Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

I got win 7 security 2012 virus.


  • This topic is locked This topic is locked
4 replies to this topic

#1 Rayzior

Rayzior

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:09:55 PM

Posted 13 January 2012 - 03:17 AM

DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_24
Run by Raylord at 8:06:37 on 2012-01-13
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.351.2070.18.3071.1505 [GMT 0:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\spoolsv.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Windows\System32\svchost.exe -k Akamai
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\system32\SupportAppPT\ztemon_cd.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Nitro PDF\Reader\NitroPDFReaderDriverService.exe
C:\Program Files\Microsoft\BingBar\SeaPort.EXE
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\WUDFHost.exe
c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\Nero\Nero 10\Nero BackItUp\NBAgent.exe
C:\Program Files\CyberLink\Shared Files\brs.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Program Files\Yuna Software\Messenger Plus!\PlusService.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\ArcSoft\TotalMedia 3.5\TMMonitor.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Nero\Update\NASvc.exe
C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Mozilla Firefox 4.0 Beta 8\firefox.exe
C:\Program Files\Mozilla Firefox 4.0 Beta 8\plugin-container.exe
C:\Windows\System32\ping.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Windows\explorer.exe
C:\Program Files\Microsoft\BingBar\BingBar.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\conhost.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://search.babylon.com/?AF=100789&babsrc=HP_ss&mntrId=204a8b360000000000000016446b01eb
mStart Page = hxxp://home.sweetim.com
uInternet Settings,ProxyOverride = *.local
mSearchAssistant = hxxp://start.facemoods.com/?a=w7th&s={searchTerms}&f=4
uURLSearchHooks: H - No File
uURLSearchHooks: SweetIM ToolbarURLSearchHook Class: {eee6c35d-6118-11dc-9c72-001320c79847} - c:\program files\sweetim\toolbars\internet explorer\mgHelper.dll
uURLSearchHooks: BrotherSoft Extreme Toolbar: {51a86bb3-6602-4c85-92a5-130ee4864f13} - c:\program files\brothersoft_extreme\prxtbBro0.dll
mURLSearchHooks: Winamp Search Class: {57bca5fa-5dbb-45a2-b558-1755c3f6253b} - c:\program files\winamp toolbar\winamptb.dll
mURLSearchHooks: Softonic_Brasil Toolbar: {12fc3d37-2a42-4fe3-8489-81296878cba5} - c:\program files\softonic_brasil\tbSoft.dll
mURLSearchHooks: Elf 1.12 Toolbar: {38542454-dfb6-44f5-b052-d4e071a3d073} - c:\program files\elf_1.12\prxtbElf_.dll
mURLSearchHooks: BrotherSoft Extreme Toolbar: {51a86bb3-6602-4c85-92a5-130ee4864f13} - c:\program files\brothersoft_extreme\prxtbBro0.dll
BHO: {00A6FAF1-072E-44cf-8957-5838F569A31D} - No File
BHO: Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: {07B18EA1-A523-4961-B6BB-170DE4475CCA} - No File
BHO: Softonic_Brasil Toolbar: {12fc3d37-2a42-4fe3-8489-81296878cba5} - c:\program files\softonic_brasil\tbSoft.dll
BHO: Winamp Toolbar Loader: {25cee8ec-5730-41bc-8b58-22ddc8ab8c20} - c:\program files\winamp toolbar\winamptb.dll
BHO: Babylon toolbar helper: {2eecd738-5844-4a99-b4b6-146bf802613b} - c:\program files\babylontoolbar\babylontoolbar\1.5.3.17\bh\BabylonToolbar.dll
BHO: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\ConduitEngine.dll
BHO: Elf 1.12 Toolbar: {38542454-dfb6-44f5-b052-d4e071a3d073} - c:\program files\elf_1.12\prxtbElf_.dll
BHO: BrotherSoft Extreme Toolbar: {51a86bb3-6602-4c85-92a5-130ee4864f13} - c:\program files\brothersoft_extreme\prxtbBro0.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: CescrtHlpr Object: {64182481-4f71-486b-a045-b233bd0da8fc} - c:\program files\facemoods.com\facemoods\1.4.17.3\bh\facemoods.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~3\office14\GROOVEEX.DLL
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - c:\program files\windows live\companion\companioncore.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~3\office14\URLREDIR.DLL
