Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Systemcheck, Sirefef and others


  • This topic is locked This topic is locked
8 replies to this topic

#1 Mkrede

Mkrede

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:10:22 PM

Posted 21 March 2012 - 04:25 AM

Got a whack of malware on my computer over the course of a few days. The likely cause was an outdated Java platform which I have since uninstalled. It started with a sirefef.ac, which MSE detected and dealt with. Later got messages about 0Access, Alueron, and most recently Systemcheck. Was able to run Malwarebytes, superantispyware, tdsskiller, and MSE. All of them come up clean now (they did some cleaning) but Windows firewall doesn't work and icons that did not used to have little UAC shields now do. Windows defender also won't run (is this because of MSE?). Some shortcuts have to be repointed to their .exe's but so far this has been rare. Haven't found any infections for a day or so but I want to make sure I get this machine totally clean or at least know that it's safe to back up some of the data that's on a seperate partition before I have to do a clean install of windows.

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.7601.17514
Run by Mitch at 4:03:10 on 2012-03-21
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.2.1033.18.3070.1651 [GMT -5:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
P:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
p:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
P:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
P:\Program Files\Fingerprint Reader Suite\upeksvr.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\aestsrv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
P:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\PROGRA~1\mcafee\SITEAD~1\mcsacore.exe
C:\Windows\system32\rundll32.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Windows\system32\STacSV.exe
C:\Windows\system32\svchost.exe -k imgsvc
P:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
p:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
P:\Program Files\Synaptics\SynTP\SynTPEnh.exe
P:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
P:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\OEM04Mon.exe
P:\Program Files\Fingerprint Reader Suite\psqltray.exe
P:\Program Files\Microsoft Security Client\msseces.exe
P:\Program Files\iTunes\iTunesHelper.exe
P:\Program Files\Windows Sidebar\sidebar.exe
P:\Program Files\Vista Battery Saver\VistaBatterySaver.exe
C:\Program Files\Common Files\Apple\Internet Services\ubd.exe
C:\Program Files\Common Files\Apple\Apple Application Support\distnoted.exe
C:\Windows\system32\conhost.exe
P:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
P:\Program Files\Dell\QuickSet\quickset.exe
C:\Windows\system32\wbem\wmiprvse.exe
P:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\SearchIndexer.exe
P:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
P:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\system32\vssvc.exe
P:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
p:\Program Files\Microsoft Security Client\Antimalware\MpCmdRun.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uSearch Page = hxxp://www.google.com
uStart Page = hxxp://ourbombers.com/
uSearch Bar = Preserve
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - p:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - p:\program files\java\jre6\bin\jp2ssv.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - p:\progra~1\mcafee\sitead~1\mcieplg.dll
uRun: [Sidebar] p:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [VistaBatterySaver] p:\program files\vista battery saver\VistaBatterySaver.exe
uRun: [MobileDocuments] c:\program files\common files\apple\internet services\ubd.exe
mRun: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
mRun: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\sttray.exe
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [PSQLLauncher] "p:\program files\fingerprint reader suite\launcher.exe" /startup
mRun: [OEM04Mon.exe] c:\windows\OEM04Mon.exe
mRun: [MSC] "p:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [QuickTime Task] "p:\program files\qt lite\QTTask.exe" -atboottime
