Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

virus called Spigot inc uses search settings as


  • Please log in to reply
12 replies to this topic

#1 Stannousoxide

Stannousoxide

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:11 AM

Posted 07 May 2011 - 11:00 AM

hello there, im using an acer aspire one netbook which has been infected by spigot. I scanned it with malwarebytes free scanner which found it or maybe some of it which i choose delete , but it was there when my computer restarted. I also tried McAfee antivirus(my antivirus) which didn't detect it. Also about my antivirus program i have 5 days of protection left using McAfee security suite, though i recently bought Total protection(also mcafee) to extend my protection. I also tried the gmr program but it froze, though i was successful with the D.D.S progrram.
here's the D.D.S log then the attach file after it

.
DDS (Ver_11-03-05.01) - NTFSx86
Run by Lee La Croix at 22:59:21.02 on 04/05/2011
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_24
Microsoft Windows 7 Starter 6.1.7601.1.1252.2.1033.18.1013.253 [GMT -5:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Application Updater\ApplicationUpdater.exe
C:\Program Files\Launch Manager\dsiwmis.exe
C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Acer\Registration\GREGsvc.exe
C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
C:\Program Files\Symantec\Norton Online Backup\NOBuAgent.exe
C:\Program Files\Acer\Acer VCM\RS_Service.exe
C:\Windows\system32\rundll32.exe
C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe
C:\Program Files\Acer\Acer Updater\UpdaterService.exe
C:\PROGRA~1\SPEEDB~1\VideoAcceleratorService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\mcafee.com\agent\mcagent.exe
C:\Program Files\EgisTec IPS\PmmUpdate.exe
C:\Program Files\EgisTec MyWinLocker\x86\mwlDaemon.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Windows\System32\igfxtray.exe
C:\Program Files\EgisTec IPS\EgisUpdate.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Launch Manager\LManager.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\PLFSetI.exe
C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Launch Manager\LMworker.exe
C:\Windows\system32\igfxext.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Users\Lee La Croix\Desktop\dds.scr
C:\Windows\system32\conhost.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://acer.msn.com
uDefault_Page_URL = hxxp://acer.msn.com
mDefault_Page_URL = hxxp://acer.msn.com
mStart Page = hxxp://acer.msn.com
uURLSearchHooks: YouTube Downloader Toolbar: {f3fee66e-e034-436a-86e4-9690573bee8a} - c:\program files\youtube downloader toolbar\ie\4.3\youtubedownloaderToolbarIE.dll
uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\common files\mcafee\systemcore\ScriptSn.20110314002337.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: YouTube Downloader Toolbar: {f3fee66e-e034-436a-86e4-9690573bee8a} - c:\program files\youtube downloader toolbar\ie\4.3\youtubedownloaderToolbarIE.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
TB: YouTube Downloader Toolbar: {f3fee66e-e034-436a-86e4-9690573bee8a} - c:\program files\youtube downloader toolbar\ie\4.3\youtubedownloaderToolbarIE.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
mRun: [mcui_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [SuiteTray] "c:\program files\egistec mywinlockersuite\x86\SuiteTray.exe"
mRun: [EgisUpdate] "c:\program files\egistec ips\EgisUpdate.exe" -d
mRun: [EgisTecPMMUpdate] "c:\program files\egistec ips\PmmUpdate.exe"
mRun: [mwlDaemon] c:\program files\egistec mywinlocker\x86\mwlDaemon.exe
mRun: [Norton Online Backup] c:\program files\symantec\norton online backup\NOBuClient.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe -s
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [LManager] c:\program files\launch manager\LManager.exe
mRun: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
mRun: [PLFSetI] c:\windows\PLFSetI.exe
mRun: [Acer ePower Management] c:\program files\acer\acer epower management\ePowerTray.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [<NO NAME>]
mRun: [SearchSettings] "c:\program files\common files\spigot\search settings\SearchSettings.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
StartupFolder: c:\users\leelac~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
LSP: c:\program files\speedbit video accelerator\SBLSP.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\acer\acer vcm\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
Notify: igfxcui - igfxdev.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\leelac~1\appdata\roaming\mozilla\firefox\profiles\bwmxnw32.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://www.google.ca/
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=937811&p=
FF - component: c:\program files\mcafee\siteadvisor\components\McFFPlg.dll
FF - plugin: c:\progra~1\micros~4\office14\NPSPWRAP.DLL
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60310.0\npctrlui.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
.
============= SERVICES / DRIVERS ===============
.
R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2010-1-5 386840]
R0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2010-1-5 164840]
R1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\drivers\mfenlfk.sys [2010-1-5 64304]
R1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\drivers\mwlPSDFilter.sys [2009-6-2 18992]
R1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\drivers\mwlPSDNserv.sys [2009-6-2 16432]
R1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\drivers\mwlPSDVDisk.sys [2009-6-2 60976]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128]
R2 Application Updater;Application Updater;c:\program files\application updater\ApplicationUpdater.exe [2011-1-28 387072]
R2 cvhsvc;Client Virtualization Handler;c:\program files\common files\microsoft shared\virtualization handler\CVHSVC.EXE [2010-2-28 821664]
R2 DsiWMIService;Dritek WMI Service;c:\program files\launch manager\dsiwmis.exe [2010-11-26 321104]
R2 ePowerSvc;Acer ePower Service;c:\program files\acer\acer epower management\ePowerSvc.exe [2011-1-7 735776]
R2 GREGService;GREGService;c:\program files\acer\registration\GREGsvc.exe [2010-1-8 23584]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2011-3-14 271480]
R2 McMPFSvc;McAfee Personal Firewall Service;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2011-3-14 271480]
R2 McNaiAnn;McAfee VirusScan Announcer;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2011-3-14 271480]
R2 McProxy;McAfee Proxy Service;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2011-3-14 271480]
