Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

HijackThis Log: Please help Diagnose


  • This topic is locked This topic is locked
14 replies to this topic

#1 djo_5296

djo_5296

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:08:35 PM

Posted 21 June 2011 - 05:59 AM

just so you know, i scanned my comp since most google links generated redirects me to an ad or someplace else.




Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 6:45:20 PM, on 6/21/2011
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
D:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesApp32.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Windows\PLFSetI.exe
C:\Program Files\Synaptics\SynTP\SynTPStart.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
D:\Program Files\uTorrent\uTorrent.exe
C:\Windows\System32\StikyNot.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
D:\Program Files\Skype\Phone\Skype.exe
D:\Program Files\Hobbyist Software\VLC Streamer\VLC Streamer Configuration.exe
D:\Program Files\AirVideoServer\AirVideoServer.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
D:\Program Files\DynDNS Updater\DynTray.exe
C:\Users\DAVEOB~1\AppData\Local\Temp\RtkBtMnt.exe
C:\Users\Dave Oblena\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Users\Dave Oblena\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Dave Oblena\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Dave Oblena\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Dave Oblena\AppData\Local\Google\Chrome\Application\chrome.exe
D:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Users\Dave Oblena\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\rundll32.exe
C:\Users\Dave Oblena\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Dave Oblena\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Dave Oblena\Desktop\HijackThis.exe
C:\Windows\system32\DllHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
O4 - HKLM\..\Run: [PLFSetI] C:\Windows\PLFSetI.exe
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [IAStorIcon] C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
O4 - HKLM\..\Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
O4 - HKLM\..\Run: [AutoKMS] C:\Windows\AutoKMS.exe
O4 - HKLM\..\Run: [LogMeIn Hamachi Ui] "D:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
O4 - HKLM\..\Run: [iTunesHelper] "D:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [uTorrent] "D:\Program Files\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe
O4 - HKCU\..\Run: [Skype] "D:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Hobbyist Software VLC Streamer] "D:\Program Files\Hobbyist Software\VLC Streamer\VLC Streamer Configuration.exe" /startup
O4 - HKCU\..\Run: [AirVideoServer] D:\Program Files\AirVideoServer\AirVideoServer.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Global Startup: DynDNS Updater Tray Icon.lnk = D:\Program Files\DynDNS Updater\DynTray.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office14\EXCEL.EXE/3000
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O17 - HKLM\System\CCS\Services\Tcpip\..\{6D3CBC02-CE54-42E0-9120-FD57C6405939}: NameServer = 216.146.35.35,216.146.36.36
O17 - HKLM\System\CCS\Services\Tcpip\..\{FF50AE75-AD74-471F-8828-85ECE582B4C3}: NameServer = 216.146.35.35,216.146.36.36
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DynDNS Updater - Dynamic Network Services, Inc. - D:\Program Files\DynDNS Updater\DynUpSvc.exe
O23 - Service: Intel® Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: Splashtop® Remote Service (SplashtopRemoteService) - Splashtop Inc. - C:\Program Files\Splashtop\Splashtop Remote\Server\SRService.exe
O23 - Service: Splashtop Software Updater Service (SSUService) - Splashtop Inc. - C:\Program Files\Splashtop\Splashtop Software Updater\SSUService.exe
O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - D:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe
O23 - Service: Tweak7SystemService - Totalidea Software - C:\Windows\system32\Tweak7SystemService.exe

--
End of file - 8312 bytes



EDIT: a few seconds after posting, i noticed the links highlighted in blue in the lines that start with "R" after the open processes. is that what is causing my problem in google?

bump

help pls

EDIT: Please be patient. There are over 290 unanswered topics in this forum at present and the current average wait time to receive help is 8 days. ~Budapest

Edited by Budapest, 26 June 2011 - 06:19 PM.
PM sent.


BC AdBot (Login to Remove)

 


#2 rigacci

rigacci

    Fiorentino


  • Members
  • 2,604 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:35 AM

Posted 29 June 2011 - 07:38 AM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review your topic an do their best to resolve your issues.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.

Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

We also need a new log from the GMER anti-rootkit scanner. Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice


Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


Thanks.

DR

#3 djo_5296

djo_5296
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:08:35 PM

Posted 30 June 2011 - 04:52 PM

Problems encountered:
1) Google redirects
> clicking on a link in google's search engine results redirect's me to a dif site.
2) AV doesn't work
> neither of my AV programs work anymore. they are microsoft security essentials and malwarebytes. they only work in safe mode though.
3) AV doesnt remove whatever is causing me this problem when i scan in safe mode

