Jump to content
Sign in to follow this  
cutloop

Vista Internet Security 2012

Recommended Posts

Malwarebytes got rid of it, need to know if Im still clean

 

Malwarebytes' Anti-Malware 1.51.1.1800

www.malwarebytes.org

 

Database version: 7285

 

Windows 6.0.6001 Service Pack 1 (Safe Mode)

Internet Explorer 7.0.6001.18000

 

8/11/2011 10:46:40 AM

mbam-log-2011-08-11 (10-46-40).txt

 

Scan type: Quick scan

Objects scanned: 168789

Time elapsed: 1 minute(s), 19 second(s)

 

Memory Processes Infected: 1

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 2

Registry Data Items Infected: 4

Folders Infected: 0

Files Infected: 3

 

Memory Processes Infected:

c:\Users\richie\AppData\Local\mkf.exe (Trojan.FakeAlert) -> 1720 -> Unloaded process successfully.

 

Memory Modules Infected:

(No malicious items detected)

 

Registry Keys Infected:

(No malicious items detected)

 

Registry Values Infected:

HKEY_CLASSES_ROOT\.exe\shell\open\command\(default) (Hijack.ExeFile) -> Value: (default) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\1781436141 (Trojan.FakeAlert) -> Value: 1781436141 -> Quarantined and deleted successfully.

 

Registry Data Items Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Users\richie\AppData\Local\mkf.exe" -a " "C:\Program Files (x86)\Mozilla Firefox\firefox.exe"") Good: (firefox.exe) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Users\richie\AppData\Local\mkf.exe" -a " "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -safe-mode") Good: (firefox.exe -safe-mode) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Users\richie\AppData\Local\mkf.exe" -a " "C:\Program Files (x86)\Int"") Good: (iexplore.exe) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\exefile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: ("C:\Users\richie\AppData\Local\mkf.exe" -a "%1" %*) Good: ("%1" %*) -> Quarantined and deleted successfully.

 

Folders Infected:

(No malicious items detected)

 

Files Infected:

c:\Users\richie\AppData\Local\Temp\EB8C.tmp (Heuristics.Shuriken) -> Quarantined and deleted successfully.

c:\Users\richie\AppData\Local\Temp\0.7919489802638516.exe (Exploit.Drop.2) -> Quarantined and deleted successfully.

c:\Users\richie\AppData\Local\mkf.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

 

Here's my hijackthis scan

 

Logfile of HijackThis v1.99.1

Scan saved at 11:04:36 AM, on 8/11/2011

Platform: Unknown Windows (WinNT 6.00.1905 SP1)

MSIE: Internet Explorer v7.00 (7.00.6001.18498)

 

Running processes:

C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe

C:\Program Files (x86)\DivX\DivX Plus Web Player\DDMService.exe

C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe

C:\Program Files (x86)\QuickTime\QTTask.exe

C:\Program Files (x86)\Yahoo!\Messenger\ymsgr_tray.exe

C:\Users\richie\Desktop\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USCON/1

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USCON/1

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer provided by Dell

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

R3 - URLSearchHook: (no name) - - (no file)

O1 - Hosts: ::1 localhost

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll

O2 - BHO: Use the DivX Plus Web Player to watch web videos with less interruptions and smoother playback on supported sites - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll

O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [Monitor] "C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe"

O4 - HKLM\..\Run: [DivX Download Manager] "C:\Program Files (x86)\DivX\DivX Plus Web Player\DDmService.exe" start

O4 - HKLM\..\Run: [Conime] %windir%\system32\conime.exe

O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [smcService] C:\PROGRA~2\Sygate\SPF\smc.exe -startgui

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe

O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~2\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet

O4 - HKCU\..\Run: [DriverFinder] C:\Program Files (x86)\DriverFinder\DriverFinder.exe

O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe

O4 - HKCU\..\Run: [cdloader] "C:\Users\richie\AppData\Roaming\mjusbsp\cdloader2.exe" MAGICJACK

