Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with unknown virus that Rkill, Avira, Malwarebytes and SAS will not remove


  • This topic is locked This topic is locked
32 replies to this topic

#1 CarlyBenj

CarlyBenj

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:09:13 AM

Posted 28 July 2011 - 08:43 PM

Hi There,
I am starting a new topic as requested.

My DDS logs and the GMER log are posted below, here is a link to my original post: http://www.bleepingcomputer.com/forums/topic411804.html/page__gopid__2351274#entry2351274

Computer Info:
6 yr old Dell Laptop with Windows Vista

- 3 Days ago I was in the middle of updating some programs and my computer froze
- I shut off and powered back on and the fan would run then shut off, this happened 3 or 4 times before I was able to successfully to a system repair and load windows normally
- Once in normal mode I restaredt so I could do a virus scan in safe mode
- The same shut off thing happened another 3 or 4 times, finally I was able to load Windows in Safe Mode, but none of my AV programs would work (AVG & Ad-Aware)I attempted to uninstall them Ad-Aware removed but AVG would not.
- I then downloaded and installed Avira
- Avira took 17 hrs to do a full scan and found a bunch of stuff which I removed
- Things were still acting funny (better, but still didn't seem right) so I downloaded Malwarebytes & SUPERAntiSpyware - I ran them both, a few things were found and I removed them
- Thinking my computer was fixed I wanted to clean things up (for a while now I haven't been able to click on links in Windows Live Mail) so I wanted to reinstall and update etc...
- I updated windows as well as removed Opera and Installed IE9
- Then I tried to remove some programs (BearShare, AVG etc.) they wouldn't remove
- I searched for some removal tools online which is when I realized I was not able to download ANYTHING with IE9 (it kept saying every file was a virus)
- At this point I did some research and learned about RKill, problem was I couldn't download anything using IE9 or Safari so I couldn't download it...
- I thought today I was try a system restore, which I did, but it only restored to yesterday so I still have IE9, I ran Avira again and it ran MUCH faster but after about an hr froze
- later today I was able to install Google Chrome and it allowed me to download RKill, I ran that then Malwarebytes but it said I was clean!

I know I still have something because I also managed to download the AVG removal tool, when I used it, it worked but when my computer reset itself it didn't turn on again (fan blew then shut off) I turned it on again and it loaded but when it came to the windows screen there was a white screen for a few seconds...

I have since attempted to run Avira but it keeps freezing.
Thanks!


.
DDS (Ver_2011-06-23.01) - NTFSx86
Internet Explorer: 9.0.8112.16421
Run by Carly at 20:58:17 on 2011-07-28
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.2.1033.18.1917.840 [GMT -4:00]
.
AV: AntiVir Desktop *Enabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AntiVir Desktop *Enabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\system32\Ati2evxx.exe
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\WLTRYSVC.EXE
C:\Windows\System32\bcmwltry.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\spool\DRIVERS\W32X86\3\lxdwserv.exe
C:\Windows\system32\lxdwcoms.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Windows\system32\STacSV.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\OEM02Mon.exe
C:\Windows\System32\WLTRAY.EXE
C:\Program Files\Dell\MediaDirect\PCMService.exe
C:\Program Files\Search Settings\SearchSettings.exe
C:\Windows\System32\wpcumi.exe
C:\Windows\UMStor\Res.exe
C:\Program Files\Lexmark 7600 Series\lxdwmon.exe
C:\Windows\sttray.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Ask.com\Updater\Updater.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\PIXELA\ImageMixer 3 SE Ver.5\Transfer Utility\CameraMonitor.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Lexmark 7600 Series\lxdwMsdMon.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\program files\avira\antivir desktop\avcenter.exe
C:\Users\Carly\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Carly\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Carly\Downloads\Defogger.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.facebook.com/
uWindow Title = Internet Explorer provided by Dell
mStart Page = hxxp://www.bigseekpro.com/clipextractor/{31A084AE-8686-4087-B2EE-3DA1660781A7}
mDefault_Page_URL = hxxp://www.google.ca/ig/dell?hl=en&client=dell-row&channel=ca&ibd=6070930
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: SearchSettings Class: {e312764e-7706-43f1-8dab-fcdd2b1e416d} - c:\program files\search settings\kb127\SearchSettings.dll
mURLSearchHooks: H - No File
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Lexmark Toolbar: {1017a80c-6f09-4548-a84d-edd6ac9525f0} - c:\program files\lexmark toolbar\toolband.dll
BHO: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No File
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar1.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\dell\bae\BAE.dll
BHO: Lexmark Printable Web: {d2c5e510-be6d-42cc-9f61-e4f939078474} - c:\program files\lexmark printable web\bho.dll
BHO: Avira SearchFree Toolbar plus WebGuard: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
BHO: SearchSettings Class: {e312764e-7706-43f1-8dab-fcdd2b1e416d} - c:\program files\search settings\kb127\SearchSettings.dll
BHO: SMTTB2009 Class: {fcbccb87-9224-4b8d-b117-f56d924beb18} - c:\program files\clip extractor db toolbar\tbcore3.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar1.dll
TB: Lexmark Toolbar: {1017a80c-6f09-4548-a84d-edd6ac9525f0} - c:\program files\lexmark toolbar\toolband.dll
TB: Clip Extractor DB Toolbar: {338b4dfe-2e2c-4338-9e41-e176d497299e} - c:\program files\clip extractor db toolbar\tbcore3.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: Avira SearchFree Toolbar plus WebGuard: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
TB: {E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} - No File
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
uRun: [Tunebite] c:\program files\rapidsolution\tunebite\Tunebite.exe -tray
uRun: [ISUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
uRun: [Google Update] "c:\users\carly\appdata\local\google\update\GoogleUpdate.exe" /c
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [ECenter] c:\dell\e-center\EULALauncher.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [OEM02Mon.exe] c:\windows\OEM02Mon.exe
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [PCMService] "c:\program files\dell\mediadirect\PCMService.exe"
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [SearchSettings] c:\program files\search settings\SearchSettings.exe
mRun: [WPCUMI] c:\windows\system32\WpcUmi.exe
mRun: [USB Storage Toolbox] c:\windows\umstor\Res.EXE
mRun: [lxdwmon.exe] "c:\program files\lexmark 7600 series\lxdwmon.exe"
mRun: [lxdwamon] "c:\program files\lexmark 7600 series\lxdwamon.exe"
mRun: [Lexmark 7600 Series Fax Server] "c:\program files\lexmark 7600 series\fm3032.exe" /s
mRun: [SigmatelSysTrayApp] sttray.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [<NO NAME>]
mRun: [ApnUpdater] "c:\program files\ask.com\updater\Updater.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\imagem~1.lnk - c:\program files\pixela\imagemixer 3 se ver.5\transfer utility\CameraMonitor.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\quickset.lnk - c:\program files\dell\quickset\quickset.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
LSP: c:\windows\system32\wpclsp.dll
LSP: c:\program files\avira\antivir desktop\avsda.dll
Trusted Zone: select2perform.com\www
DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} - hxxp://upload.facebook.com/controls/FacebookPhotoUploader3.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{C37D9D63-59E5-422E-B403-1256F3CECCCD} : DhcpNameServer = 192.168.0.1
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} -
AppInit_DLLs: AVGRSSTX.DLL c:\progra~1\google\google~2\GOEC62~1.DLL
mASetup: {582610B8-E496-4813-993C-4B027173FE38} - c:\program files\pixiepack codec pack\InstallerHelper.exe
.
============= SERVICES / DRIVERS ===============
.
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2010-8-3 64288]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-12 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2011-7-25 136360]
R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2011-7-25 269480]
R2 AntiVirWebService;Avira AntiVir WebGuard;c:\program files\avira\antivir desktop\avwebgrd.exe [2011-7-26 428200]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2011-7-25 66616]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-9-15 21504]
R2 lxdw_device;lxdw_device;c:\windows\system32\lxdwcoms.exe -service --> c:\windows\system32\lxdwcoms.exe -service [?]
R2 lxdwCATSCustConnectService;lxdwCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxdwserv.exe [2008-5-16 98984]
S3 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr.sys [2010-1-13 54632]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-4-28 704872]
S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [2010-1-7 36608]
S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\google\google desktop search\GoogleDesktop.exe [2007-9-30 30192]
S3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\drivers\netaapl.sys [2011-5-10 18432]
.
=============== Created Last 30 ================
.
2011-07-28 22:54:26 -------- d-----w- c:\program files\VS Revo Group
2011-07-28 19:09:50 -------- d-----w- c:\program files\iPod
2011-07-28 19:09:44 -------- d-----w- c:\program files\iTunes
2011-07-28 19:05:59 -------- d-----w- c:\program files\Bonjour
2011-07-28 19:04:04 -------- d-----w- c:\users\carly\appdata\local\AskToolbar
2011-07-28 19:03:40 -------- d-----w- c:\program files\Ask.com
2011-07-28 19:03:40 -------- d-----w- C:\Firefox
2011-07-26 20:37:49 979456 ----a-w- c:\windows\system32\MFH264Dec.dll
2011-07-26 20:33:33 369664 ----a-w- c:\windows\system32\WMPhoto.dll
2011-07-26 20:33:33 252928 ----a-w- c:\windows\system32\dxdiag.exe
2011-07-26 20:33:33 195584 ----a-w- c:\windows\system32\dxdiagn.dll
2011-07-26 20:33:32 519680 ----a-w- c:\windows\system32\d3d11.dll
2011-07-26 20:33:32 321024 ----a-w- c:\windows\system32\PhotoMetadataHandler.dll
2011-07-26 20:33:32 189440 ----a-w- c:\windows\system32\WindowsCodecsExt.dll
2011-07-26 20:33:31 974848 ----a-w- c:\windows\system32\WindowsCodecs.dll
2011-07-26 18:36:14 -------- d-----w- c:\users\carly\appdata\roaming\SUPERAntiSpyware.com
2011-07-26 18:36:14 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2011-07-26 18:36:04 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-07-26 18:34:11 -------- d-----w- c:\users\carly\appdata\roaming\Malwarebytes
2011-07-26 18:33:59 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-07-26 18:33:57 -------- d-----w- c:\programdata\Malwarebytes
2011-07-26 18:33:54 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-07-26 18:33:54 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-07-26 01:28:45 -------- d-----w- c:\users\carly\appdata\roaming\Avira
2011-07-26 01:22:56 66616 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2011-07-26 01:22:32 -------- d-----w- c:\programdata\Avira
2011-07-26 01:22:32 -------- d-----w- c:\program files\Avira
2011-07-25 21:06:14 7074640 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{f6c6aa0c-db4c-496d-9ca1-97d9362af7b7}\mpengine.dll
2011-07-24 16:56:22 -------- d-----w- c:\program files\Free M4a to MP3 Converter
2011-07-24 16:54:51 -------- d-----w- c:\program files\Solid YouTube to MP3 Converter
2011-07-20 13:00:11 -------- d-----w- c:\program files\Picaboo X
2011-07-13 12:58:29 508416 ----a-w- c:\windows\system32\drivers\bthport.sys
2011-07-13 12:58:28 30208 ----a-w- c:\windows\system32\drivers\BTHUSB.SYS
2011-07-13 12:58:24 2043392 ----a-w- c:\windows\system32\win32k.sys
2011-07-13 12:58:21 49152 ----a-w- c:\windows\system32\csrsrv.dll
2011-07-13 12:58:21 375808 ----a-w- c:\windows\system32\winsrv.dll
2011-07-12 15:20:54 83816 ----a-w- c:\windows\system32\dns-sd.exe
2011-07-12 15:20:54 73064 ----a-w- c:\windows\system32\dnssd.dll
2011-06-29 13:07:23 276992 ----a-w- c:\windows\system32\schannel.dll
.
==================== Find3M ====================
.
2011-07-26 20:37:49 357376 ----a-w- c:\windows\system32\MFHEAACdec.dll
2011-07-26 20:33:35 4096 ----a-w- c:\windows\system32\drivers\en-us\dxgkrnl.sys.mui
2011-07-02 17:28:37 101720 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2011-06-24 13:17:26 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-06-22 20:29:40 44544 ----a-w- c:\windows\system32\agremove.exe
2011-06-18 23:50:44 57752 ----a-w- c:\windows\system32\rpcnet.dll
2011-05-24 23:14:10 222080 ----a-w- c:\windows\system32\MpSigStub.exe
2011-05-10 12:06:08 4517664 ----a-w- c:\windows\system32\usbaaplrc.dll
2011-05-10 12:06:08 42496 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2011-05-02 17:16:14 739328 ----a-w- c:\windows\system32\inetcomm.dll
2010-10-01 06:11:56 462112 ----a-w- c:\program files\common files\ZugoInstaller.exe
.
============= FINISH: 20:59:44.56 ===============



