Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Search Engine redirect and random radio play


  • This topic is locked This topic is locked
18 replies to this topic

#1 cogers99

cogers99

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:09:51 PM

Posted 10 June 2011 - 08:30 AM

Several days ago while visiting a blog I have visited many times before my computer was infected with some malware. The first sign was the fake defrag request. I was able to get rid of this malware pretty easily (I think), but realized later I was still infected when all search engines would perform the search but when I click on the page I want to see it takes me to about 3 random websites instead of the one I intended to see. I also have random radio play at odd times for no reason. When this happens I have closed down the internet and it will continue to play. I have been through the steps of the preparation guide before posting this message, but gmer.exe will not finish. The first 2 times I tried to run it the computer shut down during the scanning process the third time I got an error message. Shame on me for not writing down exactly what it said. I will try again after posting and write it down.

.
DDS (Ver_2011-06-03.01) - NTFSx86
Internet Explorer: 7.0.6002.18005 BrowserJavaVersion: 1.6.0_19
Run by margaret at 13:02:59 on 2011-06-09
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.1790.873 [GMT -4:00]
.
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\IEUser.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files\iWin Games\iWinTrusted.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\SMINST\BLService.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Windows\WindowsMobile\wmdc.exe
C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
C:\Program Files\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe
C:\Windows\system32\svchost.exe -k WindowsMobile
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\system32\sdclt.exe
C:\Windows\system32\ctfmon.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=83&bd=Presario&pf=cnnb
uSearch Page =
uSearch Bar =
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=83&bd=Presario&pf=cnnb
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=83&bd=Presario&pf=cnnb
uInternet Settings,ProxyOverride = *.local
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [QPService] "c:\program files\hp\quickplay\QPService.exe"
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [QlbCtrl.exe] c:\program files\hewlett-packard\hp quick launch buttons\QlbCtrl.exe /Start
mRun: [hpqSRMon]
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [hpWirelessAssistant] c:\program files\hewlett-packard\hp wireless assistant\HPWAMain.exe
mRun: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdc.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [HP Health Check Scheduler] c:\program files\hewlett-packard\hp health check\HPHC_Scheduler.exe
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [<NO NAME>]
mRun: [Adobe Acrobat Speed Launcher] "c:\program files\adobe\acrobat 10.0\acrobat\Acrobat_sl.exe"
mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 10.0\acrobat\Acrotray.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 10.0\reader\Reader_sl.exe"
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{5F9AB37B-CAF1-4143-8200-F60D8F4D8D3B} : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{C6017628-BB08-4891-B1CA-85F9A46FF332} : DhcpNameServer = 172.168.30.1
mASetup: Neat ADF Scanner 2008 - reg copy "HKLM\Software\The Neat Company\Neat ADF Scanner 2008" "HKCU\Software\The Neat Company\Neat ADF Scanner 2008" /s /f
.
============= SERVICES / DRIVERS ===============
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-5-27 441176]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2011-5-27 307928]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2011-5-27 19544]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-5-27 53592]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2011-5-27 42184]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
R2 iWinTrusted;iWinTrusted;c:\program files\iwin games\iWinTrusted.exe [2011-4-8 176848]
R2 Recovery Service for Windows;Recovery Service for Windows;c:\windows\sminst\BLService.exe [2008-8-11 361808]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2008-12-25 24652]
R3 Com4QLBEx;Com4QLBEx;c:\program files\hewlett-packard\hp quick launch buttons\Com4QLBEx.exe [2008-8-11 193840]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2008-5-9 43040]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-11-4 136176]
S3 GamesAppService;GamesAppService;c:\program files\wildtangent games\app\GamesAppService.exe [2010-10-12 206072]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-11-4 136176]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2011-06-08 11:13:32 6962000 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{ca34e69f-fb76-4812-a126-31a100190bb3}\mpengine.dll
2011-05-28 12:37:06 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2011-05-28 11:57:44 -------- d-----w- c:\program files\CCleaner
2011-05-27 17:50:25 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-05-27 17:50:23 53592 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2011-05-27 17:49:10 40112 ----a-w- c:\windows\avastSS.scr
2011-05-27 17:48:51 -------- d-----w- c:\programdata\AVAST Software
2011-05-27 17:48:51 -------- d-----w- c:\program files\AVAST Software
2011-05-27 15:54:24 17480 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2011-05-27 15:54:22 -------- d-----w- c:\program files\Hitman Pro 3.5
2011-05-27 15:53:11 -------- d-----w- c:\programdata\Hitman Pro
2011-05-27 12:18:28 -------- d-----w- c:\users\margaret\appdata\local\MigWiz
2011-05-25 20:57:46 -------- d-----w- c:\users\margaret\appdata\roaming\Malwarebytes
2011-05-25 20:57:20 -------- d-----w- c:\programdata\Malwarebytes
2011-05-12 22:46:49 2409784 ----a-w- c:\program files\windows mail\OESpamFilter.dat
.
==================== Find3M ====================
.
2011-03-12 21:55:52 876032 ----a-w- c:\windows\system32\XpsPrint.dll
.
============= FINISH: 13:04:05.54 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:51 PM

Posted 11 June 2011 - 09:56 PM

Hello and welcome. Please follow these guidelines while we work on your PC:
  • Malware removal is a sometimes lengthy and tedious process. Please stick with the thread until I’ve given you the “All clear.” Absence of symptoms does not mean your machine is clean!
  • Please do not run any scans or install/uninstall any applications without being directed to do so.
  • Please note that the forum is very busy and if I don't hear from you within five days this thread will be closed.
Posted Image Please download Rootkit Unhooker and save it on your desktop.
  • Disable your security programs
  • Double click RKUnhookerLE.exe to run it
  • Click the Report tab, then click Scan
  • Check Drivers, Stealth Code, Files, and Code Hooks
  • Uncheck the rest, then click OK
  • When prompted to Select Disks for Scan, make sure C:\ is checked and click OK
  • Wait till the scanner has finished then go File > Save Report
  • Save the report somewhere you can find it. Click Close
  • Copy the entire contents of the report and paste it in your next reply.
Note - You may get this warning it is ok, just ignore it:

"Rootkit Unhooker has detected a parasite inside itself!
It is recommended to remove parasite, okay?"

Please include the following in your next post:
  • RootkitUnhooker log

Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#3 cogers99

cogers99
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:09:51 PM

Posted 12 June 2011 - 02:49 PM

Attempted to downlaod and run this afternoon. At some point during the scan this error message came up.

Error message -
Sorry, but unhandeled exception has occured
Program will be terminated
Exception code: 0XC0000005
Instruction address : 0x0E271000

Error log generated, please report to developers

#4 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:51 PM

Posted 12 June 2011 - 03:19 PM

cogers99:

Please try this:

Posted Image Download aswMBR.exe ( 511KB ) to your desktop.
  • Double click the aswMBR.exe to run it
  • Click the "Scan" button to start scan
  • On completion of the scan click save log, save it to your desktop and post in your next reply.
Please include the following in your next post:
  • aswMBR log

Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#5 cogers99

cogers99
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:09:51 PM

Posted 12 June 2011 - 03:30 PM

aswMBR version 0.9.6.399 Copyright© 2011 AVAST Software
Run date: 2011-06-12 16:25:00
-----------------------------
16:25:00.862 OS Version: Windows 6.0.6002 Service Pack 2
16:25:00.862 Number of processors: 2 586 0x301
16:25:00.863 ComputerName: MARGARET-PC UserName: margaret
16:25:02.716 AVAST engine 6.0.1125 defs: 11061202
16:25:02.717 Initialize success
16:25:10.302 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP3T0L0-5
16:25:10.305 Disk 0 Vendor: ST9160827AS 3.AHC Size: 152627MB BusType: 3
16:25:12.360 Disk 0 MBR read successfully
16:25:12.363 Disk 0 MBR scan
16:25:12.765 Disk 0 unknown MBR code
16:25:14.783 Disk 0 scanning sectors +312573952
16:25:14.829 Disk 0 scanning C:\Windows\system32\drivers
16:25:30.558 Service scanning
16:25:32.161 Disk 0 trace - called modules:
16:25:32.205 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll >>UNKNOWN [0x85cdb1ed]<<
16:25:32.210 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x856cc1f0]
16:25:32.215 3 CLASSPNP.SYS[807a98b3] -> nt!IofCallDriver -> [0x84e63918]
16:25:32.220 5 acpi.sys[806176bc] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP3T0L0-5[0x844d1b98]
16:25:32.226 \Driver\atapi[0x844cb830] -> IRP_MJ_INTERNAL_DEVICE_CONTROL -> 0x85cdb1ed
16:25:32.234 AVAST engine scan C:\Windows\system32
16:26:29.364 File C:\Windows\system32\dssenh32.exe **INFECTED** Win32:Downloader-HVX [Trj]
16:27:54.109 Scan finished successfully
16:28:25.671 Disk 0 MBR has been saved successfully to "C:\Users\margaret\Desktop\MBR.dat"
16:28:25.679 The log file has been saved successfully to "C:\Users\margaret\Desktop\aswMBR.txt"

#6 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:51 PM

Posted 12 June 2011 - 03:37 PM

cogers99:

Excellent! Now do this:

Posted Image Download Combofix from either of the links below, and save it to your desktop.