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program Files (x86)\SUPERAntiSpyware\SUPERAntiSpyware.exe

O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files (x86)\Bonjour\ExplorerPlugin.dll

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll

O9 - Extra button: @C:\Program Files (x86)\Freemake\Freemake Video Converter\BrowserPlugin\IE\IEPluginConverter.dll,-4 - {A41DDBD0-6B95-466a-8FEA-6E2A68CFF357} - C:\Program Files (x86)\Freemake\Freemake Video Converter\BrowserPlugin\IE\IEPluginConverter.dll (HKCU)

O9 - Extra 'Tools' menuitem: Freemake Video Converter - {A41DDBD0-6B95-466a-8FEA-6E2A68CFF357} - C:\Program Files (x86)\Freemake\Freemake Video Converter\BrowserPlugin\IE\IEPluginConverter.dll (HKCU)

O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll

O11 - Options group: [iNTERNATIONAL] International*

O13 - Gopher Prefix:

O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://pcpitstop.com/betapit/PCPitStop.CAB

O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,5751/mcfscan.cab

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WI1F86~1\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WI1F86~1\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files (x86)\Windows Live\Mail\mailcomm.dll

O20 - Winlogon Notify: !SASWinLogon - C:\Program Files (x86)\SUPERAntiSpyware\SASWINLO.dll

O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe

O23 - Service: Andrea RT Filters Service (AERTFilters) - Unknown owner - C:\Windows\system32\AERTSr64.exe (file missing)

O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)

O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe

O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)

O23 - Service: Dock Login Service (DockLoginService) - Stardock Corporation - C:\Program Files\Dell\DellDock\DockLogin.exe

O23 - Service: @%SystemRoot%\ehome\ehstart.dll,-101 (ehstart) - Unknown owner - %windir%\system32\svchost.exe (file missing)

O23 - Service: Advanced Networking Service (hnmsvc) - Dell Inc. - c:\ProgramData\SingleClick Systems\Advanced Networking Service\hnm_svc.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: IviRegMgr - InterVideo - C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: Kodak AiO Network Discovery Service - Eastman Kodak Company - C:\Program Files (x86)\Kodak\AiO\Center\ekdiscovery.exe

O23 - Service: LeapFrog Connect Device Service - LeapFrog Enterprises, Inc. - C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)

O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing)

O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)

O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe

O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing)

O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)

O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files (x86)\Sygate\SPF\smc.exe

O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)

O23 - Service: Print Spooler (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)

O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe

O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)

O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %ProgramFiles%\Windows Media Player\wmpnetwk.exe (file missing)

Share this post


Link to post
Share on other sites

cutloop,

 

Will be checking the info posted and will get back to you a little later...

 

Thank you for your patience.

 

 

In the meantime, are you having any problems when you launch an executable file (ending in .exe)?

Edited by Aaflac

Share this post


Link to post
Share on other sites

Don't think so..I was in a hurry when i posted my log above, this is the fourth time ive got this.I get rid of it and about 2-3 days later of internet surfing i keep getting it back. Thanks

Share this post


Link to post
Share on other sites

cutloop,

 

Not interested in your coming back with this malware in a few days...nothing personal!! :lol:

 

Do you have an AntiVirus program installed?

 

 

Please do the following:

 

Download ComboFix:

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

 

Save ComboFix.exe to your Desktop!!

 

Make sure you temporarily disable your AntiVirus, Firewall, and any other AntiSpyware applications, usually via a right clicking on the System Tray icon. They may interfere with the running of CF.

 

Note: If you are having difficulty properly disabling your protective programs, or are unsure as to what programs need to be disabled, please refer to the information available through this link:

http://www.bleepingcomputer.com/forums/topic114351.html

 

 

Right-click on ComboFix.exe and select 'Run as Administrator' to run the program.

 

Since you are running Windows Vista, do not install the Recovery Console if presented with the option.

 

Click on Yes, to continue scanning for malware.