R2 McShield;McShield;c:\program files\common files\mcafee\systemcore\mcshield.exe [2010-11-26 171168]
R2 mfefire;McAfee Firewall Core Service;c:\program files\common files\mcafee\systemcore\mfefire.exe [2010-11-26 188136]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\common files\mcafee\systemcore\mfevtps.exe [2010-11-26 141792]
R2 NOBU;Norton Online Backup;c:\program files\symantec\norton online backup\NOBuAgent.exe [2010-6-1 2057560]
R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2010-1-5 55840]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\drivers\L1C62x86.sys [2010-11-26 68208]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2010-1-5 152960]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2010-1-5 52104]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2010-1-5 313288]
R3 NETw5s32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 32 Bit;c:\windows\system32\drivers\NETw5s32.sys [2010-11-26 6766080]
R3 Sftfs;Sftfs;c:\windows\system32\drivers\Sftfslh.sys [2010-4-24 550760]
R3 Sftplay;Sftplay;c:\windows\system32\drivers\Sftplaylh.sys [2010-4-24 195944]
R3 Sftredir;Sftredir;c:\windows\system32\drivers\Sftredirlh.sys [2010-4-24 21864]
R3 Sftvol;Sftvol;c:\windows\system32\drivers\Sftvollh.sys [2010-4-24 19304]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 EUCR;EUCR;c:\windows\system32\drivers\EUCR6SK.sys [2010-11-26 82768]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2010-1-5 84264]
S3 MWLService;MyWinLocker Service;c:\program files\egistec mywinlocker\x86\MWLService.exe [2010-5-26 305520]
S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-3-29 52224]
S4 McOobeSv;McAfee OOBE Service;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2011-3-14 271480]
.
=============== File Associations ===============
.
regfile="regedit.exe" "%1"
.
=============== Created Last 30 ================
.
2011-05-05 03:44:14 -------- d-----w- c:\users\leelac~1\appdata\roaming\Malwarebytes
2011-05-05 03:44:03 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-05-05 03:44:01 -------- d-----w- c:\progra~2\Malwarebytes
2011-05-05 03:43:57 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-05-05 03:43:56 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-05-01 06:03:55 -------- d-----w- c:\users\leelac~1\appdata\local\ElevatedDiagnostics
2011-04-27 04:25:58 31232 ----a-w- c:\windows\system32\prevhost.exe
2011-04-27 04:24:52 1699328 ----a-w- c:\windows\system32\esent.dll
2011-04-27 04:24:50 1211264 ----a-w- c:\windows\system32\drivers\ntfs.sys
2011-04-27 04:24:49 332160 ----a-w- c:\windows\system32\drivers\iaStorV.sys
2011-04-27 04:24:49 148864 ----a-w- c:\windows\system32\drivers\storport.sys
2011-04-27 04:24:48 80256 ----a-w- c:\windows\system32\drivers\amdsata.sys
2011-04-27 04:24:47 22400 ----a-w- c:\windows\system32\drivers\amdxata.sys
2011-04-27 04:24:47 143744 ----a-w- c:\windows\system32\drivers\nvstor.sys
2011-04-27 04:24:47 117120 ----a-w- c:\windows\system32\drivers\nvraid.sys
2011-04-27 04:24:46 74240 ----a-w- c:\windows\system32\fsutil.exe
2011-04-27 04:23:02 870912 ----a-w- c:\windows\system32\XpsPrint.dll
2011-04-27 04:22:52 2616320 ----a-w- c:\windows\explorer.exe
2011-04-27 04:05:51 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin7.dll
2011-04-27 04:05:51 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin6.dll
2011-04-27 04:05:51 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin5.dll
2011-04-27 04:05:51 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin4.dll
2011-04-27 04:05:51 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin3.dll
2011-04-27 04:05:51 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin2.dll
2011-04-27 04:05:51 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin.dll
2011-04-27 04:00:09 -------- d-----w- c:\users\leelac~1\appdata\local\Apple
2011-04-19 03:45:47 -------- d-----r- c:\program files\Skype
2011-04-17 21:26:52 -------- d-----w- c:\program files\Application Updater
2011-04-17 21:26:51 -------- d-----w- c:\program files\YouTube Downloader Toolbar
2011-04-17 21:26:51 -------- d-----w- c:\program files\common files\Spigot
2011-04-15 02:16:16 310272 ----a-w- c:\windows\system32\drivers\srv2.sys
2011-04-15 02:16:15 311808 ----a-w- c:\windows\system32\drivers\srv.sys
2011-04-15 02:16:15 114176 ----a-w- c:\windows\system32\drivers\srvnet.sys
2011-04-15 02:15:22 132608 ----a-w- c:\windows\system32\dnsrslvr.dll
2011-04-15 02:15:20 28672 ----a-w- c:\windows\system32\dnscacheugc.exe
2011-04-15 02:14:37 294912 ----a-w- c:\windows\system32\atmfd.dll
2011-04-15 02:14:36 34304 ----a-w- c:\windows\system32\atmlib.dll
2011-04-15 02:10:39 2333184 ----a-w- c:\windows\system32\win32k.sys
2011-04-15 02:09:53 191488 ----a-w- c:\windows\system32\FXSCOVER.exe
2011-04-15 02:09:43 288256 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-04-15 02:09:18 741376 ----a-w- c:\windows\system32\inetcomm.dll
2011-04-15 02:08:58 1137664 ----a-w- c:\windows\system32\mfc42.dll
2011-04-15 02:08:57 1164288 ----a-w- c:\windows\system32\mfc42u.dll
2011-04-15 02:08:31 69632 ----a-w- c:\windows\system32\drivers\bowser.sys
2011-04-15 02:08:31 123904 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-04-15 02:08:30 223232 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-04-15 02:08:29 96768 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2011-04-14 23:13:11 -------- d-----w- c:\users\leelac~1\appdata\local\{B0976E74-C981-49C0-9C27-43CD221BA911}
2011-04-14 23:13:06 -------- d-----w- c:\users\leelac~1\appdata\local\{302D368C-7911-46FC-9902-82936AA6FD2D}
2011-04-14 23:12:43 -------- d-----w- c:\users\leelac~1\appdata\roaming\Windows Live Writer
2011-04-14 23:12:43 -------- d-----w- c:\users\leelac~1\appdata\local\Windows Live Writer
2011-04-06 01:21:38 -------- d-----w- c:\users\leelac~1\appdata\roaming\OpenOffice.org
2011-04-06 01:09:54 -------- d-----w- c:\program files\OpenOffice.org 3
.
==================== Find3M ====================
.
2011-04-02 18:39:52 0 ----a-w- c:\windows\system32\sho41B3.tmp
2011-03-30 03:48:07 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-03-30 03:18:00 0 ----a-w- c:\windows\system32\sho43BA.tmp
2011-03-30 02:59:48 152576 ----a-w- c:\windows\system32\msclmd.dll
2011-03-28 06:02:47 0 ----a-w- c:\windows\system32\sho99AB.tmp
2011-03-25 05:26:09 0 ----a-w- c:\windows\system32\sho100F.tmp
2011-03-14 14:28:18 172032 ----a-w- c:\windows\system32\AniGIF.ocx
2011-02-19 06:30:54 805376 ----a-w- c:\windows\system32\FntCache.dll
2011-02-19 06:30:51 1076736 ----a-w- c:\windows\system32\DWrite.dll
2011-02-19 06:30:50 739840 ----a-w- c:\windows\system32\d2d1.dll
.
============= FINISH: 23:02:01.42 ===============

