Jump to content


Photo
- - - - -

Malicious URL Block, unable to find virus/malware


  • This topic is locked This topic is locked
25 replies to this topic

#1 AutumnSage

AutumnSage

    New Member

  • Members
  • Pip
  • 12 posts

Posted 05 December 2010 - 04:00 AM

Hi,
Thanks for any help in advance.

For the past week I've been having issues with my FireFox(version 3.6.12). There is a search toolbar that has google, yahoo, amazon, ebay, comcast search etc that I can search from. I can search using every service but google. When I search with google, I get a Malicious URL Blocked message from my virus software (I have Avast! Version 5.0.677 ) Here is the info the little pop up from Avast gives me:
Object: sear.search-star.net/?={what I searched for here}&sid=1010148100
Infection: URL: Mal
Action: Blocked
Process: C:\Program Files (x86)\Mozilla Firefox\firefox.exe

I have run both a quick scan and a full scan with avast and neither have picked up anything.

This also seems to occur when I try to search with the google toolbar on Internet Explorer(version 8.0.6) as well. (As typing this I went to open Internet Explorer, which is not my default browser and got a message stating the following: A program on your computer has corrupted your default search provider setting for internet explorer. Internet explorer has reset this setting to your original search provider, Live Search.” )

I'm not sure if this is being caused by the virus/malware or not but in the last week I've been having games crash to desktop on my computer for no reason. (I've been playing The Sims 3 and the Hobbit. All systems requirements are more than met). So far, I can't find any other reason for my games to crash besides what's going on with my search.

I ran a quick scan using MBAM earlier this evening below is the log for the scan:

Malwarebytes' Anti-Malware 1.50
www.malwarebytes.org

Database version: 5247

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18975

12/5/2010 2:55:56 AM
mbam-log-2010-12-05 (02-55-56).txt

Scan type: Quick scan
Objects scanned: 162120
Time elapsed: 3 minute(s), 43 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 3
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{FE4C2C37-EDC8-4C00-B864-3C38CF3BA834} (Adware.Adshot) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\10DPP6O2VE (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\BSK91O3T6D (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\BSK91O3T6D (Trojan.FakeAlert) -> Value: BSK91O3T6D -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\zrpt.xml (Malware.Trace) -> Quarantined and deleted successfully.


After rebooting my computer as requested by MBAM, I performed a Full Scan and it did not find anything infected but I still cannot use the google search in the toolbar on my firefox. (the reset for IE that I described above happened after I did the quick scan and deleted the infected files.)

Do you have any advice for me on what I should try next?
(I read the pinned posts in this forum and wasn't sure exactly how or why I needed to disable the CD-ROM Emulation software for a scan and I would feel more comfortable getting direct advice on if I need to do this or not before doing so.)

#2 Kenny94

Kenny94

    Malware Fighter

  • Experts
  • PipPipPipPipPipPip
  • 2,655 posts
  • Gender:Male
  • Location:S.C USA
  • Interests:The workings of Apple's tablets and all PC'S

    Computing is not about computers any more. It is about living.
    ~Nicholas Negroponte

Posted 07 December 2010 - 09:17 AM

Hi AutumnSage and Welcome to Malwarebytes Forum!

Sorry for the delay. You still need help?
My Blog On Malware And Security Tips

My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click the PayPal button Posted Image

#3 AutumnSage

AutumnSage

    New Member

  • Members
  • Pip
  • 12 posts

Posted 07 December 2010 - 06:47 PM

Thanks for replying.

Yes I still need help. I haven't tried any new scans or tried to do any search with the google toolbar since I posted. I haven't even updated Windows (it's been asking me for a day or so now) cause I wanted to see what I had to do/didn't want to change what I posted about so far.

#4 Kenny94

Kenny94

    Malware Fighter

  • Experts
  • PipPipPipPipPipPip
  • 2,655 posts
  • Gender:Male
  • Location:S.C USA
  • Interests:The workings of Apple's tablets and all PC'S

    Computing is not about computers any more. It is about living.
    ~Nicholas Negroponte

Posted 09 December 2010 - 09:47 PM

We need to look at some information about what is going on in your computer:

Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool.
  • When done, DDS will open two (2) logs
    1. DDS.txt
    2. Attach.txt
  • Save both reports to your desktop.
  • The instructions here ask you to attach the Attach.txt.
    Posted Image
  • Instead of attaching, please copy/past both logs into your Thread
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run.
After downloading the tool, disconnect from the internet and disable all antivirus protection.
Run the scan, enable your A/V and reconnect to the internet.
Information on A/V control HEREThen post your DDS (DDS.txt and Attach.txt

Next


Please Download Rootkit Unhooker Save it to your desktop.
  • extract RKUnhooker to your desktop
    Note** it is zipped up in a .rar file - If you do not have a program to unzip this type of file -
    you can get a free one from here - http://www.7-zip.org/
  • Now double-click on RKUnhookerLE.exe to run it.
  • Click the Report tab, then click Scan.
  • Check (Tick) Drivers, Stealth,. Uncheck the rest. then Click OK.
  • Wait till the scanner has finished and then click File, Save Report.
  • Save the report somewhere where you can find it. Click Close.
Copy the entire contents of the report and paste it in a reply here.

Note** you may get this warning it is ok, just ignore

"Rootkit Unhooker has detected a parasite inside itself!
It is recommended to remove parasite, okay?"


"just click on Cancel, then Accept".

In your next reply, please include these log(s):

1.DDS.txt
2.Attach.txt
3.RKU log

My Blog On Malware And Security Tips

My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click the PayPal button Posted Image

#5 AutumnSage

AutumnSage

    New Member

  • Members
  • Pip
  • 12 posts

Posted 09 December 2010 - 11:52 PM

I have the two DDS scans.
I tried to run the rootkit unhooker and I kept getting this message:
Rootkit Error Loading Driver status code: 0XC000036B


DDS.txt:


DDS (Ver_10-12-05.01) - NTFS_AMD64
Run by KendraK at 23:41:30.02 on Thu 12/09/2010
Internet Explorer: 8.0.6001.18975 BrowserJavaVersion: 1.6.0_22
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.6134.2980 [GMT -5:00]

SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\Windows\system32\atieclxx.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\SysWOW64\WinService.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\Pen_Tablet.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Windows\ehome\ehtray.exe
C:\Users\KendraK\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe
C:\Program Files (x86)\epson\Creativity Suite\Event Manager\EEventManager.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Windows\system32\WTablet\Pen_TabletUser.exe
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Windows\system32\Pen_Tablet.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\system32\taskeng.exe
C:\Windows\splwow64.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files (x86)\Skype\Toolbars\Shared\SkypeNames2.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\KendraK\Desktop\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uInternet Settings,ProxyServer = http=127.0.0.1:6522
uInternet Settings,ProxyOverride = <local>
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
uRun: [ehTray.exe] C:\Windows\ehome\ehTray.exe
uRun: [SansaDispatch] C:\Users\KendraK\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe
uRun: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [EEventManager] "C:\Program Files (x86)\EPSON\Creativity Suite\Event Manager\EEventManager.exe"
mRun: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
DPF: {4A85DBE0-BFB2-4119-8401-186A7C6EB653} - hxxp://messenger.zone.msn.com/MessengerGamesContent/GameContent/Default/mjss/MJSS.cab109791.cab
DPF: {5D6F45B3-9043-443D-A792-115447494D24} - hxxp://messenger.zone.msn.com/MessengerGamesContent/GameContent/Default/uno1/GAME_UNO1.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
mRun-x64: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun-x64: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
mRun-x64: [Skytel] C:\Program Files\Realtek\Audio\HDA\Skytel.exe

================= FIREFOX ===================

FF - ProfilePath - C:\Users\KendraK\AppData\Roaming\Mozilla\Firefox\Profiles\ykpnaz2x.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://www.comcast.net?cid=NET_mmhpset
FF - component: C:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}\components\SkypeFfComponent.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\ProgramData\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll
FF - plugin: C:\Users\KendraK\AppData\Roaming\Move Networks\plugins\npqmp071706000001.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF - HiddenExtension: Java Console: No Registry Reference - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Extension: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Extension: Skype extension for Firefox: {AB2CE124-6272-4b12-94A9-7303C7397BD1} - C:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Extension: Firebug: firebug@software.joehewitt.com - C:\Users\KendraK\AppData\Roaming\Mozilla\Firefox\Profiles\ykpnaz2x.default\extensions\firebug@software.joehewitt.com
FF - Extension: FireDiff: firediff@johnjbarton.com - C:\Users\KendraK\AppData\Roaming\Mozilla\Firefox\Profiles\ykpnaz2x.default\extensions\firediff@johnjbarton.com
FF - Extension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - C:\Users\KendraK\AppData\Roaming\Mozilla\Firefox\Profiles\ykpnaz2x.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Extension: StumbleUpon: {AE93811A-5C9A-4d34-8462-F7B864FC4696} - C:\Users\KendraK\AppData\Roaming\Mozilla\Firefox\Profiles\ykpnaz2x.default\extensions\{AE93811A-5C9A-4d34-8462-F7B864FC4696}
FF - Extension: Greasemonkey: {e4a8a97b-f2ed-450b-b12d-ee082ba24781} - C:\Users\KendraK\AppData\Roaming\Mozilla\Firefox\Profiles\ykpnaz2x.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
FF - Extension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Extension: Move Media Player: moveplayer@movenetworks.com - C:\Users\KendraK\AppData\Roaming\Move Networks

============= SERVICES / DRIVERS ===============

R0 CLBStor;CLBStor;C:\Windows\System32\drivers\CLBStor.sys [2009-7-11 24824]
R0 SCMNdisP;General NDIS Protocol Driver;C:\Windows\System32\drivers\SCMNdisP.sys [2009-7-11 25312]
R1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2009-7-11 121936]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2009-5-15 203264]
R2 aswFsBlk;aswFsBlk;C:\Windows\System32\drivers\aswFsBlk.sys [2009-7-11 20048]
R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2009-7-11 61008]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-7-28 40384]
R2 CLBUDF;CyberLink InstantBurn UDF Filesystem;C:\Windows\System32\drivers\CLBUDF.sys [2009-7-11 369912]
R2 SCM_Service;SCM_Service;C:\Windows\SysWOW64\WinService.exe [2009-7-11 180224]
R2 TabletServicePen;TabletServicePen;C:\Windows\System32\Pen_Tablet.exe [2009-7-16 3589416]
R3 AE1000;Linksys AE1000 Driver;C:\Windows\System32\drivers\ae1000va.sys [2010-8-31 975360]
R3 avast! Mail Scanner;avast! Mail Scanner;C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-7-28 40384]
R3 avast! Web Scanner;avast! Web Scanner;C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-7-28 40384]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-8-18 136176]
S3 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2009-9-24 89920]
S3 PerfHost;Performance Counter DLL Host;C:\Windows\SysWOW64\perfhost.exe [2008-1-20 19968]
S3 RTL8187;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter Vista Driver;C:\Windows\System32\drivers\wg111v2.sys [2009-7-11 243200]
S3 wacmoumonitor;Wacom Mode Helper;C:\Windows\System32\drivers\wacmoumonitor.sys [2009-7-16 18216]

