Jump to content

Malwarebytes

no idea how to resolve this

- - - - -
Started by funkycam, Jun 17 2012 07:40 PM


19 replies to this topic

#1
funkycam
Posted 17 June 2012 - 07:40 PM

    New Member

  • Members
  • Pip
  • 10 posts
found something called czw1tgmahe.exe

first noticed because of audio adverts running in the back ground.
it is listed on virscan :
http://f.virscan.org...tgmahe.exe.html
cannot remove it even though I am admin.

malawarebytes freezes everytime it tries to scan the folder where czw1tgmahe is located (C:\Users\myname).
combo fix won't install.
tend micro host is missing so windows security won'tr load.
task manager won't load (says pcwum is missing but it's there)
for a while the computer said it was not an authorized windows machine, but it is.
Usb ports stopped working.

rkill wouldn't load, then when i tried the variants it didn't stop anything running.

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421
Run by Cam at 17:05:21 on 2012-06-17
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.3318.1838 [GMT -7:00]
.
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Trend Micro Client/Server Security Agent Anti-spyware *Disabled/Updated* {D3988948-0C9A-0693-BE3C-BB4CF86413BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
FW: Trend Micro Personal Firewall *Disabled* {70A91CD9-303D-A217-A80E-6DEE136EDB2B}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\IDT\WDM\STacSV.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe
C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe
C:\Program Files\IDT\WDM\aestsrv.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
C:\Program Files\Motorola Media Link\Lite\NServiceEntry.exe
D:\Program Files\Dell\Reader 2.1\DVMExportService.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Program Files\Flux\Services\FluxB.exe
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Program Files\STMicroelectronics\AccelerometerP11\InstallFilterService.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe
C:\Program Files\Trend Micro\Client Server Security Agent\PccNTMon.exe
C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\WavXDocMgr.exe
C:\Program Files\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
D:\Program Files\Dell\Reader 2.1\DellBtrEvent.exe
C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files\Motorola\MotoHelper\MotoHelperAgent.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\HP\HP Software Update\hpwuschd2.exe
C:\Program Files\Spotify\Data\SpotifyWebHelper.exe
C:\Users\Cam\czw1tgmahe.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Dell\Dell System Manager\DCPSysMgr.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmNotify.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\Program Files\Dell\Dell System Manager\DCPSysMgrSvc.exe
C:\Program Files\Flux\Services\FluxA.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\Program Files\Trend Micro\Client Server Security Agent\HostedAgent\svcGenericHost.exe
c:\Program Files\Trend Micro\Client Server Security Agent\tmlisten.exe
c:\Program Files\Trend Micro\Client Server Security Agent\HostedAgent\HostedAgent.exe
C:\Windows\system32\conhost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\svchost.exe -k HPService
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k bthsvcs
c:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\wmiprvse.exe
c:\Program Files\Trend Micro\Client Server Security Agent\CNTAoSMgr.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Program Files\Common Files\Java\Java Update\jucheck.exe
C:\Windows\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskhost.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\conhost.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uSearch Bar = Preserve
uInternet Settings,ProxyOverride = 192.168.*.*;*.local
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: TmIEPlugInBHO Class: {1ca1377b-dc1d-4a52-9585-6e06050fac53} - c:\program files\trend micro\client server security agent\bho\1009\TmIEPlg.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - c:\program files\windows live\companion\companioncore.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~1\office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
uRun: [Spotify Web Helper] "c:\program files\spotify\data\SpotifyWebHelper.exe"
uRun: [czw1tgmahe] c:\users\cam\czw1tgmahe.exe
mRun: [<NO NAME>]
mRun: [OfficeScanNT Monitor] "c:\program files\trend micro\client server security agent\pccntmon.exe" -HideWindow
mRun: [WavXMgr] c:\program files\wave systems corp\services manager\docmgr\bin\WavXDocMgr.exe
mRun: [USCService] c:\program files\dell\dell controlpoint\security manager\BcmDeviceAndTaskStatusService.exe
mRun: [SysTrayApp] c:\program files\idt\wdm\sttray.exe
mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe"
mRun: [IAStorIcon] c:\program files\intel\intel® rapid storage technology\IAStorIcon.exe
mRun: [DellBtrEvent] d:\program files\dell\reader 2.1\DellBtrEvent.exe
mRun: [Dell Webcam Central] "c:\program files\dell webcam\dell webcam central\WebcamDell2.exe" /mode2
mRun: [Apoint] c:\program files\delltpad\Apoint.exe
mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 10.0\acrobat\Acrotray.exe"
mRun: [NVHotkey] rundll32.exe c:\windows\system32\nvHotkey.dll,Start
mRun: [nwiz] c:\program files\nvidia corporation\nview\nwiz.exe /installquiet
mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [Adobe Acrobat Speed Launcher] "c:\program files\adobe\acrobat 10.0\acrobat\Acrobat_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
StartupFolder: c:\users\cam\appdata\roaming\micros~1\windows\startm~1\programs\startup\dropbox.lnk - c:\users\cam\appdata\roaming\dropbox\bin\Dropbox.exe
StartupFolder: c:\users\cam\appdata\roaming\micros~1\windows\startm~1\programs\startup\gnotif~1.lnk - c:\program files\google\gmail notifier\gnotify.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\dellsy~1.lnk - c:\program files\dell\dell system manager\DCPSysMgr.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\tdmnot~1.lnk - c:\program files\wave systems corp\trusted drive manager\TdmNotify.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - c:\program files\windows live\companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.5.3.0.cab
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{142BA2D5-FDCA-4926-B863-6249A4A5D086} : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{142BA2D5-FDCA-4926-B863-6249A4A5D086}\0554544535 : DhcpNameServer = 10.128.128.128
TCP: Interfaces\{142BA2D5-FDCA-4926-B863-6249A4A5D086}\343434C4942425142595 : DhcpNameServer = 10.36.80.14 10.36.80.13
TCP: Interfaces\{F8144255-E2AC-41E8-A449-27014E063D36} : DhcpNameServer = 4.2.2.2 8.8.8.8
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - c:\program files\trend micro\client server security agent\bho\1009\TmIEPlg.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
LSA: Authentication Packages = msv1_0 wvauth
.
============= SERVICES / DRIVERS ===============
.
R0 stdflt;Disk Filter Driver for Accelerometer;c:\windows\system32\drivers\stdfltn.sys [2010-12-12 17072]
R1 DVMIO;DVMIO;d:\program files\dell\reader 2.1\dvmio.sys [2010-5-4 18320]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128]
R2 AESTFilters;Andrea ST Filters Service;c:\program files\idt\wdm\AEstSrv.exe [2010-12-12 81920]
R2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Service;c:\program files\intel\bluetoothhs\BTHSAmpPalService.exe [2011-8-31 948736]
R2 BTHSSecurityMgr;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Security Service;c:\program files\intel\bluetoothhs\BTHSSecurityMgr.exe [2011-6-3 102672]
R2 Credential Vault Host Control Service;Credential Vault Host Control Service;c:\program files\broadcom corporation\broadcom ush host components\cv\bin\HostControlService.exe [2010-3-23 812448]
R2 Credential Vault Host Storage;Credential Vault Host Storage;c:\program files\broadcom corporation\broadcom ush host components\cv\bin\HostStorageService.exe [2010-3-23 27040]
R2 dcpsysmgrsvc;Dell System Manager Service;c:\program files\dell\dell system manager\DCPSysMgrSvc.exe [2010-8-24 388464]
R2 DeviceMonitorService;DeviceMonitorService;c:\program files\motorola media link\lite\NServiceEntry.exe [2011-9-19 87368]
R2 DvmMDES;DeviceVM Meta Data Export Service;d:\program files\dell\reader 2.1\DVMExportService.exe [2010-5-4 327680]
R2 FluxA;FluxA;c:\program files\flux\services\FluxA.exe [2012-1-14 5588992]