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_11-03-05.01)
.
Microsoft Windows 7 Starter
Boot Device: \Device\HarddiskVolume2
Install Date: 13/03/2011 1:32:16 PM
System Uptime: 04/05/2011 9:24:58 PM (2 hours ago)
.
Motherboard: Acer | | JE02_PT
Processor: Intel® Atom™ CPU N455 @ 1.66GHz | CPU | 1666/667mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 136 GiB total, 108.188 GiB free.
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP23: 21/04/2011 12:30:39 AM - Windows Update
RP24: 25/04/2011 1:23:26 AM - Windows Update
RP25: 26/04/2011 11:01:30 PM - Installed QuickTime
RP26: 27/04/2011 12:00:14 AM - Windows Update
RP27: 28/04/2011 12:46:48 AM - Windows Update
RP28: 29/04/2011 12:48:50 AM - Windows Update
RP29: 30/04/2011 1:37:46 AM - Windows Update
RP30: 30/04/2011 5:17:46 PM - Windows Update
RP31: 04/05/2011 2:32:47 AM - Language Pack Removal
.
==== Installed Programs ======================
.
Acer Crystal Eye webcam Ver:1.1.192.810
Acer ePower Management
Acer eRecovery Management
Acer Game Console
Acer Games
Acer Registration
Acer ScreenSaver
Acer Updater
Acer VCM
Acrobat.com
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.1 MUI
Apple Application Support
Apple Software Update
ASIO4ALL
Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver
Bejeweled 2 Deluxe
Blackhawk Striker 2
Chuzzle Deluxe
D3DX10
Diner Dash 2 Restaurant Rescue
Dora's Carnival Adventure
Drumaxx
eBay Worldwide
ENE USB Card Reader Driver
eSobi v2
Farm Frenzy
FATE
Final Drive Nitro
FL Studio 9
Hardcore
Identity Card
IL Download Manager
Insaniquarium Deluxe
Intel® Graphics Media Accelerator Driver
Intel® Rapid Storage Technology
Java Auto Updater
Java™ 6 Update 22
Java™ 6 Update 24
Jewel Quest
Jewel Quest - Heritage
Jewel Quest Solitaire 2
Junk Mail filter update
Launch Manager
Malwarebytes' Anti-Malware
McAfee Internet Security Suite
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Office 2010
Microsoft Office Click-to-Run 2010
Microsoft Office Starter 2010 - English
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Mozilla Firefox 4.0.1 (x86 en-US)
MSVCRT
MyWinLocker
MyWinLocker Suite
Norton Online Backup
OpenOffice.org 3.3
Penguins!
Plants vs. Zombies
PoiZone
Polar Bowler
QuickTime
Realtek High Definition Audio Driver
Sakura
Sawer
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Shredder
Skype™ 4.1
SpeedBit Video Accelerator
Synaptics Pointing Device Driver
Toxic Biohazard
Virtual Villagers 4 - The Tree of Life
Welcome Center
Windows 7 Upgrade Advisor
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Mail
Windows Live Messenger
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
YouTube Downloader 2.7.2
YouTube Downloader Toolbar v4.3
Zuma's Revenge
Zuma Deluxe
.
==== Event Viewer Messages From Past Week ========
.
04/05/2011 9:25:55 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: cdrom
02/05/2011 12:33:45 AM, Error: Service Control Manager [7034] - The McAfee Scanner service terminated unexpectedly. It has done this 1 time(s).
01/05/2011 12:59:33 AM, Error: Microsoft-Windows-WMPNSS-Service [14332] - Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x80070420'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly.
01/05/2011 12:56:22 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x000000c2 (0x00000007, 0x00001097, 0x000005fc, 0x8dbc0090). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 050111-17955-01.
.
==== End Of File ===========================

