Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with google redirect worm


  • This topic is locked This topic is locked
6 replies to this topic

#1 k-steeve

k-steeve

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:08:01 AM

Posted 29 December 2010 - 04:36 AM

Hi. I am running Windows 7. Firefox constantly gets redirected when I attempt click on Google search's results. It opens a new tab, and there will be a "Rediret" link and when I click on it, takes me to another page which is unwanted. Have tried removing virus with Malwarebytes and Microsoft Security Essentials; I got Nod32 on the system also(haven't solved anything). I think the problem comes from a file I downloaded and opened a week ago.

DDS (Ver_10-12-12.02) - NTFSx86
Run by Kastur at 10:46:42.46 on Wed 12/29/2010
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_22
Microsoft Windows 7 Ultimate 6.1.7600.0.1256.981.1033.18.2550.1248 [GMT 3.5:30]

AV: ESET NOD32 Antivirus 4.0 *Enabled/Updated* {CB0F8167-5331-BA19-698E-64816B6801A5}
AV: Microsoft Security Essentials *Enabled/Updated* {BF5CEBDC-F2D3-7540-343C-F0CE11FD6E66}
SP: Microsoft Security Essentials *Enabled/Updated* {043D0A38-D4E9-7ACE-0E8C-CBBC6A7A24DB}
SP: ESET NOD32 Antivirus 4.0 *Enabled/Updated* {706E6083-750B-B597-533E-5FF310EF4B18}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\Windows\system32\sppsvc.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\system32\rundll32.exe
C:\Windows\system32\vssvc.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Windows\System32\alg.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\spool\DRIVERS\W32X86\3\HP1006MC.EXE
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Program Files\gAlwaysIdle\gidle.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Windows\System32\StikyNot.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Windows\system32\igfxsrvc.exe
C:\Users\Kastur\AppData\Local\Google\Update\1.2.183.39\GoogleCrashHandler.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Users\Kastur\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Cobian Backup 10\cbVSCService.exe
C:\Program Files\Cobian Backup 10\Cobian.exe
C:\Program Files\Cobian Backup 10\cbInterface.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Kastur\Desktop\dds.scr
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://search.babylon.com/home
uInternet Settings,ProxyOverride = local
uURLSearchHooks: H - No File
BHO: IDMIEHlprObj Class: {0055c089-8582-441b-a0bf-17b458c2a3a8} - c:\program files\internet download manager\IDMIECC.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\progra~1\yahoo!\companion\installs\cpn\YTSingleInstance.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
TB: {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - No File
uRun: [RESTART_STICKY_NOTES] c:\windows\system32\StikyNot.exe
uRun: [Google Update] "c:\users\kastur\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [IDMan] c:\program files\internet download manager\IDMan.exe /onboot
uRun: [ISUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler
uRun: [RocketDock] "c:\program files\rocketdock\RocketDock.exe"
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [googletalk] c:\program files\google\google talk\googletalk.exe /autostart
mRun: [gidle] "c:\program files\galwaysidle\gidle.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [egui] "c:\program files\eset\eset nod32 antivirus\egui.exe" /hide /waitservice
mRun: [VirtualCloneDrive] "c:\program files\elaborate bytes\virtualclonedrive\VCDDaemon.exe" /s
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 0 (0x0)
mPolicies-system: EnableInstallerDetection = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Download all links with IDM - c:\program files\internet download manager\IEGetAll.htm
IE: Download FLV video content with IDM - c:\program files\internet download manager\IEGetVL.htm
IE: Download with IDM - c:\program files\internet download manager\IEExt.htm
IE: E&xport to Microsoft Excel - e:\progra~1\micros~1\office12\EXCEL.EXE/3000
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
TCP: {58d1c2d5-5659-4d33-97de-f2d2a1310fb6} = 77.237.181.130
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: igfxcui - igfxdev.dll

============= SERVICES / DRIVERS ===============

R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-3-25 151216]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]
R2 cbVSCService;Cobian Backup 10 Volume Shadow Copy service;c:\program files\cobian backup 10\cbVSCService.exe [2010-12-29 67584]
R2 ekrn;ESET Service;c:\program files\eset\eset nod32 antivirus\ekrn.exe [2009-5-14 731840]
R2 epfwwfpr;epfwwfpr;c:\windows\system32\drivers\epfwwfpr.sys [2009-5-14 93312]
R3 bbcap;bbcap;c:\windows\system32\drivers\bbcap.sys [2010-12-17 4096]
R3 netw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\netw5v32.sys [2009-6-11 4231168]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2009-6-11 139776]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-4-11 136176]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888]
S3 BTCAMDRV;Mobiola Web Camera driver;c:\windows\system32\drivers\BTCamDrv.sys [2010-11-21 219264]
S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\drivers\MpNWMon.sys [2010-3-25 42368]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-4-9 1343400]