mRun: [iTunesHelper] "p:\program files\itunes\iTunesHelper.exe"
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - p:\program files\widcomm\bluetooth software\BTTray.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\quickset.lnk - p:\program files\dell\quickset\quickset.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
mPolicies-system: DisableCAD = 1 (0x1)
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - p:\progra~1\micros~3\office12\REFIEBAR.DLL
LSP: mswsock.dll
TCP: DhcpNameServer = 142.161.2.155 142.161.130.155 192.168.1.1
TCP: Interfaces\{A68BEC63-F9C6-46E7-99DA-F18050FC40DD} : DhcpNameServer = 142.161.2.155 142.161.130.155 192.168.1.1
TCP: Interfaces\{A68BEC63-F9C6-46E7-99DA-F18050FC40DD}\05561627C69656 : DhcpNameServer = 142.161.130.154 142.161.2.154
TCP: Interfaces\{A68BEC63-F9C6-46E7-99DA-F18050FC40DD}\2416B6562797 : DhcpNameServer = 192.168.2.1 192.168.2.1
TCP: Interfaces\{A68BEC63-F9C6-46E7-99DA-F18050FC40DD}\84F6C696461694E6E60245F627F6E647F60295F627B64616C656 : DhcpNameServer = 4.2.2.1
TCP: Interfaces\{A68BEC63-F9C6-46E7-99DA-F18050FC40DD}\84F6C6964616970294E6E60245F627F6E647F60295F627B64616C656 : DhcpNameServer = 4.2.2.1
TCP: Interfaces\{A68BEC63-F9C6-46E7-99DA-F18050FC40DD}\A4B484F6D656 : DhcpNameServer = 64.59.176.13 64.59.176.15 64.59.177.226
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - p:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - p:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - p:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
Notify: !SASWinLogon - p:\program files\superantispyware\SASWINLO.dll
Notify: psfus - c:\windows\system32\psqlpwd.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - p:\program files\superantispyware\SASSEH.DLL
LSA: Notification Packages = scecli psqlpwd
.
============= SERVICES / DRIVERS ===============
.
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2009-12-2 165648]
R1 SASDIFSV;SASDIFSV;p:\program files\superantispyware\SASDIFSV.SYS [2010-1-5 12872]
R1 SASKUTIL;SASKUTIL;p:\program files\superantispyware\SASKUTIL.SYS [2010-1-5 66632]
R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2012-1-3 63928]
R2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\AEstSrv.exe [2010-1-29 73728]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~1\mcafee\sitead~1\mcsacore.exe [2010-1-29 93320]
R2 nvUpdatusService;NVIDIA Update Service Daemon;p:\program files\nvidia corporation\nvidia update core\daemonu.exe [2012-3-13 2348352]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;p:\program files\nvidia corporation\3d vision\nvSCPAPISvr.exe [2012-2-29 382272]
R2 TeamViewer7;TeamViewer 7;p:\program files\teamviewer\version7\TeamViewer_Service.exe [2012-2-23 2886528]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2010-2-9 325672]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2010-10-24 65024]
R3 NisSrv;Microsoft Network Inspection;p:\program files\microsoft security client\antimalware\NisSrv.exe [2011-4-27 208944]
R3 OEM04Vfx;Creative Camera OEM004 Video VFX Driver;c:\windows\system32\drivers\OEM04Vfx.sys [2007-3-5 7424]
R3 OEM04Vid;Creative Camera OEM004 Driver;c:\windows\system32\drivers\OEM04Vid.sys [2007-10-10 234720]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2010-1-30 14216]
S3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2010-1-30 8456]
S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\drivers\MpNWMon.sys [2009-12-2 43392]
S3 netw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\netw5v32.sys [2009-6-10 4231168]
S3 pbfilter;pbfilter;p:\program files\peerblock\pbfilter.sys [2010-1-30 20080]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2011-10-8 15872]
S3 SASENUM;SASENUM;p:\program files\superantispyware\SASENUM.SYS [2010-1-5 12872]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-10-8 52224]
.
=============== Created Last 30 ================
.
2012-03-21 05:58:24 56200 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{2d5ba135-0f5e-41bd-96fa-e8521a1bc8b0}\offreg.dll
2012-03-20 21:18:52 6552120 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{2d5ba135-0f5e-41bd-96fa-e8521a1bc8b0}\mpengine.dll
2012-03-19 01:02:06 -------- d-----w- c:\windows\Microsoft Antimalware