BC AdBot (Login to Remove)

 


#2 shelf life

shelf life

  • Malware Response Team
  • 2,651 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:10:11 AM

Posted 16 May 2011 - 03:05 PM

hi Stannousoxide,

Your post is a few days old. If you still need help simply reply back and we will start.

How Can I Reduce My Risk to Malware?


#3 Stannousoxide

Stannousoxide
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:11 AM

Posted 16 May 2011 - 03:38 PM

hi there :), yup i do still need help :/

#4 shelf life

shelf life

  • Malware Response Team
  • 2,651 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:10:11 AM

Posted 16 May 2011 - 08:26 PM

Hi,

Only malwarebytes has detected it? We will get a download to use. Its called combofix. There is a guide to read first. Read through the guide then apply the directions on your own machine. Post the combofix log in your reply:

Guide to using Combofix

How Can I Reduce My Risk to Malware?


#5 Stannousoxide

Stannousoxide
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:11 AM

Posted 18 May 2011 - 03:26 PM

yup only malwarebytes detected it. well here aree the logs:

ComboFix 11-05-17.03 - Lee La Croix 18/05/2011 15:52:43.1.2 - x86
Microsoft Windows 7 Starter 6.1.7601.1.1252.2.1033.18.1013.405 [GMT -5:00]
Running from: c:\users\Lee La Croix\Desktop\ComboFix.exe
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
FW: McAfee Firewall *Disabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\YouTube Downloader Toolbar\IE\4.3\yoUTubedownloadertoolbarie.dll
.
.
((((((((((((((((((((((((( Files Created from 2011-04-18 to 2011-05-18 )))))))))))))))))))))))))))))))
.
.
2011-05-18 21:12 . 2011-05-18 21:12 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-05-17 20:40 . 2011-05-17 20:40 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-05-16 00:57 . 2011-04-09 05:56 123904 ----a-w- c:\windows\system32\poqexec.exe
2011-05-12 00:42 . 2011-05-12 00:42 -------- d-----w- c:\program files\McAfeeMOBK
2011-05-12 00:42 . 2011-05-12 00:42 -------- dc----w- c:\windows\system32\DRVSTORE
2011-05-12 00:42 . 2010-04-14 01:10 54776 ----a-w- c:\windows\system32\drivers\MOBK.sys
2011-05-12 00:42 . 2011-05-12 00:42 -------- d-----w- c:\program files\McAfee Online Backup
2011-05-12 00:40 . 2011-04-14 19:01 24376 ----a-w- c:\program files\Mozilla Firefox\components\Scriptff.dll
2011-05-12 00:40 . 2011-04-14 19:01 9344 ----a-w- c:\windows\system32\drivers\mfeclnk.sys
2011-05-12 00:39 . 2011-04-14 19:01 165032 ----a-w- c:\windows\system32\drivers\mfewfpk.sys
2011-05-12 00:39 . 2011-04-14 19:01 84488 ----a-w- c:\windows\system32\drivers\mferkdet.sys
2011-05-12 00:39 . 2011-04-14 19:01 64584 ----a-w- c:\windows\system32\drivers\mfenlfk.sys
2011-05-12 00:39 . 2011-04-14 19:01 52320 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2011-05-12 00:39 . 2011-04-14 19:01 314088 ----a-w- c:\windows\system32\drivers\mfefirek.sys
2011-05-12 00:39 . 2011-04-14 19:01 153280 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2011-05-12 00:39 . 2011-04-14 19:01 56064 ----a-w- c:\windows\system32\drivers\cfwids.sys
2011-05-12 00:39 . 2011-04-18 14:15 7071056 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{07B091B5-6D94-4C5A-9E85-B7AB28F4F7C5}\mpengine.dll
2011-05-12 00:39 . 2011-02-02 23:11 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-05-12 00:38 . 2011-05-12 00:40 -------- d-----w- c:\program files\Common Files\Mcafee
2011-05-12 00:38 . 2011-05-12 00:38 -------- d-----w- c:\program files\McAfee.com
2011-05-12 00:20 . 2011-04-14 19:01 141792 ----a-w- c:\windows\system32\mfevtps.exe
2011-05-10 21:01 . 2011-03-25 02:57 43008 ----a-w- c:\windows\system32\drivers\usbehci.sys
2011-05-10 21:01 . 2011-03-25 02:58 258560 ----a-w- c:\windows\system32\drivers\usbhub.sys
2011-05-10 21:01 . 2011-03-25 02:58 284672 ----a-w- c:\windows\system32\drivers\usbport.sys
2011-05-10 21:01 . 2011-03-25 02:57 20480 ----a-w- c:\windows\system32\drivers\usbohci.sys
2011-05-10 21:01 . 2011-03-25 02:57 24064 ----a-w- c:\windows\system32\drivers\usbuhci.sys
2011-05-10 21:00 . 2011-03-25 02:57 5888 ----a-w- c:\windows\system32\drivers\usbd.sys