=============== Created Last 30 ================

2010-12-29 07:06:38 -------- d-----w- c:\users\kastur\appdata\local\Safe mirror
2010-12-29 07:05:51 -------- d-----w- c:\program files\Cobian Backup 10
2010-12-27 19:35:15 -------- d-----w- c:\users\kastur\appdata\roaming\SUPERAntiSpyware.com
2010-12-27 19:35:15 -------- d-----w- c:\progra~2\SUPERAntiSpyware.com
2010-12-27 19:35:09 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-12-19 09:46:10 -------- d-----w- c:\users\kastur\appdata\roaming\Malwarebytes
2010-12-19 09:46:03 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-19 09:46:03 -------- d-----w- c:\progra~2\Malwarebytes
2010-12-19 09:45:59 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-12-19 09:45:59 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-12-17 13:12:50 -------- d-----w- c:\program files\Cool Screen Capture
2010-12-17 13:02:51 -------- d-----w- c:\progra~2\Blueberry
2010-12-17 13:01:35 -------- d-----w- c:\users\kastur\appdata\roaming\Blueberry
2010-12-17 13:01:18 4608 ----a-w- c:\windows\system32\bbchlp.dll
2010-12-17 13:01:18 4096 ----a-w- c:\windows\system32\drivers\bbcap.sys
2010-12-17 13:01:18 30720 ----a-w- c:\windows\system32\bbcap.dll
2010-12-17 13:01:06 -------- d-----w- c:\users\kastur\appdata\roaming\LogSys
2010-12-17 13:01:04 -------- d-----w- c:\windows\system32\ShellDD
2010-12-17 13:01:04 -------- d-----w- c:\progra~2\LogSys
2010-12-17 13:00:54 -------- d-----w- c:\program files\common files\Blueberry Software
2010-12-17 13:00:54 -------- d-----w- c:\program files\Blueberry Software
2010-12-17 13:00:43 -------- dc-h--w- c:\progra~2\{A8BE947D-B37D-4AEE-9D42-E65E5AC9C1B1}
2010-12-17 12:28:10 -------- d-----w- c:\program files\DawnArk WebCam Recorder Pro
2010-12-17 12:19:37 -------- d-----w- C:\SuperWebcamRecorder
2010-12-16 15:17:06 2048 ----a-w- c:\windows\system32\tzres.dll
2010-12-16 15:17:01 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-12-16 15:17:01 294400 ----a-w- c:\windows\system32\atmfd.dll
2010-12-16 15:15:40 749056 ----a-w- c:\windows\system32\schedsvc.dll
2010-12-16 15:15:39 496128 ----a-w- c:\windows\system32\taskschd.dll
2010-12-16 15:15:39 351232 ----a-w- c:\windows\system32\wmicmiplugin.dll
2010-12-16 15:15:38 305152 ----a-w- c:\windows\system32\taskcomp.dll
2010-12-16 15:15:38 192000 ----a-w- c:\windows\system32\taskeng.exe
2010-12-16 15:15:38 179712 ----a-w- c:\windows\system32\schtasks.exe
2010-12-16 15:14:19 314368 ----a-w- c:\windows\system32\webio.dll
2010-12-16 15:14:18 2327552 ----a-w- c:\windows\system32\win32k.sys
2010-12-16 15:14:14 101760 ----a-w- c:\windows\system32\consent.exe
2010-12-16 13:24:16 83968 ----a-w- c:\windows\UnGins.exe
2010-12-16 13:12:44 -------- d-----w- c:\program files\Information Packaging
2010-12-16 12:45:15 -------- d-----w- c:\users\kastur\appdata\roaming\TakeScreen Recorder Lite
2010-12-16 12:25:02 54272 --sha-r- c:\windows\system32\msrd3x403.dll
2010-12-15 09:22:36 6273872 ----a-w- c:\progra~2\microsoft\microsoft antimalware\definition updates\{9692dfa4-328b-4d92-9f0b-72a1271bddea}\mpengine.dll
2010-12-14 08:59:55 -------- d-----w- c:\users\kastur\appdata\roaming\AnvSoft
2010-12-14 08:59:14 -------- d-----w- c:\program files\AnvSoft
2010-12-03 09:40:42 7680 ----a-w- c:\program files\internet explorer\iecompat.dll
2010-12-02 12:59:13 393216 ------w- c:\windows\system32\fppmon4.dll
2010-12-02 12:59:13 327680 ------w- c:\windows\system32\fppr432.dll
2010-12-02 12:12:44 413760 ----a-w- c:\windows\system32\MPG4C32.dll
2010-12-02 12:12:37 -------- d-----w- c:\program files\innoheim

==================== Find3M ====================

2010-11-04 05:52:17 978944 ----a-w- c:\windows\system32\wininet.dll
2010-11-04 05:48:36 44544 ----a-w- c:\windows\system32\licmgr10.dll
2010-11-04 04:41:26 386048 ----a-w- c:\windows\system32\html.iec
2010-11-04 04:08:54 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2010-10-19 20:51:33 222080 ------w- c:\windows\system32\MpSigStub.exe
2010-10-16 10:29:37 472808 ----a-w- c:\windows\system32\deployJava1.dll
2001-05-24 09:29:30 162304 ----a-w- c:\program files\UNWISE.EXE

============= FINISH: 10:48:05.76 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:09:01 AM

Posted 01 January 2011 - 09:13 AM

Hi,

Please do the following

Refer to the ComboFix User's Guide

  • Download ComboFix from one of these locations:

    Link 1
    Link 2

    * IMPORTANT !!! Place ComboFix.exe on your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.


    You can get help on disabling your protection programs here
  • Double click on ComboFix.exe & follow the prompts.
  • Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.
  • When finished, it shall produce a log for you. Post that log in your next reply

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.


    ---------------------------------------------------------------------------------------------
  • Ensure your AntiVirus and AntiSpyware applications are re-enabled.

    ---------------------------------------------------------------------------------------------

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#3 k-steeve

k-steeve
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:08:01 AM

Posted 01 January 2011 - 01:52 PM

Hi
I disabled NOD32, and completely Microsoft Security, But it showed that they are active. However it is the log. If it is not what you meant, please inform me to run ComboFix another time.

