name: CFScript
5.Click Save ...

Posted Image
  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you.
  • Copy and paste the contents of the log in your next reply.


CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.



NEXT


Visit ADOBE and download the latest version of Acrobat Reader (version X)
Having the latest updates ensures there are no security vulnerabilities in your system.



NEXT


Please run a fresh DDS Log and advise how the computer is running now and if there are any outstanding issues.
The help you receive here is free. If you wish to show your appreciation, then you may Posted Image
Microsoft MVP - 2010, 2011

#9 User is offline   donnad2006 

  • New Member
  • Pip
  • Find Topics
  • Group: Members
  • Posts: 8
  • Joined: 18-August 07
  • Gender:Female

Posted 15 August 2011 - 09:50 PM

Hi
Here is the last log that you requested. You all asked me to run another fresh DDS Log, oooops, I have done so many different things, that I have forgotten how to run another DDS log. Please refresh my memory. It's just not working so well tonight. Thanks




ComboFix 11-08-15.08 - Mom 08/15/2011 20:57:37.3.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1918.1296 [GMT -5:00]
Running from: c:\documents and settings\Mom.DONNA-B101ED461\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Mom.DONNA-B101ED461\Desktop\CFScript.txt
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: BitDefender Antivirus *Disabled/Updated* {6C4BB89C-B0ED-4F41-A29C-4373888923BB}
AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
FW: BitDefender Firewall *Disabled* {4055920F-2E99-48A8-A270-4243D2B8F242}
.
FILE ::
"c:\documents and settings\Ryan\Local Settings\Temporary Internet Files\Content.IE5\09EFS567\.footer_01[1].htm"
"c:\documents and settings\Ryan\Local Settings\Temporary Internet Files\Content.IE5\GXOVG3GZ\.footer_01[1].htm"
"c:\program files\Common Files\BitDefender\SetupInformation\{B6CA7A3C-35FD-401F-9335-FFFD2BCD5FF3}\bdeleven.msi"
"c:\windows\system32\F0D2D00c__.tmp"
"e:\documents and settings\Ryan\Local Settings\Temporary Internet Files\Content.IE5\09EFS567\.footer_01[1].htm"
"e:\documents and settings\Ryan\Local Settings\Temporary Internet Files\Content.IE5\GXOVG3GZ\.footer_01[1].htm"
"e:\windows\system32\093BA00c__.ini"
"e:\windows\system32\18B3C00c__.ini"
"e:\windows\system32\29CEC00c__.ini"
"e:\windows\system32\353EA00c__.ini"
"e:\windows\system32\4CABF00c__.ini"
"e:\windows\system32\6230E00c__.ini"
"e:\windows\system32\6B22E00c__.ini"
"e:\windows\system32\6CD4300c__.ini"
"e:\windows\system32\E842B00c__.ini"
"e:\windows\system32\F0D2D00c__.ini"
"e:\windows\system32\F0D2D00c__.tmp"
"e:\windows\system32\F139100c__.ini"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Ryan\Local Settings\Temporary Internet Files\Content.IE5\09EFS567\.footer_01[1].htm
c:\documents and settings\Ryan\Local Settings\Temporary Internet Files\Content.IE5\GXOVG3GZ\.footer_01[1].htm
c:\program files\Common Files\BitDefender\SetupInformation\{B6CA7A3C-35FD-401F-9335-FFFD2BCD5FF3}\bdeleven.msi
c:\windows\system32\F0D2D00c__.tmp
e:\documents and settings\Ryan\Local Settings\Temporary Internet Files\Content.IE5\09EFS567\.footer_01[1].htm
e:\documents and settings\Ryan\Local Settings\Temporary Internet Files\Content.IE5\GXOVG3GZ\.footer_01[1].htm
e:\windows\system32\093BA00c__.ini
e:\windows\system32\18B3C00c__.ini
e:\windows\system32\29CEC00c__.ini
e:\windows\system32\353EA00c__.ini
e:\windows\system32\4CABF00c__.ini
e:\windows\system32\6230E00c__.ini
e:\windows\system32\6B22E00c__.ini
e:\windows\system32\6CD4300c__.ini
e:\windows\system32\E842B00c__.ini
e:\windows\system32\F0D2D00c__.ini
e:\windows\system32\F0D2D00c__.tmp
e:\windows\system32\F139100c__.ini
.
Infected copy of c:\windows\system32\userinit.exe was found and disinfected
Restored copy from - c:\windows\ERDNT\cache\userinit.exe
.
.
((((((((((((((((((((((((( Files Created from 2011-07-16 to 2011-08-16 )))))))))))))))))))))))))))))))
.
.
2011-08-14 16:56 . 2011-08-14 16:56 -------- d-----w- c:\program files\ESET
2011-08-14 16:30 . 2011-08-14 16:30 -------- d-----w- c:\documents and settings\Mom.DONNA-B101ED461\Application Data\Malwarebytes
2011-08-14 16:30 . 2011-07-07 00:52 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-08-14 16:30 . 2011-08-14 16:30 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Malwarebytes
2011-08-14 16:30 . 2011-08-14 16:30 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-08-14 16:30 . 2011-07-07 00:52 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-08-14 15:31 . 2011-07-04 11:36 309848 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-08-14 15:31 . 2011-07-04 11:32 19544 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-08-14 15:31 . 2011-07-04 11:32 25432 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-08-14 15:31 . 2011-07-04 11:36 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-08-14 15:31 . 2011-07-04 11:35 43608 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-08-14 15:31 . 2011-07-04 11:35 102616 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2011-08-14 15:31 . 2011-07-04 11:35 96344 ----a-w- c:\windows\system32\drivers\aswmon.sys
2011-08-14 15:31 . 2011-07-04 11:32 30808 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2011-08-14 15:31 . 2011-07-04 11:43 40112 ----a-w- c:\windows\avastSS.scr
2011-08-14 15:31 . 2011-07-04 11:43 199304 ----a-w- c:\windows\system32\aswBoot.exe
2011-08-14 15:31 . 2011-08-14 15:31 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\AVAST Software
2011-08-14 14:48 . 2011-08-14 15:31 -------- d-----w- c:\program files\AVAST Software
2011-08-14 14:48 . 2011-08-14 14:48 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Alwil Software
2011-08-12 00:55 . 2011-08-12 00:55 -------- d-----w- c:\documents and settings\Mom.DONNA-B101ED461\Local Settings\Application Data\PCHealth
2011-08-10 22:08 . 2011-07-08 14:02 10496 -c----w- c:\windows\system32\dllcache\ndistapi.sys
2011-08-10 22:08 . 2011-06-24 14:10 139656 -c----w- c:\windows\system32\dllcache\rdpwd.sys
2011-08-08 04:03 . 2011-08-08 04:03 0 ----a-w- c:\windows\system32\bda142E.tmp
2011-08-01 14:51 . 2011-08-01 14:51 -------- d-----w- c:\documents and settings\NetworkService.NT AUTHORITY\Local Settings\Application Data\bdch
2011-07-20 18:31 . 2009-08-07 00:23 274288 ----a-w- c:\windows\system32\mucltui.dll
2011-07-20 14:17 . 2011-07-20 14:17 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\bdch
2011-07-20 03:35 . 2011-07-20 03:35 -------- d-----w- c:\documents and settings\NetworkService.NT AUTHORITY\Application Data\QuickScan
2011-07-20 03:27 . 2011-07-20 03:27 -------- d-----w- c:\documents and settings\Mom.DONNA-B101ED461\Application Data\BitDefender
2011-07-20 03:26 . 2011-07-20 03:26 -------- d-----w- c:\program files\BitDefender
2011-07-20 03:05 . 2011-07-20 03:29 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\BitDefender
2011-07-20 03:05 . 2011-07-20 03:26 -------- d-----w- c:\program files\Common Files\BitDefender