+++++++++++++++++++++++++++++++++++++++++++++


.
DDS (Ver_2011-06-23.01) - NTFSx86
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_24
Run by Dave Oblena at 22:15:41 on 2011-06-30
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.2038.962 [GMT 8:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskhost.exe
C:\Windows\system32\rundll32.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Splashtop\Splashtop Remote\Server\SRService.exe
C:\Program Files\Splashtop\Splashtop Software Updater\SSUService.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Splashtop\Splashtop Remote\Server\SRServer.exe
D:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe
C:\Windows\system32\Tweak7SystemService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Windows\PLFSetI.exe
C:\Program Files\Synaptics\SynTP\SynTPStart.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
D:\Program Files\DynDNS Updater\DynUpSvc.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Splashtop\Splashtop Remote\Server\DataProxy.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
D:\Program Files\uTorrent\uTorrent.exe
C:\Windows\System32\StikyNot.exe
D:\Program Files\Skype\Phone\Skype.exe
D:\Program Files\Hobbyist Software\VLC Streamer\VLC Streamer Configuration.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
D:\Program Files\DynDNS Updater\DynTray.exe
C:\Users\DAVEOB~1\AppData\Local\Temp\RtkBtMnt.exe
D:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesApp32.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Windows Media Player\wmpnetwk.exe
D:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Users\Dave Oblena\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Dave Oblena\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Dave Oblena\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Dave Oblena\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Dave Oblena\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Dave Oblena\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Dave Oblena\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\rundll32.exe
C:\Users\Dave Oblena\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\DllHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
uRun: [uTorrent] "d:\program files\utorrent\uTorrent.exe"
uRun: [RESTART_STICKY_NOTES] c:\windows\system32\StikyNot.exe
uRun: [Skype] "d:\program files\skype\phone\Skype.exe" /nosplash /minimized
uRun: [Hobbyist Software VLC Streamer] "d:\program files\hobbyist software\vlc streamer\VLC Streamer Configuration.exe" /startup
uRun: [AirVideoServer] d:\program files\airvideoserver\AirVideoServer.exe
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [Steam] "d:\program files\steam\Steam.exe" -silent
mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe
mRun: [PLFSetI] c:\windows\PLFSetI.exe
mRun: [SynTPStart] c:\program files\synaptics\syntp\SynTPStart.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [IAStorIcon] c:\program files\intel\intel® rapid storage technology\IAStorIcon.exe
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [AutoKMS] c:\windows\AutoKMS.exe
mRun: [LogMeIn Hamachi Ui] "d:\program files\logmein hamachi\hamachi-2-ui.exe" --auto-start
mRun: [iTunesHelper] "d:\program files\itunes\iTunesHelper.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\dyndns~1.lnk - d:\program files\dyndns updater\DynTray.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office14\EXCEL.EXE/3000
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
TCP: Interfaces\{6D3CBC02-CE54-42E0-9120-FD57C6405939} : NameServer = 216.146.35.35,216.146.36.36
TCP: Interfaces\{6D3CBC02-CE54-42E0-9120-FD57C6405939}\D4162757E6F6E67602C496E6B6 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{FF50AE75-AD74-471F-8828-85ECE582B4C3} : NameServer = 216.146.35.35,216.146.36.36
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
Notify: igfxcui - igfxdev.dll
IFEO: AirVideoServer.exe - "d:\program files\tuneup utilities 2011\TUAutoReactivator32.exe"
IFEO: hamachi-2-ui.exe - "d:\program files\tuneup utilities 2011\TUAutoReactivator32.exe"
IFEO: imfrmwrk.exe - "d:\program files\tuneup utilities 2011\TUAutoReactivator32.exe"
IFEO: itfrmwrk.exe - "d:\program files\tuneup utilities 2011\TUAutoReactivator32.exe"
IFEO: iTunes.exe - "d:\program files\tuneup utilities 2011\TUAutoReactivator32.exe"
.
Note: multiple IFEO entries found. Please refer to Attach.txt
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\dave oblena\appdata\roaming\mozilla\firefox\profiles\9npnsims.default\
FF - prefs.js: browser.startup.homepage - hxxps://login.yahoo.com/config/login_verify2?.intl=us&.src=ym
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60531.0\npctrlui.dll
FF - plugin: c:\program files\pando networks\media booster\npPandoWebPlugin.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\users\dave oblena\appdata\local\google\update\1.3.21.57\npGoogleUpdate3.dll
FF - plugin: c:\users\dave oblena\appdata\local\yahoo!\browserplus\2.9.8\plugins\npybrowserplus_2.9.8.dll
FF - plugin: d:\program files\itunes\mozilla plugins\npitunes.dll
FF - plugin: d:\program files\media go\npmediago.dll
FF - plugin: d:\program files\videolan\vlc\npvlc.dll
.
---- FIREFOX POLICIES ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
.
============= SERVICES / DRIVERS ===============
.
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [2011-6-18 218688]
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-10-24 165264]
R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2011-6-6 64952]
R2 DynDNS Updater;DynDNS Updater;d:\program files\dyndns updater\DynUpSvc.exe [2011-4-16 93048]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files\intel\intel® rapid storage technology\IAStorDataMgrSvc.exe [2011-4-1 13336]
R2 SplashtopRemoteService;Splashtop® Remote Service;c:\program files\splashtop\splashtop remote\server\SRService.exe [2011-6-7 1775432]
R2 SSUService;Splashtop Software Updater Service;c:\program files\splashtop\splashtop software updater\SSUService.exe [2011-3-8 341832]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;d:\program files\tuneup utilities 2011\TuneUpUtilitiesService32.exe [2011-6-7 1524544]
R2 Tweak7SystemService;Tweak7SystemService;c:\windows\system32\Tweak7SystemService.exe [2011-5-8 90848]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2007-7-22 180736]
R3 netw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\NETw5v32.sys [2010-1-13 6628352]
R3 nuvotoncir;Nuvoton IR Transceiver;c:\windows\system32\drivers\nuvotoncir.sys [2009-6-24 44544]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;d:\program files\tuneup utilities 2011\TuneUpUtilitiesDriver32.sys [2010-11-29 10064]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2011-6-21 1153368]
S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\drivers\MpNWMon.sys [2010-10-24 43392]
S3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2010-10-24 54144]
S3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\antimalware\NisSrv.exe [2010-11-11 206360]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2011-4-1 15872]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-4-1 52224]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2011-4-1 1343400]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2008-5-6 11520]
S3 winbondcir;Winbond IR Transceiver;c:\windows\system32\drivers\winbondcir.sys [2007-3-28 43008]
S4 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;d:\program files\logmein hamachi\hamachi-2.exe [2011-5-25 1336712]
.
=============== Created Last 30 ================
.
2011-06-29 08:59:38 293376 ----a-w- c:\windows\system32\umpnpmgr.dll
2011-06-29 08:59:15 1549312 ----a-w- c:\windows\system32\tquery.dll
2011-06-29 08:59:15 1401344 ----a-w- c:\windows\system32\mssrch.dll
2011-06-29 08:59:14 86528 ----a-w- c:\windows\system32\SearchFilterHost.exe
2011-06-29 08:59:14 666624 ----a-w- c:\windows\system32\mssvp.dll
2011-06-29 08:59:14 59392 ----a-w- c:\windows\system32\msscntrs.dll
2011-06-29 08:59:14 427520 ----a-w- c:\windows\system32\SearchIndexer.exe
2011-06-29 08:59:14 337408 ----a-w- c:\windows\system32\mssph.dll
2011-06-29 08:59:14 197120 ----a-w- c:\windows\system32\mssphtb.dll
2011-06-29 08:59:14 164352 ----a-w- c:\windows\system32\SearchProtocolHost.exe
2011-06-25 14:06:55 36864 ----a-w- c:\windows\system32\SDDEVMGR.dll
2011-06-25 03:19:39 212992 ------w- c:\program files\common files\installshield\engine\6\intel 32\ILog.dll
2011-06-21 13:10:24 -------- d-----w- c:\program files\common files\Steam
2011-06-21 09:38:18 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2011-06-21 09:38:18 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-06-19 09:56:46 -------- d-----w- c:\users\dave oblena\wad
2011-06-19 09:56:43 -------- d-----w- c:\users\dave oblena\txtcodes
2011-06-19 09:56:43 -------- d-----w- c:\users\dave oblena\images
2011-06-19 09:56:43 -------- d-----w- c:\users\dave oblena\config
2011-06-19 09:56:43 -------- d-----w- c:\users\dave oblena\codes
2011-06-17 18:42:43 -------- d-----w- c:\users\dave oblena\appdata\local\2DBoy
2011-06-17 17:35:43 -------- d-----w- c:\programdata\2DBoy
2011-06-17 17:32:22 218688 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2011-06-17 17:29:52 -------- d-----w- c:\users\dave oblena\appdata\roaming\DAEMON Tools Lite
2011-06-17 17:29:52 -------- d-----w- c:\programdata\DAEMON Tools Lite
2011-06-16 21:28:31 -------- d-----w- c:\users\dave oblena\appdata\local\AirVideoServer
2011-06-16 21:28:26 -------- d--h--w- C:\jexepackres
2011-06-16 13:55:56 -------- d-----w- c:\programdata\DynDNS
2011-06-15 09:58:03 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2011-06-15 09:58:03 141104 ----a-w- c:\program files\internet explorer\sqmapi.dll
2011-06-15 09:58:02 1797632 ----a-w- c:\windows\system32\jscript9.dll
2011-06-15 09:38:14 338944 ----a-w- c:\windows\system32\drivers\afd.sys
2011-06-15 09:38:14 311808 ----a-w- c:\windows\system32\drivers\srv.sys
2011-06-15 09:38:14 310272 ----a-w- c:\windows\system32\drivers\srv2.sys
2011-06-15 09:38:14 1290624 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-06-15 09:38:14 114688 ----a-w- c:\windows\system32\drivers\srvnet.sys
2011-06-15 09:38:12 741376 ----a-w- c:\windows\system32\inetcomm.dll
2011-06-15 09:38:11 571904 ----a-w- c:\windows\system32\oleaut32.dll
2011-06-15 09:37:56 96768 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2011-06-15 09:37:56 223744 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-06-15 09:37:56 123904 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-06-15 09:31:25 539968 ----a-w- c:\programdata\microsoft\ehome\packages\mcespotlight\mcespotlight-2\SpotlightResources.dll
2011-06-14 10:32:04 -------- d-----w- c:\users\dave oblena\appdata\roaming\Tweak-7
2011-06-14 10:32:04 -------- d-----w- c:\users\dave oblena\appdata\local\Totalidea_Software
2011-06-14 10:31:20 -------- d-----w- c:\windows\Tweak-7
2011-06-13 11:53:08 -------- d-----w- c:\users\dave oblena\SmartScore
2011-06-13 09:14:18 4285 ----a-w- c:\windows\AutoKMS.tmp
2011-06-13 09:14:08 151552 ----a-w- c:\windows\KMSEmulator.exe
2011-06-12 12:09:13 71168 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\CNBPP4.DLL
2011-06-12 00:10:04 -------- d-----w- c:\programdata\Splashtop
2011-06-12 00:09:47 -------- d-----w- c:\program files\Splashtop
2011-06-12 00:09:32 -------- d-----w- c:\program files\Downloaded Installations
2011-06-10 10:17:02 -------- d-----w- c:\programdata\Hobbyist Software
2011-06-09 13:52:35 -------- d-----w- c:\users\dave oblena\appdata\local\Hobbyist_Software
2011-06-09 13:52:25 -------- d-----w- c:\users\dave oblena\appdata\roaming\Hobbyist Software
2011-06-09 01:02:04 -------- d-----w- c:\program files\iPod
2011-06-08 12:56:17 737072 ----a-w- c:\programdata\microsoft\ehome\packages\sportsv2\sportstemplatecore-2\Microsoft.MediaCenter.Sports.UI.dll
2011-06-08 12:55:07 4283672 ----a-w- c:\programdata\microsoft\ehome\packages\mceclientux\updateablemarkup-2\markup.dll
2011-06-08 12:33:44 42776 ----a-w- c:\programdata\microsoft\ehome\packages\mceclientux\dsm-2\StartResources.dll
2011-06-06 09:21:48 -------- d-----w- c:\program files\Sony Media Go Install
2011-06-06 04:55:30 183696 ----a-w- c:\program files\internet explorer\plugins\nppdf32.dll
2011-06-04 23:52:30 -------- d-----w- c:\users\dave oblena\appdata\roaming\mkvtoolnix
2011-06-03 14:49:15 -------- d-----w- c:\users\dave oblena\appdata\local\{D86F7EE4-947B-4C2C-A884-D9DFBD0AB850}
2011-06-03 14:49:15 -------- d-----w- c:\users\dave oblena\appdata\local\{A1B5DC60-E637-45F5-A600-F89AB6728370}
2011-06-02 14:26:52 230752 ----a-w- c:\windows\patchw32.dll
2011-06-02 14:26:52 118176 ----a-w- c:\windows\patchw.dll
2011-06-02 14:25:12 -------- d-----w- c:\program files\Outspark
2011-06-02 14:05:41 737072 ----a-w- c:\programdata\microsoft\ehome\packages\sportsv2\sportstemplatecore\Microsoft.MediaCenter.Sports.UI.dll
2011-06-02 14:05:07 4283672 ----a-w- c:\programdata\microsoft\ehome\packages\mceclientux\updateablemarkup\markup.dll
2011-06-02 14:04:26 42776 ----a-w- c:\programdata\microsoft\ehome\packages\mceclientux\dsm\StartResources.dll
2011-06-02 14:03:59 539968 ----a-w- c:\programdata\microsoft\ehome\packages\mcespotlight\mcespotlight\SpotlightResources.dll
2011-06-02 13:04:26 -------- d-----w- c:\users\dave oblena\appdata\local\PMB Files
2011-06-02 13:04:25 -------- d-----w- c:\programdata\PMB Files
2011-06-02 13:03:27 -------- d-----w- c:\program files\Pando Networks
2011-06-01 09:19:50 26176 ---ha-w- c:\windows\system32\hamachi.sys
.
==================== Find3M ====================
.
2011-06-14 08:51:44 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-06-06 16:29:10 31552 ----a-w- c:\windows\system32\TURegOpt.exe
2011-06-06 16:24:08 21312 ----a-w- c:\windows\system32\authuitu.dll
2011-06-06 16:23:58 29504 ----a-w- c:\windows\system32\uxtuneup.dll
2011-05-21 00:07:34 49664 --sha-r- c:\windows\system32\npmproxyt.dll
2011-05-10 08:28:46 615936 ----a-w- c:\windows\AutoKMS.exe
2011-05-08 07:24:02 90848 ----a-w- c:\windows\system32\Tweak7SystemService.exe
2011-05-05 22:30:49 444952 ----a-w- c:\windows\system32\wrap_oal.dll
2011-05-05 22:30:49 109080 ----a-w- c:\windows\system32\OpenAL32.dll
2011-04-22 19:14:16 27008 ----a-w- c:\windows\system32\drivers\Diskdump.sys
2011-04-09 06:02:25 3967872 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-04-09 06:02:25 3912576 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-04-09 05:56:38 123904 ----a-w- c:\windows\system32\poqexec.exe
2011-04-06 08:20:16 91424 ----a-w- c:\windows\system32\dnssd.dll
2011-04-06 08:20:16 75040 ----a-w- c:\windows\system32\jdns_sd.dll
2011-04-06 08:20:16 197920 ----a-w- c:\windows\system32\dnssdX.dll
2011-04-06 08:20:16 107808 ----a-w- c:\windows\system32\dns-sd.exe
2011-04-05 01:57:27 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-04-01 14:44:07 152576 ----a-w- c:\windows\system32\msclmd.dll
.
============= FINISH: 22:16:57.08 ===============