R2 FluxB;FluxB;c:\program files\flux\services\FluxB.exe [2012-1-14 2903040]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files\intel\intel® rapid storage technology\IAStorDataMgrSvc.exe [2010-12-12 13592]
R2 InstallFilterService;FF Install Filter Service;c:\program files\stmicroelectronics\accelerometerp11\InstallFilterService.exe [2010-12-12 60928]
R2 MotoHelper;MotoHelper Service;c:\program files\motorola\motohelper\MotoHelperService.exe [2012-2-1 214896]
R2 risdpcie;risdpcie;c:\windows\system32\drivers\risdpe86.sys [2010-12-12 59904]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\nvidia corporation\3d vision\nvSCPAPISvr.exe [2011-4-7 378472]
R2 svcGenericHost;Trend Micro Client/Server Security Agent;c:\program files\trend micro\client server security agent\hostedagent\svcGenericHost.exe [2010-7-5 45056]
R3 Acceler;Accelerometer Service;c:\windows\system32\drivers\Accelern.sys [2010-12-12 42672]
R3 AMPPAL;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Virtual Adapter;c:\windows\system32\drivers\AmpPal.sys [2011-8-8 243712]
R3 btwampfl;Bluetooth AMP USB Filter;c:\windows\system32\drivers\btwampfl.sys [2010-12-12 274472]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\drivers\btwl2cap.sys [2010-12-12 33320]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\drivers\CtClsFlt.sys [2010-12-12 144576]
R3 cvusbdrv;Dell ControlVault;c:\windows\system32\drivers\cvusbdrv.sys [2010-12-12 33832]
R3 e1kexpress;Intel® PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\drivers\e1k6232.sys [2012-1-6 268968]
R3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys [2010-12-12 125696]
R3 NETwNs32;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 32 Bit;c:\windows\system32\drivers\NETwNs32.sys [2011-8-3 7517696]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2011-4-22 139368]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\drivers\vwifimp.sys [2009-7-13 14336]
S0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2011-4-18 171064]
S1 tmlwf;Trend Micro NDIS 6.0 Filter Driver;c:\windows\system32\drivers\tmlwf.sys [2009-7-15 146448]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-4-14 136176]
S2 PaceLicenseDServices;PACE License Services;c:\program files\common files\pace\services\licenseservices\LDSvc.exe [2011-9-8 2932224]
S2 TmFilter;Trend Micro Filter;c:\program files\trend micro\client server security agent\TmXPFlt.sys [2010-5-10 230928]
S2 TmPreFilter;Trend Micro PreFilter;c:\program files\trend micro\client server security agent\tmpreflt.sys [2010-5-10 36368]
S2 tmwfp;Trend Micro WFP Callout Driver;c:\windows\system32\drivers\tmwfp.sys [2009-7-15 283152]
S3 AMPPALP;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Protocol;c:\windows\system32\drivers\AmpPal.sys [2011-8-8 243712]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 BTCFilterService;USB Networking Driver Filter Service;c:\windows\system32\drivers\motfilt.sys [2009-1-29 6016]
S3 cpudrv;cpudrv;c:\program files\systemrequirementslab\cpudrv.sys [2011-6-2 11336]
S3 CtAudDrv;Provides advanced audio effects for audio devices.;c:\windows\system32\drivers\CtAudDrv.sys [2010-12-12 134144]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-4-14 136176]
S3 iLokDrvr;Usb Driver;c:\windows\system32\drivers\iLokDrvr.sys [2010-11-3 21112]
S3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\drivers\ivusb.sys [2010-7-29 25112]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2012-6-17 40776]
S3 motandroidusb;Mot ADB Interface Driver;c:\windows\system32\drivers\motoandroid.sys [2009-7-10 25856]
S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys [2012-1-25 20864]
S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys [2012-1-25 8448]
S3 Motousbnet;Motorola USB Networking Driver Service;c:\windows\system32\drivers\Motousbnet.sys [2012-1-25 23808]
S3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2011-4-27 74112]
S3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\NisSrv.exe [2012-3-26 214952]
S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
S3 rimspci;rimspci;c:\windows\system32\drivers\rimspe86.sys [2010-12-12 48640]
S3 rixdpcie;rixdpcie;c:\windows\system32\drivers\rixdpe86.sys [2010-12-12 38912]
S3 rspAux;rspAux;c:\windows\system32\drivers\rspAux32.sys [2011-4-20 19000]
S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
S3 TmPfw;Trend Micro Client/Server Security Agent Personal Firewall;c:\program files\trend micro\client server security agent\TmPfw.exe [2009-7-15 497008]
S3 TmProxy;Trend Micro Client/Server Security Agent Proxy Service;c:\program files\trend micro\client server security agent\TmProxy.exe [2009-7-15 689416]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-7-7 52224]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2011-3-15 1343400]
S4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\windows live\mesh\wlcrasvc.exe [2010-9-22 51040]
.
=============== Created Last 30 ================
.
2012-06-17 23:34:43 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2012-06-17 22:04:51 -------- d-----w- c:\users\cam\appdata\roaming\Malwarebytes
2012-06-17 22:04:48 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-17 22:04:48 -------- d-----w- c:\programdata\Malwarebytes
2012-06-17 22:04:48 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-06-17 07:23:00 -------- d-----w- c:\program files\ESET
2012-06-16 23:01:24 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2012-06-16 23:01:24 -------- d-----w- c:\program files\Spybot - Search & Destroy
2012-06-16 17:39:48 -------- d-----w- c:\users\cam\appdata\roaming\TuneUp Software
2012-06-16 17:38:59 -------- d-----w- c:\programdata\TuneUp Software
2012-06-16 17:38:27 -------- d-sh--w- c:\programdata\{32364CEA-7855-4A3C-B674-53D8E9B97936}
2012-06-16 17:38:27 -------- d--h--w- c:\programdata\Common Files
2012-06-16 17:35:53 -------- d-----w- c:\program files\iPod
2012-06-16 17:33:32 -------- d-----w- c:\program files\Bonjour
2012-06-15 23:50:07 -------- d-sh--w- c:\windows\system32\%APPDATA%
2012-06-15 21:49:01 6737808 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{e4abc293-0507-4704-a92d-546a51bce0da}\mpengine.dll
2012-06-14 20:29:37 6737808 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2012-06-13 13:33:45 183808 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-06-13 13:33:42 2342400 ----a-w- c:\windows\system32\msi.dll
2012-06-13 13:33:41 8192 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-06-13 13:33:41 58880 ----a-w- c:\windows\system32\rdpwsx.dll
2012-06-13 13:33:41 2343936 ----a-w- c:\windows\system32\win32k.sys
2012-06-13 13:33:41 164352 ----a-w- c:\windows\system32\profsvc.dll
2012-06-13 13:33:41 129536 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-06-13 13:33:37 140288 ----a-w- c:\windows\system32\cryptsvc.dll
2012-06-13 13:33:37 1158656 ----a-w- c:\windows\system32\crypt32.dll
2012-06-13 13:33:37 103936 ----a-w- c:\windows\system32\cryptnet.dll
2012-06-13 05:05:42 713784 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\{8c90a9f6-57e5-4d49-a4d3-d046be466f16}\gapaengine.dll
2012-06-09 00:47:02 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-06-01 14:06:48 163048 ----a-w- c:\programdata\microsoft\windows\sqm\manifest\Sqm10141.bin
2012-05-31 18:45:00 -------- d-----w- c:\users\cam\appdata\local\webkit
2012-05-31 01:14:13 -------- d-----w- c:\users\cam\appdata\local\fontconfig
2012-05-31 01:14:12 -------- d-----w- c:\users\cam\appdata\local\gegl-0.2
2012-05-31 01:14:12 -------- d-----w- c:\users\cam\.gimp-2.8
2012-05-31 01:06:22 -------- d-----w- c:\program files\GIMP 2
.
==================== Find3M ====================
.
2012-06-09 00:47:02 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-05-17 22:45:37 1800192 ----a-w- c:\windows\system32\jscript9.dll
2012-05-17 22:35:47 1129472 ----a-w- c:\windows\system32\wininet.dll
2012-05-17 22:35:39 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2012-05-17 22:29:45 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2012-05-17 22:24:45 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-04-09 21:36:10 1420 ----a-w- c:\windows\system32\privatedata.dll
2012-03-31 04:39:37 3968368 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-03-31 04:39:37 3913072 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-03-30 10:23:11 1291632 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-03-21 03:44:12 74112 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys
2012-03-21 03:44:12 171064 ----a-w- c:\windows\system32\drivers\MpFilter.sys
.
============= FINISH: 17:09:04.18 ===============