=============== File Associations ===============

JSEFile=C:\Windows\SysWOW64\WScript.exe "%1" %*

=============== Created Last 30 ================

2010-12-07 15:47:23 8199504 ----a-w- C:\PROGRA~3\Microsoft\Windows Defender\Definition Updates\{29C90BB2-1465-42B3-BABC-144CC146FF7C}\mpengine.dll
2010-12-06 11:39:38 -------- d-----w- C:\Program Files (x86)\MSXML 4.0
2010-12-05 18:40:45 -------- d-----w- C:\Program Files (x86)\Common Files\HP
2010-12-05 18:40:36 -------- d-----w- C:\Program Files (x86)\Common Files\Hewlett-Packard
2010-12-05 18:39:39 -------- d-----w- C:\Program Files (x86)\HP
2010-11-27 03:54:05 -------- d-----w- C:\Users\KendraK\AppData\Local\Electronic Arts
2010-11-21 19:29:33 212992 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\ILog.dll
2010-11-21 19:28:27 565760 ----a-r- C:\Windows\SysWow64\MSVCP50.DLL
2010-11-21 19:28:27 33792 ----a-r- C:\Windows\NPSExec.exe
2010-11-21 19:27:13 -------- d-----w- C:\Program Files (x86)\Maxis
2010-11-21 19:26:30 306688 ----a-w- C:\Windows\IsUninst.exe
2010-11-21 03:18:19 -------- d-----w- C:\Program Files (x86)\Microsoft Games

==================== Find3M ====================

2010-11-29 22:42:06 24152 ----a-w- C:\Windows\System32\drivers\mbam.sys
2010-10-19 15:41:44 270720 ------w- C:\Windows\System32\MpSigStub.exe
2010-09-15 08:50:37 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2010-09-13 14:32:37 8147968 ----a-w- C:\Windows\System32\wmploc.DLL
2010-09-13 13:56:41 8147456 ----a-w- C:\Windows\SysWow64\wmploc.DLL

============= FINISH: 23:41:53.41 ===============





attach.txt:


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-12-05.01)

Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 7/11/2009 5:24:58 PM
System Uptime: 12/9/2010 10:27:46 AM (13 hours ago)

Motherboard: Foxconn | | Flaming Blade GTI
Processor: Intel® Core™ i7 CPU 920 @ 2.67GHz | Socket 1366 | 2660/133mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 244 GiB total, 135.247 GiB free.
D: is FIXED (NTFS) - 687 GiB total, 360.71 GiB free.
E: is CDROM ()

==== Disabled Device Manager Items =============

Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft 6to4 Adapter
Device ID: ROOT\*6TO4MP\0007
Manufacturer: Microsoft
Name: Microsoft 6to4 Adapter #4
PNP Device ID: ROOT\*6TO4MP\0007
Service: tunnel

==== System Restore Points ===================

RP517: 12/4/2010 4:31:44 PM - Scheduled Checkpoint
RP518: 12/5/2010 2:14:41 AM - Removed The Sims Superstar
RP520: 12/5/2010 1:39:49 PM - HP Installation Restore Point
RP521: 12/6/2010 6:39:14 AM - Windows Update
RP522: 12/6/2010 6:52:41 PM - Scheduled Checkpoint
RP523: 12/6/2010 7:17:39 PM - Installed The Sims 3 Ambitions
RP524: 12/6/2010 7:18:24 PM - Installed The Sims 3
RP525: 12/7/2010 6:19:18 AM - Windows Update
RP526: 12/7/2010 10:47:04 AM - Windows Update
RP527: 12/8/2010 12:55:23 PM - Scheduled Checkpoint
RP528: 12/9/2010 8:19:13 AM - Scheduled Checkpoint

==== Installed Programs ======================

ABBYY FineReader 6.0 Sprint
Acrobat.com
Adobe AIR
Adobe Bridge 1.0
Adobe Common File Installer
Adobe Flash Player 10 Plugin
Adobe Flash Player ActiveX
Adobe Help Center 1.0
Adobe Photoshop CS2
Adobe Reader 9.4.1
Adobe Shockwave Player 11.5
Adobe Stock Photos 1.0
AegisPanel2
Apple Software Update
avast! Free Antivirus
Bloody Good Time
BookSmart® 2.0.1 2.0.1
Catalyst Control Center - Branding
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Common
Catalyst Control Center Graphics Previews Vista
Catalyst Control Center HydraVision Full
Catalyst Control Center InstallProxy
ccc-core-static
CCC Help English
CyberLink InstantBurn
DivX Setup
DJ_AIO_05_F4400_Software_Min
EA Download Manager
EPSON Attach To Email
EPSON Copy Utility 3
EPSON Easy Photo Print
EPSON Event Manager
EPSON File Manager
EPSON Scan
EPSON Scan Assistant
Google Chrome
Google Update Helper
Hi-Def Suite
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Java Auto Updater
Java™ 6 Update 22
Junk Mail filter update
LabelPrint
LifeFrame2
LightScribe Optical Disc Kit
Malwarebytes' Anti-Malware
Microsoft Choice Guard
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft WSE 3.0 Runtime
Move Media Player
Mozilla Firefox (3.6.12)
MSVCRT
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
NETGEAR WG111v2 wireless USB 2.0 adapter
Network Play System (Patching)
OpenOffice.org 3.2
Pen Tablet
Power2Go 5.0
PowerBackup
PowerDVD
PowerProducer
Realtek 8169 8168 8101E 8102E Ethernet Driver
Realtek High Definition Audio Driver
Sansa Updater
Scan
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Skype Toolbars
Skype™ 4.2
Steam
The Hobbit™
The Sims™ 3
The Sims™ 3 Ambitions
The Sims™ 3 World Adventures
Toolbox
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
VC80CRTRedist - 8.0.50727.4053
WD Diagnostics
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Mail
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Live Upload Tool
Windows Media Player Firefox Plugin
WinRAR archiver
WorkForce 30 Series Info Center
Zylom Games Player Plugin

==== Event Viewer Messages From Past Week ========

12/5/2010 3:02:51 AM, Error: Service Control Manager [7022] - The Windows Update service hung on starting.
12/3/2010 1:56:05 PM, Error: EventLog [6008] - The previous system shutdown at 1:53:08 PM on 12/3/2010 was unexpected.

==== End Of File ===========================

#6 Kenny94

Kenny94

    Malware Fighter

  • Experts
  • PipPipPipPipPipPip
  • 2,655 posts
  • Gender:Male
  • Location:S.C USA
  • Interests:The workings of Apple's tablets and all PC'S

    Computing is not about computers any more. It is about living.
    ~Nicholas Negroponte

Posted 10 December 2010 - 06:18 AM

  • Download TDSSKiller and save it to your Desktop.
  • Extract its contents to your desktop.
  • Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • Click the Report button and copy/paste the contents of it into your next reply
Note:It will also create a log in the C:\ directory.
My Blog On Malware And Security Tips

My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click the PayPal button Posted Image

#7 AutumnSage

AutumnSage

    New Member

  • Members
  • Pip
  • 12 posts

Posted 11 December 2010 - 03:19 PM

Here's the TDSSKiller Scan. It said it didn't find any infected files.