ComboFix 10-12-29.02 - Kastur 01/01/2011 22:00:46.1.1 - x86
Microsoft Windows 7 Ultimate 6.1.7600.0.1256.981.1033.18.2550.1079 [GMT 3.5:30]
Running from: c:\users\Kastur\Desktop\ComboFix.exe
AV: ESET NOD32 Antivirus 4.0 *Enabled/Updated* {CB0F8167-5331-BA19-698E-64816B6801A5}
AV: Microsoft Security Essentials *Enabled/Updated* {BF5CEBDC-F2D3-7540-343C-F0CE11FD6E66}
SP: ESET NOD32 Antivirus 4.0 *Enabled/Updated* {706E6083-750B-B597-533E-5FF310EF4B18}
SP: Microsoft Security Essentials *Enabled/Updated* {043D0A38-D4E9-7ACE-0E8C-CBBC6A7A24DB}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((( Files Created from 2010-12-01 to 2011-01-01 )))))))))))))))))))))))))))))))
.

2011-01-01 18:39 . 2011-01-01 18:39 -------- d-----w- c:\users\Guest\AppData\Local\temp
2011-01-01 18:39 . 2011-01-01 18:39 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-01-01 03:42 . 2011-01-01 03:42 176488 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10136.bin
2010-12-31 18:30 . 2010-12-31 18:30 -------- d-----w- c:\users\Kastur\AppData\Roaming\Evaer
2010-12-31 18:30 . 2010-12-31 18:30 -------- d-----w- c:\program files\Evaer
2010-12-31 17:10 . 2010-12-31 17:41 -------- d-----w- C:\CamersoftOutput
2010-12-31 17:10 . 2010-12-31 17:10 -------- d-----w- c:\users\Kastur\AppData\Roaming\Camersoft
2010-12-31 17:09 . 2001-01-07 15:00 413760 ----a-w- c:\windows\system32\MPG4c32.dll
2010-12-31 17:09 . 2000-04-24 12:44 239888 ----a-w- c:\windows\system32\MPG4ds32.ax
2010-12-31 17:09 . 2010-12-31 17:35 -------- d-----w- c:\program files\Camersoft
2010-12-31 16:44 . 2010-12-31 16:44 -------- d-----w- c:\program files\LORD
2010-12-30 17:25 . 2010-12-30 17:27 -------- d-----w- c:\users\Kastur\AppData\Roaming\vlc
2010-12-29 07:06 . 2010-12-29 07:06 -------- d-----w- c:\users\Kastur\AppData\Local\Safe mirror
2010-12-29 07:05 . 2010-12-29 07:06 -------- d-----w- c:\program files\Cobian Backup 10
2010-12-27 19:35 . 2010-12-27 19:35 -------- d-----w- c:\users\Kastur\AppData\Roaming\SUPERAntiSpyware.com
2010-12-27 19:35 . 2010-12-27 19:35 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2010-12-27 19:35 . 2010-12-27 19:35 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-12-19 09:46 . 2010-12-19 09:46 -------- d-----w- c:\users\Kastur\AppData\Roaming\Malwarebytes
2010-12-19 09:46 . 2010-12-19 09:46 -------- d-----w- c:\programdata\Malwarebytes
2010-12-19 09:46 . 2010-11-29 14:12 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-19 09:45 . 2010-12-19 09:46 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-12-19 09:45 . 2010-11-29 14:12 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-12-18 07:00 . 2010-12-18 08:47 -------- d-----w- c:\programdata\Yahoo! Companion
2010-12-17 13:12 . 2010-12-17 13:16 -------- d-----w- c:\program files\Cool Screen Capture
2010-12-17 13:02 . 2010-12-17 13:02 -------- d-----w- c:\programdata\Blueberry
2010-12-17 13:01 . 2010-12-17 13:11 -------- d-----w- c:\users\Kastur\AppData\Roaming\Blueberry
2010-12-17 13:01 . 2010-12-17 13:01 4608 ----a-w- c:\windows\system32\bbchlp.dll
2010-12-17 13:01 . 2010-12-17 13:01 4096 ----a-w- c:\windows\system32\drivers\bbcap.sys
2010-12-17 13:01 . 2010-12-17 13:01 30720 ----a-w- c:\windows\system32\bbcap.dll
2010-12-17 13:01 . 2010-12-17 13:01 -------- d-----w- c:\users\Kastur\AppData\Roaming\LogSys
2010-12-17 13:01 . 2010-12-17 13:01 -------- d-----w- c:\programdata\LogSys
2010-12-17 13:01 . 2010-12-17 13:01 -------- d-----w- c:\windows\system32\ShellDD
2010-12-17 13:00 . 2010-12-17 13:00 -------- d-----w- c:\program files\Common Files\Blueberry Software
2010-12-17 13:00 . 2010-12-17 13:00 -------- d-----w- c:\program files\Blueberry Software
2010-12-17 13:00 . 2010-12-17 13:01 -------- dc-h--w- c:\programdata\{A8BE947D-B37D-4AEE-9D42-E65E5AC9C1B1}
2010-12-17 12:28 . 2010-12-17 12:50 -------- d-----w- c:\program files\DawnArk WebCam Recorder Pro
2010-12-17 12:19 . 2010-12-17 12:19 -------- d-----w- C:\SuperWebcamRecorder
2010-12-16 15:17 . 2010-10-27 04:32 2048 ----a-w- c:\windows\system32\tzres.dll
2010-12-16 15:17 . 2010-10-20 04:54 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-12-16 15:17 . 2010-10-20 02:58 294400 ----a-w- c:\windows\system32\atmfd.dll
2010-12-16 15:15 . 2010-11-02 04:39 749056 ----a-w- c:\windows\system32\schedsvc.dll
2010-12-16 15:15 . 2010-11-02 04:41 351232 ----a-w- c:\windows\system32\wmicmiplugin.dll
2010-12-16 15:15 . 2010-11-02 04:40 496128 ----a-w- c:\windows\system32\taskschd.dll
2010-12-16 15:15 . 2010-11-02 04:40 305152 ----a-w- c:\windows\system32\taskcomp.dll
2010-12-16 15:15 . 2010-11-02 04:34 192000 ----a-w- c:\windows\system32\taskeng.exe
2010-12-16 15:15 . 2010-11-02 04:34 179712 ----a-w- c:\windows\system32\schtasks.exe
2010-12-16 15:14 . 2010-10-16 04:36 314368 ----a-w- c:\windows\system32\webio.dll
2010-12-16 15:14 . 2010-10-20 03:00 2327552 ----a-w- c:\windows\system32\win32k.sys
2010-12-16 15:14 . 2010-10-16 04:41 101760 ----a-w- c:\windows\system32\consent.exe
2010-12-16 13:24 . 2000-05-16 07:10 83968 ----a-w- c:\windows\UnGins.exe
2010-12-16 13:12 . 2010-12-16 13:12 -------- d-----w- c:\program files\Information Packaging
2010-12-16 12:45 . 2010-12-16 12:48 -------- d-----w- c:\users\Kastur\AppData\Roaming\TakeScreen Recorder Lite
2010-12-14 08:59 . 2010-12-14 08:59 -------- d-----w- c:\users\Kastur\AppData\Roaming\AnvSoft
2010-12-14 08:59 . 2010-12-14 08:59 -------- d-----w- c:\program files\AnvSoft
2010-12-03 09:40 . 2010-10-19 08:10 7680 ----a-w- c:\program files\Internet Explorer\iecompat.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-10-19 20:51 . 2010-02-27 22:05 222080 ------w- c:\windows\system32\MpSigStub.exe
2010-10-16 10:29 . 2010-10-16 10:30 472808 ----a-w- c:\windows\system32\deployJava1.dll
2001-05-24 09:29 . 2010-02-27 21:22 162304 ----a-w- c:\program files\UNWISE.EXE
.
<pre>
c:\windows\Win2Farsi\Activating Windows 7\Active new\Other Activation Win se7en 64bit_32bit\Active 2\Activation Win 32bit se7en .exe
c:\windows\Win2Farsi\Activating Windows 7\Active new\Other Activation Win se7en 64bit_32bit\Active 2\Activation Win 64bit se7en .exe
</pre>

