Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Windows 7 Virus ?


  • This topic is locked This topic is locked
9 replies to this topic

#1 visoki

visoki

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:03:39 AM

Posted 30 September 2011 - 06:22 PM

All my file extension's change to Ink. How can I rectify it , any information greatly appreciated Thank you.

Edited by Orange Blossom, 01 October 2011 - 01:11 AM.
Moved to AII from log forum. ~ OB


BC AdBot (Login to Remove)

 


#2 jntkwx

jntkwx

  • Malware Response Team
  • 4,339 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New England, U.S.A.
  • Local time:04:39 AM

Posted 01 October 2011 - 08:09 AM

Hi visoki,

:welcome: to Bleeping Computer.

My name is Jason and I'll be helping you with your computer problems. You can call me by my screename jntkwx or Jason is fine.

Some things to remember while we are working together.

  • Do not run any other tool untill instructed to do so!
  • Please do not attach logs or put logs in code boxes.
  • Tell me about any problems that have occurred during the fix.
  • Tell me of any other symptoms you may be having as these can also help.
  • Do not run anything while running a fix.
  • If you don't understand a step, please ask for clarification before continuing with any future steps.

Click on the Watch Topic button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.

Note to others: The instructions here are intended for the person who began this topic. If you need help, please create your own topic in the appropriate forum.

 

:step1: Download and run exeHelper.

  • Please download exeHelper from Raktor to your desktop.
  • Double-click on exeHelper.com to run the fix.
  • A black window should pop up, press any key to close once the fix is completed.
  • A log file named log.txt will be created in the directory where you ran exeHelper.com
  • Attach the log.txt file to your next message.

Note: If the window shows a message that says "Error deleting file", please re-run the program before posting a log - and post the two logs together (they will both be in the one file).

:step2: Please download MiniToolBox and run it.

Checkmark following boxes:
  • Report IE Proxy Settings
  • Report FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List last 10 Event Viewer Log Errors
  • List Installed Programs
  • List Users, Partitions and Memory size
Click Go . Please put code boxes around just this entire log, like this, but without the letter x: [xcode] MiniToolBox log [/xcode]

:step3: Please download Malwarebytes Anti-Malware and save it to your desktop.
Download Link 1
Download Link 2MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
    For instructions with screenshots, please refer to the How to use Malwarebytes' Anti-Malware Guide.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
  • Exit MBAM when done.
Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.

Troubleshoot Malwarebytes' Anti-Malware

:step4: Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.

    Posted Image
  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and be sure to re-enable your anti-virus, Firewall and any other security programs you had disabled.

IMPORTANT! If for some reason GMER refuses to run, try again.
If it still fails, try to UN-check "Devices" in right pane.
If still no joy, try to run it from Safe Mode.


In your next reply, please include:
  • exeHelper log
  • MiniToolBox log
  • Malwarebytes log
  • GMER log
  • How's your computer running now?

Regards,
Jason

 

Simple and easy ways to keep your computer safe and secure on the Internet

If I am helping you and have not returned in 48 hours, please feel free to send me a PM with a link to the topic.
My help is free... however, if you wish to show appreciation and support me personally fighting against malware, please consider a donation: btn_donate_SM.gif


#3 visoki

visoki
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:03:39 AM

Posted 01 October 2011 - 02:22 PM

jntkwx thank you for your information. I did everything you suggested to best of my knowledge. My file extensions did not change, and here are included log's that I have. Thank you for your help.
cexeHelper by Raktor
Build 20100414
Run at 13:08:42 on 10/01/11
Now searching...
Checking for numerical processes...
Checking for sysguard processes...
Checking for bad processes...
Checking for bad files...
Checking for bad registry entries...
Resetting filetype association for .exe
Resetting filetype association for .com
Resetting userinit and shell values...
Resetting policies...
--Finished--
MiniToolBox by Farbar
Ran by Roman's Computer (administrator) on 01-10-2011 at 13:15:39
Windows 7 Home Premium Service Pack 1 (X86)

***************************************************************************

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

========================= FF Proxy Settings: ==============================

========================= Hosts content: =================================

::1 localhost

127.0.0.1 localhost

========================= IP Configuration: ================================

# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled


popd
# End of IPv4 configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : RomansComput-PC
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Broadcast
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : gateway.2wire.net

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . : gateway.2wire.net
Description . . . . . . . . . . . : Intel® 82566DC-2 Gigabit Network Connection
Physical Address. . . . . . . . . : 00-1D-60-9D-33-AA
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::9b:3711:eb61:f3db%10(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.2.25(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : October 1, 2011 7:30:42 AM
Lease Expires . . . . . . . . . . : October 4, 2011 7:30:42 AM
Default Gateway . . . . . . . . . : 192.168.2.1
DHCP Server . . . . . . . . . . . : 192.168.2.1
DHCPv6 IAID . . . . . . . . . . . : 201334112
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-12-8B-C0-B5-00-1D-60-9D-33-AA
DNS Servers . . . . . . . . . . . : 192.168.2.1
NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter isatap.gateway.2wire.net:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : gateway.2wire.net
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Teredo Tunneling Pseudo-Interface:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2001:0:4137:9e76:2432:3c7:476d:7b88(Preferred)
Link-local IPv6 Address . . . . . : fe80::2432:3c7:476d:7b88%11(Preferred)
Default Gateway . . . . . . . . . : ::
NetBIOS over Tcpip. . . . . . . . : Disabled
Server: mymodem
Address: 192.168.2.1