2011-05-10 21:00 . 2011-03-25 02:58 75776 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2011-05-10 21:00 . 2011-04-09 06:02 3967872 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-05-10 21:00 . 2011-04-09 06:02 3912576 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-05-05 03:44 . 2011-05-05 03:44 -------- d-----w- c:\users\Lee La Croix\AppData\Roaming\Malwarebytes
2011-05-05 03:44 . 2010-12-20 23:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-05-05 03:44 . 2011-05-05 03:44 -------- d-----w- c:\programdata\Malwarebytes
2011-05-05 03:43 . 2010-12-20 23:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-05-05 03:43 . 2011-05-05 03:44 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-05-01 06:03 . 2011-05-01 06:04 -------- d-----w- c:\users\Lee La Croix\AppData\Local\ElevatedDiagnostics
2011-04-27 04:25 . 2011-02-18 05:39 31232 ----a-w- c:\windows\system32\prevhost.exe
2011-04-27 04:24 . 2011-03-11 05:33 1699328 ----a-w- c:\windows\system32\esent.dll
2011-04-27 04:24 . 2011-03-11 05:39 1211264 ----a-w- c:\windows\system32\drivers\ntfs.sys
2011-04-27 04:24 . 2011-03-11 05:39 148864 ----a-w- c:\windows\system32\drivers\storport.sys
2011-04-27 04:24 . 2011-03-11 05:38 332160 ----a-w- c:\windows\system32\drivers\iaStorV.sys
2011-04-27 04:24 . 2011-03-11 05:38 80256 ----a-w- c:\windows\system32\drivers\amdsata.sys
2011-04-27 04:24 . 2011-03-11 05:39 143744 ----a-w- c:\windows\system32\drivers\nvstor.sys
2011-04-27 04:24 . 2011-03-11 05:39 117120 ----a-w- c:\windows\system32\drivers\nvraid.sys
2011-04-27 04:24 . 2011-03-11 05:38 22400 ----a-w- c:\windows\system32\drivers\amdxata.sys
2011-04-27 04:24 . 2011-03-11 05:31 74240 ----a-w- c:\windows\system32\fsutil.exe
2011-04-27 04:23 . 2011-03-12 11:23 870912 ----a-w- c:\windows\system32\XpsPrint.dll
2011-04-27 04:22 . 2011-02-25 05:30 2616320 ----a-w- c:\windows\explorer.exe
2011-04-27 04:05 . 2011-04-27 04:05 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin7.dll
2011-04-27 04:05 . 2011-04-27 04:05 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin6.dll
2011-04-27 04:05 . 2011-04-27 04:05 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin5.dll
2011-04-27 04:05 . 2011-04-27 04:05 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin4.dll
2011-04-27 04:05 . 2011-04-27 04:05 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin3.dll
2011-04-27 04:05 . 2011-04-27 04:05 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin2.dll
2011-04-27 04:05 . 2011-04-27 04:05 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin.dll
2011-04-27 04:03 . 2011-04-27 04:05 -------- d-----w- c:\program files\QuickTime
2011-04-27 04:03 . 2011-04-27 04:03 -------- d-----w- c:\programdata\Apple Computer
2011-04-27 04:00 . 2011-04-27 04:00 -------- d-----w- c:\program files\Common Files\Apple
2011-04-27 04:00 . 2011-04-27 04:00 -------- d-----w- c:\users\Lee La Croix\AppData\Local\Apple
2011-04-27 03:59 . 2011-04-27 03:59 -------- d-----w- c:\program files\Apple Software Update
2011-04-27 03:59 . 2011-04-27 03:59 -------- d-----w- c:\programdata\Apple
2011-04-19 03:46 . 2011-05-18 20:33 -------- d-----w- c:\users\Lee La Croix\AppData\Roaming\Skype
2011-04-19 03:45 . 2011-04-19 03:45 -------- d-----r- c:\program files\Skype
2011-04-19 03:45 . 2011-04-19 03:45 -------- d-----w- c:\programdata\Skype
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-04-14 19:01 . 2011-03-15 21:33 95824 ----a-w- c:\windows\system32\drivers\mfeapfk.sys
2011-04-14 19:01 . 2011-03-15 21:33 387480 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2011-04-02 18:39 . 2011-04-02 18:39 0 ----a-w- c:\windows\system32\sho41B3.tmp
2011-03-30 23:04 . 2010-06-24 16:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-03-30 03:48 . 2011-03-30 03:49 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-03-30 03:18 . 2011-03-30 03:18 0 ----a-w- c:\windows\system32\sho43BA.tmp
2011-03-30 02:59 . 2009-07-14 02:05 152576 ----a-w- c:\windows\system32\msclmd.dll
2011-03-28 06:02 . 2011-03-28 06:02 0 ----a-w- c:\windows\system32\sho99AB.tmp
2011-03-25 05:26 . 2011-03-25 05:26 0 ----a-w- c:\windows\system32\sho100F.tmp
2011-03-14 14:28 . 2011-03-14 14:28 172032 ----a-w- c:\windows\system32\AniGIF.ocx
2011-03-11 05:33 . 2011-04-15 02:08 1137664 ----a-w- c:\windows\system32\mfc42.dll
2011-03-11 05:33 . 2011-04-15 02:08 1164288 ----a-w- c:\windows\system32\mfc42u.dll
2011-03-08 05:28 . 2011-04-15 02:09 741376 ----a-w- c:\windows\system32\inetcomm.dll