------- Sigcheck -------

[-] 2010-04-17 . 7BD7F45FF37FA0669CD32CA0EF46E22C . 811520 . . [6.1.7600.16385] . . c:\windows\System32\user32.dll
[7] 2009-07-14 . 34B7E222E81FAFA885F0C5F2CFA56861 . 811520 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RESTART_STICKY_NOTES"="c:\windows\System32\StikyNot.exe" [2009-07-14 354304]
"Google Update"="c:\users\Kastur\AppData\Local\Google\Update\GoogleUpdate.exe" [2010-04-11 136176]
"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2010-07-07 3220912]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [N/A]
"RocketDock"="c:\program files\RocketDock\RocketDock.exe" [N/A]
"avichannel"="c:\program files\Evaer\videochannel.exe" [2010-12-02 1679360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"googletalk"="c:\program files\Google\Google Talk\googletalk.exe" [2006-12-13 3739648]
"gidle"="c:\program files\gAlwaysIdle\gidle.exe" [2008-01-07 49152]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-10 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-01-22 141608]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-05-14 2029640]
"VirtualCloneDrive"="c:\program files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2008-06-29 52168]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-23 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-23 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-23 150552]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 0 (0x0)
"EnableInstallerDetection"= 0 (0x0)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Action Manager 32.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Action Manager 32.lnk
backup=c:\windows\pss\Action Manager 32.lnk.CommonStartup
backupExtension=.CommonStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-06-11 22:08 34672 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

R1 czkyjsia;czkyjsia;c:\windows\system32\drivers\czkyjsia.sys [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-04-11 136176]
R3 BTCAMDRV;Mobiola Web Camera driver;c:\windows\system32\DRIVERS\BTCamDrv.sys [2006-11-01 219264]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-04-09 1343400]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2009-05-14 107256]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-17 12872]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2010-05-10 67656]
S2 cbVSCService;Cobian Backup 10 Volume Shadow Copy service;c:\program files\Cobian Backup 10\cbVSCService.exe [2010-09-23 67584]
S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2009-05-14 731840]
S2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys [2009-05-14 93312]
S3 bbcap;bbcap;c:\windows\system32\DRIVERS\bbcap.sys [2010-12-17 4096]
S3 netw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-07-13 139776]

.
Contents of the 'Scheduled Tasks' folder

2011-01-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-11 19:27]

2011-01-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-11 19:27]

2011-01-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2759015993-2932830688-2354472884-1000Core.job
- c:\users\Kastur\AppData\Local\Google\Update\GoogleUpdate.exe [2010-06-03 19:27]