Name: google.com
Addresses: 74.125.226.81
74.125.226.82
74.125.226.80
74.125.226.83
74.125.226.84


Pinging google.com [74.125.226.81] with 32 bytes of data:
Reply from 74.125.226.81: bytes=32 time=17ms TTL=54
Reply from 74.125.226.81: bytes=32 time=15ms TTL=54

Ping statistics for 74.125.226.81:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 15ms, Maximum = 17ms, Average = 16ms
Server: mymodem
Address: 192.168.2.1

Name: yahoo.com
Addresses: 98.137.149.56
98.139.180.149
209.191.122.70
67.195.160.76
72.30.2.43


Pinging yahoo.com [98.137.149.56] with 32 bytes of data:
Reply from 98.137.149.56: bytes=32 time=141ms TTL=51
Reply from 98.137.149.56: bytes=32 time=96ms TTL=51

Ping statistics for 98.137.149.56:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 96ms, Maximum = 141ms, Average = 118ms

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
10...00 1d 60 9d 33 aa ......Intel® 82566DC-2 Gigabit Network Connection
1...........................Software Loopback Interface 1
17...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
11...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.2.1 192.168.2.25 20
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.2.0 255.255.255.0 On-link 192.168.2.25 276
192.168.2.25 255.255.255.255 On-link 192.168.2.25 276
192.168.2.255 255.255.255.255 On-link 192.168.2.25 276
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.2.25 276
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.2.25 276
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
11 58 ::/0 On-link
1 306 ::1/128 On-link
11 58 2001::/32 On-link
11 306 2001:0:4137:9e76:2432:3c7:476d:7b88/128
On-link
10 276 fe80::/64 On-link
11 306 fe80::/64 On-link
10 276 fe80::9b:3711:eb61:f3db/128
On-link
11 306 fe80::2432:3c7:476d:7b88/128
On-link
1 306 ff00::/8 On-link
11 306 ff00::/8 On-link
10 276 ff00::/8 On-link
===========================================================================
Persistent Routes:
None

========================= Event log errors: ===============================

Application errors:
==================
Error: (10/01/2011 01:11:30 PM) (Source: Windows Search Service) (User: )
Description: The index cannot be initialized.

Details:
The object you are trying to create already exists. Try again using a different name. (HRESULT : 0x80040d02) (0x80040d02)

Error: (10/01/2011 01:11:30 PM) (Source: Windows Search Service) (User: )
Description: The application cannot be initialized.

Context: Windows Application

Details:
The object you are trying to create already exists. Try again using a different name. (HRESULT : 0x80040d02) (0x80040d02)

Error: (10/01/2011 01:11:30 PM) (Source: Windows Search Service) (User: )
Description: The gatherer object cannot be initialized.

Context: Windows Application, SystemIndex Catalog

Details:
The object you are trying to create already exists. Try again using a different name. (HRESULT : 0x80040d02) (0x80040d02)

Error: (10/01/2011 00:56:28 PM) (Source: BackItUp5) (User: )
Description: Backup process failed.

Error: (10/01/2011 00:56:28 PM) (Source: BackItUp5) (User: )
Description: Job execution failed because the selected target for job does not exist.

Error: (10/01/2011 11:57:04 AM) (Source: Windows Search Service) (User: )
Description: The index cannot be initialized.

Details:
The object you are trying to create already exists. Try again using a different name. (HRESULT : 0x80040d02) (0x80040d02)

Error: (10/01/2011 11:57:04 AM) (Source: Windows Search Service) (User: )
Description: The application cannot be initialized.

Context: Windows Application

Details:
The object you are trying to create already exists. Try again using a different name. (HRESULT : 0x80040d02) (0x80040d02)

Error: (10/01/2011 11:57:04 AM) (Source: Windows Search Service) (User: )
Description: The gatherer object cannot be initialized.

Context: Windows Application, SystemIndex Catalog

Details:
The object you are trying to create already exists. Try again using a different name. (HRESULT : 0x80040d02) (0x80040d02)

Error: (10/01/2011 11:54:51 AM) (Source: Windows Search Service) (User: )
Description: The index cannot be initialized.

Details:
The object you are trying to create already exists. Try again using a different name. (HRESULT : 0x80040d02) (0x80040d02)

Error: (10/01/2011 11:54:51 AM) (Source: Windows Search Service) (User: )
Description: The application cannot be initialized.