2011-07-20 03:05 . 2011-07-20 04:09 306320 ----a-w- c:\windows\system32\drivers\trufos.sys
2011-07-20 03:05 . 2010-05-13 22:02 12960 ----a-w- c:\windows\system32\drivers\bdrawpr.sys
2011-07-20 03:05 . 2011-07-20 03:29 986979 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\bdinstall.bin
2011-07-20 03:05 . 2011-03-24 20:36 353096 ----a-w- c:\windows\system32\drivers\bdfsfltr.sys
2011-07-20 02:24 . 2011-07-20 02:43 -------- d-----w- c:\documents and settings\Mom.DONNA-B101ED461\Application Data\QuickScan
2011-07-20 00:20 . 2011-07-20 05:05 -------- d--h--w- c:\windows\update.tray-14-0-lnk
2011-07-20 00:20 . 2011-07-20 03:38 -------- d--h--w- c:\windows\update.tray-14-0
2011-07-20 00:17 . 2011-07-20 00:17 -------- d-sh--w- c:\documents and settings\NetworkService.NT AUTHORITY\IETldCache
2011-07-20 00:17 . 2011-07-20 00:24 -------- d-----w- c:\program files\Microsoft Security Client
2011-07-19 23:07 . 2011-07-19 23:07 -------- d-----w- c:\windows\ufa
2011-07-19 23:07 . 2011-07-20 00:22 -------- d-----w- c:\windows\av_ico
2011-07-19 22:42 . 2011-07-19 22:42 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\SEAGATE
2011-07-17 22:51 . 2011-07-17 22:51 -------- d-sh--w- c:\documents and settings\TJ.DONNA-B101ED461\PrivacIE
2011-07-17 21:53 . 2011-07-17 21:53 246272 ----a-w- c:\windows\unrar.exe
2011-07-17 21:26 . 2011-07-20 05:05 -------- d--h--w- c:\windows\update.tray-9-0-lnk
2011-07-17 21:26 . 2011-07-20 05:05 -------- d--h--w- c:\windows\update.tray-7-0-lnk
2011-07-17 21:26 . 2011-07-20 03:38 -------- d--h--w- c:\windows\update.tray-7-0
2011-07-17 21:26 . 2011-07-20 03:38 -------- d--h--w- c:\windows\update.tray-9-0
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-07-20 04:04 . 2010-04-22 18:19 153440 ----a-w- c:\windows\system32\drivers\bdfm.sys
2011-07-15 13:29 . 2004-08-04 10:00 456320 ------w- c:\windows\system32\drivers\mrxsmb.sys
2011-07-08 14:02 . 2004-08-04 10:00 10496 ------w- c:\windows\system32\drivers\ndistapi.sys
2011-06-30 00:55 . 2011-06-02 00:25 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-06-24 14:10 . 2011-02-05 04:54 139656 ------w- c:\windows\system32\drivers\rdpwd.sys
2011-06-23 18:36 . 2006-03-04 03:33 916480 ----a-w- c:\windows\system32\wininet.dll
2011-06-23 18:36 . 2004-08-04 10:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-06-23 18:36 . 2004-08-04 10:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-06-23 12:05 . 2004-08-04 10:00 385024 ----a-w- c:\windows\system32\html.iec
2011-06-20 17:44 . 2004-08-04 10:00 293376 ----a-w- c:\windows\system32\winsrv.dll
2011-06-02 14:02 . 2004-08-04 10:00 1858944 ------w- c:\windows\system32\win32k.sys
2010-07-08 15:37 . 2010-07-08 15:37 101544 ----a-w- c:\program files\Common Files\LinkInstaller.exe
2011-06-26 23:29 . 2011-05-22 00:32 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2011-08-14_02.02.38 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-07-12 06:02 . 2009-07-12 06:02 51008 c:\windows\WinSxS\x86_Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_f0ccd4aa\vcomp90.dll
+ 2009-07-12 05:02 . 2009-07-12 05:02 51008 c:\windows\WinSxS\x86_Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_f0ccd4aa\vcomp90.dll
- 2009-07-12 06:02 . 2009-07-12 06:02 59728 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90rus.dll
+ 2009-07-12 05:02 . 2009-07-12 05:02 59728 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90rus.dll
- 2009-07-12 06:02 . 2009-07-12 06:02 42832 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90kor.dll
+ 2009-07-12 05:02 . 2009-07-12 05:02 42832 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90kor.dll
- 2009-07-12 06:02 . 2009-07-12 06:02 43344 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90jpn.dll
+ 2009-07-12 05:02 . 2009-07-12 05:02 43344 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90jpn.dll
+ 2009-07-12 05:02 . 2009-07-12 05:02 61264 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90ita.dll
- 2009-07-12 06:02 . 2009-07-12 06:02 61264 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90ita.dll
+ 2009-07-12 05:02 . 2009-07-12 05:02 62800 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90fra.dll
- 2009-07-12 06:02 . 2009-07-12 06:02 62800 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90fra.dll
- 2009-07-12 06:02 . 2009-07-12 06:02 61760 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90esp.dll
+ 2009-07-12 05:02 . 2009-07-12 05:02 61760 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90esp.dll
- 2009-07-12 06:02 . 2009-07-12 06:02 61776 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90esn.dll
+ 2009-07-12 05:02 . 2009-07-12 05:02 61776 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90esn.dll
+ 2009-07-12 05:02 . 2009-07-12 05:02 53568 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90enu.dll
- 2009-07-12 06:02 . 2009-07-12 06:02 53568 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90enu.dll
- 2009-07-12 06:02 . 2009-07-12 06:02 63296 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90deu.dll
+ 2009-07-12 05:02 . 2009-07-12 05:02 63296 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90deu.dll
- 2009-07-12 06:02 . 2009-07-12 06:02 36688 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90cht.dll
+ 2009-07-12 05:02 . 2009-07-12 05:02 36688 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90cht.dll
- 2009-07-12 06:02 . 2009-07-12 06:02 35648 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90chs.dll
+ 2009-07-12 05:02 . 2009-07-12 05:02 35648 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90chs.dll
+ 2009-07-12 05:05 . 2009-07-12 05:05 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfcm90u.dll
- 2009-07-12 06:05 . 2009-07-12 06:05 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfcm90u.dll
+ 2009-07-12 05:05 . 2009-07-12 05:05 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfcm90.dll
- 2009-07-12 06:05 . 2009-07-12 06:05 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfcm90.dll
- 2009-07-12 06:02 . 2009-07-12 06:02 653120 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcr90.dll
+ 2009-07-12 05:02 . 2009-07-12 05:02 653120 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcr90.dll
- 2009-07-12 06:02 . 2009-07-12 06:02 569664 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcp90.dll
+ 2009-07-12 05:02 . 2009-07-12 05:02 569664 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcp90.dll
- 2009-07-12 06:05 . 2009-07-12 06:05 225280 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcm90.dll
+ 2009-07-12 05:05 . 2009-07-12 05:05 225280 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcm90.dll
- 2009-07-12 06:02 . 2009-07-12 06:02 159032 c:\windows\WinSxS\x86_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_353599c2\atl90.dll
+ 2009-07-12 05:02 . 2009-07-12 05:02 159032 c:\windows\WinSxS\x86_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_353599c2\atl90.dll
+ 2011-08-14 14:48 . 2011-08-14 14:48 262144 c:\windows\system32\config\systemprofile\NtUser.dat