2011-01-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2759015993-2932830688-2354472884-1000UA.job
- c:\users\Kastur\AppData\Local\Google\Update\GoogleUpdate.exe [2010-06-03 19:27]
.
.
------- Supplementary Scan -------
.
uStart Page = www.npshop.net
uInternet Settings,ProxyOverride = 127.0.0.1
uInternet Settings,ProxyServer = 127.0.0.1:9666
IE: Download all links with IDM - c:\program files\Internet Download Manager\IEGetAll.htm
IE: Download FLV video content with IDM - c:\program files\Internet Download Manager\IEGetVL.htm
IE: Download with IDM - c:\program files\Internet Download Manager\IEExt.htm
IE: E&xport to Microsoft Excel - e:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
TCP: {58d1c2d5-5659-4d33-97de-f2d2a1310fb6} = 77.237.181.130
TCP: {AEF9B72E-C6F7-41EF-9B84-9FAECF1101AB} = 4.2.2.4 67.11.0.19
.
- - - - ORPHANS REMOVED - - - -

URLSearchHooks-{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
WebBrowser-{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - (no file)
AddRemove-MatlabR2010b - e:\application\matlab\uninstall\bin\win32\uninstall.exe
AddRemove-Mozilla Firefox (3.0.7) - e:\application\firefox\uninstall\helper.exe


.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-2759015993-2932830688-2354472884-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{A7619948-CF07-59FD-4585-8747D0CE7A5F}*]
"haagllmnfkjaneie"=hex:6b,61,63,66,65,61,67,65,62,6f,63,61,66,6c,68,67,66,70,
6e,64,64,68,00,00
"iaggbjfoppklibgaip"=hex:6b,61,63,66,65,61,67,65,62,6f,63,61,66,6c,68,67,66,70,
6e,64,64,68,00,00

[HKEY_USERS\S-1-5-21-2759015993-2932830688-2354472884-1000_Classes\CLSID\{4f6db96b-47c7-46c7-8fc3-ad60c9cede2e}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"Model"=dword:00000136
"Therad"=dword:0000001b
"MData"=hex(0):73,d5,cf,b8,a4,07,89,80,31,e4,35,6b,2a,ca,fe,43,b6,1f,81,1f,5a,
1b,4d,36,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,\

[HKEY_USERS\S-1-5-21-2759015993-2932830688-2354472884-1000_Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):0c,d5,37,60,bd,ff,bb,b7,df,bb,02,3b,80,67,7e,b6,7b,95,c2,9a,a8,
3f,a9,63,54,fc,57,a3,65,ca,16,b4,00,49,f6,29,4d,9a,1d,95,00,00,00,00,00,00,\

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2011-01-01 22:15:46
ComboFix-quarantined-files.txt 2011-01-01 18:45

Pre-Run: 1,553,620,992 bytes free
Post-Run: 2,325,458,944 bytes free

- - End Of File - - D9DDE2515FDA3023C14676B7647AE053

#4 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:09:01 AM

Posted 01 January 2011 - 04:11 PM

Hi

Please do the following:

  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below.
  • They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
Copy/paste the text inside the Codebox below into notepad:

Here's how to do that:
Click Start > Run type Notepad click OK.
This will open an empty notepad file:

Copy all the text inside of the code box - Press Ctrl+C (or right click on the highlighted section and choose 'copy')

RenV::
c:\windows\Win2Farsi\Activating Windows 7\Active new\Other Activation Win se7en 64bit_32bit\Active 2\Activation Win 32bit se7en .exe
c:\windows\Win2Farsi\Activating Windows 7\Active new\Other Activation Win se7en 64bit_32bit\Active 2\Activation Win 64bit se7en .exe

FCopy::
c:\windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll | c:\windows\System32\user32.dll

Driver::
czkyjsia

DDS::
uInternet Settings,ProxyServer = 127.0.0.1:9666


Now paste the copied text into the open notepad - press CTRL+V (or right click and choose 'paste')

Save this file to your desktop, Save this as "CFScript"


Here's how to do that:

1.Click File;
2.Click Save As... Change the directory to your desktop;
3.Change the Save as type to "All Files";
4.Type in the file name: CFScript
5.Click Save ...

Posted Image
  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you.
  • Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.



NEXT



Can you please advise if this is your own ISP? It's located in Tehran.

TCP: {58d1c2d5-5659-4d33-97de-f2d2a1310fb6} = 77.237.181.130


NEXT


  • Please open your MalwareBytes AntiMalware Program
  • Click the Update Tab and search for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected. <-- very important
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note:If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.



NEXT


Go here to run an online scanner from ESET.
  • Note: You will need to use Internet explorer for this scan
  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activeX control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • When the scan completes, press the LIST OF THREATS FOUND button
  • Press EXPORT TO TEXT FILE , name the file ESETSCAN and save it to your desktop
  • Include the contents of this report in your next reply.
  • Press the BACK button.
  • Press Finish


NEXT


You have more than one Antivirus installed,

Having more than one can cause system slow downs, conflicts and crashes.

AV: ESET NOD32 Antivirus 4.0 *Enabled/Updated* {CB0F8167-5331-BA19-698E-64816B6801A5}
AV: Microsoft Security Essentials *Enabled/Updated* {BF5CEBDC-F2D3-7540-343C-F0CE11FD6E66}

You need to uninstall one of them

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#5 k-steeve

k-steeve
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:08:01 AM

Posted 02 January 2011 - 12:20 PM

about what you asked about ISP, well I just know my ip which is 217.170.240.230 and yes, I am in Tehran. I have no idea about isp.