.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-06-23.01)
.
Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume3
Install Date: 30/09/2007 10:59:47 AM
System Uptime: 28/07/2011 8:43:28 PM (0 hours ago)
.
Motherboard: Dell Inc. | | 0GU163
Processor: AMD Turion™ 64 X2 Mobile Technology TL-56 | Microprocessor | 1800/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 136 GiB total, 47.039 GiB free.
D: is FIXED (NTFS) - 10 GiB total, 5.571 GiB free.
E: is CDROM (UDF)
.
==== Disabled Device Manager Items =============
.
Class GUID:
Description:
Device ID: ROOT\RADIALPOINT\0000
Manufacturer:
Name:
PNP Device ID: ROOT\RADIALPOINT\0000
Service:
.
==== System Restore Points ===================
.
RP1355: 27/07/2011 9:42:56 PM - Restore Operation
RP1357: 28/07/2011 6:55:09 PM - Revo Uninstaller's restore point - BearShare
RP1359: 28/07/2011 7:00:56 PM - Revo Uninstaller's restore point - BearShare
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Illustrator CS
Adobe Reader 8.3.0
Adobe Shockwave Player
Adobe SVG Viewer 3.0
Advanced Audio FX Engine
Advanced Video FX Engine
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Ask Toolbar
ATI Catalyst Control Center
ATI PCI Express (3GIO) Filter Driver
Avira AntiVir Personal - Free Antivirus
BearShare
Bonjour
Broadcom Management Programs
Browser Address Error Redirector
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Localization Chinese Standard
Catalyst Control Center Localization Chinese Traditional
Catalyst Control Center Localization Danish
Catalyst Control Center Localization Dutch
Catalyst Control Center Localization Finnish
Catalyst Control Center Localization French
Catalyst Control Center Localization German
Catalyst Control Center Localization Italian
Catalyst Control Center Localization Japanese
Catalyst Control Center Localization Korean
Catalyst Control Center Localization Norwegian
Catalyst Control Center Localization Portuguese
Catalyst Control Center Localization Russian
Catalyst Control Center Localization Spanish
Catalyst Control Center Localization Swedish
ccc-Branding
ccc-core-static
ccc-utility
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCleaner (remove only)
CCScore
Clip Extractor 3.1.0.0
Clip Extractor DB Toolbar
Computrace
Conexant HDA D330 MDC V.92 Modem
Dell DataSafe Online
Dell System Customization Wizard
Dell Touchpad
DELL Webcam Center
DELL Webcam Manager
Dell Wireless WLAN Card
DellSupport
DicomWorks 1.3.5b
Digital Line Detect
Digital Media Converter 3.1
DivX Plus DirectShow Filters
DivX Setup
ESSBrwr
ESSCDBK
ESScore
ESSgui
ESSini
ESSPCD
ESSPDock
ESSTOOLS
essvatgt
Games, Music, & Photos Launcher
Google Chrome
Google Desktop
Google Toolbar for Internet Explorer
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
ImageMixer 3 SE Ver.5 Transfer Utility
iPhone Configuration Utility
iTunes
Java Auto Updater
Java™ 6 Update 24
Java™ SE Runtime Environment 6
Junk Mail filter update
Laptop Integrated Webcam Driver (1.02.01.0612)
Lexmark 7600 Series
Lexmark Printable Web
Lexmark Toolbar
Lexmark Tools for Office
Live! Cam Avatar Creator
Live! Cam Avatar v1.0
Magic Berry
Malwarebytes' Anti-Malware version 1.51.1.1800
MediaDirect
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Home and Student 2007
Microsoft Office Live Add-in 1.3
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
MobileMe Control Panel
Modem Diagnostic Tool
MSVCRT
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Music Transfer Utility Ver.2
netbrdg
NetWaiting
OfotoXMI
OGA Notifier 2.0.0048.0
OutlookAddinSetup
Picaboo 2.5
Picaboo X
Picture Package Music Transfer
PixiePack Codec Pack
Pixtorio Viewer
Product Documentation Launcher
QuickSet
QuickTime
Revo Uninstaller 1.92
Roxio Creator Audio
Roxio Creator BDAV Plugin
Roxio Creator Copy
Roxio Creator Tools
Roxio Drag-to-Disc
Roxio Express Labeler
Roxio Update Manager
RPS CRT
Safari
Search Settings 1.2
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB2509488)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft Office 2007 System (KB2541012)
Security Update for Microsoft Office Excel 2007 (KB2541007)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB2535818)
Security Update for Microsoft Office PowerPoint Viewer 2007 (KB2464623)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
SFR
SHASTA
SigmaTel Audio
skin0001
Skins
SKINXSDK
Skype™ 5.3
Sonic Activation Module
Sony Picture Utility
staticcr
StudioTax 2008
StudioTax 2010
SUPERAntiSpyware
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2007 System (KB2539530)
Update for Microsoft Office OneNote 2007 (KB980729)
USB Disk Win98 Driver
User's Guides
VC80CRTRedist - 8.0.50727.4053
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
VPRINTOL
WIDCOMM Bluetooth Software 6.0.1.3100
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live Mail
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Toolbar
Windows Live Upload Tool
Windows Live Writer
WinRAR archiver
WIRELESS
Xilisoft Video Converter Platinum 6
XviD & MP3 Codec Pack (remove only)
XviD MPEG-4 Video Codec
YouTube Downloader 2.6.3
.
==== Event Viewer Messages From Past Week ========
.
28/07/2011 8:46:51 PM, Error: EventLog [6008] - The previous system shutdown at 8:31:24 PM on 28/07/2011 was unexpected.
28/07/2011 3:29:09 PM, Error: Service Control Manager [7024] - The AVG Free8 WatchDog service terminated with service-specific error 3758161981 (0xE001003D).
28/07/2011 3:29:09 PM, Error: Service Control Manager [7001] - The AVG Free8 E-mail Scanner service depends on the AVG Free8 WatchDog service which failed to start because of the following error: The service has returned a service-specific error code.
28/07/2011 2:50:34 PM, Error: EventLog [6008] - The previous system shutdown at 12:11:46 PM on 28/07/2011 was unexpected.
27/07/2011 9:42:41 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.
27/07/2011 9:42:41 AM, Error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
27/07/2011 9:42:41 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
27/07/2011 5:03:14 PM, Error: EventLog [6008] - The previous system shutdown at 4:44:56 PM on 27/07/2011 was unexpected.
27/07/2011 3:50:26 PM, Error: cdrom [11] - The driver detected a controller error on \Device\CdRom0.
27/07/2011 12:00:17 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
27/07/2011 11:14:12 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
27/07/2011 11:13:52 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}
27/07/2011 11:13:41 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: ASPI32 AvgLdx86 AvgMfx86 avipbb SASDIFSV SASKUTIL spldr ssmdrv Wanarpv6
27/07/2011 11:13:39 AM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
27/07/2011 11:13:35 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
27/07/2011 11:12:47 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
27/07/2011 10:51:39 AM, Error: Microsoft-Windows-DistributedCOM [10016] - The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {9BA05972-F6A8-11CF-A442-00A0C90A8F39} to the user Carly-PC\Carly SID (S-1-5-21-176520208-456663055-2915200904-1000) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
27/07/2011 10:40:24 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Media Player Network Sharing Service service to connect.
27/07/2011 10:40:24 PM, Error: Service Control Manager [7000] - The Windows Media Player Network Sharing Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
26/07/2011 5:16:16 PM, Error: Microsoft-Windows-WPD-MTPClassDriver [15300] - MTP WPD Driver has failed to start. Error 0x80070005.
26/07/2011 4:21:53 PM, Error: Service Control Manager [7022] - The Windows Update service hung on starting.
25/07/2011 5:36:16 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: ASPI32 AvgLdx86 AvgMfx86 spldr Wanarpv6
25/07/2011 5:05:55 PM, Error: Microsoft-Windows-Windows Defender [2004] - Windows Defender has encountered an error trying to load signatures and will attempt reverting back to a known-good set of signatures. Signatures Attempted: Current Error Code: 0x8050a001 Error description: The program can't find definition files that help detect unwanted software. Check for updates to the definition files, and then try again. For information on installing updates, see Help and Support. Signatures loading: Backup Loading signature version: 1.107.2067.0 Loading engine version: 1.1.7000.0
25/07/2011 4:54:42 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
25/07/2011 4:53:37 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
25/07/2011 4:53:37 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
25/07/2011 4:52:49 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD ASPI32 AvgLdx86 AvgMfx86 AvgTdiX DfsC NetBIOS netbt nsiproxy PSched RasAcd rdbss Smb spldr tdx Wanarpv6 ws2ifsl
25/07/2011 4:52:49 PM, Error: Service Control Manager [7001] - The WebClient service depends on the WebDav Client Redirector Driver service which failed to start because of the following error: The dependency service or group failed to start.
25/07/2011 4:52:49 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
25/07/2011 4:52:49 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
25/07/2011 4:52:49 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
25/07/2011 4:52:49 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
25/07/2011 4:52:49 PM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
25/07/2011 4:52:48 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
25/07/2011 4:52:48 PM, Error: Service Control Manager [7001] - The WebDav Client Redirector Driver service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
25/07/2011 4:52:48 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancilliary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
25/07/2011 4:52:48 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service service which failed to start because of the following error: A device attached to the system is not functioning.
25/07/2011 4:52:48 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
25/07/2011 4:52:48 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancilliary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
25/07/2011 4:08:35 PM, Error: Service Control Manager [7043] - The Windows Update service did not shut down properly after receiving a preshutdown control.
25/07/2011 11:43:06 AM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 172.20.10.18 for the Network Card with network address 42A6D9ABFEAE has been denied by the DHCP server 172.20.10.1 (The DHCP Server sent a DHCPNACK message).
24/07/2011 8:00:19 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.
.
==== End Of File ===========================



GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2011-07-28 21:42:49
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 FUJITSU_MHW2160BH rev.0085001C
Running: gmer.exe; Driver: C:\Users\Carly\AppData\Local\Temp\kgloqpod.sys


---- System - GMER 1.0.15 ----

SSDT 887D1D26 ZwCreateSection
SSDT 887D1D2B ZwSetContextThread
SSDT \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS ZwTerminateProcess [0x8CEF3640]

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!KeSetEvent + 215 824C1998 4 Bytes [26, 1D, 7D, 88]
.text ntkrnlpa.exe!KeSetEvent + 56D 824C1CF0 4 Bytes [2B, 1D, 7D, 88]
.text ntkrnlpa.exe!KeSetEvent + 621 824C1DA4 4 Bytes [40, 36, EF, 8C]
? C:\Users\Carly\AppData\Local\Temp\mbr.sys The system cannot find the file specified. !

---- User code sections - GMER 1.0.15 ----

.text C:\Users\Carly\AppData\Local\Google\Chrome\Application\chrome.exe[5800] ntdll.dll!NtCreateFile + 6 77B9422A 4 Bytes [28, 00, 16, 00]
.text C:\Users\Carly\AppData\Local\Google\Chrome\Application\chrome.exe[5800] ntdll.dll!NtCreateFile + B 77B9422F 1 Byte [E2]
.text C:\Users\Carly\AppData\Local\Google\Chrome\Application\chrome.exe[5800] ntdll.dll!NtMapViewOfSection + 6 77B9497A 1 Byte [28]
.text C:\Users\Carly\AppData\Local\Google\Chrome\Application\chrome.exe[5800] ntdll.dll!NtMapViewOfSection + 6 77B9497A 4 Bytes [28, 03, 16, 00]
.text C:\Users\Carly\AppData\Local\Google\Chrome\Application\chrome.exe[5800] ntdll.dll!NtMapViewOfSection + B 77B9497F 1 Byte [E2]
.text C:\Users\Carly\AppData\Local\Google\Chrome\Application\chrome.exe[5800] ntdll.dll!NtOpenFile + 6 77B94A0A 4 Bytes [68, 00, 16, 00]
.text C:\Users\Carly\AppData\Local\Google\Chrome\Application\chrome.exe[5800] ntdll.dll!NtOpenFile + B 77B94A0F 1 Byte [E2]
.text C:\Users\Carly\AppData\Local\Google\Chrome\Application\chrome.exe[5800] ntdll.dll!NtOpenProcess + 6 77B94A8A 4 Bytes [A8, 01, 16, 00]
.text C:\Users\Carly\AppData\Local\Google\Chrome\Application\chrome.exe[5800] ntdll.dll!NtOpenProcess + B 77B94A8F 1 Byte [E2]
.text C:\Users\Carly\AppData\Local\Google\Chrome\Application\chrome.exe[5800] ntdll.dll!NtOpenProcessToken + 6 77B94A9A 4 Bytes CALL 76B960A0
.text C:\Users\Carly\AppData\Local\Google\Chrome\Application\chrome.exe[5800] ntdll.dll!NtOpenProcessToken + B 77B94A9F 1 Byte [E2]
.text C:\Users\Carly\AppData\Local\Google\Chrome\Application\chrome.exe[5800] ntdll.dll!NtOpenProcessTokenEx + 6 77B94AAA 4 Bytes [A8, 02, 16, 00]
.text C:\Users\Carly\AppData\Local\Google\Chrome\Application\chrome.exe[5800] ntdll.dll!NtOpenProcessTokenEx + B 77B94AAF 1 Byte [E2]
.text C:\Users\Carly\AppData\Local\Google\Chrome\Application\chrome.exe[5800] ntdll.dll!NtOpenThread + 6 77B94AFA 4 Bytes [68, 01, 16, 00]
.text C:\Users\Carly\AppData\Local\Google\Chrome\Application\chrome.exe[5800] ntdll.dll!NtOpenThread + B 77B94AFF 1 Byte [E2]
.text C:\Users\Carly\AppData\Local\Google\Chrome\Application\chrome.exe[5800] ntdll.dll!NtOpenThreadToken + 6 77B94B0A 4 Bytes [68, 02, 16, 00]
.text C:\Users\Carly\AppData\Local\Google\Chrome\Application\chrome.exe[5800] ntdll.dll!NtOpenThreadToken + B 77B94B0F 1 Byte [E2]
.text C:\Users\Carly\AppData\Local\Google\Chrome\Application\chrome.exe[5800] ntdll.dll!NtOpenThreadTokenEx + 6 77B94B1A 4 Bytes CALL 76B96121
.text C:\Users\Carly\AppData\Local\Google\Chrome\Application\chrome.exe[5800] ntdll.dll!NtOpenThreadTokenEx + B 77B94B1F 1 Byte [E2]
.text C:\Users\Carly\AppData\Local\Google\Chrome\Application\chrome.exe[5800] ntdll.dll!NtQueryAttributesFile + 6 77B94BAA 4 Bytes [A8, 00, 16, 00]
.text C:\Users\Carly\AppData\Local\Google\Chrome\Application\chrome.exe[5800] ntdll.dll!NtQueryAttributesFile + B 77B94BAF 1 Byte [E2]
.text C:\Users\Carly\AppData\Local\Google\Chrome\Application\chrome.exe[5800] ntdll.dll!NtQueryFullAttributesFile + 6 77B94C5A 4 Bytes CALL 76B9625F
.text C:\Users\Carly\AppData\Local\Google\Chrome\Application\chrome.exe[5800] ntdll.dll!NtQueryFullAttributesFile + B 77B94C5F 1 Byte [E2]
.text C:\Users\Carly\AppData\Local\Google\Chrome\Application\chrome.exe[5800] ntdll.dll!NtSetInformationFile + 6 77B9513A 4 Bytes [28, 01, 16, 00]
.text C:\Users\Carly\AppData\Local\Google\Chrome\Application\chrome.exe[5800] ntdll.dll!NtSetInformationFile + B 77B9513F 1 Byte [E2]
.text C:\Users\Carly\AppData\Local\Google\Chrome\Application\chrome.exe[5800] ntdll.dll!NtSetInformationThread + 6 77B9518A 4 Bytes [28, 02, 16, 00]
.text C:\Users\Carly\AppData\Local\Google\Chrome\Application\chrome.exe[5800] ntdll.dll!NtSetInformationThread + B 77B9518F 1 Byte [E2]
.text C:\Users\Carly\AppData\Local\Google\Chrome\Application\chrome.exe[5800] ntdll.dll!NtUnmapViewOfSection + 6 77B9542A 1 Byte [68]
.text C:\Users\Carly\AppData\Local\Google\Chrome\Application\chrome.exe[5800] ntdll.dll!NtUnmapViewOfSection + 6 77B9542A 4 Bytes [68, 03, 16, 00]
.text C:\Users\Carly\AppData\Local\Google\Chrome\Application\chrome.exe[5800] ntdll.dll!NtUnmapViewOfSection + B 77B9542F 1 Byte [E2]

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation)
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001c26f0f52b
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001c26f0f52b@001ccc257a95 0xB3 0x7B 0x02 0xB1 ...
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\001c26f0f52b (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\001c26f0f52b@001ccc257a95 0xB3 0x7B 0x02 0xB1 ...

---- EOF - GMER 1.0.15 ----

BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,631 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:13 AM

Posted 07 August 2011 - 08:45 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

Posted Image In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resouce! To tell me this, please click on http://www.bleepingcomputer.com/logreply/411831 and follow the instructions there. If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

Posted Image If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS and GMER log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


We also need a new log from the GMER anti-rootkit Scanner.

Please note that if you are running a 64-bit version of Windows you will not be able to run GMER and you may skip this step.

Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice


Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 CarlyBenj

CarlyBenj
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:09:13 AM

Posted 08 August 2011 - 08:35 AM

Since I last posted my computer has been operating, slowly but fully... I am sure I still have something though, I have not been able to run Avira, it always freezes and I have to then reboot.

Here are my updated logs:



.
DDS (Ver_2011-06-23.01) - NTFSx86
Internet Explorer: 9.0.8112.16421
Run by Carly at 8:32:02 on 2011-08-08
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.2.1033.18.1917.1088 [GMT -4:00]
.
AV: AntiVir Desktop *Enabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AntiVir Desktop *Enabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\Ati2evxx.exe
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\WLTRYSVC.EXE
C:\Windows\System32\bcmwltry.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\spool\DRIVERS\W32X86\3\lxdwserv.exe
C:\Windows\system32\lxdwcoms.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Windows\system32\STacSV.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\OEM02Mon.exe
C:\Windows\System32\WLTRAY.EXE
C:\Program Files\Dell\MediaDirect\PCMService.exe
C:\Program Files\Search Settings\SearchSettings.exe
C:\Windows\System32\wpcumi.exe
C:\Windows\UMStor\Res.exe
C:\Program Files\Lexmark 7600 Series\lxdwmon.exe
C:\Windows\sttray.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\Lexmark 7600 Series\lxdwMsdMon.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Ask.com\Updater\Updater.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\PIXELA\ImageMixer 3 SE Ver.5\Transfer Utility\CameraMonitor.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Windows Live\Mail\wlmail.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Users\Carly\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Carly\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.facebook.com/
uWindow Title = Internet Explorer provided by Dell
mStart Page = hxxp://www.bigseekpro.com/clipextractor/{31A084AE-8686-4087-B2EE-3DA1660781A7}
mDefault_Page_URL = hxxp://www.google.ca/ig/dell?hl=en&client=dell-row&channel=ca&ibd=6070930
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: SearchSettings Class: {e312764e-7706-43f1-8dab-fcdd2b1e416d} - c:\program files\search settings\kb127\SearchSettings.dll
mURLSearchHooks: H - No File
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Lexmark Toolbar: {1017a80c-6f09-4548-a84d-edd6ac9525f0} - c:\program files\lexmark toolbar\toolband.dll
BHO: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No File
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar1.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\dell\bae\BAE.dll
BHO: Lexmark Printable Web: {d2c5e510-be6d-42cc-9f61-e4f939078474} - c:\program files\lexmark printable web\bho.dll
BHO: Avira SearchFree Toolbar plus WebGuard: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
BHO: SearchSettings Class: {e312764e-7706-43f1-8dab-fcdd2b1e416d} - c:\program files\search settings\kb127\SearchSettings.dll
BHO: SMTTB2009 Class: {fcbccb87-9224-4b8d-b117-f56d924beb18} - c:\program files\clip extractor db toolbar\tbcore3.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar1.dll
TB: Lexmark Toolbar: {1017a80c-6f09-4548-a84d-edd6ac9525f0} - c:\program files\lexmark toolbar\toolband.dll
TB: Clip Extractor DB Toolbar: {338b4dfe-2e2c-4338-9e41-e176d497299e} - c:\program files\clip extractor db toolbar\tbcore3.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: Avira SearchFree Toolbar plus WebGuard: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
TB: {E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} - No File
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
uRun: [Tunebite] c:\program files\rapidsolution\tunebite\Tunebite.exe -tray
uRun: [ISUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
uRun: [Google Update] "c:\users\carly\appdata\local\google\update\GoogleUpdate.exe" /c
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [ECenter] c:\dell\e-center\EULALauncher.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [OEM02Mon.exe] c:\windows\OEM02Mon.exe
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [PCMService] "c:\program files\dell\mediadirect\PCMService.exe"
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [SearchSettings] c:\program files\search settings\SearchSettings.exe
mRun: [WPCUMI] c:\windows\system32\WpcUmi.exe
mRun: [USB Storage Toolbox] c:\windows\umstor\Res.EXE
mRun: [lxdwmon.exe] "c:\program files\lexmark 7600 series\lxdwmon.exe"
mRun: [lxdwamon] "c:\program files\lexmark 7600 series\lxdwamon.exe"
mRun: [Lexmark 7600 Series Fax Server] "c:\program files\lexmark 7600 series\fm3032.exe" /s
mRun: [SigmatelSysTrayApp] sttray.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [<NO NAME>]
mRun: [ApnUpdater] "c:\program files\ask.com\updater\Updater.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\imagem~1.lnk - c:\program files\pixela\imagemixer 3 se ver.5\transfer utility\CameraMonitor.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\quickset.lnk - c:\program files\dell\quickset\quickset.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
LSP: c:\windows\system32\wpclsp.dll
LSP: c:\program files\avira\antivir desktop\avsda.dll
Trusted Zone: select2perform.com\www
DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} - hxxp://upload.facebook.com/controls/FacebookPhotoUploader3.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{C37D9D63-59E5-422E-B403-1256F3CECCCD} : DhcpNameServer = 192.168.0.1
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} -
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
AppInit_DLLs: AVGRSSTX.DLL c:\progra~1\google\google~2\GOEC62~1.DLL
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
mASetup: {582610B8-E496-4813-993C-4B027173FE38} - c:\program files\pixiepack codec pack\InstallerHelper.exe
.
============= SERVICES / DRIVERS ===============
.
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2010-8-3 64288]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\SASDIFSV.SYS [2011-7-12 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCORE.EXE [2011-5-4 123264]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2011-7-25 136360]
R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2011-7-25 269480]
R2 AntiVirWebService;Avira AntiVir WebGuard;c:\program files\avira\antivir desktop\avwebgrd.exe [2011-7-26 428200]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2011-7-25 66616]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-9-15 21504]
S3 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr.sys [2010-1-13 54632]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-4-28 704872]
S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [2010-1-7 36608]
S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\google\google desktop search\GoogleDesktop.exe [2007-9-30 30192]
S3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\drivers\netaapl.sys [2011-5-10 18432]
.
=============== Created Last 30 ================
.
2011-08-04 17:38:13 -------- d-----w- c:\programdata\!SASCORE
2011-07-28 22:54:26 -------- d-----w- c:\program files\VS Revo Group
2011-07-28 19:09:50 -------- d-----w- c:\program files\iPod
2011-07-28 19:09:44 -------- d-----w- c:\program files\iTunes
2011-07-28 19:05:59 -------- d-----w- c:\program files\Bonjour
2011-07-28 19:04:04 -------- d-----w- c:\users\carly\appdata\local\AskToolbar
2011-07-28 19:03:40 -------- d-----w- c:\program files\Ask.com
2011-07-28 19:03:40 -------- d-----w- C:\Firefox
2011-07-26 20:37:49 979456 ----a-w- c:\windows\system32\MFH264Dec.dll
2011-07-26 20:33:33 369664 ----a-w- c:\windows\system32\WMPhoto.dll
2011-07-26 20:33:33 252928 ----a-w- c:\windows\system32\dxdiag.exe
2011-07-26 20:33:33 195584 ----a-w- c:\windows\system32\dxdiagn.dll
2011-07-26 20:33:32 519680 ----a-w- c:\windows\system32\d3d11.dll
2011-07-26 20:33:32 321024 ----a-w- c:\windows\system32\PhotoMetadataHandler.dll
2011-07-26 20:33:32 189440 ----a-w- c:\windows\system32\WindowsCodecsExt.dll
2011-07-26 20:33:31 974848 ----a-w- c:\windows\system32\WindowsCodecs.dll
2011-07-26 18:36:14 -------- d-----w- c:\users\carly\appdata\roaming\SUPERAntiSpyware.com
2011-07-26 18:36:14 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2011-07-26 18:36:04 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-07-26 18:34:11 -------- d-----w- c:\users\carly\appdata\roaming\Malwarebytes
