Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google Redirect


  • This topic is locked This topic is locked
20 replies to this topic

#1 codamasa7

codamasa7

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:10:06 AM

Posted 26 December 2011 - 05:11 PM

I am running Windows 7 and have been fighting this one off and on for 6 months. Most recently, I had the System Fix Virus and was able to remove it. I have not been able to run TDSS and keep getting the google redirects on my browser. Additionally, I reset the router and created a new password. I am now unable to access the router because it types the wrong password in. For instance, I type the first letter, and four asteriks appear in the password box. I am attaching the two logs fromm DDS (which took longer than the three minutes).

Thanks in advance. Any help is greatly appreciated.

Attach log

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 3/4/2011 4:54:06 PM
System Uptime: 12/26/2011 1:53:16 PM (3 hours ago)
.
Motherboard: Dell Inc. | | 0C2KJT
Processor: Intel® Core™ i5 CPU 650 @ 3.20GHz | CPU 1 | 3201/133mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 918 GiB total, 802.674 GiB free.
D: is CDROM ()
E: is Removable
F: is Removable
G: is Removable
H: is Removable
I: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP83: 12/16/2011 7:58:18 PM - Windows 7 Service Pack 1
RP84: 12/18/2011 10:54:18 AM - Installed Java™ SE Development Kit 7 Update 2 (64-bit)
RP85: 12/18/2011 10:56:50 AM - Installed Java™ 7 Update 2 (64-bit)
RP86: 12/18/2011 10:58:18 AM - Installed JavaFX 2.0.2 SDK (64-bit)
RP87: 12/18/2011 10:59:47 AM - Installed JavaFX 2.0.2 (64-bit)
RP88: 12/18/2011 11:02:27 AM - Removed Java™ 6 Update 23
RP89: 12/18/2011 11:04:19 AM - Removed Java™ 6 Update 23 (64-bit)
RP90: 12/18/2011 11:05:19 AM - Removed Java™ 6 Update 23 (64-bit)
RP91: 12/18/2011 11:08:12 AM - Removed Adobe Reader 9.4.7.
RP92: 12/26/2011 7:58:33 AM - Installed iTunes
.
==== Installed Programs ======================
.
Apple Application Support
Apple Software Update
ASIO4ALL
Bing Bar
Bing Rewards Client Installer
Citrix Presentation Server Client - Web Only
Consumer In-Home Service Agreement
CPS FirstClass Client v9.012f
D3DX10
Dell DataSafe Local Backup
Dell DataSafe Local Backup - Support Software
Dell DataSafe Online
Dell Getting Started Guide
Dell MusicStage
Dell PhotoStage
Dell Stage
Dell VideoStage
DirectX 9 Runtime
Download Updater (AOL LLC)
eBay
ESET Online Scanner v3
Facebook Video Calling 1.0.0.8953
Family Protection
FirstClass® Client
FL Studio 10
flexxCOACH Pro Hockey Drill Designer
Game Cam 2.6.1.0
Game Cam XPress 2.6.0
GKLauncher
Google Toolbar for Internet Explorer
Google Update Helper
GoToAssist 8.0.0.514
H&R Block Deluxe + Efile + State 2010
H&R Block Massachusetts 2010
HyperCam 2
Hyperionics DB Toolbar
IHA_MessageCenter
IL Download Manager
Intel® Graphics Media Accelerator Driver
Internet Explorer
Junk Mail filter update
LMMS 0.4.10
LogMeIn Hamachi
Malwarebytes' Anti-Malware version 1.51.2.1300
McAfee Security Scan Plus
McAfee SecurityCenter
Mesh Runtime
Messenger Companion
Microsoft Office 2010
Microsoft Office Click-to-Run 2010
Microsoft Office Starter 2010 - English
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable - KB2467175
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
Mozilla Firefox 8.0 (x86 en-US)
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Multimedia Card Reader
Pdf995 (installed by H&R Block)
PdfEdit995 (installed by H&R Block)
Photodex Presenter
PhotoShowExpress
ProShow Gold
QuickTime
Realtek High Definition Audio Driver
Roxio Activation Module
Roxio BackOnTrack
Roxio Burn
Roxio Creator Starter
Roxio Express Labeler 3
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Skype Toolbars
Skype™ 5.1
Sonic CinePlayer Decoder Pack
Spelling Dictionaries Support For Adobe Reader 9
Spotify
swMSM
TaxACT 2010
TI Connect 1.6
TrustedID
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
VirtualDJ Home FREE
Vz In Home Agent
WildTangent Games
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live Messenger Companion Core
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Windows Movie Maker 2.6
YouTube Downloader 2.7
ZillaTube 4.3
.
==== Event Viewer Messages From Past Week ========
.
12/26/2011 7:37:01 AM, Error: VDS Basic Provider [1] - Unexpected failure. Error code: D@01010004
12/26/2011 4:41:52 PM, Error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume .
12/26/2011 2:24:35 PM, Error: Service Control Manager [7003] - The McAfee Personal Firewall Service service depends the following service: MpsSvc. This service might not be installed.
12/26/2011 12:57:25 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {8BC3F05E-D86B-11D0-A075-00C04FB68820} and APPID {8BC3F05E-D86B-11D0-A075-00C04FB68820} to the user Basement-PC\Guest SID (S-1-5-21-2849898473-3246004406-1745184594-501) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
12/26/2011 10:51:46 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SftService service.
12/26/2011 1:56:44 PM, Error: Schannel [36888] - The following fatal alert was generated: 10. The internal error state is 10.
12/26/2011 1:56:17 PM, Error: Service Control Manager [7024] - The HomeGroup Listener service terminated with service-specific error %%-2147023143.
12/26/2011 1:56:09 PM, Error: Service Control Manager [7001] - The MBAMService service depends on the MBAMProtector service which failed to start because of the following error: The system cannot find the file specified.
12/26/2011 1:56:09 PM, Error: Service Control Manager [7000] - The MBAMProtector service failed to start due to the following error: The system cannot find the file specified.
12/26/2011 1:53:43 PM, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service.
12/26/2011 1:53:40 PM, Error: Service Control Manager [7003] - The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.
12/26/2011 1:53:39 PM, Error: Service Control Manager [7003] - The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.
12/26/2011 1:49:13 PM, Error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
12/22/2011 8:35:56 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the LogMeIn Hamachi Tunneling Engine service to connect.
12/22/2011 8:35:56 PM, Error: Service Control Manager [7000] - The LogMeIn Hamachi Tunneling Engine service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
12/22/2011 8:35:27 PM, Error: Service Control Manager [7030] - The LogMeIn Hamachi Tunneling Engine service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
12/19/2011 6:41:08 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.
.
==== End Of File ===========================