Context: Windows Application

Details:
The object you are trying to create already exists. Try again using a different name. (HRESULT : 0x80040d02) (0x80040d02)


System errors:
=============
Error: (10/01/2011 01:15:44 PM) (Source: Service Control Manager) (User: )
Description: The Secunia Update Agent service failed to start due to the following error:
%%2

Error: (10/01/2011 01:15:43 PM) (Source: Service Control Manager) (User: )
Description: The Secunia Update Agent service failed to start due to the following error:
%%2

Error: (10/01/2011 01:15:43 PM) (Source: Service Control Manager) (User: )
Description: The Secunia Update Agent service failed to start due to the following error:
%%2

Error: (10/01/2011 01:15:42 PM) (Source: Service Control Manager) (User: )
Description: The Secunia Update Agent service failed to start due to the following error:
%%2

Error: (10/01/2011 01:15:42 PM) (Source: Service Control Manager) (User: )
Description: The Secunia Update Agent service failed to start due to the following error:
%%2

Error: (10/01/2011 01:15:41 PM) (Source: Service Control Manager) (User: )
Description: The Secunia Update Agent service failed to start due to the following error:
%%2

Error: (10/01/2011 01:15:41 PM) (Source: Service Control Manager) (User: )
Description: The Secunia Update Agent service failed to start due to the following error:
%%2

Error: (10/01/2011 01:15:40 PM) (Source: Service Control Manager) (User: )
Description: The Secunia Update Agent service failed to start due to the following error:
%%2

Error: (10/01/2011 01:15:40 PM) (Source: Service Control Manager) (User: )
Description: The Secunia Update Agent service failed to start due to the following error:
%%2

Error: (10/01/2011 01:15:39 PM) (Source: Service Control Manager) (User: )
Description: The Secunia Update Agent service failed to start due to the following error:
%%2


Microsoft Office Sessions:
=========================
Error: (10/01/2011 01:11:30 PM) (Source: Windows Search Service)(User: )
Description: Details:
The object you are trying to create already exists. Try again using a different name. (HRESULT : 0x80040d02) (0x80040d02)

Error: (10/01/2011 01:11:30 PM) (Source: Windows Search Service)(User: )
Description: Context: Windows Application

Details:
The object you are trying to create already exists. Try again using a different name. (HRESULT : 0x80040d02) (0x80040d02)

Error: (10/01/2011 01:11:30 PM) (Source: Windows Search Service)(User: )
Description: Context: Windows Application, SystemIndex Catalog

Details:
The object you are trying to create already exists. Try again using a different name. (HRESULT : 0x80040d02) (0x80040d02)

Error: (10/01/2011 00:56:28 PM) (Source: BackItUp5)(User: )
Description: Backup failed.

Error: (10/01/2011 00:56:28 PM) (Source: BackItUp5)(User: )
Description: Job execution failed because the selected target (K:\) for job (Roman's Computer Local Autobackup) does not exist or is not accessible.

Error: (10/01/2011 11:57:04 AM) (Source: Windows Search Service)(User: )
Description: Details:
The object you are trying to create already exists. Try again using a different name. (HRESULT : 0x80040d02) (0x80040d02)

Error: (10/01/2011 11:57:04 AM) (Source: Windows Search Service)(User: )
Description: Context: Windows Application

Details:
The object you are trying to create already exists. Try again using a different name. (HRESULT : 0x80040d02) (0x80040d02)

Error: (10/01/2011 11:57:04 AM) (Source: Windows Search Service)(User: )
Description: Context: Windows Application, SystemIndex Catalog

Details:
The object you are trying to create already exists. Try again using a different name. (HRESULT : 0x80040d02) (0x80040d02)

Error: (10/01/2011 11:54:51 AM) (Source: Windows Search Service)(User: )
Description: Details:
The object you are trying to create already exists. Try again using a different name. (HRESULT : 0x80040d02) (0x80040d02)

Error: (10/01/2011 11:54:51 AM) (Source: Windows Search Service)(User: )
Description: Context: Windows Application

Details:
The object you are trying to create already exists. Try again using a different name. (HRESULT : 0x80040d02) (0x80040d02)


