Jump to content


Photo
- - - - -

nasty facebook virus Hijacking link to other web site


  • This topic is locked This topic is locked
38 replies to this topic

#1 iMoni

iMoni

    New Member

  • Members
  • Pip
  • 27 posts

Posted 29 February 2012 - 02:15 PM

Hi I have nasty virus from facebook please help me remove it.

here are the dds results


.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_29
Run by Monika at 13:56:17 on 2012-02-29
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.3070.1886 [GMT -5:00]
.
AV: AVG Anti-Virus Free Edition 2011 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2011 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
C:\Windows\system32\Ati2evxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\McKesson\MIG\Service\AliUpdate.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG10\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\MediaMall\MediaMallServer.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\RTHDCPL.exe
C:\Program Files\Visioneer OneTouch\OneTouchMon.exe
C:\Program Files\AVG\AVG10\avgtray.exe
C:\Program Files\VERIZONDM\bin\sprtcmd.exe
C:\Program Files\Visioneer\OneTouch 4.0\OtService.exe
C:\Program Files\TrustedID\TrustedID Secure Browse\dps.exe
C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
C:\Program Files\TrustedID\TrustedID Secure Browse\pl.exe
C:\Program Files\VERIZONDM\bin\sprtsvc.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Citrix\ICA Client\concentr.exe
C:\Program Files\VERIZONDM\bin\tgsrvc.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Citrix\ICA Client\wfcrun32.exe
C:\Program Files\StartNow Toolbar\ToolbarUpdaterService.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\TrustedID\TrustedID Secure Browse\epservice.exe
C:\Program Files\TrustedID\TrustedID Secure Browse\ep.exe
C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe
C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Squeezebox\SqueezeTray.exe
C:\Users\Monika\AppData\Local\Temp\RtkBtMnt.exe
C:\PROGRA~1\SQUEEZ~1\server\SQUEEZ~3.EXE
C:\Windows\System32\alg.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Program Files\MediaMall\MediaMallServer.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uInternet Settings,ProxyOverride = *.local
mURLSearchHooks: H - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: TrustedID Secure Browse: {3955aa73-8c60-4a9b-acdb-0c2edb1b6748} - c:\program files\trustedid\trustedid secure browse\epbho.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg10\avgssie.dll
BHO: StartNow Toolbar Helper: {6e13d095-45c3-4271-9475-f3b48227dd9f} - c:\program files\startnow toolbar\Toolbar32.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: FlashFXP Helper for Internet Explorer: {e5a1691b-d188-4419-ad02-90002030b8ee} - c:\progra~1\flashfxp\IEFlash.dll
BHO: TrustedID Secure Browse: {ff507020-a257-4527-a222-b6f5732e55ee} - c:\program files\trustedid\trustedid secure browse\plbho.dll
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB: StartNow Toolbar: {5911488e-9d1e-40ec-8cbb-06b231cc153f} - c:\program files\startnow toolbar\Toolbar32.dll
TB: {88C7F2AA-F93F-432C-8F0E-B7D85967A527} - No File
uRun: [Google Update] "c:\users\monika\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [iCloudServices] c:\program files\common files\apple\internet services\iCloudServices.exe
uRun: [ApplePhotoStreams] c:\program files\common files\apple\internet services\ApplePhotoStreams.exe
uRun: [Spyware Doctor with AntiVirus] c:\users\monika\desktop\sdasetup_revwire207.exe -min
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [SkyTel] SkyTel.EXE
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [AlcWzrd] ALCWZRD.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [OneTouch Monitor] c:\program files\visioneer onetouch\OneTouchMon.exe
mRun: [AVG_TRAY] c:\program files\avg\avg10\avgtray.exe
mRun: [TrustedID Secure Browse] "c:\program files\trustedid secure browse\sss.exe"
mRun: [VERIZONDM] "c:\program files\verizondm\bin\sprtcmd.exe" /P VERIZONDM
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [Data Protection Suite] "c:\program files\trustedid\trustedid secure browse\dps.exe"
mRun: [RIMBBLaunchAgent.exe] c:\program files\common files\research in motion\usb drivers\RIMBBLaunchAgent.exe
mRun: [PhishLock] "c:\program files\trustedid\trustedid secure browse\pl.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [ConnectionCenter] "c:\program files\citrix\ica client\concentr.exe" /startup
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
StartupFolder: c:\users\monika\appdata\roaming\micros~1\windows\startm~1\programs\startup\cit200.lnk - c:\program files\linksys\cit200\cit200.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\logite~1.lnk - c:\program files\squeezebox\SqueezeTray.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\quicke~1.lnk - c:\program files\quicken\bagent.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
mPolicies-system: SoftwareSASGeneration = 1 (0x1)
mPolicies-system: DisableStartupSound = 1 (0x1)
mPolicies-system: DisableStatusMessages = 1 (0x1)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - "c:\program files\fiddler2\Fiddler.exe"
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
DPF: {36B874FC-EECA-4622-8DCE-F8D453C88845} - hxxps://cnypacs.com/HRS/download/AliUpdate.cab
DPF: {55963676-2F5E-4BAF-AC28-CF26AA587566} - hxxps://vpn.stemc.org/CACHE/stc/1/binaries/vpnweb.cab
DPF: {6A1C1D9A-00D4-468C-BAC0-34941BF5DBA1} - hxxps://cnypacs.com/HRS/download/Setup.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{6EF495A2-8B37-4967-BC10-32E0F501172A} : DhcpNameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{6EF495A2-8B37-4967-BC10-32E0F501172A}\0527F64657364796F6E6370275962756C65637370225F657475627 : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{6EF495A2-8B37-4967-BC10-32E0F501172A}\2456C6B696E6F574F505C65737F5D494D4F4F5138303137303 : DhcpNameServer = 65.32.5.111 65.32.5.112
TCP: Interfaces\{6EF495A2-8B37-4967-BC10-32E0F501172A}\D656C666275646F6 : DhcpNameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{FEC1F568-0142-484C-87C3-765B651A5097} : DhcpNameServer = 209.18.47.61 209.18.47.62
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg10\avgpp.dll
AppInit_DLLs: c:\progra~1\google\google~1\GO36F4~1.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\monika\appdata\roaming\mozilla\firefox\profiles\n60gv88i.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1621166&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Bing
FF - prefs.js: browser.startup.homepage - hxxp://www.msn.com/?pc=Z128&ocid=zdhp&install_date=20111215
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?pc=Z128&form=ZGAADF&install_date=20111215&q=
FF - component: c:\program files\avg\avg10\firefox\components\avgssff.dll
FF - component: c:\program files\avg\avg10\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
FF - component: c:\program files\avg\avg10\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\avg\avg10\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\avg\avg10\toolbar\firefox\avg@igeared\components\xpavgtbapi.dll
FF - component: c:\users\monika\appdata\roaming\mozilla\firefox\profiles\n60gv88i.default\extensions\{23ec984e-464c-4a0c-a8df-f80cb8c090e1}\components\FFExternalAlert.dll
FF - component: c:\users\monika\appdata\roaming\mozilla\firefox\profiles\n60gv88i.default\extensions\{23ec984e-464c-4a0c-a8df-f80cb8c090e1}\components\RadioWMPCore.dll
FF - plugin: c:\program files\common files\research in motion\bbwebsllauncher\NPWebSLLauncher.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\users\monika\appdata\local\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\users\monika\appdata\roaming\facebook\npfbplugin_1_0_3.dll
FF - plugin: c:\users\monika\appdata\roaming\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\users\monika\appdata\roaming\mozilla\plugins\npgtpo3dautoplugin.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: FiddlerHook: fiddlerhook@fiddler2.com - c:\program files\fiddler2\FiddlerHook
FF - Ext: CommentsBar 1 Toolbar: {23ec984e-464c-4a0c-a8df-f80cb8c090e1} - %profile%\extensions\{23ec984e-464c-4a0c-a8df-f80cb8c090e1}
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2011-2-22 22992]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2011-3-16 32592]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2011-1-7 248656]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-3-1 34896]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2011-4-4 297168]
R1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\drivers\ctxusbm.sys [2009-9-8 65584]
R2 AliUpdate;Horizon Medical Imaging Update Service;c:\program files\common files\mckesson\mig\service\AliUpdate.exe [2010-1-18 79152]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg10\avgwdsvc.exe [2011-2-8 269520]
R2 EntryProtect;TrustedID Secure Browse;c:\program files\trustedid\trustedid secure browse\epservice.exe [2011-8-21 46952]
R2 MediaMall Server;MediaMall Server;c:\program files\mediamall\MediaMallServer.exe [2010-10-29 3994480]
R2 ppsio2;PPDevice;c:\windows\system32\drivers\ppsio2.sys [2010-3-2 23200]
R2 sprtsvc_verizondm;SupportSoft Sprocket Service (verizondm);c:\program files\verizondm\bin\sprtsvc.exe [2011-2-1 206120]
R2 tgsrvc_verizondm;SupportSoft Repair Service (verizondm);c:\program files\verizondm\bin\tgsrvc.exe [2011-2-1 185640]
R2 Updater Service for StartNow Toolbar;Updater Service for StartNow Toolbar;c:\program files\startnow toolbar\ToolbarUpdaterService.exe [2011-10-25 244960]
R2 vpnagent;Cisco AnyConnect VPN Agent;c:\program files\cisco\cisco anyconnect vpn client\vpnagent.exe [2009-12-17 497856]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2011-5-27 134480]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2011-2-10 24144]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2011-2-10 21968]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
R3 epfilter;epfilter;c:\windows\system32\drivers\epfilter.sys [2011-1-29 18240]
R3 lv321av;Logitech USB PC Camera (VC0321);c:\windows\system32\drivers\lv321av.sys [2006-2-15 1097216]
R3 netw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\netw5v32.sys [2009-6-10 4231168]
R3 SMSCIRDA;SMSC Infrared Device Driver;c:\windows\system32\drivers\smscirda.sys [2007-4-25 31232]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg10\identity protection\agent\bin\AVGIDSAgent.exe [2012-1-31 7391072]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 sbupdate;TrustedID Update Service;c:\program files\sentrybay\update\SentryBayUpdate.exe [2011-4-29 138080]
S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\google\google desktop search\GoogleDesktop.exe [2010-9-26 30192]
S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\drivers\VSTAZL3.SYS [2009-7-13 207360]
S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\drivers\VSTDPV3.SYS [2009-7-13 980992]
S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\drivers\VSTCNXT3.SYS [2009-7-13 661504]
S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-6-3 52224]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-2-24 1343400]
S3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\drivers\WSDPrint.sys [2009-7-13 17920]
.
=============== Created Last 30 ================
.
2012-02-28 22:16:21 -------- d-----w- c:\users\monika\appdata\roaming\Malwarebytes
2012-02-28 22:16:13 -------- d-----w- c:\programdata\Malwarebytes
2012-02-28 22:16:12 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-02-28 22:16:12 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-02-27 21:08:32 -------- d-----w- c:\programdata\PC Tools
2012-02-15 12:33:03 478720 ----a-w- c:\windows\system32\timedate.cpl
2012-02-15 12:32:59 690688 ----a-w- c:\windows\system32\msvcrt.dll
2012-02-15 12:32:54 442880 ----a-w- c:\windows\system32\ntshrui.dll
2012-02-15 12:32:53 2343424 ----a-w- c:\windows\system32\win32k.sys
.
==================== Find3M ====================
.
2011-12-14 03:04:54 1798656 ----a-w- c:\windows\system32\jscript9.dll
2011-12-14 02:57:18 1127424 ----a-w- c:\windows\system32\wininet.dll
2011-12-14 02:56:58 1427456 ----a-w- c:\windows\system32\inetcpl.cpl
2011-12-14 02:50:04 2382848 ----a-w- c:\windows\system32\mshtml.tlb
.
============= FINISH: 13:57:02.72 ===============