+ 2009-07-12 05:02 . 2009-07-12 05:02 3780424 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfc90u.dll
- 2009-07-12 06:02 . 2009-07-12 06:02 3780424 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfc90u.dll
- 2009-07-12 06:02 . 2009-07-12 06:02 3765048 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfc90.dll
+ 2009-07-12 05:02 . 2009-07-12 05:02 3765048 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfc90.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 132496]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2004-10-15 1404928]
"RTHDCPL"="RTHDCPL.EXE" [2009-10-16 18782720]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2010-11-04 1753192]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2011-01-08 111208]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2011-01-08 13880424]
"mmtask"="c:\program files\Musicmatch\Musicmatch Jukebox\mmtask.exe" [2006-01-17 53248]
"IntelMeM"="c:\program files\Intel\Modem Event Monitor\IntelMEM.exe" [2003-09-04 221184]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-09-20 94208]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-09-20 114688]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-09-20 77824]
"hplampc"="c:\windows\system32\hplampc.exe" [2002-01-17 40448]
"HPHUPD08"="c:\program files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe" [2005-06-01 49152]
"HP Update 4200C"="c:\downlo~1\PROGRA~1\SCANJE~1\hpupdate.exe" [2002-02-14 32768]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-02-23 53248]
"DMXLauncher"="c:\program files\Dell\Media Experience\DMXLauncher.exe" [2005-01-27 86016]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2005-05-31 122941]
"Corel File Shell Monitor"="c:\program files\Corel\Corel Photo Album 7\CorelIOMonitor.exe" [2008-08-22 37888]
"BitDefender Antiphishing Helper"="c:\program files\BitDefender\BitDefender 2011\ieshow.exe" [2011-07-20 92352]
"BDAgent"="c:\program files\BitDefender\BitDefender 2011\bdagent.exe" [2011-07-20 1451928]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-07-07 449584]
"Corel Photo Downloader"="c:\program files\Corel\Corel Photo Album 7\Corel Photo Downloader.exe" [2008-08-22 481608]
.
c:\documents and settings\Mom.DONNA-B101ED461\Start Menu\Programs\Startup\
TDS Internet Call Manager.LNK - e:\program files\TDS Internet Call Manager\ICM.EXE [2005-8-19 1773568]
ZooskMessenger.lnk - c:\program files\ZooskMessenger\ZooskMessenger.exe [N/A]
.
c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]
Event Reminder.lnk - c:\program files\PrintMaster 16\pmremind.exe [2004-1-20 339968]
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [N/A]
Photo Card Event Planner Reminder.lnk - c:\windows\Installer\{C885990F-A824-41A1-82FB-61E3859B4CE2}\Shortcut_Event_Pla_C885990FA82441A182FB61E3859B4CE2.exe [2009-12-22 1718]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableSecureUIAPaths"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"DisableThumbnailCache"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\NVIDIA Corporation\\NetworkAccessManager\\Apache Group\\Apache2\\bin\\Apache.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [8/14/2011 10:31 AM 441176]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [8/14/2011 10:31 AM 309848]
R1 BdRawPr;BdRawPr;c:\windows\system32\drivers\bdrawpr.sys [7/19/2011 10:05 PM 12960]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [8/14/2011 11:30 AM 366640]
R2 Updatesrv;BitDefender Desktop Update Service;c:\program files\BitDefender\BitDefender 2011\updatesrv.exe [3/24/2011 7:46 PM 43936]
R3 bdfm;BDFM;c:\windows\system32\drivers\bdfm.sys [4/22/2010 1:19 PM 153440]
R3 Bdfndisf;BitDefender Firewall NDIS Filter Service;c:\program files\Common Files\BitDefender\BitDefender Firewall\bdfndisf.sys [8/20/2010 3:41 PM 111696]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [8/14/2011 11:30 AM 22712]
S2 aswFsBlk;aswFsBlk;aswFsBlk.sys --> aswFsBlk.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 1:16 PM 130384]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2/5/2011 10:49 PM 1684736]
S3 CFcatchme;CFcatchme;\??\c:\docume~1\MOM~1.DON\LOCALS~1\Temp\CFcatchme.sys --> c:\docume~1\MOM~1.DON\LOCALS~1\Temp\CFcatchme.sys [?]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [8/14/2011 11:30 AM 41272]
S3 McComponentHostService;McAfee Security Scan Component Host Service;"c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe" --> c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [?]
S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys [8/21/2008 11:49 PM 18688]
S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys [8/21/2008 11:49 PM 8320]
S3 motport;Motorola USB Diagnostic Port;c:\windows\system32\drivers\motport.sys [6/18/2007 8:18 PM 23680]
S3 Update Server;BitDefender Update Server v2;c:\program files\Common Files\BitDefender\BitDefender Arrakis Server\bin\arrakis3.exe [11/30/2010 7:19 AM 307544]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 1:16 PM 753504]
S4 avc3;avc3;c:\windows\system32\drivers\avc3.sys [11/29/2010 2:12 PM 535824]
S4 avckf;avckf;c:\windows\system32\drivers\avckf.sys [11/29/2010 2:12 PM 1066232]
.
Contents of the 'Scheduled Tasks' folder
.
2011-08-10 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]
.
2011-08-14 c:\windows\Tasks\dfrg.job
- c:\windows\system32\dfrg.msc [2004-08-04 10:00]
.
2011-07-17 c:\windows\Tasks\Disk Cleanup.job
- c:\windows\system32\cleanmgr.exe [2004-08-04 10:42]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
mStart Page = about:blank
Trusted Zone: facebook.com
TCP: DhcpNameServer = 192.168.0.1 216.165.129.157
FF - ProfilePath - c:\documents and settings\Mom.DONNA-B101ED461\Application Data\Mozilla\Firefox\Profiles\x5r4a0l5.default\
FF - prefs.js: browser.startup.homepage - hxxp://portal.tds.net/
FF - prefs.js: network.proxy.type - 0
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-08-15 21:14
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1048)
c:\windows\system32\adsldpc.dll
.
- - - - - - - > 'explorer.exe'(2976)
c:\windows\system32\WININET.dll
c:\program files\BitDefender\BitDefender 2011\pchook32.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvsvc32.exe
c:\program files\BitDefender\BitDefender 2011\vsserv.exe
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
c:\program files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
c:\windows\system32\PSIService.exe
c:\program files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
c:\program files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
c:\windows\system32\wscntfy.exe
c:\windows\RTHDCPL.EXE
c:\windows\system32\RUNDLL32.EXE
c:\program files\BitDefender\BitDefender 2011\pchooklaunch32.exe
.
**************************************************************************
.
Completion time: 2011-08-15 21:17:37 - machine was rebooted
ComboFix-quarantined-files.txt 2011-08-16 02:17
ComboFix2.txt 2011-08-14 16:14
ComboFix3.txt 2011-08-14 02:06
.
Pre-Run: 383,635,415,040 bytes free
Post-Run: 383,533,486,080 bytes free
.
- - End Of File - - 86616DFBAB3FF8B76C5E526841322147