Attached Files

  • Attached File  ark.txt   46.21KB   2 downloads

Edited by djo_5296, 30 June 2011 - 04:53 PM.


#4 pwgib

pwgib

  • Malware Response Team
  • 2,956 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:God's Country
  • Local time:07:35 AM

Posted 01 July 2011 - 03:08 AM

Hi djo_5296,


I will be handling your log to help you get cleaned up. I apologize for the delay but the forum is very busy and as you can see the logs we ask for are very extensive and take a lot of time to investigate.

Please subscribe to this topic. Click on the Watch Topic button, select Immediate Notification and click on proceed.

Make sure Word Wrap in notepad is turned off. When copying and pasting logs paste them directly in the reply box only attach logs if asked to. Do not wrap logs in codebox or code tags. It makes it very difficult to read and analyze them. Please paste them directly into the reply box.
Do not make any changes to your system until we are through. Fixes are based upon information that is current from your system so any changes can affect our strategy. Please refrain from running any tools we may use without specific instructions.

If your operating system is Windows Vista or Windows 7 it may be necessary to right click then choose Run as Administrator any programs we use.

Before we begin please check and follow the instructions on How to Show Hidden Files and Folders in Windows Vista and Windows XP and How to show hidden files in Windows 7

Because the e-mail notification system is not completely reliable, please check your topic once a day for responses.

Please read carefully all directions and instructions. If you are instructed to save a tool to the desktop please save it to the desktop. If you have since resolved the original problem you were having, we would appreciate you letting us know.


==================

Your log(s) show that you are using so called peer-to-peer or file-sharing programs (in your case µTorrent). These programs allow file sharing between users as the name(s) suggest. In today's world cyber crime has become an enormous problem. Different ways are used to infect personal computers to make use of their stored data or machine power for further propagation of malware files. A popular means is the use of file-sharing tools as a huge amount of prospective victims can be reached through them.

It is therefore possible to be infected by downloading infected files via peer-to-peer tools and so these tools must be used with extreme care. Some further reading on this subject, along with included links, are as follows: "File-Sharing, otherwise known as Peer To Peer" and "Risks of File-Sharing Technology."

It is also important to note that sharing entertainment files and proprietary software infringes on copyright laws in many countries over the world and you are putting yourself at risk of of being indicted through organizations watching over the rights of the authors of such files (i.e. the RIAA for music files, or the MPAA for movie files in the USA) or the authors of the files themselves.

Naturally there are also legal ways to use these services, such as downloading Linux distributions or office suites such as "Open Office."

If you decide to keep this program please refrain from using it until we get your computer clean.



Step 1.


We need to disable Spybot S&D's "TeaTimer"

TeaTimer works by preventing ANY changes to the system. It will attempt to undo any fixes we run, because it blocks these fixes from running.
In order to safeguard your system from problems that can be brought on by a half finished fix, we need to disable TeaTimer. We can reenable it when we're done if you like.

  • Open SpyBot Search and Destroy by going to Start -> All Programs -> Spybot Search and Destroy -> Spybot Search and Destroy.
  • If prompted with a legal dialog, accept the warning.
  • Click Posted Image and then on "Advanced Mode"
    Posted Image
  • You may be presented with a warning dialog. If so, press Posted Image
  • Click on Posted Image
  • Click on Posted Image
  • Uncheck this checkbox:
    Posted Image
  • Close/Exit Spybot Search and Destroy


Step 2.


Download Combofix from any of the links below, and save it to your desktop.

Link 1
Link 2
  • Disable your AntiVirus and AntiSpyware applications as they will interfere with our tools and the removal. If you are unsure how to do this, please refer to our sticky topic How to Disable your Security Applications
    Note - If you have AVG or CA installed, due to recent changes in how these AV's target the tool's internal files, they must be uninstalled before running ComboFix. If you have difficulty uninstalling the AV, download Opswat AppRemover http://www.appremover.com/supported-applications <----Important
    Refer to this page if you are not sure how. You can reinstall AVG when we are finished and can temporarily install another antivirus if you wish. Some good antivirus programs free for non-commercial home use are:
  • Close any open windows, including this one.
  • Double click on ComboFix.exe & follow the prompts.
  • Click on Yes, to continue scanning for malware.
  • When finished, it will produce a report for you. Please post the contents of the log (C:\ComboFix.txt).
Leave your computer alone while ComboFix is running.
ComboFix will restart your computer if malware is found; allow it to do so.