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "c:\program files\microsoft\bingbar\BingExt.dll"
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: SweetIM Toolbar Helper: {eee6c35c-6118-11dc-9c72-001320c79847} - c:\program files\sweetim\toolbars\internet explorer\mgToolbarIE.dll
BHO: Yontoo: {fd72061e-9fde-484d-a58a-0bab4151cad8} - c:\program files\yontoo\YontooIEClient.dll
TB: Barra de Ferramentas do Yahoo! com bloqueador de pop-up: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: Winamp Toolbar: {ebf2ba02-9094-4c5a-858b-bb198f3d8de2} - c:\program files\winamp toolbar\winamptb.dll
TB: Softonic_Brasil Toolbar: {12fc3d37-2a42-4fe3-8489-81296878cba5} - c:\program files\softonic_brasil\tbSoft.dll
TB: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\ConduitEngine.dll
TB: Elf 1.12 Toolbar: {38542454-dfb6-44f5-b052-d4e071a3d073} - c:\program files\elf_1.12\prxtbElf_.dll
TB: SweetIM Toolbar for Internet Explorer: {eee6c35b-6118-11dc-9c72-001320c79847} - c:\program files\sweetim\toolbars\internet explorer\mgToolbarIE.dll
TB: {07B18EA9-A523-4961-B6BB-170DE4475CCA} - No File
TB: DAEMON Tools Toolbar: {32099aac-c132-4136-9e9a-4e364a424e17} - c:\program files\daemon tools toolbar\DTToolbar.dll
TB: facemoods Toolbar: {db4e9724-f518-4dfd-9c7c-78b52103cab9} - c:\program files\facemoods.com\facemoods\1.4.17.3\facemoodsTlbr.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "c:\program files\microsoft\bingbar\BingExt.dll"
TB: BrotherSoft Extreme Toolbar: {51a86bb3-6602-4c85-92a5-130ee4864f13} - c:\program files\brothersoft_extreme\prxtbBro0.dll
TB: Babylon Toolbar: {98889811-442d-49dd-99d7-dc866be87dbc} - c:\program files\babylontoolbar\babylontoolbar\1.5.3.17\BabylonToolbarTlbr.dll
uRun: [LightScribe Control Panel] c:\program files\common files\lightscribe\LightScribeControlPanel.exe -hidden
uRun: [ares] "c:\program files\ares\Ares.exe" -h
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [Advanced SystemCare 5] "c:\program files\iobit\advanced systemcare 5\ASCTray.exe" /AutoStart
uRun: [<NO NAME>]
uRun: [NokiaSuite.exe] c:\program files\nokia\nokia suite\NokiaSuite.exe -tray
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil10l_ActiveX.exe -update activex
mRun: [NBAgent] "c:\program files\nero\nero 10\nero backitup\NBAgent.exe" /WinStart
mRun: [BDRegion] c:\program files\cyberlink\shared files\brs.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [WinampAgent] "c:\program files\winamp\winampa.exe"
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [snpstd] c:\windows\vsnpstd.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [facemoods] "c:\program files\facemoods.com\facemoods\1.4.17.3\facemoodssrv.exe" /md I
mRun: [BCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServices
mRun: [ArcSoft Connection Service] c:\program files\common files\arcsoft\connection service\bin\ACDaemon.exe
mRun: [PlusService] c:\program files\yuna software\messenger plus!\PlusService.exe
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\gamers~1.lnk - c:\program files\gamersfirst\live!\Live.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\inicio~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\tmmoni~1.lnk - c:\program files\arcsoft\totalmedia 3.5\TMMonitor.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: EnableLinkedConnections = 1 (0x1)
IE: E&nviar para o OneNote - c:\progra~1\micros~3\office14\ONBttnIE.dll/105
IE: E&xportar para o Microsoft Excel - c:\progra~1\micros~3\office14\EXCEL.EXE/3000
IE: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - c:\program files\pokerstars\PokerStarsUpdate.exe
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - c:\program files\windows live\companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
LSP: mswsock.dll
DPF: {44EFE656-BA6F-401B-8474-1473CF3883E5} - file:///C:/Users/Tiago/AppData/Local/Microsoft/Windows%20Sidebar/Gadgets/activexclock.gadget/Clock.ocx
TCP: DhcpNameServer = 192.168.1.254 192.168.1.254
TCP: Interfaces\{24EF1738-A7B7-437A-A923-DB82BDA5D827} : NameServer = 212.18.160.133 212.18.160.134
TCP: Interfaces\{D8D7B569-F020-440C-8E8F-6BE46401FD70} : DhcpNameServer = 192.168.1.254 192.168.1.254