#10 User is offline   CatByte 

  • Bleepin' curls!
  • PipPipPipPipPipPip
  • Find Topics
  • Group: Malware Response Team
  • Posts: 7,857
  • Joined: 09-November 08
  • Gender:Not Telling
  • Location:Canada

Posted 15 August 2011 - 10:03 PM

DDS was the first diagnostic tool you ran, I'll give you the full instructions again:


Please download DDS from either of these links

LINK 1
LINK 2

and save it to your desktop.
  • Disable any script blocking protection
  • Double click dds to run the tool.
  • When done, two DDS.txt's will open.
  • Save both reports to your desktop.
---------------------------------------------------
Please include the contents of the following in your next reply:

DDS.txt
Attach.txt.

Please let me know how your machine is running now and if there are any outstanding issues
The help you receive here is free. If you wish to show your appreciation, then you may Posted Image
Microsoft MVP - 2010, 2011

#11 User is offline   donnad2006 

  • New Member
  • Pip
  • Find Topics
  • Group: Members
  • Posts: 8
  • Joined: 18-August 07
  • Gender:Female

Posted 15 August 2011 - 10:42 PM

Thank you. I've attached both of the attachments you have asked for. As far as how my computer is running, oh I think it is so much better than it was. I was about ready to take it out and bury it:) The only thing that might have happened that was strange was, when I was down loading Adobe a small window came on about my Print Master 16 program: the Install script engine on this machine is older than the version required to run this set up. If available please install the latest version of ISScript.msi, or contact your support personnel for further assistance. OK. Maybe it's not strange but the truth??? I'm so afraid of doing anything any more.
Can I now turn Bit Defender back on and as far as Microsoft Security Essential and McAfee, how do I get rid of them as neither of them work and I can't uninstall them? Do I need Microsoft Security Essential?
You sure have been great!

Attached File(s)

  • Attached File  dds.txt (13.69K)
    Number of downloads: 2
  • Attached File  attach.txt (15.81K)
    Number of downloads: 0

#12 User is offline   CatByte 

  • Bleepin' curls!
  • PipPipPipPipPipPip
  • Find Topics
  • Group: Malware Response Team
  • Posts: 7,857
  • Joined: 09-November 08
  • Gender:Not Telling
  • Location:Canada

Posted 16 August 2011 - 04:15 AM

Hi,

I can use a script to remove the remaining AV files for you, turn BitDefender back on once this script is done, post the log, then we can do our final tool clean up from there,

  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below.
  • They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".

Copy/paste the text inside the Codebox below into notepad:

Here's how to do that:
Click Start > Run type Notepad click OK.
This will open an empty notepad file:

Copy all the text inside of the code box - Press Ctrl+C (or right click on the highlighted section and choose 'copy')

SecCenter::
AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}


Now paste the copied text into the open notepad - press CTRL+V (or right click and choose 'paste')

Save this file to your desktop, Save this as "CFScript"

Here's how to do that:

1.Click File;
2.Click Save As... Change the directory to your desktop;
3.Change the Save as type to "All Files";
4.Type in the file name: CFScript
5.Click Save ...

Posted Image
  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you.
  • Copy and paste the contents of the log in your next reply.


CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.
The help you receive here is free. If you wish to show your appreciation, then you may Posted Image
Microsoft MVP - 2010, 2011

#13 User is offline   donnad2006 

  • New Member
  • Pip
  • Find Topics
  • Group: Members
  • Posts: 8
  • Joined: 18-August 07
  • Gender:Female