 

When finished, CF produces a report.

 

Please provide a copy of the C:\ComboFix.txt in your reply.

 

 

Notes:

 

1.Do not mouse-click the ComboFix window while it is running.

This action may cause it to stall.

 

2. ComboFix may reset a number of Internet Explorer's settings, including making IE the default browser.

 

3. CF disconnects your machine from the internet. However, the connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

Edited by Aaflac

Share this post


Link to post
Share on other sites

Ran Combofix and it restarted my pc, but i had some error messages

During the scan

Pev.cfxxe has stopped working

hide.cfxxe has stopped working

Sed.cfxxe has stopped working

grep.cfxxe has stopped working

After restart

grep.cfxxe has stopped working

pev.cfxxe has stopped working

Freeware implementation of REG.EXE has stopped working

 

ComboFix 11-08-11.03 - richie 08/11/2011 22:31:17.1.2 - x64

Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.4084.2595 [GMT -4:00]

Running from: c:\users\richie\Desktop\ComboFix.exe

AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}

SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\users\richie\AppData\Local\absc.exe

c:\users\richie\AppData\Local\fdqa.exe

c:\users\richie\AppData\Local\fuvv.exe

c:\users\richie\AppData\Local\gblt.exe

c:\users\richie\AppData\Local\hejf.exe

c:\users\richie\AppData\Local\hisw.exe

c:\users\richie\AppData\Local\jwxa.exe

c:\users\richie\AppData\Local\llnx.exe

c:\users\richie\AppData\Local\mwog.exe

c:\users\richie\AppData\Local\mxjq.exe

c:\users\richie\AppData\Local\oril.exe

c:\users\richie\AppData\Local\owrh.exe

c:\users\richie\AppData\Local\oxqj.exe

c:\users\richie\AppData\Local\qutm.exe

c:\users\richie\AppData\Local\terl.exe

c:\users\richie\AppData\Local\wexa.exe

c:\users\richie\AppData\Roaming\inst.exe

c:\users\richie\AppData\Roaming\Local

c:\users\richie\AppData\Roaming\Local\Temp\DDM\Settings\.ddr

c:\users\richie\AppData\Roaming\Local\Temp\DDM\Settings\0.ddi

c:\users\richie\AppData\Roaming\Local\Temp\DDM\Settings\1.ddi

c:\users\richie\AppData\Roaming\Local\Temp\DDM\Settings\Post_Install_RB_HiQ_en.divx(2).ddr

c:\users\richie\AppData\Roaming\Local\Temp\DDM\Settings\Post_Install_RB_HiQ_en.divx.ddr

c:\users\richie\AppData\Roaming\Local\Temp\DDM\Settings\settings.ddi

c:\users\richie\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\.ddp

c:\users\richie\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\Post_Install_RB_HiQ_en(2).divx

c:\users\richie\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\Post_Install_RB_HiQ_en.divx

c:\users\richie\AppData\Roaming\Microsoft\Windows\Templates\7f2adw3360bh8j3738lxdne7dlx6740362356

c:\windows\SysWow64\CTF

c:\windows\SysWow64\CTF\uninstall.exe

.

.

((((((((((((((((((((((((( Files Created from 2011-07-12 to 2011-08-12 )))))))))))))))))))))))))))))))

.

.

2011-08-12 02:40 . 2011-08-12 02:42 -------- d-----w- c:\users\richie\AppData\Local\temp

2011-08-12 02:40 . 2011-08-12 02:40 -------- d-----w- c:\users\Default\AppData\Local\temp

2011-08-12 01:04 . 2011-08-12 01:04 -------- d-----w- c:\users\richie\AppData\Local\Opera

2011-08-12 01:04 . 2011-08-12 01:04 -------- d-----w- c:\program files (x86)\Opera