TCP: Interfaces\{D8D7B569-F020-440C-8E8F-6BE46401FD70}\33E25374F5355627675627F525F657475627F5261673566373 : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{D8D7B569-F020-440C-8E8F-6BE46401FD70}\4586F6D637F6E6142423543363 : DhcpNameServer = 192.168.1.254 192.168.1.254
TCP: Interfaces\{D8D7B569-F020-440C-8E8F-6BE46401FD70}\4586F6D637F6E6939354648333 : DhcpNameServer = 192.168.1.254 192.168.1.254
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
Notify: igfxcui - igfxdev.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~3\office14\GROOVEEX.DLL
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\raylord\appdata\roaming\mozilla\firefox\profiles\rkokw2vm.default\
FF - prefs.js: keyword.URL - hxxp://search.babylon.com/?AF=100789&babsrc=adbartrp&mntrId=204a8b360000000000000016446b01eb&q=
FF - prefs.js: browser.search.selectedEngine - Search the web (Babylon)
FF - prefs.js: browser.startup.homepage - hxxp://search.babylon.com/?AF=100789&babsrc=HP_ss&mntrId=204a8b360000000000000016446b01eb
FF - plugin: c:\progra~1\micros~3\office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\micros~3\office14\NPSPWRAP.DLL
FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\k-lite codec pack\real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\k-lite codec pack\real\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60831.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox 4.0 beta 8\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mywebsearch\bar\3.bin\NPMYWEBS.DLL
FF - plugin: c:\program files\pando networks\media booster\npPandoWebPlugin.dll
FF - plugin: c:\program files\veetle\player\npvlc.dll
FF - plugin: c:\program files\veetle\plugins\npVeetle.dll
FF - plugin: c:\program files\virtools\3d life player\npvirtools.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
.
---- FIREFOX POLICIES ----
FF - user.js: extentions.y2layers.installId - 871b019a-be88-4448-9ff2-527edab4dc82
FF - user.js: extentions.y2layers.defaultEnableAppsList - Buzzdock,BuzzdockTease,DropDownDeals,BestVideoDownloader,BestVideoDownloader,
FF - user.js: extensions.autoDisableScopes - 14
FF - user.js: security.csp.enable - false
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=100789
FF - user.js: extensions.BabylonToolbar_i.babExt - somoto
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.id - 204a8b360000000000000016446b01eb
FF - user.js: extensions.BabylonToolbar_i.hardId - 204a8b360000000000000016446b01eb
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15347
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1712:41:43
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - tb5
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
.
============= SERVICES / DRIVERS ===============
.
R0 SmartDefragDriver;SmartDefragDriver;c:\windows\system32\drivers\SmartDefragDriver.sys [2012-1-2 15672]
R1 anodlwf;ANOD Network Security Filter driver;c:\windows\system32\drivers\anodlwf.sys [2011-12-13 12800]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [2011-2-7 218688]
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-10-24 165648]
R1 MpKsl260fa128;MpKsl260fa128;c:\programdata\microsoft\microsoft antimalware\definition updates\{a63ae619-c8ec-4bb4-92cc-7f8a3527b74c}\MpKsl260fa128.sys [2012-1-13 29904]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128]
R2 {B154377D-700F-42cc-9474-23858FBDF4BD};Power Control [2010/07/27 17:10:22];c:\program files\cyberlink\powerdvd9\000.fcl [2009-2-28 87536]
R2 AdvancedSystemCareService5;Advanced SystemCare Service 5;c:\program files\iobit\advanced systemcare 5\ASCService.exe [2012-1-2 494424]
R2 Akamai;Akamai NetSession Interface;c:\windows\system32\svchost.exe -k Akamai [2009-7-13 20992]
R2 Automatic CDROM Monitor;Automatic CDROM Monitor;c:\windows\system32\supportapppt\ztemon_cd.exe [2010-7-28 86016]
R2 NAUpdate;Nero Update;c:\program files\nero\update\NASvc.exe [2010-3-25 490280]
R2 NitroReaderDriverReadSpool;NitroPDFReaderDriverCreatorReadSpool;c:\program files\nitro pdf\reader\NitroPDFReaderDriverService.exe [2010-12-3 196912]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\nvidia corporation\nvidia updatus\daemonu.exe [2011-12-29 2214504]