thanks!
Cam

Attached Files


#2
funkycam
Posted 17 June 2012 - 07:45 PM

    New Member

  • Members
  • Pip
  • 10 posts
also system restore is disabled

#3
Maniac
Posted 18 June 2012 - 05:19 AM

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 16,993 posts
  • Gender:Male
  • Location:Bulgaria, EU
Hello Cam and :welcome:! My name is Maniac and I will be glad to help you solve your malware problem.

Please note:
  • If you are a paying customer, you have the privilege to contact the help desk at support@malwarebytes.org or here (http://helpdesk.malwarebytes.org/home). If you choose this option to get help, please let me know.
  • I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
  • Make sure you read all of the instructions and fixes thoroughly before continuing with them.
  • Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
  • Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.

Please follow the instructions here:
http://forums.malwar...18
http://forums.malwar...44

Next:

  • Launch Malwarebytes' Anti-Malware
  • Go to Update tab and select Check for Updates. If an update is found, it will download and install the latest version.
  • Go to Scanner tab and select Perform Quick Scan, then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer,please do so immediately.
My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here Posted Image

#4
funkycam
Posted 18 June 2012 - 08:59 AM

    New Member

  • Members
  • Pip
  • 10 posts

thanks for the suggestions :)



security essentials will not work. it is red & says "security essentials isn't monitoring your pc because the program's service stopped. You should restart it now."
So settings cannot be edited. It did work prior to this problem though because it says my last scan was 6 10 12.

I unistalled malawarebytes in safe mode but when i reinstalled it froze the the same place: the C\User folder where that czw1tgmahe.exe is located.

re chkdsk, Computer says "you do not have sufficient rights to check this drive" when i try to do it :(

#5
Maniac
Posted 18 June 2012 - 09:15 AM

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 16,993 posts
  • Gender:Male
  • Location:Bulgaria, EU
Don't install or uninstall anything especially Malwarebytes' Anti-Malware that makes our job much difficult.

Follow the instructions here:
http://forums.malwar...ndpost&p=434003

Finally, post the log file in your next reply with a new fresh DDS log file. Please perform these actions in Normal mode, not in Safe Mode.
My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here Posted Image

#6
funkycam
Posted 18 June 2012 - 09:31 AM

    New Member

  • Members
  • Pip
  • 10 posts
Thanks Maniac, i am a little confused though: your first link in the above post (http://forums.malwar...18)took me to a post that said to uninstall malaware bytes in safe mode & that's why i did it.

The new link you just posted describes a workaround for installing malaware bytes, but i have it installed & it runs, it just freezes after about 4 minutes when it gets to that folder i mentioned, so it's not possible to get a log.

#7
Maniac
Posted 18 June 2012 - 09:43 AM

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 16,993 posts
  • Gender:Male
  • Location:Bulgaria, EU
I just want from you to add it in exclusions, just that. From you I learned that you uninstall it, so I gave you a link to install it again.

Now, try to run Malwarebytes' Anti-Malware on this way and let me know if is freeze again:
http://forums.malwar...ndpost&p=434002
My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here Posted Image

#8
funkycam
Posted 18 June 2012 - 08:56 PM

    New Member

  • Members
  • Pip
  • 10 posts
So it tried all of the Chameleon options. some loaded, some didn't, all of those that loaded froze when scanning the folder where czw1tgmahe.exe
is located.

Incidentally czw1tgmahe.exe's icon has changed to an open suitcase full of money & if it is mouse overed it says GreatRollPlayer toshiba, but I am still unable to delete it.