DDS log

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7600.16385
Run by Basement at 16:48:35 on 2011-12-26
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.5943.1908 [GMT -5:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Internet Content Filter\UpdateService.exe
C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
C:\Program Files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe
C:\Windows\system32\mfevtps.exe
C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe
C:\Program Files (x86)\Photodex\ProShowGold\ScsiAccess.exe
C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\SysWOW64\svchost.exe -k svcboot_yamoasebs
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\taskhost.exe
C:\Windows\SysWOW64\svchost.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe
C:\Program Files (x86)\Internet Content Filter\mfp.exe
C:\Windows\system32\rundll32.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe
C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe
C:\Program Files\mcafee.com\agent\mcagent.exe
C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Windows\system32\SearchIndexer.exe
"C:\Windows\SysWOW64\svchost.exe"
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
c:\PROGRA~1\mcafee.com\agent\McUpdate.exe
c:\PROGRA~1\mcafee\msc\mcupdmgr.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\REGSVR32.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://www.bigseekpro.com/hypercam/{8138FD8B-E0F0-4DB9-9149-025186719C54}
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: ToolbarURLSearchHook Class: {ca3eb689-8f09-4026-aa10-b9534c691ce0} - C:\Program Files (x86)\Hyperionics DB Toolbar\tbhelper.dll
mWinlogon: Userinit=userinit.exe,
BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20111222044339.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7018.1622\swg.dll
BHO: WOT Helper: {c920e44a-7f78-4e64-bdd7-a57026e7feb7} - C:\Program Files (x86)\WOT\WOT.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: SMTTB2009 Class: {fcbccb87-9224-4b8d-b117-f56d924beb18} - C:\Program Files (x86)\Hyperionics DB Toolbar\tbcore3.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
TB: Hyperionics DB Toolbar: {338b4dfe-2e2c-4338-9e41-e176d497299e} - C:\Program Files (x86)\Hyperionics DB Toolbar\tbcore3.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: WOT: {71576546-354d-41c9-aae8-31f2ec22bf0d} - C:\Program Files (x86)\WOT\WOT.dll
uRun: [EPSON Stylus Photo R1800] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATI9LA.EXE /FU "C:\Windows\TEMP\E_S6698.tmp" /EF "HKCU"
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
uRun: [Facebook Update] "C:\Users\Basement\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
uRun: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
mRun: [ShwiconXP9106] C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe
mRun: [Dell DataSafe Online] C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe
mRun: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
mRun: [<NO NAME>]
mRun: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe"
mRun: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe"
mRun: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [ICF] "C:\Program Files (x86)\Internet Content Filter\mfp.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MCAFEE~1.LNK - C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
LSP: C:\Windows\SYSWOW64\icf.dll
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{EBAA73C7-8578-4647-ADF2-1AD78350B863} : DhcpNameServer = 192.168.1.1
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\PROGRA~2\McAfee\msc\McSnIePl.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
Handler: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files (x86)\WOT\WOT.dll
BHO-X64: McAfee Phishing Filter: {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\progra~1\mcafee\msk\mskapbho.dll
BHO-X64: McAfee Phishing Filter - No File
BHO-X64: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20111222044339.dll
BHO-X64: scriptproxy - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO-X64: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7018.1622\swg.dll
BHO-X64: WOT Helper: {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Program Files (x86)\WOT\WOT.dll
BHO-X64: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: SMTTB2009 Class: {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files (x86)\Hyperionics DB Toolbar\tbcore3.dll
BHO-X64: SMTTB2009 - No File
TB-X64: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
TB-X64: Hyperionics DB Toolbar: {338B4DFE-2E2C-4338-9E41-E176D497299E} - C:\Program Files (x86)\Hyperionics DB Toolbar\tbcore3.dll
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB-X64: WOT: {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files (x86)\WOT\WOT.dll
mRun-x64: [ShwiconXP9106] C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe
mRun-x64: [Dell DataSafe Online] C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe
mRun-x64: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
mRun-x64: [(Default)]
mRun-x64: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe"
mRun-x64: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe"
mRun-x64: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [ICF] "C:\Program Files (x86)\Internet Content Filter\mfp.exe"
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Basement\AppData\Roaming\Mozilla\Firefox\Profiles\3ppy1v4q.default\
FF - plugin: c:\progra~2\mcafee\msc\npMcSnFFPl.dll
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.dll
FF - plugin: C:\Program Files (x86)\Photodex Presenter\npPxPlay.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Basement\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
---- FIREFOX POLICIES ----
FF - user.js: network.protocol-handler.warn-external.dnupdate - false
============= SERVICES / DRIVERS ===============
.
R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\system32\drivers\mfehidk.sys --> C:\Windows\system32\drivers\mfehidk.sys [?]
R0 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\system32\drivers\mfewfpk.sys --> C:\Windows\system32\drivers\mfewfpk.sys [?]
R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
R1 mfenlfk;McAfee NDIS Light Filter;C:\Windows\system32\DRIVERS\mfenlfk.sys --> C:\Windows\system32\DRIVERS\mfenlfk.sys [?]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2011-8-11 140672]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2010-10-20 821664]
R2 fpUpdateSvc;Family Protection Update Service;C:\Program Files (x86)\Internet Content Filter\UpdateService.exe [2011-8-28 235024]
R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe [2011-8-15 2329480]
R2 IHA_MessageCenter;IHA_MessageCenter;C:\Program Files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe [2011-7-1 151552]
R2 McNaiAnn;McAfee VirusScan Announcer;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2011-5-31 249936]
R2 McProxy;McAfee Proxy Service;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2011-5-31 249936]
R2 McShield;McAfee McShield;C:\Program Files\Common Files\mcafee\systemcore\mcshield.exe [2011-2-23 199272]
R2 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe [2011-2-23 208536]
R2 mfevtp;McAfee Validation Trust Protection Service;"C:\Windows\system32\mfevtps.exe" --> C:\Windows\system32\mfevtps.exe [?]
R2 NOBU;Dell DataSafe Online;C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe [2010-8-25 2823000]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2010-9-14 508264]
R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2011-2-23 705856]
R2 svcboot_yamoasebs;svcboot_yamoasebs;C:\Windows\system32\svchost.exe -k svcboot_yamoasebs [2009-7-13 20992]
R3 HECIx64;Intel® Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
R3 IntcDAud;Intel® Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys --> C:\Windows\system32\DRIVERS\IntcDAud.sys [?]
R3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;C:\Windows\system32\DRIVERS\k57nd60a.sys --> C:\Windows\system32\DRIVERS\k57nd60a.sys [?]
R3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\system32\drivers\mfeavfk.sys --> C:\Windows\system32\drivers\mfeavfk.sys [?]
R3 mfefirek;McAfee Inc. mfefirek;C:\Windows\system32\drivers\mfefirek.sys --> C:\Windows\system32\drivers\mfefirek.sys [?]
R3 Sftfs;Sftfs;C:\Windows\system32\DRIVERS\Sftfslh.sys --> C:\Windows\system32\DRIVERS\Sftfslh.sys [?]
R3 Sftplay;Sftplay;C:\Windows\system32\DRIVERS\Sftplaylh.sys --> C:\Windows\system32\DRIVERS\Sftplaylh.sys [?]
R3 Sftredir;Sftredir;C:\Windows\system32\DRIVERS\Sftredirlh.sys --> C:\Windows\system32\DRIVERS\Sftredirlh.sys [?]
R3 Sftvol;Sftvol;C:\Windows\system32\DRIVERS\Sftvollh.sys --> C:\Windows\system32\DRIVERS\Sftvollh.sys [?]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2010-9-14 219496]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 ehSched32;Windows Media Center Scheduler Service ;C:\Windows\system32\dciman3232.exe --> C:\Windows\system32\dciman3232.exe [?]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-5-15 136176]
S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-8-28 366152]
S2 McMPFSvc;McAfee Personal Firewall Service;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2011-5-31 249936]
S2 RoxWatch12;Roxio Hard Drive Watcher 12;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632]
S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-2-28 183560]
S3 cfwids;McAfee Inc. cfwids;C:\Windows\system32\drivers\cfwids.sys --> C:\Windows\system32\drivers\cfwids.sys [?]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-5-15 136176]
S3 Impcd;Impcd;C:\Windows\system32\DRIVERS\Impcd.sys --> C:\Windows\system32\DRIVERS\Impcd.sys [?]
S3 McAWFwk;McAfee Activation Service;C:\PROGRA~1\mcafee\msc\mcawfwk.exe [2011-2-23 220528]
S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
S3 mferkdet;McAfee Inc. mferkdet;C:\Windows\system32\drivers\mferkdet.sys --> C:\Windows\system32\drivers\mferkdet.sys [?]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 RoxMediaDB12OEM;RoxMediaDB12OEM;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S4 McOobeSv;McAfee OOBE Service;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2011-5-31 249936]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2011-12-26 13:01:53 -------- d-----w- C:\Program Files\iPod
2011-12-26 13:01:52 -------- d-----w- C:\Program Files\iTunes
2011-12-26 13:01:52 -------- d-----w- C:\Program Files (x86)\iTunes
2011-12-24 00:47:19 -------- d-----w- C:\Users\Basement\AppData\Local\{DDD54593-9CC0-489B-BC25-826EEB1E2BE7}
2011-12-24 00:46:55 -------- d-----w- C:\Users\Basement\AppData\Local\{7295AA3C-B493-4B6C-9E6F-C66B8153A5CA}
2011-12-24 00:42:25 -------- d-----w- C:\Users\Basement\AppData\Local\{E74108BB-F37A-41F5-A15C-6B9966274646}
2011-12-24 00:42:04 -------- d-----w- C:\Users\Basement\AppData\Local\{6EFFBBC5-65DE-4338-AA51-973926DFFF3F}