Note: Please Do NOT mouseclick combofix's window while its running because it may cause it to stall.


In your next reply please include the following:

ComboFix.txt



Still getting redirected?


Thanks!!
PW

#5 djo_5296

djo_5296
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:08:35 PM

Posted 01 July 2011 - 09:57 AM

THANK YOU VERY MUCH!!! my problems are all fixed, both google redirects and disabled AVs. one question though, why do you think it deleted "d:\program files\Steam\Steam.exe"? i dont think Steam was the cause of these problems since i had these problems before i installed it. is it alright to reinstall it? pls refer to the combofix.txt file that i attached. also, combofix stated that MSE was still protecting me during the scan since i couldnt disable it. the virus actually disabled it for me but to be safe, i uninstalled it for the time being but uninstalling MSE still made combofix show a pop up that MSE was still protecting me.

EDIT: is it alright to run combofix again in the future if i get these problems again?

Attached Files


Edited by djo_5296, 02 July 2011 - 04:21 AM.


#6 pwgib

pwgib

  • Malware Response Team
  • 2,956 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:God's Country
  • Local time:07:35 AM

Posted 02 July 2011 - 07:53 AM

Hi djo_5296,

Please do not attach logs unless asked to. Copy and paste them directly into the reply box. :thumbup2:


is it alright to run combofix again in the future if i get these problems again?

You should not run ComboFix unless you are specifically asked to by a helper. Also, due to the power of this tool it is strongly advised that you do not attempt to act upon any of the information displayed by ComboFix without supervision from someone who has been properly trained. If you do so, it may lead to problems with the normal functionality of your computer.

From the developer of ComboFix:
"ComboFix is a very powerful tool which when improperly used may render your machine to a doorstop".

The following is referring to TuneUp Utilities 2011. Please be aware that Bleeping Computer staff do not recommend the usage of registry cleaners / tools due to the following facts:
  • Registry tools can cause irreparable damage to your Operating System
  • Registry tools can, as a result of the above, render your pc to be inoperable.
This is done, assuming that the major audience here at this board might be inexperienced users and thus a suggested safeguard from our side.
If you feel you have the need for a registry cleaner, then you are just as welcome to keep it. This is what we refer to an "optional fix" and is up to the user, so just take this as a recommendation from my side.

More information about registry cleaners can be found at Miekiemoes Blog


Step 1.

Remote Control Program WARNING

You appear to have a Remote Control application installed. In your case, this is refering to LogMeIn.
Remote Control programs allow complete control of your machine as if you are sitting in front of it, even if you are in some distant location. While this can be a good thing, we need to make sure that this software was installed for a benign purpose, and not for a malicious one. If an attacker installed one of these programs, it would allow them to remotely control your computer, steal critical system information and download and execute files.

If you have this application installed on purpose, than you can safely ignore this warning but if you wish you may wish to uninstall it as it is a risk. If you didn't install this application, please remove (uninstall) it from Add or Remove Programs now.


Step 2.

  • Click on this link--> virustotal
  • Click the browse button. Copy and paste the following lines in the open box, then click Send File after pasting one line. You will only be able to have one file scanned at a time.

C:\Qoobox\Quarantine\d\program files\Steam\Steam.exe.vir

If the file has been analyzed before, click the Reanalyse File Now button.

Please copy and paste the results of the scan in your next post.


Step 3.

Important Note: Your version of Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system.Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) Version 6 and save it to your desktop.
  • Look for "Java Platform, Standard Edition".
  • Click the "Download JRE" button to the right.
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
  • From the list, select your OS and Platform (32-bit or 64-bit).
  • If a download for an Offline Installation is available, it is recommended to choose that and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
Go to Posted Image > Control Panel, double-click on Add/Remove Programs or Programs and Features in Vista/Windows 7 and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button and follow the onscreen instructions for the Java uninstaller.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u26-windows-i586.exe to install the newest version.
  • If using Windows 7 or Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator.
  • When the Java Setup - Welcome window opens, click the Install > button.
  • If offered to install a Toolbar, just uncheck the box before continuing unless you want it.
  • The McAfee Security Scan Plus tool is installed by default unless you uncheck the McAfee installation box when updating Java.
-- Starting with Java 6u10, the uninstaller incorporated in each new release uses Enhanced Auto update to automatically remove the previous version when updating to a later update release. It will not remove older versions, so they will need to be removed manually.
-- Java is updated frequently. If you want to be automatically notified of future updates, just turn on the Java Automatic Update feature and you will not have to remember to update when Java releases a new version.


Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications but it's not necessary.
To disable the JQS service if you don't want to use it:
  • Go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter.
  • Click Ok and reboot your computer.


Step 4.

Please download Malwarebytes' Anti-Malware and save it to your desktop.
Download Link 1
Download Link 2Malwarebytes' may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.

  • Make sure you are connected to the Internet and double-click on mbam-setup.exe to install the application.
    For instructions with screenshots, please refer to this Guide.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • Malwarebytes will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
  • Under the Scanner tab, make sure the "Perform Quick Scan" option is selected.
  • Click on the Scan button.
  • When finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box, then click the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked and then click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows the database version and your operating system.
  • Exit Malwarebytes' when done.
Note: If Malwarebytes' encounters a file that is difficult to remove, you will be asked to reboot your computer so it can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally will prevent Malwarebytes' from removing all the malware.


Step 5.

I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Under scan settings, check Posted Image and check Remove found threats
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image

The log is located at:

C:\Program Files\ESET\ESET Online Scanner\log.txt



In your next reply please post, (do not attach), the following:

VirusTotal scan results
MBAM log
ESET scan results



Still no redirects/popups?


Thanks!!
PW

#7 pwgib

pwgib

  • Malware Response Team
  • 2,956 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:God's Country
  • Local time:07:35 AM

Posted 05 July 2011 - 10:23 AM

Hi djo_5296,


Are you still with me?


Thanks!!
PW

#8 djo_5296

djo_5296
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:08:35 PM

Posted 05 July 2011 - 04:57 PM

4 VT Community user(s) with a total of 5484 reputation credit(s) say(s) this sample is goodware. 2 VT Community user(s) with a total of 2 reputation credit(s) say(s) this sample is malware.
File name: Steam.exe.vir
Submission date: 2011-07-04 10:58:32 (UTC)
Current status: finished
Result: 0/ 42 (0.0%)
VT Community