#9
Maniac
Posted 19 June 2012 - 04:20 AM

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 16,993 posts
  • Gender:Male
  • Location:Bulgaria, EU
Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingc...to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please include the C:\ComboFix.txt in your next reply for further review.
My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here Posted Image

#10
funkycam
Posted 19 June 2012 - 05:21 PM

    New Member

  • Members
  • Pip
  • 10 posts
combofix kept freezing about 2/3rds of the way into installing. Eventually I left it for hours & it installed, restarted & then took around 4 hours to run & finish.

here is the log

ComboFix 12-06-19.03 - Cam 06/19/2012 12:28:42.3.4 - x86
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.3318.2568 [GMT -7:00]
Running from: c:\users\Cam\Downloads\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
FW: Trend Micro Personal Firewall *Disabled* {70A91CD9-303D-A217-A80E-6DEE136EDB2B}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Trend Micro Client/Server Security Agent Anti-spyware *Disabled/Updated* {D3988948-0C9A-0693-BE3C-BB4CF86413BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\drivers\fd17601b57783611.sys
.
Infected copy of c:\windows\system32\Drivers\Volsnap.sys was found and disinfected
Restored copy from - c:\combofix\HarddiskVolumeShadowCopy3_!Windows!System32!drivers!volsnap.sys
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_fd17601b57783611
-------\Service_fd17601b57783611
.
.
((((((((((((((((((((((((( Files Created from 2012-05-19 to 2012-06-19 )))))))))))))))))))))))))))))))
.
.
2012-06-19 20:26 . 2012-06-19 22:06 -------- d-----w- c:\users\Cam\AppData\Local\temp
2012-06-19 20:26 . 2012-06-19 20:26 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-06-19 01:04 . 2012-06-19 01:12 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2012-06-18 23:47 . 2012-06-19 01:04 28488 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2012-06-18 18:51 . 2012-06-19 01:23 -------- d-----w- c:\users\Cam\AppData\Roaming\Skype
2012-06-18 18:51 . 2012-06-18 18:51 -------- d-----w- c:\program files\Common Files\Skype
2012-06-18 18:51 . 2012-06-18 18:51 -------- d-----r- c:\program files\Skype
2012-06-18 18:51 . 2012-06-18 18:51 -------- d-----w- c:\programdata\Skype
2012-06-18 13:04 . 2012-06-18 17:54 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-06-18 13:04 . 2012-04-04 22:56 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-17 22:04 . 2012-06-17 22:04 -------- d-----w- c:\users\Cam\AppData\Roaming\Malwarebytes
2012-06-17 22:04 . 2012-06-17 22:04 -------- d-----w- c:\programdata\Malwarebytes
2012-06-17 07:23 . 2012-06-17 07:23 -------- d-----w- c:\program files\ESET
2012-06-16 23:01 . 2012-06-17 07:14 -------- d-----w- c:\program files\Spybot - Search & Destroy
2012-06-16 23:01 . 2012-06-16 23:23 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2012-06-16 17:39 . 2012-06-16 17:39 -------- d-----w- c:\users\Cam\AppData\Roaming\TuneUp Software
2012-06-16 17:38 . 2012-06-16 17:40 -------- d-----w- c:\programdata\TuneUp Software
2012-06-16 17:38 . 2012-06-16 17:38 -------- d-sh--w- c:\programdata\{32364CEA-7855-4A3C-B674-53D8E9B97936}
2012-06-16 17:38 . 2012-06-16 17:38 -------- d--h--w- c:\programdata\Common Files
2012-06-16 17:35 . 2012-06-16 17:35 -------- d-----w- c:\program files\iPod
2012-06-16 17:33 . 2012-06-16 17:33 -------- d-----w- c:\program files\Bonjour
2012-06-16 17:08 . 2012-06-16 17:08 -------- d-----w- c:\program files\Apple Software Update
2012-06-15 23:50 . 2012-06-15 23:50 -------- d-sh--w- c:\windows\system32\%APPDATA%
2012-06-15 23:40 . 2012-06-15 23:40 34304 ----a-w- c:\users\Cam\czw1tgmahe.exe
2012-06-15 21:49 . 2012-05-08 16:40 6737808 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E4ABC293-0507-4704-A92D-546A51BCE0DA}\mpengine.dll
2012-06-14 20:29 . 2012-05-08 16:40 6737808 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-06-13 13:33 . 2012-04-28 03:17 183808 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-06-13 13:33 . 2012-04-07 11:26 2342400 ----a-w- c:\windows\system32\msi.dll
2012-06-13 13:33 . 2012-04-24 04:36 140288 ----a-w- c:\windows\system32\cryptsvc.dll
2012-06-13 13:33 . 2012-04-24 04:36 1158656 ----a-w- c:\windows\system32\crypt32.dll
2012-06-13 13:33 . 2012-04-24 04:36 103936 ----a-w- c:\windows\system32\cryptnet.dll
2012-06-13 05:05 . 2012-02-11 01:36 713784 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{8C90A9F6-57E5-4D49-A4D3-D046BE466F16}\gapaengine.dll
2012-06-09 00:47 . 2012-06-09 00:47 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-06-01 14:06 . 2012-06-01 14:06 163048 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10141.bin
2012-05-31 18:45 . 2012-05-31 18:45 -------- d-----w- c:\users\Cam\AppData\Local\webkit
2012-05-31 01:14 . 2012-05-31 01:14 -------- d-----w- c:\users\Cam\AppData\Local\fontconfig
2012-05-31 01:14 . 2012-05-31 19:38 -------- d-----w- c:\users\Cam\.gimp-2.8
2012-05-31 01:14 . 2012-05-31 01:14 -------- d-----w- c:\users\Cam\AppData\Local\gegl-0.2
2012-05-31 01:06 . 2012-05-31 01:07 -------- d-----w- c:\program files\GIMP 2
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-19 22:05 . 2011-03-14 21:34 0 ----a-w- c:\users\Cam\AppData\Local\WavXMapDrive.bat
2012-06-09 00:47 . 2011-05-18 19:45 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-05-17 22:35 . 2012-06-14 10:02 1129472 ----a-w- c:\windows\system32\wininet.dll
2012-05-15 01:05 . 2012-06-13 13:33 2343936 ----a-w- c:\windows\system32\win32k.sys
2012-05-01 04:44 . 2012-06-13 13:33 164352 ----a-w- c:\windows\system32\profsvc.dll
2012-04-26 04:45 . 2012-06-13 13:33 58880 ----a-w- c:\windows\system32\rdpwsx.dll
2012-04-26 04:45 . 2012-06-13 13:33 129536 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-04-26 04:41 . 2012-06-13 13:33 8192 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-03-31 04:39 . 2012-05-10 03:41 3968368 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-03-31 04:39 . 2012-05-10 03:41 3913072 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-03-30 10:23 . 2012-05-10 03:41 1291632 ----a-w- c:\windows\system32\drivers\tcpip.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Cam\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Cam\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Cam\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Cam\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EnabledUnlockedFDEIconOverlay]
@="{30D3C2AF-9709-4D05-9CF4-13335F3C1E4A}"
[HKEY_CLASSES_ROOT\CLSID\{30D3C2AF-9709-4D05-9CF4-13335F3C1E4A}]
2010-03-29 18:45 62832 ----a-w- c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmIconOverlay.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UninitializedFdeIconOverlay]
@="{CF08DA3E-C97D-4891-A66B-E39B28DD270F}"
[HKEY_CLASSES_ROOT\CLSID\{CF08DA3E-C97D-4891-A66B-E39B28DD270F}]
2010-03-29 18:45 62832 ----a-w- c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmIconOverlay.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Spotify Web Helper"="c:\program files\Spotify\Data\SpotifyWebHelper.exe" [2012-05-11 932528]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OfficeScanNT Monitor"="c:\program files\Trend Micro\Client Server Security Agent\pccntmon.exe" [2010-06-25 1099088]
"WavXMgr"="c:\program files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe" [2010-07-21 147840]
"USCService"="c:\program files\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.exe" [2010-06-22 34232]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2010-05-26 495708]
"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-12-29 140520]
"IAStorIcon"="c:\program files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2011-10-17 284440]
"DellBtrEvent"="d:\program files\Dell\Reader 2.1\DellBtrEvent.exe" [2010-05-04 147456]
"Dell Webcam Central"="c:\program files\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2010-03-12 462993]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2010-06-04 292208]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [2011-09-05 2904984]