Link 1
Link 2

**Note: It is important that it is saved directly to your desktop**

--------------------------------------------------------------------
IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link
--------------------------------------------------------------------

Double click on ComboFix.exe & follow the prompts.
  • If you have trouble, stop and post back. Do not try to repeatedly run comboFix!
  • When finished, it will produce a report for you.
.
Please include the following in your next post:
  • ComboFix log

Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#7 cogers99

cogers99
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:09:51 PM

Posted 12 June 2011 - 03:56 PM

A little over half way through the the Combofix scan it froze and after a few minutes the computer shut down.

#8 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:51 PM

Posted 12 June 2011 - 05:30 PM

cogers99:

Please boot into the Safe Mode and run ComboFix again.

Please include the following in your next post:
  • ComboFix log

Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#9 cogers99

cogers99
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:09:51 PM

Posted 12 June 2011 - 07:37 PM

Tried again in safe mode and half way through it swutched to a blue screen with lots of writing. I tried to read the writing but before I had a chance it shut down. I do think we are making progress though as my internet now seems a little faster and I tried a google search and it worked.

#10 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:51 PM

Posted 12 June 2011 - 08:12 PM

cogers99:

Posted Image Run aswMBR.exe again
  • Double click the aswMBR.exe to run it
  • Click the "Scan" button to start scan
  • On completion of the scan click save log, save it to your desktop and post in your next reply.
Posted Image Download OTL to your desktop.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of OTL.txt into your next post. I don't need to see Attach.txt
Please include the following in your next post:
  • aswMBR log
  • OTL.txt log

Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#11 cogers99

cogers99
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:09:51 PM

Posted 12 June 2011 - 09:23 PM

First I wanted to let you know that during the OTL scan a box titled USER ACCOUNT CONTROL came open and requested to open msiexec.exe. I have hit cancel several times but it just reopens.

aswMBR version 0.9.6.399 Copyright© 2011 AVAST Software
Run date: 2011-06-12 22:04:04
-----------------------------
22:04:04.088 OS Version: Windows 6.0.6002 Service Pack 2
22:04:04.088 Number of processors: 2 586 0x301
22:04:04.104 ComputerName: MARGARET-PC UserName: margaret
22:04:19.657 AVAST engine 6.0.1125 defs: 11061202
22:04:19.657 Initialize success
22:04:23.657 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP3T0L0-5
22:04:23.661 Disk 0 Vendor: ST9160827AS 3.AHC Size: 152627MB BusType: 3
22:04:25.693 Disk 0 MBR read successfully
22:04:25.697 Disk 0 MBR scan
22:04:25.703 Disk 0 unknown MBR code
22:04:27.718 Disk 0 scanning sectors +312573952
22:04:27.752 Disk 0 scanning C:\Windows\system32\drivers
22:04:49.111 Service scanning
22:04:51.389 Disk 0 trace - called modules:
22:04:51.404 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll >>UNKNOWN [0x85cb01ed]<<
22:04:51.404 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x856bb5e0]
22:04:51.420 3 CLASSPNP.SYS[807a98b3] -> nt!IofCallDriver -> [0x84e5e848]
22:04:51.420 5 acpi.sys[806176bc] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP3T0L0-5[0x84e40b98]
22:04:51.420 \Driver\atapi[0x844d45a0] -> IRP_MJ_INTERNAL_DEVICE_CONTROL -> 0x85cb01ed
22:04:51.436 AVAST engine scan C:\Windows\system32
22:05:54.153 File C:\Windows\system32\dssenh32.exe **INFECTED** Win32:Downloader-HVX [Trj]
22:07:20.545 Scan finished successfully
22:07:47.036 Disk 0 MBR has been saved successfully to "C:\Users\margaret\Desktop\MBR.dat"
22:07:47.068 The log file has been saved successfully to "C:\Users\margaret\Desktop\aswMBR.txt"




OTL logfile created on: 6/12/2011 10:10:19 PM - Run 1
OTL by OldTimer - Version 3.2.24.0 Folder = C:\Users\margaret\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.75 Gb Total Physical Memory | 0.89 Gb Available Physical Memory | 50.88% Memory free
3.74 Gb Paging File | 2.80 Gb Available in Paging File | 74.97% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 139.19 Gb Total Space | 81.51 Gb Free Space | 58.56% Space Free | Partition Type: NTFS
Drive D: | 9.85 Gb Total Space | 1.54 Gb Free Space | 15.61% Space Free | Partition Type: NTFS
Drive E: | 4.38 Gb Total Space | 3.79 Gb Free Space | 86.48% Space Free | Partition Type: UDF

Computer Name: MARGARET-PC | User Name: margaret | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/06/12 22:09:35 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\margaret\Desktop\OTL.exe
PRC - [2011/06/12 08:04:21 | 000,775,168 | ---- | M] (AIDEX Team) -- C:\ProgramData\framedyn32.exe
PRC - [2011/06/12 08:04:21 | 000,775,168 | ---- | M] (AIDEX Team) -- C:\Windows\System32\dssenh32.exe
PRC - [2011/05/10 08:10:58 | 003,459,712 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2011/05/10 08:10:57 | 000,042,184 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2011/04/08 11:17:40 | 000,176,848 | ---- | M] (iWin Inc.) -- C:\Program Files\iWin Games\iWinTrusted.exe
PRC - [2010/12/14 10:49:23 | 001,169,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sdclt.exe
PRC - [2010/10/25 16:13:42 | 000,821,144 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
PRC - [2009/04/11 02:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/04/26 04:15:26 | 000,361,808 | ---- | M] () -- C:\Windows\SMINST\BLService.exe
PRC - [2008/01/20 22:23:32 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2007/01/04 17:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe


========== Modules (SafeList) ==========

MOD - [2011/06/12 22:09:35 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\margaret\Desktop\OTL.exe
MOD - [2011/05/10 08:10:55 | 000,199,792 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\snxhk.dll
MOD - [2010/08/31 11:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/06/12 08:04:21 | 000,775,168 | ---- | M] (AIDEX Team) [Auto | Running] -- C:\Windows\System32\dssenh32.exe -- (GamesAppService32)
SRV - [2011/05/10 08:10:57 | 000,042,184 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2011/04/08 11:17:40 | 000,176,848 | ---- | M] (iWin Inc.) [Auto | Running] -- C:\Program Files\iWin Games\iWinTrusted.exe -- (iWinTrusted)
SRV - [2010/10/12 13:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2008/04/26 04:15:26 | 000,361,808 | ---- | M] () [Auto | Running] -- C:\Windows\SMINST\BLService.exe -- (Recovery Service for Windows)
SRV - [2008/01/20 22:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/01/24 12:21:24 | 000,375,176 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007/01/24 12:21:14 | 000,177,032 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
SRV - [2007/01/04 17:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) [Auto | Running] -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)