.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 11/16/2009 7:04:34 AM
System Uptime: 2/29/2012 9:37:27 AM (4 hours ago)
.
Motherboard: Acer, Inc. | | Bodensee
Processor: Genuine Intel® CPU T2300 @ 1.66GHz | U2E1 | 983/166mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 148 GiB total, 81.692 GiB free.
D: is CDROM ()
F: is FIXED (NTFS) - 1 GiB total, 0.934 GiB free.
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Cisco AnyConnect VPN Virtual Miniport Adapter for Windows
Device ID: ROOT\NET\0000
Manufacturer: Cisco Systems
Name: Cisco AnyConnect VPN Virtual Miniport Adapter for Windows
PNP Device ID: ROOT\NET\0000
Service: vpnva
.
Class GUID:
Description: Mass Storage Controller
Device ID: PCI\VEN_104C&DEV_803B&SUBSYS_00941025&REV_00\4&3981ECD8&0&4AF0
Manufacturer:
Name: Mass Storage Controller
PNP Device ID: PCI\VEN_104C&DEV_803B&SUBSYS_00941025&REV_00\4&3981ECD8&0&4AF0
Service:
.
==== System Restore Points ===================
.
RP259: 1/19/2012 3:00:14 AM - Windows Update
RP260: 1/28/2012 4:02:37 PM - Scheduled Checkpoint
RP261: 2/4/2012 8:22:06 PM - Windows Backup
RP262: 2/16/2012 3:00:18 AM - Windows Update
RP263: 2/27/2012 1:05:40 PM - Removed Garmin WebUpdater
RP264: 2/27/2012 1:06:23 PM - Removed Facebook Messenger 2.0.4430.0
RP265: 2/28/2012 7:11:07 PM - Windows Update
.
==== Installed Programs ======================
.
.
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Photoshop 6.0
Adobe Reader 9.5.0
Adobe SVG Viewer
Apple Application Support
Apple Mobile Device Support
Apple Software Update
AVG 2011
AVG PC Tuneup 2011
Belarc Advisor 8.1
BlackBerry Desktop Software 6.0
BlackBerry Device Software Updater
BlackBerry Device Software v5.0.0 for the BlackBerry 8520 smartphone
Bonjour
Cisco AnyConnect VPN Client
CIT200
Citrix online plug-in - web
Citrix online plug-in (DV)
Citrix online plug-in (HDX)
Citrix online plug-in (USB)
Citrix online plug-in (Web)
Compatibility Pack for the 2007 Office system
Facebook Plug-In
Fiddler2
FlashFXP v3
Garmin Communicator Plugin
Garmin USB Drivers
Google Chrome
Google Desktop
Google Talk Plugin
HDAUDIO Soft Data Fax Modem with SmartCP
Horizon Medical Imaging Update Service
HRS 11.6 Distributed
iCloud
iPod To Computer Transfer 6.2
iTunes
Java Auto Updater
Java™ 6 Update 29
Logitech Media Server 7.7.0
Malwarebytes Anti-Malware version 1.60.1.1000
Microsoft .NET Framework 4 Client Profile
Microsoft Office 2003 Web Components
Microsoft Office File Validation Add-In
Microsoft Office Professional Edition 2003
Microsoft Office Word Viewer 2003
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
mIRC
MobileMe Control Panel
Mozilla Firefox (3.6.8)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP3 Parser (KB973685)
OGA Notifier 2.0.0048.0
OneTouch 4.6
PhysExam (Palm) v 6.0.152 by Skyscape
PlayOn
Prism Video File Converter
Quicken 2004
QuickTime
Realtek High Definition Audio Driver
Redist
Review for the PHYSICIAN ASSISTANT
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
SentryBay Update Helper
Skype™ 5.5
StartNow Toolbar
TrustedID Secure Browse
Uniblue RegistryBooster 2010
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Verizon Download Manager
Verizon High Speed Internet
Verizon Media Manager
Visioneer 8100 Scanner
WIDCOMM Bluetooth Software 6.0.1.3500
Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0)
Windows Media Player Firefox Plugin
WinRAR archiver
.
==== Event Viewer Messages From Past Week ========
.
2/29/2012 1:55:51 PM, Error: Service Control Manager [7023] - The Peer Name Resolution Protocol service terminated with the following error: %%-2140993535
2/29/2012 1:55:51 PM, Error: Service Control Manager [7001] - The Peer Networking Grouping service depends on the Peer Name Resolution Protocol service which failed to start because of the following error: %%-2140993535
2/29/2012 1:55:51 PM, Error: Microsoft-Windows-PNRPSvc [102] - The Peer Name Resolution Protocol cloud did not start because the creation of the default identity failed with error code: 0x80630801.
2/29/2012 1:14:33 PM, Error: Service Control Manager [7001] - The Server service depends on the Security Accounts Manager service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
2/29/2012 1:14:33 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
2/29/2012 1:04:20 PM, Error: Service Control Manager [7001] - The HomeGroup Listener service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
2/29/2012 1:04:19 PM, Error: Microsoft-Windows-SharedAccess_NAT [31004] - The DNS proxy agent was unable to allocate 0 bytes of memory. This may indicate that the system is low on virtual memory, or that the memory manager has encountered an internal error.
2/28/2012 7:48:29 PM, Error: Microsoft-Windows-WMPNSS-Service [14338] - A new media server was not initialized because CoCreateInstance(CLSID_UPnPRegistrar) encountered error '0x80070422'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly.
2/28/2012 7:46:47 PM, Error: Service Control Manager [7000] - The mrtRate service failed to start due to the following error: The system cannot find the file specified.
2/28/2012 6:49:45 PM, Error: NetBT [4321] - The name "MONIKA-PC :0" could not be registered on the interface with IP address 192.168.1.112. The computer with the IP address 169.254.224.8 did not allow the name to be claimed by this computer.
2/28/2012 10:45:02 PM, Error: Microsoft-Windows-HAL [12] - The platform firmware has corrupted memory across the previous system power transition. Please check for updated firmware for your system.
2/28/2012 10:30:57 PM, Error: cdrom [11] - The driver detected a controller error on \Device\CdRom0.
.
==== End Of File ===========================

#2 Elise

Elise

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 8,721 posts
  • Gender:Female
  • Location:Romania

Posted 01 March 2012 - 03:02 AM

Hello and :welcome:

Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!
  • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • If TDSSKiller does not run, try renaming it.
  • To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
  • Click the Start Scan button.
  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
  • A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.


COMBOFIX
---------------
Please download ComboFix from one of these locations:
Bleepingcomputer
ForoSpyware
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Combofix.exe and follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, or if you are running Vista, ComboFix will continue it's malware removal procedures.

Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\Combofix.txt in your next reply.
regards, Elise

If I am helping you and I haven't replied within 24 hours, please feel free to send me a PM.

Posted Image


#3 iMoni

iMoni

    New Member

  • Members
  • Pip
  • 27 posts

Posted 01 March 2012 - 12:18 PM

Hi I think something went wrong when I run combofix
I have disabled the AVG but I forgot to look at the list of other programs to be disabled and now combo fix is stuck on the screen
Preparing Log report
Do Not run any programs until ComboFix has finished
It's been 20 min on that screen
The other scan had found 0 threats

What should I do?

#4 Elise

Elise

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 8,721 posts
  • Gender:Female
  • Location:Romania

Posted 01 March 2012 - 01:00 PM

Leave it a bit longer, as this can take a long time sometimes and see if the log comes up. If it doesn't come up, look for the log at c:\combofix.txt
regards, Elise

If I am helping you and I haven't replied within 24 hours, please feel free to send me a PM.

Posted Image


#5 iMoni

iMoni

    New Member

  • Members
  • Pip
  • 27 posts

Posted 01 March 2012 - 01:12 PM

It's been like 50 min now and the blue window did not change I looked into c drive and no log file
Should I just close it?

#6 Elise

Elise

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 8,721 posts
  • Gender:Female
  • Location:Romania

Posted 01 March 2012 - 01:34 PM

Yes, close it and if no log is created, rerun it and see if one pops up now.
regards, Elise

If I am helping you and I haven't replied within 24 hours, please feel free to send me a PM.

Posted Image


#7 iMoni

iMoni

    New Member

  • Members
  • Pip
  • 27 posts

Posted 01 March 2012 - 06:56 PM

Ok the scan gut stuck again but I was able to find this scan report in C://Combofix/Combofix.txt