2012-03-18 20:20:34 -------- d-----w- p:\program files\GridinSoft Trojan Killer
2012-03-13 23:37:23 645440 ----a-w- c:\windows\system32\nvvsvc.exe
2012-03-13 23:37:23 62272 ----a-w- c:\windows\system32\nvshext.dll
2012-03-13 23:37:23 3881792 ----a-w- c:\windows\system32\nvcpl.dll
2012-03-13 23:37:23 2719040 ----a-w- c:\windows\system32\nvsvc.dll
2012-03-13 23:37:23 2561344 ----a-w- c:\windows\system32\nvsvcr.dll
2012-03-13 23:37:23 108352 ----a-w- c:\windows\system32\nvmctray.dll
2012-03-13 23:34:14 881984 ----a-w- c:\windows\system32\nvgenco32.dll
2012-03-13 23:34:14 7713088 ----a-w- c:\windows\system32\nvwgf2um.dll
2012-03-13 23:34:14 61248 ----a-w- c:\windows\system32\OpenCL.dll
2012-03-13 23:34:14 5892928 ----a-w- c:\windows\system32\nvcuda.dll
2012-03-13 23:34:14 2517312 ----a-w- c:\windows\system32\nvcuvid.dll
2012-03-13 23:34:14 2437440 ----a-w- c:\windows\system32\nvcuvenc.dll
2012-03-13 23:34:14 19444544 ----a-w- c:\windows\system32\nvoglv32.dll
2012-03-13 23:34:14 15009600 ----a-w- c:\windows\system32\nvd3dum.dll
2012-03-13 23:34:14 10819392 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2012-03-13 23:34:14 1000256 ----a-w- c:\windows\system32\nvdispco32.dll
2012-03-13 23:34:13 2301248 ----a-w- c:\windows\system32\nvapi.dll
2012-03-13 23:34:13 17543488 ----a-w- c:\windows\system32\nvcompiler.dll
2012-03-13 23:32:25 -------- d-----w- p:\program files\NVIDIA
2012-03-13 23:27:50 3968368 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-03-13 23:27:49 3913584 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-03-13 23:25:37 2343424 ----a-w- c:\windows\system32\win32k.sys
2012-03-13 23:25:37 1077248 ----a-w- c:\windows\system32\DWrite.dll
2012-03-13 23:25:31 8192 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-03-13 23:25:31 129536 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-03-13 23:25:30 58880 ----a-w- c:\windows\system32\rdpwsx.dll
2012-03-13 23:25:29 919040 ----a-w- c:\windows\system32\rdpcorets.dll
2012-03-13 23:25:29 826880 ----a-w- c:\windows\system32\rdpcore.dll
2012-03-13 23:25:29 24576 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-03-13 23:25:29 183808 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-03-12 03:47:21 -------- d-----w- p:\program files\iPod
2012-03-12 03:47:19 -------- d-----w- p:\program files\iTunes
2012-03-05 06:49:45 -------- d-----w- C:\TDSSKiller_Quarantine
2012-03-05 06:16:05 -------- d-----w- c:\programdata\HitmanPro
2012-03-05 06:15:45 -------- d-----w- c:\programdata\Hitman Pro
2012-03-05 04:57:33 -------- d-----w- c:\users\mitch\appdata\roaming\Malwarebytes
2012-03-05 04:57:15 -------- d-----w- c:\programdata\Malwarebytes
2012-03-05 04:57:14 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-05 04:57:14 -------- d-----w- p:\program files\Malwarebytes' Anti-Malware
2012-03-04 23:37:32 0 --sha-w- c:\windows\system32\dds_trash_log.cmd
2012-03-04 23:30:25 -------- d-----w- c:\users\mitch\appdata\roaming\Foxit Software
2012-03-04 21:10:09 -------- d-----w- C:\Python27
2012-03-04 21:00:53 -------- d-----w- c:\users\mitch\appdata\roaming\calibre
2012-03-04 21:00:14 -------- d-----w- p:\program files\Calibre2
2012-03-04 19:59:16 -------- d-----w- c:\users\mitch\appdata\roaming\Pdfsvg
2012-03-04 19:58:45 -------- d-----w- p:\program files\ebookconverter
2012-03-04 19:49:18 -------- d-----w- c:\users\mitch\appdata\local\Amazon
2012-03-04 19:49:11 -------- d-----w- p:\program files\Amazon
2012-02-29 18:26:56 416064 ----a-w- c:\windows\system32\nvStreaming.exe
.
==================== Find3M ====================
.
2012-03-05 06:50:41 78336 ----a-w- c:\windows\system32\drivers\dfsc.sys
2012-02-25 19:07:47 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-02-15 16:01:50 4547944 ----a-w- c:\windows\system32\usbaaplrc.dll
2012-02-15 16:01:50 43520 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2012-01-31 12:44:05 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-01-04 08:58:41 442880 ----a-w- c:\windows\system32\ntshrui.dll
2011-12-30 05:27:56 478720 ----a-w- c:\windows\system32\timedate.cpl
.
============= FINISH: 4:03:55.59 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 40,532 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:22 PM