=========================== Installed Programs ============================

Acronis Drive Monitor (Version: 1.0.566)
ActiveCheck component for HP Active Support Library (Version: 3.0.0.2)
Adobe AIR (Version: 2.0.4.13090)
Adobe AIR (Version: 2.6.0.19140)
Adobe AIR (Version: 2.7.1.19610)
Adobe Flash Player 10 ActiveX (Version: 10.3.183.10)
Adobe Flash Player 10 Plugin (Version: 10.3.183.10)
Adobe Photoshop Elements 6.0 (Version: 6.0)
Adobe Photoshop Elements 8.0 (Version: 8.0)
Adobe Reader 9.4.2 (Version: 9.4.2)
Adobe Shockwave Player 11.5 (Version: 11.5.8.612)
Advanced Registry Optimizer (Version: 5.0)
Advertising Center (Version: 0.0.0.2)
AM-DeadLink 4.3 (Version: 4.3)
Apple Application Support (Version: 1.0.1)
Apple Application Support (Version: 1.5.0)
Apple Application Support (Version: 1.5.1)
Apple Application Support (Version: 2.0.1)
Apple Mobile Device Support (Version: 3.4.0.25)
Apple Mobile Device Support (Version: 3.4.1.2)
Apple Software Update (Version: 2.1.2.120)
Apple Software Update (Version: 2.1.3.127)
ArcSoft PhotoImpression 6 (Version: 6)
Ask Toolbar (Version: 1.6.13.0)
Auslogics Duplicate File Finder (Version: version 2.0)
Belarc Advisor 8.1
Bell Internet Check-up
Bell Internet Security Services (Version: 9.0.40)
Bell Internet Service Advisor 3.5.15 (Version: 3.5.15)
Bonjour (Version: 2.0.4.0)
Bonjour (Version: 2.0.5.0)
Bonjour (Version: 3.0.0.2)
CameraHelperMsi (Version: 13.10.1217.0)
Click to Call with Skype (Version: 5.6.8153)
ContentHD (Version: 1.00.0002)
Contents (Version: 1.6.1.98)
Corel Painter Essentials 4 (Version: 4.2)
Corel Painter Photo Essentials 4 (Version: 4.1)
Corel PaintShop Photo Pro X3 (Version: 1.00.0000)
Corel PaintShop Photo Pro X3 (Version: 1.6.1.98)
D3DX10 (Version: 15.4.2368.0902)
DeviceIO (Version: 1.6.1.98)
DirectX 9 Runtime (Version: 1.00.0000)
EPSON CX7400 User's Guide
EPSON Printer Software
EPSON Scan
EPSON Stylus CX7400 Series Scanner Driver Update
erLT (Version: 1.20.138.34)
Google Earth (Version: 5.1.7894.7252)
Google Earth (Version: 6.0.1.2032)
Google Toolbar for Internet Explorer (Version: 1.0.0)
Google Update Helper (Version: 1.2.183.39)
High-Definition Video Playback (Version: 7.1.13900.47.0)
High-Definition Video Playback (Version: 7.3.10800.5.0)
HP Active Support Library (Version: 2.0.12.1)
HP Active Support Library 32 bit components (Version: 2.1.0)
HP Customer Experience Enhancements (Version: 5.2.0.2296)
HP Customer Feedback (Version: 1.0.0)
HP Easy Setup - Frontend (Version: 5.2.0.2304)
HP On-Screen Cap/Num/Scroll Lock Indicator
HP Photosmart Essential 2.01 (Version: 2.01)
HP Photosmart Essential2.01 (Version: 1.01.0000)
HP Picasso Media Center Add-In (Version: 1.0.0)
HP Product Detection (Version: 9.7.3)
HP Total Care Advisor (Version: 1.2.13)
HP Update (Version: 5.001.000.014)
HPAsset component for HP Active Support Library (Version: 3.0.0.3)
HTC BMP USB Driver (Version: 1.0.5375)
HTC Driver Installer (Version: 3.0.0.013)
HTC Sync (Version: 3.0.5579)
ICA (Version: 1.6.1.98)
Image Resizer Powertoy Clone for Windows (Version: 2.1)
ImagXpress (Version: 7.0.74.0)
Intel® Graphics Media Accelerator Driver
Intel® Network Connections Drivers
Intel® Viiv™ Software (Version: 1.6.361.6)
IPM_PSP_Pro (Version: 1.00.0000)
ITE 8212 Controller (Version: 1.00.0000)
iTunes (Version: 10.2.0.34)
iTunes (Version: 10.2.2.12)
iTunes (Version: 10.4.1.10)
Jasc Paint Shop Pro 8 (Version: 8.00.0000)
Java Auto Updater (Version: 2.0.3.1)
Java™ 6 Update 22 (Version: 6.0.220)
Java™ 6 Update 24 (Version: 6.0.240)
Java™ 7 (Version: 7.0.0)
Java™ SE Runtime Environment 6 Update 1 (Version: 1.6.0.10)
jv16 PowerTools 2011 (Version: )
LAME v3.98.2 for Audacity
Licensing Service Install (Version: 2.0.1.181)
LightScribe 1.8.15.1 (Version: 1.8.15.1)
LightScribe System Software (Version: 1.18.8.1)
Logitech Vid HD (Version: 7.2 (7240))
Logitech Webcam Software (Version: 2.0)