goodware
Safety score: 100.0%
Compact
Print results
Antivirus Version Last Update Result
AhnLab-V3 2011.07.04.01 2011.07.04 -
AntiVir 7.11.10.207 2011.07.04 -
Antiy-AVL 2.0.3.7 2011.07.04 -
Avast 4.8.1351.0 2011.07.04 -
Avast5 5.0.677.0 2011.07.04 -
AVG 10.0.0.1190 2011.07.04 -
BitDefender 7.2 2011.07.04 -
CAT-QuickHeal 11.00 2011.07.04 -
ClamAV 0.97.0.0 2011.07.04 -
Commtouch 5.3.2.6 2011.07.03 -
Comodo 9270 2011.07.04 -
DrWeb 5.0.2.03300 2011.07.04 -
eSafe 7.0.17.0 2011.07.03 -
eTrust-Vet 36.1.8424 2011.07.04 -
F-Prot 4.6.2.117 2011.07.03 -
F-Secure 9.0.16440.0 2011.07.04 -
Fortinet 4.2.257.0 2011.07.02 -
GData 22 2011.07.04 -
Ikarus T3.1.1.104.0 2011.07.04 -
Jiangmin 13.0.900 2011.07.03 -
K7AntiVirus 9.107.4863 2011.07.01 -
Kaspersky 9.0.0.837 2011.07.04 -
McAfee 5.400.0.1158 2011.07.04 -
McAfee-GW-Edition 2010.1D 2011.07.03 -
Microsoft 1.7000 2011.07.04 -
NOD32 6263 2011.07.04 -
Norman 6.07.10 2011.07.03 -
nProtect 2011-07-04.01 2011.07.04 -
Panda 10.0.3.5 2011.07.04 -
PCTools 8.0.0.5 2011.07.04 -
Prevx 3.0 2011.07.04 -
Rising 23.65.00.05 2011.07.04 -
Sophos 4.67.0 2011.07.04 -
SUPERAntiSpyware 4.40.0.1006 2011.07.03 -
Symantec 20111.1.0.186 2011.07.04 -
TheHacker 6.7.0.1.247 2011.07.04 -
TrendMicro 9.200.0.1012 2011.07.04 -
TrendMicro-HouseCall 9.200.0.1012 2011.07.04 -
VBA32 3.12.16.4 2011.07.04 -
VIPRE 9767 2011.07.04 -
ViRobot 2011.7.4.4549 2011.07.04 -
VirusBuster 14.0.108.0 2011.07.04 -
Additional informationShow all
MD5 : 3dd25048297a24ab4b3bfc17aba5d0db
SHA1 : b7df0ce6a2c093dbfce19c85af0022c7f3a805c5
SHA256: b96dc0345b4bfb8bab6560be600350cf371bcfd0ff4b38fa55274321bdc4a906
ssdeep: 24576:l+qCUgiJkfz65M/7nqMf3K2+T3MGFWq5C:QwkfAAmT3MGFWAC
File size : 1242448 bytes
First seen: 2010-11-12 11:23:52
Last seen : 2011-07-04 10:58:32
TrID:
Generic Win/DOS Executable (49.9%)
DOS Executable Generic (49.8%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.1%)
sigcheck:
publisher....: Valve Corporation
copyright....: © Copyright 2000-2003 Valve Corporation All rights reserved.
product......: Steam
description..: Steam
original name: Steam.exe
internal name: n/a
file version.: 1.0.968.628
comments.....: n/a
signers......: Valve
VeriSign Class 3 Code Signing 2009-2 CA
Class 3 Public Primary Certification Authority
signing date.: 5:13 10/11/2010
verified.....: -
PEInfo: PE structure information

[[ basic data ]]
entrypointaddress: 0x881BD
timedatestamp....: 0x4CDA0DB5 (Wed Nov 10 03:12:53 2010)
machinetype......: 0x14c (I386)

[[ 4 section(s) ]]
name, viradd, virsiz, rawdsiz, ntropy, md5
.text, 0x1000, 0xD0C4E, 0xD1000, 6.57, 53a60893c4a887c8c660592e2d162d59
.rdata, 0xD2000, 0x3FBEE, 0x40000, 5.36, 70819d963d3b3f1dea8838a7e07eb466
.data, 0x112000, 0x13358, 0xC000, 3.77, 983d21a8da3aa58123f2230a87386079
.rsrc, 0x126000, 0x10000, 0x10000, 6.35, ac3ab83462f096d0b8fb37c84779058d

[[ 10 import(s) ]]
WS2_32.dll: -, -, -, -, -, -, -, -, -, -, -, -, -, -, WSARecv, WSASend, -, -, -, -, -, -, -, -, -
KERNEL32.dll: LocalAlloc, LocalFree, GetVersionExA, GetSystemInfo, SetThreadPriority, SetUnhandledExceptionFilter, QueryPerformanceFrequency, QueryPerformanceCounter, SetLastError, GlobalAlloc, lstrcmpA, GlobalLock, GetLocaleInfoA, EnumResourceLanguagesA, ConvertDefaultLocale, GlobalDeleteAtom, FreeResource, GlobalFree, GlobalUnlock, MulDiv, GlobalAddAtomA, lstrcmpW, GlobalFindAtomA, GlobalGetAtomNameA, GlobalFlags, WritePrivateProfileStringA, TlsGetValue, GlobalReAlloc, GlobalHandle, TlsAlloc, TlsSetValue, LocalReAlloc, TlsFree, GetCurrentThread, GetThreadLocale, FileTimeToSystemTime, WriteFile, FlushFileBuffers, GetCPInfo, GetOEMCP, SetErrorMode, FileTimeToLocalFileTime, HeapAlloc, GetProcessHeap, HeapFree, HeapReAlloc, GetSystemTimeAsFileTime, ExitProcess, TerminateProcess, UnhandledExceptionFilter, IsDebuggerPresent, SetEnvironmentVariableA, ExitThread, CreateThread, GetDriveTypeA, VirtualAlloc, GetStartupInfoA, RtlUnwind, HeapSize, VirtualFree, HeapDestroy, HeapCreate, GetStdHandle, IsValidCodePage, SetEnvironmentVariableW, SetHandleCount, GetFileType, GetConsoleCP, GetConsoleMode, LCMapStringA, LCMapStringW, FreeEnvironmentStringsA, GetEnvironmentStrings, FreeEnvironmentStringsW, GetEnvironmentStringsW, GetTimeZoneInformation, GetStringTypeA, GetStringTypeW, GetUserDefaultLCID, EnumSystemLocalesA, IsValidLocale, SetStdHandle, WriteConsoleA, GetConsoleOutputCP, WriteConsoleW, GetLocaleInfoW, SetEndOfFile, SetFilePointer, ReadFile, GetFileSize, CreateMutexA, SetFileAttributesA, GetLongPathNameA, CopyFileA, CreateDirectoryA, DeleteFileA, GetTempFileNameA, TerminateThread, ResumeThread, FormatMessageA, InterlockedIncrement, MapViewOfFile, CreateFileMappingA, UnmapViewOfFile, GetACP, SetCurrentDirectoryA, GetCurrentDirectoryA, GetFileAttributesA, GetFullPathNameA, ResetEvent, GetTickCount, FlushViewOfFile, CreateFileA, GetCurrentThreadId, GetTempPathA, GetCurrentProcess, RaiseException, GetModuleFileNameA, GetVersion, CompareStringA, InterlockedExchange, MultiByteToWideChar, CompareStringW, WideCharToMultiByte, lstrlenA, RemoveDirectoryA, GetCurrentProcessId, SizeofResource, LockResource, LoadResource, FindResourceA, GetModuleHandleA, FreeLibrary, GetProcAddress, LoadLibraryA, GetExitCodeProcess, WaitForSingleObject, SetEvent, OpenEventA, GetExitCodeThread, GetDiskFreeSpaceExA, SetCurrentDirectoryW, GetModuleFileNameW, GetCommandLineA, InterlockedDecrement, FindClose, FindNextFileA, FindFirstFileA, SystemTimeToFileTime, GetSystemTime, CreateProcessA, MoveFileA, Sleep, WaitForMultipleObjects, CreateEventA, CloseHandle, LeaveCriticalSection, EnterCriticalSection, DeleteCriticalSection, InitializeCriticalSection, GetLastError, CreateFileW
USER32.dll: LoadCursorA, GetSysColorBrush, DestroyMenu, UnregisterClassA, GetCapture, GetClassLongA, GetClassNameA, SetPropA, GetPropA, RemovePropA, SetFocus, GetWindowTextA, GetForegroundWindow, GetTopWindow, UnhookWindowsHookEx, GetMessageTime, GetMessagePos, MapWindowPoints, UpdateWindow, GetMenu, CreateWindowExA, GetClassInfoExA, GetClassInfoA, RegisterClassA, AdjustWindowRectEx, PtInRect, GetDlgCtrlID, DefWindowProcA, CallWindowProcA, SetWindowLongA, SetWindowPos, SystemParametersInfoA, GetWindowPlacement, GetWindowRect, GetWindow, SetWindowsHookExA, CallNextHookEx, GetMessageA, TranslateMessage, DispatchMessageA, IsWindowVisible, GetKeyState, PeekMessageA, GetCursorPos, ValidateRect, SetMenuItemBitmaps, GetMenuCheckMarkDimensions, LoadBitmapA, GetFocus, ModifyMenuA, EnableMenuItem, CheckMenuItem, GetMenuState, GetMenuItemID, GetMenuItemCount, GetSubMenu, GetWindowThreadProcessId, GetLastActivePopup, GetSysColor, EndPaint, BeginPaint, ClientToScreen, GrayStringA, DrawTextExA, DrawTextA, TabbedTextOutA, GetActiveWindow, SetActiveWindow, CreateDialogIndirectParamA, DestroyWindow, GetWindowLongA, GetDlgItem, IsWindowEnabled, GetParent, GetNextDlgTabItem, EndDialog, PostQuitMessage, ReleaseDC, GetDC, CopyRect, IsWindow, SetForegroundWindow, ShowWindow, EnableWindow, SendMessageA, GetDesktopWindow, KillTimer, SendMessageW, DrawIcon, GetSystemMetrics, MoveWindow, SetWindowTextA, IsDialogMessageA, IsIconic, SetTimer, LoadImageA, DrawTextW, OffsetRect, InflateRect, GetClientRect, MessageBoxW, MessageBoxA, RegisterWindowMessageA, PostMessageA, LoadIconA, SendDlgItemMessageA, WinHelpA, SetCursor
GDI32.dll: Escape, SelectObject, SetViewportOrgEx, OffsetViewportOrgEx, SetViewportExtEx, ScaleViewportExtEx, SetWindowExtEx, ScaleWindowExtEx, DeleteDC, CreateBitmap, CreateCompatibleDC, GetStockObject, ExtTextOutA, GetDeviceCaps, TextOutA, RectVisible, GetClipBox, SetMapMode, SetTextColor, SetBkMode, SetBkColor, RestoreDC, SaveDC, DeleteObject, CreateSolidBrush, BitBlt, GetObjectA, PtVisible
ADVAPI32.dll: RegQueryValueA, RegEnumValueA, RegQueryInfoKeyA, RegEnumKeyA, RegDeleteValueA, RegOpenKeyExA, RegDeleteKeyA, RegCreateKeyExA, SetSecurityDescriptorDacl, InitializeSecurityDescriptor, RegSetValueExA, RegCloseKey, RegQueryValueExA, RegOpenKeyA
SHELL32.dll: Shell_NotifyIconA, Shell_NotifyIconW, ShellExecuteA
OLEAUT32.dll: -, -, -
WINSPOOL.DRV: ClosePrinter, OpenPrinterA, DocumentPropertiesA
SHLWAPI.dll: PathFindExtensionA, PathFindFileNameA, SHDeleteKeyA
VERSION.dll: VerQueryValueA, GetFileVersionInfoA, GetFileVersionInfoSizeA