Posted 24 March 2012 - 08:48 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.
===

Please download ComboFix from any of the links below, and save it to your desktop. For information regarding this download, please visit this web page: http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Link 1
Link 2


* IMPORTANT !!! Save ComboFix.exe to your Desktop

IMPORTANT....

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Do not install any other programs until this if fixed.


How to : Disable Anti-virus and Firewall...
http://www.bleepingcomputer.com/forums/topic114351.html

Double click on ComboFix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt
Note:
Do not mouse click ComboFix's window while it's running. That may cause it to stall


Note: If you have difficulty properly disabling your protective programs, refer to this link --> http://www.bleepingcomputer.com/forums/topic114351.html
===

Third party programs if not up to date can be the cause infiltration of an infection.

Please run this security check for my review.

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
===

Note: If after running ComboFix you get this error message "Illegal operation attempted on a registry key that has been marked for deletion." when attempting to run a program all you need to do is restart the computer to reset the registry.

Please post the logs for my review.

#3 Mkrede

Mkrede
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:10:22 PM

Posted 24 March 2012 - 05:36 PM

Hi Nasdaq, thanks for your help!

When running combofix, windows did report one error in a process "PEV3x.exe" (or something very similar) but combofix just kept going.

Here are the logs:

ComboFix 12-03-22.01 - Mitch 24/03/2012 15:30:07.1.2 - x86
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.2.1033.18.3070.2198 [GMT -5:00]
Running from: c:\users\Mitch\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Roaming
c:\programdata\Roaming\Intel\Wireless\Settings\Settings.ini
c:\users\Mitch\AppData\Roaming\inst.exe
c:\users\Mitch\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Check
c:\users\Mitch\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Check\System Check.lnk
c:\users\Mitch\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Check\Uninstall System Check.lnk
c:\users\Mitch\AppData\Roaming\vso_ts_preview.xml
c:\users\Mitch\GoToAssistDownloadHelper.exe
c:\windows\$NtUninstallKB29995$
c:\windows\$NtUninstallKB29995$\2760796102
c:\windows\$NtUninstallKB29995$\3476339231\@
c:\windows\$NtUninstallKB29995$\3476339231\cfg.ini
c:\windows\$NtUninstallKB29995$\3476339231\Desktop.ini
c:\windows\$NtUninstallKB29995$\3476339231\L\xadqgnnk
c:\windows\$NtUninstallKB29995$\3476339231\oemid
c:\windows\$NtUninstallKB29995$\3476339231\U\00000001.@
c:\windows\$NtUninstallKB29995$\3476339231\U\00000002.@
c:\windows\$NtUninstallKB29995$\3476339231\U\00000004.@
c:\windows\$NtUninstallKB29995$\3476339231\U\80000000.@
c:\windows\$NtUninstallKB29995$\3476339231\U\80000004.@
c:\windows\$NtUninstallKB29995$\3476339231\U\80000032.@
c:\windows\$NtUninstallKB29995$\3476339231\version
c:\windows\system32\dds_trash_log.cmd
.
.
((((((((((((((((((((((((( Files Created from 2012-02-24 to 2012-03-24 )))))))))))))))))))))))))))))))
.
.
2012-03-24 19:46 . 2012-03-14 02:15 6582328 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{DA647E74-4FCF-42E0-84A1-3101A1A8D339}\mpengine.dll
2012-03-22 17:20 . 2012-03-22 17:20 592824 ----a-w- p:\program files\Mozilla Firefox\gkmedias.dll
2012-03-22 17:20 . 2012-03-22 17:20 44472 ----a-w- p:\program files\Mozilla Firefox\mozglue.dll
2012-03-21 17:54 . 2012-03-21 17:54 -------- d-----w- c:\program files\Common Files\Java
2012-03-21 17:54 . 2012-03-21 17:54 476904 ----a-w- p:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
2012-03-19 18:28 . 2012-03-19 18:28 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help