Posted 16 August 2011 - 06:30 PM

ComboFix 11-08-16.05 - Mom 08/16/2011 17:13:48.4.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1918.1156 [GMT -5:00]
Running from: c:\documents and settings\Mom.DONNA-B101ED461\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Mom.DONNA-B101ED461\Desktop\CFScript.txt
AV: BitDefender Antivirus *Disabled/Updated* {6C4BB89C-B0ED-4F41-A29C-4373888923BB}
FW: BitDefender Firewall *Enabled* {4055920F-2E99-48A8-A270-4243D2B8F242}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\services32.exe
.
.
((((((((((((((((((((((((( Files Created from 2011-07-16 to 2011-08-16 )))))))))))))))))))))))))))))))
.
.
2011-08-16 02:33 . 2011-08-16 02:33 -------- d-----w- c:\documents and settings\Mom.DONNA-B101ED461\Local Settings\Application Data\Temp
2011-08-14 16:56 . 2011-08-14 16:56 -------- d-----w- c:\program files\ESET
2011-08-14 16:30 . 2011-08-14 16:30 -------- d-----w- c:\documents and settings\Mom.DONNA-B101ED461\Application Data\Malwarebytes
2011-08-14 16:30 . 2011-07-07 00:52 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-08-14 16:30 . 2011-08-14 16:30 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Malwarebytes
2011-08-14 16:30 . 2011-08-14 16:30 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-08-14 16:30 . 2011-07-07 00:52 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-08-14 15:31 . 2011-07-04 11:36 309848 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-08-14 15:31 . 2011-07-04 11:32 19544 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-08-14 15:31 . 2011-07-04 11:32 25432 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-08-14 15:31 . 2011-07-04 11:36 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-08-14 15:31 . 2011-07-04 11:35 43608 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-08-14 15:31 . 2011-07-04 11:35 102616 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2011-08-14 15:31 . 2011-07-04 11:35 96344 ----a-w- c:\windows\system32\drivers\aswmon.sys
2011-08-14 15:31 . 2011-07-04 11:32 30808 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2011-08-14 15:31 . 2011-07-04 11:43 40112 ----a-w- c:\windows\avastSS.scr
2011-08-14 15:31 . 2011-07-04 11:43 199304 ----a-w- c:\windows\system32\aswBoot.exe
2011-08-14 15:31 . 2011-08-14 15:31 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\AVAST Software
2011-08-14 14:48 . 2011-08-14 15:31 -------- d-----w- c:\program files\AVAST Software
2011-08-14 14:48 . 2011-08-14 14:48 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Alwil Software
2011-08-12 00:55 . 2011-08-12 00:55 -------- d-----w- c:\documents and settings\Mom.DONNA-B101ED461\Local Settings\Application Data\PCHealth
2011-08-10 22:08 . 2011-07-08 14:02 10496 -c----w- c:\windows\system32\dllcache\ndistapi.sys
2011-08-10 22:08 . 2011-06-24 14:10 139656 -c----w- c:\windows\system32\dllcache\rdpwd.sys
2011-08-08 04:03 . 2011-08-08 04:03 0 ----a-w- c:\windows\system32\bda142E.tmp
2011-08-01 14:51 . 2011-08-01 14:51 -------- d-----w- c:\documents and settings\NetworkService.NT AUTHORITY\Local Settings\Application Data\bdch
2011-07-20 18:31 . 2009-08-07 00:23 274288 ----a-w- c:\windows\system32\mucltui.dll
2011-07-20 14:17 . 2011-07-20 14:17 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\bdch
2011-07-20 03:35 . 2011-07-20 03:35 -------- d-----w- c:\documents and settings\NetworkService.NT AUTHORITY\Application Data\QuickScan
2011-07-20 03:27 . 2011-07-20 03:27 -------- d-----w- c:\documents and settings\Mom.DONNA-B101ED461\Application Data\BitDefender
2011-07-20 03:26 . 2011-07-20 03:26 -------- d-----w- c:\program files\BitDefender
2011-07-20 03:05 . 2011-07-20 03:29 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\BitDefender
2011-07-20 03:05 . 2011-07-20 03:26 -------- d-----w- c:\program files\Common Files\BitDefender
2011-07-20 03:05 . 2011-07-20 04:09 306320 ----a-w- c:\windows\system32\drivers\trufos.sys
2011-07-20 03:05 . 2010-05-13 22:02 12960 ----a-w- c:\windows\system32\drivers\bdrawpr.sys
2011-07-20 03:05 . 2011-07-20 03:29 986979 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\bdinstall.bin
2011-07-20 03:05 . 2011-03-24 20:36 353096 ----a-w- c:\windows\system32\drivers\bdfsfltr.sys
2011-07-20 02:24 . 2011-08-16 03:39 -------- d-----w- c:\documents and settings\Mom.DONNA-B101ED461\Application Data\QuickScan
2011-07-20 00:20 . 2011-07-20 05:05 -------- d--h--w- c:\windows\update.tray-14-0-lnk
2011-07-20 00:20 . 2011-07-20 03:38 -------- d--h--w- c:\windows\update.tray-14-0
2011-07-20 00:17 . 2011-07-20 00:17 -------- d-sh--w- c:\documents and settings\NetworkService.NT AUTHORITY\IETldCache
2011-07-20 00:17 . 2011-07-20 00:24 -------- d-----w- c:\program files\Microsoft Security Client
2011-07-19 23:07 . 2011-07-19 23:07 -------- d-----w- c:\windows\ufa
2011-07-19 23:07 . 2011-07-20 00:22 -------- d-----w- c:\windows\av_ico
2011-07-19 22:42 . 2011-07-19 22:42 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\SEAGATE
2011-07-17 22:51 . 2011-07-17 22:51 -------- d-sh--w- c:\documents and settings\TJ.DONNA-B101ED461\PrivacIE
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-07-20 04:04 . 2010-04-22 18:19 153440 ----a-w- c:\windows\system32\drivers\bdfm.sys
2011-07-17 21:53 . 2011-07-17 21:53 246272 ----a-w- c:\windows\unrar.exe
2011-07-15 13:29 . 2004-08-04 10:00 456320 ------w- c:\windows\system32\drivers\mrxsmb.sys
2011-07-08 14:02 . 2004-08-04 10:00 10496 ------w- c:\windows\system32\drivers\ndistapi.sys
2011-06-30 00:55 . 2011-06-02 00:25 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-06-24 14:10 . 2011-02-05 04:54 139656 ------w- c:\windows\system32\drivers\rdpwd.sys
2011-06-23 18:36 . 2006-03-04 03:33 916480 ----a-w- c:\windows\system32\wininet.dll