2011-03-03 05:38 . 2011-04-15 02:15 132608 ----a-w- c:\windows\system32\dnsrslvr.dll
2011-03-03 05:36 . 2011-04-15 02:15 28672 ----a-w- c:\windows\system32\dnscacheugc.exe
2011-03-03 03:42 . 2011-04-15 02:10 2333184 ----a-w- c:\windows\system32\win32k.sys
2011-02-24 05:38 . 2011-04-15 02:09 288256 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-02-23 04:48 . 2011-04-15 02:16 311808 ----a-w- c:\windows\system32\drivers\srv.sys
2011-02-23 04:48 . 2011-04-15 02:16 310272 ----a-w- c:\windows\system32\drivers\srv2.sys
2011-02-23 04:47 . 2011-04-15 02:16 114176 ----a-w- c:\windows\system32\drivers\srvnet.sys
2011-02-23 04:47 . 2011-04-15 02:08 223232 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-02-23 04:47 . 2011-04-15 02:08 96768 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2011-02-23 04:47 . 2011-04-15 02:08 123904 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-02-23 04:47 . 2011-04-15 02:08 69632 ----a-w- c:\windows\system32\drivers\bowser.sys
2011-02-19 06:30 . 2011-03-29 04:32 805376 ----a-w- c:\windows\system32\FntCache.dll
2011-02-19 06:30 . 2011-03-29 04:32 1076736 ----a-w- c:\windows\system32\DWrite.dll
2011-02-19 06:30 . 2011-03-29 04:32 739840 ----a-w- c:\windows\system32\d2d1.dll
2011-02-19 06:30 . 2011-04-15 02:14 34304 ----a-w- c:\windows\system32\atmlib.dll
2011-02-19 04:34 . 2011-04-15 02:14 294912 ----a-w- c:\windows\system32\atmfd.dll
2011-04-29 04:01 . 2011-03-24 22:10 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2011-04-14 19:01 . 2011-05-12 00:40 24376 ----a-w- c:\program files\mozilla firefox\components\Scriptff.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2010-05-27 03:40 120176 ----a-w- c:\program files\EgisTec MyWinLocker\x86\PSDProtect.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MOBK]
@="{3c3f3c1a-9153-7c05-f938-622e7003894d}"
[HKEY_CLASSES_ROOT\CLSID\{3c3f3c1a-9153-7c05-f938-622e7003894d}]
2010-04-14 01:11 2872120 ----a-w- c:\program files\McAfee Online Backup\MOBKshell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MOBK2]
@="{e6ea1d7d-144e-b977-98c4-84c53c1a69d0}"
[HKEY_CLASSES_ROOT\CLSID\{e6ea1d7d-144e-b977-98c4-84c53c1a69d0}]
2010-04-14 01:11 2872120 ----a-w- c:\program files\McAfee Online Backup\MOBKshell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MOBK3]
@="{b4caf489-1eec-c617-49ad-8d7088598c06}"
[HKEY_CLASSES_ROOT\CLSID\{b4caf489-1eec-c617-49ad-8d7088598c06}]
2010-04-14 01:11 2872120 ----a-w- c:\program files\McAfee Online Backup\MOBKshell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-10-09 25623336]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SuiteTray"="c:\program files\EgisTec MyWinLockerSuite\x86\SuiteTray.exe" [2010-05-27 337264]
"EgisUpdate"="c:\program files\EgisTec IPS\EgisUpdate.exe" [2010-03-11 201584]
"EgisTecPMMUpdate"="c:\program files\EgisTec IPS\PmmUpdate.exe" [2010-03-11 407920]
"mwlDaemon"="c:\program files\EgisTec MyWinLocker\x86\mwlDaemon.exe" [2010-05-27 349552]
"Norton Online Backup"="c:\program files\Symantec\Norton Online Backup\NOBuClient.exe" [2010-06-01 966488]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-28 35696]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2010-11-19 9874024]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-06-16 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-06-16 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-06-16 150552]
"LManager"="c:\program files\Launch Manager\LManager.exe" [2010-08-10 975952]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-02-05 1692968]
"PLFSetI"="c:\windows\PLFSetI.exe" [2011-01-07 206208]
"Acer ePower Management"="c:\program files\Acer\Acer ePower Management\ePowerTray.exe" [2010-06-11 715296]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"SearchSettings"="c:\program files\Common Files\Spigot\Search Settings\SearchSettings.exe" [2011-01-28 526336]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-12-20 963976]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2011-04-05 1195408]
.
c:\users\Lee La Croix\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.3.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Acer VCM.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Acer VCM.lnk
backup=c:\windows\pss\Acer VCM.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpeedBitVideoAccelerator]
2011-03-14 14:28 2092232 ----a-w- c:\program files\SpeedBit Video Accelerator\VideoAccelerator.exe
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 VideoAcceleratorService;VideoAcceleratorService;c:\progra~1\SPEEDB~1\VideoAcceleratorService.exe [2011-03-14 421576]
R3 EUCR;EUCR;c:\windows\system32\DRIVERS\EUCR6SK.SYS [2010-06-17 82768]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2011-04-14 84488]
R3 MWLService;MyWinLocker Service;c:\program files\EgisTec MyWinLocker\x86\MWLService.exe [2010-05-27 305520]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4640000]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2011-04-14 165032]
S1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys [2011-04-14 64584]
S1 MOBKFilter;MOBKFilter;c:\windows\system32\DRIVERS\MOBK.sys [2010-04-14 54776]
S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys [2009-06-03 18992]
S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys [2009-06-03 16432]
S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys [2009-06-03 60976]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 Application Updater;Application Updater;c:\program files\Application Updater\ApplicationUpdater.exe [2011-01-28 387072]
S2 cvhsvc;Client Virtualization Handler;c:\program files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2010-02-28 821664]
S2 DsiWMIService;Dritek WMI Service;c:\program files\Launch Manager\dsiwmis.exe [2010-08-10 321104]
S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [2010-06-11 735776]
S2 GREGService;GREGService;c:\program files\Acer\Registration\GREGsvc.exe [2010-01-08 23584]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe [2010-03-10 271480]
S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe [2010-03-10 271480]
S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe [2010-03-10 271480]
S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2011-04-14 188136]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2011-04-14 141792]
S2 MOBKbackup;McAfee Online Backup;c:\program files\McAfee Online Backup\MOBKbackup.exe [2010-04-14 229688]
S2 NOBU;Norton Online Backup;c:\program files\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE [x]
S2 RS_Service;Raw Socket Service;c:\program files\Acer\Acer VCM\RS_Service.exe [2010-01-30 260640]
S2 sftlist;Application Virtualization Client;c:\program files\Microsoft Application Virtualization Client\sftlist.exe [2010-04-24 483688]
S2 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [2010-01-29 243232]
S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2011-04-14 56064]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x86.sys [2010-08-24 68208]
S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2011-04-14 314088]
S3 NETw5s32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 32 Bit;c:\windows\system32\DRIVERS\NETw5s32.sys [2010-05-31 6766080]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2010-04-24 550760]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2010-04-24 195944]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2010-04-24 21864]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2010-04-24 19304]
S3 sftvsa;Application Virtualization Service Agent;c:\program files\Microsoft Application Virtualization Client\sftvsa.exe [2010-04-24 209768]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - mfeavfk01
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS FontCache fdrespub AppIDSvc QWAVE wcncsvc
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://acer.msn.com
mStart Page = hxxp://acer.msn.com
LSP: c:\program files\SpeedBit Video Accelerator\SBLSP.dll
FF - ProfilePath - c:\users\Lee La Croix\AppData\Roaming\Mozilla\Firefox\Profiles\bwmxnw32.default\
FF - prefs.js: browser.search.selectedEngine - Secure Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.ca/
FF - prefs.js: keyword.URL - hxxp://ca.search.yahoo.com/search?fr=mcafee&p=
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3205660775-502178414-3542264114-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-3205660775-502178414-3542264114-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2011-05-18 16:20:02
ComboFix-quarantined-files.txt 2011-05-18 21:20
.
Pre-Run: 113,037,459,456 bytes free
Post-Run: 112,936,943,616 bytes free
.
- - End Of File - - 1F7F28C5DC80FCCF335B607089042CA0