2011-12-23 01:34:00 -------- d-----w- C:\Program Files (x86)\LogMeIn Hamachi
2011-12-20 01:56:22 35712 ----a-w- C:\Windows\SysWow64\drivers\BlackBox.sys
2011-12-18 22:11:23 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2011-12-18 18:16:11 -------- d-----w- C:\Users\Basement\AppData\Local\{77DE6AF2-E2A8-47F7-B96C-AFC6FE0E75A0}
2011-12-18 18:15:46 -------- d-----w- C:\Users\Basement\AppData\Local\{24A25473-58C1-4492-8D0D-00CC542543E9}
2011-12-18 16:16:49 -------- d-----w- C:\ProgramData\SUPERSetup
2011-12-18 16:16:48 -------- d-----w- C:\Users\Basement\AppData\Roaming\SUPERAntiSpyware.com
2011-12-18 16:16:18 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com
2011-12-18 16:16:18 -------- d-----w- C:\Program Files\SUPERAntiSpyware
2011-12-18 15:58:45 -------- d-----w- C:\Program Files\Oracle
2011-12-18 15:57:29 750488 ----a-w- C:\Windows\System32\npdeployJava1.dll
2011-12-17 20:03:24 -------- d-----w- C:\Users\Basement\AppData\Local\ElevatedDiagnostics
2011-12-17 15:10:27 -------- d-----w- C:\ProgramData\Hitman Pro
2011-12-17 00:58:30 -------- d-----w- C:\Windows\System32\SPReview
2011-12-17 00:05:30 -------- d-----w- C:\Program Files (x86)\ESET
2011-12-17 00:00:24 -------- d-----w- C:\Program Files\WOT
2011-12-17 00:00:24 -------- d-----w- C:\Program Files (x86)\WOT
2011-12-16 21:17:08 -------- d-----w- C:\Users\Basement\AppData\Local\{245E6A51-2DAD-4054-AD02-ED2490935CDB}
2011-12-16 21:16:57 -------- d-----w- C:\Users\Basement\AppData\Local\{DC177339-8923-4134-937F-2E7FF4A4FADA}
2011-12-16 11:51:04 -------- d-----w- C:\Users\Basement\AppData\Local\{708145BF-9521-4CD4-B31F-F742EBCECE39}
2011-12-16 11:50:40 -------- d-----w- C:\Users\Basement\AppData\Local\{652E1654-3E19-4019-ACD4-A69F08A78B4E}
2011-12-16 02:09:36 -------- d-----w- C:\Users\Basement\AppData\Local\{56064C5B-CB25-4535-9908-CE259668F915}
2011-12-16 02:09:13 -------- d-----w- C:\Users\Basement\AppData\Local\{E9BF8F97-DC9E-4A08-A364-FD0A8FF67734}
2011-12-14 11:49:37 -------- d-----w- C:\Users\Basement\AppData\Local\{07FC4B89-7B02-49E5-AD5A-66E60CA91C05}
2011-12-14 11:49:07 -------- d-----w- C:\Users\Basement\AppData\Local\{D9F6621D-5E74-44AB-B458-FEE829B308EA}
2011-12-14 03:59:45 -------- d-----w- C:\Users\Basement\AppData\Local\{3FD60CE5-19C7-4A8B-9570-74621BF8CD4E}
2011-12-14 03:59:31 -------- d-----w- C:\Users\Basement\AppData\Local\{7609B34F-2B2C-4B18-B2DC-B1CF86C9513D}
2011-12-14 02:17:02 43520 ----a-w- C:\Windows\System32\csrsrv.dll
2011-12-14 02:15:14 3141632 ----a-w- C:\Windows\System32\win32k.sys
2011-12-14 02:15:10 723456 ----a-w- C:\Windows\System32\EncDec.dll
2011-12-14 02:15:10 534528 ----a-w- C:\Windows\SysWow64\EncDec.dll
2011-12-14 02:14:42 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2011-12-14 02:14:42 2048 ----a-w- C:\Windows\System32\tzres.dll
2011-12-13 23:27:31 0 ----a-w- C:\Users\Basement\AppData\Roaming\3ppy1v4q.default.tmp
2011-12-13 22:41:05 -------- d-----w- C:\Users\Basement\AppData\Roaming\5058
2011-12-13 21:22:44 -------- d-----w- C:\Users\Basement\AppData\Local\{28F3135D-0EB2-43EB-8B89-86B714B6D7DF}
2011-12-13 09:34:50 -------- d-----w- C:\Users\Basement\AppData\Roaming\5057
2011-12-13 02:20:25 -------- d-----w- C:\Users\Basement\AppData\Local\{69009543-FE6F-4FDA-A50C-1F671F6DE668}
2011-12-13 02:20:02 -------- d-----w- C:\Users\Basement\AppData\Local\{86B05796-CC7A-4D47-98AE-794669872786}
2011-12-12 16:59:30 -------- d-----w- C:\Users\Basement\AppData\Roaming\UAs
2011-12-12 16:58:45 -------- d-----w- C:\Users\Basement\AppData\Roaming\5056
2011-12-12 16:57:39 136 ----a-w- C:\Users\Basement\AppData\Roaming\srvblck2.tmp
2011-12-12 16:57:32 -------- d-----w- C:\Users\Basement\AppData\Roaming\xmldm
2011-12-12 16:57:31 -------- d-----w- C:\Users\Basement\AppData\Roaming\kock
2011-12-12 11:00:16 -------- d-----w- C:\Users\Basement\AppData\Local\{57088840-4729-4A8E-BBFE-90290777F0FC}
2011-12-12 10:59:55 -------- d-----w- C:\Users\Basement\AppData\Local\{EBF888D5-68BA-40C0-8115-3FF81D571B16}
2011-12-11 20:17:41 -------- d-----w- C:\Users\Basement\AppData\Local\{A63F86F1-8538-423C-954C-06B296A11CF2}
2011-12-11 20:17:19 -------- d-----w- C:\Users\Basement\AppData\Local\{46EBF371-CEF4-4F8F-A876-ECD79850B6C6}
2011-12-11 19:40:49 -------- d-----w- C:\Users\Basement\AppData\Local\{E58C0FA0-5345-4338-9D1C-E4FB87FCBC58}
2011-12-11 19:40:37 -------- d-----w- C:\Users\Basement\AppData\Local\{50EB8C26-26B8-43CB-B156-15F9139F8727}
2011-12-11 17:01:40 -------- d-----w- C:\Users\Basement\AppData\Local\{277E70F7-E534-4D6B-BB23-ABCDA948F5FC}
2011-12-11 17:01:29 -------- d-----w- C:\Users\Basement\AppData\Local\{53A7AF96-4000-42A0-AF13-36AA7C4EEE23}
2011-12-11 14:47:50 -------- d-----w- C:\Users\Basement\AppData\Local\{E37F8337-76F1-46B9-B8EC-E38C5F481962}
2011-12-11 14:47:29 -------- d-----w- C:\Users\Basement\AppData\Local\{41136BF4-ADB0-430B-B14C-2809F023E0B2}
2011-12-11 14:07:25 -------- d-----w- C:\Users\Basement\AppData\Local\{F0107868-CCBC-435F-967E-83F97D57794B}
2011-12-11 14:07:03 -------- d-----w- C:\Users\Basement\AppData\Local\{1B059591-27A8-4BAB-AD9B-996154AD40F9}
2011-12-10 19:19:07 -------- d-----w- C:\Users\Basement\AppData\Local\{DF6AD576-375A-42CF-87B7-9BA65675C838}
2011-12-10 19:18:42 -------- d-----w- C:\Users\Basement\AppData\Local\{B2AE29DB-BD38-470A-B7F2-6ECAC7C830B2}
2011-12-10 17:15:40 -------- d-----w- C:\Users\Basement\AppData\Local\{9CBD17D6-B14E-4349-A3E6-EF94AA0AB889}
2011-12-10 17:15:18 -------- d-----w- C:\Users\Basement\AppData\Local\{8FDF3E1E-E42F-4753-9101-56DB8ACF1277}
2011-12-10 00:28:21 -------- d-----w- C:\Users\Basement\AppData\Local\{431A306E-B889-44F5-8F46-481BC46F69D1}
2011-12-10 00:27:56 -------- d-----w- C:\Users\Basement\AppData\Local\{98435A91-86E9-4342-8882-341A31AA025E}
2011-12-07 22:17:41 -------- d-----w- C:\Users\Basement\AppData\Local\{1962F4B5-1F6F-437E-B0DB-3384C83E4DFD}
2011-12-07 22:17:19 -------- d-----w- C:\Users\Basement\AppData\Local\{FE478A36-B67E-47A8-9C84-2068AF4995E5}
2011-12-07 22:14:34 -------- d-----w- C:\Users\Basement\AppData\Local\{0E16F994-2AE6-4BAD-8CF0-15E76D9A65A0}
2011-12-07 22:14:10 -------- d-----w- C:\Users\Basement\AppData\Local\{F5825AF2-05D5-4CDD-9811-685C29266688}
2011-12-07 03:16:18 -------- d-----w- C:\Users\Basement\AppData\Local\{C8E30B3E-E98D-4CF5-A8F6-42E9CE7CFC61}
2011-12-07 03:15:54 -------- d-----w- C:\Users\Basement\AppData\Local\{82BAB175-0A79-4665-8F77-22673F172601}
2011-12-07 03:12:16 -------- d-----w- C:\Users\Basement\AppData\Local\{395D6ACE-565B-43BD-BD21-EF9FFDFCB17A}
2011-12-07 03:11:53 -------- d-----w- C:\Users\Basement\AppData\Local\{974B5F42-E7D2-4CF7-B9E9-5021A2B4DD01}
2011-12-04 03:17:29 -------- d-----w- C:\Users\Basement\AppData\Local\{76D252EE-1530-40FE-83A5-AF1E32BC0B9B}
2011-12-04 03:17:05 -------- d-----w- C:\Users\Basement\AppData\Local\{EC97C0FE-14E7-4EEA-AFA7-4B31ED304FFC}
2011-12-03 12:43:56 -------- d-----w- C:\Users\Basement\AppData\Local\{13C4EBA3-12D3-4EB2-B3DE-E6C74E5935C3}
2011-12-03 12:43:34 -------- d-----w- C:\Users\Basement\AppData\Local\{8A77687E-8A9D-42AE-B2C8-7E19F4CAB1B4}
2011-12-03 03:04:50 -------- d-----w- C:\Users\Basement\AppData\Local\{0953CE19-415A-450B-97F4-C062E0585C70}
2011-12-03 03:04:27 -------- d-----w- C:\Users\Basement\AppData\Local\{9AEFF5FB-F206-49AF-8BC9-B17C9F3CEDC7}
2011-12-03 03:02:48 -------- d-----w- C:\Users\Basement\AppData\Local\{AB66580D-BEB5-499F-9B86-D7FB8452CB5A}
2011-12-03 03:02:25 -------- d-----w- C:\Users\Basement\AppData\Local\{AC3DC366-3443-472A-9B3B-1CFDBD99A081}
2011-12-02 18:51:53 -------- d-----w- C:\Users\Basement\AppData\Local\{A00AB043-7A7F-49D0-BC17-22B1F0D90F7F}
2011-12-02 18:51:23 -------- d-----w- C:\Users\Basement\AppData\Local\{26FD5055-4A81-4EFA-A8EE-20D78D0C5025}
2011-12-02 01:39:40 -------- d-----w- C:\Users\Basement\AppData\Local\Spotify
2011-12-02 01:39:37 -------- d-----w- C:\Users\Basement\AppData\Roaming\Spotify
2011-12-01 03:30:53 -------- d-----w- C:\Users\Basement\AppData\Local\{9810B750-7AA9-4247-8CEF-D7D2B9BED1A2}
2011-12-01 03:30:43 -------- d-----w- C:\Users\Basement\AppData\Local\{89E14973-F8E4-4A32-832C-DDC741A6A23D}
2011-11-30 20:28:42 -------- d-----w- C:\Users\Basement\AppData\Local\{3B8E931A-83BF-4FF9-A326-36F311BCA46E}
2011-11-30 20:28:21 -------- d-----w- C:\Users\Basement\AppData\Local\{DA3531EE-B06A-4961-A107-93E8DD5E4282}
2011-11-29 12:44:33 -------- d-----w- C:\Users\Basement\AppData\Local\{3D4F3863-5E0F-41DF-9059-09CEFDBE88E7}
2011-11-29 12:44:07 -------- d-----w- C:\Users\Basement\AppData\Local\{B96702E0-D629-493D-95FA-10F4B6C802CA}
2011-11-28 22:23:39 -------- d-----w- C:\Users\Basement\AppData\Local\{57CE0989-DCF8-4523-8464-4180B5659980}
2011-11-28 22:23:28 -------- d-----w- C:\Users\Basement\AppData\Local\{70E311F2-EB9C-4328-B918-AA69D770EE83}
2011-11-28 02:06:14 -------- d-----w- C:\Windows\System32\EventProviders
2011-11-27 19:56:46 -------- d-----w- C:\Users\Basement\AppData\Local\{52802A9F-A789-4CB0-894D-7B86E4960D89}
2011-11-27 19:56:24 -------- d-----w- C:\Users\Basement\AppData\Local\{135F405E-F7DC-4969-BC02-404C2B736039}
.
==================== Find3M ====================
.
2011-12-17 01:39:41 175104 ----a-w- C:\Windows\System32\msclmd.dll
2011-12-17 01:39:41 152064 ----a-w- C:\Windows\SysWow64\msclmd.dll
2011-11-09 00:40:34 660368 ----a-w- C:\Windows\System32\deployJava1.dll
2011-11-05 05:26:29 1197568 ----a-w- C:\Windows\System32\wininet.dll
2011-11-05 05:23:10 57856 ----a-w- C:\Windows\System32\licmgr10.dll
2011-11-05 04:35:50 981504 ----a-w- C:\Windows\SysWow64\wininet.dll
2011-11-05 04:34:15 44544 ----a-w- C:\Windows\SysWow64\licmgr10.dll
2011-11-05 04:07:32 482816 ----a-w- C:\Windows\System32\html.iec
2011-11-05 03:28:41 386048 ----a-w- C:\Windows\SysWow64\html.iec
2011-11-05 03:25:44 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
2011-11-05 02:55:38 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2011-11-05 01:06:22 103720 ----a-w- C:\Users\Basement\GoToAssistDownloadHelper.exe
2011-10-18 19:32:28 161168 ----a-w- C:\Windows\System32\mfevtps.exe
2011-10-15 18:16:16 75808 ----a-w- C:\Windows\System32\drivers\mfenlfk.sys
2011-10-15 18:16:16 65264 ----a-w- C:\Windows\System32\drivers\cfwids.sys
2011-10-15 18:16:16 647080 ----a-w- C:\Windows\System32\drivers\mfehidk.sys
2011-10-15 18:16:16 481768 ----a-w- C:\Windows\System32\drivers\mfefirek.sys
2011-10-15 18:16:16 284648 ----a-w- C:\Windows\System32\drivers\mfewfpk.sys
2011-10-15 18:16:16 229528 ----a-w- C:\Windows\System32\drivers\mfeavfk.sys
2011-10-15 18:16:16 160280 ----a-w- C:\Windows\System32\drivers\mfeapfk.sys
2011-10-15 18:16:16 10248 ----a-w- C:\Windows\System32\drivers\mfeclnk.sys
2011-10-15 18:16:16 100912 ----a-w- C:\Windows\System32\drivers\mferkdet.sys
2011-09-29 16:24:44 1897328 ----a-w- C:\Windows\System32\drivers\tcpip.sys
.
============= FINISH: 16:57:28.50 ===============