2011-07-26 18:33:59 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-07-26 18:33:57 -------- d-----w- c:\programdata\Malwarebytes
2011-07-26 18:33:54 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-07-26 18:33:54 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-07-26 01:28:45 -------- d-----w- c:\users\carly\appdata\roaming\Avira
2011-07-26 01:22:56 66616 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2011-07-26 01:22:32 -------- d-----w- c:\programdata\Avira
2011-07-26 01:22:32 -------- d-----w- c:\program files\Avira
2011-07-25 21:06:14 7074640 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{f6c6aa0c-db4c-496d-9ca1-97d9362af7b7}\mpengine.dll
2011-07-24 16:56:22 -------- d-----w- c:\program files\Free M4a to MP3 Converter
2011-07-24 16:54:51 -------- d-----w- c:\program files\Solid YouTube to MP3 Converter
2011-07-20 13:00:11 -------- d-----w- c:\program files\Picaboo X
2011-07-13 12:58:29 508416 ----a-w- c:\windows\system32\drivers\bthport.sys
2011-07-13 12:58:28 30208 ----a-w- c:\windows\system32\drivers\BTHUSB.SYS
2011-07-13 12:58:24 2043392 ----a-w- c:\windows\system32\win32k.sys
2011-07-13 12:58:21 49152 ----a-w- c:\windows\system32\csrsrv.dll
2011-07-13 12:58:21 375808 ----a-w- c:\windows\system32\winsrv.dll
2011-07-12 15:20:54 83816 ----a-w- c:\windows\system32\dns-sd.exe
2011-07-12 15:20:54 73064 ----a-w- c:\windows\system32\dnssd.dll
.
==================== Find3M ====================
.
2011-07-26 20:37:49 357376 ----a-w- c:\windows\system32\MFHEAACdec.dll
2011-07-26 20:33:35 4096 ----a-w- c:\windows\system32\drivers\en-us\dxgkrnl.sys.mui
2011-07-02 17:28:37 101720 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2011-06-24 13:17:26 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-06-22 20:29:40 44544 ----a-w- c:\windows\system32\agremove.exe
2011-06-18 23:50:44 57752 ----a-w- c:\windows\system32\rpcnet.dll
2011-05-24 23:14:10 222080 ----a-w- c:\windows\system32\MpSigStub.exe
2010-10-01 06:11:56 462112 ----a-w- c:\program files\common files\ZugoInstaller.exe
.
============= FINISH: 8:34:01.48 ===============


.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-06-23.01)
.
Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume3
Install Date: 30/09/2007 10:59:47 AM
System Uptime: 08/08/2011 8:07:12 AM (0 hours ago)
.
Motherboard: Dell Inc. | | 0GU163
Processor: AMD Turion™ 64 X2 Mobile Technology TL-56 | Microprocessor | 1800/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 136 GiB total, 40.478 GiB free.
D: is FIXED (NTFS) - 10 GiB total, 5.571 GiB free.
E: is CDROM ()
F: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID:
Description:
Device ID: ROOT\RADIALPOINT\0000
Manufacturer:
Name:
PNP Device ID: ROOT\RADIALPOINT\0000
Service:
.
==== System Restore Points ===================
.
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Illustrator CS
Adobe Reader 8.3.0
Adobe Shockwave Player
Adobe SVG Viewer 3.0
Advanced Audio FX Engine
Advanced Video FX Engine
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Ask Toolbar
ATI Catalyst Control Center
ATI PCI Express (3GIO) Filter Driver
Avira AntiVir Personal - Free Antivirus
BearShare
Bonjour
Broadcom Management Programs
Browser Address Error Redirector
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Localization Chinese Standard
Catalyst Control Center Localization Chinese Traditional
Catalyst Control Center Localization Danish
Catalyst Control Center Localization Dutch
Catalyst Control Center Localization Finnish
Catalyst Control Center Localization French
Catalyst Control Center Localization German
Catalyst Control Center Localization Italian
Catalyst Control Center Localization Japanese
Catalyst Control Center Localization Korean
Catalyst Control Center Localization Norwegian
Catalyst Control Center Localization Portuguese
Catalyst Control Center Localization Russian
Catalyst Control Center Localization Spanish
Catalyst Control Center Localization Swedish
ccc-Branding
ccc-core-static
ccc-utility
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCleaner (remove only)
CCScore
Clip Extractor 3.1.0.0
Clip Extractor DB Toolbar
Computrace
Conexant HDA D330 MDC V.92 Modem
Dell DataSafe Online
Dell System Customization Wizard
Dell Touchpad
DELL Webcam Center
DELL Webcam Manager
Dell Wireless WLAN Card
DellSupport
DicomWorks 1.3.5b
Digital Line Detect
Digital Media Converter 3.1
DivX Plus DirectShow Filters
DivX Setup
ESSBrwr
ESSCDBK
ESScore
ESSgui
ESSini
ESSPCD
ESSPDock
ESSTOOLS
essvatgt
Games, Music, & Photos Launcher
Google Chrome
Google Desktop
Google Toolbar for Internet Explorer
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
ImageMixer 3 SE Ver.5 Transfer Utility
iPhone Configuration Utility
iTunes
Java Auto Updater
Java™ 6 Update 24
Java™ SE Runtime Environment 6
Junk Mail filter update
Laptop Integrated Webcam Driver (1.02.01.0612)
Lexmark 7600 Series
Lexmark Printable Web
Lexmark Toolbar
Lexmark Tools for Office
Live! Cam Avatar Creator
Live! Cam Avatar v1.0
Magic Berry
Malwarebytes' Anti-Malware version 1.51.1.1800
MediaDirect
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Home and Student 2007
Microsoft Office Live Add-in 1.3
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
MobileMe Control Panel
Modem Diagnostic Tool
MSVCRT
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Music Transfer Utility Ver.2
netbrdg
NetWaiting
OfotoXMI
OGA Notifier 2.0.0048.0
OutlookAddinSetup
Picaboo 2.5
Picaboo X
Picture Package Music Transfer
PixiePack Codec Pack
Pixtorio Viewer
Product Documentation Launcher
QuickSet
QuickTime
Revo Uninstaller 1.92
Roxio Creator Audio
Roxio Creator BDAV Plugin
Roxio Creator Copy
Roxio Creator Tools
Roxio Drag-to-Disc
Roxio Express Labeler
Roxio Update Manager
RPS CRT
Safari
Search Settings 1.2
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB2509488)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft Office 2007 System (KB2541012)
Security Update for Microsoft Office Excel 2007 (KB2541007)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB2535818)
Security Update for Microsoft Office PowerPoint Viewer 2007 (KB2464623)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
SFR
SHASTA
SigmaTel Audio
skin0001
Skins
SKINXSDK
Skype™ 5.3
Sonic Activation Module
Sony Picture Utility
staticcr
StudioTax 2008
StudioTax 2010
SUPERAntiSpyware
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2007 System (KB2539530)
Update for Microsoft Office OneNote 2007 (KB980729)
USB Disk Win98 Driver
User's Guides
VC80CRTRedist - 8.0.50727.4053
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
VPRINTOL
WIDCOMM Bluetooth Software 6.0.1.3100
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live Mail
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Toolbar
Windows Live Upload Tool
Windows Live Writer
WinRAR archiver
WIRELESS
Xilisoft Video Converter Platinum 6
XviD & MP3 Codec Pack (remove only)
XviD MPEG-4 Video Codec
YouTube Downloader 2.6.3
.
==== Event Viewer Messages From Past Week ========
.
07/08/2011 12:21:05 PM, Error: Microsoft-Windows-PrintSpooler [6161] - The document www.equifax.com/ecm/canada/EFXCreditReportRequestForm.pdf, owned by Carly, failed to print on printer Lexmark 7600 Series (Network). Try to print the document again, or restart the print spooler. Data type: LEMF. Size of the spool file in bytes: 2776330. Number of bytes printed: 0. Total number of pages in the document: 1. Number of pages printed: 0. Client computer: \\CARLY-PC. Win32 error code returned by the print processor: 0. The operation completed successfully.
04/08/2011 1:35:53 PM, Error: EventLog [6008] - The previous system shutdown at 12:28:07 PM on 04/08/2011 was unexpected.
03/08/2011 2:05:33 PM, Error: EventLog [6008] - The previous system shutdown at 12:05:14 PM on 03/08/2011 was unexpected.
01/08/2011 1:50:57 PM, Error: EventLog [6008] - The previous system shutdown at 1:45:00 PM on 01/08/2011 was unexpected.
.
==== End Of File ===========================



GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2011-08-08 09:33:59
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 FUJITSU_MHW2160BH rev.0085001C
Running: gmer.exe; Driver: C:\Users\Carly\AppData\Local\Temp\kgloqpod.sys


---- System - GMER 1.0.15 ----

SSDT 8CC49846 ZwCreateSection
SSDT 8CC4984B ZwSetContextThread
SSDT \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS ZwTerminateProcess [0x8CE9C640]

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!KeSetEvent + 215 824FE998 4 Bytes [46, 98, C4, 8C]
.text ntkrnlpa.exe!KeSetEvent + 56D 824FECF0 4 Bytes [4B, 98, C4, 8C]
.text ntkrnlpa.exe!KeSetEvent + 621 824FEDA4 4 Bytes [40, C6, E9, 8C]
? C:\Users\Carly\AppData\Local\Temp\mbr.sys The system cannot find the file specified. !

---- User code sections - GMER 1.0.15 ----

.text C:\Users\Carly\AppData\Local\Google\Chrome\Application\chrome.exe[5900] ntdll.dll!NtCreateFile + 6 77CA422A 4 Bytes [28, 00, 06, 00]
.text C:\Users\Carly\AppData\Local\Google\Chrome\Application\chrome.exe[5900] ntdll.dll!NtCreateFile + B 77CA422F 1 Byte [E2]
.text C:\Users\Carly\AppData\Local\Google\Chrome\Application\chrome.exe[5900] ntdll.dll!NtMapViewOfSection + 6 77CA497A 1 Byte [28]
.text C:\Users\Carly\AppData\Local\Google\Chrome\Application\chrome.exe[5900] ntdll.dll!NtMapViewOfSection + 6 77CA497A 4 Bytes [28, 03, 06, 00]
.text C:\Users\Carly\AppData\Local\Google\Chrome\Application\chrome.exe[5900] ntdll.dll!NtMapViewOfSection + B 77CA497F 1 Byte [E2]
.text C:\Users\Carly\AppData\Local\Google\Chrome\Application\chrome.exe[5900] ntdll.dll!NtOpenFile + 6 77CA4A0A 4 Bytes [68, 00, 06, 00]
.text C:\Users\Carly\AppData\Local\Google\Chrome\Application\chrome.exe[5900] ntdll.dll!NtOpenFile + B 77CA4A0F 1 Byte [E2]
.text C:\Users\Carly\AppData\Local\Google\Chrome\Application\chrome.exe[5900] ntdll.dll!NtOpenProcess + 6 77CA4A8A 4 Bytes [A8, 01, 06, 00]
.text C:\Users\Carly\AppData\Local\Google\Chrome\Application\chrome.exe[5900] ntdll.dll!NtOpenProcess + B 77CA4A8F 1 Byte [E2]
.text C:\Users\Carly\AppData\Local\Google\Chrome\Application\chrome.exe[5900] ntdll.dll!NtOpenProcessToken + 6 77CA4A9A 4 Bytes CALL 76CA50A0 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Users\Carly\AppData\Local\Google\Chrome\Application\chrome.exe[5900] ntdll.dll!NtOpenProcessToken + B 77CA4A9F 1 Byte [E2]
.text C:\Users\Carly\AppData\Local\Google\Chrome\Application\chrome.exe[5900] ntdll.dll!NtOpenProcessTokenEx + 6 77CA4AAA 4 Bytes [A8, 02, 06, 00]
.text C:\Users\Carly\AppData\Local\Google\Chrome\Application\chrome.exe[5900] ntdll.dll!NtOpenProcessTokenEx + B 77CA4AAF 1 Byte [E2]
.text C:\Users\Carly\AppData\Local\Google\Chrome\Application\chrome.exe[5900] ntdll.dll!NtOpenThread + 6 77CA4AFA 4 Bytes [68, 01, 06, 00]
.text C:\Users\Carly\AppData\Local\Google\Chrome\Application\chrome.exe[5900] ntdll.dll!NtOpenThread + B 77CA4AFF 1 Byte [E2]
.text C:\Users\Carly\AppData\Local\Google\Chrome\Application\chrome.exe[5900] ntdll.dll!NtOpenThreadToken + 6 77CA4B0A 4 Bytes [68, 02, 06, 00]
.text C:\Users\Carly\AppData\Local\Google\Chrome\Application\chrome.exe[5900] ntdll.dll!NtOpenThreadToken + B 77CA4B0F 1 Byte [E2]
.text C:\Users\Carly\AppData\Local\Google\Chrome\Application\chrome.exe[5900] ntdll.dll!NtOpenThreadTokenEx + 6 77CA4B1A 4 Bytes CALL 76CA5121 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Users\Carly\AppData\Local\Google\Chrome\Application\chrome.exe[5900] ntdll.dll!NtOpenThreadTokenEx + B 77CA4B1F 1 Byte [E2]
.text C:\Users\Carly\AppData\Local\Google\Chrome\Application\chrome.exe[5900] ntdll.dll!NtQueryAttributesFile + 6 77CA4BAA 4 Bytes [A8, 00, 06, 00]
.text C:\Users\Carly\AppData\Local\Google\Chrome\Application\chrome.exe[5900] ntdll.dll!NtQueryAttributesFile + B 77CA4BAF 1 Byte [E2]
.text C:\Users\Carly\AppData\Local\Google\Chrome\Application\chrome.exe[5900] ntdll.dll!NtQueryFullAttributesFile + 6 77CA4C5A 4 Bytes CALL 76CA525F C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Users\Carly\AppData\Local\Google\Chrome\Application\chrome.exe[5900] ntdll.dll!NtQueryFullAttributesFile + B 77CA4C5F 1 Byte [E2]
.text C:\Users\Carly\AppData\Local\Google\Chrome\Application\chrome.exe[5900] ntdll.dll!NtSetInformationFile + 6 77CA513A 4 Bytes [28, 01, 06, 00]
.text C:\Users\Carly\AppData\Local\Google\Chrome\Application\chrome.exe[5900] ntdll.dll!NtSetInformationFile + B 77CA513F 1 Byte [E2]
.text C:\Users\Carly\AppData\Local\Google\Chrome\Application\chrome.exe[5900] ntdll.dll!NtSetInformationThread + 6 77CA518A 4 Bytes [28, 02, 06, 00]
.text C:\Users\Carly\AppData\Local\Google\Chrome\Application\chrome.exe[5900] ntdll.dll!NtSetInformationThread + B 77CA518F 1 Byte [E2]
.text C:\Users\Carly\AppData\Local\Google\Chrome\Application\chrome.exe[5900] ntdll.dll!NtUnmapViewOfSection + 6 77CA542A 1 Byte [68]
.text C:\Users\Carly\AppData\Local\Google\Chrome\Application\chrome.exe[5900] ntdll.dll!NtUnmapViewOfSection + 6 77CA542A 4 Bytes [68, 03, 06, 00]
.text C:\Users\Carly\AppData\Local\Google\Chrome\Application\chrome.exe[5900] ntdll.dll!NtUnmapViewOfSection + B 77CA542F 1 Byte [E2]