R2 VmbService;Serviço Vodafone Mobile Broadband;c:\program files\vodafone\vodafone mobile broadband\bin\VmbService.exe [2010-6-25 9216]
R3 HCW85BDA;Hauppauge WinTV 885 Video Capture;c:\windows\system32\drivers\HCW85BDA.sys [2009-6-10 1394688]
R3 netr73;Controlador de Adaptador sem Fios USB 802.11 b/g para Vista;c:\windows\system32\drivers\netr73.sys [2009-6-10 545792]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2010-10-24 65024]
R3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\antimalware\NisSrv.exe [2011-4-27 208944]
R3 vodafone_K3805-z_dc_enum;vodafone_K3805-z_dc_enum;c:\windows\system32\drivers\vodafone_K3805-z_dc_enum.sys [2010-3-1 61952]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\drivers\vwifimp.sys [2009-7-13 14336]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Serviço Google Update (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-12-27 136176]
S2 RelevantKnowledge;RelevantKnowledge;c:\program files\relevantknowledge\rlservice.exe /service --> c:\program files\relevantknowledge\rlservice.exe [?]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2012-1-13 1153368]
S2 SpyHunter 4 Service;SpyHunter 4 Service;c:\progra~1\enigma~1\spyhun~1\SH4SER~1.EXE [2011-10-10 736672]
S3 AVerFx2hbtv;AVerMedia USB SW Hybrid Tuner;c:\windows\system32\drivers\AVerFx2hbtv.sys [2011-8-30 273152]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 BBSvc;Bing Bar Update Service;c:\program files\microsoft\bingbar\BBSvc.EXE [2011-2-28 183560]
S3 esgiguard;esgiguard;c:\program files\enigma software group\spyhunter\esgiguard.sys [2011-5-6 13904]
S3 fssfltr;fssfltr;c:\windows\system32\drivers\fssfltr.sys [2011-1-4 39272]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2011-5-13 1492840]
S3 gupdatem;Serviço Google Update (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-12-27 136176]
S3 IT9135BDA;IT9135 BDA Devices;c:\windows\system32\drivers\IT9135BDA.sys [2011-12-7 94336]
S3 massfilter;MBB Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [2011-5-6 9216]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\microsoft office\office14\GROOVE.EXE [2011-6-12 31125880]
S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\drivers\MpNWMon.sys [2010-10-24 43392]
S3 netr28u;D-Link dnetr28u USB Extensible Wireless LAN Card Driver;c:\windows\system32\drivers\Dnetr28u.sys [2011-12-13 750592]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [2011-11-1 137600]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [2011-11-1 8576]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2011-7-8 15872]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-7-8 52224]
S3 WatAdminSvc;Serviço de Tecnologias de Activação do Windows;c:\windows\system32\wat\WatAdminSvc.exe [2010-7-27 1343400]
S3 ZTEusbvoice;ZTE VoUSB Port;c:\windows\system32\drivers\zteusbvoice.sys [2011-5-6 105856]
S3 ZTEusbwwan;ZTE MBN Miniport;c:\windows\system32\drivers\ZTEusbwwan.sys [2011-5-6 194048]
S4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\windows live\mesh\wlcrasvc.exe [2010-9-22 51040]
SUnknown MyWebSearchService;MyWebSearchService; [x]
.
=============== Created Last 30 ================
.
2012-01-13 07:55:50 -------- d-----w- c:\users\raylord\appdata\roaming\Malwarebytes
2012-01-13 07:55:32 -------- d-----w- c:\programdata\Malwarebytes
2012-01-13 07:55:28 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-01-13 07:55:28 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-01-13 07:21:18 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2012-01-13 07:21:18 -------- d-----w- c:\program files\Spybot - Search & Destroy
2012-01-13 07:04:02 29904 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{a63ae619-c8ec-4bb4-92cc-7f8a3527b74c}\MpKsl260fa128.sys
2012-01-13 07:04:00 56200 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{a63ae619-c8ec-4bb4-92cc-7f8a3527b74c}\offreg.dll
2012-01-12 23:20:10 67440 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-01-12 23:20:10 369352 ----a-w- c:\windows\system32\drivers\cng.sys
2012-01-12 23:20:10 22528 ----a-w- c:\windows\system32\lsass.exe