2012-03-19 01:02 . 2012-03-19 01:02 -------- d-----w- c:\windows\Microsoft Antimalware
2012-03-18 20:20 . 2012-03-19 16:29 -------- d-----w- p:\program files\GridinSoft Trojan Killer
2012-03-13 23:37 . 2012-03-13 23:37 -------- d-----w- c:\users\UpdatusUser
2012-03-13 23:37 . 2012-02-29 20:56 3881792 ----a-w- c:\windows\system32\nvcpl.dll
2012-03-13 23:37 . 2012-02-29 20:55 2719040 ----a-w- c:\windows\system32\nvsvc.dll
2012-03-13 23:37 . 2012-02-29 20:53 108352 ----a-w- c:\windows\system32\nvmctray.dll
2012-03-13 23:37 . 2012-02-29 20:53 645440 ----a-w- c:\windows\system32\nvvsvc.exe
2012-03-13 23:37 . 2012-02-29 20:53 62272 ----a-w- c:\windows\system32\nvshext.dll
2012-03-13 23:37 . 2012-02-29 20:53 2561344 ----a-w- c:\windows\system32\nvsvcr.dll
2012-03-13 23:34 . 2012-02-29 23:59 881984 ----a-w- c:\windows\system32\nvgenco32.dll
2012-03-13 23:34 . 2012-02-29 23:59 7713088 ----a-w- c:\windows\system32\nvwgf2um.dll
2012-03-13 23:34 . 2012-02-29 23:59 61248 ----a-w- c:\windows\system32\OpenCL.dll
2012-03-13 23:34 . 2012-02-29 23:59 5892928 ----a-w- c:\windows\system32\nvcuda.dll
2012-03-13 23:34 . 2012-02-29 23:59 2517312 ----a-w- c:\windows\system32\nvcuvid.dll
2012-03-13 23:34 . 2012-02-29 23:59 2437440 ----a-w- c:\windows\system32\nvcuvenc.dll
2012-03-13 23:34 . 2012-02-29 23:59 19444544 ----a-w- c:\windows\system32\nvoglv32.dll
2012-03-13 23:34 . 2012-02-29 23:59 15009600 ----a-w- c:\windows\system32\nvd3dum.dll
2012-03-13 23:34 . 2012-02-29 23:59 10819392 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2012-03-13 23:34 . 2012-02-29 23:59 1000256 ----a-w- c:\windows\system32\nvdispco32.dll
2012-03-13 23:34 . 2012-02-29 23:59 2301248 ----a-w- c:\windows\system32\nvapi.dll
2012-03-13 23:34 . 2012-02-29 23:59 17543488 ----a-w- c:\windows\system32\nvcompiler.dll
2012-03-13 23:32 . 2012-03-13 23:32 -------- d-----w- p:\program files\NVIDIA
2012-03-13 23:27 . 2011-11-19 14:50 3968368 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-03-13 23:27 . 2011-11-19 14:50 3913584 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-03-13 23:25 . 2012-02-10 05:38 1077248 ----a-w- c:\windows\system32\DWrite.dll
2012-03-13 23:25 . 2012-02-03 03:54 2343424 ----a-w- c:\windows\system32\win32k.sys
2012-03-13 23:25 . 2012-01-25 05:32 129536 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-03-13 23:25 . 2012-01-25 05:27 8192 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-03-13 23:25 . 2012-01-25 05:32 58880 ----a-w- c:\windows\system32\rdpwsx.dll
2012-03-13 23:25 . 2012-02-17 05:34 919040 ----a-w- c:\windows\system32\rdpcorets.dll
2012-03-13 23:25 . 2012-02-17 05:34 826880 ----a-w- c:\windows\system32\rdpcore.dll
2012-03-13 23:25 . 2012-02-17 04:14 183808 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-03-13 23:25 . 2012-02-17 04:13 24576 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-03-12 03:47 . 2012-03-12 03:47 -------- d-----w- p:\program files\iPod
2012-03-12 03:47 . 2012-03-12 03:47 -------- d-----w- p:\program files\iTunes
2012-03-05 06:49 . 2012-03-05 06:57 -------- d-----w- C:\TDSSKiller_Quarantine
2012-03-05 06:16 . 2012-03-05 06:21 -------- d-----w- c:\programdata\HitmanPro
2012-03-05 06:15 . 2012-03-05 06:15 -------- d-----w- c:\programdata\Hitman Pro
2012-03-05 04:57 . 2012-03-05 04:57 -------- d-----w- c:\users\Mitch\AppData\Roaming\Malwarebytes
2012-03-05 04:57 . 2012-03-05 04:57 -------- d-----w- c:\programdata\Malwarebytes
2012-03-05 04:57 . 2012-03-05 04:57 -------- d-----w- p:\program files\Malwarebytes' Anti-Malware
2012-03-05 04:57 . 2011-12-10 21:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-04 23:30 . 2012-03-04 23:30 -------- d-----w- c:\users\Mitch\AppData\Roaming\Foxit Software
2012-03-04 21:10 . 2012-03-04 21:10 -------- d-----w- C:\Python27
2012-03-04 21:00 . 2012-03-04 22:45 -------- d-----w- c:\users\Mitch\AppData\Roaming\calibre