"NVHotkey"="c:\windows\system32\nvHotkey.dll" [2011-04-08 293992]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2011-02-24 1753192]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 1821576]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-27 931200]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-31 59280]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-30 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-06-08 421776]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2009-11-18 54576]
"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [2011-09-05 36760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
.
c:\users\Cam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Cam\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-24 27112840]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2010-1-8 828704]
Dell System Manager.lnk - c:\program files\Dell\Dell System Manager\DCPSysMgr.exe [2010-8-24 1458032]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-11-18 275072]
TdmNotify.lnk - c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmNotify.exe [2010-3-29 132456]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
Authentication Packages REG_MULTI_SZ msv1_0 wvauth
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^Users^Cam^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^gnotify.exe - Shortcut.lnk]
path=c:\users\Cam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\gnotify.exe - Shortcut.lnk
backup=c:\windows\pss\gnotify.exe - Shortcut.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\czw1tgmahe]
2012-06-15 23:40 34304 ----a-w- c:\users\Cam\czw1tgmahe.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2012-06-08 02:17 17425072 ----a-r- c:\program files\Skype\Phone\Skype.exe
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 AMPPALP;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Protocol;c:\windows\system32\DRIVERS\amppal.sys [2011-08-08 243712]
R3 BTCFilterService;USB Networking Driver Filter Service;c:\windows\system32\DRIVERS\motfilt.sys [2009-01-30 6016]
R3 cpudrv;cpudrv;c:\program files\SystemRequirementsLab\cpudrv.sys [2011-06-02 11336]
R3 CtAudDrv;Provides advanced audio effects for audio devices.;c:\windows\system32\Drivers\CtAudDrv.sys [2009-05-28 134144]
S1 DVMIO;DVMIO;d:\program files\Dell\Reader 2.1\dvmio.sys [2010-05-04 18320]
S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\aestsrv.exe [2010-05-26 81920]
S2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Service;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe [2011-09-01 948736]
S2 BTHSSecurityMgr;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Security Service;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe [2011-06-03 102672]
S2 Credential Vault Host Control Service;Credential Vault Host Control Service;c:\program files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe [2010-03-24 812448]
S2 Credential Vault Host Storage;Credential Vault Host Storage;c:\program files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe [2010-03-24 27040]
S2 dcpsysmgrsvc;Dell System Manager Service;c:\program files\Dell\Dell System Manager\DCPSysMgrSvc.exe [2010-08-24 388464]
S2 DeviceMonitorService;DeviceMonitorService;c:\program files\Motorola Media Link\Lite\NServiceEntry.exe [2011-09-19 87368]
S2 DvmMDES;DeviceVM Meta Data Export Service;d:\program files\Dell\Reader 2.1\DVMExportService.exe [2010-05-04 327680]
S3 Acceler;Accelerometer Service;c:\windows\system32\DRIVERS\Accelern.sys [2010-01-18 42672]
S3 AMPPAL;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Virtual Adapter;c:\windows\system32\DRIVERS\AMPPAL.sys [2011-08-08 243712]
S3 btwampfl;Bluetooth AMP USB Filter;c:\windows\system32\drivers\btwampfl.sys [2010-01-11 274472]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2010-01-11 33320]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [2009-09-16 144576]
S3 cvusbdrv;Dell ControlVault;c:\windows\system32\Drivers\cvusbdrv.sys [2009-10-30 33832]
S3 e1kexpress;Intel® PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\DRIVERS\e1k6232.sys [2011-07-20 268968]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - TMWFP
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2012-06-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-04-14 22:46]
.
2012-06-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-04-14 22:46]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = 192.168.*.*;*.local
TCP: DhcpNameServer = 192.168.1.254
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
SafeBoot-MsMpSvc
AddRemove-{1FE1972E-3748-4B05-9B22-26515DD5AE83}_is1 - c:\programdata\Valhalla DSP
AddRemove-{2475C131-DF8D-4276-85B0-A41443C6071F}_is1 - c:\programdata\Valhalla DSP
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'lsass.exe'(672)
c:\windows\system32\wvauth.DLL
c:\program files\Wave Systems Corp\Common\CryptoManager.dll
c:\windows\system32\tcg15.dll
c:\program files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\Tsp1.dll
c:\windows\system32\wclient14.dll
c:\program files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\TspPopup_ENU.dll
.
- - - - - - - > 'Explorer.exe'(6832)
c:\users\Cam\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmIconOverlay.dll
c:\program files\WIDCOMM\Bluetooth Software\btmmhook.dll
c:\program files\WIDCOMM\Bluetooth Software\btncopy.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\program files\IDT\WDM\STacSV.exe
c:\program files\NVIDIA Corporation\Display\NvXDSync.exe
c:\windows\system32\nvvsvc.exe
c:\windows\system32\WUDFHost.exe
c:\windows\system32\WLANExt.exe
c:\windows\system32\conhost.exe
c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe
c:\windows\system32\taskhost.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\windows\system32\conhost.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\WIDCOMM\Bluetooth Software\btwdins.exe
c:\program files\Intel\WiFi\bin\EvtEng.exe
c:\program files\Flux\Services\FluxB.exe
c:\program files\STMicroelectronics\AccelerometerP11\InstallFilterService.exe
c:\program files\Common Files\Motive\McciCMService.exe
c:\program files\Motorola\MotoHelper\MotoHelperService.exe
c:\program files\Trend Micro\Client Server Security Agent\ntrtscan.exe
c:\program files\Motorola\MotoHelper\MotoHelperAgent.exe
c:\program files\Common Files\PACE\Services\LicenseServices\LDSvc.exe
c:\program files\Common Files\Intel\WirelessCommon\RegSrvc.exe
c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe
c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Flux\Services\FluxA.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\program files\Trend Micro\Client Server Security Agent\HostedAgent\svcGenericHost.exe
c:\program files\Trend Micro\Client Server Security Agent\tmlisten.exe
c:\program files\Trend Micro\Client Server Security Agent\HostedAgent\HostedAgent.exe
c:\windows\system32\conhost.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\DellTPad\ApMsgFwd.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\DellTPad\Apntex.exe
c:\windows\system32\conhost.exe
c:\program files\DellTPad\HidFind.exe
c:\program files\Trend Micro\Client Server Security Agent\TmPfw.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\WIDCOMM\Bluetooth Software\BtStackServer.exe
c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
c:\program files\HP\Digital Imaging\bin\hpqbam08.exe
c:\program files\Trend Micro\Client Server Security Agent\CNTAoSMgr.exe
c:\windows\system32\conhost.exe
c:\program files\Trend Micro\Client Server Security Agent\TmProxy.exe
c:\program files\HP\Digital Imaging\bin\hpqgpc01.exe
c:\program files\Common Files\Java\Java Update\jusched.exe
c:\windows\system32\DllHost.exe
c:\program files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
c:\windows\system32\sppsvc.exe
.
**************************************************************************
.
Completion time: 2012-06-19 15:15:01 - machine was rebooted
ComboFix-quarantined-files.txt 2012-06-19 22:14
.
Pre-Run: 14,390,034,432 bytes free
Post-Run: 68,863,291,392 bytes free
.
- - End Of File - - B7DB3964AD882114F89DDF1F731EA997