[[ 1 export(s) ]]
Win32MiniDumpInit

Symantec reputation:Suspicious.Insight

======================================================================================
======================================================================================
======================================================================================


Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org

Database version: 7017

Windows 6.1.7601 Service Pack 1
Internet Explorer 9.0.8112.16421

7/4/2011 7:21:59 PM
mbam-log-2011-07-04 (19-21-59).txt

Scan type: Quick scan
Objects scanned: 155466
Time elapsed: 8 minute(s), 29 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

=============================================================
=============================================================
=============================================================



C:\Windows\KMSEmulator.exe a variant of Win32/HackKMS.A application cleaned by deleting - quarantined
D:\Object Dock 2.0 PLUS (build 50727) fully cracked by EMBRACE\Keygen.exe a variant of Win32/HackTool.Patcher.J application cleaned by deleting - quarantined
D:\Object Dock 2.0 PLUS (build 50727) fully cracked by EMBRACE\ObjectDock.Plus.v2.0.50727.Setup.exe NSIS/TrojanDownloader.Agent.NFU.Gen trojan deleted - quarantined
H:\Dave\DS\Emulator Stuff\DS\GBA-TRAINERS.zip a variant of Win32/GameHack.AD application deleted - quarantined
H:\Dave\PC (Vista Home Premium x32)\D\Emulators\VBAlink\GBA-TRAINERS.zip a variant of Win32/GameHack.AD application deleted - quarantined
H:\Dave\IMP. STUFF\Installers\powersuite.exe multiple threats deleted - quarantined
H:\Dave\IMP. STUFF\Installers\HSS-1.57-install-anchorfree-238-conduit2.exe a variant of Win32/HotSpotShield application deleted - quarantined
H:\Dave\IMP. STUFF\Installers\IN EXTERNAL\Keygen.exe a variant of Win32/Keygen.AT application cleaned by deleting - quarantined

============================================================
============================================================
============================================================

sorry if i took quite some time. so far, i havent experienced any of my previous problems nor new ones.

#9 pwgib

pwgib

  • Malware Response Team
  • 2,956 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:God's Country
  • Local time:07:35 AM

Posted 05 July 2011 - 07:02 PM

Hi djo_5296,

Your logs indicate you have been visiting keygen and/or crack/warez sites. :whistle:

You should stay away from crack and keygen sites not only because of the obvious illegality of downloading pirated software but also the software is often loaded with a smörgåsbord of malware and is a major source of system infection.

See Quietman7's How Malware Spreads


Step 1.


Please follow my previous instructions for ESET online scanner and post the results ,(if any), in your next reply.
I would like to see a clean scan.

Step 2.

  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

In your next reply please post DDS.txt anf ESET scan results in the body of the reply box and attach the Attach.txt log. :)



Thanks!!

Edited by pwgib, 05 July 2011 - 07:04 PM.