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation)
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001c26f0f52b
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001c26f0f52b@001ccc257a95 0xB3 0x7B 0x02 0xB1 ...
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\001c26f0f52b (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\001c26f0f52b@001ccc257a95 0xB3 0x7B 0x02 0xB1 ...

---- EOF - GMER 1.0.15 ----

#4 CarlyBenj

CarlyBenj
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:09:13 AM

Posted 08 August 2011 - 10:10 AM

and yes I do have my original Windows CD available.

#5 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:10:13 AM

Posted 08 August 2011 - 08:19 PM

Hi,

Please do the following

Refer to the ComboFix User's Guide

  • Download ComboFix from one of these locations:

    Link 1
    Link 2

    * IMPORTANT !!! Place ComboFix.exe on your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.


    You can get help on disabling your protection programs here
  • Double click on ComboFix.exe & follow the prompts.
  • Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.
  • When finished, it shall produce a log for you. Post that log in your next reply

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.


    ---------------------------------------------------------------------------------------------
  • Ensure your AntiVirus and AntiSpyware applications are re-enabled.

    ---------------------------------------------------------------------------------------------

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#6 CarlyBenj

CarlyBenj
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:09:13 AM

Posted 08 August 2011 - 09:25 PM

thanks!


ComboFix 11-08-08.03 - Carly 08/08/2011 22:03:01.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.2.1033.18.1917.1130 [GMT -4:00]
Running from: c:\users\Carly\Desktop\ComboFix.exe
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Search Settings
c:\program files\Search Settings\kb127\SearchSettings.dll
c:\program files\Search Settings\kb127\SearchSettingsRes409.dll
c:\program files\Search Settings\SearchSettings.exe
c:\programdata\shs_setup_4059-354328.exe
c:\programdata\SPL1006.tmp
c:\programdata\SPL585B.tmp
c:\windows\Downloaded Program Files\f3initialsetup1.0.1.1.inf
.
.
((((((((((((((((((((((((( Files Created from 2011-07-09 to 2011-08-09 )))))))))))))))))))))))))))))))
.
.
2011-08-09 02:17 . 2011-08-09 02:18 -------- d-----w- c:\users\Carly\AppData\Local\temp
2011-08-09 02:17 . 2011-08-09 02:17 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-08-04 17:38 . 2011-08-04 17:38 -------- d-----w- c:\programdata\!SASCORE
2011-07-28 22:54 . 2011-07-28 22:54 -------- d-----w- c:\program files\VS Revo Group
2011-07-28 19:09 . 2011-07-28 19:09 -------- d-----w- c:\program files\iPod
2011-07-28 19:09 . 2011-07-28 19:11 -------- d-----w- c:\program files\iTunes
2011-07-28 19:05 . 2011-07-28 19:06 -------- d-----w- c:\program files\Bonjour
2011-07-28 19:04 . 2011-07-28 19:04 -------- d-----w- c:\users\Carly\AppData\Local\AskToolbar
2011-07-28 19:03 . 2011-07-28 19:04 -------- d-----w- c:\program files\Ask.com
2011-07-28 19:03 . 2011-07-28 19:03 -------- d-----w- C:\Firefox
2011-07-28 19:02 . 2011-07-28 19:02 -------- d-----w- c:\program files\Apple Software Update
2011-07-26 20:37 . 2011-07-26 20:37 979456 ----a-w- c:\windows\system32\MFH264Dec.dll
2011-07-26 20:33 . 2011-07-26 20:33 369664 ----a-w- c:\windows\system32\WMPhoto.dll
2011-07-26 20:33 . 2011-07-26 20:33 252928 ----a-w- c:\windows\system32\dxdiag.exe
2011-07-26 20:33 . 2011-07-26 20:33 195584 ----a-w- c:\windows\system32\dxdiagn.dll
2011-07-26 20:33 . 2011-07-26 20:33 519680 ----a-w- c:\windows\system32\d3d11.dll
2011-07-26 20:33 . 2011-07-26 20:33 321024 ----a-w- c:\windows\system32\PhotoMetadataHandler.dll
2011-07-26 20:33 . 2011-07-26 20:33 189440 ----a-w- c:\windows\system32\WindowsCodecsExt.dll
2011-07-26 20:33 . 2011-07-26 20:33 974848 ----a-w- c:\windows\system32\WindowsCodecs.dll
2011-07-26 18:36 . 2011-07-26 18:36 -------- d-----w- c:\users\Carly\AppData\Roaming\SUPERAntiSpyware.com
2011-07-26 18:36 . 2011-07-26 18:36 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2011-07-26 18:36 . 2011-08-04 17:38 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-07-26 18:34 . 2011-07-26 18:34 -------- d-----w- c:\users\Carly\AppData\Roaming\Malwarebytes
2011-07-26 18:33 . 2011-07-06 23:52 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-07-26 18:33 . 2011-07-26 18:33 -------- d-----w- c:\programdata\Malwarebytes
2011-07-26 18:33 . 2011-07-26 18:34 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-07-26 18:33 . 2011-07-06 23:52 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-07-26 01:28 . 2011-07-26 01:28 -------- d-----w- c:\users\Carly\AppData\Roaming\Avira
2011-07-26 01:22 . 2011-07-26 20:21 138192 ----a-w- c:\windows\system32\drivers\avipbb.sys
2011-07-26 01:22 . 2011-07-26 20:21 66616 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2011-07-26 01:22 . 2011-07-28 19:04 -------- d-----w- c:\programdata\Avira
2011-07-26 01:22 . 2011-07-26 01:22 -------- d-----w- c:\program files\Avira
2011-07-25 21:06 . 2011-06-07 15:55 7074640 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F6C6AA0C-DB4C-496D-9CA1-97D9362AF7B7}\mpengine.dll
2011-07-24 16:56 . 2011-07-24 16:56 -------- d-----w- c:\program files\Free M4a to MP3 Converter
2011-07-24 16:54 . 2011-07-24 16:54 -------- d-----w- c:\program files\Solid YouTube to MP3 Converter
2011-07-20 13:00 . 2011-07-20 13:00 -------- d-----w- c:\program files\Picaboo X
2011-07-13 12:58 . 2011-04-21 13:55 508416 ----a-w- c:\windows\system32\drivers\bthport.sys
2011-07-13 12:58 . 2009-06-17 13:23 30208 ----a-w- c:\windows\system32\drivers\BTHUSB.SYS
2011-07-13 12:58 . 2011-06-02 13:34 2043392 ----a-w- c:\windows\system32\win32k.sys
2011-07-13 12:58 . 2011-04-20 15:55 375808 ----a-w- c:\windows\system32\winsrv.dll
2011-07-13 12:58 . 2011-04-20 15:50 49152 ----a-w- c:\windows\system32\csrsrv.dll
2011-07-12 15:20 . 2011-07-12 15:20 83816 ----a-w- c:\windows\system32\dns-sd.exe
2011-07-12 15:20 . 2011-07-12 15:20 73064 ----a-w- c:\windows\system32\dnssd.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-07-26 20:33 . 2011-07-26 20:33 4096 ----a-w- c:\windows\system32\drivers\en-US\dxgkrnl.sys.mui
2011-07-02 17:28 . 2010-08-03 09:10 101720 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2011-06-24 13:17 . 2011-05-17 18:49 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-06-22 20:29 . 2011-06-22 20:29 44544 ----a-w- c:\windows\system32\agremove.exe
2011-06-18 23:50 . 2008-03-24 01:39 57752 ----a-w- c:\windows\system32\rpcnet.dll
2011-05-24 23:14 . 2009-10-02 18:56 222080 ----a-w- c:\windows\system32\MpSigStub.exe
2010-10-01 06:11 . 2010-12-01 02:34 462112 ----a-w- c:\program files\Common Files\ZugoInstaller.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2011-07-09 11:13 1493160 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2011-07-09 1493160]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2011-07-09 1493160]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2008-10-24 206112]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ECenter"="c:\dell\E-Center\EULALauncher.exe" [2007-05-25 17920]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-04-28 857648]
"OEM02Mon.exe"="c:\windows\OEM02Mon.exe" [2007-05-10 36864]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2007-03-21 1548288]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2008-10-24 79136]
"PCMService"="c:\program files\Dell\MediaDirect\PCMService.exe" [2007-09-21 184320]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-08-10 30192]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656]
"WPCUMI"="c:\windows\system32\WpcUmi.exe" [2006-11-02 176128]
"USB Storage Toolbox"="c:\windows\UMStor\Res.EXE" [2005-09-15 65536]
"lxdwmon.exe"="c:\program files\Lexmark 7600 Series\lxdwmon.exe" [2010-02-10 676520]
"lxdwamon"="c:\program files\Lexmark 7600 Series\lxdwamon.exe" [2010-02-10 16040]
"Lexmark 7600 Series Fax Server"="c:\program files\Lexmark 7600 Series\fm3032.exe" [2010-02-10 311976]
"SigmatelSysTrayApp"="sttray.exe" [2007-03-06 303104]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-03-21 1230704]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-04-21 281768]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2011-05-27 40368]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"ApnUpdater"="c:\program files\Ask.com\Updater\Updater.exe" [2011-07-09 397992]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-07-19 421736]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2011-3-16 110592]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2007-9-30 50688]
ImageMixer 3 SE Camera Monitor Ver.5.lnk - c:\program files\PIXELA\ImageMixer 3 SE Ver.5\Transfer Utility\CameraMonitor.exe [2011-6-27 253952]
QuickSet.lnk - c:\program files\Dell\QuickSet\quickset.exe [2007-7-20 1180952]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-08-04 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=AVGRSSTX.DLL c:\progra~1\GOOGLE\GOOGLE~2\GOEC62~1.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
R3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.SYS [2008-11-03 36608]
R3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2010-08-10 30192]
R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys [x]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl.sys [2010-04-20 18432]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2010-07-12 64288]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2011-08-04 12880]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2011-07-12 67664]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [2011-08-04 123264]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2011-04-21 136360]
S2 AntiVirWebService;Avira AntiVir WebGuard;c:\program files\Avira\AntiVir Desktop\AVWEBGRD.EXE [2011-07-26 428200]
S2 lxdw_device;lxdw_device;c:\windows\system32\lxdwcoms.exe [2009-10-16 594600]
S2 lxdwCATSCustConnectService;lxdwCATSCustConnectService;c:\windows\system32\spool\DRIVERS\W32X86\3\\lxdwserv.exe [2009-10-16 98984]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{582610B8-E496-4813-993C-4B027173FE38}]
2008-02-08 14:53 7680 ----a-w- c:\program files\PixiePack Codec Pack\InstallerHelper.exe
.
Contents of the 'Scheduled Tasks' folder
.
2011-08-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-176520208-456663055-2915200904-1000Core.job
- c:\users\Carly\AppData\Local\Google\Update\GoogleUpdate.exe [2011-07-28 19:54]
.
2011-08-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-176520208-456663055-2915200904-1000UA.job
- c:\users\Carly\AppData\Local\Google\Update\GoogleUpdate.exe [2011-07-28 19:54]
.
2010-12-17 c:\windows\Tasks\User_Feed_Synchronization-{2FDEC5B7-6849-4399-BC4C-52D9F0FE1A9E}.job
- c:\windows\system32\msfeedssync.exe [2011-07-26 20:40]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.facebook.com/
mStart Page = hxxp://www.bigseekpro.com/clipextractor/{31A084AE-8686-4087-B2EE-3DA1660781A7}
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
LSP: c:\windows\system32\wpclsp.dll
LSP: c:\program files\Avira\AntiVir Desktop\avsda.dll
Trusted Zone: select2perform.com\www
TCP: DhcpNameServer = 192.168.0.1
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} -
.
- - - - ORPHANS REMOVED - - - -
.
HKCU-Run-DellSupportCenter - c:\program files\Dell Support Center\bin\sprtcmd.exe
HKCU-Run-Tunebite - c:\program files\RapidSolution\Tunebite\Tunebite.exe
HKLM-Run-DellSupportCenter - c:\program files\Dell Support Center\bin\sprtcmd.exe
HKLM-Run-SearchSettings - c:\program files\Search Settings\SearchSettings.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-08-08 22:17
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2011-08-08 22:24:35
ComboFix-quarantined-files.txt 2011-08-09 02:24
.
Pre-Run: 45,785,886,720 bytes free
Post-Run: 45,788,053,504 bytes free
.
- - End Of File - - 665C34F1AE3114C797E15C0B59CB3B7A