LWS Facebook (Version: 13.10.1216.0)
LWS Gallery (Version: 13.10.1216.0)
LWS Help_main (Version: 13.10.1224.0)
LWS Launcher (Version: 13.10.1224.0)
LWS Motion Detection (Version: 13.10.1218.0)
LWS Pictures And Video (Version: 13.10.1218.0)
LWS Twitter (Version: 13.00.1216.0)
LWS Video Mask Maker (Version: 13.10.1216.0)
LWS VideoEffects (Version: 13.00.1774.0)
LWS Webcam Software (Version: 13.00.1774.0)
LWS WLM Plugin (Version: 1.00.1774.0)
LWS YouTube Plugin (Version: 13.10.1216.0)
Magic Bullet PhotoLooks for PaintShop Photo Pro (Version: 1.1)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Easy Assist v2 (Version: 8.1.6416.0)
Microsoft IntelliPoint 8.1 (Version: 8.15.406.0)
Microsoft IntelliPoint 8.2 (Version: 8.20.468.0)
Microsoft Office Access MUI (English) 2010 (Version: 14.0.4763.1000)
Microsoft Office Access Setup Metadata MUI (English) 2010 (Version: 14.0.4763.1000)
Microsoft Office Excel MUI (English) 2010 (Version: 14.0.4763.1000)
Microsoft Office Groove MUI (English) 2010 (Version: 14.0.4763.1000)
Microsoft Office InfoPath MUI (English) 2010 (Version: 14.0.4763.1000)
Microsoft Office OneNote MUI (English) 2010 (Version: 14.0.4763.1000)
Microsoft Office Outlook MUI (English) 2010 (Version: 14.0.4763.1000)
Microsoft Office PowerPoint MUI (English) 2010 (Version: 14.0.4763.1000)
Microsoft Office Professional Plus 2010 (Version: 14.0.4763.1000)
Microsoft Office Proof (English) 2010 (Version: 14.0.4763.1000)
Microsoft Office Proof (French) 2010 (Version: 14.0.4763.1000)
Microsoft Office Proof (Spanish) 2010 (Version: 14.0.4763.1000)
Microsoft Office Proofing (English) 2010 (Version: 14.0.4763.1000)
Microsoft Office Publisher MUI (English) 2010 (Version: 14.0.4763.1000)
Microsoft Office Shared MUI (English) 2010 (Version: 14.0.4763.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2010 (Version: 14.0.4763.1000)
Microsoft Office Word MUI (English) 2010 (Version: 14.0.4763.1000)
Microsoft Primary Interoperability Assemblies 2005 (Version: 8.0.50727.42)
Microsoft Search Enhancement Pack (Version: 3.0.133.0)
Microsoft Silverlight (Version: 4.0.60531.0)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.50727.42)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.59193)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Works (Version: 08.05.0818)
Microsoft WorldWide Telescope (Version: 2.8.15)
MLE (Version: 1.0.0.23)
Moo0 FileShredder 1.16
Mozilla Firefox 6.0.2 (x86 en-US) (Version: 6.0.2)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
MSXML 4.0 SP3 Parser (KB973685) (Version: 4.30.2107.0)
MSXML 4.0 SP3 Parser (Version: 4.30.2100.0)
muvee autoProducer 6.0 (Version: 6.00.050)
My HP Games (Version: HPCMPQ1804)
Nero 10 Creative CollectionPack 1 (Version: 10.2.10200.0.0)
Nero 10 Kwik Themes 3 (Version: 10.6.10000.1.0)
Nero 10 Kwik Themes 4 (Version: 10.6.10000.1.0)
Nero 10 Menu TemplatePack Basic (Version: 10.6.10000.0.0)
Nero 10 Movie ThemePack Basic (Version: 10.6.10000.1.0)
Nero 10 PiP EffectPack 1 (Version: 10.6.10000.0.0)
Nero 10 Video TransitionPack 1 (Version: 10.6.10000.0.0)
Nero BackItUp 10 (Version: 5.8.10400.4.100)
Nero BackItUp 10 Help (CHM) (Version: 1.0.10700)
Nero BackItUp and Burn (Version: 1.2.0017.1)
Nero Burning ROM 10 (Version: 10.6.10600.4.100)
Nero BurningROM 10 Help (CHM) (Version: 1.0.10700)
Nero BurnRights 10 (Version: 4.4.10300.1.100)
Nero BurnRights 10 Help (CHM) (Version: 1.0.10600)
Nero Control Center 10 (Version: 10.6.12600.0.5)
Nero ControlCenter 10 Help (CHM) (Version: 1.0.10700)
Nero Core Components 10 (Version: 2.0.19800.9.10)
Nero CoverDesigner 10 (Version: 5.6.10500.3.100)
Nero CoverDesigner 10 Help (CHM) (Version: 1.0.10600)
Nero DiscCopy Gadget 10 (Version: 3.6.10200.1.100)
Nero DiscCopyGadget 10 Help (CHM) (Version: 1.0.10600)
Nero DiscSpeed 10 (Version: 6.4.10400.0.100)
Nero DiscSpeed 10 Help (CHM) (Version: 1.0.10600)