2012-03-04 21:00 . 2012-03-04 21:00 -------- d-----w- p:\program files\Calibre2
2012-03-04 19:59 . 2012-03-04 19:59 -------- d-----w- c:\users\Mitch\AppData\Roaming\Pdfsvg
2012-03-04 19:58 . 2012-03-04 19:58 -------- d-----w- p:\program files\ebookconverter
2012-03-04 19:49 . 2012-03-04 19:49 -------- d-----w- c:\users\Mitch\AppData\Local\Amazon
2012-03-04 19:49 . 2012-03-04 19:49 -------- d-----w- p:\program files\Amazon
2012-02-29 18:26 . 2012-02-29 18:26 416064 ----a-w- c:\windows\system32\nvStreaming.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-21 17:54 . 2010-09-01 21:19 472808 ----a-w- c:\windows\system32\deployJava1.dll
2012-03-14 02:15 . 2010-01-30 19:30 6582328 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-03-05 06:50 . 2011-10-08 20:37 78336 ----a-w- c:\windows\system32\drivers\dfsc.sys
2012-02-25 19:07 . 2011-05-19 21:34 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-02-15 16:01 . 2012-02-15 16:01 4547944 ----a-w- c:\windows\system32\usbaaplrc.dll
2012-02-15 16:01 . 2012-02-15 16:01 43520 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2012-02-11 22:01 . 2012-02-11 22:02 713784 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{EFAAC107-3EAD-4948-A42C-A84318BF4007}\gapaengine.dll
2012-01-31 12:44 . 2010-01-29 08:10 237072 ------w- c:\windows\system32\MpSigStub.exe
2006-06-16 01:33 . 2010-10-14 20:25 233472 ----a-w- p:\program files\mozilla firefox\plugins\CrazyTalk4Native.dll
2006-05-25 23:43 . 2010-10-14 20:25 204895 ----a-w- p:\program files\mozilla firefox\plugins\ctdomemhelper.dll
2005-09-29 19:41 . 2010-10-14 20:25 77824 ----a-w- p:\program files\mozilla firefox\plugins\ctframeplayerobject.dll
2006-06-19 18:10 . 2010-10-14 20:25 426081 ----a-w- p:\program files\mozilla firefox\plugins\ctplayerobject.dll
2005-02-02 17:19 . 2010-10-14 20:25 458752 ----a-w- p:\program files\mozilla firefox\plugins\imagickrt.dll
2006-04-10 23:35 . 2010-10-14 20:25 139264 ----a-w- p:\program files\mozilla firefox\plugins\rlcontentclass.dll
2005-11-09 16:10 . 2010-10-14 20:25 204800 ----a-w- p:\program files\mozilla firefox\plugins\RLMusicPacker.dll
2005-11-09 16:42 . 2010-10-14 20:25 106496 ----a-w- p:\program files\mozilla firefox\plugins\RLMusicUnpacker.dll
2006-01-04 16:22 . 2010-10-14 20:25 212992 ----a-w- p:\program files\mozilla firefox\plugins\RLVoicePacker.dll
2006-01-04 16:21 . 2010-10-14 20:25 167936 ----a-w- p:\program files\mozilla firefox\plugins\RLVoiceUnpacker.dll
2012-03-22 17:20 . 2011-05-09 01:25 97208 ----a-w- p:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17 94208 ----a-w- c:\users\Mitch\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17 94208 ----a-w- c:\users\Mitch\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17 94208 ----a-w- c:\users\Mitch\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17 94208 ----a-w- c:\users\Mitch\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlay]
@="{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}"
[HKEY_CLASSES_ROOT\CLSID\{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}]
2007-04-17 05:13 721408 ----a-w- p:\program files\Fingerprint Reader Suite\farchns.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlayOpen]
@="{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}"
[HKEY_CLASSES_ROOT\CLSID\{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}]
2007-04-17 05:13 721408 ----a-w- p:\program files\Fingerprint Reader Suite\farchns.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="p:\program files\Windows Sidebar\sidebar.exe" [2011-10-08 1174016]
"VistaBatterySaver"="p:\program files\Vista Battery Saver\VistaBatterySaver.exe" [2008-08-23 481280]
"MobileDocuments"="c:\program files\Common Files\Apple\Internet Services\ubd.exe" [2012-02-23 59240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="p:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-08-28 1557800]