========== Driver Services (SafeList) ==========

DRV - [2011/05/10 08:03:54 | 000,441,176 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2011/05/10 08:03:44 | 000,307,928 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011/05/10 08:02:37 | 000,049,240 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011/05/10 07:59:56 | 000,025,432 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011/05/10 07:59:44 | 000,053,592 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2011/05/10 07:59:35 | 000,019,544 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2009/07/23 21:01:00 | 009,791,072 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2009/04/11 02:28:18 | 000,542,720 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\blackbox.dll -- (BlackBox)
DRV - [2009/04/11 00:42:52 | 000,031,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (winusb)
DRV - [2008/06/05 12:58:42 | 000,222,208 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CHDRT32.sys -- (CnxtHdAudService)
DRV - [2008/05/09 15:17:32 | 000,043,040 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA)
DRV - [2008/04/27 15:07:44 | 000,909,824 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2008/04/24 18:51:46 | 000,014,848 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvsmu.sys -- (nvsmu)
DRV - [2008/01/29 09:55:00 | 001,042,464 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVENETFD)
DRV - [2007/10/17 19:36:54 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2007/07/11 13:30:22 | 000,007,168 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\HpqRemHid.sys -- (HpqRemHid)
DRV - [2007/06/18 20:12:04 | 000,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=83&bd=Presario&pf=cnnb
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=83&bd=Presario&pf=cnnb

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=83&bd=Presario&pf=cnnb
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=83&bd=Presario&pf=cnnb
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 2
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = DC 3B FB 01 4C 03 49 42 B4 0A 70 1D F9 55 29 1E [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Bing"
FF - prefs.js..extensions.enabledItems: {0C7E3F01-99E9-4095-9BDC-F84724960B57}:5.0.0.4
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.3.20100310105313
FF - prefs.js..extensions.enabledItems: {98e34367-8df7-42b4-837b-20b892ff0849}:1.6
FF - prefs.js..extensions.enabledItems: smartwebprinting@hp.com:4.60
FF - prefs.js..extensions.enabledItems: {F17C1572-C9EC-4e5c-A542-D05CBB5C5A08}:9.5.0.0
FF - prefs.js..extensions.enabledItems: check4change-owner@mozdev.org:1.7.1
FF - prefs.js..extensions.enabledItems: FFToolbar@upromise:7.0.0.3873
FF - prefs.js..keyword.URL: "http://bing.zugotoolbar.com/s/?iesrc=IE-Address&site=Bing&q="


FF - HKLM\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/04/18 13:43:54 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{98e34367-8df7-42b4-837b-20b892ff0849}: C:\ProgramData\iWin Games\firefox [2009/01/05 15:53:57 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\web2pdfextension@web2pdf.adobedotcom: C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2010/12/29 23:13:17 | 000,000,000 | ---D | M]

[2009/01/02 01:31:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\margaret\AppData\Roaming\Mozilla\Extensions
[2011/06/12 12:19:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\margaret\AppData\Roaming\Mozilla\Firefox\Profiles\lrmpye9k.default\extensions
[2009/04/28 09:00:25 | 000,000,000 | ---D | M] (Coupon Manager) -- C:\Users\margaret\AppData\Roaming\Mozilla\Firefox\Profiles\lrmpye9k.default\extensions\{0C7E3F01-99E9-4095-9BDC-F84724960B57}
[2010/10/02 15:45:36 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\margaret\AppData\Roaming\Mozilla\Firefox\Profiles\lrmpye9k.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/10/02 15:45:36 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\margaret\AppData\Roaming\Mozilla\Firefox\Profiles\lrmpye9k.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2011/06/12 22:09:12 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Users\margaret\AppData\Roaming\Mozilla\Firefox\Profiles\lrmpye9k.default\extensions\{6fa0844a-d1f2-4246-a6f2-a85624c56aa5}
[2010/10/06 13:09:35 | 000,000,000 | ---D | M] (Check4Change) -- C:\Users\margaret\AppData\Roaming\Mozilla\Firefox\Profiles\lrmpye9k.default\extensions\check4change-owner@mozdev.org
[2010/10/19 21:16:14 | 000,000,000 | ---D | M] ("Upromise TurboSaver") -- C:\Users\margaret\AppData\Roaming\Mozilla\Firefox\Profiles\lrmpye9k.default\extensions\FFToolbar@upromise
[2010/04/28 14:52:19 | 000,001,836 | ---- | M] () -- C:\Users\margaret\AppData\Roaming\Mozilla\Firefox\Profiles\lrmpye9k.default\searchplugins\bing-ff.xml
[2010/10/21 22:38:22 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2009/07/29 23:08:22 | 000,000,000 | ---D | M] (RealArcade V3 Plugin) -- C:\Program Files\Mozilla Firefox\extensions\npmozax@real.com
File not found (No name found) -- C:\PROGRAM FILES\DAP\DAPFIREFOX
[2010/04/18 13:43:54 | 000,000,000 | ---D | M] (HP Smart Web Printing) -- C:\PROGRAM FILES\HP\DIGITAL IMAGING\SMART WEB PRINTING\MOZILLAADDON3
[2009/01/05 15:53:57 | 000,000,000 | ---D | M] (iWinGames Plugin) -- C:\PROGRAMDATA\IWIN GAMES\FIREFOX
[2010/03/24 11:37:19 | 000,393,216 | ---- | M] (Invenda Corporation) -- C:\Program Files\Mozilla Firefox\plugins\NPcol400.dll
[2009/11/19 17:16:28 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npCouponPrinter.dll
[2009/11/19 17:16:29 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npMozCouponPrinter.dll
[2009/08/31 11:28:34 | 000,147,456 | ---- | M] (Oberon Media) -- C:\Program Files\Mozilla Firefox\plugins\npMyGames.dll
[2009/03/30 17:13:54 | 000,098,304 | ---- | M] (RealNetworks) -- C:\Program Files\Mozilla Firefox\plugins\npraclient.dll
[2009/05/28 07:32:57 | 000,163,840 | ---- | M] (CNN) -- C:\Program Files\Mozilla Firefox\plugins\NPTURNMED.dll