ComboFix 12-03-01.01 - Monika 03/01/2012 15:18:00.2.2 - x86
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.3070.1929 [GMT -5:00]
Running from: C:\Users\Monika\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2011 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2011 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\Users\Monika\AppData\Local\Temp\pdk-Monika-1372\0665c25e931c1ac0151b062449e91028\XSAccessor.dll
C:\Users\Monika\AppData\Local\Temp\pdk-Monika-1372\17d0b152e63e6bfe81b4b19588538896\mro.dll
C:\Users\Monika\AppData\Local\Temp\pdk-Monika-1372\19febd96672ffdb7ea244cef36aaa062\Zlib.dll
C:\Users\Monika\AppData\Local\Temp\pdk-Monika-1372\2b1fc61b36a6711ea149b18bf3b41500\Parser.dll
C:\Users\Monika\AppData\Local\Temp\pdk-Monika-1372\31638f63e39b38d3e250a9a57cb9d1c5\Cwd.dll
C:\Users\Monika\AppData\Local\Temp\pdk-Monika-1372\32785c19dc6898fbbbf06f3b776edd08\Fcntl.dll
C:\Users\Monika\AppData\Local\Temp\pdk-Monika-1372\3a7ccbf8181ee5a145227a6dfce3594c\WinError.dll
C:\Users\Monika\AppData\Local\Temp\pdk-Monika-1372\3a8764e0d7c5d453e01d9ad08cf7fb58\IO.dll
C:\Users\Monika\AppData\Local\Temp\pdk-Monika-1372\3b7106dd14676048b10bbb09a990f74c\XS.dll
C:\Users\Monika\AppData\Local\Temp\pdk-Monika-1372\4461f48e31bde5c56b31b973b773de09\List.dll
C:\Users\Monika\AppData\Local\Temp\pdk-Monika-1372\44727051c604ef6b79894b64d4c63832\Expat.dll
C:\Users\Monika\AppData\Local\Temp\pdk-Monika-1372\4f2c03383aab0133b8dc0a3fa2dd92fa\Storable.dll
C:\Users\Monika\AppData\Local\Temp\pdk-Monika-1372\5ffd05b2cbd58528e56519784ca9c869\Hostname.dll
C:\Users\Monika\AppData\Local\Temp\pdk-Monika-1372\60ff464e01c2cd5526dbdad5a125081d\Dumper.dll
C:\Users\Monika\AppData\Local\Temp\pdk-Monika-1372\7ef0d901bf4203fbcf7a0fff0e82aa5f\Encode.dll
C:\Users\Monika\AppData\Local\Temp\pdk-Monika-1372\7f177c338672436e01c4f0bdbcf94491\EV.dll
C:\Users\Monika\AppData\Local\Temp\pdk-Monika-1372\7f2598c08178217a0e2c754f3d568f28\Byte.dll
C:\Users\Monika\AppData\Local\Temp\pdk-Monika-1372\8fedeb86a4a984edfc1fb255d4ea965c\XS.dll
C:\Users\Monika\AppData\Local\Temp\pdk-Monika-1372\951e8057c3fe65524966ea64dff289ac\Scan.dll
C:\Users\Monika\AppData\Local\Temp\pdk-Monika-1372\961b0d62fa52b1dd29c795a822fbf1cf\DBI.dll
C:\Users\Monika\AppData\Local\Temp\pdk-Monika-1372\aff7ee779ea184f884ed432c30a58f5d\Scale.dll
C:\Users\Monika\AppData\Local\Temp\pdk-Monika-1372\b6bd87c968599725b8ab2e5c25d3046a\API.dll
C:\Users\Monika\AppData\Local\Temp\pdk-Monika-1372\b979ace6da01e63d651cce9ee2474fdc\Name.dll
C:\Users\Monika\AppData\Local\Temp\pdk-Monika-1372\bc147d83c7c868eeee67082dcf55430c\File.dll
C:\Users\Monika\AppData\Local\Temp\pdk-Monika-1372\bd5179a413bc0c4b82eedc22c6cab101\re.dll
C:\Users\Monika\AppData\Local\Temp\pdk-Monika-1372\c199d3c1960e7aeeecb599487952bed2\HiRes.dll
C:\Users\Monika\AppData\Local\Temp\pdk-Monika-1372\c19d5e3dc664d9f4ce700001e2621cee\MD5.dll
C:\Users\Monika\AppData\Local\Temp\pdk-Monika-1372\c344fd5536724b2af2e6453833b60203\SHA1.dll
C:\Users\Monika\AppData\Local\Temp\pdk-Monika-1372\c5cce8d16a1bd48692b421dcf46d3396\Util.dll
C:\Users\Monika\AppData\Local\Temp\pdk-Monika-1372\c668a322917d32a5ea22894518aa9897\Base64.dll
C:\Users\Monika\AppData\Local\Temp\pdk-Monika-1372\cf5fe81e2f5dcbfecfd0495e1648c991\Unicode.dll
C:\Users\Monika\AppData\Local\Temp\pdk-Monika-1372\d0bf009923f29116535c26d228271d6d\Scan.dll
C:\Users\Monika\AppData\Local\Temp\pdk-Monika-1372\d10c2c06ba2044cccc247c4315f5c7d3\Process.dll
C:\Users\Monika\AppData\Local\Temp\pdk-Monika-1372\d1c77e404b5c4b954fa537ed63c8fb7b\File.dll
C:\Users\Monika\AppData\Local\Temp\pdk-Monika-1372\d1e7c33431cd8713f2ce3582829a8b14\Socket.dll
C:\Users\Monika\AppData\Local\Temp\pdk-Monika-1372\dacfd0ab9b5fd029ed8d29e4482b0775\XS.dll
C:\Users\Monika\AppData\Local\Temp\pdk-Monika-1372\de446fdd1ae335c7d2b9e62bb8cdf765\B.dll
C:\Users\Monika\AppData\Local\Temp\pdk-Monika-1372\df1ba73f49c38cbbc7a11c779c3506d2\OLE.dll
C:\Users\Monika\AppData\Local\Temp\pdk-Monika-1372\e2e81dd6b3e5a36f0bdae076393cc11d\icudt46.dll
C:\Users\Monika\AppData\Local\Temp\pdk-Monika-1372\e2e81dd6b3e5a36f0bdae076393cc11d\icuin46.dll
C:\Users\Monika\AppData\Local\Temp\pdk-Monika-1372\e2e81dd6b3e5a36f0bdae076393cc11d\icuuc46.dll
C:\Users\Monika\AppData\Local\Temp\pdk-Monika-1372\e2e81dd6b3e5a36f0bdae076393cc11d\SQLite.dll
C:\Users\Monika\AppData\Local\Temp\pdk-Monika-1372\e56c61f7248672819579325af3387035\POSIX.dll
C:\Users\Monika\AppData\Local\Temp\pdk-Monika-1372\eaeabd54205de2f10c00aea80bbf0d83\Registry.dll
C:\Users\Monika\AppData\Local\Temp\pdk-Monika-1372\eb138ef0e4282611dbf485a302784646\LibYAML.dll
C:\Users\Monika\AppData\Local\Temp\pdk-Monika-1372\f233f63b6654362865c7577442edb9e3\Win32.dll
C:\Users\Monika\AppData\Local\Temp\pdk-Monika-1372\fa9e3c814aa32db2ad5f17bdfbc22746\attributes.dll
C:\Users\Monika\AppData\Local\Temp\pdk-Monika-1372\perl514.dll
C:\Users\Monika\AppData\Local\Temp\pdk-Monika-3020\31638f63e39b38d3e250a9a57cb9d1c5\Cwd.dll
C:\Users\Monika\AppData\Local\Temp\pdk-Monika-3020\32785c19dc6898fbbbf06f3b776edd08\Fcntl.dll
C:\Users\Monika\AppData\Local\Temp\pdk-Monika-3020\3a7ccbf8181ee5a145227a6dfce3594c\WinError.dll
C:\Users\Monika\AppData\Local\Temp\pdk-Monika-3020\4461f48e31bde5c56b31b973b773de09\List.dll
C:\Users\Monika\AppData\Local\Temp\pdk-Monika-3020\5ffd05b2cbd58528e56519784ca9c869\Hostname.dll
C:\Users\Monika\AppData\Local\Temp\pdk-Monika-3020\60ff464e01c2cd5526dbdad5a125081d\Dumper.dll
C:\Users\Monika\AppData\Local\Temp\pdk-Monika-3020\7ef0d901bf4203fbcf7a0fff0e82aa5f\Encode.dll
C:\Users\Monika\AppData\Local\Temp\pdk-Monika-3020\93e7e3d6030f426844228042348210cf\Service.dll
C:\Users\Monika\AppData\Local\Temp\pdk-Monika-3020\bd5179a413bc0c4b82eedc22c6cab101\re.dll
C:\Users\Monika\AppData\Local\Temp\pdk-Monika-3020\c5cce8d16a1bd48692b421dcf46d3396\Util.dll
C:\Users\Monika\AppData\Local\Temp\pdk-Monika-3020\d10c2c06ba2044cccc247c4315f5c7d3\Process.dll
C:\Users\Monika\AppData\Local\Temp\pdk-Monika-3020\d1e7c33431cd8713f2ce3582829a8b14\Socket.dll
C:\Users\Monika\AppData\Local\Temp\pdk-Monika-3020\de446fdd1ae335c7d2b9e62bb8cdf765\B.dll
C:\Users\Monika\AppData\Local\Temp\pdk-Monika-3020\df1ba73f49c38cbbc7a11c779c3506d2\OLE.dll
C:\Users\Monika\AppData\Local\Temp\pdk-Monika-3020\e56c61f7248672819579325af3387035\POSIX.dll
C:\Users\Monika\AppData\Local\Temp\pdk-Monika-3020\eaeabd54205de2f10c00aea80bbf0d83\Registry.dll
C:\Users\Monika\AppData\Local\Temp\pdk-Monika-3020\eb138ef0e4282611dbf485a302784646\LibYAML.dll
C:\Users\Monika\AppData\Local\Temp\pdk-Monika-3020\f233f63b6654362865c7577442edb9e3\Win32.dll
C:\Users\Monika\AppData\Local\Temp\pdk-Monika-3020\perl514.dll