"SigmatelSysTrayApp"="p:\program files\SigmaTel\C-Major Audio\WDM\sttray.exe" [2007-09-13 405504]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2007-04-25 174872]
"PSQLLauncher"="p:\program files\Fingerprint Reader Suite\launcher.exe" [2007-04-17 49168]
"OEM04Mon.exe"="c:\windows\OEM04Mon.exe" [2007-06-10 36864]
"MSC"="p:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"QuickTime Task"="p:\program files\QT Lite\QTTask.exe" [2011-10-24 421888]
"iTunesHelper"="p:\program files\iTunes\iTunesHelper.exe" [2012-03-07 421736]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - p:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2010-1-30 703280]
QuickSet.lnk - p:\program files\Dell\QuickSet\quickset.exe [2008-2-22 1193240]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"DisableCAD"= 1 (0x1)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "p:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 20:21 548352 ----a-w- p:\program files\SUPERAntiSpyware\SASWINLO.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
2007-04-17 05:04 86528 ----a-w- c:\windows\System32\psqlpwd.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli psqlpwd
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2009-08-26 14216]
R3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2009-09-16 8456]
R3 MEMSWEEP2;MEMSWEEP2;c:\windows\system32\511.tmp [x]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2011-04-18 43392]
R3 netw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2011-04-27 65024]
R3 NisSrv;Microsoft Network Inspection;p:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 208944]
R3 pbfilter;pbfilter;p:\program files\PeerBlock\pbfilter.sys [2010-11-07 20080]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 15872]
R3 SASENUM;SASENUM;p:\program files\SUPERAntiSpyware\SASENUM.SYS [2010-03-18 12872]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WinRing0_1_2_0;WinRing0_1_2_0;c:\users\Mitch\Desktop\Real Temp\WinRing0.sys [x]
S1 SASDIFSV;SASDIFSV;p:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-03-18 12872]
S1 SASKUTIL;SASKUTIL;p:\program files\SUPERAntiSpyware\SASKUTIL.sys [2010-03-18 66632]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\aestsrv.exe [2007-09-20 73728]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~1\mcafee\SITEAD~1\mcsacore.exe [2009-12-08 93320]
S2 nvUpdatusService;NVIDIA Update Service Daemon;p:\program files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-02-29 2348352]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;p:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-02-29 382272]
S2 TeamViewer7;TeamViewer 7;p:\program files\TeamViewer\Version7\TeamViewer_Service.exe [2012-02-23 2886528]
S3 OEM04Vfx;Creative Camera OEM004 Video VFX Driver;c:\windows\system32\DRIVERS\OEM04Vfx.sys [2007-03-05 7424]
S3 OEM04Vid;Creative Camera OEM004 Driver;c:\windows\system32\DRIVERS\OEM04Vid.sys [2007-10-10 234720]
S3 pcouffin;VSO Software pcouffin;c:\windows\system32\Drivers\pcouffin.sys [2010-02-04 47360]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
lxcf_device
b57w2k
procexp111
elaunidr
inorpc
spbbcsvc
tabletservice
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://ourbombers.com/
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
TCP: DhcpNameServer = 142.161.2.155 142.161.130.155 192.168.1.1
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
SafeBoot-28909098.sys
SafeBoot-48920059.sys
.
.
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'lsass.exe'(592)
c:\windows\system32\psqlpwd.DLL
p:\program files\Fingerprint Reader Suite\homefus2.dll
p:\program files\Fingerprint Reader Suite\infra.dll
.
Completion time: 2012-03-24 15:39:48
ComboFix-quarantined-files.txt 2012-03-24 20:39
.
Pre-Run: 3,876,814,848 bytes free
Post-Run: 4,068,167,680 bytes free
.
- - End Of File - - 036C737F2001EC8D58ADD1A886CE7000