O1 HOSTS File: ([2006/09/18 17:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {01FB3BDC-034C-4249-B40A-701DF955291e} - C:\Windows\System32\atmfd32.dll ()
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (48e4c506) - {A009A287-83AC-DFB7-50AE-2ED59E760312} - C:\ProgramData\atmfd32.dll (Dmitry Streblechenko)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [hpqSRMon] File not found
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] File not found
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [SunJavaUpdateSched] File not found
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Recovery present
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O20 - AppInit_DLLs: (C:\ProgramData\atmfd32.dll) - C:\ProgramData\atmfd32.dll (Dmitry Streblechenko)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\margaret\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\margaret\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/08/11 15:50:39 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2011/06/09 11:54:29 | 000,000,000 | RH-- | M] () - E:\autorun.wbcat -- [ UDF ]
O32 - AutoRun File - [2011/06/09 11:54:29 | 000,000,130 | ---- | M] () - E:\autorun.inf -- [ UDF ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/06/12 22:09:25 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\margaret\Desktop\OTL.exe
[2011/06/12 16:45:04 | 000,000,000 | ---D | C] -- C:\32788R22FWJFW
[2011/06/12 16:43:47 | 004,120,119 | R--- | C] (Swearware) -- C:\Users\margaret\Desktop\ComboFix.exe
[2011/06/12 16:24:27 | 000,581,120 | ---- | C] (AVAST Software) -- C:\Users\margaret\Desktop\aswMBR.exe
[2011/06/12 12:19:18 | 000,775,168 | ---- | C] (AIDEX Team) -- C:\ProgramData\framedyn32.exe
[2011/06/12 12:19:17 | 000,175,616 | ---- | C] (Dmitry Streblechenko) -- C:\ProgramData\atmfd32.dll
[2011/06/12 12:19:14 | 000,775,168 | ---- | C] (AIDEX Team) -- C:\Windows\System32\dssenh32.exe
[2011/06/12 08:04:23 | 000,775,168 | ---- | C] (AIDEX Team) -- C:\Users\margaret\msiexec.exe
[2011/06/12 08:04:15 | 000,775,168 | ---- | C] (AIDEX Team) -- C:\Users\margaret\0.03967712894043007.exe
[2011/06/09 13:45:49 | 000,000,000 | ---D | C] -- C:\ProgramData\WindowsSearch
[2011/06/09 13:09:05 | 000,000,000 | ---D | C] -- C:\Users\margaret\Desktop\gmer
[2011/06/09 12:58:42 | 000,607,222 | R--- | C] (Swearware) -- C:\Users\margaret\Desktop\dds.scr
[2011/05/31 09:20:53 | 000,000,000 | ---D | C] -- C:\Users\margaret\Documents\tdsskiller[1]
[2011/05/28 08:37:06 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2011/05/28 08:30:32 | 007,734,208 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\margaret\Desktop\mbam-setup-1.50.1.1100.exe
[2011/05/28 08:16:55 | 001,431,344 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\margaret\Desktop\googleredirectrid.exe
[2011/05/28 07:57:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2011/05/28 07:57:44 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2011/05/27 13:50:30 | 000,019,544 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2011/05/27 13:50:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
[2011/05/27 13:50:29 | 000,307,928 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2011/05/27 13:50:26 | 000,025,432 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr.sys
[2011/05/27 13:50:25 | 000,441,176 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
[2011/05/27 13:50:25 | 000,049,240 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2011/05/27 13:50:23 | 000,053,592 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2011/05/27 13:49:10 | 000,040,112 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2011/05/27 13:49:09 | 000,199,304 | ---- | C] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2011/05/27 13:48:51 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2011/05/27 13:48:51 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2011/05/27 12:46:29 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2011/05/27 11:54:22 | 000,000,000 | ---D | C] -- C:\Program Files\Hitman Pro 3.5
[2011/05/27 11:53:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Hitman Pro
[2011/05/27 08:18:28 | 000,000,000 | ---D | C] -- C:\Users\margaret\AppData\Local\MigWiz
[2011/05/25 16:57:46 | 000,000,000 | ---D | C] -- C:\Users\margaret\AppData\Roaming\Malwarebytes
[2011/05/25 16:57:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/05/24 14:17:37 | 000,000,000 | ---D | C] -- C:\Users\margaret\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Vista Recovery
[1 C:\Users\margaret\Desktop\*.tmp files -> C:\Users\margaret\Desktop\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/06/12 22:12:55 | 000,774,656 | ---- | M] () -- C:\Users\margaret\0.4891875382846501.exe
[2011/06/12 22:09:35 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\margaret\Desktop\OTL.exe
[2011/06/12 22:07:47 | 000,000,512 | ---- | M] () -- C:\Users\margaret\Desktop\MBR.dat
[2011/06/12 22:03:37 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/06/12 22:03:36 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/06/12 20:33:55 | 000,604,502 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/06/12 20:33:55 | 000,104,170 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/06/12 20:29:38 | 000,000,246 | ---- | M] () -- C:\Users\Public\Documents\hpqp.ini
[2011/06/12 20:29:09 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/06/12 20:28:52 | 000,003,216 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/06/12 20:28:52 | 000,003,216 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/06/12 20:28:50 | 000,032,156 | ---- | M] () -- C:\ProgramData\nvModes.001
[2011/06/12 20:28:39 | 1877,344,256 | -HS- | M] () -- C:\hiberfil.sys
[2011/06/12 20:28:29 | 131,492,526 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011/06/12 16:53:39 | 000,000,024 | ---- | M] () -- C:\ProgramData\68179254
[2011/06/12 16:43:56 | 004,120,119 | R--- | M] (Swearware) -- C:\Users\margaret\Desktop\ComboFix.exe
[2011/06/12 16:24:32 | 000,581,120 | ---- | M] (AVAST Software) -- C:\Users\margaret\Desktop\aswMBR.exe
[2011/06/12 12:19:18 | 000,000,092 | ---- | M] () -- C:\Windows\System32\1111065124
[2011/06/12 12:19:17 | 000,175,616 | ---- | M] (Dmitry Streblechenko) -- C:\ProgramData\atmfd32.dll
[2011/06/12 12:19:12 | 000,350,720 | ---- | M] () -- C:\Windows\System32\atmfd32.dll
[2011/06/12 12:09:03 | 000,139,264 | ---- | M] () -- C:\Users\margaret\Desktop\RKUnhookerLE.EXE
[2011/06/12 11:43:13 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2011/06/12 08:04:21 | 000,775,168 | ---- | M] (AIDEX Team) -- C:\Users\margaret\msiexec.exe
[2011/06/12 08:04:21 | 000,775,168 | ---- | M] (AIDEX Team) -- C:\ProgramData\framedyn32.exe
[2011/06/12 08:04:21 | 000,775,168 | ---- | M] (AIDEX Team) -- C:\Windows\System32\dssenh32.exe
[2011/06/12 08:04:21 | 000,775,168 | ---- | M] (AIDEX Team) -- C:\Users\margaret\0.03967712894043007.exe
[2011/06/09 13:08:34 | 000,293,977 | ---- | M] () -- C:\Users\margaret\Desktop\gmer.zip
[2011/06/09 12:55:44 | 000,607,222 | R--- | M] (Swearware) -- C:\Users\margaret\Desktop\dds.scr
[2011/06/09 12:54:20 | 000,000,000 | ---- | M] () -- C:\Users\margaret\defogger_reenable
[2011/06/02 06:56:31 | 000,007,808 | ---- | M] () -- C:\Users\margaret\AppData\Local\d3d9caps.dat
[2011/05/28 08:30:33 | 007,734,208 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\margaret\Desktop\mbam-setup-1.50.1.1100.exe
[2011/05/28 08:17:14 | 001,431,344 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\margaret\Desktop\googleredirectrid.exe
[2011/05/28 07:57:45 | 000,000,764 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2011/05/27 13:50:30 | 000,001,789 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2011/05/27 13:50:23 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2011/05/27 12:23:13 | 000,000,949 | ---- | M] () -- C:\Users\margaret\Application Data\Microsoft\Internet Explorer\Quick Launch\Internet Explorer.lnk
[2011/05/27 11:54:24 | 000,017,480 | ---- | M] () -- C:\Windows\System32\drivers\hitmanpro35.sys
[2011/05/27 08:07:22 | 000,000,949 | ---- | M] () -- C:\Users\margaret\Desktop\Internet Explorer.lnk
[2011/05/25 21:43:41 | 000,000,334 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleFormargaret.job
[2011/05/24 14:17:39 | 000,000,144 | ---- | M] () -- C:\ProgramData\~45080312r
[2011/05/24 14:17:39 | 000,000,112 | ---- | M] () -- C:\ProgramData\~45080312
[2011/05/24 14:17:34 | 000,000,328 | ---- | M] () -- C:\ProgramData\45080312
[2011/05/24 14:00:53 | 000,032,156 | ---- | M] () -- C:\ProgramData\nvModes.dat
[1 C:\Users\margaret\Desktop\*.tmp files -> C:\Users\margaret\Desktop\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/06/12 22:12:49 | 000,774,656 | ---- | C] () -- C:\Users\margaret\0.4891875382846501.exe
[2011/06/12 20:28:39 | 1877,344,256 | -HS- | C] () -- C:\hiberfil.sys
[2011/06/12 20:28:29 | 131,492,526 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2011/06/12 16:28:25 | 000,000,512 | ---- | C] () -- C:\Users\margaret\Desktop\MBR.dat
[2011/06/12 12:41:41 | 000,000,024 | ---- | C] () -- C:\ProgramData\68179254
[2011/06/12 12:19:14 | 000,000,092 | ---- | C] () -- C:\Windows\System32\1111065124
[2011/06/12 12:19:12 | 000,350,720 | ---- | C] () -- C:\Windows\System32\atmfd32.dll
[2011/06/12 12:08:59 | 000,139,264 | ---- | C] () -- C:\Users\margaret\Desktop\RKUnhookerLE.EXE
[2011/06/09 13:08:26 | 000,293,977 | ---- | C] () -- C:\Users\margaret\Desktop\gmer.zip
[2011/06/09 12:54:20 | 000,000,000 | ---- | C] () -- C:\Users\margaret\defogger_reenable
[2011/05/28 07:57:45 | 000,000,764 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2011/05/27 13:50:30 | 000,001,789 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2011/05/27 12:23:13 | 000,000,949 | ---- | C] () -- C:\Users\margaret\Application Data\Microsoft\Internet Explorer\Quick Launch\Internet Explorer.lnk
[2011/05/27 11:54:24 | 000,017,480 | ---- | C] () -- C:\Windows\System32\drivers\hitmanpro35.sys
[2011/05/27 08:07:22 | 000,000,949 | ---- | C] () -- C:\Users\margaret\Desktop\Internet Explorer.lnk
[2011/05/24 14:17:39 | 000,000,144 | ---- | C] () -- C:\ProgramData\~45080312r
[2011/05/24 14:17:38 | 000,000,112 | ---- | C] () -- C:\ProgramData\~45080312
[2011/05/24 14:17:34 | 000,000,328 | ---- | C] () -- C:\ProgramData\45080312
[2010/12/15 18:02:41 | 000,000,116 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
[2010/10/21 23:08:30 | 000,002,560 | ---- | C] () -- C:\Windows\_MSRSTRT.EXE
[2010/04/18 13:43:27 | 000,023,090 | ---- | C] () -- C:\Windows\hpqins15.dat
[2010/03/09 21:33:46 | 000,000,000 | ---- | C] () -- C:\Users\margaret\AppData\Roaming\wklnhst.dat
[2009/12/16 16:26:18 | 000,004,096 | ---- | C] () -- C:\Windows\d3dx.dat
[2009/09/24 07:06:19 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/09/24 07:06:18 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/08/07 15:00:57 | 000,007,808 | ---- | C] () -- C:\Users\margaret\AppData\Local\d3d9caps.dat
[2009/08/03 16:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/08/03 16:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2009/04/10 21:35:06 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat
[2009/01/20 08:48:17 | 000,010,752 | ---- | C] () -- C:\Users\margaret\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/12/26 09:10:10 | 000,032,156 | ---- | C] () -- C:\ProgramData\nvModes.001
[2008/12/25 22:25:49 | 000,032,156 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2008/12/25 16:01:48 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008/11/26 14:56:42 | 000,003,948 | ---- | C] () -- C:\Windows\System32\drivers\nvphy.bin
[2008/08/11 16:05:13 | 000,101,605 | ---- | C] () -- C:\Windows\hpqins13.dat
[2006/11/02 08:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 08:47:37 | 000,312,048 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 08:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 06:33:01 | 000,604,502 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 06:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 06:33:01 | 000,104,170 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 06:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 06:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 04:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 04:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 03:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 03:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006/03/09 05:58:00 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll

========== LOP Check ==========

[2011/04/25 22:39:40 | 000,000,000 | ---D | M] -- C:\Users\margaret\AppData\Roaming\aliasworlds
[2010/02/15 10:10:14 | 000,000,000 | ---D | M] -- C:\Users\margaret\AppData\Roaming\Amazon
[2009/01/06 23:26:25 | 000,000,000 | ---D | M] -- C:\Users\margaret\AppData\Roaming\BeachPartyCraze
[2010/01/03 17:22:06 | 000,000,000 | ---D | M] -- C:\Users\margaret\AppData\Roaming\BlamGames
[2009/11/04 16:31:52 | 000,000,000 | ---D | M] -- C:\Users\margaret\AppData\Roaming\Boolat Games
[2010/04/26 21:01:18 | 000,000,000 | ---D | M] -- C:\Users\margaret\AppData\Roaming\Boomzap
[2009/12/14 21:29:59 | 000,000,000 | ---D | M] -- C:\Users\margaret\AppData\Roaming\Camel101
[2010/04/19 21:04:38 | 000,000,000 | ---D | M] -- C:\Users\margaret\AppData\Roaming\CasualForge
[2010/09/19 13:09:37 | 000,000,000 | ---D | M] -- C:\Users\margaret\AppData\Roaming\com.picaboo.Picaboo.A382D4714709B456C4E0088DFC1F7243AF9EBF75.1
[2010/03/24 11:37:19 | 000,000,000 | ---D | M] -- C:\Users\margaret\AppData\Roaming\E-centives
[2009/11/09 16:28:49 | 000,000,000 | ---D | M] -- C:\Users\margaret\AppData\Roaming\EleFun Games
[2011/04/06 14:59:20 | 000,000,000 | ---D | M] -- C:\Users\margaret\AppData\Roaming\Farm Mania
[2011/04/16 13:17:32 | 000,000,000 | ---D | M] -- C:\Users\margaret\AppData\Roaming\Farm Mania 2
[2011/04/18 15:22:53 | 000,000,000 | ---D | M] -- C:\Users\margaret\AppData\Roaming\Farm Mania 2.1
[2010/05/01 12:52:42 | 000,000,000 | ---D | M] -- C:\Users\margaret\AppData\Roaming\freshgames
[2010/01/10 21:18:38 | 000,000,000 | ---D | M] -- C:\Users\margaret\AppData\Roaming\Friday's games
[2009/11/08 23:16:54 | 000,000,000 | ---D | M] -- C:\Users\margaret\AppData\Roaming\funkitron
[2009/08/17 20:14:14 | 000,000,000 | ---D | M] -- C:\Users\margaret\AppData\Roaming\Gamelab
[2009/07/29 20:44:09 | 000,000,000 | ---D | M] -- C:\Users\margaret\AppData\Roaming\Home Sweet Home
[2009/09/23 19:52:47 | 000,000,000 | ---D | M] -- C:\Users\margaret\AppData\Roaming\iWin
[2009/02/16 16:32:50 | 000,000,000 | ---D | M] -- C:\Users\margaret\AppData\Roaming\iWin_DressUpRush
[2009/01/12 22:11:42 | 000,000,000 | ---D | M] -- C:\Users\margaret\AppData\Roaming\Jane s Hotel
[2011/02/05 16:43:42 | 000,000,000 | ---D | M] -- C:\Users\margaret\AppData\Roaming\MusicNet
[2009/02/25 15:38:37 | 000,000,000 | ---D | M] -- C:\Users\margaret\AppData\Roaming\muvee Technologies
[2009/10/10 15:00:28 | 000,000,000 | ---D | M] -- C:\Users\margaret\AppData\Roaming\My Games
[2010/12/15 18:02:41 | 000,000,000 | ---D | M] -- C:\Users\margaret\AppData\Roaming\Neat
[2010/06/26 23:03:45 | 000,000,000 | ---D | M] -- C:\Users\margaret\AppData\Roaming\NFT
[2010/12/15 18:02:34 | 000,000,000 | ---D | M] -- C:\Users\margaret\AppData\Roaming\Nuance
[2009/08/03 15:12:51 | 000,000,000 | ---D | M] -- C:\Users\margaret\AppData\Roaming\Oberon Games
[2010/04/21 18:23:38 | 000,000,000 | ---D | M] -- C:\Users\margaret\AppData\Roaming\Peace Craft
[2010/08/28 00:31:09 | 000,000,000 | ---D | M] -- C:\Users\margaret\AppData\Roaming\PeaceCraft2
[2009/10/15 18:13:08 | 000,000,000 | ---D | M] -- C:\Users\margaret\AppData\Roaming\PetShowCraze
[2010/01/06 20:54:59 | 000,000,000 | ---D | M] -- C:\Users\margaret\AppData\Roaming\PlayFirst
[2011/04/30 14:31:27 | 000,000,000 | ---D | M] -- C:\Users\margaret\AppData\Roaming\Playrix Entertainment
[2009/08/26 15:03:13 | 000,000,000 | ---D | M] -- C:\Users\margaret\AppData\Roaming\Skip-Bo
[2009/01/02 10:05:28 | 000,000,000 | ---D | M] -- C:\Users\margaret\AppData\Roaming\SpinTop
[2010/03/09 21:33:47 | 000,000,000 | ---D | M] -- C:\Users\margaret\AppData\Roaming\Template
[2010/10/08 19:01:40 | 000,000,000 | ---D | M] -- C:\Users\margaret\AppData\Roaming\Unity
[2009/10/13 14:14:06 | 000,000,000 | ---D | M] -- C:\Users\margaret\AppData\Roaming\ValuSoft
[2010/01/08 19:08:19 | 000,000,000 | ---D | M] -- C:\Users\margaret\AppData\Roaming\YoudaGames
[2011/06/12 11:43:13 | 000,032,550 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 98 bytes -> C:\ProgramData\TEMP:94A6C632
@Alternate Data Stream - 85 bytes -> C:\ProgramData:$SS_DESCRIPTOR_PVF2V6GKMV89TFNYTK1RVLNJCMSSYUL1F8LLHJKPL04E4B89XY8T1NGKK68HJM4DTVVVVVVVTVVJVK
@Alternate Data Stream - 398 bytes -> C:\ProgramData\TEMP:CF696327
@Alternate Data Stream - 397 bytes -> C:\ProgramData\TEMP:6283A8D3
@Alternate Data Stream - 338 bytes -> C:\ProgramData\TEMP:D81A09B0
@Alternate Data Stream - 311 bytes -> C:\ProgramData\TEMP:141BCC26
@Alternate Data Stream - 305 bytes -> C:\ProgramData\TEMP:B8CAAE22
@Alternate Data Stream - 292 bytes -> C:\ProgramData\TEMP:7524F6CC
@Alternate Data Stream - 246 bytes -> C:\ProgramData\TEMP:F1F85068
@Alternate Data Stream - 239 bytes -> C:\ProgramData\TEMP:F986CC21
@Alternate Data Stream - 239 bytes -> C:\ProgramData\TEMP:AF2BFDCB
@Alternate Data Stream - 227 bytes -> C:\ProgramData\TEMP:BAC2F271
@Alternate Data Stream - 164 bytes -> C:\ProgramData\TEMP:C663BCCD
@Alternate Data Stream - 153 bytes -> C:\ProgramData\TEMP:8FEE4959
@Alternate Data Stream - 148 bytes -> C:\ProgramData\TEMP:CBEB737E
@Alternate Data Stream - 147 bytes -> C:\ProgramData\TEMP:6ECD2470
@Alternate Data Stream - 147 bytes -> C:\ProgramData\TEMP:21192FCF
@Alternate Data Stream - 146 bytes -> C:\ProgramData\TEMP:9E999B93
@Alternate Data Stream - 146 bytes -> C:\ProgramData\TEMP:351730E8
@Alternate Data Stream - 145 bytes -> C:\ProgramData\TEMP:33D788AB
@Alternate Data Stream - 145 bytes -> C:\ProgramData\TEMP:0E22C5DB
@Alternate Data Stream - 144 bytes -> C:\ProgramData\TEMP:EB9EF516
@Alternate Data Stream - 144 bytes -> C:\ProgramData\TEMP:9B750A13
@Alternate Data Stream - 144 bytes -> C:\ProgramData\TEMP:64EC809E
@Alternate Data Stream - 144 bytes -> C:\ProgramData\TEMP:000A1C66
@Alternate Data Stream - 143 bytes -> C:\ProgramData\TEMP:BACB6B6C
@Alternate Data Stream - 142 bytes -> C:\ProgramData\TEMP:D8C377A4
@Alternate Data Stream - 142 bytes -> C:\ProgramData\TEMP:CA99FD89
@Alternate Data Stream - 142 bytes -> C:\ProgramData\TEMP:4149A170
@Alternate Data Stream - 142 bytes -> C:\ProgramData\TEMP:38FF076E
@Alternate Data Stream - 142 bytes -> C:\ProgramData\TEMP:1E53D1D0
@Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP:3F1D69E8
@Alternate Data Stream - 139 bytes -> C:\ProgramData\TEMP:434C6E35
@Alternate Data Stream - 138 bytes -> C:\ProgramData\TEMP:E23C405D
@Alternate Data Stream - 138 bytes -> C:\ProgramData\TEMP:7FD199E4
@Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:03460648
@Alternate Data Stream - 136 bytes -> C:\ProgramData\TEMP:C76BA037
@Alternate Data Stream - 136 bytes -> C:\ProgramData\TEMP:C1F48741
@Alternate Data Stream - 136 bytes -> C:\ProgramData\TEMP:4001342B
@Alternate Data Stream - 135 bytes -> C:\ProgramData\TEMP:B0BD7797
@Alternate Data Stream - 135 bytes -> C:\ProgramData\TEMP:9C0CEDAF
@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:2CEFEABF
@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:1B565D04
@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:03F9B551
@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:EBFD4E6F
@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:D6BEA85D
@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:C085F80B
@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:980E793B
@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:96EE29A3
@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:30FF836C
@Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:30E8F700
@Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:14168AA3
@Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:FEC6F1CA
@Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:9BE587B9
@Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:4BD41AB7
@Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:0CE9D399
@Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:DA18D4E3
@Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:C058FCE5
@Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:64D6413B
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:F1065817
@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:F878F14A
@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:354E094D
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:E0372C7B
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:A9339169
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:76C56CCB
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:36EEEDAC
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:CFFC9DD0
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:9F2B366E
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:09A43FB1
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:F76441C8
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:CB6B9259
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:AED4FFF5
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:91E2E553
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:887EAE14
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:721C42E8
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:61EAC7DA
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:5FC8527A
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:257AC7F8
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:1BEAD68C
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:D3635B61
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:68B61847
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:472EB08A
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:E4FBF8BD
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:A5264343
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:7D371AB2
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:51387F29
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:39613F68
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:F43B7E8F
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:BDA516A4
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:9A1A77DD
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:385BC52C
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:206E2596
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:17AA63F0
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:FB647F34
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:FA408F93
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:E3314716
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:CB0FEE2B
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:94124B85
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:6C5EC3CD
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:60F6915A
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:13AA281B
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:A06F3DCC
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:2CC3B9D1
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:CB283BE7
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:7F74B4CE
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:517B507A
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:44245B7A
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:25FBE882
@Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:D6D87980
@Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:7DF1EF45
@Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:6A9CF5CA
@Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:42478B0E
@Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:3D0C4F47
@Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:2B11E0DF
@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:737EACFF
@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:6EE5C3ED
@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:2AEB42F1
@Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:5496D52A
@Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:5BB2BD38
@Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:0C42CD73
@Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:5FBFA4F2
@Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:530B6B9E
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:E40EED9B
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:AC0528D9
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:39BCA499
@Alternate Data Stream - 108 bytes -> C:\ProgramData\TEMP:015DC393
@Alternate Data Stream - 107 bytes -> C:\ProgramData\TEMP:DE6EED8B
@Alternate Data Stream - 107 bytes -> C:\ProgramData\TEMP:8A628F34
@Alternate Data Stream - 107 bytes -> C:\ProgramData\TEMP:2CCC1C56
@Alternate Data Stream - 106 bytes -> C:\ProgramData\TEMP:37F609AD
@Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:3F7C1917
@Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:97C48BE0
@Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:3A6BC948