ComboFix
ComboFix 10-12-29.02 - Kastur 01/02/2011 16:05:17.2.1 - x86
Microsoft Windows 7 Ultimate 6.1.7600.0.1256.981.1033.18.2550.1546 [GMT 3.5:30]
Running from: c:\users\Kastur\Desktop\ComboFix.exe
Command switches used :: c:\users\Kastur\Desktop\CFScript.txt
AV: ESET NOD32 Antivirus 4.0 *Disabled/Updated* {CB0F8167-5331-BA19-698E-64816B6801A5}
SP: ESET NOD32 Antivirus 4.0 *Disabled/Updated* {706E6083-750B-B597-533E-5FF310EF4B18}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

.
--------------- FCopy ---------------

c:\windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll --> c:\windows\System32\user32.dll
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_czkyjsia


((((((((((((((((((((((((( Files Created from 2010-12-02 to 2011-01-02 )))))))))))))))))))))))))))))))
.

2011-01-02 12:43 . 2011-01-02 12:43 -------- d-----w- c:\users\Guest\AppData\Local\temp
2011-01-02 12:43 . 2011-01-02 12:43 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-01-01 19:18 . 2007-11-06 21:49 1156600 ----a-w- c:\windows\system32\mfc90.dll
2011-01-01 19:18 . 2007-11-06 21:49 655872 ----a-w- c:\windows\system32\msvcr90.dll
2011-01-01 19:18 . 2007-11-06 21:49 568832 ----a-w- c:\windows\system32\msvcp90.dll
2011-01-01 19:18 . 2002-08-29 00:09 294912 ----a-w- c:\windows\system32\msaud32.acm
2011-01-01 19:18 . 2011-01-01 19:18 -------- d-----w- c:\program files\Supertintin for Skype
2011-01-01 03:42 . 2011-01-01 03:42 176488 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10136.bin
2010-12-31 18:30 . 2010-12-31 18:30 -------- d-----w- c:\users\Kastur\AppData\Roaming\Evaer
2010-12-31 18:30 . 2010-12-31 18:30 -------- d-----w- c:\program files\Evaer
2010-12-31 17:10 . 2011-01-01 19:47 -------- d-----w- C:\CamersoftOutput
2010-12-31 17:10 . 2010-12-31 17:10 -------- d-----w- c:\users\Kastur\AppData\Roaming\Camersoft
2010-12-31 17:09 . 2001-01-07 15:00 413760 ----a-w- c:\windows\system32\MPG4c32.dll
2010-12-31 17:09 . 2000-04-24 12:44 239888 ----a-w- c:\windows\system32\MPG4ds32.ax
2010-12-31 17:09 . 2010-12-31 17:35 -------- d-----w- c:\program files\Camersoft
2010-12-31 16:44 . 2010-12-31 16:44 -------- d-----w- c:\program files\LORD
2010-12-30 17:25 . 2010-12-30 17:27 -------- d-----w- c:\users\Kastur\AppData\Roaming\vlc
2010-12-29 07:06 . 2010-12-29 07:06 -------- d-----w- c:\users\Kastur\AppData\Local\Safe mirror
2010-12-29 07:05 . 2010-12-29 07:06 -------- d-----w- c:\program files\Cobian Backup 10
2010-12-27 19:35 . 2010-12-27 19:35 -------- d-----w- c:\users\Kastur\AppData\Roaming\SUPERAntiSpyware.com
2010-12-27 19:35 . 2010-12-27 19:35 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2010-12-27 19:35 . 2010-12-27 19:35 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-12-19 09:46 . 2010-12-19 09:46 -------- d-----w- c:\users\Kastur\AppData\Roaming\Malwarebytes
2010-12-19 09:46 . 2010-12-19 09:46 -------- d-----w- c:\programdata\Malwarebytes
2010-12-19 09:46 . 2010-11-29 14:12 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-19 09:45 . 2010-12-19 09:46 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-12-19 09:45 . 2010-11-29 14:12 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-12-18 07:00 . 2010-12-18 08:47 -------- d-----w- c:\programdata\Yahoo! Companion
2010-12-17 13:12 . 2010-12-17 13:16 -------- d-----w- c:\program files\Cool Screen Capture
2010-12-17 13:02 . 2010-12-17 13:02 -------- d-----w- c:\programdata\Blueberry
2010-12-17 13:01 . 2010-12-17 13:11 -------- d-----w- c:\users\Kastur\AppData\Roaming\Blueberry
2010-12-17 13:01 . 2010-12-17 13:01 4608 ----a-w- c:\windows\system32\bbchlp.dll
2010-12-17 13:01 . 2010-12-17 13:01 4096 ----a-w- c:\windows\system32\drivers\bbcap.sys
2010-12-17 13:01 . 2010-12-17 13:01 30720 ----a-w- c:\windows\system32\bbcap.dll
2010-12-17 13:01 . 2010-12-17 13:01 -------- d-----w- c:\users\Kastur\AppData\Roaming\LogSys
2010-12-17 13:01 . 2010-12-17 13:01 -------- d-----w- c:\programdata\LogSys
2010-12-17 13:01 . 2010-12-17 13:01 -------- d-----w- c:\windows\system32\ShellDD
2010-12-17 13:00 . 2010-12-17 13:00 -------- d-----w- c:\program files\Common Files\Blueberry Software
2010-12-17 13:00 . 2010-12-17 13:00 -------- d-----w- c:\program files\Blueberry Software
2010-12-17 13:00 . 2010-12-17 13:01 -------- dc-h--w- c:\programdata\{A8BE947D-B37D-4AEE-9D42-E65E5AC9C1B1}
2010-12-17 12:28 . 2010-12-17 12:50 -------- d-----w- c:\program files\DawnArk WebCam Recorder Pro
2010-12-17 12:19 . 2010-12-17 12:19 -------- d-----w- C:\SuperWebcamRecorder
2010-12-16 15:17 . 2010-10-27 04:32 2048 ----a-w- c:\windows\system32\tzres.dll
2010-12-16 15:17 . 2010-10-20 04:54 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-12-16 15:17 . 2010-10-20 02:58 294400 ----a-w- c:\windows\system32\atmfd.dll
2010-12-16 15:15 . 2010-11-02 04:39 749056 ----a-w- c:\windows\system32\schedsvc.dll
2010-12-16 15:15 . 2010-11-02 04:41 351232 ----a-w- c:\windows\system32\wmicmiplugin.dll
2010-12-16 15:15 . 2010-11-02 04:40 496128 ----a-w- c:\windows\system32\taskschd.dll
2010-12-16 15:15 . 2010-11-02 04:40 305152 ----a-w- c:\windows\system32\taskcomp.dll
2010-12-16 15:15 . 2010-11-02 04:34 192000 ----a-w- c:\windows\system32\taskeng.exe
2010-12-16 15:15 . 2010-11-02 04:34 179712 ----a-w- c:\windows\system32\schtasks.exe
2010-12-16 15:14 . 2010-10-16 04:36 314368 ----a-w- c:\windows\system32\webio.dll
2010-12-16 15:14 . 2010-10-20 03:00 2327552 ----a-w- c:\windows\system32\win32k.sys
2010-12-16 15:14 . 2010-10-16 04:41 101760 ----a-w- c:\windows\system32\consent.exe
2010-12-16 13:24 . 2000-05-16 07:10 83968 ----a-w- c:\windows\UnGins.exe
2010-12-16 13:12 . 2010-12-16 13:12 -------- d-----w- c:\program files\Information Packaging
2010-12-16 12:45 . 2010-12-16 12:48 -------- d-----w- c:\users\Kastur\AppData\Roaming\TakeScreen Recorder Lite
2010-12-14 08:59 . 2010-12-14 08:59 -------- d-----w- c:\users\Kastur\AppData\Roaming\AnvSoft
2010-12-14 08:59 . 2010-12-14 08:59 -------- d-----w- c:\program files\AnvSoft