Nero Dolby Files 10 (Version: 2.0.13000.0.10)
Nero Express 10 (Version: 10.6.10600.4.100)
Nero Express 10 Help (CHM) (Version: 1.0.10700)
Nero InfoTool 10 (Version: 7.4.10200.0.100)
Nero InfoTool 10 Help (CHM) (Version: 1.0.10600)
Nero Kwik Media (Version: 1.6.14200.48.100)
Nero MediaHub 10 (Version: 1.2.12900.31.100)
Nero MediaHub 10 Help (CHM) (Version: 1.0.10700)
Nero Multimedia Suite 10 (Version: 10.0.13100)
Nero Recode 10 (Version: 4.10.10600.4.100)
Nero Recode 10 Help (CHM) (Version: 1.0.10600)
Nero RescueAgent (Version: 2.6.13002)
Nero RescueAgent 10 (Version: 3.6.10500.3.100)
Nero RescueAgent 10 Help (CHM) (Version: 1.0.10700)
Nero SoundTrax 10 (Version: 4.10.10300.2.100)
Nero SoundTrax 10 Help (CHM) (Version: 1.0.10600)
Nero StartSmart 10 (Version: 10.6.10400.2.100)
Nero StartSmart 10 Help (CHM) (Version: 1.0.10700)
Nero Update (Version: 1.0.0018)
Nero Vision 10 (Version: 7.4.10800.7.100)
Nero Vision 10 Help (CHM) (Version: 1.0.10600)
Nero WaveEditor 10 (Version: 5.10.10400.3.100)
Nero WaveEditor 10 Help (CHM) (Version: 1.0.10600)
neroxml (Version: 1.0.0)
Nikon Message Center (Version: 0.92.000)
Nikon Message Center 2 (Version: 2.0.1)
Nikon Transfer (Version: 1.0.2)
PaintShop Photo Pro X3 Registration Incentive (Version: 1.00.0000)
Palm Desktop by ACCESS (Version: 6.4.0.0)
Paragon Backup & Recovery™ 2011 (Advanced) Free (Version: 90.00.0003)
PerfectDisk 10 Professional (Version: 10.0.110)
Picture Control Utility (Version: 1.0.3)
Primo (Version: 1.00.0000)
PSPH10Pro (Version: 1.00.0000)
PSPPContent (Version: 1.00.0000)
PSPPRO_DCRAW (Version: 13.0.0)
PSSWCORE (Version: 2.01.0000)
PureHD (Version: 1.6.1.98)
Python 2.5 (Version: 2.5.150)
QuickTime (Version: 7.69.80.9)
QuickTime (Version: 7.70.80.34)
Rapport (Version: 3.5.1105.59)
RealNetworks - Microsoft Visual C++ 2008 Runtime (Version: 9.0)
RealPlayer
Realtek High Definition Audio Driver (Version: 6.0.1.5910)
RealUpgrade 1.1 (Version: 1.1.0)
Recuva (Version: 1.39)
Revo Uninstaller 1.91 (Version: 1.91)
Rhapsody Player Engine (Version: 1.0.604)
Roxio Activation Module (Version: 1.0)
Roxio BackOnTrack (Version: 1.3.1)
Roxio Burn (Version: 1.0.0)
Roxio CinePlayer (Version: 5.3)
Roxio CinePlayer Decoder Pack (Version: 4.3.0)
Roxio Creator 2010 (Version: 1.2.193)
Roxio Creator 2010 (Version: 12.0)
Roxio Creator 2010 (Version: 5.0.0)
Roxio Creator 2010 Content (Version: 12.0.013)
Roxio File Backup (Version: 1.3.0)
Roxio PhotoShow (Version: 6.0)
Roxio Video Capture USB (Version: 1.22.0000)
RPS CRT (Version: 8.0.34)
RPS CRT (Version: 9.0.40)
RPS PerfectDiskStub (Version: 9.0.40)
RPS RpsCore (Version: 9.0.40)
Secunia PSI (2.0.0.3001)
Setup (Version: 1.6.1.98)
Share (Version: 1.6.1.98)
Skype™ 5.1 (Version: 5.1.112)
Skype™ 5.3 (Version: 5.3.111)
Skype™ 5.5 (Version: 5.5.114)
SmartSound Quicktracks Plugin (Version: 3.0.8.0)
Spelling Dictionaries Support For Adobe Reader 9 (Version: 9.0.0)
SpywareBlaster 4.4 (Version: 4.4.0)
SUPERAntiSpyware (Version: 5.0.1128)
swMSM (Version: 12.0.0.1)
USB2.0 Capture Device (Version: 1.0.3.0)
Veetle TV 0.9.18 (Version: 0.9.18)
VideoToolkit01 (Version: 90.0.146.000)
ViewNX (Version: 1.0.3)
ViewNX 2 (Version: 2.1.1)
VIO (Version: 1.6.1.98)
Visual C++ 2008 x86 Runtime - (v9.0.30729) (Version: 9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01 (Version: 9.0.30729.01)
vShare Plugin
vShare.tv plugin 1.3 (Version: 1.3)
Watch Football TV (Version: 1.0.1)
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0)
Windows Live PIMT Platform (Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (Version: 15.4.3502.0922)
Windows Media Encoder 9 Series
Windows Media Encoder 9 Series (Version: 9.00.2980)
Windows Media Player Firefox Plugin (Version: 1.0.0.8)
Yahoo! Detect
Yahoo! Search Protection
Yahoo! Software Update
Yahoo! Toolbar
YouTube Downloader 2.7
YouTube Downloader Toolbar v4.6 (Version: 4.6)