2011-06-23 18:36 . 2004-08-04 10:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-06-23 18:36 . 2004-08-04 10:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-06-23 12:05 . 2004-08-04 10:00 385024 ----a-w- c:\windows\system32\html.iec
2011-06-20 17:44 . 2004-08-04 10:00 293376 ----a-w- c:\windows\system32\winsrv.dll
2011-06-02 14:02 . 2004-08-04 10:00 1858944 ------w- c:\windows\system32\win32k.sys
2010-07-08 15:37 . 2010-07-08 15:37 101544 ----a-w- c:\program files\Common Files\LinkInstaller.exe
2011-06-26 23:29 . 2011-05-22 00:32 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2011-08-14_02.02.38 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-12 05:02 . 2009-07-12 05:02 51008 c:\windows\WinSxS\x86_Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_f0ccd4aa\vcomp90.dll
- 2009-07-12 06:02 . 2009-07-12 06:02 51008 c:\windows\WinSxS\x86_Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_f0ccd4aa\vcomp90.dll
+ 2009-07-12 05:02 . 2009-07-12 05:02 59728 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90rus.dll
- 2009-07-12 06:02 . 2009-07-12 06:02 59728 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90rus.dll
+ 2009-07-12 05:02 . 2009-07-12 05:02 42832 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90kor.dll
- 2009-07-12 06:02 . 2009-07-12 06:02 42832 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90kor.dll
+ 2009-07-12 05:02 . 2009-07-12 05:02 43344 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90jpn.dll
- 2009-07-12 06:02 . 2009-07-12 06:02 43344 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90jpn.dll
+ 2009-07-12 05:02 . 2009-07-12 05:02 61264 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90ita.dll
- 2009-07-12 06:02 . 2009-07-12 06:02 61264 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90ita.dll
- 2009-07-12 06:02 . 2009-07-12 06:02 62800 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90fra.dll
+ 2009-07-12 05:02 . 2009-07-12 05:02 62800 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90fra.dll
- 2009-07-12 06:02 . 2009-07-12 06:02 61760 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90esp.dll
+ 2009-07-12 05:02 . 2009-07-12 05:02 61760 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90esp.dll
+ 2009-07-12 05:02 . 2009-07-12 05:02 61776 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90esn.dll
- 2009-07-12 06:02 . 2009-07-12 06:02 61776 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90esn.dll
- 2009-07-12 06:02 . 2009-07-12 06:02 53568 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90enu.dll
+ 2009-07-12 05:02 . 2009-07-12 05:02 53568 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90enu.dll
+ 2009-07-12 05:02 . 2009-07-12 05:02 63296 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90deu.dll
- 2009-07-12 06:02 . 2009-07-12 06:02 63296 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90deu.dll
- 2009-07-12 06:02 . 2009-07-12 06:02 36688 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90cht.dll
+ 2009-07-12 05:02 . 2009-07-12 05:02 36688 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90cht.dll
- 2009-07-12 06:02 . 2009-07-12 06:02 35648 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90chs.dll
+ 2009-07-12 05:02 . 2009-07-12 05:02 35648 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90chs.dll
- 2009-07-12 06:05 . 2009-07-12 06:05 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfcm90u.dll
+ 2009-07-12 05:05 . 2009-07-12 05:05 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfcm90u.dll
- 2009-07-12 06:05 . 2009-07-12 06:05 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfcm90.dll
+ 2009-07-12 05:05 . 2009-07-12 05:05 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfcm90.dll
+ 2009-07-12 05:02 . 2009-07-12 05:02 653120 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcr90.dll
- 2009-07-12 06:02 . 2009-07-12 06:02 653120 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcr90.dll
- 2009-07-12 06:02 . 2009-07-12 06:02 569664 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcp90.dll
+ 2009-07-12 05:02 . 2009-07-12 05:02 569664 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcp90.dll
- 2009-07-12 06:05 . 2009-07-12 06:05 225280 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcm90.dll
+ 2009-07-12 05:05 . 2009-07-12 05:05 225280 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcm90.dll
+ 2009-07-12 05:02 . 2009-07-12 05:02 159032 c:\windows\WinSxS\x86_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_353599c2\atl90.dll
- 2009-07-12 06:02 . 2009-07-12 06:02 159032 c:\windows\WinSxS\x86_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_353599c2\atl90.dll
+ 2011-08-14 14:48 . 2011-08-14 14:48 262144 c:\windows\system32\config\systemprofile\NtUser.dat
- 2009-07-12 06:02 . 2009-07-12 06:02 3780424 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfc90u.dll
+ 2009-07-12 05:02 . 2009-07-12 05:02 3780424 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfc90u.dll
- 2009-07-12 06:02 . 2009-07-12 06:02 3765048 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfc90.dll
+ 2009-07-12 05:02 . 2009-07-12 05:02 3765048 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfc90.dll
+ 2011-07-17 21:26 . 2011-07-17 21:15 1170432 c:\windows\update.tray-9-0\svchost.exe
+ 2011-07-17 21:26 . 2011-07-17 21:15 1170432 c:\windows\update.tray-7-0\svchost.exe
+ 2011-08-16 02:26 . 2011-08-16 02:26 2295808 c:\windows\Installer\b38c7.msi
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 132496]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2004-10-15 1404928]