2012-01-12 23:20:10 224768 ----a-w- c:\windows\system32\schannel.dll
2012-01-12 23:20:10 22016 ----a-w- c:\windows\system32\secur32.dll
2012-01-12 23:20:10 15872 ----a-w- c:\windows\system32\sspisrv.dll
2012-01-12 23:20:10 134000 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2012-01-12 23:20:10 1038848 ----a-w- c:\windows\system32\lsasrv.dll
2012-01-12 23:20:10 100352 ----a-w- c:\windows\system32\sspicli.dll
2012-01-12 23:20:09 314880 ----a-w- c:\windows\system32\webio.dll
2012-01-12 23:17:54 20312 ----a-w- c:\windows\system32\RegistryDefragBootTime.exe
2012-01-12 21:47:54 6823496 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{a63ae619-c8ec-4bb4-92cc-7f8a3527b74c}\mpengine.dll
2012-01-12 21:03:16 110080 ----a-r- c:\users\raylord\appdata\roaming\microsoft\installer\{1c7cc8e2-cfcf-41e6-a863-7c7a45ce8a78}\IconF7A21AF7.exe
2012-01-12 21:03:16 110080 ----a-r- c:\users\raylord\appdata\roaming\microsoft\installer\{1c7cc8e2-cfcf-41e6-a863-7c7a45ce8a78}\IconD7F16134.exe
2012-01-12 21:03:16 110080 ----a-r- c:\users\raylord\appdata\roaming\microsoft\installer\{1c7cc8e2-cfcf-41e6-a863-7c7a45ce8a78}\IconCF33A0CE.exe
2012-01-12 21:03:15 -------- d-----w- C:\sh4ldr
2012-01-12 21:03:15 -------- d-----w- c:\program files\Enigma Software Group
2012-01-12 21:01:48 -------- d-----w- c:\windows\1C7CC8E2CFCF41E6A8637C7A45CE8A78.TMP
2012-01-12 18:39:57 -------- d-----w- c:\users\raylord\appdata\local\Nokia
2012-01-12 18:38:58 -------- d-----w- c:\programdata\Nokia
2012-01-12 18:38:58 -------- d-----w- c:\program files\common files\Nokia
2012-01-12 18:38:24 18816 ----a-w- c:\windows\system32\drivers\pccsmcfd.sys
2012-01-12 18:38:13 -------- d-----w- c:\program files\PC Connectivity Solution
2012-01-12 18:37:48 75264 ----a-w- c:\windows\system32\nmwcdcls.dll
2012-01-12 18:37:03 -------- d-----w- c:\programdata\NokiaInstallerCache
2012-01-12 18:37:03 -------- d-----w- c:\program files\Nokia
2012-01-11 13:34:29 1288472 ----a-w- c:\windows\system32\ntdll.dll
2012-01-11 13:31:41 67072 ----a-w- c:\windows\system32\packager.dll
2012-01-11 13:31:38 514560 ----a-w- c:\windows\system32\qdvd.dll
2012-01-11 13:31:38 1328128 ----a-w- c:\windows\system32\quartz.dll
2012-01-09 11:42:34 -------- d-----w- c:\program files\THQ
2012-01-08 12:42:19 -------- d-----w- c:\program files\Skin Pack
2012-01-08 12:06:48 -------- d-----w- c:\program files\Charles
2012-01-08 12:00:12 -------- d-----w- c:\users\raylord\appdata\roaming\OpenCandy
2012-01-08 12:00:12 -------- d-----w- c:\program files\Cheat Engine 6.1
2012-01-04 01:24:13 -------- d-----w- c:\program files\Brawl Busters
2012-01-04 01:24:11 1974616 ----a-w- c:\windows\system32\D3DCompiler_42.dll
2012-01-04 01:24:07 1892184 ----a-w- c:\windows\system32\D3DX9_42.dll
2012-01-02 16:56:30 -------- d-----w- c:\program files\Loonies
2012-01-02 16:47:38 -------- d-----w- c:\users\raylord\appdata\roaming\IObit
2012-01-02 16:47:33 25944 ----a-w- c:\windows\system32\SmartDefragBootTime.exe
2012-01-02 16:47:33 15672 ----a-w- c:\windows\system32\drivers\SmartDefragDriver.sys
2012-01-02 16:46:01 -------- d-----w- c:\programdata\IObit
2012-01-02 16:46:01 -------- d-----w- c:\program files\IObit
2012-01-02 13:23:16 281656 ----a-w- c:\windows\system32\PnkBstrB.xtr
2012-01-02 13:23:12 -------- d-----w- c:\users\raylord\appdata\local\PunkBuster
2012-01-02 13:21:52 -------- d-----w- c:\users\raylord\appdata\roaming\NVIDIA
2012-01-02 13:09:23 138056 ----a-w- c:\users\raylord\appdata\roaming\PnkBstrK.sys
2012-01-01 19:35:54 86405736 ----a-w- c:\users\raylord\APB_Reloaded_Installer.exe
2012-01-01 19:27:55 -------- d-----w- c:\users\raylord\appdata\local\GamersFirst LIVE!
2012-01-01 19:27:19 -------- d-----w- c:\program files\GamersFirst
2011-12-30 22:16:31 -------- d-----w- c:\users\raylord\appdata\local\PokerStars
2011-12-29 22:36:24 -------- d-----w- c:\program files\Cliente OTPokémon
2011-12-29 05:51:45 2560616 ----a-w- c:\windows\system32\nvsvcr.dll
2011-12-29 05:51:42 543336 ----a-w- c:\windows\system32\easyupdatusapiu.dll
2011-12-26 01:18:41 -------- d-----w- C:\Riot Games
2011-12-25 17:40:08 -------- d-----w- c:\program files\iPod
2011-12-25 17:37:37 -------- d-----w- c:\program files\Bonjour