#11
Maniac
Posted 19 June 2012 - 05:28 PM

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 16,993 posts
  • Gender:Male
  • Location:Bulgaria, EU
I'm sorry about that, but I'm on my way, almost kill it.


Step 1

Anti-Virus programs take up an enormous amount of your computer's resources when they are actively scanning your computer. Having two anti-virus programs running at the same time can cause your computer to run very slow, become unstable and even, in rare cases, crash. If you choose to install more than one Anti-Virus program on your computer, then only one of them should be active in memory at a time. My suggestion is to uninstall Trend Micro Client/Server Security Agent and to keep Microsoft Security Essentials.


Step 2

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

http://forums.malwarebytes.org/index.php?showtopic=111292

Collect::[8]
c:\users\Cam\czw1tgmahe.exe

JavaClearCache::

Save this as CFScript.txt, in the same location as ComboFix.exe

Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.
My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here Posted Image

#12
funkycam
Posted 19 June 2012 - 06:03 PM

    New Member

  • Members
  • Pip
  • 10 posts
here it is:
ComboFix 12-06-19.03 - Cam 06/19/2012 15:51:53.4.4 - x86
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.3318.1924 [GMT -7:00]
Running from: c:\users\Cam\Downloads\ComboFix.exe
Command switches used :: c:\users\Cam\Downloads\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
FW: Trend Micro Personal Firewall *Disabled* {70A91CD9-303D-A217-A80E-6DEE136EDB2B}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Cam\czw1tgmahe.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-05-19 to 2012-06-19 )))))))))))))))))))))))))))))))
.
.
2012-06-19 23:00 . 2012-06-19 23:01 -------- d-----w- c:\users\Cam\AppData\Local\temp
2012-06-19 23:00 . 2012-06-19 23:00 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-06-19 22:46 . 2012-06-19 22:46 -------- d-----w- c:\users\Cam\AppData\Local\Wave Systems Corp
2012-06-19 01:04 . 2012-06-19 01:12 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2012-06-18 23:47 . 2012-06-19 01:04 28488 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2012-06-18 18:51 . 2012-06-19 01:23 -------- d-----w- c:\users\Cam\AppData\Roaming\Skype
2012-06-18 18:51 . 2012-06-18 18:51 -------- d-----w- c:\program files\Common Files\Skype
2012-06-18 18:51 . 2012-06-18 18:51 -------- d-----r- c:\program files\Skype
2012-06-18 18:51 . 2012-06-18 18:51 -------- d-----w- c:\programdata\Skype
2012-06-18 13:04 . 2012-06-18 17:54 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-06-18 13:04 . 2012-04-04 22:56 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-17 22:04 . 2012-06-17 22:04 -------- d-----w- c:\users\Cam\AppData\Roaming\Malwarebytes
2012-06-17 22:04 . 2012-06-17 22:04 -------- d-----w- c:\programdata\Malwarebytes
2012-06-17 07:23 . 2012-06-17 07:23 -------- d-----w- c:\program files\ESET
2012-06-16 23:01 . 2012-06-17 07:14 -------- d-----w- c:\program files\Spybot - Search & Destroy
2012-06-16 23:01 . 2012-06-16 23:23 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2012-06-16 17:39 . 2012-06-16 17:39 -------- d-----w- c:\users\Cam\AppData\Roaming\TuneUp Software
2012-06-16 17:38 . 2012-06-16 17:40 -------- d-----w- c:\programdata\TuneUp Software
2012-06-16 17:38 . 2012-06-16 17:38 -------- d-sh--w- c:\programdata\{32364CEA-7855-4A3C-B674-53D8E9B97936}
2012-06-16 17:38 . 2012-06-16 17:38 -------- d--h--w- c:\programdata\Common Files
2012-06-16 17:35 . 2012-06-16 17:35 -------- d-----w- c:\program files\iPod
2012-06-16 17:33 . 2012-06-16 17:33 -------- d-----w- c:\program files\Bonjour
2012-06-16 17:08 . 2012-06-16 17:08 -------- d-----w- c:\program files\Apple Software Update
2012-06-15 23:50 . 2012-06-15 23:50 -------- d-sh--w- c:\windows\system32\%APPDATA%
2012-06-15 21:49 . 2012-05-08 16:40 6737808 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E4ABC293-0507-4704-A92D-546A51BCE0DA}\mpengine.dll
2012-06-14 20:29 . 2012-05-08 16:40 6737808 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-06-13 13:33 . 2012-04-28 03:17 183808 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-06-13 13:33 . 2012-04-07 11:26 2342400 ----a-w- c:\windows\system32\msi.dll
2012-06-13 13:33 . 2012-05-15 01:05 2343936 ----a-w- c:\windows\system32\win32k.sys
2012-06-13 13:33 . 2012-05-01 04:44 164352 ----a-w- c:\windows\system32\profsvc.dll
2012-06-13 13:33 . 2012-04-26 04:45 58880 ----a-w- c:\windows\system32\rdpwsx.dll
2012-06-13 13:33 . 2012-04-26 04:45 129536 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-06-13 13:33 . 2012-04-26 04:41 8192 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-06-13 13:33 . 2012-04-24 04:36 140288 ----a-w- c:\windows\system32\cryptsvc.dll
2012-06-13 13:33 . 2012-04-24 04:36 1158656 ----a-w- c:\windows\system32\crypt32.dll
2012-06-13 13:33 . 2012-04-24 04:36 103936 ----a-w- c:\windows\system32\cryptnet.dll
2012-06-13 05:05 . 2012-02-11 01:36 713784 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{8C90A9F6-57E5-4D49-A4D3-D046BE466F16}\gapaengine.dll
2012-06-09 00:47 . 2012-06-09 00:47 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-06-01 14:06 . 2012-06-01 14:06 163048 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10141.bin
2012-05-31 18:45 . 2012-05-31 18:45 -------- d-----w- c:\users\Cam\AppData\Local\webkit
2012-05-31 01:14 . 2012-05-31 01:14 -------- d-----w- c:\users\Cam\AppData\Local\fontconfig
2012-05-31 01:14 . 2012-05-31 19:38 -------- d-----w- c:\users\Cam\.gimp-2.8
2012-05-31 01:14 . 2012-05-31 01:14 -------- d-----w- c:\users\Cam\AppData\Local\gegl-0.2
2012-05-31 01:06 . 2012-05-31 01:07 -------- d-----w- c:\program files\GIMP 2
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-19 22:05 . 2011-03-14 21:34 0 ----a-w- c:\users\Cam\AppData\Local\WavXMapDrive.bat
2012-06-09 00:47 . 2011-05-18 19:45 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-03-31 04:39 . 2012-05-10 03:41 3968368 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-03-31 04:39 . 2012-05-10 03:41 3913072 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-03-30 10:23 . 2012-05-10 03:41 1291632 ----a-w- c:\windows\system32\drivers\tcpip.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Cam\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Cam\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Cam\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Cam\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EnabledUnlockedFDEIconOverlay]
@="{30D3C2AF-9709-4D05-9CF4-13335F3C1E4A}"