2010/12/11 15:19:03.0321 TDSS rootkit removing tool 2.4.11.0 Dec 8 2010 14:46:40
2010/12/11 15:19:03.0321 ================================================================================
2010/12/11 15:19:03.0321 SystemInfo:
2010/12/11 15:19:03.0321
2010/12/11 15:19:03.0321 OS Version: 6.0.6002 ServicePack: 2.0
2010/12/11 15:19:03.0321 Product type: Workstation
2010/12/11 15:19:03.0321 ComputerName: KENDRAK-PC
2010/12/11 15:19:03.0322 UserName: KendraK
2010/12/11 15:19:03.0322 Windows directory: C:\Windows
2010/12/11 15:19:03.0322 System windows directory: C:\Windows
2010/12/11 15:19:03.0322 Running under WOW64
2010/12/11 15:19:03.0322 Processor architecture: Intel x64
2010/12/11 15:19:03.0322 Number of processors: 8
2010/12/11 15:19:03.0322 Page size: 0x1000
2010/12/11 15:19:03.0322 Boot type: Normal boot
2010/12/11 15:19:03.0322 ================================================================================
2010/12/11 15:19:03.0322 Utility is running under WOW64
2010/12/11 15:19:03.0541 Initialize success
2010/12/11 15:19:06.0481 ================================================================================
2010/12/11 15:19:06.0481 Scan started
2010/12/11 15:19:06.0481 Mode: Manual;
2010/12/11 15:19:06.0481 ================================================================================
2010/12/11 15:19:07.0298 ACPI (1965aaffab07e3fb03c77f81beba3547) C:\Windows\system32\drivers\acpi.sys
2010/12/11 15:19:07.0344 adp94xx (f14215e37cf124104575073f782111d2) C:\Windows\system32\drivers\adp94xx.sys
2010/12/11 15:19:07.0381 adpahci (7d05a75e3066861a6610f7ee04ff085c) C:\Windows\system32\drivers\adpahci.sys
2010/12/11 15:19:07.0404 adpu160m (820a201fe08a0c345b3bedbc30e1a77c) C:\Windows\system32\drivers\adpu160m.sys
2010/12/11 15:19:07.0423 adpu320 (9b4ab6854559dc168fbb4c24fc52e794) C:\Windows\system32\drivers\adpu320.sys
2010/12/11 15:19:07.0486 AE1000 (481d9b0da819b1ba425dbb354dbde518) C:\Windows\system32\DRIVERS\ae1000va.sys
2010/12/11 15:19:07.0535 AFD (12415ccfd3e7cec55b5184e67b039fe4) C:\Windows\system32\drivers\afd.sys
2010/12/11 15:19:07.0556 agp440 (f6f6793b7f17b550ecfdbd3b229173f7) C:\Windows\system32\drivers\agp440.sys
2010/12/11 15:19:07.0576 aic78xx (222cb641b4b8a1d1126f8033f9fd6a00) C:\Windows\system32\drivers\djsvs.sys
2010/12/11 15:19:07.0604 aliide (157d0898d4b73f075ce9fa26b482df98) C:\Windows\system32\drivers\aliide.sys
2010/12/11 15:19:07.0621 amdide (970fa5059e61e30d25307b99903e991e) C:\Windows\system32\drivers\amdide.sys
2010/12/11 15:19:07.0641 AmdK8 (cdc3632a3a5ea4dbb83e46076a3165a1) C:\Windows\system32\drivers\amdk8.sys
2010/12/11 15:19:07.0664 arc (ba8417d4765f3988ff921f30f630e303) C:\Windows\system32\drivers\arc.sys
2010/12/11 15:19:07.0682 arcsas (9d41c435619733b34cc16a511e644b11) C:\Windows\system32\drivers\arcsas.sys
2010/12/11 15:19:07.0710 aswFsBlk (b76182f203e0bd5eb6a5f6538f0faee4) C:\Windows\system32\drivers\aswFsBlk.sys
2010/12/11 15:19:07.0738 aswMonFlt (a88e9544edda1ce83825dd22d6a8b5f9) C:\Windows\system32\drivers\aswMonFlt.sys
2010/12/11 15:19:07.0753 aswRdr (cfad2fb33b22e7039c9dc233baacbf8b) C:\Windows\system32\drivers\aswRdr.sys
2010/12/11 15:19:07.0781 aswSP (594365e887f4a5ad3970870b352eb887) C:\Windows\system32\drivers\aswSP.sys
2010/12/11 15:19:07.0792 aswTdi (4ba0a0e1d36f88f536180ffe5efd8b7c) C:\Windows\system32\drivers\aswTdi.sys
2010/12/11 15:19:07.0823 AsyncMac (22d13ff3dafec2a80634752b1eaa2de6) C:\Windows\system32\DRIVERS\asyncmac.sys
2010/12/11 15:19:07.0848 atapi (e68d9b3a3905619732f7fe039466a623) C:\Windows\system32\drivers\atapi.sys
2010/12/11 15:19:07.0886 AtiHdmiService (08fa104f07b243508ecd8d59007d2b2f) C:\Windows\system32\drivers\AtiHdmi.sys
2010/12/11 15:19:08.0000 atikmdag (29623db7e23b65f0c50ca19d7e0dfd03) C:\Windows\system32\DRIVERS\atikmdag.sys
2010/12/11 15:19:08.0105 blbdrive (79feeb40056683f8f61398d81dda65d2) C:\Windows\system32\drivers\blbdrive.sys
2010/12/11 15:19:08.0116 bowser (8b2b19031d0aeade6e1b933df1acba7e) C:\Windows\system32\DRIVERS\bowser.sys
2010/12/11 15:19:08.0140 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\brfiltlo.sys
2010/12/11 15:19:08.0167 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\brfiltup.sys
2010/12/11 15:19:08.0204 Brserid (f0f0ba4d815be446aa6a4583ca3bca9b) C:\Windows\system32\drivers\brserid.sys
2010/12/11 15:19:08.0231 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\system32\drivers\brserwdm.sys
2010/12/11 15:19:08.0258 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\system32\drivers\brusbmdm.sys
2010/12/11 15:19:08.0276 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\system32\drivers\brusbser.sys
2010/12/11 15:19:08.0334 BTHMODEM (e0777b34e05f8a82a21856efc900c29f) C:\Windows\system32\drivers\bthmodem.sys
2010/12/11 15:19:08.0420 cdfs (b4d787db8d30793a4d4df9feed18f136) C:\Windows\system32\DRIVERS\cdfs.sys
2010/12/11 15:19:08.0455 cdrom (c025aa69be3d0d25c7a2e746ef6f94fc) C:\Windows\system32\DRIVERS\cdrom.sys
2010/12/11 15:19:08.0477 circlass (02ea568d498bbdd4ba55bf3fce34d456) C:\Windows\system32\drivers\circlass.sys
2010/12/11 15:19:08.0494 CLBStor (fe9e7b984796a2d2198abb04910d16ad) C:\Windows\system32\DRIVERS\CLBStor.sys
2010/12/11 15:19:08.0518 CLBUDF (f9693138bacdfa4513a7f464bd6663fd) C:\Windows\system32\drivers\CLBUDF.sys
2010/12/11 15:19:08.0552 CLFS (3dca9a18b204939cfb24bea53e31eb48) C:\Windows\system32\CLFS.sys
2010/12/11 15:19:08.0584 cmdide (e5d5499a1c50a54b5161296b6afe6192) C:\Windows\system32\drivers\cmdide.sys
2010/12/11 15:19:08.0601 Compbatt (7fb8ad01db0eabe60c8a861531a8f431) C:\Windows\system32\drivers\compbatt.sys
2010/12/11 15:19:08.0613 crcdisk (a8585b6412253803ce8efcbd6d6dc15c) C:\Windows\system32\drivers\crcdisk.sys
2010/12/11 15:19:08.0661 DfsC (36cd31121f228e7e79bae60aa45764c6) C:\Windows\system32\Drivers\dfsc.sys
2010/12/11 15:19:08.0686 disk (b0107e40ecdb5fa692ebf832f295d905) C:\Windows\system32\drivers\disk.sys
2010/12/11 15:19:08.0742 drmkaud (f1a78a98cfc2ee02144c6bec945447e6) C:\Windows\system32\drivers\drmkaud.sys
2010/12/11 15:19:08.0787 DXGKrnl (e828cdca431d1f98d33501dfc390079a) C:\Windows\System32\drivers\dxgkrnl.sys
2010/12/11 15:19:08.0817 E1G60 (264cee7b031a9d6c827f3d0cb031f2fe) C:\Windows\system32\DRIVERS\E1G6032E.sys
2010/12/11 15:19:08.0856 Ecache (5f94962be5a62db6e447ff6470c4f48a) C:\Windows\system32\drivers\ecache.sys
2010/12/11 15:19:08.0896 elxstor (c4636d6e10469404ab5308d9fd45ed07) C:\Windows\system32\drivers\elxstor.sys
2010/12/11 15:19:08.0934 ErrDev (bc3a58e938bb277e46bf4b3003b01abd) C:\Windows\system32\drivers\errdev.sys
2010/12/11 15:19:08.0964 exfat (486844f47b6636044a42454614ed4523) C:\Windows\system32\drivers\exfat.sys
2010/12/11 15:19:08.0997 fastfat (1a4bee34277784619ddaf0422c0c6e23) C:\Windows\system32\drivers\fastfat.sys
2010/12/11 15:19:09.0023 fdc (81b79b6df71fa1d2c6d688d830616e39) C:\Windows\system32\DRIVERS\fdc.sys
2010/12/11 15:19:09.0037 FileInfo (457b7d1d533e4bd62a99aed9c7bb4c59) C:\Windows\system32\drivers\fileinfo.sys
2010/12/11 15:19:09.0059 Filetrace (d421327fd6efccaf884a54c58e1b0d7f) C:\Windows\system32\drivers\filetrace.sys
2010/12/11 15:19:09.0076 flpydisk (230923ea2b80f79b0f88d90f87b87ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
2010/12/11 15:19:09.0108 FltMgr (e3041bc26d6930d61f42aedb79c91720) C:\Windows\system32\drivers\fltmgr.sys
2010/12/11 15:19:09.0129 Fs_Rec (29d99e860a1ca0a03c6a733fdd0da703) C:\Windows\system32\drivers\Fs_Rec.sys
2010/12/11 15:19:09.0155 gagp30kx (c8e416668d3dc2be3d4fe4c79224997f) C:\Windows\system32\drivers\gagp30kx.sys
2010/12/11 15:19:09.0203 HdAudAddService (df45f8142dc6df9d18c39b3effbd0409) C:\Windows\system32\drivers\HdAudio.sys
2010/12/11 15:19:09.0243 HDAudBus (f942c5820205f2fb453243edfec82a3d) C:\Windows\system32\DRIVERS\HDAudBus.sys
2010/12/11 15:19:09.0272 HidBth (b4881c84a180e75b8c25dc1d726c375f) C:\Windows\system32\drivers\hidbth.sys
2010/12/11 15:19:09.0288 HidIr (4e77a77e2c986e8f88f996bb3e1ad829) C:\Windows\system32\drivers\hidir.sys
2010/12/11 15:19:09.0314 HidUsb (443bdd2d30bb4f00795c797e2cf99edf) C:\Windows\system32\DRIVERS\hidusb.sys
2010/12/11 15:19:09.0355 HpCISSs (d7109a1e6bd2dfdbcba72a6bc626a13b) C:\Windows\system32\drivers\hpcisss.sys
2010/12/11 15:19:09.0398 HTTP (098f1e4e5c9cb5b0063a959063631610) C:\Windows\system32\drivers\HTTP.sys
2010/12/11 15:19:09.0424 i2omp (da94c854cea5fac549d4e1f6e88349e8) C:\Windows\system32\drivers\i2omp.sys
2010/12/11 15:19:09.0446 i8042prt (cbb597659a2713ce0c9cc20c88c7591f) C:\Windows\system32\DRIVERS\i8042prt.sys
2010/12/11 15:19:09.0470 iaStorV (3e3bf3627d886736d0b4e90054f929f6) C:\Windows\system32\drivers\iastorv.sys