2011-12-25 17:34:39 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin7.dll
2011-12-25 17:34:39 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin6.dll
2011-12-25 17:34:39 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin5.dll
2011-12-25 17:34:39 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin4.dll
2011-12-25 17:34:39 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin3.dll
2011-12-25 17:34:39 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin2.dll
2011-12-25 17:34:39 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin.dll
2011-12-24 18:02:33 -------- d-----w- c:\program files\Yontoo
2011-12-24 18:02:31 -------- d-----w- c:\programdata\Tarma Installer
2011-12-24 00:43:03 230920 ----a-w- c:\windows\system32\EPWZCmnCtrl.dll
2011-12-24 00:43:03 -------- d-----w- c:\program files\WEBZEN
2011-12-24 00:42:29 -------- d-----w- c:\programdata\WEBZEN
2011-12-23 01:53:14 -------- d-----w- c:\program files\MyProduct
2011-12-19 14:29:01 -------- d-----w- c:\users\raylord\appdata\local\Apple
2011-12-18 12:53:48 -------- d-----w- c:\windows\pt-br
2011-12-18 12:48:28 18328 ----a-w- c:\programdata\microsoft\identitycrl\production\ppcrlconfig600.dll
2011-12-18 03:28:20 -------- d-----w- c:\users\raylord\riotsGamesLogs
2011-12-18 03:25:57 -------- d-----w- c:\users\raylord\appdata\roaming\LolClient
2011-12-16 23:24:41 -------- d-----w- c:\programdata\Messenger Plus!
2011-12-16 23:24:40 -------- d-----w- c:\program files\Yuna Software
2011-12-15 22:02:40 -------- d-----w- c:\users\raylord\appdata\local\PMB Files
2011-12-15 22:00:09 79256 ----a-w- c:\windows\system32\npOGPPlugin.dll
2011-12-15 22:00:08 271768 ----a-w- c:\windows\system32\OGPIEPlugin.ocx
2011-12-15 22:00:06 -------- d-----w- c:\program files\OGPlanet
.
==================== Find3M ====================
.
2012-01-12 20:03:25 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-01-08 12:41:43 2755072 ----a-w- c:\windows\system32\themeui.dll
2012-01-08 12:41:42 37376 ----a-w- c:\windows\system32\themeservice.dll
2012-01-08 12:41:41 249856 ----a-w- c:\windows\system32\uxtheme.dll
2012-01-02 18:55:40 141200 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2012-01-02 18:55:27 281656 ----a-w- c:\windows\system32\PnkBstrB.exe
2012-01-02 18:53:02 281200 ----a-w- c:\windows\system32\PnkBstrB.ex0
2012-01-02 13:08:58 75136 ----a-w- c:\windows\system32\PnkBstrA.exe
2011-12-07 22:14:50 94336 ----a-w- c:\windows\system32\drivers\IT9135BDA.sys
2011-12-07 22:14:50 114688 ----a-w- c:\windows\system32\IRMonitor.exe
2011-12-07 22:14:49 49152 ----a-w- c:\windows\system32\AF9100EX.dll
2011-12-07 22:14:49 126 ----a-w- c:\windows\system32\AF15IRTBL.bin
2011-11-24 04:25:27 2342912 ----a-w- c:\windows\system32\win32k.sys
2011-11-05 04:26:03 2048 ----a-w- c:\windows\system32\tzres.dll
2011-11-03 22:47:42 1798144 ----a-w- c:\windows\system32\jscript9.dll
2011-11-03 22:40:21 1427456 ----a-w- c:\windows\system32\inetcpl.cpl
2011-11-03 22:39:47 1127424 ----a-w- c:\windows\system32\wininet.dll
2011-11-03 22:31:57 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2011-11-01 10:07:26 8192 ----a-w- c:\windows\system32\drivers\usbser_lowerfltj.sys
2011-11-01 10:07:26 8192 ----a-w- c:\windows\system32\drivers\usbser_lowerflt.sys
2011-11-01 10:07:26 18176 ----a-w- c:\windows\system32\drivers\ccdcmb.sys
2011-11-01 10:07:24 8576 ----a-w- c:\windows\system32\drivers\nmwcdnsuc.sys
2011-11-01 10:07:24 605696 ----a-w- c:\windows\system32\nmwcdcocls.dll
2011-11-01 10:07:24 23168 ----a-w- c:\windows\system32\drivers\ccdcmbo.sys
2011-11-01 10:07:24 137600 ----a-w- c:\windows\system32\drivers\nmwcdnsu.sys
2011-11-01 10:07:24 123904 ----a-w- c:\windows\system32\ccdcmbwu.dll
2011-10-26 04:47:40 3967856 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-10-26 04:47:40 3912560 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-10-26 04:28:12 38912 ----a-w- c:\windows\system32\csrsrv.dll
2011-10-24 14:29:02 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2011-10-24 14:29:02 69632 ----a-w- c:\windows\system32\QuickTime.qts
.
============= FINISH: 8:08:23,55 ===============