[HKEY_CLASSES_ROOT\CLSID\{30D3C2AF-9709-4D05-9CF4-13335F3C1E4A}]
2010-03-29 18:45 62832 ----a-w- c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmIconOverlay.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UninitializedFdeIconOverlay]
@="{CF08DA3E-C97D-4891-A66B-E39B28DD270F}"
[HKEY_CLASSES_ROOT\CLSID\{CF08DA3E-C97D-4891-A66B-E39B28DD270F}]
2010-03-29 18:45 62832 ----a-w- c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmIconOverlay.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Spotify Web Helper"="c:\program files\Spotify\Data\SpotifyWebHelper.exe" [2012-05-11 932528]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WavXMgr"="c:\program files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe" [2010-07-21 147840]
"USCService"="c:\program files\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.exe" [2010-06-22 34232]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2010-05-26 495708]
"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-12-29 140520]
"IAStorIcon"="c:\program files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2011-10-17 284440]
"DellBtrEvent"="d:\program files\Dell\Reader 2.1\DellBtrEvent.exe" [2010-05-04 147456]
"Dell Webcam Central"="c:\program files\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2010-03-12 462993]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2010-06-04 292208]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [2011-09-05 2904984]
"NVHotkey"="c:\windows\system32\nvHotkey.dll" [2011-04-08 293992]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2011-02-24 1753192]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 1821576]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-27 931200]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-31 59280]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-30 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-06-08 421776]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2009-11-18 54576]
"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [2011-09-05 36760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
.
c:\users\Cam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Cam\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-24 27112840]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2010-1-8 828704]
Dell System Manager.lnk - c:\program files\Dell\Dell System Manager\DCPSysMgr.exe [2010-8-24 1458032]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-11-18 275072]
TdmNotify.lnk - c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmNotify.exe [2010-3-29 132456]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
Authentication Packages REG_MULTI_SZ msv1_0 wvauth
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^Users^Cam^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^gnotify.exe - Shortcut.lnk]
path=c:\users\Cam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\gnotify.exe - Shortcut.lnk
backup=c:\windows\pss\gnotify.exe - Shortcut.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2012-06-08 02:17 17425072 ----a-r- c:\program files\Skype\Phone\Skype.exe
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 AMPPALP;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Protocol;c:\windows\system32\DRIVERS\amppal.sys [2011-08-08 243712]
R3 BTCFilterService;USB Networking Driver Filter Service;c:\windows\system32\DRIVERS\motfilt.sys [2009-01-30 6016]
R3 cpudrv;cpudrv;c:\program files\SystemRequirementsLab\cpudrv.sys [2011-06-02 11336]
R3 CtAudDrv;Provides advanced audio effects for audio devices.;c:\windows\system32\Drivers\CtAudDrv.sys [2009-05-28 134144]
S1 DVMIO;DVMIO;d:\program files\Dell\Reader 2.1\dvmio.sys [2010-05-04 18320]
S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\aestsrv.exe [2010-05-26 81920]
S2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Service;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe [2011-09-01 948736]
S2 BTHSSecurityMgr;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Security Service;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe [2011-06-03 102672]
S2 Credential Vault Host Control Service;Credential Vault Host Control Service;c:\program files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe [2010-03-24 812448]
S2 Credential Vault Host Storage;Credential Vault Host Storage;c:\program files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe [2010-03-24 27040]
S2 dcpsysmgrsvc;Dell System Manager Service;c:\program files\Dell\Dell System Manager\DCPSysMgrSvc.exe [2010-08-24 388464]
S2 DeviceMonitorService;DeviceMonitorService;c:\program files\Motorola Media Link\Lite\NServiceEntry.exe [2011-09-19 87368]
S2 DvmMDES;DeviceVM Meta Data Export Service;d:\program files\Dell\Reader 2.1\DVMExportService.exe [2010-05-04 327680]
S3 Acceler;Accelerometer Service;c:\windows\system32\DRIVERS\Accelern.sys [2010-01-18 42672]
S3 AMPPAL;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Virtual Adapter;c:\windows\system32\DRIVERS\AMPPAL.sys [2011-08-08 243712]
S3 btwampfl;Bluetooth AMP USB Filter;c:\windows\system32\drivers\btwampfl.sys [2010-01-11 274472]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2010-01-11 33320]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [2009-09-16 144576]
S3 cvusbdrv;Dell ControlVault;c:\windows\system32\Drivers\cvusbdrv.sys [2009-10-30 33832]
S3 e1kexpress;Intel® PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\DRIVERS\e1k6232.sys [2011-07-20 268968]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - TmFilter
*Deregistered* - VSApiNt
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2012-06-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-04-14 22:46]
.
2012-06-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-04-14 22:46]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = 192.168.*.*;*.local
TCP: DhcpNameServer = 192.168.1.254
.
- - - - ORPHANS REMOVED - - - -
.
MSConfigStartUp-czw1tgmahe - c:\users\Cam\czw1tgmahe.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'lsass.exe'(672)
c:\windows\system32\wvauth.DLL
c:\program files\Wave Systems Corp\Common\CryptoManager.dll
c:\windows\system32\tcg15.dll
c:\program files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\Tsp1.dll
c:\windows\system32\wclient14.dll
c:\program files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\TspPopup_ENU.dll
.
Completion time: 2012-06-19 16:02:31
ComboFix-quarantined-files.txt 2012-06-19 23:02
ComboFix2.txt 2012-06-19 22:15
.
Pre-Run: 68,937,404,416 bytes free
Post-Run: 68,749,496,320 bytes free
.
- - End Of File - - 5806640F5C64F54726FB37F398FF9391