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-10-19 20:51 . 2010-02-27 22:05 222080 ------w- c:\windows\system32\MpSigStub.exe
2010-10-16 10:29 . 2010-10-16 10:30 472808 ----a-w- c:\windows\system32\deployJava1.dll
2001-05-24 09:29 . 2010-02-27 21:22 162304 ----a-w- c:\program files\UNWISE.EXE
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RESTART_STICKY_NOTES"="c:\windows\System32\StikyNot.exe" [2009-07-14 354304]
"Google Update"="c:\users\Kastur\AppData\Local\Google\Update\GoogleUpdate.exe" [2010-04-11 136176]
"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2010-07-07 3220912]
"avichannel"="c:\program files\Evaer\videochannel.exe" [2010-12-02 1679360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"googletalk"="c:\program files\Google\Google Talk\googletalk.exe" [2006-12-13 3739648]
"gidle"="c:\program files\gAlwaysIdle\gidle.exe" [2008-01-07 49152]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-10 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-01-22 141608]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-05-14 2029640]
"VirtualCloneDrive"="c:\program files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2008-06-29 52168]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-23 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-23 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-23 150552]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"supertintin_skype"="c:\program files\Supertintin for Skype\supertintin_skype.exe" [2009-05-09 1186304]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 0 (0x0)
"EnableInstallerDetection"= 0 (0x0)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Action Manager 32.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Action Manager 32.lnk
backup=c:\windows\pss\Action Manager 32.lnk.CommonStartup
backupExtension=.CommonStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-06-11 22:08 34672 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-04-11 136176]
R3 BTCAMDRV;Mobiola Web Camera driver;c:\windows\system32\DRIVERS\BTCamDrv.sys [2006-11-01 219264]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-04-09 1343400]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2009-05-14 107256]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-17 12872]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2010-05-10 67656]
S2 cbVSCService;Cobian Backup 10 Volume Shadow Copy service;c:\program files\Cobian Backup 10\cbVSCService.exe [2010-09-23 67584]
S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2009-05-14 731840]
S2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys [2009-05-14 93312]
S3 bbcap;bbcap;c:\windows\system32\DRIVERS\bbcap.sys [2010-12-17 4096]
S3 netw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-07-13 139776]

.
Contents of the 'Scheduled Tasks' folder

2011-01-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-11 19:27]

2011-01-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-11 19:27]

2011-01-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2759015993-2932830688-2354472884-1000Core.job
- c:\users\Kastur\AppData\Local\Google\Update\GoogleUpdate.exe [2010-06-03 19:27]

2011-01-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2759015993-2932830688-2354472884-1000UA.job
- c:\users\Kastur\AppData\Local\Google\Update\GoogleUpdate.exe [2010-06-03 19:27]
.
.
------- Supplementary Scan -------
.
uStart Page = www.npshop.net
uInternet Settings,ProxyOverride = 127.0.0.1
IE: Download all links with IDM - c:\program files\Internet Download Manager\IEGetAll.htm
IE: Download FLV video content with IDM - c:\program files\Internet Download Manager\IEGetVL.htm
IE: Download with IDM - c:\program files\Internet Download Manager\IEExt.htm
IE: E&xport to Microsoft Excel - e:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
TCP: {58d1c2d5-5659-4d33-97de-f2d2a1310fb6} = 77.237.181.130
TCP: {AEF9B72E-C6F7-41EF-9B84-9FAECF1101AB} = 4.2.2.4 67.11.0.19
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-ISUSPM - c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe
HKCU-Run-RocketDock - c:\program files\RocketDock\RocketDock.exe