BC AdBot (Login to Remove)

 


#2 Rayzior

Rayzior
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:09:55 PM

Posted 13 January 2012 - 03:42 AM

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-01-13 08:38:46
Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 WDC_WD3200AACS-00M6B0 rev.01.00A01
Running: gmer.exe; Driver: C:\Users\Raylord\AppData\Local\Temp\ugtyikod.sys


---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwSaveKey + 13D1 8308C369 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 830C5D52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
? C:\Windows\system32\DRIVERS\dtsoftbus01.sys suspicious PE modification
.text C:\Program Files\CyberLink\PowerDVD9\000.fcl section is writeable [0xA52E1000, 0x2892, 0xE8000020]
.vmp2 C:\Program Files\CyberLink\PowerDVD9\000.fcl entry point in ".vmp2" section [0xA5304050]
? C:\Users\Raylord\AppData\Local\Temp\mbr.sys O sistema não conseguiu localizar o ficheiro especificado. !

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Mozilla Firefox 4.0 Beta 8\firefox.exe[1096] ntdll.dll!NtProtectVirtualMemory 77595F18 5 Bytes JMP 01B0000A
.text C:\Program Files\Mozilla Firefox 4.0 Beta 8\firefox.exe[1096] ntdll.dll!NtWriteVirtualMemory 77596A98 5 Bytes JMP 01C1000A
.text C:\Program Files\Mozilla Firefox 4.0 Beta 8\firefox.exe[1096] ntdll.dll!KiUserExceptionDispatcher 77596FE8 5 Bytes JMP 008C000A
.text C:\Windows\system32\svchost.exe[1216] ntdll.dll!NtProtectVirtualMemory 77595F18 5 Bytes JMP 00A9000A
.text C:\Windows\system32\svchost.exe[1216] ntdll.dll!NtWriteVirtualMemory 77596A98 5 Bytes JMP 00AA000A
.text C:\Windows\system32\svchost.exe[1216] ntdll.dll!KiUserExceptionDispatcher 77596FE8 5 Bytes JMP 0096000A
.text C:\Program Files\Mozilla Firefox 4.0 Beta 8\plugin-container.exe[2488] USER32.dll!SetWindowLongA 77218BA3 5 Bytes JMP 5D703A89 C:\Program Files\Mozilla Firefox 4.0 Beta 8\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox 4.0 Beta 8\plugin-container.exe[2488] USER32.dll!SetWindowLongW 77224449 5 Bytes JMP 5D703A1B C:\Program Files\Mozilla Firefox 4.0 Beta 8\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox 4.0 Beta 8\plugin-container.exe[2488] USER32.dll!GetWindowInfo 77224B5E 5 Bytes JMP 5D4AC909 C:\Program Files\Mozilla Firefox 4.0 Beta 8\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox 4.0 Beta 8\plugin-container.exe[2488] USER32.dll!TrackPopupMenu 77232228 5 Bytes JMP 5D4ACEBD C:\Program Files\Mozilla Firefox 4.0 Beta 8\xul.dll (Mozilla Foundation)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3848] kernel32.dll!LockResource 76ED02D9 5 Bytes JMP 280A7AF0 C:\Program Files\Yuna Software\Messenger Plus!\MsgPlusLive.dll (Messenger Plus! 5 Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3848] kernel32.dll!FindResourceExW 76ED43B2 5 Bytes JMP 280A7830 C:\Program Files\Yuna Software\Messenger Plus!\MsgPlusLive.dll (Messenger Plus! 5 Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3848] kernel32.dll!FindResourceW 76ED54CF 5 Bytes JMP 280A77B0 C:\Program Files\Yuna Software\Messenger Plus!\MsgPlusLive.dll (Messenger Plus! 5 Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3848] kernel32.dll!SizeofResource 76ED54ED 5 Bytes JMP 280A7A80 C:\Program Files\Yuna Software\Messenger Plus!\MsgPlusLive.dll (Messenger Plus! 5 Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3848] kernel32.dll!LoadResource 76ED9C72 5 Bytes JMP 280A79D0 C:\Program Files\Yuna Software\Messenger Plus!\MsgPlusLive.dll (Messenger Plus! 5 Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3848] kernel32.dll!FindResourceExA 76EDA3AD 7 Bytes JMP 280A7940 C:\Program Files\Yuna Software\Messenger Plus!\MsgPlusLive.dll (Messenger Plus! 5 Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3848] kernel32.dll!FindResourceA 76EDA475 5 Bytes JMP 280A78B0 C:\Program Files\Yuna Software\Messenger Plus!\MsgPlusLive.dll (Messenger Plus! 5 Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3848] kernel32.dll!CreateEventW 76EDD7BC 5 Bytes JMP 280A7390 C:\Program Files\Yuna Software\Messenger Plus!\MsgPlusLive.dll (Messenger Plus! 5 Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3848] ADVAPI32.dll!CryptDecrypt 76B13178 5 Bytes JMP 280A6B50 C:\Program Files\Yuna Software\Messenger Plus!\MsgPlusLive.dll (Messenger Plus! 5 Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3848] ADVAPI32.dll!CryptDeriveKey 76B13188 5 Bytes JMP 280A6AF0 C:\Program Files\Yuna Software\Messenger Plus!\MsgPlusLive.dll (Messenger Plus! 5 Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3848] USER32.dll!SetWindowPlacement 77217F78 5 Bytes JMP 280AD520 C:\Program Files\Yuna Software\Messenger Plus!\MsgPlusLive.dll (Messenger Plus! 5 Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3848] USER32.dll!SetWindowRgn 772199EC 7 Bytes JMP 280AD5C0 C:\Program Files\Yuna Software\Messenger Plus!