2010/12/11 15:19:09.0500 iirsp (8c3951ad2fe886ef76c7b5027c3125d3) C:\Windows\system32\drivers\iirsp.sys
2010/12/11 15:19:09.0554 IntcAzAudAddService (05d2502d2e43fb7d5ddf4f1db079c2e0) C:\Windows\system32\drivers\RTKVHD64.sys
2010/12/11 15:19:09.0577 intelide (df797a12176f11b2d301c5b234bb200e) C:\Windows\system32\drivers\intelide.sys
2010/12/11 15:19:09.0592 intelppm (bfd84af32fa1bad6231c4585cb469630) C:\Windows\system32\DRIVERS\intelppm.sys
2010/12/11 15:19:09.0626 IpFilterDriver (d8aabc341311e4780d6fce8c73c0ad81) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2010/12/11 15:19:09.0665 IPMIDRV (9c2ee2e6e5a7203bfae15c299475ec67) C:\Windows\system32\drivers\ipmidrv.sys
2010/12/11 15:19:09.0686 IPNAT (b7e6212f581ea5f6ab0c3a6ceeeb89be) C:\Windows\system32\DRIVERS\ipnat.sys
2010/12/11 15:19:09.0710 IRENUM (8c42ca155343a2f11d29feca67faa88d) C:\Windows\system32\drivers\irenum.sys
2010/12/11 15:19:09.0736 isapnp (0672bfcedc6fc468a2b0500d81437f4f) C:\Windows\system32\drivers\isapnp.sys
2010/12/11 15:19:09.0757 iScsiPrt (e4fdf99599f27ec25d2cf6d754243520) C:\Windows\system32\DRIVERS\msiscsi.sys
2010/12/11 15:19:09.0776 iteatapi (63c766cdc609ff8206cb447a65abba4a) C:\Windows\system32\drivers\iteatapi.sys
2010/12/11 15:19:09.0797 iteraid (1281fe73b17664631d12f643cbea3f59) C:\Windows\system32\drivers\iteraid.sys
2010/12/11 15:19:09.0830 kbdclass (423696f3ba6472dd17699209b933bc26) C:\Windows\system32\DRIVERS\kbdclass.sys
2010/12/11 15:19:09.0850 kbdhid (dbdf75d51464fbc47d0104ec3d572c05) C:\Windows\system32\DRIVERS\kbdhid.sys
2010/12/11 15:19:09.0904 KSecDD (476e2c1dcea45895994bef11c2a98715) C:\Windows\system32\Drivers\ksecdd.sys
2010/12/11 15:19:09.0935 ksthunk (1d419cf43db29396ecd7113d129d94eb) C:\Windows\system32\drivers\ksthunk.sys
2010/12/11 15:19:09.0987 lltdio (96ece2659b6654c10a0c310ae3a6d02c) C:\Windows\system32\DRIVERS\lltdio.sys
2010/12/11 15:19:10.0024 LSI_FC (acbe1af32d3123e330a07bfbc5ec4a9b) C:\Windows\system32\drivers\lsi_fc.sys
2010/12/11 15:19:10.0056 LSI_SAS (799ffb2fc4729fa46d2157c0065b3525) C:\Windows\system32\drivers\lsi_sas.sys
2010/12/11 15:19:10.0085 LSI_SCSI (f445ff1daad8a226366bfaf42551226b) C:\Windows\system32\drivers\lsi_scsi.sys
2010/12/11 15:19:10.0105 luafv (52f87b9cc8932c2a7375c3b2a9be5e3e) C:\Windows\system32\drivers\luafv.sys
2010/12/11 15:19:10.0126 megasas (5c5cd6aaced32fb26c3fb34b3dcf972f) C:\Windows\system32\drivers\megasas.sys
2010/12/11 15:19:10.0166 MegaSR (859bc2436b076c77c159ed694acfe8f8) C:\Windows\system32\drivers\megasr.sys
2010/12/11 15:19:10.0201 Modem (59848d5cc74606f0ee7557983bb73c2e) C:\Windows\system32\drivers\modem.sys
2010/12/11 15:19:10.0223 monitor (c247cc2a57e0a0c8c6dccf7807b3e9e5) C:\Windows\system32\DRIVERS\monitor.sys
2010/12/11 15:19:10.0236 mouclass (9367304e5e412b120cf5f4ea14e4e4f1) C:\Windows\system32\DRIVERS\mouclass.sys
2010/12/11 15:19:10.0249 mouhid (c2c2bd5c5ce5aaf786ddd74b75d2ac69) C:\Windows\system32\DRIVERS\mouhid.sys
2010/12/11 15:19:10.0262 MountMgr (11bc9b1e8801b01f7f6adb9ead30019b) C:\Windows\system32\drivers\mountmgr.sys
2010/12/11 15:19:10.0300 mpio (f8276eb8698142884498a528dfea8478) C:\Windows\system32\drivers\mpio.sys
2010/12/11 15:19:10.0331 mpsdrv (c92b9abdb65a5991e00c28f13491dba2) C:\Windows\system32\drivers\mpsdrv.sys
2010/12/11 15:19:10.0360 Mraid35x (3c200630a89ef2c0864d515b7a75802e) C:\Windows\system32\drivers\mraid35x.sys
2010/12/11 15:19:10.0396 MRxDAV (7c1de4aa96dc0c071611f9e7de02a68d) C:\Windows\system32\drivers\mrxdav.sys
2010/12/11 15:19:10.0431 mrxsmb (d58d129e26705e83a4deba7177eb7972) C:\Windows\system32\DRIVERS\mrxsmb.sys
2010/12/11 15:19:10.0450 mrxsmb10 (d5be5c14e0f1dc489f5bb2a67983f630) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2010/12/11 15:19:10.0462 mrxsmb20 (09a2990c3b293c212816c9bc0d7c200e) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2010/12/11 15:19:10.0478 msahci (1ac860612b85d8e85ee257d372e39f4d) C:\Windows\system32\drivers\msahci.sys
2010/12/11 15:19:10.0499 msdsm (264bbb4aaf312a485f0e44b65a6b7202) C:\Windows\system32\drivers\msdsm.sys
2010/12/11 15:19:10.0526 Msfs (704f59bfc4512d2bb0146aec31b10a7c) C:\Windows\system32\drivers\Msfs.sys
2010/12/11 15:19:10.0540 msisadrv (00ebc952961664780d43dca157e79b27) C:\Windows\system32\drivers\msisadrv.sys
2010/12/11 15:19:10.0575 MSKSSRV (0ea73e498f53b96d83dbfca074ad4cf8) C:\Windows\system32\drivers\MSKSSRV.sys
2010/12/11 15:19:10.0591 MSPCLOCK (52e59b7e992a58e740aa63f57edbae8b) C:\Windows\system32\drivers\MSPCLOCK.sys
2010/12/11 15:19:10.0622 MSPQM (49084a75bae043ae02d5b44d02991bb2) C:\Windows\system32\drivers\MSPQM.sys
2010/12/11 15:19:10.0658 MsRPC (dc6ccf440cdede4293db41c37a5060a5) C:\Windows\system32\drivers\MsRPC.sys
2010/12/11 15:19:10.0678 mssmbios (855796e59df77ea93af46f20155bf55b) C:\Windows\system32\DRIVERS\mssmbios.sys
2010/12/11 15:19:10.0693 MSTEE (86d632d75d05d5b7c7c043fa3564ae86) C:\Windows\system32\drivers\MSTEE.sys
2010/12/11 15:19:10.0710 Mup (0cc49f78d8aca0877d885f149084e543) C:\Windows\system32\Drivers\mup.sys
2010/12/11 15:19:10.0752 NativeWifiP (2007b826c4acd94ae32232b41f0842b9) C:\Windows\system32\DRIVERS\nwifi.sys
2010/12/11 15:19:10.0812 NDIS (65950e07329fcee8e6516b17c8d0abb6) C:\Windows\system32\drivers\ndis.sys
2010/12/11 15:19:10.0840 NdisTapi (64df698a425478e321981431ac171334) C:\Windows\system32\DRIVERS\ndistapi.sys
2010/12/11 15:19:10.0862 Ndisuio (8baa43196d7b5bb972c9a6b2bbf61a19) C:\Windows\system32\DRIVERS\ndisuio.sys
2010/12/11 15:19:10.0880 NdisWan (f8158771905260982ce724076419ef19) C:\Windows\system32\DRIVERS\ndiswan.sys
2010/12/11 15:19:10.0898 NDProxy (9cb77ed7cb72850253e973a2d6afdf49) C:\Windows\system32\drivers\NDProxy.sys
2010/12/11 15:19:10.0937 NetBIOS (a499294f5029a7862adc115bda7371ce) C:\Windows\system32\DRIVERS\netbios.sys
2010/12/11 15:19:10.0973 netbt (fc2c792ebddc8e28df939d6a92c83d61) C:\Windows\system32\DRIVERS\netbt.sys
2010/12/11 15:19:11.0010 nfrd960 (4ac08bd6af2df42e0c3196d826c8aea7) C:\Windows\system32\drivers\nfrd960.sys
2010/12/11 15:19:11.0040 Npfs (b298874f8e0ea93f06ec40aa8d146478) C:\Windows\system32\drivers\Npfs.sys
2010/12/11 15:19:11.0066 nsiproxy (1523af19ee8b030ba682f7a53537eaeb) C:\Windows\system32\drivers\nsiproxy.sys
2010/12/11 15:19:11.0123 Ntfs (bac869dfb98e499ba4d9bb1fb43270e1) C:\Windows\system32\drivers\Ntfs.sys
2010/12/11 15:19:11.0146 Null (dd5d684975352b85b52e3fd5347c20cb) C:\Windows\system32\drivers\Null.sys
2010/12/11 15:19:11.0171 nvraid (2c040b7ada5b06f6facadac8514aa034) C:\Windows\system32\drivers\nvraid.sys
2010/12/11 15:19:11.0193 nvstor (f7ea0fe82842d05eda3efdd376dbfdba) C:\Windows\system32\drivers\nvstor.sys
2010/12/11 15:19:11.0214 nv_agp (19067ca93075ef4823e3938a686f532f) C:\Windows\system32\drivers\nv_agp.sys
2010/12/11 15:19:11.0258 ohci1394 (7b58953e2f263421fdbb09a192712a85) C:\Windows\system32\drivers\ohci1394.sys
2010/12/11 15:19:11.0290 Parport (aecd57f94c887f58919f307c35498ea0) C:\Windows\system32\drivers\parport.sys
2010/12/11 15:19:11.0301 partmgr (f9b5eda4c17a2be7663f064dbf0fe254) C:\Windows\system32\drivers\partmgr.sys
2010/12/11 15:19:11.0333 pci (47ab1e0fc9d0e12bb53ba246e3a0906d) C:\Windows\system32\drivers\pci.sys
2010/12/11 15:19:11.0367 pciide (2657f6c0b78c36d95034be109336e382) C:\Windows\system32\drivers\pciide.sys
2010/12/11 15:19:11.0386 pcmcia (037661f3d7c507c9993b7010ceee6288) C:\Windows\system32\drivers\pcmcia.sys
2010/12/11 15:19:11.0418 PEAUTH (58865916f53592a61549b04941bfd80d) C:\Windows\system32\drivers\peauth.sys
2010/12/11 15:19:11.0492 PptpMiniport (23386e9952025f5f21c368971e2e7301) C:\Windows\system32\DRIVERS\raspptp.sys
2010/12/11 15:19:11.0517 Processor (5080e59ecee0bc923f14018803aa7a01) C:\Windows\system32\drivers\processr.sys
2010/12/11 15:19:11.0553 PSched (c5ab7f0809392d0da027f4a2a81bfa31) C:\Windows\system32\DRIVERS\pacer.sys
2010/12/11 15:19:11.0596 ql2300 (0b83f4e681062f3839be2ec1d98fd94a) C:\Windows\system32\drivers\ql2300.sys
2010/12/11 15:19:11.0635 ql40xx (e1c80f8d4d1e39ef9595809c1369bf2a) C:\Windows\system32\drivers\ql40xx.sys
2010/12/11 15:19:11.0656 QWAVEdrv (e8d76edab77ec9c634c27b8eac33adc5) C:\Windows\system32\drivers\qwavedrv.sys
2010/12/11 15:19:11.0665 RasAcd (1013b3b663a56d3ddd784f581c1bd005) C:\Windows\system32\DRIVERS\rasacd.sys
2010/12/11 15:19:11.0686 Rasl2tp (ac7bc4d42a7e558718dfdec599bbfc2c) C:\Windows\system32\DRIVERS\rasl2tp.sys
2010/12/11 15:19:11.0724 RasPppoe (4517fbf8b42524afe4ede1de102aae3e) C:\Windows\system32\DRIVERS\raspppoe.sys
2010/12/11 15:19:11.0759 RasSstp (c6a593b51f34c33e5474539544072527) C:\Windows\system32\DRIVERS\rassstp.sys