.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-2759015993-2932830688-2354472884-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{A7619948-CF07-59FD-4585-8747D0CE7A5F}*]
"haagllmnfkjaneie"=hex:6b,61,63,66,65,61,67,65,62,6f,63,61,66,6c,68,67,66,70,
6e,64,64,68,00,00
"iaggbjfoppklibgaip"=hex:6b,61,63,66,65,61,67,65,62,6f,63,61,66,6c,68,67,66,70,
6e,64,64,68,00,00

[HKEY_USERS\S-1-5-21-2759015993-2932830688-2354472884-1000_Classes\CLSID\{4f6db96b-47c7-46c7-8fc3-ad60c9cede2e}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"Model"=dword:00000136
"Therad"=dword:0000001b
"MData"=hex(0):73,d5,cf,b8,a4,07,89,80,31,e4,35,6b,2a,ca,fe,43,b6,1f,81,1f,5a,
1b,4d,36,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,\

[HKEY_USERS\S-1-5-21-2759015993-2932830688-2354472884-1000_Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):0c,d5,37,60,bd,ff,bb,b7,df,bb,02,3b,80,67,7e,b6,7b,95,c2,9a,a8,
3f,a9,63,54,fc,57,a3,65,ca,16,b4,00,49,f6,29,4d,9a,1d,95,00,00,00,00,00,00,\

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'Explorer.exe'(2324)
c:\program files\gAlwaysIdle\gidle.dll
c:\program files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL
c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_eng-us.nlr
c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\CDBurnerXP\NMSAccessU.exe
c:\windows\system32\sppsvc.exe
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\windows\system32\spool\DRIVERS\W32X86\3\HP1006MC.EXE
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\system32\taskhost.exe
c:\windows\system32\conhost.exe
c:\windows\system32\igfxsrvc.exe
c:\users\Kastur\AppData\Local\Google\Update\1.2.183.39\GoogleCrashHandler.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2011-01-02 16:23:20 - machine was rebooted
ComboFix-quarantined-files.txt 2011-01-02 12:53
ComboFix2.txt 2011-01-01 18:45

Pre-Run: 3,316,756,480 bytes free
Post-Run: 2,747,142,144 bytes free

- - End Of File - - 0F040D82D35679E4427DD5951DF46892





Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 5442

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

01/02/2011 05:56:59 PM
mbam-log-2011-01-02 (17-56-59).txt

Scan type: Quick scan
Objects scanned: 156439
Time elapsed: 4 minute(s), 45 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\H3O8CABBPI (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)







ESET

C:\Program Files\Pamela\pamela.for.skype.professional.v4.5.0.96-ismail.exe probably a variant of Win32/HackTool.Patcher.A application
C:\Users\Kastur\Desktop\D.L\Internet Download Manager 5.19 Build 3 Retail.rar probably a variant of Win32/HackTool.Patcher.A application
C:\Users\Kastur\Desktop\Video2Webcam.3.1.8.8\Keygen\S.C Patch.exe a variant of Win32/HackTool.Patcher.D application
C:\Users\Kastur\Documents\Downloads\Compressed\PRGM_Camersoft.Webcam.Recorder.v2.2.32.WinALL.Incl.Patcher-YPOGEiOS.rar Win32/HackTool.Patcher.A application
C:\Windows.old.000\Pamela For Skype Professional 4.5.0.96 reshwap.net-By FAISALABG\pamela.for.skype.professional.v4.5.0.96-ismail.exe probably a variant of Win32/HackTool.Patcher.A application

#6 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:09:01 AM

Posted 02 January 2011 - 12:28 PM

The eset report is referring to files that appear to be for pirated software.

we do not condone the use of pirated software whatsoever, I strongly suggest you delete those files.

Cracks, keygens and torrents are generally the number one source for infections that we see.



P2P - I see you have P2P software utorrent installed on your machine. We are not here to pass judgment on file-sharing as a concept. However, we will warn you that engaging in this activity and having this kind of software installed on your machine will always make you more susceptible to re-infections. It likely contributed to your current situation. This page will give you further information.
Please note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares.
Please see this topic for more information:
Perils of P2P File Sharing.
I would strongly recommend that you uninstall this/these now. You can do so via Control Panel >> Add or Remove Programs.


NEXT

Posted Image Your Java is out of date.
Java™ 6 Update 20 can be updated from the Java control panel Start > Control Panel (Classic View) > Java (looks like a coffee cup) > Update Tab > Update Now.
An update should begin; > follow the prompts.


Clear Java cache

Go into the Control Panel and double-click the Java Icon. (looks like a coffee cup) If you do not see the icon, look to your left and click 'Switch to Classic View'.
  • On the General tab, under Temporary Internet Files, click the Settings button.
  • Next, click on the Delete Files button
  • There are two options in the window to clear the cache - Leave BOTH Checked
    • Applications and Applets
      Trace and Log Files
  • Click OK on Delete Temporary Files Window
    Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.
  • Click OK to leave the Temporary Files Window
  • Click OK to leave the Java Control Panel.


NEXT



Visit ADOBEand download the latest version of Acrobat Reader (version X)
Having the latest updates ensures there are no security vulnerabilities in your system.



NEXT



Please post a fresh DDS Log and advise how your computer is running now and if there are any outstanding issues

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#7 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:09:01 AM

Posted 08 January 2011 - 04:26 PM

Due to the lack of feedback, this topic is now closed.In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users