Results of screen317's Security Check version 0.99.32
Windows 7 Service Pack 1 x86 (UAC is enabled)
Internet Explorer 8 Out of date!
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Enabled!
Microsoft Security Essentials
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:

SUPERAntiSpyware Free Edition
McAfee SiteAdvisor
CCleaner
Java™ 6 Update 31
Adobe Flash Player 11.1.102.62
Adobe Reader X (10.1.2)
Mozilla Firefox 10.0.2 Firefox out of Date!
````````````````````````````````
Process Check:
objlist.exe by Laurent

Windows Defender MSMpEng.exe
Microsoft Security Client Antimalware MsMpEng.exe
``````````End of Log````````````

#4 nasdaq

nasdaq

  • Malware Response Team
  • 40,532 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:22 PM

Posted 25 March 2012 - 07:57 AM

Looking good.

Any remaining issues.

#5 Mkrede

Mkrede
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:10:22 PM

Posted 25 March 2012 - 01:43 PM

Everything seems to working just fine. Thanks!

#6 nasdaq

nasdaq

  • Malware Response Team
  • 40,532 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:22 PM

Posted 26 March 2012 - 01:17 PM

Time for some housekeeping

The following will implement some cleanup procedures as well as reset System Restore points:

Click Start > Run and copy/paste the following bold text into the Run box and click OK:

ComboFix /Uninstall
===

Delete the other tools we used.

Surf Safely, and Think Prevention!
===

#7 Mkrede

Mkrede
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:10:22 PM

Posted 27 March 2012 - 12:15 PM

That's done. However, one problem I've noticed as of yesterday: I can no longer connect to one of my pop3/smtp servers via outlook. 2 of my accounts work fine but my main email account gives me the following error:

Task 'MTS - Receiving' reported error (0x80042108) : 'Outlook cannot connect to your incoming (POP3) e-mail server. If you continue to receive this message, contact your server administrator or Internet service provider (ISP).'

I haven't changed any of the settings and I checked that they are still correct. My pop server is pop3.live.com and stmp is smtp.live.com. I am still able to access the account via the web interface and my iPhone, so it's just outlook. Could this be related to something ComboFix did?

#8 nasdaq

nasdaq

  • Malware Response Team
  • 40,532 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:22 PM

Posted 27 March 2012 - 01:42 PM

Try some suggestions on this Microsoft article.
http://support.microsoft.com/kb/813514

#9 nasdaq

nasdaq

  • Malware Response Team
  • 40,532 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:22 PM

Posted 02 April 2012 - 10:06 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users