2010/12/11 15:19:11.0770 rdbss (322db5c6b55e8d8ee8d6f358b2aaabb1) C:\Windows\system32\DRIVERS\rdbss.sys
2010/12/11 15:19:11.0789 RDPCDD (603900cc05f6be65ccbf373800af3716) C:\Windows\system32\DRIVERS\RDPCDD.sys
2010/12/11 15:19:11.0817 rdpdr (c045d1fb111c28df0d1be8d4bda22c06) C:\Windows\system32\drivers\rdpdr.sys
2010/12/11 15:19:11.0830 RDPENCDD (cab9421daf3d97b33d0d055858e2c3ab) C:\Windows\system32\drivers\rdpencdd.sys
2010/12/11 15:19:11.0862 RDPWD (b1d741c87cea8d7282146366cc9c3f81) C:\Windows\system32\drivers\RDPWD.sys
2010/12/11 15:19:11.0904 rspndr (22a9cb08b1a6707c1550c6bf099aae73) C:\Windows\system32\DRIVERS\rspndr.sys
2010/12/11 15:19:11.0936 RTL8169 (390482953c63e81bae52f20386394421) C:\Windows\system32\DRIVERS\Rtlh64.sys
2010/12/11 15:19:11.0982 RTL8187 (d5abaa870dc0df690cacfef0897e7f38) C:\Windows\system32\DRIVERS\wg111v2.sys
2010/12/11 15:19:12.0002 sbp2port (cd9c693589c60ad59bbbcfb0e524e01b) C:\Windows\system32\drivers\sbp2port.sys
2010/12/11 15:19:12.0044 SCMNdisP (6011cdf54bb6f4c69f38faccdad73d7e) C:\Windows\system32\DRIVERS\scmndisp.sys
2010/12/11 15:19:12.0063 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
2010/12/11 15:19:12.0090 Serenum (2449316316411d65bd2c761a6ffb2ce2) C:\Windows\system32\DRIVERS\serenum.sys
2010/12/11 15:19:12.0109 Serial (4b438170be2fc8e0bd35ee87a960f84f) C:\Windows\system32\DRIVERS\serial.sys
2010/12/11 15:19:12.0133 sermouse (a842f04833684bceea7336211be478df) C:\Windows\system32\drivers\sermouse.sys
2010/12/11 15:19:12.0172 sffdisk (14d4b4465193a87c127933978e8c4106) C:\Windows\system32\drivers\sffdisk.sys
2010/12/11 15:19:12.0202 sffp_mmc (7073aee3f82f3d598e3825962aa98ab2) C:\Windows\system32\drivers\sffp_mmc.sys
2010/12/11 15:19:12.0214 sffp_sd (35e59ebe4a01a0532ed67975161c7b82) C:\Windows\system32\drivers\sffp_sd.sys
2010/12/11 15:19:12.0234 sfloppy (6b7838c94135768bd455cbdc23e39e5f) C:\Windows\system32\drivers\sfloppy.sys
2010/12/11 15:19:12.0259 SiSRaid2 (7a5de502aeb719d4594c6471060a78b3) C:\Windows\system32\drivers\sisraid2.sys
2010/12/11 15:19:12.0273 SiSRaid4 (3a2f769fab9582bc720e11ea1dfb184d) C:\Windows\system32\drivers\sisraid4.sys
2010/12/11 15:19:12.0314 Smb (290b6f6a0ec4fcdfc90f5cb6d7020473) C:\Windows\system32\DRIVERS\smb.sys
2010/12/11 15:19:12.0332 spldr (386c3c63f00a7040c7ec5e384217e89d) C:\Windows\system32\drivers\spldr.sys
2010/12/11 15:19:12.0373 srv (8cd33a47ca02c79038b669f31f95bdac) C:\Windows\system32\DRIVERS\srv.sys
2010/12/11 15:19:12.0397 srv2 (1bedf533096c56e70f87e3e3ee02caf5) C:\Windows\system32\DRIVERS\srv2.sys
2010/12/11 15:19:12.0414 srvnet (2b8c340f830c465f514d966f7e6a822f) C:\Windows\system32\DRIVERS\srvnet.sys
2010/12/11 15:19:12.0448 swenum (8a851ca908b8b974f89c50d2e18d4f0c) C:\Windows\system32\DRIVERS\swenum.sys
2010/12/11 15:19:12.0470 Symc8xx (2f26a2c6fc96b29beff5d8ed74e6625b) C:\Windows\system32\drivers\symc8xx.sys
2010/12/11 15:19:12.0492 Sym_hi (a909667976d3bccd1df813fed517d837) C:\Windows\system32\drivers\sym_hi.sys
2010/12/11 15:19:12.0503 Sym_u3 (36887b56ec2d98b9c362f6ae4de5b7b0) C:\Windows\system32\drivers\sym_u3.sys
2010/12/11 15:19:12.0569 Tcpip (973658a2ea9c06b2976884b9046dfc6c) C:\Windows\system32\drivers\tcpip.sys
2010/12/11 15:19:12.0604 Tcpip6 (973658a2ea9c06b2976884b9046dfc6c) C:\Windows\system32\DRIVERS\tcpip.sys
2010/12/11 15:19:12.0636 tcpipreg (c7e72a4071ee0200e3c075dacfb2b334) C:\Windows\system32\drivers\tcpipreg.sys
2010/12/11 15:19:12.0658 TDPIPE (1d8bf4aaa5fb7a2761475781dc1195bc) C:\Windows\system32\drivers\tdpipe.sys
2010/12/11 15:19:12.0676 TDTCP (7f7e00cdf609df657f4cda02dd1c9bb1) C:\Windows\system32\drivers\tdtcp.sys
2010/12/11 15:19:12.0715 tdx (458919c8c42e398dc4802178d5ffee27) C:\Windows\system32\DRIVERS\tdx.sys
2010/12/11 15:19:12.0751 TermDD (8c19678d22649ec002ef2282eae92f98) C:\Windows\system32\DRIVERS\termdd.sys
2010/12/11 15:19:12.0786 tssecsrv (9e5409cd17c8bef193aad498f3bc2cb8) C:\Windows\system32\DRIVERS\tssecsrv.sys
2010/12/11 15:19:12.0795 tunmp (89ec74a9e602d16a75a4170511029b3c) C:\Windows\system32\DRIVERS\tunmp.sys
2010/12/11 15:19:12.0832 tunnel (30a9b3f45ad081bffc3bcaa9c812b609) C:\Windows\system32\DRIVERS\tunnel.sys
2010/12/11 15:19:12.0851 uagp35 (fec266ef401966311744bd0f359f7f56) C:\Windows\system32\drivers\uagp35.sys
2010/12/11 15:19:12.0890 udfs (faf2640a2a76ed03d449e443194c4c34) C:\Windows\system32\DRIVERS\udfs.sys
2010/12/11 15:19:12.0922 uliagpkx (4ec9447ac3ab462647f60e547208ca00) C:\Windows\system32\drivers\uliagpkx.sys
2010/12/11 15:19:12.0944 uliahci (697f0446134cdc8f99e69306184fbbb4) C:\Windows\system32\drivers\uliahci.sys
2010/12/11 15:19:12.0968 UlSata (31707f09846056651ea2c37858f5ddb0) C:\Windows\system32\drivers\ulsata.sys
2010/12/11 15:19:12.0990 ulsata2 (85e5e43ed5b48c8376281bab519271b7) C:\Windows\system32\drivers\ulsata2.sys
2010/12/11 15:19:13.0001 umbus (46e9a994c4fed537dd951f60b86ad3f4) C:\Windows\system32\DRIVERS\umbus.sys
2010/12/11 15:19:13.0053 usbccgp (07e3498fc60834219d2356293da0fecc) C:\Windows\system32\DRIVERS\usbccgp.sys
2010/12/11 15:19:13.0077 usbcir (9247f7e0b65852c1f6631480984d6ed2) C:\Windows\system32\drivers\usbcir.sys
2010/12/11 15:19:13.0103 usbehci (827e44de934a736ea31e91d353eb126f) C:\Windows\system32\DRIVERS\usbehci.sys
2010/12/11 15:19:13.0124 usbhub (bb35cd80a2ececfadc73569b3d70c7d1) C:\Windows\system32\DRIVERS\usbhub.sys
2010/12/11 15:19:13.0143 usbohci (eba14ef0c07cec233f1529c698d0d154) C:\Windows\system32\drivers\usbohci.sys
2010/12/11 15:19:13.0168 usbprint (28b693b6d31e7b9332c1bdcefef228c1) C:\Windows\system32\DRIVERS\usbprint.sys
2010/12/11 15:19:13.0205 usbscan (ea0bf666868964fbe8cb10e50c97b9f1) C:\Windows\system32\DRIVERS\usbscan.sys
2010/12/11 15:19:13.0221 USBSTOR (b854c1558fca0c269a38663e8b59b581) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2010/12/11 15:19:13.0243 usbuhci (b2872cbf9f47316abd0e0c74a1aba507) C:\Windows\system32\DRIVERS\usbuhci.sys
2010/12/11 15:19:13.0260 usbvideo (fc33099877790d51b0927b7039059855) C:\Windows\system32\Drivers\usbvideo.sys
2010/12/11 15:19:13.0296 vga (916b94bcf1e09873fff2d5fb11767bbc) C:\Windows\system32\DRIVERS\vgapnp.sys
2010/12/11 15:19:13.0314 VgaSave (b83ab16b51feda65dd81b8c59d114d63) C:\Windows\System32\drivers\vga.sys
2010/12/11 15:19:13.0335 viaide (8294b6c3fdb6c33f24e150de647ecdaa) C:\Windows\system32\drivers\viaide.sys
2010/12/11 15:19:13.0344 volmgr (2b7e885ed951519a12c450d24535dfca) C:\Windows\system32\drivers\volmgr.sys
2010/12/11 15:19:13.0385 volmgrx (cec5ac15277d75d9e5dec2e1c6eaf877) C:\Windows\system32\drivers\volmgrx.sys
2010/12/11 15:19:13.0423 volsnap (5280aada24ab36b01a84a6424c475c8d) C:\Windows\system32\drivers\volsnap.sys
2010/12/11 15:19:13.0476 vsmraid (a68f455ed2673835209318dd61bfbb0e) C:\Windows\system32\drivers\vsmraid.sys
2010/12/11 15:19:13.0627 wacmoumonitor (f39fc224758290a3193c68c091e6f11a) C:\Windows\system32\DRIVERS\wacmoumonitor.sys
2010/12/11 15:19:13.0900 wacommousefilter (e04d43c7d1641e95d35cae6086c7e350) C:\Windows\system32\DRIVERS\wacommousefilter.sys
2010/12/11 15:19:13.0922 WacomPen (fef8fe5923fead2cee4dfabfce3393a7) C:\Windows\system32\drivers\wacompen.sys
2010/12/11 15:19:13.0932 wacomvhid (53b03e71e88109a5c3c074a33889258a) C:\Windows\system32\DRIVERS\wacomvhid.sys
2010/12/11 15:19:13.0943 WacomVKHid (8b4255329edfba3ecfbd0714476fad38) C:\Windows\system32\DRIVERS\WacomVKHid.sys
2010/12/11 15:19:13.0983 Wanarp (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys
2010/12/11 15:19:13.0991 Wanarpv6 (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys
2010/12/11 15:19:14.0018 Wd (0c17a0816f65b89e362e682ad5e7266e) C:\Windows\system32\drivers\wd.sys
2010/12/11 15:19:14.0050 Wdf01000 (d02e7e4567da1e7582fbf6a91144b0df) C:\Windows\system32\drivers\Wdf01000.sys
2010/12/11 15:19:14.0125 WmiAcpi (e18aebaaa5a773fe11aa2c70f65320f5) C:\Windows\system32\drivers\wmiacpi.sys
2010/12/11 15:19:14.0181 WpdUsb (6329d1990db931073b86ab5946d8e317) C:\Windows\system32\DRIVERS\wpdusb.sys
2010/12/11 15:19:14.0207 ws2ifsl (8a900348370e359b6bff6a550e4649e1) C:\Windows\system32\drivers\ws2ifsl.sys
2010/12/11 15:19:14.0239 WUDFRd (501a65252617b495c0f1832f908d54d8) C:\Windows\system32\DRIVERS\WUDFRd.sys
2010/12/11 15:19:14.0334 {95808DC4-FA4A-4C74-92FE-5B863F82066B} (6839fa0c104dbbdd989e2eac27acb761) C:\Program Files (x86)\CyberLink\PowerDVD\000.fcl
2010/12/11 15:19:14.0374 ================================================================================
2010/12/11 15:19:14.0374 Scan finished
2010/12/11 15:19:14.0374 ================================================================================