---- Previous Run -------

C:\install.exe
C:\Program Files\StartNow Toolbar\ReactivateFF.exe
C:\Program Files\StartNow Toolbar\ReactivateIE.exe
C:\Program Files\StartNow Toolbar\Resources\images\engine_images.png
C:\Program Files\StartNow Toolbar\Resources\images\engine_maps.png
C:\Program Files\StartNow Toolbar\Resources\images\engine_news.png
C:\Program Files\StartNow Toolbar\Resources\images\engine_videos.png
C:\Program Files\StartNow Toolbar\Resources\images\engine_web.png
C:\Program Files\StartNow Toolbar\Resources\images\icon_amazon.png
C:\Program Files\StartNow Toolbar\Resources\images\icon_ebay.png
C:\Program Files\StartNow Toolbar\Resources\images\icon_facebook.png
C:\Program Files\StartNow Toolbar\Resources\images\icon_games.png
C:\Program Files\StartNow Toolbar\Resources\images\icon_msn.png
C:\Program Files\StartNow Toolbar\Resources\images\icon_shopping.png
C:\Program Files\StartNow Toolbar\Resources\images\icon_travel.png
C:\Program Files\StartNow Toolbar\Resources\images\icon_twitter.png
C:\Program Files\StartNow Toolbar\Resources\images\startnow_logo.png
C:\Program Files\StartNow Toolbar\Resources\installer.xml
C:\Program Files\StartNow Toolbar\Resources\skin\chevron_button.png
C:\Program Files\StartNow Toolbar\Resources\skin\searchbox_button_hover.png
C:\Program Files\StartNow Toolbar\Resources\skin\searchbox_button_normal.png
C:\Program Files\StartNow Toolbar\Resources\skin\searchbox_dropdown_button_normal.png
C:\Program Files\StartNow Toolbar\Resources\skin\searchbox_input_background.png
C:\Program Files\StartNow Toolbar\Resources\skin\searchbox_input_left.png
C:\Program Files\StartNow Toolbar\Resources\skin\searchbox_input_middle.png
C:\Program Files\StartNow Toolbar\Resources\skin\separator.png
C:\Program Files\StartNow Toolbar\Resources\skin\splitter.png
C:\Program Files\StartNow Toolbar\Resources\skin\toolbarbutton_ff_hover_c.png
C:\Program Files\StartNow Toolbar\Resources\skin\toolbarbutton_ie_hover_c.png
C:\Program Files\StartNow Toolbar\Resources\skin\toolbarbutton_ie_hover_l.png
C:\Program Files\StartNow Toolbar\Resources\skin\toolbarbutton_ie_hover_r.png
C:\Program Files\StartNow Toolbar\Resources\skin\toolbarbutton_ie_normal_c.png
C:\Program Files\StartNow Toolbar\Resources\skin\toolbarbutton_ie_normal_l.png
C:\Program Files\StartNow Toolbar\Resources\skin\toolbarbutton_ie_normal_r.png
C:\Program Files\StartNow Toolbar\Resources\toolbar.xml
C:\Program Files\StartNow Toolbar\Resources\update.xml
C:\Program Files\StartNow Toolbar\StartNowToolbarUninstall.exe
C:\Program Files\StartNow Toolbar\Toolbar32.dll
C:\Program Files\StartNow Toolbar\ToolbarBroker.exe
C:\Program Files\StartNow Toolbar\ToolbarUpdaterService.exe
C:\Program Files\StartNow Toolbar\uninstall.dat
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.exe.lnk
C:\Users\Monika\AppData\Local\Microsoft\Windows\Temporary Internet Files\cookies.sqlite
C:\Users\Monika\AppData\Local\Temp\pdk-Monika-4640\31638f63e39b38d3e250a9a57cb9d1c5\Cwd.dll
C:\Users\Monika\AppData\Local\Temp\pdk-Monika-4640\32785c19dc6898fbbbf06f3b776edd08\Fcntl.dll
C:\Users\Monika\AppData\Local\Temp\pdk-Monika-4640\3a7ccbf8181ee5a145227a6dfce3594c\WinError.dll
C:\Users\Monika\AppData\Local\Temp\pdk-Monika-4640\4461f48e31bde5c56b31b973b773de09\List.dll
C:\Users\Monika\AppData\Local\Temp\pdk-Monika-4640\5ffd05b2cbd58528e56519784ca9c869\Hostname.dll
C:\Users\Monika\AppData\Local\Temp\pdk-Monika-4640\60ff464e01c2cd5526dbdad5a125081d\Dumper.dll
C:\Users\Monika\AppData\Local\Temp\pdk-Monika-4640\7ef0d901bf4203fbcf7a0fff0e82aa5f\Encode.dll
C:\Users\Monika\AppData\Local\Temp\pdk-Monika-4640\93e7e3d6030f426844228042348210cf\Service.dll
C:\Users\Monika\AppData\Local\Temp\pdk-Monika-4640\bd5179a413bc0c4b82eedc22c6cab101\re.dll
C:\Users\Monika\AppData\Local\Temp\pdk-Monika-4640\c5cce8d16a1bd48692b421dcf46d3396\Util.dll
C:\Users\Monika\AppData\Local\Temp\pdk-Monika-4640\d10c2c06ba2044cccc247c4315f5c7d3\Process.dll
C:\Users\Monika\AppData\Local\Temp\pdk-Monika-4640\d1e7c33431cd8713f2ce3582829a8b14\Socket.dll
C:\Users\Monika\AppData\Local\Temp\pdk-Monika-4640\de446fdd1ae335c7d2b9e62bb8cdf765\B.dll
C:\Users\Monika\AppData\Local\Temp\pdk-Monika-4640\df1ba73f49c38cbbc7a11c779c3506d2\OLE.dll
C:\Users\Monika\AppData\Local\Temp\pdk-Monika-4640\e56c61f7248672819579325af3387035\POSIX.dll
C:\Users\Monika\AppData\Local\Temp\pdk-Monika-4640\eaeabd54205de2f10c00aea80bbf0d83\Registry.dll
C:\Users\Monika\AppData\Local\Temp\pdk-Monika-4640\eb138ef0e4282611dbf485a302784646\LibYAML.dll
C:\Users\Monika\AppData\Local\Temp\pdk-Monika-4640\f233f63b6654362865c7577442edb9e3\Win32.dll
C:\Users\Monika\AppData\Local\Temp\pdk-Monika-4640\perl514.dll
C:\Users\Monika\AppData\Local\Temp\pdk-Monika-5732\0665c25e931c1ac0151b062449e91028\XSAccessor.dll
C:\Users\Monika\AppData\Local\Temp\pdk-Monika-5732\17d0b152e63e6bfe81b4b19588538896\mro.dll
C:\Users\Monika\AppData\Local\Temp\pdk-Monika-5732\19febd96672ffdb7ea244cef36aaa062\Zlib.dll
C:\Users\Monika\AppData\Local\Temp\pdk-Monika-5732\2b1fc61b36a6711ea149b18bf3b41500\Parser.dll
C:\Users\Monika\AppData\Local\Temp\pdk-Monika-5732\31638f63e39b38d3e250a9a57cb9d1c5\Cwd.dll
C:\Users\Monika\AppData\Local\Temp\pdk-Monika-5732\32785c19dc6898fbbbf06f3b776edd08\Fcntl.dll
C:\Users\Monika\AppData\Local\Temp\pdk-Monika-5732\3a7ccbf8181ee5a145227a6dfce3594c\WinError.dll
C:\Users\Monika\AppData\Local\Temp\pdk-Monika-5732\3a8764e0d7c5d453e01d9ad08cf7fb58\IO.dll
C:\Users\Monika\AppData\Local\Temp\pdk-Monika-5732\3b7106dd14676048b10bbb09a990f74c\XS.dll
C:\Users\Monika\AppData\Local\Temp\pdk-Monika-5732\4461f48e31bde5c56b31b973b773de09\List.dll
C:\Users\Monika\AppData\Local\Temp\pdk-Monika-5732\44727051c604ef6b79894b64d4c63832\Expat.dll
C:\Users\Monika\AppData\Local\Temp\pdk-Monika-5732\4f2c03383aab0133b8dc0a3fa2dd92fa\Storable.dll
C:\Users\Monika\AppData\Local\Temp\pdk-Monika-5732\5ffd05b2cbd58528e56519784ca9c869\Hostname.dll
C:\Users\Monika\AppData\Local\Temp\pdk-Monika-5732\60ff464e01c2cd5526dbdad5a125081d\Dumper.dll
C:\Users\Monika\AppData\Local\Temp\pdk-Monika-5732\7ef0d901bf4203fbcf7a0fff0e82aa5f\Encode.dll
C:\Users\Monika\AppData\Local\Temp\pdk-Monika-5732\7f177c338672436e01c4f0bdbcf94491\EV.dll
C:\Users\Monika\AppData\Local\Temp\pdk-Monika-5732\7f2598c08178217a0e2c754f3d568f28\Byte.dll
C:\Users\Monika\AppData\Local\Temp\pdk-Monika-5732\87fe0906e4bfbcec428293cf9a5ac335\NetResource.dll
C:\Users\Monika\AppData\Local\Temp\pdk-Monika-5732\8fedeb86a4a984edfc1fb255d4ea965c\XS.dll
C:\Users\Monika\AppData\Local\Temp\pdk-Monika-5732\951e8057c3fe65524966ea64dff289ac\Scan.dll
C:\Users\Monika\AppData\Local\Temp\pdk-Monika-5732\961b0d62fa52b1dd29c795a822fbf1cf\DBI.dll
C:\Users\Monika\AppData\Local\Temp\pdk-Monika-5732\aff7ee779ea184f884ed432c30a58f5d\Scale.dll
C:\Users\Monika\AppData\Local\Temp\pdk-Monika-5732\b6bd87c968599725b8ab2e5c25d3046a\API.dll
C:\Users\Monika\AppData\Local\Temp\pdk-Monika-5732\b979ace6da01e63d651cce9ee2474fdc\Name.dll
C:\Users\Monika\AppData\Local\Temp\pdk-Monika-5732\bc147d83c7c868eeee67082dcf55430c\File.dll
C:\Users\Monika\AppData\Local\Temp\pdk-Monika-5732\bd5179a413bc0c4b82eedc22c6cab101\re.dll
C:\Users\Monika\AppData\Local\Temp\pdk-Monika-5732\c199d3c1960e7aeeecb599487952bed2\HiRes.dll
C:\Users\Monika\AppData\Local\Temp\pdk-Monika-5732\c19d5e3dc664d9f4ce700001e2621cee\MD5.dll
C:\Users\Monika\AppData\Local\Temp\pdk-Monika-5732\c344fd5536724b2af2e6453833b60203\SHA1.dll
C:\Users\Monika\AppData\Local\Temp\pdk-Monika-5732\c5cce8d16a1bd48692b421dcf46d3396\Util.dll
C:\Users\Monika\AppData\Local\Temp\pdk-Monika-5732\c668a322917d32a5ea22894518aa9897\Base64.dll
C:\Users\Monika\AppData\Local\Temp\pdk-Monika-5732\cf5fe81e2f5dcbfecfd0495e1648c991\Unicode.dll
C:\Users\Monika\AppData\Local\Temp\pdk-Monika-5732\d0bf009923f29116535c26d228271d6d\Scan.dll
C:\Users\Monika\AppData\Local\Temp\pdk-Monika-5732\d10c2c06ba2044cccc247c4315f5c7d3\Process.dll
C:\Users\Monika\AppData\Local\Temp\pdk-Monika-5732\d1c77e404b5c4b954fa537ed63c8fb7b\File.dll
C:\Users\Monika\AppData\Local\Temp\pdk-Monika-5732\d1e7c33431cd8713f2ce3582829a8b14\Socket.dll
C:\Users\Monika\AppData\Local\Temp\pdk-Monika-5732\dacfd0ab9b5fd029ed8d29e4482b0775\XS.dll
C:\Users\Monika\AppData\Local\Temp\pdk-Monika-5732\de446fdd1ae335c7d2b9e62bb8cdf765\B.dll
C:\Users\Monika\AppData\Local\Temp\pdk-Monika-5732\df1ba73f49c38cbbc7a11c779c3506d2\OLE.dll
C:\Users\Monika\AppData\Local\Temp\pdk-Monika-5732\e2e81dd6b3e5a36f0bdae076393cc11d\icudt46.dll
C:\Users\Monika\AppData\Local\Temp\pdk-Monika-5732\e2e81dd6b3e5a36f0bdae076393cc11d\icuin46.dll
C:\Users\Monika\AppData\Local\Temp\pdk-Monika-5732\e2e81dd6b3e5a36f0bdae076393cc11d\icuuc46.dll
C:\Users\Monika\AppData\Local\Temp\pdk-Monika-5732\e2e81dd6b3e5a36f0bdae076393cc11d\SQLite.dll
C:\Users\Monika\AppData\Local\Temp\pdk-Monika-5732\e56c61f7248672819579325af3387035\POSIX.dll
C:\Users\Monika\AppData\Local\Temp\pdk-Monika-5732\eaeabd54205de2f10c00aea80bbf0d83\Registry.dll
C:\Users\Monika\AppData\Local\Temp\pdk-Monika-5732\eb138ef0e4282611dbf485a302784646\LibYAML.dll
C:\Users\Monika\AppData\Local\Temp\pdk-Monika-5732\f233f63b6654362865c7577442edb9e3\Win32.dll
C:\Users\Monika\AppData\Local\Temp\pdk-Monika-5732\fa9e3c814aa32db2ad5f17bdfbc22746\attributes.dll
C:\Users\Monika\AppData\Local\Temp\pdk-Monika-5732\perl514.dll
C:\Users\Monika\AppData\Roaming\Mozilla\Firefox\Profiles\n60gv88i.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome.manifest
C:\Users\Monika\AppData\Roaming\Mozilla\Firefox\Profiles\n60gv88i.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\bar.js
C:\Users\Monika\AppData\Roaming\Mozilla\Firefox\Profiles\n60gv88i.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\bar.xul
C:\Users\Monika\AppData\Roaming\Mozilla\Firefox\Profiles\n60gv88i.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\buttons.js
C:\Users\Monika\AppData\Roaming\Mozilla\Firefox\Profiles\n60gv88i.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\constants.js
C:\Users\Monika\AppData\Roaming\Mozilla\Firefox\Profiles\n60gv88i.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\events.js
C:\Users\Monika\AppData\Roaming\Mozilla\Firefox\Profiles\n60gv88i.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\globals.js
C:\Users\Monika\AppData\Roaming\Mozilla\Firefox\Profiles\n60gv88i.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\hosts.js
C:\Users\Monika\AppData\Roaming\Mozilla\Firefox\Profiles\n60gv88i.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\init.js
C:\Users\Monika\AppData\Roaming\Mozilla\Firefox\Profiles\n60gv88i.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\engine_images.png
C:\Users\Monika\AppData\Roaming\Mozilla\Firefox\Profiles\n60gv88i.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\engine_maps.png
C:\Users\Monika\AppData\Roaming\Mozilla\Firefox\Profiles\n60gv88i.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\engine_news.png
C:\Users\Monika\AppData\Roaming\Mozilla\Firefox\Profiles\n60gv88i.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\engine_videos.png
C:\Users\Monika\AppData\Roaming\Mozilla\Firefox\Profiles\n60gv88i.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\engine_web.png
C:\Users\Monika\AppData\Roaming\Mozilla\Firefox\Profiles\n60gv88i.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\icon_amazon.png
C:\Users\Monika\AppData\Roaming\Mozilla\Firefox\Profiles\n60gv88i.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\icon_ebay.png
C:\Users\Monika\AppData\Roaming\Mozilla\Firefox\Profiles\n60gv88i.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\icon_facebook.png
C:\Users\Monika\AppData\Roaming\Mozilla\Firefox\Profiles\n60gv88i.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\icon_games.png
C:\Users\Monika\AppData\Roaming\Mozilla\Firefox\Profiles\n60gv88i.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\icon_msn.png
C:\Users\Monika\AppData\Roaming\Mozilla\Firefox\Profiles\n60gv88i.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\icon_shopping.png
C:\Users\Monika\AppData\Roaming\Mozilla\Firefox\Profiles\n60gv88i.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\icon_travel.png
C:\Users\Monika\AppData\Roaming\Mozilla\Firefox\Profiles\n60gv88i.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\icon_twitter.png
C:\Users\Monika\AppData\Roaming\Mozilla\Firefox\Profiles\n60gv88i.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\startnow_logo.png
C:\Users\Monika\AppData\Roaming\Mozilla\Firefox\Profiles\n60gv88i.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\installer.xml
C:\Users\Monika\AppData\Roaming\Mozilla\Firefox\Profiles\n60gv88i.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\chevron_button.png
C:\Users\Monika\AppData\Roaming\Mozilla\Firefox\Profiles\n60gv88i.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\searchbox_button_hover.png
C:\Users\Monika\AppData\Roaming\Mozilla\Firefox\Profiles\n60gv88i.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\searchbox_button_normal.png
C:\Users\Monika\AppData\Roaming\Mozilla\Firefox\Profiles\n60gv88i.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\searchbox_dropdown_button_normal.png
C:\Users\Monika\AppData\Roaming\Mozilla\Firefox\Profiles\n60gv88i.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\searchbox_input_background.png
C:\Users\Monika\AppData\Roaming\Mozilla\Firefox\Profiles\n60gv88i.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\searchbox_input_left.png
C:\Users\Monika\AppData\Roaming\Mozilla\Firefox\Profiles\n60gv88i.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\searchbox_input_middle.png
C:\Users\Monika\AppData\Roaming\Mozilla\Firefox\Profiles\n60gv88i.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\separator.png
C:\Users\Monika\AppData\Roaming\Mozilla\Firefox\Profiles\n60gv88i.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\splitter.png
C:\Users\Monika\AppData\Roaming\Mozilla\Firefox\Profiles\n60gv88i.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\toolbarbutton_ff_hover_c.png
C:\Users\Monika\AppData\Roaming\Mozilla\Firefox\Profiles\n60gv88i.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\toolbarbutton_ie_hover_c.png
C:\Users\Monika\AppData\Roaming\Mozilla\Firefox\Profiles\n60gv88i.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\toolbarbutton_ie_hover_l.png
C:\Users\Monika\AppData\Roaming\Mozilla\Firefox\Profiles\n60gv88i.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\toolbarbutton_ie_hover_r.png
C:\Users\Monika\AppData\Roaming\Mozilla\Firefox\Profiles\n60gv88i.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\toolbarbutton_ie_normal_c.png
C:\Users\Monika\AppData\Roaming\Mozilla\Firefox\Profiles\n60gv88i.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\toolbarbutton_ie_normal_l.png
C:\Users\Monika\AppData\Roaming\Mozilla\Firefox\Profiles\n60gv88i.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\toolbarbutton_ie_normal_r.png
C:\Users\Monika\AppData\Roaming\Mozilla\Firefox\Profiles\n60gv88i.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\toolbar.xml
C:\Users\Monika\AppData\Roaming\Mozilla\Firefox\Profiles\n60gv88i.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\locale\en-US\{5911488E-9D1E-40ec-8CBB-06B231CC153F}.dtd
C:\Users\Monika\AppData\Roaming\Mozilla\Firefox\Profiles\n60gv88i.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\skin\overlay.css
C:\Users\Monika\AppData\Roaming\Mozilla\Firefox\Profiles\n60gv88i.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\components\tellSvc.dll
C:\Users\Monika\AppData\Roaming\Mozilla\Firefox\Profiles\n60gv88i.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\install.rdf