< End of report >

#12 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:51 PM

Posted 12 June 2011 - 09:54 PM

cogers99:

Posted Image Run OTL.exe
  • Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL

    :OTL
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
    O4 - HKLM..\Run: [] File not found
    O4 - HKLM..\Run: [hpqSRMon] File not found
    O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] File not found
    O4 - HKLM..\Run: [SunJavaUpdateSched] File not found
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
    PRC - [2011/06/12 08:04:21 | 000,775,168 | ---- | M] (AIDEX Team) -- C:\ProgramData\framedyn32.exe
    PRC - [2011/06/12 08:04:21 | 000,775,168 | ---- | M] (AIDEX Team) -- C:\Windows\System32\dssenh32.exe
    SRV - [2011/06/12 08:04:21 | 000,775,168 | ---- | M] (AIDEX Team) [Auto | Running] -- C:\Windows\System32\dssenh32.exe -- (GamesAppService32)
    O2 - BHO: (no name) - {01FB3BDC-034C-4249-B40A-701DF955291e} - C:\Windows\System32\atmfd32.dll ()
    O2 - BHO: (48e4c506) - {A009A287-83AC-DFB7-50AE-2ED59E760312} - C:\ProgramData\atmfd32.dll (Dmitry Streblechenko)
    O20 - AppInit_DLLs: (C:\ProgramData\atmfd32.dll) - C:\ProgramData\atmfd32.dll (Dmitry Streblechenko)
    [2011/06/12 12:19:18 | 000,775,168 | ---- | C] (AIDEX Team) -- C:\ProgramData\framedyn32.exe
    [2011/06/12 12:19:17 | 000,175,616 | ---- | C] (Dmitry Streblechenko) -- C:\ProgramData\atmfd32.dll
    [2011/06/12 12:19:14 | 000,775,168 | ---- | C] (AIDEX Team) -- C:\Windows\System32\dssenh32.exe
    [2011/06/12 08:04:23 | 000,775,168 | ---- | C] (AIDEX Team) -- C:\Users\margaret\msiexec.exe
    [2011/06/12 08:04:15 | 000,775,168 | ---- | C] (AIDEX Team) -- C:\Users\margaret\0.03967712894043007.exe
    [2011/06/12 22:12:55 | 000,774,656 | ---- | M] () -- C:\Users\margaret\0.4891875382846501.exe
    [2011/06/12 16:43:56 | 004,120,119 | R--- | M] (Swearware) -- C:\Users\margaret\Desktop\ComboFix.exe
    [2011/06/12 12:19:18 | 000,000,092 | ---- | M] () -- C:\Windows\System32\1111065124
    [2011/06/12 12:19:17 | 000,175,616 | ---- | M] (Dmitry Streblechenko) -- C:\ProgramData\atmfd32.dll
    [2011/06/12 12:19:12 | 000,350,720 | ---- | M] () -- C:\Windows\System32\atmfd32.dll
    [2011/06/12 08:04:21 | 000,775,168 | ---- | M] (AIDEX Team) -- C:\Users\margaret\msiexec.exe
    [2011/06/12 08:04:21 | 000,775,168 | ---- | M] (AIDEX Team) -- C:\ProgramData\framedyn32.exe
    [2011/06/12 08:04:21 | 000,775,168 | ---- | M] (AIDEX Team) -- C:\Windows\System32\dssenh32.exe
    [2011/06/12 08:04:21 | 000,775,168 | ---- | M] (AIDEX Team) -- C:\Users\margaret\0.03967712894043007.exe
    [2011/06/12 22:12:49 | 000,774,656 | ---- | C] () -- C:\Users\margaret\0.4891875382846501.exe
    [2011/06/12 12:41:41 | 000,000,024 | ---- | C] () -- C:\ProgramData\68179254
    [2011/06/12 12:19:14 | 000,000,092 | ---- | C] () -- C:\Windows\System32\1111065124
    [2011/06/12 12:19:12 | 000,350,720 | ---- | C] () -- C:\Windows\System32\atmfd32.dll  
    :Commands
    [EmptyFlash]
    [EmptyTemp]
    [Purity]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, it will reboot when it is done and produce a log
Posted Image Now try ComboFix again.