#8 Kenny94

Kenny94

    Malware Fighter

  • Experts
  • PipPipPipPipPipPip
  • 2,655 posts
  • Gender:Male
  • Location:S.C USA
  • Interests:The workings of Apple's tablets and all PC'S

    Computing is not about computers any more. It is about living.
    ~Nicholas Negroponte

Posted 11 December 2010 - 09:31 PM

Using Internet Explorer or Firefox, visit Kaspersky Online Scanner

1. Click Accept, when prompted to download and install the program files and database of malware definitions.

2. To optimize scanning time and produce a more sensible report for review:
  • Close any open programs
  • Turn off the real time scanner of any existing antivirus program while performing the online scan. Click HERE to see how to disable the most common antivirus programs.
3. Click Run at the Security prompt.

The program will then begin downloading and installing and will also update the database.
Please be patient as this can take quite a long time to download.
  • Once the update is complete, click on Settings.
  • Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
    • Spyware, adware, dialers, and other riskware
    • Archives
    • E-mail databases
  • Click on My Computer under the green Scan bar to the left to start the scan.
  • Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
  • Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.
  • Click View report... at the bottom.
  • Click the Save report... button.

    Posted Image

  • Change the Files of type dropdown box to Text file (.txt) and name the file KasReport.txt to save the file to your desktop so that you may post it in your next reply

My Blog On Malware And Security Tips

My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click the PayPal button Posted Image

#9 AutumnSage

AutumnSage

    New Member

  • Members
  • Pip
  • 12 posts

Posted 12 December 2010 - 04:27 PM

Last night I started the Kaspersky scanner and followed all of your directions. It was updating and got to about 40% and then seemed to start over. By the time I went to bed (about 1 hour later) it was up to about 7% so I let it run overnight and this morning I checked and it was at 3% again. I closed the window, restarted my computer and followed all the directions again. No other programs were running, avast was disabled.
I've tried 3 times this morning and keep getting this message when it started to do the update:

Attached File  error.png   27.57KB   4 downloads

#10 Kenny94

Kenny94

    Malware Fighter

  • Experts
  • PipPipPipPipPipPip
  • 2,655 posts
  • Gender:Male
  • Location:S.C USA
  • Interests:The workings of Apple's tablets and all PC'S

    Computing is not about computers any more. It is about living.
    ~Nicholas Negroponte

Posted 13 December 2010 - 07:45 AM

ESET Online Scanner will work:

ESET Online Scanner

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however may need to disable your current installed Anti-Virus, how to do so can be read here.

  • Please go here then click on: Posted Image
  • Select the option YES, I accept the Terms of Use then click on: Posted Image
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on: Posted Image
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
  • Now click on: Posted Image
  • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.
Note: Do not forget to re-enable your Anti-Virus application after running the above scan!
My Blog On Malware And Security Tips

My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click the PayPal button Posted Image

#11 AutumnSage

AutumnSage

    New Member

  • Members
  • Pip
  • 12 posts

Posted 13 December 2010 - 11:32 PM

Here's the log:

ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6415
# api_version=3.0.2
# EOSSerial=f34e39ead10dfa42860b696bdfbf03d4
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2010-12-14 04:19:37
# local_time=2010-12-13 11:19:37 (-0500, Eastern Standard Time)
# country="United States"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=770 16774141 100 0 0 0 0 0
# compatibility_mode=5892 16776573 100 56 0 128895297 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=200061
# found=9
# cleaned=0
# scan_time=3786
C:\Users\KendraK\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\B4S6M8FF\st[1] Win32/Adware.SpywareProtect2009 application (unable to clean) 00000000000000000000000000000000 I
C:\Users\KendraK\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\J1TK2M7Z\api[1] Win32/Adware.SpywareProtect2009 application (unable to clean) 00000000000000000000000000000000 I
C:\Users\KendraK\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\J1TK2M7Z\api[2] Win32/Adware.SpywareProtect2009 application (unable to clean) 00000000000000000000000000000000 I
C:\Users\KendraK\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\KN0TY13K\version[2].xml Win32/Adware.SpywareProtect2009 application (unable to clean) 00000000000000000000000000000000 I
C:\Users\KendraK\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\ZQVR1568\version[1].xml Win32/Adware.SpywareProtect2009 application (unable to clean) 00000000000000000000000000000000 I
C:\Users\KendraK\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\20\7bb99554-6d7ebba7 probably a variant of Win32/Agent.DYXWUMY trojan (unable to clean) 00000000000000000000000000000000 I
C:\Users\KendraK\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\29\7adbb65d-6c1315da multiple threats (unable to clean) 00000000000000000000000000000000 I
C:\Users\KendraK\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\36\4ba76d24-58f95e8f multiple threats (unable to clean) 00000000000000000000000000000000 I
C:\Users\KendraK\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\8\60babc48-72163751 multiple threats (unable to clean) 00000000000000000000000000000000 I

#12 Kenny94

Kenny94

    Malware Fighter

  • Experts
  • PipPipPipPipPipPip
  • 2,655 posts
  • Gender:Male
  • Location:S.C USA
  • Interests:The workings of Apple's tablets and all PC'S

    Computing is not about computers any more. It is about living.
    ~Nicholas Negroponte

Posted 14 December 2010 - 06:51 AM

Please download the OTM by OldTimer.
  • Save it to your desktop.
  • Please double-click OTM.exe to run it. (Vista users, please right click on OTM.exe and select "Run as an Administrator")
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    :Services
    
    :Reg
    
    :Files
    C:\Users\KendraK\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\B4S6M8FF\st[1] 
    C:\Users\KendraK\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\J1TK2M7Z\api[1] 
    C:\Users\KendraK\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\J1TK2M7Z\api[2] 
    C:\Users\KendraK\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\KN0TY13K\version[2].xml
    C:\Users\KendraK\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\ZQVR1568\version[1].xml 
    C:\Users\KendraK\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\20\7bb99554-6d7ebba7 
    C:\Users\KendraK\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\29\7adbb65d-6c1315da  
    C:\Users\KendraK\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\36\4ba76d24-58f95e8f
    C:\Users\KendraK\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\8\60babc48-72163751 
    ipconfig /flushdns /c
    
    
    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [CREATERESTOREPOINT]
    [EMPTYFLASH]
    [Reboot]
  • Return to OTM, right click in the "Paste instructions for items to be Move" window (under the light Yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • A log of files and folders moved will be created in the c:\_OTM\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
  • Close OTM
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.
My Blog On Malware And Security Tips

My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click the PayPal button Posted Image