((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_Updater Service for StartNow Toolbar
-------\Service_Updater Service for StartNow Toolbar


((((((((((((((((((((((((( Files Created from 2012-02-01 to 2012-03-01 )))))))))))))))))))))))))))))))


2012-03-01 20:27:53 . 2012-03-01 21:35:21 -------- d-----w- C:\Users\Monika\AppData\Local\temp
2012-03-01 20:27:53 . 2012-03-01 20:27:53 -------- d-----w- C:\Users\xbox\AppData\Local\temp
2012-03-01 20:27:53 . 2012-03-01 20:27:53 -------- d-----w- C:\Users\Mcx1-MONIKA-PC\AppData\Local\temp
2012-03-01 20:27:53 . 2012-03-01 20:27:53 -------- d-----w- C:\Users\Guest\AppData\Local\temp
2012-03-01 20:27:53 . 2012-03-01 20:27:53 -------- d-----w- C:\Users\Default\AppData\Local\temp
2012-02-28 22:16:21 . 2012-02-28 22:16:21 -------- d-----w- C:\Users\Monika\AppData\Roaming\Malwarebytes
2012-02-28 22:16:13 . 2012-02-28 23:45:30 -------- d-----w- C:\ProgramData\Malwarebytes
2012-02-28 22:16:12 . 2012-02-28 22:16:15 -------- d-----w- C:\Program Files\Malwarebytes' Anti-Malware
2012-02-28 22:16:12 . 2011-12-10 20:24:06 20464 ----a-w- C:\Windows\system32\drivers\mbam.sys
2012-02-27 21:08:32 . 2012-02-27 21:08:32 -------- d-----w- C:\ProgramData\PC Tools
2012-02-15 12:33:03 . 2011-12-30 05:27:56 478720 ----a-w- C:\Windows\system32\timedate.cpl
2012-02-15 12:32:59 . 2011-12-16 07:52:58 690688 ----a-w- C:\Windows\system32\msvcrt.dll
2012-02-15 12:32:54 . 2012-01-04 08:58:41 442880 ----a-w- C:\Windows\system32\ntshrui.dll
2012-02-15 12:32:53 . 2012-01-14 03:35:54 2343424 ----a-w- C:\Windows\system32\win32k.sys
.


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2009-09-13 03:05:42 . 2009-09-13 03:05:42 124240 ----a-w- C:\Program Files\mozilla firefox\plugins\CCMSDK.dll
2009-09-13 03:06:48 . 2009-09-13 03:06:48 13136 ----a-w- C:\Program Files\mozilla firefox\plugins\cgpcfg.dll
2009-09-13 03:06:22 . 2009-09-13 03:06:22 70488 ----a-w- C:\Program Files\mozilla firefox\plugins\CgpCore.dll
2009-09-13 03:06:32 . 2009-09-13 03:06:32 91480 ----a-w- C:\Program Files\mozilla firefox\plugins\confmgr.dll
2009-09-13 03:06:28 . 2009-09-13 03:06:28 22360 ----a-w- C:\Program Files\mozilla firefox\plugins\ctxlogging.dll
2009-09-13 03:07:08 . 2009-09-13 03:07:08 255312 ----a-w- C:\Program Files\mozilla firefox\plugins\ctxmui.dll
2009-09-13 03:06:30 . 2009-09-13 03:06:30 31064 ----a-w- C:\Program Files\mozilla firefox\plugins\icafile.dll
2009-09-13 03:06:46 . 2009-09-13 03:06:46 40280 ----a-w- C:\Program Files\mozilla firefox\plugins\icalogon.dll
2009-08-14 17:33:38 . 2009-08-14 17:33:38 652640 ----a-w- C:\Program Files\mozilla firefox\plugins\sslsdk_b.dll
2009-09-13 03:06:24 . 2009-09-13 03:06:24 23896 ----a-w- C:\Program Files\mozilla firefox\plugins\TcpPServ.dll
2010-09-26 19:15:30 . 2010-09-26 19:15:30 119808 ----a-w- C:\Program Files\mozilla firefox\components\GoogleDesktopMozilla.dll


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


As you can see the report shorted here

#8 Elise

Elise

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 8,721 posts
  • Gender:Female
  • Location:Romania

Posted 02 March 2012 - 07:39 AM

As the browser settings aren't visible right now, can you tell me how everything is running now?
regards, Elise

If I am helping you and I haven't replied within 24 hours, please feel free to send me a PM.