Please include the following in your next post:
  • OTL Fix log
  • ComboFix log

Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#13 cogers99

cogers99
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:09:51 PM

Posted 13 June 2011 - 06:46 AM

OTL LOG

All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\hpqSRMon deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Malwarebytes' Anti-Malware (reboot) deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\SunJavaUpdateSched deleted successfully.
Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
C:\Windows\Downloaded Program Files\gp.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Process framedyn32.exe killed successfully!
Process dssenh32.exe killed successfully!
Service GamesAppService32 stopped successfully!
Service GamesAppService32 deleted successfully!
C:\Windows\System32\dssenh32.exe moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{01FB3BDC-034C-4249-B40A-701DF955291e}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{01FB3BDC-034C-4249-B40A-701DF955291e}\ deleted successfully.
C:\Windows\System32\atmfd32.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A009A287-83AC-DFB7-50AE-2ED59E760312}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A009A287-83AC-DFB7-50AE-2ED59E760312}\ deleted successfully.
C:\ProgramData\atmfd32.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:C:\ProgramData\atmfd32.dll deleted successfully.
File C:\ProgramData\atmfd32.dll not found.
C:\ProgramData\framedyn32.exe moved successfully.
File C:\ProgramData\atmfd32.dll not found.
File C:\Windows\System32\dssenh32.exe not found.
C:\Users\margaret\msiexec.exe moved successfully.
C:\Users\margaret\0.03967712894043007.exe moved successfully.
C:\Users\margaret\0.4891875382846501.exe moved successfully.
C:\Users\margaret\Desktop\ComboFix.exe moved successfully.
C:\Windows\System32\1111065124 moved successfully.
File C:\ProgramData\atmfd32.dll not found.
File C:\Windows\System32\atmfd32.dll not found.
File C:\Users\margaret\msiexec.exe not found.
File C:\ProgramData\framedyn32.exe not found.
File C:\Windows\System32\dssenh32.exe not found.
File C:\Users\margaret\0.03967712894043007.exe not found.
File C:\Users\margaret\0.4891875382846501.exe not found.
C:\ProgramData\68179254 moved successfully.
File C:\Windows\System32\1111065124 not found.
File C:\Windows\System32\atmfd32.dll not found.
========== COMMANDS ==========

[EMPTYFLASH]

User: All Users

User: Default
->Flash cache emptied: 56588 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: margaret
->Flash cache emptied: 2901535 bytes

User: Public

Total Flash Files Cleaned = 3.00 mb


[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: margaret
->Temp folder emptied: 118228767 bytes
->Temporary Internet Files folder emptied: 61681359 bytes
->Java cache emptied: 76794055 bytes
->FireFox cache emptied: 29545444 bytes
->Google Chrome cache emptied: 134790982 bytes
->Flash cache emptied: 0 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 775583 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 402.00 mb


OTL by OldTimer - Version 3.2.24.0 log created on 06132011_071436

Files\Folders moved on Reboot...
C:\Users\margaret\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SKGYHMHR\blank[2].htm moved successfully.
C:\Users\margaret\AppData\Local\Microsoft\Windows\Temporary Internet Files\AntiPhishing\A0AB7674-8D67-4F4D-B5E1-96FAEADFB79D.dat moved successfully.

Registry entries deleted on Reboot...