Thanks again,

John

BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:06 AM

Posted 01 January 2012 - 03:04 PM

Hello and Welcome to the forums!

My name is Gringo and I'll be glad to help you with your computer problems.

Somethings to remember while we are working together.

  • Do not run any other tool untill instructed to do so!
  • please Do not Attach logs or put in code boxes.
  • Tell me about any problems that have occurred during the fix.
  • Tell me of any other symptoms you may be having as these can help also.
  • Do not run anything while running a fix.
  • Do not run any other tool untill instructed to do so!


Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 codamasa7

codamasa7
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:10:06 AM

Posted 01 January 2012 - 04:19 PM

Gringo,

Happy New Year and thanks so much for your help.

ComboFix Log


ComboFix 12-01-01.02 - Basement 01/01/2012 15:43:07.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.5943.4437 [GMT -5:00]
Running from: c:\users\Basement\Downloads\ComboFix.exe
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Install.exe
c:\users\Basement\AppData\Roaming\3ppy1v4q.default.tmp
c:\users\Basement\AppData\Roaming\AcroIEHelpe.txt
c:\users\Basement\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\System Fix.lnk
c:\users\Basement\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Fix
c:\users\Basement\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Fix\System Fix.lnk
c:\users\Basement\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Fix\Uninstall System Fix.lnk
c:\users\Basement\AppData\Roaming\srvblck2.tmp
c:\users\Basement\Desktop\Internet Explorer.lnk
c:\users\Basement\GoToAssistDownloadHelper.exe
c:\windows\assembly\temp\@
c:\windows\assembly\temp\cfg.ini
c:\windows\system32\java.exe
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_wuauserv
.
.
((((((((((((((((((((((((( Files Created from 2011-12-01 to 2012-01-01 )))))))))))))))))))))))))))))))
.
.
2012-01-01 20:50 . 2012-01-01 20:50 -------- d-----w- c:\users\Guest\AppData\Local\temp
2012-01-01 20:50 . 2012-01-01 20:50 -------- d-----w- c:\users\Guest.Basement-PC\AppData\Local\temp
2012-01-01 20:50 . 2012-01-01 20:50 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-12-31 16:48 . 2011-12-31 16:48 -------- d-----w- c:\windows\en
2011-12-31 16:44 . 2011-12-31 16:44 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-12-31 16:39 . 2011-12-31 16:39 15712 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\ba8c65e61ccc7da01\MeshBetaRemover.exe
2011-12-29 22:24 . 2011-12-29 22:24 539984 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2011-12-29 18:22 . 2011-12-29 18:22 -------- d-----w- c:\users\Basement\AppData\Local\Programs
2011-12-28 21:19 . 2011-12-28 21:22 25160 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2011-12-28 21:19 . 2011-12-28 21:19 -------- d-----w- c:\program files\Hitman Pro 3.5
2011-12-28 20:48 . 2011-12-28 20:48 -------- d-----w- c:\users\Basement\AppData\Local\Comodo
2011-12-28 20:40 . 2011-12-10 20:24 23152 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-12-28 17:32 . 2011-12-28 20:33 -------- d-----w- c:\programdata\CPA_VA
2011-12-28 17:27 . 2011-12-28 17:28 -------- d-----w- c:\programdata\Comodo
2011-12-28 17:27 . 2011-12-28 17:27 -------- d-----w- c:\program files\COMODO
2011-12-28 17:27 . 2011-12-28 17:27 -------- d-----w- c:\program files (x86)\Comodo
2011-12-28 17:27 . 2011-12-28 17:27 1700352 ----a-w- c:\windows\SysWow64\gdiplus.dll
2011-12-28 15:36 . 2011-11-28 17:51 24408 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-12-28 15:36 . 2011-11-28 17:53 304472 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-12-28 15:36 . 2011-11-28 17:52 42328 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-12-28 15:36 . 2011-11-28 17:52 58712 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-12-28 15:36 . 2011-11-28 17:54 591192 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-12-28 15:36 . 2011-11-28 18:01 256960 ----a-w- c:\windows\system32\aswBoot.exe
2011-12-28 15:36 . 2011-11-28 17:52 66904 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2011-12-28 15:35 . 2011-11-28 18:01 41184 ----a-w- c:\windows\avastSS.scr
2011-12-28 15:35 . 2011-11-28 18:01 199816 ----a-w- c:\windows\SysWow64\aswBoot.exe
2011-12-28 15:35 . 2011-12-28 15:35 -------- d-----w- c:\programdata\AVAST Software
2011-12-28 15:35 . 2011-12-28 15:35 -------- d-----w- c:\program files\AVAST Software
2011-12-27 04:51 . 2011-12-27 04:51 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-12-27 04:31 . 2011-12-27 04:31 -------- d-----w- c:\program files (x86)\Common Files\Adobe AIR
2011-12-27 04:29 . 2011-12-27 04:29 -------- d-----w- c:\program files (x86)\Common Files\Adobe
2011-12-27 03:30 . 2011-12-27 03:30 -------- d-----w- c:\windows\system32\SPReview
2011-12-26 13:01 . 2011-12-26 13:01 -------- d-----w- c:\program files\iPod
2011-12-26 13:01 . 2011-12-26 13:02 -------- d-----w- c:\program files\iTunes
2011-12-26 13:01 . 2011-12-26 13:02 -------- d-----w- c:\program files (x86)\iTunes
2011-12-26 12:42 . 2011-12-26 12:42 -------- d-----w- c:\users\Guest.Basement-PC\AppData\Local\Apple
2011-12-23 01:34 . 2011-12-23 01:34 -------- d-----w- c:\program files (x86)\LogMeIn Hamachi
2011-12-20 01:56 . 2011-12-27 04:50 35712 ----a-w- c:\windows\SysWow64\drivers\BlackBox.sys
2011-12-19 23:59 . 2011-12-19 23:59 93200 ----a-w- c:\windows\system32\drivers\inspect.sys
2011-12-19 23:59 . 2011-12-19 23:59 577824 ----a-w- c:\windows\system32\drivers\cmdGuard.sys
2011-12-19 23:59 . 2011-12-19 23:59 43248 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
2011-12-19 23:59 . 2011-12-19 23:59 22696 ----a-w- c:\windows\system32\drivers\cmderd.sys
2011-12-19 23:58 . 2011-12-19 23:58 41200 ----a-w- c:\windows\system32\cmdcsr.dll
2011-12-19 23:58 . 2011-12-19 23:58 389840 ----a-w- c:\windows\system32\guard64.dll
2011-12-19 23:58 . 2011-12-19 23:58 301224 ----a-w- c:\windows\SysWow64\guard32.dll
2011-12-18 22:11 . 2011-12-18 22:11 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-12-18 22:11 . 2011-12-18 22:11 -------- d-----w- c:\windows\system32\Macromed
2011-12-18 16:16 . 2011-12-18 16:16 -------- d-----w- c:\users\Basement\AppData\Roaming\SUPERAntiSpyware.com
2011-12-18 16:16 . 2011-12-18 16:16 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2011-12-18 15:58 . 2011-12-18 16:00 -------- d-----w- c:\program files\Oracle
2011-12-18 15:57 . 2011-11-09 00:40 750488 ----a-w- c:\windows\system32\npdeployJava1.dll
2011-12-17 20:03 . 2011-12-17 20:03 -------- d-----w- c:\users\Basement\AppData\Local\ElevatedDiagnostics
2011-12-17 15:10 . 2011-12-28 21:21 -------- d-----w- c:\programdata\Hitman Pro
2011-12-17 00:05 . 2011-12-17 00:05 -------- d-----w- c:\program files (x86)\ESET
2011-12-17 00:00 . 2011-12-17 00:00 -------- d-----w- c:\program files\WOT
2011-12-17 00:00 . 2011-12-17 00:00 -------- d-----w- c:\program files (x86)\WOT
2011-12-15 21:56 . 2011-12-15 21:56 -------- d-----w- c:\users\Guest.Basement-PC\AppData\Roaming\TaxCut
2011-12-15 21:56 . 2011-12-15 21:56 -------- d-----w- c:\users\Guest.Basement-PC\AppData\Roaming\pdf995
2011-12-15 11:31 . 2011-12-15 11:31 -------- d-----w- c:\users\Guest.Basement-PC\AppData\Local\Adobe
2011-12-15 00:59 . 2011-12-16 22:30 -------- d-----w- c:\users\Guest.Basement-PC\AppData\Roaming\SoftGrid Client
2011-12-15 00:59 . 2011-12-15 00:59 -------- d-----w- c:\users\Guest.Basement-PC\AppData\Local\SoftGrid Client
2011-12-14 02:17 . 2011-10-26 05:21 43520 ----a-w- c:\windows\system32\csrsrv.dll
2011-12-14 02:15 . 2011-11-24 04:52 3145216 ----a-w- c:\windows\system32\win32k.sys
2011-12-14 02:15 . 2011-10-15 06:31 723456 ----a-w- c:\windows\system32\EncDec.dll
2011-12-14 02:15 . 2011-10-15 05:38 534528 ----a-w- c:\windows\SysWow64\EncDec.dll
2011-12-14 02:14 . 2011-11-05 05:32 2048 ----a-w- c:\windows\system32\tzres.dll
2011-12-14 02:14 . 2011-11-05 04:26 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2011-12-13 22:41 . 2011-12-13 22:41 -------- d-----w- c:\users\Basement\AppData\Roaming\5058
2011-12-13 09:34 . 2011-12-13 09:34 -------- d-----w- c:\users\Basement\AppData\Roaming\5057
2011-12-12 16:59 . 2011-12-13 23:13 -------- d-----w- c:\users\Basement\AppData\Roaming\UAs
2011-12-12 16:58 . 2011-12-12 16:58 -------- d-----w- c:\users\Basement\AppData\Roaming\5056
2011-12-12 16:57 . 2011-12-13 23:24 -------- d-----w- c:\users\Basement\AppData\Roaming\xmldm
2011-12-12 16:57 . 2011-12-13 23:23 -------- d-----w- c:\users\Basement\AppData\Roaming\kock
2011-12-08 22:42 . 2011-12-08 22:42 -------- d-----w- c:\users\Guest.Basement-PC\AppData\Roaming\Malwarebytes
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-27 03:42 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
2011-12-27 03:42 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
2011-11-09 00:40 . 2011-02-23 18:00 660368 ----a-w- c:\windows\system32\deployJava1.dll
2011-10-21 22:41 . 2011-10-21 22:41 510232 ----a-w- c:\windows\system32\igfxsrvc.exe
2011-10-21 22:41 . 2011-10-21 22:41 167704 ----a-w- c:\windows\system32\igfxtray.exe
2011-10-21 22:41 . 2011-10-21 22:41 416024 ----a-w- c:\windows\system32\igfxpers.exe
2011-10-21 22:41 . 2011-10-21 22:41 239896 ----a-w- c:\windows\system32\igfxext.exe
2011-10-21 22:41 . 2011-10-21 22:41 392472 ----a-w- c:\windows\system32\hkcmd.exe
2011-10-21 22:41 . 2011-10-21 22:41 4378392 ----a-w- c:\windows\system32\GfxUI.exe
2011-10-21 22:41 . 2011-10-21 22:41 184600 ----a-w- c:\windows\system32\difx64.exe
2011-10-21 22:36 . 2011-10-21 22:36 90112 ----a-w- c:\windows\system32\igfxCoIn_v2559.dll
2011-10-21 22:30 . 2011-10-21 22:30 8313856 ----a-w- c:\windows\system32\igdumd64.dll
2011-10-21 22:30 . 2011-10-21 22:30 12310112 ----a-w- c:\windows\system32\drivers\igdkmd64.sys
2011-10-21 22:27 . 2011-10-21 22:27 867020 ----a-w- c:\windows\system32\igkrng575.bin
2011-10-21 22:27 . 2011-10-21 22:27 128204 ----a-w- c:\windows\system32\igcompkrng575.bin
2011-10-21 22:27 . 2011-10-21 22:27 105608 ----a-w- c:\windows\system32\igfcg575m.bin
2011-10-21 22:25 . 2011-02-23 19:21 6323712 ----a-w- c:\windows\SysWow64\igdumd32.dll
2011-10-21 22:21 . 2011-02-23 19:21 581120 ----a-w- c:\windows\SysWow64\igdumdx32.dll
2011-10-21 22:19 . 2011-02-23 19:21 14592512 ----a-w- c:\windows\system32\igd10umd64.dll
2011-10-21 22:13 . 2011-02-23 19:21 12340224 ----a-w- c:\windows\SysWow64\igd10umd32.dll
2011-10-21 22:08 . 2011-10-21 22:08 18651648 ----a-w- c:\windows\system32\ig4icd64.dll
2011-10-21 22:03 . 2011-10-21 22:03 13903872 ----a-w- c:\windows\SysWow64\ig4icd32.dll
2011-10-21 21:59 . 2011-10-21 21:59 286720 ----a-w- c:\windows\system32\igfxrrom.lrc
2011-10-21 21:59 . 2011-10-21 21:59 286720 ----a-w- c:\windows\system32\igfxrsky.lrc
2011-10-21 21:59 . 2011-10-21 21:59 286720 ----a-w- c:\windows\system32\igfxrhrv.lrc
2011-10-21 21:59 . 2011-10-21 21:59 286208 ----a-w- c:\windows\system32\igfxrslv.lrc
2011-10-21 21:59 . 2011-10-21 21:59 286208 ----a-w- c:\windows\system32\igfxrtrk.lrc
2011-10-21 21:59 . 2011-10-21 21:59 286208 ----a-w- c:\windows\system32\igfxrsve.lrc
2011-10-21 21:59 . 2011-10-21 21:59 285696 ----a-w- c:\windows\system32\igfxrtha.lrc
2011-10-21 21:59 . 2011-10-21 21:59 287232 ----a-w- c:\windows\system32\igfxresn.lrc
2011-10-21 21:59 . 2011-10-21 21:59 286720 ----a-w- c:\windows\system32\igfxrrus.lrc
2011-10-21 21:59 . 2011-10-21 21:59 286720 ----a-w- c:\windows\system32\igfxrptg.lrc
2011-10-21 21:59 . 2011-10-21 21:59 286720 ----a-w- c:\windows\system32\igfxrplk.lrc
2011-10-21 21:59 . 2011-10-21 21:59 286208 ----a-w- c:\windows\system32\igfxrptb.lrc
2011-10-21 21:59 . 2011-10-21 21:59 286720 ----a-w- c:\windows\system32\igfxrita.lrc
2011-10-21 21:59 . 2011-10-21 21:59 286208 ----a-w- c:\windows\system32\igfxrnor.lrc
2011-10-21 21:59 . 2011-10-21 21:59 283648 ----a-w- c:\windows\system32\igfxrjpn.lrc
2011-10-21 21:59 . 2011-10-21 21:59 283136 ----a-w- c:\windows\system32\igfxrkor.lrc
2011-10-21 21:59 . 2011-10-21 21:59 287232 ----a-w- c:\windows\system32\igfxrell.lrc
2011-10-21 21:59 . 2011-10-21 21:59 286208 ----a-w- c:\windows\system32\igfxrhun.lrc
2011-10-21 21:59 . 2011-10-21 21:59 285184 ----a-w- c:\windows\system32\igfxrheb.lrc
2011-10-21 21:59 . 2011-10-21 21:59 287232 ----a-w- c:\windows\system32\igfxrfra.lrc
2011-10-21 21:59 . 2011-10-21 21:59 286720 ----a-w- c:\windows\system32\igfxrdeu.lrc
2011-10-21 21:59 . 2011-10-21 21:59 286208 ----a-w- c:\windows\system32\igfxrfin.lrc
2011-10-21 21:58 . 2011-10-21 21:58 286720 ----a-w- c:\windows\system32\igfxrnld.lrc
2011-10-21 21:58 . 2011-10-21 21:58 286720 ----a-w- c:\windows\system32\igfxrcsy.lrc
2011-10-21 21:58 . 2011-10-21 21:58 285696 ----a-w- c:\windows\system32\igfxrdan.lrc
2011-10-21 21:58 . 2011-10-21 21:58 285184 ----a-w- c:\windows\system32\igfxrara.lrc
2011-10-21 21:58 . 2011-10-21 21:58 282624 ----a-w- c:\windows\system32\igfxrcht.lrc
2011-10-21 21:58 . 2011-10-21 21:58 282624 ----a-w- c:\windows\system32\igfxrchs.lrc
2011-10-21 21:58 . 2011-10-21 21:58 126976 ----a-w- c:\windows\system32\igfxcpl.cpl
2011-10-21 21:58 . 2011-10-21 21:58 375808 ----a-w- c:\windows\system32\igfxpph.dll
2011-10-21 21:58 . 2011-10-21 21:58 378368 ----a-w- c:\windows\system32\igfxTMM.dll
2011-10-21 21:58 . 2011-10-21 21:58 28672 ----a-w- c:\windows\system32\igfxexps.dll
2011-10-21 21:57 . 2011-02-23 19:21 62464 ----a-w- c:\windows\system32\igfxsrvc.dll
2011-10-21 21:57 . 2011-02-23 19:21 110080 ----a-w- c:\windows\system32\hccutils.dll
2011-10-21 21:57 . 2011-10-21 21:57 146432 ----a-w- c:\windows\system32\gfxSrvc.dll
2011-10-21 21:57 . 2011-10-21 21:57 4096 ----a-w- c:\windows\system32\IGFXDEVLib.dll
2011-10-21 21:57 . 2011-10-21 21:57 390144 ----a-w- c:\windows\system32\igfxdev.dll
2011-10-21 21:56 . 2011-10-21 21:56 285696 ----a-w- c:\windows\system32\igfxrenu.lrc
2011-10-21 21:56 . 2011-10-21 21:56 142336 ----a-w- c:\windows\system32\igfxdo.dll
2011-10-21 21:56 . 2011-02-23 19:21 9014784 ----a-w- c:\windows\system32\igfxress.dll
2011-10-21 21:52 . 2011-10-21 21:52 24576 ----a-w- c:\windows\SysWow64\igfxexps32.dll
2011-10-21 21:52 . 2011-10-21 21:52 294400 ----a-w- c:\windows\SysWow64\igfxdv32.dll
2011-10-21 21:50 . 2011-10-21 21:50 98304 ----a-w- c:\windows\SysWow64\iglhcp32.dll
2011-10-21 21:50 . 2011-10-21 21:50 98304 ----a-w- c:\windows\system32\iglhcp64.dll
2011-10-21 21:50 . 2011-10-21 21:50 94208 ----a-w- c:\windows\system32\IccLibDll_x64.dll
2011-10-21 21:50 . 2011-10-21 21:50 376832 ----a-w- c:\windows\SysWow64\iglhsip32.dll
2011-10-21 21:50 . 2011-10-21 21:50 376832 ----a-w- c:\windows\system32\iglhsip64.dll
2011-10-21 21:50 . 2011-10-21 21:50 2177536 ----a-w- c:\windows\system32\igfxcmjit64.dll
2011-10-21 21:50 . 2011-10-21 21:50 171520 ----a-w- c:\windows\SysWow64\igfxcmrt32.dll
2011-10-21 21:50 . 2011-10-21 21:50 1663488 ----a-w- c:\windows\SysWow64\igfxcmjit32.dll
2011-10-21 21:50 . 2011-10-21 21:50 148480 ----a-w- c:\windows\system32\igfxcmrt64.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-05-16 39408]
"Facebook Update"="c:\users\Basement\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2011-09-02 137536]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"ShwiconXP9106"="c:\program files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe" [2010-01-27 237568]
"Dell DataSafe Online"="c:\program files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe" [2010-08-26 1117528]
"RoxWatchTray"="c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe" [2010-11-25 240112]
"Desktop Disc Tool"="c:\program files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe" [2010-11-17 514544]
"AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-07-05 421888]
"ICF"="c:\program files (x86)\Internet Content Filter\mfp.exe" [2010-03-09 1280016]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]
"LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2011-08-15 1955208]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-12-08 421736]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-11-28 3744552]
"COMODO"="c:\program files\COMODO\COMODO GeekBuddy\CLPSLA.exe" [2011-11-23 213304]
"CPA"="c:\program files\COMODO\COMODO GeekBuddy\VALA.exe" [2011-11-23 184120]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-12-24 460872]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\SysWOW64\guard32.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CLPSLS]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 ehSched32;Windows Media Center Scheduler Service ;c:\windows\system32\dciman3232.exe [x]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-16 136176]
R2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [x]
R2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-02-28 183560]
R3 BlackBox;BlackBox SR2; [x]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-16 136176]
R3 hitmanpro35;Hitman Pro 3.5 Support Driver;c:\windows\system32\drivers\hitmanpro35.sys [x]
R3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 RoxMediaDB12OEM;RoxMediaDB12OEM;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys [x]
S1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
S2 CLPSLS;COMODO livePCsupport Service;c:\program files\COMODO\COMODO GeekBuddy\CLPSLS.exe [2011-11-23 1267000]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2010-10-20 821664]
S2 fpUpdateSvc;Family Protection Update Service;c:\program files (x86)\Internet Content Filter\UpdateService.exe [2010-03-09 235024]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [2011-08-15 2329480]
S2 IHA_MessageCenter;IHA_MessageCenter;c:\program files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe [2011-07-01 151552]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-12-24 652872]
S2 NOBU;Dell DataSafe Online;c:\program files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe SERVICE [x]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2010-09-14 508264]
S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2011-01-13 705856]
S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
S3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2010-09-14 219496]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
svcboot_yamoasebs REG_MULTI_SZ svcboot_yamoasebs
.
Contents of the 'Scheduled Tasks' folder
.
2011-12-31 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2849898473-3246004406-1745184594-1001Core.job
- c:\users\Basement\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-09-02 20:25]
.
2012-01-01 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2849898473-3246004406-1745184594-1001UA.job
- c:\users\Basement\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-09-02 20:25]
.
2012-01-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-16 00:51]
.
2012-01-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-16 00:51]
.
2012-01-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2849898473-3246004406-1745184594-1001Core.job
- c:\users\Basement\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-29 18:22]
.
2012-01-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2849898473-3246004406-1745184594-1001UA.job
- c:\users\Basement\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-29 18:22]
.
2012-01-01 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\Dell Support Center\uaclauncher.exe [2011-12-14 04:09]
.
2012-01-01 c:\windows\Tasks\SystemToolsDailyTest.job
- c:\program files\Dell Support Center\uaclauncher.exe [2011-12-14 04:09]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-11-28 18:01 134384 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-02-09 10060832]
"DellStage"="c:\program files (x86)\Dell Stage\Dell Stage\stage_primary.exe" [2010-12-13 4775176]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2011-12-21 9454920]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-10-21 167704]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-10-21 392472]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-10-21 416024]
"combofix"="c:\combofix\CF5432.3XE" [2010-11-20 345088]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
"AppInit_DLLs"=c:\windows\System32\guard64.dll
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://www.bigseekpro.com/hypercam/{8138FD8B-E0F0-4DB9-9149-025186719C54}
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
LSP: c:\windows\SYSWOW64\icf.dll
TCP: Interfaces\{EBAA73C7-8578-4647-ADF2-1AD78350B863}: NameServer = 8.26.56.26,156.154.70.22
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Toolbar-Locked - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Photodex\ProShowGold\ScsiAccess.exe
c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE
c:\program files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
c:\program files (x86)\Dell DataSafe Local Backup\Toaster.exe
.
**************************************************************************
.
Completion time: 2012-01-01 16:04:47 - machine was rebooted
ComboFix-quarantined-files.txt 2012-01-01 21:04
.
Pre-Run: 858,313,007,104 bytes free
Post-Run: 857,933,991,936 bytes free
.
- - End Of File - - D5E373B601AD9B697F0840F48990E717