Posted Image


#9 iMoni

iMoni

    New Member

  • Members
  • Pip
  • 27 posts

Posted 03 March 2012 - 07:15 PM

the virus is still on my pc :(

#10 iMoni

iMoni

    New Member

  • Members
  • Pip
  • 27 posts

Posted 03 March 2012 - 09:33 PM

Success I was able to finally complete the ComboFix run after uninstalling AVG

here are the results


ComboFix 12-03-01.01 - Monika 03/03/2012 20:57:41.3.2 - x86
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.3070.1770 [GMT -5:00]
Running from: c:\users\Monika\Desktop\ComboFix.exe
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Monika\AppData\Local\Temp\pdk-Monika-3456\31638f63e39b38d3e250a9a57cb9d1c5\Cwd.dll
c:\users\Monika\AppData\Local\Temp\pdk-Monika-3456\32785c19dc6898fbbbf06f3b776edd08\Fcntl.dll
c:\users\Monika\AppData\Local\Temp\pdk-Monika-3456\3a7ccbf8181ee5a145227a6dfce3594c\WinError.dll
c:\users\Monika\AppData\Local\Temp\pdk-Monika-3456\4461f48e31bde5c56b31b973b773de09\List.dll
c:\users\Monika\AppData\Local\Temp\pdk-Monika-3456\5ffd05b2cbd58528e56519784ca9c869\Hostname.dll
c:\users\Monika\AppData\Local\Temp\pdk-Monika-3456\60ff464e01c2cd5526dbdad5a125081d\Dumper.dll
c:\users\Monika\AppData\Local\Temp\pdk-Monika-3456\7ef0d901bf4203fbcf7a0fff0e82aa5f\Encode.dll
c:\users\Monika\AppData\Local\Temp\pdk-Monika-3456\93e7e3d6030f426844228042348210cf\Service.dll
c:\users\Monika\AppData\Local\Temp\pdk-Monika-3456\bd5179a413bc0c4b82eedc22c6cab101\re.dll
c:\users\Monika\AppData\Local\Temp\pdk-Monika-3456\c5cce8d16a1bd48692b421dcf46d3396\Util.dll
c:\users\Monika\AppData\Local\Temp\pdk-Monika-3456\d10c2c06ba2044cccc247c4315f5c7d3\Process.dll
c:\users\Monika\AppData\Local\Temp\pdk-Monika-3456\d1e7c33431cd8713f2ce3582829a8b14\Socket.dll
c:\users\Monika\AppData\Local\Temp\pdk-Monika-3456\de446fdd1ae335c7d2b9e62bb8cdf765\B.dll
c:\users\Monika\AppData\Local\Temp\pdk-Monika-3456\df1ba73f49c38cbbc7a11c779c3506d2\OLE.dll
c:\users\Monika\AppData\Local\Temp\pdk-Monika-3456\e56c61f7248672819579325af3387035\POSIX.dll
c:\users\Monika\AppData\Local\Temp\pdk-Monika-3456\eaeabd54205de2f10c00aea80bbf0d83\Registry.dll
c:\users\Monika\AppData\Local\Temp\pdk-Monika-3456\eb138ef0e4282611dbf485a302784646\LibYAML.dll
c:\users\Monika\AppData\Local\Temp\pdk-Monika-3456\f233f63b6654362865c7577442edb9e3\Win32.dll
c:\users\Monika\AppData\Local\Temp\pdk-Monika-3456\perl514.dll
c:\users\Monika\AppData\Local\Temp\pdk-Monika-4524\0665c25e931c1ac0151b062449e91028\XSAccessor.dll
c:\users\Monika\AppData\Local\Temp\pdk-Monika-4524\17d0b152e63e6bfe81b4b19588538896\mro.dll
c:\users\Monika\AppData\Local\Temp\pdk-Monika-4524\19febd96672ffdb7ea244cef36aaa062\Zlib.dll
c:\users\Monika\AppData\Local\Temp\pdk-Monika-4524\2b1fc61b36a6711ea149b18bf3b41500\Parser.dll
c:\users\Monika\AppData\Local\Temp\pdk-Monika-4524\31638f63e39b38d3e250a9a57cb9d1c5\Cwd.dll
c:\users\Monika\AppData\Local\Temp\pdk-Monika-4524\32785c19dc6898fbbbf06f3b776edd08\Fcntl.dll
c:\users\Monika\AppData\Local\Temp\pdk-Monika-4524\3a7ccbf8181ee5a145227a6dfce3594c\WinError.dll
c:\users\Monika\AppData\Local\Temp\pdk-Monika-4524\3a8764e0d7c5d453e01d9ad08cf7fb58\IO.dll
c:\users\Monika\AppData\Local\Temp\pdk-Monika-4524\3b7106dd14676048b10bbb09a990f74c\XS.dll
c:\users\Monika\AppData\Local\Temp\pdk-Monika-4524\4461f48e31bde5c56b31b973b773de09\List.dll
c:\users\Monika\AppData\Local\Temp\pdk-Monika-4524\44727051c604ef6b79894b64d4c63832\Expat.dll
c:\users\Monika\AppData\Local\Temp\pdk-Monika-4524\4f2c03383aab0133b8dc0a3fa2dd92fa\Storable.dll
c:\users\Monika\AppData\Local\Temp\pdk-Monika-4524\5ffd05b2cbd58528e56519784ca9c869\Hostname.dll
c:\users\Monika\AppData\Local\Temp\pdk-Monika-4524\60ff464e01c2cd5526dbdad5a125081d\Dumper.dll
c:\users\Monika\AppData\Local\Temp\pdk-Monika-4524\7ef0d901bf4203fbcf7a0fff0e82aa5f\Encode.dll
c:\users\Monika\AppData\Local\Temp\pdk-Monika-4524\7f177c338672436e01c4f0bdbcf94491\EV.dll
c:\users\Monika\AppData\Local\Temp\pdk-Monika-4524\7f2598c08178217a0e2c754f3d568f28\Byte.dll
c:\users\Monika\AppData\Local\Temp\pdk-Monika-4524\87fe0906e4bfbcec428293cf9a5ac335\NetResource.dll
c:\users\Monika\AppData\Local\Temp\pdk-Monika-4524\8fedeb86a4a984edfc1fb255d4ea965c\XS.dll
c:\users\Monika\AppData\Local\Temp\pdk-Monika-4524\951e8057c3fe65524966ea64dff289ac\Scan.dll
c:\users\Monika\AppData\Local\Temp\pdk-Monika-4524\961b0d62fa52b1dd29c795a822fbf1cf\DBI.dll
c:\users\Monika\AppData\Local\Temp\pdk-Monika-4524\aff7ee779ea184f884ed432c30a58f5d\Scale.dll
c:\users\Monika\AppData\Local\Temp\pdk-Monika-4524\b6bd87c968599725b8ab2e5c25d3046a\API.dll
c:\users\Monika\AppData\Local\Temp\pdk-Monika-4524\b979ace6da01e63d651cce9ee2474fdc\Name.dll
c:\users\Monika\AppData\Local\Temp\pdk-Monika-4524\bc147d83c7c868eeee67082dcf55430c\File.dll
c:\users\Monika\AppData\Local\Temp\pdk-Monika-4524\bd5179a413bc0c4b82eedc22c6cab101\re.dll
c:\users\Monika\AppData\Local\Temp\pdk-Monika-4524\c199d3c1960e7aeeecb599487952bed2\HiRes.dll
c:\users\Monika\AppData\Local\Temp\pdk-Monika-4524\c19d5e3dc664d9f4ce700001e2621cee\MD5.dll
c:\users\Monika\AppData\Local\Temp\pdk-Monika-4524\c344fd5536724b2af2e6453833b60203\SHA1.dll
c:\users\Monika\AppData\Local\Temp\pdk-Monika-4524\c5cce8d16a1bd48692b421dcf46d3396\Util.dll
c:\users\Monika\AppData\Local\Temp\pdk-Monika-4524\c668a322917d32a5ea22894518aa9897\Base64.dll
c:\users\Monika\AppData\Local\Temp\pdk-Monika-4524\cf5fe81e2f5dcbfecfd0495e1648c991\Unicode.dll
c:\users\Monika\AppData\Local\Temp\pdk-Monika-4524\d0bf009923f29116535c26d228271d6d\Scan.dll
c:\users\Monika\AppData\Local\Temp\pdk-Monika-4524\d10c2c06ba2044cccc247c4315f5c7d3\Process.dll
c:\users\Monika\AppData\Local\Temp\pdk-Monika-4524\d1c77e404b5c4b954fa537ed63c8fb7b\File.dll
c:\users\Monika\AppData\Local\Temp\pdk-Monika-4524\d1e7c33431cd8713f2ce3582829a8b14\Socket.dll
c:\users\Monika\AppData\Local\Temp\pdk-Monika-4524\dacfd0ab9b5fd029ed8d29e4482b0775\XS.dll
c:\users\Monika\AppData\Local\Temp\pdk-Monika-4524\de446fdd1ae335c7d2b9e62bb8cdf765\B.dll
c:\users\Monika\AppData\Local\Temp\pdk-Monika-4524\df1ba73f49c38cbbc7a11c779c3506d2\OLE.dll
c:\users\Monika\AppData\Local\Temp\pdk-Monika-4524\e2e81dd6b3e5a36f0bdae076393cc11d\icudt46.dll
c:\users\Monika\AppData\Local\Temp\pdk-Monika-4524\e2e81dd6b3e5a36f0bdae076393cc11d\icuin46.dll
c:\users\Monika\AppData\Local\Temp\pdk-Monika-4524\e2e81dd6b3e5a36f0bdae076393cc11d\icuuc46.dll
c:\users\Monika\AppData\Local\Temp\pdk-Monika-4524\e2e81dd6b3e5a36f0bdae076393cc11d\SQLite.dll
c:\users\Monika\AppData\Local\Temp\pdk-Monika-4524\e56c61f7248672819579325af3387035\POSIX.dll
c:\users\Monika\AppData\Local\Temp\pdk-Monika-4524\eaeabd54205de2f10c00aea80bbf0d83\Registry.dll
c:\users\Monika\AppData\Local\Temp\pdk-Monika-4524\eb138ef0e4282611dbf485a302784646\LibYAML.dll
c:\users\Monika\AppData\Local\Temp\pdk-Monika-4524\f233f63b6654362865c7577442edb9e3\Win32.dll
c:\users\Monika\AppData\Local\Temp\pdk-Monika-4524\fa9e3c814aa32db2ad5f17bdfbc22746\attributes.dll
c:\users\Monika\AppData\Local\Temp\pdk-Monika-4524\perl514.dll
.
---- Previous Run -------
.
c:\users\Monika\AppData\Local\Temp\pdk-Monika-1372\0665c25e931c1ac0151b062449e91028\XSAccessor.dll
c:\users\Monika\AppData\Local\Temp\pdk-Monika-1372\17d0b152e63e6bfe81b4b19588538896\mro.dll
c:\users\Monika\AppData\Local\Temp\pdk-Monika-1372\19febd96672ffdb7ea244cef36aaa062\Zlib.dll
c:\users\Monika\AppData\Local\Temp\pdk-Monika-1372\2b1fc61b36a6711ea149b18bf3b41500\Parser.dll
c:\users\Monika\AppData\Local\Temp\pdk-Monika-1372\31638f63e39b38d3e250a9a57cb9d1c5\Cwd.dll
c:\users\Monika\AppData\Local\Temp\pdk-Monika-1372\32785c19dc6898fbbbf06f3b776edd08\Fcntl.dll
c:\users\Monika\AppData\Local\Temp\pdk-Monika-1372\3a7ccbf8181ee5a145227a6dfce3594c\WinError.dll
c:\users\Monika\AppData\Local\Temp\pdk-Monika-1372\3a8764e0d7c5d453e01d9ad08cf7fb58\IO.dll
c:\users\Monika\AppData\Local\Temp\pdk-Monika-1372\3b7106dd14676048b10bbb09a990f74c\XS.dll
c:\users\Monika\AppData\Local\Temp\pdk-Monika-1372\4461f48e31bde5c56b31b973b773de09\List.dll
c:\users\Monika\AppData\Local\Temp\pdk-Monika-1372\44727051c604ef6b79894b64d4c63832\Expat.dll
c:\users\Monika\AppData\Local\Temp\pdk-Monika-1372\4f2c03383aab0133b8dc0a3fa2dd92fa\Storable.dll
c:\users\Monika\AppData\Local\Temp\pdk-Monika-1372\5ffd05b2cbd58528e56519784ca9c869\Hostname.dll
c:\users\Monika\AppData\Local\Temp\pdk-Monika-1372\60ff464e01c2cd5526dbdad5a125081d\Dumper.dll
c:\users\Monika\AppData\Local\Temp\pdk-Monika-1372\7ef0d901bf4203fbcf7a0fff0e82aa5f\Encode.dll
c:\users\Monika\AppData\Local\Temp\pdk-Monika-1372\7f177c338672436e01c4f0bdbcf94491\EV.dll
c:\users\Monika\AppData\Local\Temp\pdk-Monika-1372\7f2598c08178217a0e2c754f3d568f28\Byte.dll
c:\users\Monika\AppData\Local\Temp\pdk-Monika-1372\8fedeb86a4a984edfc1fb255d4ea965c\XS.dll
c:\users\Monika\AppData\Local\Temp\pdk-Monika-1372\951e8057c3fe65524966ea64dff289ac\Scan.dll
c:\users\Monika\AppData\Local\Temp\pdk-Monika-1372\961b0d62fa52b1dd29c795a822fbf1cf\DBI.dll
c:\users\Monika\AppData\Local\Temp\pdk-Monika-1372\aff7ee779ea184f884ed432c30a58f5d\Scale.dll
c:\users\Monika\AppData\Local\Temp\pdk-Monika-1372\b6bd87c968599725b8ab2e5c25d3046a\API.dll
c:\users\Monika\AppData\Local\Temp\pdk-Monika-1372\b979ace6da01e63d651cce9ee2474fdc\Name.dll
c:\users\Monika\AppData\Local\Temp\pdk-Monika-1372\bc147d83c7c868eeee67082dcf55430c\File.dll
c:\users\Monika\AppData\Local\Temp\pdk-Monika-1372\bd5179a413bc0c4b82eedc22c6cab101\re.dll
c:\users\Monika\AppData\Local\Temp\pdk-Monika-1372\c199d3c1960e7aeeecb599487952bed2\HiRes.dll
c:\users\Monika\AppData\Local\Temp\pdk-Monika-1372\c19d5e3dc664d9f4ce700001e2621cee\MD5.dll
c:\users\Monika\AppData\Local\Temp\pdk-Monika-1372\c344fd5536724b2af2e6453833b60203\SHA1.dll
c:\users\Monika\AppData\Local\Temp\pdk-Monika-1372\c5cce8d16a1bd48692b421dcf46d3396\Util.dll
c:\users\Monika\AppData\Local\Temp\pdk-Monika-1372\c668a322917d32a5ea22894518aa9897\Base64.dll
c:\users\Monika\AppData\Local\Temp\pdk-Monika-1372\cf5fe81e2f5dcbfecfd0495e1648c991\Unicode.dll
c:\users\Monika\AppData\Local\Temp\pdk-Monika-1372\d0bf009923f29116535c26d228271d6d\Scan.dll
c:\users\Monika\AppData\Local\Temp\pdk-Monika-1372\d10c2c06ba2044cccc247c4315f5c7d3\Process.dll
c:\users\Monika\AppData\Local\Temp\pdk-Monika-1372\d1c77e404b5c4b954fa537ed63c8fb7b\File.dll
c:\users\Monika\AppData\Local\Temp\pdk-Monika-1372\d1e7c33431cd8713f2ce3582829a8b14\Socket.dll
c:\users\Monika\AppData\Local\Temp\pdk-Monika-1372\dacfd0ab9b5fd029ed8d29e4482b0775\XS.dll
c:\users\Monika\AppData\Local\Temp\pdk-Monika-1372\de446fdd1ae335c7d2b9e62bb8cdf765\B.dll
c:\users\Monika\AppData\Local\Temp\pdk-Monika-1372\df1ba73f49c38cbbc7a11c779c3506d2\OLE.dll
c:\users\Monika\AppData\Local\Temp\pdk-Monika-1372\e2e81dd6b3e5a36f0bdae076393cc11d\icudt46.dll
c:\users\Monika\AppData\Local\Temp\pdk-Monika-1372\e2e81dd6b3e5a36f0bdae076393cc11d\icuin46.dll
c:\users\Monika\AppData\Local\Temp\pdk-Monika-1372\e2e81dd6b3e5a36f0bdae076393cc11d\icuuc46.dll
c:\users\Monika\AppData\Local\Temp\pdk-Monika-1372\e2e81dd6b3e5a36f0bdae076393cc11d\SQLite.dll
c:\users\Monika\AppData\Local\Temp\pdk-Monika-1372\e56c61f7248672819579325af3387035\POSIX.dll
c:\users\Monika\AppData\Local\Temp\pdk-Monika-1372\eaeabd54205de2f10c00aea80bbf0d83\Registry.dll
c:\users\Monika\AppData\Local\Temp\pdk-Monika-1372\eb138ef0e4282611dbf485a302784646\LibYAML.dll
c:\users\Monika\AppData\Local\Temp\pdk-Monika-1372\f233f63b6654362865c7577442edb9e3\Win32.dll
c:\users\Monika\AppData\Local\Temp\pdk-Monika-1372\fa9e3c814aa32db2ad5f17bdfbc22746\attributes.dll
c:\users\Monika\AppData\Local\Temp\pdk-Monika-1372\perl514.dll
c:\users\Monika\AppData\Local\Temp\pdk-Monika-3020\31638f63e39b38d3e250a9a57cb9d1c5\Cwd.dll