"RTHDCPL"="RTHDCPL.EXE" [2009-10-16 18782720]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2010-11-04 1753192]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2011-01-08 111208]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2011-01-08 13880424]
"mmtask"="c:\program files\Musicmatch\Musicmatch Jukebox\mmtask.exe" [2006-01-17 53248]
"IntelMeM"="c:\program files\Intel\Modem Event Monitor\IntelMEM.exe" [2003-09-04 221184]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-09-20 94208]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-09-20 114688]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-09-20 77824]
"hplampc"="c:\windows\system32\hplampc.exe" [2002-01-17 40448]
"HPHUPD08"="c:\program files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe" [2005-06-01 49152]
"HP Update 4200C"="c:\downlo~1\PROGRA~1\SCANJE~1\hpupdate.exe" [2002-02-14 32768]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-02-23 53248]
"DMXLauncher"="c:\program files\Dell\Media Experience\DMXLauncher.exe" [2005-01-27 86016]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2005-05-31 122941]
"Corel File Shell Monitor"="c:\program files\Corel\Corel Photo Album 7\CorelIOMonitor.exe" [2008-08-22 37888]
"BitDefender Antiphishing Helper"="c:\program files\BitDefender\BitDefender 2011\ieshow.exe" [2011-07-20 92352]
"BDAgent"="c:\program files\BitDefender\BitDefender 2011\bdagent.exe" [2011-07-20 1451928]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-07-07 449584]
"Corel Photo Downloader"="c:\program files\Corel\Corel Photo Album 7\Corel Photo Downloader.exe" [2008-08-22 481608]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
.
c:\documents and settings\Mom.DONNA-B101ED461\Start Menu\Programs\Startup\
TDS Internet Call Manager.LNK - e:\program files\TDS Internet Call Manager\ICM.EXE [2005-8-19 1773568]
ZooskMessenger.lnk - c:\program files\ZooskMessenger\ZooskMessenger.exe [N/A]
.
c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\
Event Reminder.lnk - c:\program files\PrintMaster 16\pmremind.exe [2004-1-20 339968]
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [N/A]
Photo Card Event Planner Reminder.lnk - c:\windows\Installer\{C885990F-A824-41A1-82FB-61E3859B4CE2}\Shortcut_Event_Pla_C885990FA82441A182FB61E3859B4CE2.exe [2009-12-22 1718]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableSecureUIAPaths"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"DisableThumbnailCache"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\NVIDIA Corporation\\NetworkAccessManager\\Apache Group\\Apache2\\bin\\Apache.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [8/14/2011 10:31 AM 441176]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [8/14/2011 10:31 AM 309848]
R1 BdRawPr;BdRawPr;c:\windows\system32\drivers\bdrawpr.sys [7/19/2011 10:05 PM 12960]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [8/14/2011 11:30 AM 366640]
R2 Updatesrv;BitDefender Desktop Update Service;c:\program files\BitDefender\BitDefender 2011\updatesrv.exe [3/24/2011 7:46 PM 43936]
R3 bdfm;BDFM;c:\windows\system32\drivers\bdfm.sys [4/22/2010 1:19 PM 153440]
R3 Bdfndisf;BitDefender Firewall NDIS Filter Service;c:\program files\Common Files\BitDefender\BitDefender Firewall\bdfndisf.sys [8/20/2010 3:41 PM 111696]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [8/14/2011 11:30 AM 22712]
S2 aswFsBlk;aswFsBlk;aswFsBlk.sys --> aswFsBlk.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 1:16 PM 130384]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2/5/2011 10:49 PM 1684736]
S3 CFcatchme;CFcatchme;\??\c:\docume~1\MOM~1.DON\LOCALS~1\Temp\CFcatchme.sys --> c:\docume~1\MOM~1.DON\LOCALS~1\Temp\CFcatchme.sys [?]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [8/14/2011 11:30 AM 41272]
S3 McComponentHostService;McAfee Security Scan Component Host Service;"c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe" --> c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [?]
S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys [8/21/2008 11:49 PM 18688]
S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys [8/21/2008 11:49 PM 8320]
S3 motport;Motorola USB Diagnostic Port;c:\windows\system32\drivers\motport.sys [6/18/2007 8:18 PM 23680]
S3 Update Server;BitDefender Update Server v2;c:\program files\Common Files\BitDefender\BitDefender Arrakis Server\bin\arrakis3.exe [11/30/2010 7:19 AM 307544]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 1:16 PM 753504]
S4 avc3;avc3;c:\windows\system32\drivers\avc3.sys [11/29/2010 2:12 PM 535824]
S4 avckf;avckf;c:\windows\system32\drivers\avckf.sys [11/29/2010 2:12 PM 1066232]
.
Contents of the 'Scheduled Tasks' folder
.
2011-08-10 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]
.
2011-08-14 c:\windows\Tasks\dfrg.job
- c:\windows\system32\dfrg.msc [2004-08-04 10:00]
.
2011-07-17 c:\windows\Tasks\Disk Cleanup.job
- c:\windows\system32\cleanmgr.exe [2004-08-04 10:42]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
mStart Page = about:blank
Trusted Zone: facebook.com
TCP: DhcpNameServer = 192.168.0.1 216.165.129.157
FF - ProfilePath - c:\documents and settings\Mom.DONNA-B101ED461\Application Data\Mozilla\Firefox\Profiles\x5r4a0l5.default\
FF - prefs.js: browser.startup.homepage - hxxp://portal.tds.net/
FF - prefs.js: network.proxy.type - 0
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-08-16 17:27
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1048)
c:\windows\system32\adsldpc.dll
.
Completion time: 2011-08-16 17:30:30
ComboFix-quarantined-files.txt 2011-08-16 22:30
ComboFix2.txt 2011-08-16 02:17
ComboFix3.txt 2011-08-14 16:14
ComboFix4.txt 2011-08-14 02:06
.
Pre-Run: 383,374,483,456 bytes free
Post-Run: 383,362,146,304 bytes free
.
- - End Of File - - 80E6772BA5D54104F8C6DC40434A2ABA