========================= Memory info: ===================================

Percentage of memory in use: 77%
Total physical RAM: 3062.3 MB
Available physical RAM: 701.11 MB
Total Pagefile: 6122.89 MB
Available Pagefile: 3460.35 MB
Total Virtual: 2047.88 MB
Available Virtual: 1965.44 MB

========================= Partitions: =====================================

1 Drive c: (HP) (Fixed) (Total:292.24 GB) (Free:206.19 GB) NTFS
2 Drive d: (FACTORY_IMAGE) (Fixed) (Total:5.85 GB) (Free:0.8 GB) NTFS

========================= Users: ========================================

User accounts for \\ROMANSCOMPUT-PC

Administrator Guest IUSR_NMPR
Roman's Computer


**** End of log ****
Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 7842

Windows 6.1.7601 Service Pack 1
Internet Explorer 8.0.7601.17514

10/01/11 1:53:54 PM
mbam-log-2011-10-01 (13-53-54).txt

Scan type: Quick scan
Objects scanned: 233283
Time elapsed: 7 minute(s), 22 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2011-10-01 15:00:52
Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 ST3320820AS rev.3.CHL
Running: nuewvf57.exe; Driver: C:\Users\ROMAN'~1\AppData\Local\Temp\kfkdakog.sys


---- System - GMER 1.0.15 ----

SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwAssignProcessToJobObject [0x92271FC0]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwCreateFile [0x92272A56]
SSDT \??\C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\29574\RapportCerberus32_29574.sys ZwCreateThreadEx [0x8BB10190]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwDeleteFile [0x92272BD4]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwDeleteKey [0x9227627C]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwDeleteValueKey [0x922762AE]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwLoadKey [0x92276410]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwOpenFile [0x92272B2C]
SSDT \??\C:\Program Files\Bell\Bell Internet Security Services\AVG\Identity Protection\agent\drivers\AVGIDSShim.sys ZwOpenProcess [0x8CD67620]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwOpenThread [0x922722F6]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwProtectVirtualMemory [0x92272428]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwQueryValueKey [0x92276386]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwRenameKey [0x922762F0]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwReplaceKey [0x92276322]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwRestoreKey [0x92276354]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwSetContextThread [0x92271F66]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwSetInformationFile [0x92272C40]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwSetValueKey [0x92276214]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwSuspendThread [0x92271F02]
SSDT \??\C:\Program Files\Bell\Bell Internet Security Services\AVG\Identity Protection\agent\drivers\AVGIDSShim.sys ZwTerminateProcess [0x8CD676D0]
SSDT \??\C:\Program Files\Bell\Bell Internet Security Services\AVG\Identity Protection\agent\drivers\AVGIDSShim.sys ZwTerminateThread [0x8CD67770]
SSDT \??\C:\Program Files\Bell\Bell Internet Security Services\AVG\Identity Protection\agent\drivers\AVGIDSShim.sys ZwWriteVirtualMemory [0x8CD67810]

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwSaveKey + 13D1 83088349 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 830C1D52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text ntkrnlpa.exe!KeRemoveQueueEx + 1153 830C8E08 4 Bytes [C0, 1F, 27, 92] {RCR BYTE [EDI], 0x27; XCHG EDX, EAX}
.text ntkrnlpa.exe!KeRemoveQueueEx + 11AF 830C8E64 4 Bytes [56, 2A, 27, 92] {PUSH ESI; SUB AH, [EDI]; XCHG EDX, EAX}
.text ntkrnlpa.exe!KeRemoveQueueEx + 1207 830C8EBC 4 Bytes [90, 01, B1, 8B]
.text ntkrnlpa.exe!KeRemoveQueueEx + 123F 830C8EF4 8 Bytes [D4, 2B, 27, 92, 7C, 62, 27, ...] {AAM 0x2b; DAA ; XCHG EDX, EAX; JL 0x68; DAA ; XCHG EDX, EAX}
.text ntkrnlpa.exe!KeRemoveQueueEx + 124F 830C8F04 4 Bytes [AE, 62, 27, 92] {SCASB ; BOUND ESP, [EDI]; XCHG EDX, EAX}
.text ...

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe[968] ntdll.dll!KiUserApcDispatcher 77F06F58 5 Bytes JMP 00414DC0 C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe (RapportMgmtService/Trusteer Ltd.)
.text C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe[968] WS2_32.dll!getaddrinfo 76224296 5 Bytes JMP 71A40022
.text C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe[968] WS2_32.dll!gethostbyname 76237673 5 Bytes JMP 71AD0022
.text C:\Program Files\Real\RealPlayer\Update\realsched.exe[3284] kernel32.dll!SetUnhandledExceptionFilter 762AF4FB 5 Bytes [33, C0, C2, 04, 00] {XOR EAX, EAX; RET 0x4}