c:\users\Monika\AppData\Local\Temp\pdk-Monika-3020\32785c19dc6898fbbbf06f3b776edd08\Fcntl.dll
c:\users\Monika\AppData\Local\Temp\pdk-Monika-3020\3a7ccbf8181ee5a145227a6dfce3594c\WinError.dll
c:\users\Monika\AppData\Local\Temp\pdk-Monika-3020\4461f48e31bde5c56b31b973b773de09\List.dll
c:\users\Monika\AppData\Local\Temp\pdk-Monika-3020\5ffd05b2cbd58528e56519784ca9c869\Hostname.dll
c:\users\Monika\AppData\Local\Temp\pdk-Monika-3020\60ff464e01c2cd5526dbdad5a125081d\Dumper.dll
c:\users\Monika\AppData\Local\Temp\pdk-Monika-3020\7ef0d901bf4203fbcf7a0fff0e82aa5f\Encode.dll
c:\users\Monika\AppData\Local\Temp\pdk-Monika-3020\93e7e3d6030f426844228042348210cf\Service.dll
c:\users\Monika\AppData\Local\Temp\pdk-Monika-3020\bd5179a413bc0c4b82eedc22c6cab101\re.dll
c:\users\Monika\AppData\Local\Temp\pdk-Monika-3020\c5cce8d16a1bd48692b421dcf46d3396\Util.dll
c:\users\Monika\AppData\Local\Temp\pdk-Monika-3020\d10c2c06ba2044cccc247c4315f5c7d3\Process.dll
c:\users\Monika\AppData\Local\Temp\pdk-Monika-3020\d1e7c33431cd8713f2ce3582829a8b14\Socket.dll
c:\users\Monika\AppData\Local\Temp\pdk-Monika-3020\de446fdd1ae335c7d2b9e62bb8cdf765\B.dll
c:\users\Monika\AppData\Local\Temp\pdk-Monika-3020\df1ba73f49c38cbbc7a11c779c3506d2\OLE.dll
c:\users\Monika\AppData\Local\Temp\pdk-Monika-3020\e56c61f7248672819579325af3387035\POSIX.dll
c:\users\Monika\AppData\Local\Temp\pdk-Monika-3020\eaeabd54205de2f10c00aea80bbf0d83\Registry.dll
c:\users\Monika\AppData\Local\Temp\pdk-Monika-3020\eb138ef0e4282611dbf485a302784646\LibYAML.dll
c:\users\Monika\AppData\Local\Temp\pdk-Monika-3020\f233f63b6654362865c7577442edb9e3\Win32.dll
c:\users\Monika\AppData\Local\Temp\pdk-Monika-3020\perl514.dll
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_Updater Service for StartNow Toolbar
-------\Service_Updater Service for StartNow Toolbar
.
.
((((((((((((((((((((((((( Files Created from 2012-02-04 to 2012-03-04 )))))))))))))))))))))))))))))))
.
.
2012-03-04 02:06 . 2012-03-04 02:08 -------- d-----w- c:\users\Monika\AppData\Local\temp
2012-03-04 02:06 . 2012-03-04 02:06 -------- d-----w- c:\users\xbox\AppData\Local\temp
2012-03-04 02:06 . 2012-03-04 02:06 -------- d-----w- c:\users\Mcx1-MONIKA-PC\AppData\Local\temp
2012-03-04 02:06 . 2012-03-04 02:06 -------- d-----w- c:\users\Guest\AppData\Local\temp
2012-03-04 02:06 . 2012-03-04 02:06 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-03-04 01:52 . 2012-02-20 06:05 6552120 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{6A4698E2-04F2-47CF-A4BD-128E45B63DB7}\mpengine.dll
2012-02-28 22:16 . 2012-02-28 22:16 -------- d-----w- c:\users\Monika\AppData\Roaming\Malwarebytes
2012-02-28 22:16 . 2012-02-28 23:45 -------- d-----w- c:\programdata\Malwarebytes
2012-02-28 22:16 . 2012-02-28 22:16 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-02-28 22:16 . 2011-12-10 20:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-02-27 21:08 . 2012-02-27 21:08 -------- d-----w- c:\programdata\PC Tools
2012-02-15 12:33 . 2011-12-30 05:27 478720 ----a-w- c:\windows\system32\timedate.cpl
2012-02-15 12:32 . 2011-12-16 07:52 690688 ----a-w- c:\windows\system32\msvcrt.dll
2012-02-15 12:32 . 2012-01-04 08:58 442880 ----a-w- c:\windows\system32\ntshrui.dll
2012-02-15 12:32 . 2012-01-14 03:35 2343424 ----a-w- c:\windows\system32\win32k.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-29 10:10 . 2009-11-16 13:13 237072 ------w- c:\windows\system32\MpSigStub.exe
2009-09-13 03:05 . 2009-09-13 03:05 124240 ----a-w- c:\program files\mozilla firefox\plugins\CCMSDK.dll
2009-09-13 03:06 . 2009-09-13 03:06 13136 ----a-w- c:\program files\mozilla firefox\plugins\cgpcfg.dll
2009-09-13 03:06 . 2009-09-13 03:06 70488 ----a-w- c:\program files\mozilla firefox\plugins\CgpCore.dll
2009-09-13 03:06 . 2009-09-13 03:06 91480 ----a-w- c:\program files\mozilla firefox\plugins\confmgr.dll
2009-09-13 03:06 . 2009-09-13 03:06 22360 ----a-w- c:\program files\mozilla firefox\plugins\ctxlogging.dll
2009-09-13 03:07 . 2009-09-13 03:07 255312 ----a-w- c:\program files\mozilla firefox\plugins\ctxmui.dll
2009-09-13 03:06 . 2009-09-13 03:06 31064 ----a-w- c:\program files\mozilla firefox\plugins\icafile.dll
2009-09-13 03:06 . 2009-09-13 03:06 40280 ----a-w- c:\program files\mozilla firefox\plugins\icalogon.dll
2009-08-14 17:33 . 2009-08-14 17:33 652640 ----a-w- c:\program files\mozilla firefox\plugins\sslsdk_b.dll
2009-09-13 03:06 . 2009-09-13 03:06 23896 ----a-w- c:\program files\mozilla firefox\plugins\TcpPServ.dll
2010-09-26 19:15 . 2010-09-26 19:15 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3955aa73-8c60-4a9b-acdb-0c2edb1b6748}]
2011-08-21 22:20 141160 ----a-w- c:\program files\TrustedID\TrustedID Secure Browse\epbho.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"iCloudServices"="c:\program files\Common Files\Apple\Internet Services\iCloudServices.exe" [2011-11-11 59240]
"ApplePhotoStreams"="c:\program files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe" [2011-11-11 59240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2006-11-14 16270848]
"SkyTel"="SkyTel.EXE" [2006-05-16 2879488]
"SoundMan"="SOUNDMAN.EXE" [2006-07-21 86016]
"AlcWzrd"="ALCWZRD.EXE" [2006-05-04 2808832]
"OneTouch Monitor"="c:\program files\Visioneer OneTouch\OneTouchMon.exe" [2002-04-16 86016]
"VERIZONDM"="c:\program files\VERIZONDM\bin\sprtcmd.exe" [2011-02-01 206120]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-10-06 59240]
"Data Protection Suite"="c:\program files\TrustedID\TrustedID Secure Browse\dps.exe" [2011-08-21 1642856]
"RIMBBLaunchAgent.exe"="c:\program files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe" [2011-02-18 79192]
"PhishLock"="c:\program files\TrustedID\TrustedID Secure Browse\pl.exe" [2011-08-21 688488]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"ConnectionCenter"="c:\program files\Citrix\ICA Client\concentr.exe" [2009-09-13 103768]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-01-16 421736]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-01-04 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"AvgUninstallURL"="start http://www.avg.com/w...&ver=10.0.1424" [?]
.
c:\users\Monika\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
CIT200.lnk - c:\program files\Linksys\CIT200\cit200.exe [2006-12-21 762368]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-11-30 719664]
Logitech Media Server Tray Tool.lnk - c:\program files\Squeezebox\SqueezeTray.exe [2011-12-10 3051619]
Quicken Scheduled Updates.lnk - c:\program files\Quicken\bagent.exe [2003-7-29 57344]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"SoftwareSASGeneration"= 1 (0x1)
"DisableStartupSound"= 1 (0x1)
"DisableStatusMessages"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 mrtRate;mrtRate; [x]
R2 sbupdate;TrustedID Update Service;c:\program files\SentryBay\Update\SentryBayUpdate.exe [2011-04-30 138080]
R3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2010-09-26 30192]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [2009-07-13 207360]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-13 661504]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-02-25 1343400]
R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2009-07-14 17920]
S1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\DRIVERS\ctxusbm.sys [2009-09-08 65584]
S2 AliUpdate;Horizon Medical Imaging Update Service;c:\program files\Common Files\McKesson\MIG\Service\AliUpdate.exe [2010-01-18 79152]
S2 EntryProtect;TrustedID Secure Browse;c:\program files\TrustedID\TrustedID Secure Browse\epservice.exe [2011-08-21 46952]
S2 MediaMall Server;MediaMall Server;c:\program files\MediaMall\MediaMallServer.exe [2011-01-12 3994480]
S2 ppsio2;PPDevice; [x]
S2 sprtsvc_verizondm;SupportSoft Sprocket Service (verizondm);c:\program files\VERIZONDM\bin\sprtsvc.exe [2011-02-01 206120]
S2 tgsrvc_verizondm;SupportSoft Repair Service (verizondm);c:\program files\VERIZONDM\bin\tgsrvc.exe [2011-02-01 185640]
S2 vpnagent;Cisco AnyConnect VPN Agent;c:\program files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe [2009-12-17 497856]
S3 epfilter;epfilter;c:\windows\system32\drivers\epfilter.sys [2011-09-01 18240]
S3 lv321av;Logitech USB PC Camera (VC0321);c:\windows\system32\DRIVERS\lv321av.sys [2006-02-15 1097216]
S3 netw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168]
S3 SMSCIRDA;SMSC Infrared Device Driver;c:\windows\system32\DRIVERS\SMSCirda.sys [2007-04-25 31232]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - epinject
.
Contents of the 'Scheduled Tasks' folder
.
2012-03-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-74289745-3478087381-2590528953-1001Core.job
- c:\users\Monika\AppData\Local\Google\Update\GoogleUpdate.exe [2009-11-16 13:36]
.
2012-03-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-74289745-3478087381-2590528953-1001UA.job
- c:\users\Monika\AppData\Local\Google\Update\GoogleUpdate.exe [2009-11-16 13:36]
.
2012-03-04 c:\windows\Tasks\SentryBayUpdateTaskMachineCore.job
- c:\program files\SentryBay\Update\SentryBayUpdate.exe [2011-04-30 00:18]
.
2012-03-04 c:\windows\Tasks\SentryBayUpdateTaskMachineUA.job
- c:\program files\SentryBay\Update\SentryBayUpdate.exe [2011-04-30 00:18]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
DPF: {36B874FC-EECA-4622-8DCE-F8D453C88845} - hxxps://cnypacs.com/HRS/download/AliUpdate.cab
DPF: {55963676-2F5E-4BAF-AC28-CF26AA587566} - hxxps://vpn.stemc.org/CACHE/stc/1/binaries/vpnweb.cab
DPF: {6A1C1D9A-00D4-468C-BAC0-34941BF5DBA1} - hxxps://cnypacs.com/HRS/download/Setup.cab
FF - ProfilePath - c:\users\Monika\AppData\Roaming\Mozilla\Firefox\Profiles\n60gv88i.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1621166&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Bing
FF - prefs.js: browser.startup.homepage - hxxp://www.msn.com/?pc=Z128&ocid=zdhp&install_date=20111215
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?pc=Z128&form=ZGAADF&install_date=20111215&q=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: FiddlerHook: fiddlerhook@fiddler2.com - c:\program files\Fiddler2\FiddlerHook
FF - Ext: CommentsBar 1 Toolbar: {23ec984e-464c-4a0c-a8df-f80cb8c090e1} - %profile%\extensions\{23ec984e-464c-4a0c-a8df-f80cb8c090e1}
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{88C7F2AA-F93F-432C-8F0E-B7D85967A527} - (no file)
HKCU-Run-Spyware Doctor with AntiVirus - c:\users\Monika\Desktop\sdasetup_revwire207.exe
HKLM-Run-TrustedID Secure Browse - c:\program files\TrustedID Secure Browse\sss.exe
AddRemove-StartNow Toolbar - c:\program files\StartNow Toolbar\StartNowToolbarUninstall.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(3880)
c:\program files\TrustedID\TrustedID Secure Browse\epclient32.dll
c:\windows\system32\msi.dll
c:\windows\system32\SFC.DLL
c:\windows\system32\sfc_os.DLL
c:\windows\system32\btncopy.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Visioneer\OneTouch 4.0\OtService.exe
c:\windows\system32\taskhost.exe
c:\windows\system32\DRIVERS\xaudio.exe
c:\program files\TrustedID\TrustedID Secure Browse\ep.exe
c:\windows\system32\conhost.exe
c:\windows\system32\UI0Detect.exe
c:\windows\system32\conhost.exe
c:\windows\system32\sppsvc.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\\?\c:\windows\system32\wbem\WMIADAP.EXE
.
**************************************************************************
.
Completion time: 2012-03-03 21:13:47 - machine was rebooted
ComboFix-quarantined-files.txt 2012-03-04 02:13
.
Pre-Run: 97,846,898,688 bytes free
Post-Run: 97,809,326,080 bytes free
.
- - End Of File - - 998DDB9A5D660EB8D9F090B3DDD46EAA