#14 User is offline   CatByte 

  • Bleepin' curls!
  • PipPipPipPipPipPip
  • Find Topics
  • Group: Malware Response Team
  • Posts: 7,857
  • Joined: 09-November 08
  • Gender:Not Telling
  • Location:Canada

Posted 16 August 2011 - 07:26 PM

The logs appear to be clean

are you still getting this error?

Quote

a small window came on about my Print Master 16 program: the Install script engine on this machine is older than the version required to run this set up. If available please install the latest version of ISScript.msi, or contact your support personnel for further assistance. OK. Maybe it's not strange but the truth???


you may want to check with Print Master to see if there are any available updates.

Let me know how the machine is running and if there are any outstanding issues, if everything is OK we can do our final tool clean up routine.
The help you receive here is free. If you wish to show your appreciation, then you may Posted Image
Microsoft MVP - 2010, 2011

#15 User is offline   donnad2006 

  • New Member
  • Pip
  • Find Topics
  • Group: Members
  • Posts: 8
  • Joined: 18-August 07
  • Gender:Female

Posted 16 August 2011 - 07:30 PM

Hi
Everything seems to be working. Yes I have had the Print Master 16 pop up come up one other time doing something else, but I will try as you suggested, the update.
Thank you so very much.

Share this topic:


  • 2 Pages +
  • 1
  • 2
  • You cannot start a new topic
  • This topic is locked

1 User(s) are reading this topic
0 members, 1 guests, 0 anonymous users