\MsgPlusLive.dll (Messenger Plus! 5 Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3848] USER32.dll!CreateWindowExW 7721EC7C 5 Bytes JMP 280A93D0 C:\Program Files\Yuna Software\Messenger Plus!\MsgPlusLive.dll (Messenger Plus! 5 Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3848] USER32.dll!LoadIconW 7721F142 5 Bytes JMP 280ADE40 C:\Program Files\Yuna Software\Messenger Plus!\MsgPlusLive.dll (Messenger Plus! 5 Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3848] USER32.dll!LoadImageW 772212EB 5 Bytes JMP 280ADCC0 C:\Program Files\Yuna Software\Messenger Plus!\MsgPlusLive.dll (Messenger Plus! 5 Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3848] USER32.dll!GetWindowLongW 772261B8 7 Bytes JMP 280ADF70 C:\Program Files\Yuna Software\Messenger Plus!\MsgPlusLive.dll (Messenger Plus! 5 Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3848] USER32.dll!PeekMessageW 7722634A 5 Bytes JMP 280AA150 C:\Program Files\Yuna Software\Messenger Plus!\MsgPlusLive.dll (Messenger Plus! 5 Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3848] USER32.dll!TrackPopupMenuEx 77244832 5 Bytes JMP 280AA870 C:\Program Files\Yuna Software\Messenger Plus!\MsgPlusLive.dll (Messenger Plus! 5 Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3848] USER32.dll!CreateDialogParamW 77245630 5 Bytes JMP 280AD670 C:\Program Files\Yuna Software\Messenger Plus!\MsgPlusLive.dll (Messenger Plus! 5 Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3848] USER32.dll!MessageBoxIndirectW 7726E963 5 Bytes JMP 280AD8A0 C:\Program Files\Yuna Software\Messenger Plus!\MsgPlusLive.dll (Messenger Plus! 5 Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3848] SHELL32.dll!Shell_NotifyIconW 75C501A9 5 Bytes JMP 280A87C0 C:\Program Files\Yuna Software\Messenger Plus!\MsgPlusLive.dll (Messenger Plus! 5 Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3848] ole32.dll!CoRegisterClassObject 768C21E1 5 Bytes JMP 280A7E50 C:\Program Files\Yuna Software\Messenger Plus!\MsgPlusLive.dll (Messenger Plus! 5 Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3848] ole32.dll!CoInitializeEx 768F09AD 5 Bytes JMP 280A7D50 C:\Program Files\Yuna Software\Messenger Plus!\MsgPlusLive.dll (Messenger Plus! 5 Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3848] ole32.dll!CoCreateInstance 768F9D0B 5 Bytes JMP 280A80D0 C:\Program Files\Yuna Software\Messenger Plus!\MsgPlusLive.dll (Messenger Plus! 5 Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3848] WININET.dll!InternetCloseHandle 76D7B7C4 5 Bytes JMP 280B4600 C:\Program Files\Yuna Software\Messenger Plus!\MsgPlusLive.dll (Messenger Plus! 5 Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3848] WININET.dll!InternetReadFile 76D7EA3A 5 Bytes JMP 280B44C0 C:\Program Files\Yuna Software\Messenger Plus!\MsgPlusLive.dll (Messenger Plus! 5 Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3848] WININET.dll!HttpOpenRequestA 76DA5639 5 Bytes JMP 280B4360 C:\Program Files\Yuna Software\Messenger Plus!\MsgPlusLive.dll (Messenger Plus! 5 Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3848] WININET.dll!HttpSendRequestA 76DD5860 5 Bytes JMP 280B4560 C:\Program Files\Yuna Software\Messenger Plus!\MsgPlusLive.dll (Messenger Plus! 5 Add-On/Yuna Software)

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume5 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume6 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

Device \Driver\ACPI_HAL \Device\00000085 halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

---- Modules - GMER 1.0.15 ----

Module (noname) (*** hidden *** ) 90BDA000-90BEE000 (81920 bytes)

How can i remove this?

#3 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:55 PM

Posted 16 January 2012 - 12:59 AM

Hello and Welcome to the forums!

My name is Gringo and I'll be glad to help you with your computer problems.

Somethings to remember while we are working together.

  • Do not run any other tool untill instructed to do so!
  • please Do not Attach logs or put in code boxes.
  • Tell me about any problems that have occurred during the fix.
  • Tell me of any other symptoms you may be having as these can help also.
  • Do not run anything while running a fix.
  • Do not run any other tool untill instructed to do so!


Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:55 PM

Posted 19 January 2012 - 01:26 AM

Hello

48 Hour bump

It has been more than 48 hours since my last post.

  • do you still need help with this?
  • do you need more time?
  • are you having problems following my instructions?
  • if after 48hrs you have not replied to this thread then it will have to be closed!

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:55 PM

Posted 22 January 2012 - 01:44 AM

Due to the lack of feedback, this topic is now closed.In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users