2011-08-11 13:57 . 2011-08-11 13:57 0 ----a-w- c:\programdata\stnj.exe

2011-08-11 13:57 . 2011-08-11 13:57 0 ----a-w- c:\programdata\ijpj.exe

2011-08-11 13:57 . 2011-08-11 13:57 0 ----a-w- c:\programdata\gmfj.exe

2011-08-11 13:57 . 2011-08-11 13:57 0 ----a-w- c:\programdata\dnof.exe

2011-08-11 03:30 . 2011-08-11 03:30 -------- d-----w- c:\programdata\Freemake

2011-08-11 00:27 . 2011-07-13 04:53 8578896 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{04A77B34-0F73-4861-9837-3AB4DEFF9DF0}\mpengine.dll

2011-08-04 20:58 . 2011-08-04 20:58 -------- d-----w- c:\windows\F34D9A5F484A4E31A9D3908CB265B289.TMP

2011-08-04 20:49 . 2004-08-10 21:05 14240 ----a-w- c:\windows\SysWow64\drivers\wg6n.sys

2011-08-04 20:49 . 2004-08-10 21:05 14240 ----a-w- c:\windows\SysWow64\drivers\wg5n.sys

2011-08-04 20:49 . 2004-08-10 21:05 14240 ----a-w- c:\windows\SysWow64\drivers\wg4n.sys

2011-08-04 20:49 . 2004-08-10 21:05 14240 ----a-w- c:\windows\SysWow64\drivers\wg3n.sys

2011-08-04 20:49 . 2004-08-10 20:51 59984 ----a-w- c:\windows\SysWow64\drivers\Teefer.sys

2011-08-04 20:49 . 2004-08-10 20:53 21075 ----a-w- c:\windows\SysWow64\drivers\wpsdrvnt.sys

2011-08-04 20:48 . 2004-08-10 21:05 83096 ----a-w- c:\windows\SysWow64\SSSensor.dll

2011-08-04 20:48 . 2011-08-04 20:48 -------- d-----w- c:\program files (x86)\Sygate

2011-07-31 08:26 . 2011-07-31 08:26 0 ----a-w- c:\programdata\wils.exe

2011-07-31 08:26 . 2011-07-31 08:26 0 ----a-w- c:\programdata\nbej.exe

2011-07-31 08:26 . 2011-07-31 08:26 0 ----a-w- c:\programdata\gobs.exe

2011-07-31 08:26 . 2011-07-31 08:26 0 ----a-w- c:\programdata\edwa.exe

2011-07-28 19:29 . 2011-07-28 19:29 0 ----a-w- c:\programdata\qxjt.exe

2011-07-28 19:29 . 2011-07-28 19:29 0 ----a-w- c:\programdata\mqdb.exe

2011-07-28 19:29 . 2011-07-28 19:29 0 ----a-w- c:\programdata\kpno.exe

2011-07-28 19:29 . 2011-07-28 19:29 0 ----a-w- c:\programdata\elmo.exe

2011-07-26 17:53 . 2011-07-26 17:53 0 ----a-w- c:\programdata\tklb.exe

2011-07-26 17:53 . 2011-07-26 17:53 0 ----a-w- c:\programdata\hhlg.exe

2011-07-26 17:53 . 2011-07-26 17:53 0 ----a-w- c:\programdata\dych.exe

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-07-13 04:53 . 2009-11-23 16:38 8578896 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2011-07-06 23:52 . 2009-07-16 13:59 25912 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-07-06 23:52 . 2009-03-11 00:16 41272 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-21 1555968]

"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 138240]

"cdloader"="c:\users\richie\AppData\Roaming\mjusbsp\cdloader2.exe" [2011-05-16 50592]

"SUPERAntiSpyware"="c:\program files (x86)\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-10-13 2000112]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-06-08 37296]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]

"Monitor"="c:\program files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe" [2010-11-19 193880]

"DivX Download Manager"="c:\program files (x86)\DivX\DivX Plus Web Player\DDmService.exe" [2010-12-08 63360]

"Conime"="c:\windows\system32\conime.exe" [2008-01-21 69120]

"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-03-21 1230704]

"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888]

"SmcService"="c:\progra~2\Sygate\SPF\smc.exe" [2004-08-13 2532576]

.

c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2008-9-24 1295656]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

.