#13 AutumnSage

AutumnSage

    New Member

  • Members
  • Pip
  • 12 posts

Posted 14 December 2010 - 10:20 PM

All processes killed
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
C:\Users\KendraK\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\B4S6M8FF\st[1] moved successfully.
C:\Users\KendraK\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\J1TK2M7Z\api[1] moved successfully.
C:\Users\KendraK\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\J1TK2M7Z\api[2] moved successfully.
C:\Users\KendraK\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\KN0TY13K\version[2].xml moved successfully.
C:\Users\KendraK\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\ZQVR1568\version[1].xml moved successfully.
C:\Users\KendraK\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\20\7bb99554-6d7ebba7 moved successfully.
C:\Users\KendraK\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\29\7adbb65d-6c1315da moved successfully.
C:\Users\KendraK\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\36\4ba76d24-58f95e8f moved successfully.
C:\Users\KendraK\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\8\60babc48-72163751 moved successfully.
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\KendraK\Desktop\cmd.bat deleted successfully.
C:\Users\KendraK\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
File move failed. C:\Windows\System32\drivers\etc\Hosts scheduled to be moved on reboot.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56504 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Guest
->Temp folder emptied: 538536 bytes
->Temporary Internet Files folder emptied: 91262696 bytes
->Java cache emptied: 9627 bytes
->FireFox cache emptied: 31676686 bytes
->Flash cache emptied: 1358 bytes

User: KendraK
->Temp folder emptied: 2070525916 bytes
->Temporary Internet Files folder emptied: 106099539 bytes
->Java cache emptied: 15170208 bytes
->FireFox cache emptied: 107359482 bytes
->Google Chrome cache emptied: 14062458 bytes
->Flash cache emptied: 2313783 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 81538133 bytes
%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 40283 bytes
%systemroot%\system32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 326 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 16438085499 bytes

Total Files Cleaned = 18,081.00 mb

Restore point Set: OTM Restore Point

OTM by OldTimer - Version 3.1.17.2 log created on 12142010_221234

Files moved on Reboot...
File move failed. C:\Windows\System32\drivers\etc\Hosts scheduled to be moved on reboot.
File move failed. C:\Windows\temp\_avast5_\Webshlock.txt scheduled to be moved on reboot.

Registry entries deleted on Reboot...

#14 Kenny94

Kenny94

    Malware Fighter

  • Experts
  • PipPipPipPipPipPip
  • 2,655 posts
  • Gender:Male
  • Location:S.C USA
  • Interests:The workings of Apple's tablets and all PC'S

    Computing is not about computers any more. It is about living.
    ~Nicholas Negroponte

Posted 15 December 2010 - 08:02 AM

Hi

Please give me a update on how your PC is doing?
My Blog On Malware And Security Tips

My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click the PayPal button Posted Image

#15 AutumnSage

AutumnSage

    New Member

  • Members
  • Pip
  • 12 posts

Posted 15 December 2010 - 10:04 AM

Hi,

I just did a quick search using the toolbar on my Firefox using the google search. I still received a message from Avast! saying it was a Malicious URL block. The same message as I listed in my first post.

#16 Kenny94

Kenny94

    Malware Fighter

  • Experts
  • PipPipPipPipPipPip
  • 2,655 posts
  • Gender:Male
  • Location:S.C USA
  • Interests:The workings of Apple's tablets and all PC'S

    Computing is not about computers any more. It is about living.
    ~Nicholas Negroponte

Posted 15 December 2010 - 10:07 AM

Please download GooredFix from one of the locations below and save it to your Desktop
Download Mirror #1
Download Mirror #2
  • Ensure all Firefox windows are closed.
  • To run the tool, double-click it (XP), or right-click and select Run As Administrator (Vista).
  • When prompted to run the scan, click Yes.
  • GooredFix will check for infections, and then a log will appear. Please post the contents of that log in your next reply (it can also be found on your desktop, called GooredFix.txt).

Next

Router Reset
  • Please read this: Malware Silently Alters Wireless Router Settings

  • Consult this link to find out what is the default username and password of your router and note down them: Route Passwords

  • Then rest your router to it's factory default settings:

    "If your machine has been infected by one of these Zlob/DNSchanger Trojans, and your router settings have been altered, I would strongly recommend that you reset the router to its default configuration. Usually, this can be done by inserting something tiny like a paper clip end or pencil tip into a small hole labeled "reset" located on the back of the router. Press and hold down the small button inside until the lights on the front of the router blink off and then on again (usually about 10 seconds)"


  • This is the difficult part.
    First get to the routers server. To do that type http:\\192.168.1.1 in the address bar and click Enter. You get the log in window.
    Fill in the password you have already found and you will get the configuration page.
    Configure the router to allow you to connect to your ISP server. In some routers it is done by a setup wizard. But you have to fill in the log in password your ISP has initially given to you.
    You can also call your ISP if you don't have your initial password.
    Don't forget to change the routers default password and set a strong password. Note down the password and keep it somewhere for future reference.

  • Please make sure of the following settings:
    • Go to start => Control panel => Double-click Network and Sharing Center.
    • In the left window select Manage network Connection.
    • In the right window right-click Local Area connection and select Properties .
    • Internet Protocol Version 6 (IP6v) should be checked. Double-click on it: Make sure of the following settings:
    • The option Obtain an IP address automatically should be checked.
    • The option Obtain DNS server address automatically should be checked.
    • Click OK.
    • Internet Protocol Version 4 (IP4v) should be checked. Double-click on it.[list]
    • The option Obtain an IP address automatically should be checked.
    • The option Obtain DNS server address automatically should be checked.
  • Click OK twice.
  • If you should change any setting reboot the computer.

My Blog On Malware And Security Tips

My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click the PayPal button Posted Image

#17 AutumnSage

AutumnSage

    New Member

  • Members
  • Pip
  • 12 posts

Posted 15 December 2010 - 10:58 AM

My computer isn't hooked up to the router nor do I have access to the router. My landlord, who lives above me, lets us use his internet. My computer has access with a linksys usb adapter. Can I do something without having access to the router? If I really have to I can probably ask my landlord to do it, but if there's something else I can do I would prefer that.

Here's the log for the gooredfix:

GooredFix by jpshortstuff (03.07.10.1)
Log created at 10:50 on 15/12/2010 (KendraK)
Firefox version 3.6.13 (en-US)

========== GooredScan ==========

Removing Orphan:
"{3D3E8BD6-755B-47CE-BF73-94C18263B97B}"="C:\Users\KendraK\AppData\Local\{3D3E8BD6-755B-47CE-BF73-94C18263B97B}" -> Success!

========== GooredLog ==========

C:\Program Files (x86)\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd} [19:43 11/07/2009]
{AB2CE124-6272-4b12-94A9-7303C7397BD1} [22:47 18/08/2010]
{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} [08:47 16/05/2010]
{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [19:12 26/07/2010]
{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [20:20 07/09/2010]
{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} [19:46 19/10/2010]

C:\Users\KendraK\Application Data\Mozilla\Firefox\Profiles\ykpnaz2x.default\extensions\
ChoiceGuard@Microsoft [01:41 14/07/2009]
firebug@software.joehewitt.com [11:16 30/11/2010]
firediff@johnjbarton.com [07:24 04/12/2010]
{20a82645-c095-46ed-80e3-08825760534b} [03:06 28/04/2010]
{AE93811A-5C9A-4d34-8462-F7B864FC4696} [18:29 15/11/2010]
{ca0849e8-2c76-42ae-9abe-34e14d337acf} [12:10 15/09/2010]
{e4a8a97b-f2ed-450b-b12d-ee082ba24781} [03:06 28/04/2010]

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"{20a82645-c095-46ed-80e3-08825760534b}"="C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\" [04:51 21/08/2009]

-=E.O.F=-

#18 Kenny94

Kenny94

    Malware Fighter

  • Experts
  • PipPipPipPipPipPip
  • 2,655 posts
  • Gender:Male
  • Location:S.C USA
  • Interests:The workings of Apple's tablets and all PC'S

    Computing is not about computers any more. It is about living.
    ~Nicholas Negroponte

Posted 15 December 2010 - 04:37 PM

Your PC is connect to a router, but lets run this tool below:

  • Download ComboFix from below:

    Combofix download


    * IMPORTANT !!! Place combofix.exe on your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.


    You can get help on disabling your protection programs here
  • Double click on combofix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed.

    Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


    Posted Image


    The Windows recovery console will allow you to boot up into a special recovery mode that allows us to help you in the case that your computer has a problem after an attempted removal of malware.

    With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal.

    Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement.

    ComboFix will now automatically install the Microsoft Windows Recovery Console onto your computer, which will show up as a new option when booting up your computer. Do not select the Microsoft Windows Recovery Console option when you start your computer unless requested to by a helper.

    Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see a message that says:

    The Recovery Console was successfully installed.

    Posted Image

    Click on Yes, to continue scanning for malware.
  • Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.
  • When finished, it shall produce a log for you. Post that log in your next reply

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.


    ---------------------------------------------------------------------------------------------
  • Ensure your AntiVirus and AntiSpyware applications are re-enabled.

    ---------------------------------------------------------------------------------------------

My Blog On Malware And Security Tips

My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click the PayPal button Posted Image

#19 AutumnSage

AutumnSage

    New Member

  • Members
  • Pip
  • 12 posts

Posted 15 December 2010 - 10:39 PM

ComboFix 10-12-15.04 - KendraK 12/15/2010 22:27:00.1.8 - x64
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.6134.4054 [GMT -5:00]
Running from: c:\users\KendraK\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {C37D8F93-0602-E43C-40AA-47DAD597F308}
SP: avast! Antivirus *Disabled/Updated* {781C6E77-2038-EBB2-7A1A-7CA8AE10B9B5}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files (x86)\Mozilla Firefox\searchplugins\google_search.xml
c:\users\KendraK\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Registration .LNK
c:\windows\system32\winservice.exe
c:\windows\SysWow64\winservice.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_SCM_Service


((((((((((((((((((((((((( Files Created from 2010-11-16 to 2010-12-16 )))))))))))))))))))))))))))))))
.