PW

#10 djo_5296

djo_5296
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:08:35 PM

Posted 06 July 2011 - 04:38 AM

.
DDS (Ver_2011-06-23.01) - NTFSx86
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_26
Run by Dave Oblena at 17:26:25 on 2011-07-06
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.2038.971 [GMT 8:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskhost.exe
C:\Windows\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Splashtop\Splashtop Software Updater\SSUService.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\PLFSetI.exe
C:\Program Files\Synaptics\SynTP\SynTPStart.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Microsoft Security Client\msseces.exe
D:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
D:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe
D:\Program Files\uTorrent\uTorrent.exe
D:\Program Files\Hobbyist Software\VLC Streamer\VLC Streamer Configuration.exe
D:\Program Files\Skype\Phone\Skype.exe
C:\Windows\system32\Tweak7SystemService.exe
D:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesApp32.exe
D:\Program Files\Stardock\ObjectDockPlus2\ObjectDock.exe
D:\Program Files\Stardock\ObjectDockPlus2\ObjectDockTray.exe
C:\Users\DAVEOB~1\AppData\Local\Temp\RtkBtMnt.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
D:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Users\Dave Oblena\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Dave Oblena\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Dave Oblena\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Dave Oblena\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Dave Oblena\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Dave Oblena\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\rundll32.exe
C:\Users\Dave Oblena\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - d:\progra~1\micros~1\office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
uRun: [uTorrent] "d:\program files\utorrent\uTorrent.exe"
uRun: [Hobbyist Software VLC Streamer] "d:\program files\hobbyist software\vlc streamer\VLC Streamer Configuration.exe" /startup
uRun: [AirVideoServer] d:\program files\airvideoserver\AirVideoServer.exe
uRun: [Skype] "d:\program files\skype\phone\Skype.exe" /nosplash /minimized
uRun: [DAEMON Tools Lite] "d:\program files\daemon tools lite\DTLite.exe" -autorun
mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe
mRun: [PLFSetI] c:\windows\PLFSetI.exe
mRun: [SynTPStart] c:\program files\synaptics\syntp\SynTPStart.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [IAStorIcon] c:\program files\intel\intel® rapid storage technology\IAStorIcon.exe
mRun: [LogMeIn Hamachi Ui] "d:\program files\logmein hamachi\hamachi-2-ui.exe" --auto-start
mRun: [iTunesHelper] "d:\program files\itunes\iTunesHelper.exe"
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [Malwarebytes' Anti-Malware] "d:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
StartupFolder: c:\users\daveob~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\stardo~1.lnk - d:\program files\stardock\objectdockplus2\ObjectDock.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\dyndns~1.lnk - d:\program files\dyndns updater\DynTray.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office14\EXCEL.EXE/3000
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
TCP: Interfaces\{6D3CBC02-CE54-42E0-9120-FD57C6405939} : NameServer = 216.146.35.35,216.146.36.36
TCP: Interfaces\{6D3CBC02-CE54-42E0-9120-FD57C6405939}\D4162757E6F6E67602C496E6B6 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{FF50AE75-AD74-471F-8828-85ECE582B4C3} : NameServer = 216.146.35.35,216.146.36.36
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
Notify: igfxcui - igfxdev.dll
STS: ObjectDockShlExt Class: {1984d045-52cf-49cd-db77-08f378fea4db} - d:\program files\stardock\objectdockplus2\ODMenu.dll
IFEO: acrord32.exe - "d:\program files\tuneup utilities 2011\TUAutoReactivator32.exe"
IFEO: dtlite.exe - "d:\program files\tuneup utilities 2011\TUAutoReactivator32.exe"
IFEO: dyntray.exe - "d:\program files\tuneup utilities 2011\TUAutoReactivator32.exe"
IFEO: dynupconfig.exe - "d:\program files\tuneup utilities 2011\TUAutoReactivator32.exe"
IFEO: dynupsetup.exe - "d:\program files\tuneup utilities 2011\TUAutoReactivator32.exe"
.
Note: multiple IFEO entries found. Please refer to Attach.txt
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\dave oblena\appdata\roaming\mozilla\firefox\profiles\9npnsims.default\
FF - prefs.js: browser.startup.homepage - hxxps://login.yahoo.com/config/login_verify2?.intl=us&.src=ym
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60531.0\npctrlui.dll
FF - plugin: c:\program files\pando networks\media booster\npPandoWebPlugin.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\users\dave oblena\appdata\local\google\update\1.3.21.57\npGoogleUpdate3.dll
FF - plugin: c:\users\dave oblena\appdata\local\yahoo!\browserplus\2.9.8\plugins\npybrowserplus_2.9.8.dll
FF - plugin: d:\progra~1\micros~1\office14\NPAUTHZ.DLL
FF - plugin: d:\progra~1\micros~1\office14\NPSPWRAP.DLL
FF - plugin: d:\program files\itunes\mozilla plugins\npitunes.dll
FF - plugin: d:\program files\media go\npmediago.dll
FF - plugin: d:\program files\videolan\vlc\npvlc.dll
.
---- FIREFOX POLICIES ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
.
============= SERVICES / DRIVERS ===============
.
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2011-4-18 165648]
R1 MpKsl8981e14c;MpKsl8981e14c;c:\programdata\microsoft\microsoft antimalware\definition updates\{d52a3c2e-6ca1-484d-98de-e1fa64943bc9}\MpKsl8981e14c.sys [2011-7-6 28752]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files\intel\intel® rapid storage technology\IAStorDataMgrSvc.exe [2011-4-1 13336]
R2 MBAMService;MBAMService;d:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-4-1 366640]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2011-6-21 1153368]
R2 SSUService;Splashtop Software Updater Service;c:\program files\splashtop\splashtop software updater\SSUService.exe [2011-3-8 341832]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;d:\program files\tuneup utilities 2011\TuneUpUtilitiesService32.exe [2011-6-7 1524544]
R2 Tweak7SystemService;Tweak7SystemService;c:\windows\system32\Tweak7SystemService.exe [2011-5-8 90848]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2007-7-22 180736]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-4-1 22712]
R3 netw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\NETw5v32.sys [2010-1-13 6628352]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2011-4-27 65024]
R3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\antimalware\NisSrv.exe [2011-4-27 208944]
R3 nuvotoncir;Nuvoton IR Transceiver;c:\windows\system32\drivers\nuvotoncir.sys [2009-6-24 44544]
R3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;d:\program files\tuneup utilities 2011\TuneUpUtilitiesDriver32.sys [2010-11-29 10064]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\drivers\MpNWMon.sys [2011-4-18 43392]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2011-4-1 15872]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-4-1 52224]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2011-4-1 1343400]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2008-5-6 11520]
S3 winbondcir;Winbond IR Transceiver;c:\windows\system32\drivers\winbondcir.sys [2007-3-28 43008]
S4 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2011-6-6 64952]
S4 DynDNS Updater;DynDNS Updater;d:\program files\dyndns updater\DynUpSvc.exe [2011-4-16 93048]
S4 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;d:\program files\logmein hamachi\hamachi-2.exe [2011-5-25 1336712]
S4 SplashtopRemoteService;Splashtop® Remote Service;c:\program files\splashtop\splashtop remote\server\SRService.exe [2011-6-7 1775432]
.
=============== Created Last 30 ================
.
2011-07-05 21:59:19 28752 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{d52a3c2e-6ca1-484d-98de-e1fa64943bc9}\MpKsl8981e14c.sys
2011-07-05 11:34:38 7074640 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{d52a3c2e-6ca1-484d-98de-e1fa64943bc9}\mpengine.dll
2011-07-04 11:19:00 -------- d-----w- c:\program files\ESET
2011-07-03 14:15:26 -------- d-----w- c:\program files\Microsoft Analysis Services
2011-07-03 09:52:14 7074640 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2011-07-02 12:28:20 -------- dc-h--w- c:\programdata\{0F4A7EFE-5950-4389-BF36-1E625D72456B}
2011-07-02 12:28:16 -------- d-----w- c:\programdata\Stardock
2011-07-02 12:28:16 -------- d-----w- c:\program files\common files\Stardock
2011-07-02 11:26:30 -------- d-----w- c:\users\dave oblena\appdata\local\ODUI
2011-07-02 11:26:18 -------- d-----w- c:\users\dave oblena\appdata\local\Stardock
2011-07-02 11:24:44 -------- d-----w- c:\users\dave oblena\appdata\roaming\Stardock
2011-07-02 11:24:12 -------- d-----w- c:\users\dave oblena\appdata\local\PackageAware
2011-07-01 16:19:32 439632 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\{31f7c0d2-7b8d-44f3-9d4f-bac97f046dca}\gapaengine.dll
2011-07-01 15:06:33 -------- d-----w- c:\program files\Microsoft Security Client
2011-07-01 14:47:36 -------- d-sh--w- C:\$RECYCLE.BIN
2011-07-01 14:47:35 -------- d-----w- c:\users\dave oblena\appdata\local\temp
2011-07-01 14:36:31 98816 ----a-w- c:\windows\sed.exe
2011-07-01 14:36:31 518144 ----a-w- c:\windows\SWREG.exe
2011-07-01 14:36:31 256000 ----a-w- c:\windows\PEV.exe
2011-07-01 14:36:31 208896 ----a-w- c:\windows\MBR.exe
2011-06-29 08:59:38 293376 ----a-w- c:\windows\system32\umpnpmgr.dll
2011-06-29 08:59:15 1549312 ----a-w- c:\windows\system32\tquery.dll
2011-06-29 08:59:15 1401344 ----a-w- c:\windows\system32\mssrch.dll
2011-06-29 08:59:14 86528 ----a-w- c:\windows\system32\SearchFilterHost.exe
2011-06-29 08:59:14 666624 ----a-w- c:\windows\system32\mssvp.dll
2011-06-29 08:59:14 59392 ----a-w- c:\windows\system32\msscntrs.dll
2011-06-29 08:59:14 427520 ----a-w- c:\windows\system32\SearchIndexer.exe
2011-06-29 08:59:14 337408 ----a-w- c:\windows\system32\mssph.dll
2011-06-29 08:59:14 197120 ----a-w- c:\windows\system32\mssphtb.dll
2011-06-29 08:59:14 164352 ----a-w- c:\windows\system32\SearchProtocolHost.exe
2011-06-25 14:06:55 36864 ----a-w- c:\windows\system32\SDDEVMGR.dll
2011-06-25 03:19:39 212992 ------w- c:\program files\common files\installshield\engine\6\intel 32\ILog.dll
2011-06-21 13:10:24 -------- d-----w- c:\program files\common files\Steam
2011-06-21 09:38:18 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2011-06-21 09:38:18 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-06-19 09:56:46 -------- d-----w- c:\users\dave oblena\wad
2011-06-19 09:56:43 -------- d-----w- c:\users\dave oblena\txtcodes
2011-06-19 09:56:43 -------- d-----w- c:\users\dave oblena\images
2011-06-19 09:56:43 -------- d-----w- c:\users\dave oblena\config
2011-06-19 09:56:43 -------- d-----w- c:\users\dave oblena\codes
2011-06-17 18:42:43 -------- d-----w- c:\users\dave oblena\appdata\local\2DBoy
2011-06-17 17:35:43 -------- d-----w- c:\programdata\2DBoy
2011-06-17 17:29:52 -------- d-----w- c:\users\dave oblena\appdata\roaming\DAEMON Tools Lite
2011-06-17 17:29:52 -------- d-----w- c:\programdata\DAEMON Tools Lite
2011-06-16 21:28:31 -------- d-----w- c:\users\dave oblena\appdata\local\AirVideoServer
2011-06-16 21:28:26 -------- d-----w- C:\jexepackres
2011-06-16 13:55:56 -------- d-----w- c:\programdata\DynDNS
2011-06-15 09:58:03 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2011-06-15 09:58:03 141104 ----a-w- c:\program files\internet explorer\sqmapi.dll
2011-06-15 09:58:02 1797632 ----a-w- c:\windows\system32\jscript9.dll
2011-06-15 09:38:14 338944 ----a-w- c:\windows\system32\drivers\afd.sys
2011-06-15 09:38:14 311808 ----a-w- c:\windows\system32\drivers\srv.sys
2011-06-15 09:38:14 310272 ----a-w- c:\windows\system32\drivers\srv2.sys
2011-06-15 09:38:14 1290624 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-06-15 09:38:14 114688 ----a-w- c:\windows\system32\drivers\srvnet.sys
2011-06-15 09:38:12 741376 ----a-w- c:\windows\system32\inetcomm.dll
2011-06-15 09:38:11 571904 ----a-w- c:\windows\system32\oleaut32.dll
2011-06-15 09:37:56 96768 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2011-06-15 09:37:56 223744 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-06-15 09:37:56 123904 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-06-15 09:31:25 539968 ----a-w- c:\programdata\microsoft\ehome\packages\mcespotlight\mcespotlight-2\SpotlightResources.dll
2011-06-14 10:32:04 -------- d-----w- c:\users\dave oblena\appdata\roaming\Tweak-7
2011-06-14 10:32:04 -------- d-----w- c:\users\dave oblena\appdata\local\Totalidea_Software
2011-06-14 10:31:20 -------- d-----w- c:\windows\Tweak-7
2011-06-13 11:53:08 -------- d-----w- c:\users\dave oblena\SmartScore
2011-06-12 12:09:13 71168 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\CNBPP4.DLL
2011-06-12 00:10:04 -------- d-----w- c:\programdata\Splashtop
2011-06-12 00:09:47 -------- d-----w- c:\program files\Splashtop
2011-06-12 00:09:32 -------- d-----w- c:\program files\Downloaded Installations
2011-06-10 10:17:02 -------- d-----w- c:\programdata\Hobbyist Software
2011-06-09 13:52:35 -------- d-----w- c:\users\dave oblena\appdata\local\Hobbyist_Software
2011-06-09 13:52:25 -------- d-----w- c:\users\dave oblena\appdata\roaming\Hobbyist Software
2011-06-09 01:02:04 -------- d-----w- c:\program files\iPod
2011-06-08 12:56:17 737072 ----a-w- c:\programdata\microsoft\ehome\packages\sportsv2\sportstemplatecore-2\Microsoft.MediaCenter.Sports.UI.dll
2011-06-08 12:55:07 4283672 ----a-w- c:\programdata\microsoft\ehome\packages\mceclientux\updateablemarkup-2\markup.dll
2011-06-08 12:33:44 42776 ----a-w- c:\programdata\microsoft\ehome\packages\mceclientux\dsm-2\StartResources.dll
.
==================== Find3M ====================
.
2011-07-02 12:25:30 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-06-06 16:29:10 31552 ----a-w- c:\windows\system32\TURegOpt.exe
2011-06-06 16:24:08 21312 ----a-w- c:\windows\system32\authuitu.dll
2011-06-06 16:23:58 29504 ----a-w- c:\windows\system32\uxtuneup.dll
2011-05-29 01:11:30 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-05-29 01:11:20 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-05-08 07:24:02 90848 ----a-w- c:\windows\system32\Tweak7SystemService.exe
2011-05-05 22:30:49 444952 ----a-w- c:\windows\system32\wrap_oal.dll
2011-05-05 22:30:49 109080 ----a-w- c:\windows\system32\OpenAL32.dll
2011-05-03 20:52:22 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-04-27 07:25:24 65024 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys
2011-04-22 19:14:16 27008 ----a-w- c:\windows\system32\drivers\Diskdump.sys
2011-04-18 05:18:50 43392 ----a-w- c:\windows\system32\drivers\MpNWMon.sys
2011-04-18 05:18:50 165648 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2011-04-09 06:02:25 3967872 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-04-09 06:02:25 3912576 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-04-09 05:56:38 123904 ----a-w- c:\windows\system32\poqexec.exe
.
============= FINISH: 17:27:29.40 ===============