COMBOFIX LOG
ComboFix 11-06-12.04 - margaret 06/13/2011 7:29.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.1790.1129 [GMT -4:00]
Running from: c:\users\margaret\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\margaret\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Vista Recovery
c:\users\margaret\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Vista Recovery\Uninstall Windows Vista Recovery.lnk
c:\users\margaret\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Vista Recovery\Windows Vista Recovery.lnk
c:\users\margaret\AppData\Roaming\Mozilla\Firefox\Profiles\lrmpye9k.default\extensions\{6fa0844a-d1f2-4246-a6f2-a85624c56aa5}
c:\users\margaret\AppData\Roaming\Mozilla\Firefox\Profiles\lrmpye9k.default\extensions\{6fa0844a-d1f2-4246-a6f2-a85624c56aa5}\chrome.manifest
c:\users\margaret\AppData\Roaming\Mozilla\Firefox\Profiles\lrmpye9k.default\extensions\{6fa0844a-d1f2-4246-a6f2-a85624c56aa5}\chrome\xulcache.jar
c:\users\margaret\AppData\Roaming\Mozilla\Firefox\Profiles\lrmpye9k.default\extensions\{6fa0844a-d1f2-4246-a6f2-a85624c56aa5}\defaults\preferences\xulcache.js
c:\users\margaret\AppData\Roaming\Mozilla\Firefox\Profiles\lrmpye9k.default\extensions\{6fa0844a-d1f2-4246-a6f2-a85624c56aa5}\install.rdf
c:\users\margaret\Desktop\Internet Explorer.lnk
c:\windows\system32\BSTIEPrintCtl1.dll
.
Infected copy of c:\windows\system32\drivers\volsnap.sys was found and disinfected
Restored copy from - Kitty had a snack :P
.
((((((((((((((((((((((((( Files Created from 2011-05-13 to 2011-06-13 )))))))))))))))))))))))))))))))
.
.
2011-06-13 11:14 . 2011-06-13 11:14 -------- d-----w- C:\_OTL
2011-06-10 11:58 . 2011-05-09 20:46 6962000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{D75D765D-9FB6-414B-8ABB-5EBACF8165DE}\mpengine.dll
2011-06-09 17:45 . 2011-06-09 17:45 -------- d-----w- c:\programdata\WindowsSearch
2011-05-28 12:37 . 2011-05-28 12:37 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2011-05-28 11:57 . 2011-05-28 11:57 -------- d-----w- c:\program files\CCleaner
2011-05-27 17:50 . 2011-05-10 11:59 19544 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-05-27 17:50 . 2011-05-10 12:03 307928 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-05-27 17:50 . 2011-05-10 11:59 25432 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-05-27 17:50 . 2011-05-10 12:03 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-05-27 17:50 . 2011-05-10 12:02 49240 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-05-27 17:50 . 2011-05-10 11:59 53592 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2011-05-27 17:49 . 2011-05-10 12:10 40112 ----a-w- c:\windows\avastSS.scr
2011-05-27 17:49 . 2011-05-10 12:10 199304 ----a-w- c:\windows\system32\aswBoot.exe
2011-05-27 17:48 . 2011-05-27 17:48 -------- d-----w- c:\programdata\AVAST Software
2011-05-27 17:48 . 2011-05-27 17:48 -------- d-----w- c:\program files\AVAST Software
2011-05-27 15:54 . 2011-05-27 15:54 17480 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2011-05-27 15:54 . 2011-05-27 15:54 -------- d-----w- c:\program files\Hitman Pro 3.5
2011-05-27 15:53 . 2011-05-27 15:53 -------- d-----w- c:\programdata\Hitman Pro
2011-05-27 12:18 . 2011-05-27 12:18 -------- d-----w- c:\users\margaret\AppData\Local\MigWiz
2011-05-25 20:57 . 2011-05-25 20:57 -------- d-----w- c:\users\margaret\AppData\Roaming\Malwarebytes
2011-05-25 20:57 . 2011-05-25 20:57 -------- d-----w- c:\programdata\Malwarebytes
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-05-10 12:10 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-04-17 1049896]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2008-06-12 468264]
"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2008-03-14 202032]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2008-04-15 488752]
"Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdc.exe" [2007-01-24 563080]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-07-23 13797920]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-10-09 75008]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288]
"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [2010-10-25 36760]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [2010-10-25 821144]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-12-14 47904]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-03-02 421160]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-05-10 3459712]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-11-04 136176]
R3 BlackBox;BlackBox SR2; [x]
R3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2008-04-03 193840]
R3 GamesAppService;GamesAppService;c:\program files\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-11-04 136176]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-05-10 53592]
S2 iWinTrusted;iWinTrusted;c:\program files\iWin Games\iWinTrusted.exe [2011-04-08 176848]
S2 Recovery Service for Windows;Recovery Service for Windows;c:\windows\SMINST\BLService.exe [2008-04-26 361808]
S2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2008-05-09 43040]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
bthsvcs REG_MULTI_SZ BthServ
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder
.
2011-06-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-11-04 19:52]
.
2011-06-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-11-04 19:52]
.
2011-05-26 c:\windows\Tasks\HPCeeScheduleFormargaret.job
- c:\program files\hewlett-packard\sdp\ceement\HPCEE.exe [2008-08-11 03:03]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=83&bd=Presario&pf=cnnb
uInternet Settings,ProxyOverride = *.local
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
TCP: DhcpNameServer = 192.168.0.1
.
- - - - ORPHANS REMOVED - - - -
.
HKLM_ActiveSetup-Neat ADF Scanner 2008 - reg copy HKLM\Software\The Neat Company\Neat ADF Scanner 2008 HKCU\Software\The Neat Company\Neat ADF Scanner 2008
AddRemove-WT034703 - c:\program files\HP Games\Build-a-lot\Uninstall.exe
AddRemove-WT034711 - c:\program files\HP Games\Diner Dash Hometown Hero\Uninstall.exe
AddRemove-WT034728 - c:\program files\HP Games\Paradise Pet Salon\Uninstall.exe
AddRemove-WT045461 - c:\program files\HP Games\Coffee Tycoon\Uninstall.exe
AddRemove-WT067312 - c:\program files\HP Games\Dream Day First Home\Uninstall.exe
AddRemove-WT067522 - c:\program files\HP Games\Jojo's Fashion Show 2 - Las Cruces\Uninstall.exe
AddRemove-WT074873 - c:\program files\HP Games\Wedding Dash - Ready
AddRemove-WT083059 - c:\program files\HP Games\Coconut Queen\Uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-06-13 07:39
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2011-06-13 07:42:33
ComboFix-quarantined-files.txt 2011-06-13 11:42
.
Pre-Run: 87,722,627,072 bytes free
Post-Run: 87,676,932,096 bytes free
.
- - End Of File - - A0054B9391D99D4AB4AD518C5E234DCA

#14 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:51 PM

Posted 13 June 2011 - 04:57 PM

cogers99:

How is your computer running now? Please do this next:

Posted Image Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system.

Java™ can be updated from the Java control panel Start > Control Panel (Classic View) > Java (looks like a coffee cup) > Update Tab > Update Now. An update should begin; follow the prompts. If it does not, let me know.

Once the install is complete...

Go into the Control Panel and double-click the Java Icon. (looks like a coffee cup)
  • On the General tab, under Temporary Internet Files, click the Settings button.
  • Next, click on the Delete Files button
  • There are two options in the window to clear the cache - Leave BOTH Checked
    • Applications and Applets
    • Trace and Log Files
  • Click OK on Delete Temporary Files Window
Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.
  • Click OK to leave the Temporary Files Window
  • Click OK to leave the Java Control Panel.
Posted Image Please download Malwarebytes' Anti-Malware to your desktop.
  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform full Scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Uncheck any entries from C:\System Volume Information or C:\Qoobox
  • Be sure that everything else is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. Please post the results.
Posted Image Please run ESET Online Scanner
  • Place a check mark in the box YES, I accept the Terms Of Use
  • Click the Start button.
  • Now click the Install button.
  • Click Start. The scanner engine will initialize and update.
  • Do Not place a check mark in the box beside Remove found threats.
  • Click the Scan button. The scan will now run, please be patient.
  • When the scan finishes copy and paste the results into your next reply.
Please include the following in your next post:
  • How is the computer running?
  • MBAM log
  • ESET log

Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#15 cogers99

cogers99
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:09:51 PM

Posted 13 June 2011 - 09:54 PM

My computer is running much better. Internet connection seems fast.

Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org

Database version: 6850

Windows 6.0.6002 Service Pack 2
Internet Explorer 7.0.6002.18005

6/13/2011 8:33:47 PM
mbam-log-2011-06-13 (20-33-47).txt

Scan type: Full scan (C:\|D:\|)
Objects scanned: 374384
Time elapsed: 1 hour(s), 43 minute(s), 29 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 13

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\_OTL\movedfiles\06132011_071436\c_programdata\framedyn32.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\_OTL\movedfiles\06132011_071436\C_Users\margaret\0.03967712894043007.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\_OTL\movedfiles\06132011_071436\C_Users\margaret\0.4891875382846501.exe (Trojan.Tracur.Wow) -> Quarantined and deleted successfully.
c:\_OTL\movedfiles\06132011_071436\C_Users\margaret\msiexec.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\_OTL\movedfiles\06132011_071436\c_windows\System32\dssenh32.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Windows\System32\config\systemprofile\AppData\Roaming\0200000008c5bced1270c.manifest (Malware.Trace) -> Quarantined and deleted successfully.
c:\Windows\System32\config\systemprofile\AppData\Roaming\0200000008c5bced1270o.manifest (Malware.Trace) -> Quarantined and deleted successfully.
c:\Windows\System32\config\systemprofile\AppData\Roaming\0200000008c5bced1270p.manifest (Malware.Trace) -> Quarantined and deleted successfully.
c:\Windows\System32\config\systemprofile\AppData\Roaming\0200000008c5bced1270s.manifest (Malware.Trace) -> Quarantined and deleted successfully.
c:\Windows\System32\0200000008c5bced1270c.manifest (Malware.Trace) -> Quarantined and deleted successfully.
c:\Windows\System32\0200000008c5bced1270o.manifest (Malware.Trace) -> Quarantined and deleted successfully.
c:\Windows\System32\0200000008c5bced1270p.manifest (Malware.Trace) -> Quarantined and deleted successfully.
c:\Windows\System32\0200000008c5bced1270s.manifest (Malware.Trace) -> Quarantined and deleted successfully.


ESET LOG - I hope I did this correctly

C:\Qoobox\Quarantine\C\Users\margaret\AppData\Roaming\Mozilla\Firefox\Profiles\lrmpye9k.default\extensions\{6fa0844a-d1f2-4246-a6f2-a85624c56aa5}\chrome.manifest.vir Win32/TrojanDownloader.Tracur.F trojan
C:\Users\margaret\AppData\Local\Google\Chrome\User Data\Default\Default\domcemhidjmjdahoneehimlmonimjinb\contentscript.js Win32/TrojanDownloader.Tracur.F trojan
C:\_OTL\MovedFiles\06132011_071436\C_ProgramData\atmfd32.dll a variant of Win32/Kryptik.OKQ trojan
C:\_OTL\MovedFiles\06132011_071436\C_Windows\System32\atmfd32.dll a variant of Win32/Kryptik.NHY trojan




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users