#7 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:10:13 AM

Posted 08 August 2011 - 09:31 PM

Hi,

Please do the following:

  • Please open your MalwareBytes AntiMalware Program
  • Click the Update Tab and search for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected. <-- very important
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note:If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.



NEXT


Go here to run an online scanner from ESET.
  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activeX control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • When the scan completes, press the LIST OF THREATS FOUND button
  • Press EXPORT TO TEXT FILE , name the file ESETSCAN and save it to your desktop
  • Include the contents of this report in your next reply.
  • Press the BACK button.
  • Press Finish

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#8 CarlyBenj

CarlyBenj
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:09:13 AM

Posted 08 August 2011 - 10:11 PM

Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org

Database version: 7414

Windows 6.0.6002 Service Pack 2
Internet Explorer 9.0.8112.16421

08/08/2011 10:59:21 PM
mbam-log-2011-08-08 (22-59-21).txt

Scan type: Quick scan
Objects scanned: 169257
Time elapsed: 6 minute(s), 25 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


Doing next scan now.

#9 CarlyBenj

CarlyBenj
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:09:13 AM

Posted 09 August 2011 - 07:30 AM

Hey, I ran the ESET scanner last night, it went quick until it found a threat "Win32/Toolbar.Zugo application" that was at about 31%... I went to bed b/c it was taking forever. When I checked this AM it had frozen (and according to my time screensaver this was just moments after I went to bed...) I ran it again this AM this time it went quick until it found the same threat, this time at 36% (that tool 16 mins to scan), it has now been a total of 1 hr 20 mins and it's only at 37%, so it's taken over 1 hr to do 1%, it's not frozen but it seems to be going REALLY slow... What should I do?

#10 CarlyBenj

CarlyBenj
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:09:13 AM

Posted 09 August 2011 - 10:11 AM

Ok, so after 3hrs! The scan got to 46% (with just that 1 threat found) and then froze!... What do I do now? I have been taking pictures of the progress, not sure if that's of any use...

#11 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:10:13 AM

Posted 09 August 2011 - 05:43 PM

Give f-secure a try

  • Go to http://support.f-secure.com/enu/home/ols.shtml
  • Scroll to the bottom of the page and click the Start scanning button. A window will pop up.
  • Allow the Active X control to be installed on your computer, then click the Accept button
  • Click Full System Scan and allow the components to download and the scan to complete.
  • If malware is found, uncheck Submit samples to F-Secure then select Automatic cleaning
  • When cleaning has finished, click Show report (this will open an Internet Explorer window containing the report)
  • Highlight and Copy (CTRL + C) the complete report, and Paste (CTRL + V) in a new reply to this post

Notes:
  • You must have administrator rights to run this scan
  • This scan can take a while, so please be patient

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#12 CarlyBenj

CarlyBenj
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:09:13 AM

Posted 09 August 2011 - 06:38 PM

k, ran it and after 10 mins froze :(
now what?
try again?

#13 CarlyBenj

CarlyBenj
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:09:13 AM

Posted 09 August 2011 - 06:52 PM

I just ran it again using EI (I was using Chrome before) this time I got the following error:

“F-Secure online Scanner 4.2 encountered an error
The program could not download all the necessary files. Make sure that you are connected to the internet. If this error repeats, contact the support. (error id:27)”

#14 CarlyBenj

CarlyBenj
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:09:13 AM

Posted 09 August 2011 - 07:02 PM

Tried to restart my computer and the fan blew loud and shut off (same thing it was originally doing...) it seems to be loading now but taking a long time, what should I do?

#15 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:10:13 AM

Posted 09 August 2011 - 07:50 PM

Take a look and make sure that your machine is clear of dust and debris, that can cause a lot of issues


Download and install the trial version of Kaspersky Antivirus and run it - you will need to uninstall Antivir to do so, but that can be re-installed once we are done


http://www.kaspersky.com/anti-virus_trial

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users