#6 shelf life

shelf life

  • Malware Response Team
  • 2,651 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:10:11 AM

Posted 22 May 2011 - 12:59 PM

Sorry for the delay, havent been on line lately. Logs look ok. Can you post the log from Malwarebytes as that's whats finding "spigot" Maybe a false positive. Check MBAM for updates first then scan:

If an update is found, it will download and install the latest version.

Once the program has loaded, select Perform FULL SCAN, then click Scan.
When the scan is complete, click OK, then Show Results to view the results.

Be sure that everything is checked, and click *Remove Selected.*

*A restart of your computer may be required to remove some items. If prompted please restart your computer to complete the fix.*

When completed, a log will open in Notepad. Please save it to a convenient location. The log can also be opened by going to Start > All Programs > Malwarebytes' Anti-Malware > Logs > log-date.txt
Post the log in your reply.

How Can I Reduce My Risk to Malware?


#7 Stannousoxide

Stannousoxide
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:11 AM

Posted 23 May 2011 - 10:03 AM

no prob ,sadly i still see it when i start up, and when firefox opens up i keep recieving a msg that it tried to change my settings. well my friend, here is the mbam log:

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6641

Windows 6.1.7601 Service Pack 1
Internet Explorer 9.0.8112.16421

23/05/2011 3:23:48 AM
mbam-log-2011-05-23 (03-23-48).txt

Scan type: Full scan (C:\|)
Objects scanned: 251360
Time elapsed: 2 hour(s), 25 minute(s), 17 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

#8 shelf life

shelf life

  • Malware Response Team
  • 2,651 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:10:11 AM

Posted 24 May 2011 - 08:48 PM

Take a look here using explorer and delete the entire Spigot folder:

c:\program files\Common Files\Spigot\Search Settings\SearchSettings.exe

If you dont see it post back, we may have to change the folder view options first.
Were getting closer to removing it.

If you do delete it next; start Internet explorer and at the top click on tools>internet options.
Under the advanced tab, near the bottom click on the Reset Settings button I think its called then apply and ok. Exit. This will set IE options back to there defaults.

Edited by shelf life, 24 May 2011 - 08:51 PM.

How Can I Reduce My Risk to Malware?


#9 Stannousoxide

Stannousoxide
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:11 AM

Posted 24 May 2011 - 11:53 PM

i tried to delete but it says that the folder is in use by another program, even with internet disconnected :/ i guess we have to figure out what that is

#10 shelf life

shelf life

  • Malware Response Team
  • 2,651 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:10:11 AM

Posted 25 May 2011 - 08:03 PM

ok.Boot your computer into safe mode and delete it. To reach safe mode you would tap the f8 key during a computer restart, chose the first option from the list: safe mode. Log into your usual account. Once at the safe mode desktop look for and delete the entire folder. Reset IE back to its defaults also. Restart computer normally and see how it goes from there.

How Can I Reduce My Risk to Malware?


#11 Stannousoxide

Stannousoxide
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:11 AM

Posted 25 May 2011 - 09:44 PM

well that i followed through, even resetted firefox's settings and all. from those actions, it seems like it has been eradicated, hopefully... :) i must thank you greatly for this :thumbsup: ........keep on fighting viruses my friend :clapping:

#12 shelf life

shelf life

  • Malware Response Team
  • 2,651 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:10:11 AM

Posted 26 May 2011 - 05:36 PM

Hi

ok Good. You are welcome. Your malware was pretty tame compared to some and easily removed.

You can remove combofix like this:

start>run and type in combofix /unisntall
click ok or enter
note the space after the x and before the /

Getting a 'run' window in Windows 7 may be different. Just post back if you need help.

Remember the free version of malwarebytes must be updated manually and a scan started manually. Its good practise to check for updates once a week or so even if you dont scan with it at that time.

And last, some tips to help you remain malware free:

10 Tips for Prevention and Avoidance of Malware:

There is no reason why your computer can not stay malware free.


No software can think for you. Help yourself. In no special order:

1) It is essential to keep your operating system (Windows) browser (IE, FireFox, Chrome, Opera) and other software up to date to "patch" vulnerabilities that could be exploited. Visit Windows Update frequently or use the Windows auto-update feature. Staying updated is also essential for web based applications, browser plugins and addons like Java, Adobe Flash/Reader, iTunes etc. More and more third party applications are being targeted. Use the auto-update features available in most software. Not sure if you are using the latest version of software? Check their version status and get the updates here.


2) Know what you are installing to your computer. Alot of software can come bundled with unwanted add-ons, like adware, toolbars and malware. More and more legitimate software is installing useless toolbars if not unchecked first. Do not install any files from ads, popups or random links. Do not fall for fake warnings about virus and trojans being found on your computer and you are then prompted to install software to remedy this. See also the signs that you may have malware on your computer.


3) Install and keep updated: one antivirus and two or three anti-malware applications. If not updated they will soon be worthless. If either of these frequently find malware then its time to *review your computer habits*.


4) Refrain from clicking on links or attachments via E-Mail, IM, IRC, Chat Rooms, Blogs or Social Networking Sites, no matter how tempting or legitimate the message may seem. Do you trust the source? See also E-mail phishing Tricks.


5) Do not click on ads/pop ups or offers from websites requesting that you need to install software to your computer--*for any reason*. Use the Alt+F4 keys to close the window.


6) Don't click on offers to "scan" your computer. Install ActiveX Objects with care. Do you trust the website to install components?


7) Consider the use of limited (non-privileged) accounts for everyday use, rather than administrator accounts. Limited accounts can help prevent *malware from installing and lessen its potential impact.* This is exactly what user account control (UAC) in Windows Vista and Windows 7 attempts to address.


8) Install and understand the *limitations* of a software firewall.


9) A slide show how to for securing Internet Explorer 8.0 for safer surfing. How to harden FireFox. for safer surfing.


10) Warez, cracks etc are very popular for carrying malware payloads.If you download/install files via p2p networks you will encounter malware. A file can be named anything be nothing but malware or have malware bundled in it. Can you really trust the source of the file?


More info/tips with pictures, links below

Happy Safe Surfing

How Can I Reduce My Risk to Malware?


#13 Stannousoxide

Stannousoxide
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:11 AM

Posted 29 May 2011 - 01:34 PM

combo fix is all uninstalled,thanks for all the help and info man :thumbup2:




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users