#13
Maniac
Posted 19 June 2012 - 06:09 PM

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 16,993 posts
  • Gender:Male
  • Location:Bulgaria, EU
Please compress this folder: C:\Qoobox
http://windows.micro...files-zip-files

Next, upload it in www.mediafire.com for example and send me a download link via PM.

Thanks!
My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here Posted Image

#14
funkycam
Posted 19 June 2012 - 06:22 PM

    New Member

  • Members
  • Pip
  • 10 posts
pm-ed

#15
Maniac
Posted 19 June 2012 - 06:25 PM

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 16,993 posts
  • Gender:Male
  • Location:Bulgaria, EU
Thank you! :)

Please run a free online scan with the ESET Online Scanner
Note: You will need to use Internet Explorer for this scan
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  • Click Scan (This scan can take several hours, so please be patient)
  • Once the scan is completed, you may close the window
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic

My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here Posted Image

#16
funkycam
Posted 19 June 2012 - 08:54 PM

    New Member

  • Members
  • Pip
  • 10 posts
ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=9.00.8112.16421 (WIN7_IE9_RTM.110308-0330)
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=bcbab8eefc7d824891916fc506a709d4
# end=stopped
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-06-17 06:34:17
# local_time=2012-06-17 11:34:17 (-0800, Pacific Daylight Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=512 16777215 100 0 46847893 46847893 0 0
# compatibility_mode=5893 16776574 66 94 18485712 91462798 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=1061256
# found=0
# cleaned=0
# scan_time=40050
# version=7
# iexplore.exe=9.00.8112.16421 (WIN7_IE9_RTM.110308-0330)
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=bcbab8eefc7d824891916fc506a709d4
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-06-20 01:48:45
# local_time=2012-06-19 06:48:45 (-0800, Pacific Daylight Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=5893 16776574 100 94 18716263 91693349 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=401625
# found=10
# cleaned=10
# scan_time=8367
C:\Qoobox\Quarantine\C\Users\Cam\czw1tgmahe.exe.vir a variant of Win32/Kryptik.AGJE trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\Users\Cam\_czw1tgmahe_.exe.zip a variant of Win32/Kryptik.AGJE trojan (deleted - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\Windows\Installer\{12997293-8348-e77c-d05b-b2ec2a434415}\U\80000000.@.vir a variant of Win32/Sirefef.FA trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\Windows\Installer\{12997293-8348-e77c-d05b-b2ec2a434415}\U\800000cb.@.vir probably a variant of Win32/Agent.TEO trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Users\Cam\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\16\dfdb890-463e81bb multiple threats (deleted - quarantined) 00000000000000000000000000000000 C
C:\Users\Cam\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\49\63b79c71-44bef710 multiple threats (deleted - quarantined) 00000000000000000000000000000000 C
C:\Users\Cam\Dropbox\for maniac\Qoobox.zip multiple threats (deleted - quarantined) 00000000000000000000000000000000 C
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HVGQTWLG\celebritybabycraze_com[1].htm JS/Kryptik.PH trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T1JCEE9L\celebritybabycraze_com[1].htm JS/Kryptik.PH trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\W8ZAEWVE\cute-sleepy-kittens-meowing[1].htm HTML/ScrInject.B.Gen virus (deleted - quarantined) 00000000000000000000000000000000 C

#17
Maniac
Posted 20 June 2012 - 05:35 AM

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 16,993 posts
  • Gender:Male
  • Location:Bulgaria, EU
Good! :)

Please uninstall ComboFix:
http://www.bleepingc...bofix#uninstall

Next, uninstall ESET Online Scanner and manually delete DDS.

It is important to update your Java software:

Posted Image UPDATE JAVA

Your version of Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older versions of Java components and update:

  • Please download JavaRa to your desktop.
    • Click the Download button next to Windows Binary (.zip) Version 1.1.6. to download JavaRA and unzip it to its own folder.
  • Run JavaRa.exe
  • Pick the language of your choice and click Select. Then click Remove Older Versions. Accept any prompts.
    Posted Image
  • Open JavaRa.exe again and select Search For Updates.
  • Select Update Using Sun Java's Website then click Search and click on the Open Webpage button. Download and install the latest Java Runtime Environment (JRE) version for your computer.

Some malware prevention tips:
http://forums.malwar...=0


Safe surfing! :)
My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here Posted Image

#18
funkycam
Posted 20 June 2012 - 11:06 AM

    New Member

  • Members
  • Pip
  • 10 posts
Thanks so much for your help. You are a lifesaver :)
Does the papypal donation go directly to you? answer this in a pm if you need to

BTW it would be worth letting folks know that sometimes combofix takes hours to run if things are really bad...

#19
Maniac
Posted 20 June 2012 - 11:10 AM

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 16,993 posts
  • Gender:Male
  • Location:Bulgaria, EU
Yes, although registered from my father. :)

Yes, everything depends on the state of the system, so sometimes take longer. The important is end result! :)

You're welcome! :)
My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here Posted Image

#20
LDTate
Posted 20 June 2012 - 07:18 PM

    Forum Deity

  • Moderators
  • PipPipPipPipPipPip
  • 20,062 posts
  • Gender:Male
  • Location:Missouri, USA
Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!
Larry Tate
Consumer Support Specialist

Posted Image

Follow us: Twitter, Become a fan: Facebook
Back to Resolved HijackThis Logs · Next Unread Topic →


1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users

  1. Malwarebytes Forum
  2. Computer Help
  3. Malware Removal - HijackThis Logs
  4. Resolved HijackThis Logs

Products

About

Partners

Follow Us