How is it Running Now

After running the scan, the internet is down. I can't access it through Google Chrome or IE.

Changes since Original Post
Anti-Virus: I uninstalled McAfee and am running Avast.

Firewall: Windows was being blocked so I installed COMMODO.

Scans: I was able to run TDSS Killer, Super-Anti Spamware and Hitman Pro. A lot of cookies were deleted and an MBR infection was found and repaired.

Thamks again,

John

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:06 AM

Posted 01 January 2012 - 04:34 PM

Hello

I want you to run this tool for me next.

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 codamasa7

codamasa7
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:10:06 AM

Posted 01 January 2012 - 04:42 PM

I was able to download and run TDSS Killer as admistrator. I am able to access the report but cannot open any programs to transfer it to a USB to post the log.

It said nothing was detected.

John

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:06 AM

Posted 01 January 2012 - 04:52 PM

Greetings

Good That cleaned up some bad guys but I see some other stuff that we need to go after, so I want you to run this custom script for me.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 codamasa7

codamasa7
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:10:06 AM

Posted 01 January 2012 - 05:01 PM

I am able to get CFScript onto my desktop but dragging it into ComboFix gets the error message I get trying to open anything on the infected computer "Illegal operation attempted on a registry key marked for deletion."

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:06 AM

Posted 01 January 2012 - 05:20 PM

restart the computer and do it again


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 codamasa7

codamasa7
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:10:06 AM

Posted 01 January 2012 - 06:21 PM

ComboFix Log:


ComboFix 12-01-01.06 - Basement 01/01/2012 18:03:01.2.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.5943.1572 [GMT -5:00]
Running from: c:\users\Basement\Downloads\ComboFix.exe
Command switches used :: c:\users\Basement\Desktop\CFScript.txt
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2011-12-01 to 2012-01-01 )))))))))))))))))))))))))))))))
.
.
2012-01-01 23:09 . 2012-01-01 23:09 -------- d-----w- c:\users\Guest\AppData\Local\temp
2012-01-01 23:09 . 2012-01-01 23:09 -------- d-----w- c:\users\Guest.Basement-PC\AppData\Local\temp
2012-01-01 23:09 . 2012-01-01 23:09 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-12-31 16:48 . 2011-12-31 16:48 -------- d-----w- c:\windows\en
2011-12-31 16:44 . 2011-12-31 16:44 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-12-31 16:39 . 2011-12-31 16:39 15712 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\ba8c65e61ccc7da01\MeshBetaRemover.exe
2011-12-29 22:24 . 2011-12-29 22:24 539984 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2011-12-29 18:22 . 2011-12-29 18:22 -------- d-----w- c:\users\Basement\AppData\Local\Programs
2011-12-28 21:19 . 2011-12-28 21:22 25160 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2011-12-28 21:19 . 2011-12-28 21:19 -------- d-----w- c:\program files\Hitman Pro 3.5
2011-12-28 20:48 . 2011-12-28 20:48 -------- d-----w- c:\users\Basement\AppData\Local\Comodo
2011-12-28 20:40 . 2011-12-10 20:24 23152 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-12-28 17:32 . 2011-12-28 20:33 -------- d-----w- c:\programdata\CPA_VA
2011-12-28 17:27 . 2011-12-28 17:28 -------- d-----w- c:\programdata\Comodo
2011-12-28 17:27 . 2011-12-28 17:27 -------- d-----w- c:\program files\COMODO
2011-12-28 17:27 . 2011-12-28 17:27 -------- d-----w- c:\program files (x86)\Comodo
2011-12-28 17:27 . 2011-12-28 17:27 1700352 ----a-w- c:\windows\SysWow64\gdiplus.dll
2011-12-28 15:36 . 2011-11-28 17:51 24408 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-12-28 15:36 . 2011-11-28 17:53 304472 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-12-28 15:36 . 2011-11-28 17:52 42328 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-12-28 15:36 . 2011-11-28 17:52 58712 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-12-28 15:36 . 2011-11-28 17:54 591192 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-12-28 15:36 . 2011-11-28 18:01 256960 ----a-w- c:\windows\system32\aswBoot.exe
2011-12-28 15:36 . 2011-11-28 17:52 66904 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2011-12-28 15:35 . 2011-11-28 18:01 41184 ----a-w- c:\windows\avastSS.scr
2011-12-28 15:35 . 2011-11-28 18:01 199816 ----a-w- c:\windows\SysWow64\aswBoot.exe
2011-12-28 15:35 . 2011-12-28 15:35 -------- d-----w- c:\programdata\AVAST Software
2011-12-28 15:35 . 2011-12-28 15:35 -------- d-----w- c:\program files\AVAST Software
2011-12-27 04:51 . 2011-12-27 04:51 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-12-27 04:31 . 2011-12-27 04:31 -------- d-----w- c:\program files (x86)\Common Files\Adobe AIR
2011-12-27 04:29 . 2011-12-27 04:29 -------- d-----w- c:\program files (x86)\Common Files\Adobe
2011-12-27 03:30 . 2011-12-27 03:30 -------- d-----w- c:\windows\system32\SPReview
2011-12-26 13:01 . 2011-12-26 13:01 -------- d-----w- c:\program files\iPod
2011-12-26 13:01 . 2011-12-26 13:02 -------- d-----w- c:\program files\iTunes
2011-12-26 13:01 . 2011-12-26 13:02 -------- d-----w- c:\program files (x86)\iTunes
2011-12-26 12:42 . 2011-12-26 12:42 -------- d-----w- c:\users\Guest.Basement-PC\AppData\Local\Apple
2011-12-23 01:34 . 2011-12-23 01:34 -------- d-----w- c:\program files (x86)\LogMeIn Hamachi
2011-12-20 01:56 . 2011-12-27 04:50 35712 ----a-w- c:\windows\SysWow64\drivers\BlackBox.sys
2011-12-19 23:59 . 2011-12-19 23:59 93200 ----a-w- c:\windows\system32\drivers\inspect.sys
2011-12-19 23:59 . 2011-12-19 23:59 577824 ----a-w- c:\windows\system32\drivers\cmdGuard.sys
2011-12-19 23:59 . 2011-12-19 23:59 43248 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
2011-12-19 23:59 . 2011-12-19 23:59 22696 ----a-w- c:\windows\system32\drivers\cmderd.sys
2011-12-19 23:58 . 2011-12-19 23:58 41200 ----a-w- c:\windows\system32\cmdcsr.dll
2011-12-19 23:58 . 2011-12-19 23:58 389840 ----a-w- c:\windows\system32\guard64.dll
2011-12-19 23:58 . 2011-12-19 23:58 301224 ----a-w- c:\windows\SysWow64\guard32.dll
2011-12-18 22:11 . 2011-12-18 22:11 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-12-18 22:11 . 2011-12-18 22:11 -------- d-----w- c:\windows\system32\Macromed
2011-12-18 16:16 . 2011-12-18 16:16 -------- d-----w- c:\users\Basement\AppData\Roaming\SUPERAntiSpyware.com
2011-12-18 16:16 . 2011-12-18 16:16 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2011-12-18 15:58 . 2011-12-18 16:00 -------- d-----w- c:\program files\Oracle
2011-12-18 15:57 . 2011-11-09 00:40 750488 ----a-w- c:\windows\system32\npdeployJava1.dll
2011-12-17 20:03 . 2011-12-17 20:03 -------- d-----w- c:\users\Basement\AppData\Local\ElevatedDiagnostics
2011-12-17 15:10 . 2011-12-28 21:21 -------- d-----w- c:\programdata\Hitman Pro
2011-12-17 00:05 . 2011-12-17 00:05 -------- d-----w- c:\program files (x86)\ESET
2011-12-17 00:00 . 2011-12-17 00:00 -------- d-----w- c:\program files\WOT
2011-12-17 00:00 . 2011-12-17 00:00 -------- d-----w- c:\program files (x86)\WOT
2011-12-15 21:56 . 2011-12-15 21:56 -------- d-----w- c:\users\Guest.Basement-PC\AppData\Roaming\TaxCut
2011-12-15 21:56 . 2011-12-15 21:56 -------- d-----w- c:\users\Guest.Basement-PC\AppData\Roaming\pdf995
2011-12-15 11:31 . 2011-12-15 11:31 -------- d-----w- c:\users\Guest.Basement-PC\AppData\Local\Adobe
2011-12-15 00:59 . 2011-12-16 22:30 -------- d-----w- c:\users\Guest.Basement-PC\AppData\Roaming\SoftGrid Client
2011-12-15 00:59 . 2011-12-15 00:59 -------- d-----w- c:\users\Guest.Basement-PC\AppData\Local\SoftGrid Client
2011-12-14 02:17 . 2011-10-26 05:21 43520 ----a-w- c:\windows\system32\csrsrv.dll
2011-12-14 02:15 . 2011-11-24 04:52 3145216 ----a-w- c:\windows\system32\win32k.sys
2011-12-14 02:15 . 2011-10-15 06:31 723456 ----a-w- c:\windows\system32\EncDec.dll
2011-12-14 02:15 . 2011-10-15 05:38 534528 ----a-w- c:\windows\SysWow64\EncDec.dll
2011-12-14 02:14 . 2011-11-05 05:32 2048 ----a-w- c:\windows\system32\tzres.dll
2011-12-14 02:14 . 2011-11-05 04:26 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2011-12-13 22:41 . 2011-12-13 22:41 -------- d-----w- c:\users\Basement\AppData\Roaming\5058
2011-12-13 09:34 . 2011-12-13 09:34 -------- d-----w- c:\users\Basement\AppData\Roaming\5057
2011-12-12 16:59 . 2011-12-13 23:13 -------- d-----w- c:\users\Basement\AppData\Roaming\UAs
2011-12-12 16:58 . 2011-12-12 16:58 -------- d-----w- c:\users\Basement\AppData\Roaming\5056
2011-12-12 16:57 . 2011-12-13 23:24 -------- d-----w- c:\users\Basement\AppData\Roaming\xmldm
2011-12-12 16:57 . 2011-12-13 23:23 -------- d-----w- c:\users\Basement\AppData\Roaming\kock
2011-12-08 22:42 . 2011-12-08 22:42 -------- d-----w- c:\users\Guest.Basement-PC\AppData\Roaming\Malwarebytes
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-27 03:42 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
2011-12-27 03:42 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
2011-11-09 00:40 . 2011-02-23 18:00 660368 ----a-w- c:\windows\system32\deployJava1.dll
2011-10-21 22:41 . 2011-10-21 22:41 510232 ----a-w- c:\windows\system32\igfxsrvc.exe
2011-10-21 22:41 . 2011-10-21 22:41 167704 ----a-w- c:\windows\system32\igfxtray.exe
2011-10-21 22:41 . 2011-10-21 22:41 416024 ----a-w- c:\windows\system32\igfxpers.exe
2011-10-21 22:41 . 2011-10-21 22:41 239896 ----a-w- c:\windows\system32\igfxext.exe
2011-10-21 22:41 . 2011-10-21 22:41 392472 ----a-w- c:\windows\system32\hkcmd.exe
2011-10-21 22:41 . 2011-10-21 22:41 4378392 ----a-w- c:\windows\system32\GfxUI.exe
2011-10-21 22:41 . 2011-10-21 22:41 184600 ----a-w- c:\windows\system32\difx64.exe
2011-10-21 22:36 . 2011-10-21 22:36 90112 ----a-w- c:\windows\system32\igfxCoIn_v2559.dll
2011-10-21 22:30 . 2011-10-21 22:30 8313856 ----a-w- c:\windows\system32\igdumd64.dll
2011-10-21 22:30 . 2011-10-21 22:30 12310112 ----a-w- c:\windows\system32\drivers\igdkmd64.sys
2011-10-21 22:27 . 2011-10-21 22:27 867020 ----a-w- c:\windows\system32\igkrng575.bin
2011-10-21 22:27 . 2011-10-21 22:27 128204 ----a-w- c:\windows\system32\igcompkrng575.bin
2011-10-21 22:27 . 2011-10-21 22:27 105608 ----a-w- c:\windows\system32\igfcg575m.bin
2011-10-21 22:25 . 2011-02-23 19:21 6323712 ----a-w- c:\windows\SysWow64\igdumd32.dll
2011-10-21 22:21 . 2011-02-23 19:21 581120 ----a-w- c:\windows\SysWow64\igdumdx32.dll
2011-10-21 22:19 . 2011-02-23 19:21 14592512 ----a-w- c:\windows\system32\igd10umd64.dll
2011-10-21 22:13 . 2011-02-23 19:21 12340224 ----a-w- c:\windows\SysWow64\igd10umd32.dll
2011-10-21 22:08 . 2011-10-21 22:08 18651648 ----a-w- c:\windows\system32\ig4icd64.dll
2011-10-21 22:03 . 2011-10-21 22:03 13903872 ----a-w- c:\windows\SysWow64\ig4icd32.dll
2011-10-21 21:59 . 2011-10-21 21:59 286720 ----a-w- c:\windows\system32\igfxrrom.lrc
2011-10-21 21:59 . 2011-10-21 21:59 286720 ----a-w- c:\windows\system32\igfxrsky.lrc
2011-10-21 21:59 . 2011-10-21 21:59 286720 ----a-w- c:\windows\system32\igfxrhrv.lrc
2011-10-21 21:59 . 2011-10-21 21:59 286208 ----a-w- c:\windows\system32\igfxrslv.lrc
2011-10-21 21:59 . 2011-10-21 21:59 286208 ----a-w- c:\windows\system32\igfxrtrk.lrc
2011-10-21 21:59 . 2011-10-21 21:59 286208 ----a-w- c:\windows\system32\igfxrsve.lrc
2011-10-21 21:59 . 2011-10-21 21:59 285696 ----a-w- c:\windows\system32\igfxrtha.lrc
2011-10-21 21:59 . 2011-10-21 21:59 287232 ----a-w- c:\windows\system32\igfxresn.lrc
2011-10-21 21:59 . 2011-10-21 21:59 286720 ----a-w- c:\windows\system32\igfxrrus.lrc
2011-10-21 21:59 . 2011-10-21 21:59 286720 ----a-w- c:\windows\system32\igfxrptg.lrc
2011-10-21 21:59 . 2011-10-21 21:59 286720 ----a-w- c:\windows\system32\igfxrplk.lrc
2011-10-21 21:59 . 2011-10-21 21:59 286208 ----a-w- c:\windows\system32\igfxrptb.lrc
2011-10-21 21:59 . 2011-10-21 21:59 286720 ----a-w- c:\windows\system32\igfxrita.lrc
2011-10-21 21:59 . 2011-10-21 21:59 286208 ----a-w- c:\windows\system32\igfxrnor.lrc
2011-10-21 21:59 . 2011-10-21 21:59 283648 ----a-w- c:\windows\system32\igfxrjpn.lrc
2011-10-21 21:59 . 2011-10-21 21:59 283136 ----a-w- c:\windows\system32\igfxrkor.lrc
2011-10-21 21:59 . 2011-10-21 21:59 287232 ----a-w- c:\windows\system32\igfxrell.lrc
2011-10-21 21:59 . 2011-10-21 21:59 286208 ----a-w- c:\windows\system32\igfxrhun.lrc
2011-10-21 21:59 . 2011-10-21 21:59 285184 ----a-w- c:\windows\system32\igfxrheb.lrc
2011-10-21 21:59 . 2011-10-21 21:59 287232 ----a-w- c:\windows\system32\igfxrfra.lrc
2011-10-21 21:59 . 2011-10-21 21:59 286720 ----a-w- c:\windows\system32\igfxrdeu.lrc
2011-10-21 21:59 . 2011-10-21 21:59 286208 ----a-w- c:\windows\system32\igfxrfin.lrc
2011-10-21 21:58 . 2011-10-21 21:58 286720 ----a-w- c:\windows\system32\igfxrnld.lrc
2011-10-21 21:58 . 2011-10-21 21:58 286720 ----a-w- c:\windows\system32\igfxrcsy.lrc