#11 Elise

Elise

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 8,721 posts
  • Gender:Female
  • Location:Romania

Posted 04 March 2012 - 02:55 AM

When you say "the virus is still there", what do you mean? What problems do you experience, please try to be as detailed as possible.
regards, Elise

If I am helping you and I haven't replied within 24 hours, please feel free to send me a PM.

Posted Image


#12 iMoni

iMoni

    New Member

  • Members
  • Pip
  • 27 posts

Posted 04 March 2012 - 11:36 AM

So my problem is just as the title of this thread is when I go to www.facebook.com and try to go ether to my facebook or any other page that I don't even log into the facebook ... I am taken to pornographic web site plus if I am logged in to my facebook all of my friends get I message that I have tagged them to see a video with a link.. that's how the virus is being spread.

I have researched the facebook problems and one of them said that I should look for a process called

Security Account Manager SamSs I did find this process also they instructed to go to registery and look for a specific key which I did not found.

Interesting is the way that this thing works is like in a flash or something because you see this process loading in the middle of the page then bum you are on that xxx web site.

Any ideas?

#13 Elise

Elise

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 8,721 posts
  • Gender:Female
  • Location:Romania

Posted 04 March 2012 - 12:03 PM

First of all, go to a clean computer (from a friend or so) and change your facebook password. That way you can no longer send your friends spam links using facebook.



Please download aswMBR ( 511KB ) to your desktop.
  • Double click the aswMBR.exe icon to run it
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

regards, Elise

If I am helping you and I haven't replied within 24 hours, please feel free to send me a PM.

Posted Image


#14 iMoni

iMoni

    New Member

  • Members
  • Pip
  • 27 posts

Posted 04 March 2012 - 12:49 PM

Hi yes I was able to temporally delete my facebook account so if someone got a message all they have is an empty link as my account does not exists for time being.

Also in between waiting for your response I went through the cookies on my PC and found those:

geobanner.bookofsex... AB_TRACKING, HISTORY, IP_COUNTRY, LOCATION_FROM, ffadult_tr, ffadult_who, v_hash

and

forgot the name of the cookie but its basically the name of the web site I was taken to with this endings:

HstCfa 1833951, HstCla 1833951, basically I deleted all of them also disabled Java Script on my Chrome browser

Then I went to registery and found an add FlashFXE folder which I deleted as well

now here is the result of the scan:


aswMBR version 0.9.9.1649 Copyright© 2011 AVAST Software
Run date: 2012-03-04 12:29:16
-----------------------------
12:29:16.223 OS Version: Windows 6.1.7601 Service Pack 1
12:29:16.223 Number of processors: 2 586 0xE08
12:29:16.225 ComputerName: MONIKA-PC UserName: Monika
12:29:33.825 Initialize success
12:30:05.285 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
12:30:05.293 Disk 0 Vendor: Hitachi_HTS542516K9SA00 BBCOC31P Size: 152627MB BusType: 3
12:30:05.310 Disk 0 MBR read successfully
12:30:05.315 Disk 0 MBR scan
12:30:05.320 Disk 0 Windows 7 default MBR code
12:30:05.338 Disk 0 Partition 1 00 07 HPFS/NTFS NTFS 999 MB offset 2048
12:30:05.353 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2050048
12:30:05.368 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 151525 MB offset 2254848
12:30:05.375 Disk 0 scanning sectors +312578048
12:30:05.460 Disk 0 scanning C:\Windows\system32\drivers
12:30:14.229 Service scanning
12:30:41.022 Modules scanning
12:30:50.671 Disk 0 trace - called modules:
12:30:50.693
12:30:50.703 Scan finished successfully
12:31:06.537 Disk 0 MBR has been saved successfully to "C:\Users\Monika\Desktop\MBR.dat"
12:31:06.547 The log file has been saved successfully to "C:\Users\Monika\Desktop\aswMBR.txt"

#15 Elise

Elise

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 8,721 posts
  • Gender:Female
  • Location:Romania

Posted 04 March 2012 - 01:54 PM

To be sure I'd like to see an offline MBR dump as well here.

Try this please. You will need a USB drive.

Download GETxPUD.exe to the desktop of your clean computer
  • Run GETxPUD.exe
  • A new folder will appear on the desktop.
  • Open the GETxPUD folder and click on the get&burn.bat
  • The program will download xpud_0.9.2.iso, and upon finished will open BurnCDCC ready to burn the image.
  • Click on Start and follow the prompts to burn the image to a CD.
  • Remove the USB & CD and insert it in the sick computer
  • Boot the Sick computer with the CD you just burned
  • The computer must be set to boot from the CD
  • Gently tap F12 and choose to boot from the CD
  • Follow the prompts
  • A Welcome to xPUD screen will appear
  • Press File
  • Expand mnt
  • sda1,2...usually corresponds to your HDD
  • sdb1 is likely your USB
  • Click on the folder that represents your USB drive (sdb1 ?)
  • Press Tool at the top
  • Choose Open Terminal
  • Type the following and press enter:

    dd if=/dev/sda of=mbr.bin bs=512 count=1

  • Press Enter
  • After it has finished a file will be located on your USB drive named mbr.bin
  • Remove the USB drive and insert it back in your working computer and navigate to mbr.bin, zip it up and attach it to your next reply.

This will allow me to have a look at the MasterBootRecord of your drive and see if it is infected.
regards, Elise

If I am helping you and I haven't replied within 24 hours, please feel free to send me a PM.

Posted Image


#16 iMoni

iMoni

    New Member

  • Members
  • Pip
  • 27 posts

Posted 04 March 2012 - 02:02 PM

can I do that with my infected computer I don't have an access to another PC

#17 Elise

Elise

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 8,721 posts
  • Gender:Female
  • Location:Romania

Posted 04 March 2012 - 02:18 PM

Yes, you can do that from the infected computer as well.
regards, Elise

If I am helping you and I haven't replied within 24 hours, please feel free to send me a PM.

Posted Image


#18 iMoni

iMoni

    New Member

  • Members
  • Pip
  • 27 posts

Posted 04 March 2012 - 02:34 PM

Hi I just did some more reading and found exactly what I have here is the article.


Kaspersky Lab Detects New Worms Attacking MySpace and Facebook




New worms target both MySpace and Facebook users

Kaspersky Lab, a leading developer of secure content management systems, has detected two variants of a new worm, Net-Worm.Win32.Koobface.a. and Net-Worm.Win32.Koobface.b, which attack MySpace and Facebook respectively. As part of their malicious payload, the worms transform victim machines into zombie computers to form botnets.
Even though the worms are currently only infecting MySpace and Facebook users, Kaspersky Lab analysts are warning users that the worms are designed to upload additional malicious modules with other functionality via the Internet. It is highly probable that victim machines will not only be used for spreading links via these social networking sites, but the botnets will also be used for other malicious purposes.
Net-Worm.Win32.Koobface.a spreads when a user accesses his/her MySpace account. The worm creates a range of commentaries to friends' accounts. Net-Worm.Win32.Koobface.b, which targets Facebook users, creates spam messages and sends them to the infected users' friends via the Facebook site. The messages and comments include texts such as Paris Hilton Tosses Dwarf On The Street; Examiners Caught Downloading Grades From The Internet; Hello; You must see it!!! LOL. My friend catched you on hidden cam; Is it really celebrity? Funny Moments and many others.
Messages and comments on MySpace and Facebook include links to http://youtube.[skip].pl. If the user clicks on this link, s/he is redirected to http://youtube.[skip].ru, a site which purportedly contains a video clip. If the user tries to watch it, a message appears saying that s/he needs the latest version of Flash Player in order to watch the clip. However, instead of the latest version of Flash Player, a file called codecsetup.exe is downloaded to the victim machine; this file is also a network worm. The result is that users who have come to the site via Facebook will have the MySpace worm downloaded to their machines, and vice versa.
“Unfortunately, users are very trusting of messages left by 'friends' on social networking sites. So the likelihood of a user clicking on a link like this is very high”, says Alexander Gostev, Senior Virus Analyst at Kaspersky Lab. “At the beginning of 2008 we predicted that we'd see an increase in cybercriminals exploiting MySpace, Facebook and similar sites, and we're now seeing evidence of this. I'm sure that this is simply the first step, and that virus writers will continue to target these resources with increased intensity”.
Kaspersky Internet Security detected these threats proactively and signatures were added to the database on July 31, 2008.


Hope it helps you with helping me :)



#19 Elise

Elise

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 8,721 posts
  • Gender:Female
  • Location:Romania

Posted 04 March 2012 - 02:44 PM

No, it does not. :) Koobface shows clear signs in a log, which I don't see here. Please proceed with the xPUD steps.
regards, Elise

If I am helping you and I haven't replied within 24 hours, please feel free to send me a PM.

Posted Image


#20 iMoni

iMoni

    New Member

  • Members
  • Pip
  • 27 posts

Posted 04 March 2012 - 03:26 PM

I know it does not show up but when it comes to the steps of how it happened exactly... including the Flash update.


Any way here is the xPUD file




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users