2010-12-16 03:30 . 2010-12-16 03:32 -------- d-----w- c:\users\KendraK\AppData\Local\temp
2010-12-16 03:30 . 2010-12-16 03:30 -------- d-----w- c:\users\Guest\AppData\Local\temp
2010-12-16 03:30 . 2010-12-16 03:30 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-12-15 03:12 . 2010-12-15 03:12 -------- d-----w- C:\_OTM
2010-12-14 11:14 . 2010-11-10 05:35 8199504 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{D66CF1B9-EB32-4DC9-88C4-7EAB12C8FF4F}\mpengine.dll
2010-12-12 23:27 . 2010-12-12 23:27 -------- d-----w- c:\program files (x86)\UBISOFT
2010-12-12 23:27 . 2003-11-10 23:14 729088 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iKernel.dll
2010-12-12 23:27 . 2003-11-10 23:13 69715 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\ctor.dll
2010-12-12 23:27 . 2003-11-10 23:12 266240 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iscript.dll
2010-12-12 23:27 . 2003-11-10 23:12 192512 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iuser.dll
2010-12-12 23:27 . 2003-11-10 23:11 5632 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\DotNetInstaller.exe
2010-12-12 23:27 . 2010-12-12 23:27 311428 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\setup.dll
2010-12-12 23:27 . 2010-12-12 23:27 188548 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iGdi.dll
2010-12-12 20:24 . 2010-12-12 20:24 -------- d-----w- c:\users\KendraK\AppData\Roaming\TSRWorkshop
2010-12-12 20:24 . 2010-12-12 20:24 -------- d-----w- c:\users\KendraK\AppData\Local\Ibibi_HB
2010-12-12 20:24 . 2010-12-12 20:24 -------- d-----w- c:\program files (x86)\The Sims Resource
2010-12-12 20:23 . 2009-03-09 20:27 5425496 ----a-w- c:\windows\system32\D3DX9_41.dll
2010-12-12 20:23 . 2009-03-09 20:27 520544 ----a-w- c:\windows\system32\d3dx10_41.dll
2010-12-12 20:23 . 2009-03-09 20:27 453456 ----a-w- c:\windows\SysWow64\d3dx10_41.dll
2010-12-12 20:23 . 2009-03-09 20:27 4178264 ----a-w- c:\windows\SysWow64\D3DX9_41.dll
2010-12-12 20:23 . 2009-03-09 20:27 2430312 ----a-w- c:\windows\system32\D3DCompiler_41.dll
2010-12-12 20:23 . 2009-03-09 20:27 1846632 ----a-w- c:\windows\SysWow64\D3DCompiler_41.dll
2010-12-12 20:23 . 2009-03-16 19:18 73544 ----a-w- c:\windows\system32\XAPOFX1_3.dll
2010-12-12 20:23 . 2009-03-16 19:18 69448 ----a-w- c:\windows\SysWow64\XAPOFX1_3.dll
2010-12-12 20:23 . 2009-03-16 19:18 521560 ----a-w- c:\windows\system32\XAudio2_4.dll
2010-12-12 20:23 . 2009-03-16 19:18 517448 ----a-w- c:\windows\SysWow64\XAudio2_4.dll
2010-12-12 20:23 . 2009-03-16 19:18 24920 ----a-w- c:\windows\system32\X3DAudio1_6.dll
2010-12-12 20:23 . 2009-03-16 19:18 22360 ----a-w- c:\windows\SysWow64\X3DAudio1_6.dll
2010-12-10 04:46 . 2010-12-10 04:48 34560 ----a-w- c:\windows\SysWow64\drivers\Normandy.sys
2010-12-06 11:39 . 2010-12-06 11:39 -------- d-----w- c:\program files (x86)\MSXML 4.0
2010-12-05 18:40 . 2010-12-05 18:40 -------- d-----w- c:\program files (x86)\Common Files\HP
2010-12-05 18:40 . 2010-12-05 18:40 -------- d-----w- c:\program files (x86)\Common Files\Hewlett-Packard
2010-12-05 18:39 . 2010-12-05 18:40 -------- d-----w- c:\program files (x86)\HP
2010-12-05 18:22 . 2010-12-05 18:22 -------- d-----w- c:\programdata\HP
2010-11-27 06:40 . 2010-11-27 06:40 -------- d--h--r- c:\users\KendraK\AppData\Roaming\SecuROM
2010-11-27 03:54 . 2010-11-27 03:54 -------- d-----w- c:\users\KendraK\AppData\Local\Electronic Arts
2010-11-21 19:29 . 2000-01-04 11:39 212992 ----a-w- c:\program files (x86)\Common Files\InstallShield\Engine\6\Intel 32\ILog.dll
2010-11-21 19:28 . 1999-04-02 21:37 33792 ----a-r- c:\windows\NPSExec.exe
2010-11-21 19:28 . 1997-01-23 03:26 565760 ----a-r- c:\windows\SysWow64\MSVCP50.DLL
2010-11-21 19:27 . 2010-11-21 19:27 -------- d-----w- c:\program files (x86)\Maxis
2010-11-21 19:26 . 1998-10-29 22:45 306688 ----a-w- c:\windows\IsUninst.exe
2010-11-21 03:18 . 2010-11-21 03:18 -------- d-----w- c:\program files (x86)\Microsoft Games

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-11-29 22:42 . 2010-08-04 16:18 38224 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
2010-11-29 22:42 . 2010-08-04 16:18 24152 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-10-19 15:41 . 2009-10-02 17:06 270720 ------w- c:\windows\system32\MpSigStub.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files (x86)\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 138240]
"SansaDispatch"="c:\users\KendraK\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe" [2010-06-15 79872]
"Steam"="c:\program files (x86)\Steam\Steam.exe" [2010-11-17 1242448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-05-20 98304]
"EEventManager"="c:\program files (x86)\EPSON\Creativity Suite\Event Manager\EEventManager.exe" [2006-10-12 102400]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2010-09-16 1164584]

c:\users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.1.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2009-12-15 384000]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-08-18 136176]
R3 FXDrv32;FXDrv32;D:\FXDrv64.sys [x]
R3 Normandy;Normandy SR2; [x]
R3 RTL8187;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter Vista Driver;c:\windows\system32\DRIVERS\wg111v2.sys [2007-02-12 243200]
R3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\DRIVERS\wacmoumonitor.sys [2008-10-06 18216]
S0 CLBStor;CLBStor;c:\windows\system32\DRIVERS\CLBStor.sys [2007-06-04 24824]
S0 SCMNdisP;General NDIS Protocol Driver;c:\windows\system32\DRIVERS\scmndisp.sys [2007-01-18 25312]
S1 aswSP;aswSP; [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-05-16 203264]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-09-07 61008]
S2 CLBUDF;CyberLink InstantBurn UDF Filesystem; [x]
S2 TabletServicePen;TabletServicePen;c:\windows\system32\Pen_Tablet.exe [2008-12-11 3589416]
S3 AE1000;Linksys AE1000 Driver;c:\windows\system32\DRIVERS\ae1000va.sys [2009-12-15 975360]

.
Contents of the 'Scheduled Tasks' folder

2010-12-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-08-18 22:48]

2010-12-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-08-18 22:48]
.

--------- x86-64 -----------


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="%ProgramFiles%\Windows Defender\MSASCui.exe -hide" [X]
"combofix"="c:\combofix\CF13608.cfxxe" [X]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-01-06 6962720]
"Skytel"="c:\program files\Realtek\Audio\HDA\Skytel.exe" [2009-01-06 1833504]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyServer = http=127.0.0.1:6522
uInternet Settings,ProxyOverride = <local>
FF - ProfilePath - c:\users\KendraK\AppData\Roaming\Mozilla\Firefox\Profiles\ykpnaz2x.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://www.comcast.net?cid=NET_mmhpset
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Skype extension for Firefox: {AB2CE124-6272-4b12-94A9-7303C7397BD1} - c:\program files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Firebug: firebug@software.joehewitt.com - %profile%\extensions\firebug@software.joehewitt.com
FF - Ext: FireDiff: firediff@johnjbarton.com - %profile%\extensions\firediff@johnjbarton.com
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: StumbleUpon: {AE93811A-5C9A-4d34-8462-F7B864FC4696} - %profile%\extensions\{AE93811A-5C9A-4d34-8462-F7B864FC4696}
FF - Ext: Greasemonkey: {e4a8a97b-f2ed-450b-b12d-ee082ba24781} - %profile%\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Move Media Player: moveplayer@movenetworks.com - c:\users\KendraK\AppData\Roaming\Move Networks
.
- - - - ORPHANS REMOVED - - - -

AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe



[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{95808DC4-FA4A-4C74-92FE-5B863F82066B}]
"ImagePath"="\??\c:\program files (x86)\CyberLink\PowerDVD\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-2578213017-2398785691-471477793-1000\Software\SecuROM\License information*]
"datasecu"=hex:49,a8,4a,f4,36,1c,a7,cc,9b,c2,43,8d,34,c4,83,e8,cd,38,67,8d,69,
73,1e,b9,e3,96,6e,23,30,9d,56,ac,ea,39,33,19,aa,f8,d0,40,46,d9,fc,f8,6d,df,\
"rkeysecu"=hex:b3,e6,29,bd,15,44,c1,1d,c2,1b,e4,fd,8a,c9,07,4a

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash9f.ocx"
"ThreadingModel"="Apartment"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.9"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash9f.ocx, 1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash9f.ocx"
"ThreadingModel"="Apartment"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash9f.ocx, 1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D4304BCF-B8E9-4B35-BEA0-DC5B522670C2}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil9f.exe,-101"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D4304BCF-B8E9-4B35-BEA0-DC5B522670C2}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D4304BCF-B8E9-4B35-BEA0-DC5B522670C2}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil9f.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D4304BCF-B8E9-4B35-BEA0-DC5B522670C2}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}]
@Denied: (A 2) (Everyone)
@="IFlashBroker"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}\ProxyStubClsid]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\program files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
.
**************************************************************************
.
Completion time: 2010-12-15 22:36:12 - machine was rebooted
ComboFix-quarantined-files.txt 2010-12-16 03:36

Pre-Run: 139,802,472,448 bytes free
Post-Run: 139,456,745,472 bytes free

Current=1 Default=1 Failed=0 LastKnownGood=10 Sets=1,2,3,4,5,6,7,8,9,10
- - End Of File - - 4F82B8C9011E15FCD58388051E7185D5

#20 Kenny94

Kenny94

    Malware Fighter

  • Experts
  • PipPipPipPipPipPip
  • 2,655 posts
  • Gender:Male
  • Location:S.C USA
  • Interests:The workings of Apple's tablets and all PC'S

    Computing is not about computers any more. It is about living.
    ~Nicholas Negroponte

Posted 16 December 2010 - 09:40 AM

How is your PC?


  • Close any open browsers.
  • Open Notepad by click start
  • Click Run
  • Type notepad into the box and click enter
  • Notepad will open
  • Copy and Paste everything from the Code box into Notepad:
KILLALL::

DDS::
uInternet Settings,ProxyServer = http=127.0.0.1:6522
uInternet Settings,ProxyOverride = <local>

Save the file to your desktop and name it CFScript.txt

Then drag the CFScript.txt into the ComboFix.exe as shown in the screenshot below.


Posted Image


This will start ComboFix again. It may ask to reboot. Post the contents of Combofix.txt in your next reply
My Blog On Malware And Security Tips

My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click the PayPal button Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users