2011-10-21 21:58 . 2011-10-21 21:58 285696 ----a-w- c:\windows\system32\igfxrdan.lrc
2011-10-21 21:58 . 2011-10-21 21:58 285184 ----a-w- c:\windows\system32\igfxrara.lrc
2011-10-21 21:58 . 2011-10-21 21:58 282624 ----a-w- c:\windows\system32\igfxrcht.lrc
2011-10-21 21:58 . 2011-10-21 21:58 282624 ----a-w- c:\windows\system32\igfxrchs.lrc
2011-10-21 21:58 . 2011-10-21 21:58 126976 ----a-w- c:\windows\system32\igfxcpl.cpl
2011-10-21 21:58 . 2011-10-21 21:58 375808 ----a-w- c:\windows\system32\igfxpph.dll
2011-10-21 21:58 . 2011-10-21 21:58 378368 ----a-w- c:\windows\system32\igfxTMM.dll
2011-10-21 21:58 . 2011-10-21 21:58 28672 ----a-w- c:\windows\system32\igfxexps.dll
2011-10-21 21:57 . 2011-02-23 19:21 62464 ----a-w- c:\windows\system32\igfxsrvc.dll
2011-10-21 21:57 . 2011-02-23 19:21 110080 ----a-w- c:\windows\system32\hccutils.dll
2011-10-21 21:57 . 2011-10-21 21:57 146432 ----a-w- c:\windows\system32\gfxSrvc.dll
2011-10-21 21:57 . 2011-10-21 21:57 4096 ----a-w- c:\windows\system32\IGFXDEVLib.dll
2011-10-21 21:57 . 2011-10-21 21:57 390144 ----a-w- c:\windows\system32\igfxdev.dll
2011-10-21 21:56 . 2011-10-21 21:56 285696 ----a-w- c:\windows\system32\igfxrenu.lrc
2011-10-21 21:56 . 2011-10-21 21:56 142336 ----a-w- c:\windows\system32\igfxdo.dll
2011-10-21 21:56 . 2011-02-23 19:21 9014784 ----a-w- c:\windows\system32\igfxress.dll
2011-10-21 21:52 . 2011-10-21 21:52 24576 ----a-w- c:\windows\SysWow64\igfxexps32.dll
2011-10-21 21:52 . 2011-10-21 21:52 294400 ----a-w- c:\windows\SysWow64\igfxdv32.dll
2011-10-21 21:50 . 2011-10-21 21:50 98304 ----a-w- c:\windows\SysWow64\iglhcp32.dll
2011-10-21 21:50 . 2011-10-21 21:50 98304 ----a-w- c:\windows\system32\iglhcp64.dll
2011-10-21 21:50 . 2011-10-21 21:50 94208 ----a-w- c:\windows\system32\IccLibDll_x64.dll
2011-10-21 21:50 . 2011-10-21 21:50 376832 ----a-w- c:\windows\SysWow64\iglhsip32.dll
2011-10-21 21:50 . 2011-10-21 21:50 376832 ----a-w- c:\windows\system32\iglhsip64.dll
2011-10-21 21:50 . 2011-10-21 21:50 2177536 ----a-w- c:\windows\system32\igfxcmjit64.dll
2011-10-21 21:50 . 2011-10-21 21:50 171520 ----a-w- c:\windows\SysWow64\igfxcmrt32.dll
2011-10-21 21:50 . 2011-10-21 21:50 1663488 ----a-w- c:\windows\SysWow64\igfxcmjit32.dll
2011-10-21 21:50 . 2011-10-21 21:50 148480 ----a-w- c:\windows\system32\igfxcmrt64.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-01-01_20.56.55 )))))))))))))))))))))))))))))))))))))))))
.
- 2012-01-01 20:51 . 2012-01-01 20:51 13354 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\SoftGrid Client\Icon Cache\icon_ex.dat
+ 2012-01-01 22:36 . 2012-01-01 22:36 13354 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\SoftGrid Client\Icon Cache\icon_ex.dat
- 2009-07-14 04:54 . 2012-01-01 20:53 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2012-01-01 22:37 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2012-01-01 22:37 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-01-01 20:53 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-01-01 22:37 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2012-01-01 20:53 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-02-23 18:32 . 2012-01-01 22:40 50926 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-01-01 22:40 27166 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2011-03-04 21:03 . 2012-01-01 22:40 13310 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2849898473-3246004406-1745184594-1001_UserData.bin
+ 2011-03-04 20:50 . 2012-01-01 22:47 32768 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-03-04 20:50 . 2011-12-30 01:14 32768 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-12-17 21:44 . 2012-01-01 22:47 49152 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2011-12-17 21:44 . 2011-12-30 01:14 49152 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-01-01 22:47 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2011-12-30 01:14 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2011-03-04 21:03 . 2012-01-01 09:53 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-03-04 21:03 . 2012-01-01 21:08 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-03-04 21:03 . 2012-01-01 21:08 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2011-03-04 21:03 . 2012-01-01 09:53 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2011-03-04 21:03 . 2012-01-01 21:08 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2011-03-04 21:03 . 2012-01-01 09:53 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2012-01-01 20:52 . 2012-01-01 20:52 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-01-01 22:37 . 2012-01-01 22:37 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-01-01 20:52 . 2012-01-01 20:52 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-01-01 22:37 . 2012-01-01 22:37 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-07-14 05:01 . 2012-01-01 22:36 291004 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 05:01 . 2012-01-01 20:51 291004 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2011-12-16 23:55 . 2012-01-01 22:36 2883044 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2849898473-3246004406-1745184594-1001-12288.dat
- 2011-12-16 23:55 . 2011-12-28 16:40 2883044 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2849898473-3246004406-1745184594-1001-12288.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-05-16 39408]
"Facebook Update"="c:\users\Basement\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2011-09-02 137536]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"ShwiconXP9106"="c:\program files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe" [2010-01-27 237568]
"Dell DataSafe Online"="c:\program files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe" [2010-08-26 1117528]
"RoxWatchTray"="c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe" [2010-11-25 240112]
"Desktop Disc Tool"="c:\program files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe" [2010-11-17 514544]
"AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-07-05 421888]
"ICF"="c:\program files (x86)\Internet Content Filter\mfp.exe" [2010-03-09 1280016]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]
"LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2011-08-15 1955208]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-12-08 421736]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-11-28 3744552]
"COMODO"="c:\program files\COMODO\COMODO GeekBuddy\CLPSLA.exe" [2011-11-23 213304]
"CPA"="c:\program files\COMODO\COMODO GeekBuddy\VALA.exe" [2011-11-23 184120]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-12-24 460872]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\SysWOW64\guard32.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CLPSLS]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 ehSched32;Windows Media Center Scheduler Service ;c:\windows\system32\dciman3232.exe [x]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-16 136176]
R2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [x]
R2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-02-28 183560]
R3 BlackBox;BlackBox SR2; [x]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-16 136176]
R3 hitmanpro35;Hitman Pro 3.5 Support Driver;c:\windows\system32\drivers\hitmanpro35.sys [x]
R3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 RoxMediaDB12OEM;RoxMediaDB12OEM;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys [x]
S1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
S2 CLPSLS;COMODO livePCsupport Service;c:\program files\COMODO\COMODO GeekBuddy\CLPSLS.exe [2011-11-23 1267000]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2010-10-20 821664]
S2 fpUpdateSvc;Family Protection Update Service;c:\program files (x86)\Internet Content Filter\UpdateService.exe [2010-03-09 235024]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [2011-08-15 2329480]
S2 IHA_MessageCenter;IHA_MessageCenter;c:\program files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe [2011-07-01 151552]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-12-24 652872]
S2 NOBU;Dell DataSafe Online;c:\program files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe SERVICE [x]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2010-09-14 508264]
S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2011-01-13 705856]
S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
S3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2010-09-14 219496]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
svcboot_yamoasebs REG_MULTI_SZ svcboot_yamoasebs
.
Contents of the 'Scheduled Tasks' folder
.
2012-01-01 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2849898473-3246004406-1745184594-1001Core.job
- c:\users\Basement\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-09-02 20:25]
.
2012-01-01 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2849898473-3246004406-1745184594-1001UA.job
- c:\users\Basement\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-09-02 20:25]
.
2012-01-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-16 00:51]
.
2012-01-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-16 00:51]
.
2012-01-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2849898473-3246004406-1745184594-1001Core.job
- c:\users\Basement\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-29 18:22]
.
2012-01-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2849898473-3246004406-1745184594-1001UA.job
- c:\users\Basement\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-29 18:22]
.
2012-01-01 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\Dell Support Center\uaclauncher.exe [2011-12-14 04:09]
.
2012-01-01 c:\windows\Tasks\SystemToolsDailyTest.job
- c:\program files\Dell Support Center\uaclauncher.exe [2011-12-14 04:09]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-11-28 18:01 134384 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-02-09 10060832]
"DellStage"="c:\program files (x86)\Dell Stage\Dell Stage\stage_primary.exe" [2010-12-13 4775176]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2011-12-21 9454920]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-10-21 167704]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-10-21 392472]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-10-21 416024]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\guard64.dll
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://www.bigseekpro.com/hypercam/{8138FD8B-E0F0-4DB9-9149-025186719C54}
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
LSP: c:\windows\SYSWOW64\icf.dll
TCP: Interfaces\{EBAA73C7-8578-4647-ADF2-1AD78350B863}: NameServer = 8.26.56.26,156.154.70.22
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-01-01 18:12:06
ComboFix-quarantined-files.txt 2012-01-01 23:12
ComboFix2.txt 2012-01-01 21:04
.
Pre-Run: 857,739,296,768 bytes free
Post-Run: 857,446,584,320 bytes free
.
- - End Of File - - BFA05A1B9CF8DD3982F576C99A03DFD7