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Windows\Explorer.EXE[492] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [75292437] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[492] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [75275600] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[492] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [752756BE] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[492] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [752924B2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[492] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [75288514] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[492] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [75284CC8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[492] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [7528506F] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[492] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [75285144] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[492] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromHBITMAP] [75286671] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[492] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [7528826B] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[492] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [752887BA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[492] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [7528901B] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[492] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [7528E1BE] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[492] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [75284BFA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Program Files\Roxio 2010\Roxio Burn\RoxioBurnLauncher.exe[3412] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [75E5FFF6] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\Roxio 2010\Roxio Burn\RoxioBurnLauncher.exe[3412] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [75E5FFF6] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\Roxio 2010\Roxio Burn\RoxioBurnLauncher.exe[3412] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [75E5FFF6] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\Roxio 2010\Roxio Burn\RoxioBurnLauncher.exe[3412] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [75E5FFF6] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[5240] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [75E5FFF6] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[5240] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [75E5FFF6] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[5240] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [75E5FFF6] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[5240] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [75E5FFF6] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[5240] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!GetProcAddress] [75E5FFF6] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[5240] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [75E5FFF6] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[5240] @ C:\Windows\system32\secur32.dll [KERNEL32.dll!GetProcAddress] [75E5FFF6] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----

#4 jntkwx

jntkwx

  • Malware Response Team
  • 4,339 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New England, U.S.A.
  • Local time:04:39 AM

Posted 01 October 2011 - 02:25 PM

Hi visoki,

When you say all of your file extensions are .lnk, do you mean ALL of them? Are there certain files that you are unable to open successfully because they are changed to .lnk?
Regards,
Jason

 

Simple and easy ways to keep your computer safe and secure on the Internet

If I am helping you and have not returned in 48 hours, please feel free to send me a PM with a link to the topic.
My help is free... however, if you wish to show appreciation and support me personally fighting against malware, please consider a donation: btn_donate_SM.gif


#5 visoki

visoki
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:03:39 AM

Posted 01 October 2011 - 02:56 PM

All my files have ext. Lnk und cannot be open but I can open my email's and browsers

#6 jntkwx

jntkwx

  • Malware Response Team
  • 4,339 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New England, U.S.A.
  • Local time:04:39 AM

Posted 01 October 2011 - 03:08 PM

Hi visoki,

1. Download this file: http://www.winhelponline.com/fileasso/lnk_fix_w7.zip

2. Unzip the file and extract the .REG file to Desktop.

3. Right-click the REG file and choose Merge.

Note that you need to be an administrator to apply these fixes.
Regards,
Jason

 

Simple and easy ways to keep your computer safe and secure on the Internet

If I am helping you and have not returned in 48 hours, please feel free to send me a PM with a link to the topic.
My help is free... however, if you wish to show appreciation and support me personally fighting against malware, please consider a donation: btn_donate_SM.gif


#7 visoki

visoki
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:03:39 AM

Posted 02 October 2011 - 09:20 AM

unable to unzip the file, when I try to unzip my monitor start to blink and I have to restart my computer. Thank you for your help

#8 jntkwx

jntkwx

  • Malware Response Team
  • 4,339 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New England, U.S.A.
  • Local time:04:39 AM

Posted 02 October 2011 - 05:05 PM

Hi visoki,

With the information you have provided I believe you will need help from the malware removal team. I would like you to start a new thread HERE and include a link to this thread. Please make sure that you read the information about getting started before you start your thread.

It would be helpful if you post a note here once you have completed the steps in the guide and have started your topic in malware removal. Good luck and please be patient. There is currently a large backlog of people being helped. It may take several days for someone to respond.
Regards,
Jason

 

Simple and easy ways to keep your computer safe and secure on the Internet

If I am helping you and have not returned in 48 hours, please feel free to send me a PM with a link to the topic.
My help is free... however, if you wish to show appreciation and support me personally fighting against malware, please consider a donation: btn_donate_SM.gif


#9 visoki

visoki
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:03:39 AM

Posted 04 October 2011 - 06:59 AM

Thank you for your replay. I make new posting in Virus, Trojan, Spyware and Malware Forum

#10 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 36,947 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:04:39 AM

Posted 06 October 2011 - 02:09 AM

Hello,

Now that you have posted a log here: http://www.bleepingcomputer.com/forums/topic421824.html you should NOT make further changes to your computer (install/uninstall programs, use special fix tools, delete files, edit the registry, etc) unless advised by a MRT Team member, nor should you ask for help elsewhere. Doing so can result in system changes which may not show in the log you already posted. Further, any modifications you make on your own may cause confusion for the helper assisting you and could complicate the malware removal process which would extend the time it takes to clean your computer.

From this point on the MRT Team should be the only members that you take advice from, until they have verified your log as clean.

Please be patient. It may take a while to get a response because the MRT Team members are EXTREMELY busy working logs posted before yours. They are volunteers who will help you out as soon as possible. Once you have made your post and are waiting, please DO NOT make another reply until it has been responded to by a member of the MRT Team. Generally the staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response there will be 1 reply. A team member, looking for a new log to work may assume another MRT Team member is already assisting you and not open the thread to respond.

Please be patient. It may take several days to get a response but your log will be reviewed and answered as soon as possible. I advise checking your topic once a day for responses as the e-mail notification system is unreliable.

If HelpBot replies to your topic, PLEASE follow Step One so it will report your topic to the team members.

To avoid confusion, I am closing this topic. Good luck with your log.

Orange Blossom :cherry:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users