Attached Files



#11 pwgib

pwgib

  • Malware Response Team
  • 2,956 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:God's Country
  • Local time:07:35 AM

Posted 06 July 2011 - 07:44 AM

Hi djo_5296,

I noticed that you have µTorrent installed.
  • Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.
  • They are a security risk which can make your computer susceptible to a smörgåsbord of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.
  • Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users.
  • The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications.
It is pretty much certain that if you continue to use P2P programs, you will get infected again.
I would recommend that you uninstall µTorrent, however that choice is up to you. If you choose to remove these programs, you can do so via Start > Control Panel > Add/Remove Programs.

If you wish to keep it, please do not use it until your computer is cleaned.


Did you run a new ESET scan and was a log produced?


Thanks!!

Edited by pwgib, 06 July 2011 - 07:46 AM.

PW

#12 djo_5296

djo_5296
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:08:35 PM

Posted 06 July 2011 - 08:23 AM

forgot to state that ESET didn't have a log.

#13 pwgib

pwgib

  • Malware Response Team
  • 2,956 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:God's Country
  • Local time:07:35 AM

Posted 06 July 2011 - 09:37 AM

Hi djo_5296,


You now appear to be all clean. :thumbsup:

We need to do a little house cleaning.



Uninstall ComboFix

The following will implement some cleanup procedures as well as reset System Restore points:

Click Start > Run and copy/paste the following bolded text into the Run box and click OK:

ComboFix /Uninstall Note the space between the X and the /U.

Please advise if this step is missed for any reason as it performs some important functions.

You can now uninstall any other programs we may have used and delete any logs that may have been generated.



Here are some steps to follow in order to dramatically lower the chances of reinfection. You may have already implemented some of them, however, by following the rest of them you will reduce the risk of becoming re-infected.

It is critical to stay up to date with the latest upgrades to your Operating System, as this can help prevent future problems. You can find microsoft updates here

I recommend that you visit the link above and either enable 'Automatic Updates' under Start | Control Panel | Automatic Updates, or get into the habit of checking for Windows updates regularly. I cannot stress enough how important this is.

New viruses come out every minute, so it is essential that you keep your antivirus program updated and have the latest signatures to provide you with the best possible protection from malicious software.
Note: You should only have one antivirus installed at a time. Having more than one antivirus program installed at once is likely to cause conflicts and may well decrease your overall protection as well as impairing the performance of your PC.

Make sure you use a firewall. A tutorial on understanding and using firewalls may be found here. For most users the built in Windows Firewall is sufficient. Only use one firewall at a time though.

Install Spyware Blaster and update it regularly
If you wish, the commercial version provides automatic updating.

Malware Byte's Anti Malware is an excellent Anti-Spyware scanner. It's scan times are usually under ten minutes, and has excellent detection and removal rates.
SuperAntiSpyware is another good scanner with high detection and removal rates. Both programs are free for non commercial home use but provide
a resident and do not nag if you purchase the paid versions. I personally prefer and highly recommend the licensed version of MBAM.

Please read and follow How did I get infected?, With steps so it does not happen again! as well as How to prevent Malware by Miekiemoes

If you have any questions please do not hesitate to ask.



Thanks!!
PW

#14 djo_5296

djo_5296
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:08:35 PM

Posted 07 July 2011 - 07:46 AM

again, thank you very much for helping me! i was deciding to reformat my computer but i luckily chose to ask help from this forum. :thumbsup:

#15 pwgib

pwgib

  • Malware Response Team
  • 2,956 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:God's Country
  • Local time:07:35 AM

Posted 07 July 2011 - 08:27 AM

You are very welcome. It has been a pleasure working with you. :)

Good luck and safe surfing!!!



Since this issue appears to be resolved ... this Topic has been closed. Glad we could help

If you need this topic reopened, please request this by sending the moderating team a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic
PW




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users