I am able to connect to the internet. A few quick checks make it look like I am not being directed.

John

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:06 AM

Posted 01 January 2012 - 06:37 PM

Install Java:

Please go here to install Java

  • click on the Free Java Download Button
  • click on Agree and start Free download
  • click on Run
  • click on run again
  • click on install
  • when install is complete click on close

TFC(Temp File Cleaner):

  • Please download TFC to your desktop,
  • Save any unsaved work. TFC will close all open application windows.
  • Double-click TFC.exe to run the program.
  • If prompted, click "Yes" to reboot.
Note: Save your work. TFC will automatically close any open programs, let it run uninterrupted. It shouldn't take longer take a couple of minutes, and may only take a few seconds. Only if needed will you be prompted to reboot.

: Malwarebytes' Anti-Malware :

  • I would like you to rerun MBAM
  • Double-click mbam icon
  • go to the update tab at the top
  • click on check for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
  • If you accidentally close it, the log file is saved here and will be named like this:
  • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a log file button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the Analyze This button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 codamasa7

codamasa7
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:10:06 AM

Posted 01 January 2012 - 07:06 PM

Downloaded Java - it said it installed but I received an error message "syntax error"

Ran TFC and rebooted.

Ran MBAM and copied log.

Ran Hijack this but could not produce a log. Received a message that said it could not write to host. Tried their manual fix through start - run - hosts but did not get the Hijack log that way either. Tried your alternate method but there was no way to run as an administrator.

MBAM log

Malwarebytes Anti-Malware (Trial) 1.60.0.1800
www.malwarebytes.org

Database version: v2012.01.01.03

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Basement :: BASEMENT-PC [administrator]

Protection: Disabled

1/1/2012 6:46:45 PM
mbam-log-2012-01-01 (18-46-45).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 207413
Time elapsed: 2 minute(s), 55 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:06 AM

Posted 01 January 2012 - 07:10 PM

Hello

How did you do this - Tried your alternate method but there was no way to run as an administrator.


Check location I have listed

sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 codamasa7

codamasa7
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:10:06 AM

Posted 01 January 2012 - 07:20 PM

I was able to get it to run through the XP compatibility screen.

The log


Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 7:18:21 PM, on 1/1/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe
C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
C:\Program Files (x86)\Internet Content Filter\mfp.exe
C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Roxio\OEM\Roxio Burn\Roxio Burn.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/USCON/1
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bigseekpro.com/hypercam/{8138FD8B-E0F0-4DB9-9149-025186719C54}
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\progra~1\mcafee\msk\mskapbho.dll (file missing)
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7018.1622\swg.dll
O2 - BHO: WOT Helper - {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Program Files (x86)\WOT\WOT.dll
O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" (file missing)
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: SMTTB2009 - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files (x86)\Hyperionics DB Toolbar\tbcore3.dll
O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" (file missing)
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: WOT - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files (x86)\WOT\WOT.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [ShwiconXP9106] C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe
O4 - HKLM\..\Run: [Dell DataSafe Online] C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe"
O4 - HKLM\..\Run: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [ICF] "C:\Program Files (x86)\Internet Content Filter\mfp.exe"
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKLM\..\Run: [COMODO] C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLA.exe
O4 - HKLM\..\Run: [CPA] C:\Program Files\COMODO\COMODO GeekBuddy\VALA.exe
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [Facebook Update] "C:\Users\Basement\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\syswow64\icf.dll
O10 - Unknown file in Winsock LSP: c:\windows\syswow64\icf.dll
O10 - Unknown file in Winsock LSP: c:\windows\syswow64\icf.dll
O10 - Unknown file in Winsock LSP: c:\windows\syswow64\icf.dll
O10 - Unknown file in Winsock LSP: c:\windows\syswow64\icf.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{EBAA73C7-8578-4647-ADF2-1AD78350B863}: NameServer = 8.26.56.26,156.154.70.22
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Protocol: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files (x86)\WOT\WOT.dll
O20 - AppInit_DLLs: C:\Windows\SysWOW64\guard32.dll
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: COMODO livePCsupport Service (CLPSLS) - COMODO - C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLS.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: Windows Media Center Scheduler Service (ehSched32) - Unknown owner - C:\Windows\system32\dciman3232.exe (file missing)
O23 - Service: EPSON V3 Service4(01) (EPSON_PM_RPCV4_01) - SEIKO EPSON CORPORATION - C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Family Protection Update Service (fpUpdateSvc) - McAfee, Inc. - C:\Program Files (x86)\Internet Content Filter\UpdateService.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files (x86)\WildTangent\Dell Games\Dell Game Console\GameConsoleService.exe
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LogMeIn Hamachi Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
O23 - Service: IHA_MessageCenter - Unknown owner - C:\Program Files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: McAfee Personal Firewall Service (McMPFSvc) - Unknown owner - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Dell DataSafe Online (NOBU) - Dell, Inc. - C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: RoxMediaDB12OEM - Sonic Solutions - C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe
O23 - Service: Roxio Hard Drive Watcher 12 (RoxWatch12) - Sonic Solutions - C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: ScsiAccess - Unknown owner - C:\Program Files (x86)\Photodex\ProShowGold\ScsiAccess.exe
O23 - Service: SoftThinks Agent Service (SftService) - SoftThinks SAS - C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 14640 bytes

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:06 AM

Posted 01 January 2012 - 08:04 PM

Greetings

These logs are looking very good, we are almost done!!! Just one more scan to go.

:Remove unneeded start-up entries:

This part of the fix is purely optional
These are programs that start up when you turn on your computer but don't need to be, any of these programs you can click on their icons (or start from the control panel) and start the program when you need it. By stopping these programs you will boot up faster and your computer will work faster.

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Run HijackThis
  • Click on the Scan button
  • Put a check beside all of the items listed below (if present):

    • O4 - HKLM\..\Run: [ShwiconXP9106] C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe
      O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe"
      O4 - HKLM\..\Run: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe"
      O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
      O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
      O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
      O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
      O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
      O4 - HKCU\..\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
      O4 - HKCU\..\Run: [Facebook Update] "C:\Users\Basement\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
  • Close all open windows and browsers/email, etc...
  • Click on the "Fix Checked" button
  • When completed, close the application.

    NOTE**You can research each of those lines >here< and see if you want to keep them or not
    just copy the name between the brackets and paste into the search space
    O4 - HKLM\..\Run: [IntelliPoint]


NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

Eset Online Scanner

**Note** You will need to use Internet explorer for this scan - Vista and win 7 right click on IE shortcut and run as admin

Go Eset web page to run an online scanner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • click on the ESET Online Scanner button
  • Tick the box next to YES, I accept the Terms of Use.
    • Click Start
  • When asked, allow the ActiveX control to install
    • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options
    Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • Click on copy to clipboard and paste the results here in this topic
  • you may also find here C:\Program Files\Eset\Eset Online Scanner\log.txt
Copy and paste that log as a reply to this topic

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 codamasa7

codamasa7
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:10:06 AM

Posted 01 January 2012 - 09:56 PM

ESET results


C:\Program Files (x86)\Dell DataSafe Local Backup\hstart.exe a variant of Win32/HiddenStart.A application
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe a variant of Win32/HiddenStart.A application
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\UpdateWorkingDirectory\DSL\hstart.exe a variant of Win32/HiddenStart.A application
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\UpdateWorkingDirectory\DSL\Components\DSUpdate\hstart.exe a variant of Win32/HiddenStart.A application
C:\Windows\System32\qeqab\mcapp_bpeidsmqk.dll a variant of Win32/WebWatcher.A application
C:\Windows\System32\qeqab\mcgc_lkacg.dll a variant of Win32/WebWatcher.A application
C:\Windows\System32\qeqab\mclmd_wikaurhkt.dll a variant of Win32/WebWatcher.A application
C:\Windows\System32\qeqab\mcmsg_ducuzgscy.dll a variant of Win32/WebWatcher.A application
C:\Windows\System32\qeqab\mco_oomcd.dll a variant of Win32/WebWatcher.A application
C:\Windows\SysWOW64\qeqab\mcapp_bpeidsmqk.dll a variant of Win32/WebWatcher.A application
C:\Windows\SysWOW64\qeqab\mcgc_lkacg.dll a variant of Win32/WebWatcher.A application
C:\Windows\SysWOW64\qeqab\mclmd_wikaurhkt.dll a variant of Win32/WebWatcher.A application
C:\Windows\SysWOW64\qeqab\mcmsg_ducuzgscy.dll a variant of Win32/WebWatcher.A application
C:\Windows\SysWOW64\qeqab\mco_oomcd.dll a variant of Win32/WebWatcher.A application




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users