[hkey_local_machine\software\Wow6432Node\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files (x86)\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

2009-09-03 19:21 548352 ----a-w- c:\program files (x86)\SUPERAntiSpyware\SASWINLO.dll

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

.

R1 SASDIFSV;SASDIFSV;c:\program files (x86)\SUPERAntiSpyware\SASDIFSV.SYS [2009-10-13 9968]

R1 SASKUTIL;SASKUTIL;c:\program files (x86)\SUPERAntiSpyware\SASKUTIL.sys [2009-10-13 74480]

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R3 Leapfrog-USBLAN;Leapfrog-USBLAN;c:\windows\system32\DRIVERS\btblan.sys [x]

R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [x]

R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]

R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2010-11-11 282616]

R3 pbfilter;pbfilter;c:\program files\PeerBlock\pbfilter.sys [2010-11-07 24176]

R3 SASENUM;SASENUM;c:\program files (x86)\SUPERAntiSpyware\SASENUM.SYS [2009-10-13 7408]

R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 1020768]

S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]

S2 AERTFilters;Andrea RT Filters Service;c:\windows\system32\AERTSr64.exe [x]

S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2008-09-24 155648]

S2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;c:\program files (x86)\Kodak\AiO\Center\ekdiscovery.exe [2010-09-13 308656]

S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]

.

.

.

--------- x86-64 -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RtHDVCpl"="RAVCpl64.exe" [2008-07-28 6431232]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-09-17 151064]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-09-17 208920]

"Persistence"="c:\windows\system32\igfxpers.exe" [2008-09-17 176152]

"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2010-11-30 1436224]

"EKIJ5000StatusMonitor"="c:\windows\system32\spool\DRIVERS\x64\3\EKIJ5000MUI.exe" [2010-09-02 2045440]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"LoadAppInit_DLLs"=0x0

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = hxxp://my.yahoo.com/

mLocal Page = %SystemRoot%\system32\blank.htm

TCP: DhcpNameServer = 192.168.0.1

CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll

FF - ProfilePath - c:\users\richie\AppData\Roaming\Mozilla\Firefox\Profiles\3zfettwr.default\

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - hxxp://my.yahoo.com/

FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q=

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension

FF - Ext: DivX Plus Web Player HTML5 <video>: {23fcfd51-4958-4f00-80a3-ae97e717ed8b} - c:\program files (x86)\DivX\DivX Plus Web Player\firefox\html5video

FF - Ext: DivX HiQ: {6904342A-8307-11DF-A508-4AE2DFD72085} - c:\program files (x86)\DivX\DivX Plus Web Player\firefox\wpa

FF - Ext: Freemake Video Converter Plugin: [email protected] - c:\program files (x86)\Freemake\Freemake Video Converter\BrowserPlugin\Firefox

FF - Ext: Yahoo! Toolbar: {635abd67-4fe9-1b23-4f01-e679fa7484c1} - %profile%\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}

FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}

FF - user.js: yahoo.homepage.dontask - true

.

- - - - ORPHANS REMOVED - - - -

.

Wow6432Node-HKCU-Run-DriverFinder - c:\program files (x86)\DriverFinder\DriverFinder.exe

Wow6432Node-HKCU-Run-WMPNSCFG - c:\program files (x86)\Windows Media Player\WMPNSCFG.exe

HKLM-Run-(Default) - (no file)

AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe

AddRemove-{8ADFC4160D694100B5B8A22DE9DCABD9} - c:\program files (x86)\DivX\DivXPlayerUninstall.exe

.

.

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\vsdatant]

"ImagePath"=""

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10a.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\LocalServer32]

@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10a.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10a.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.10"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10a.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10a.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10a.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}]

@Denied: (A 2) (Everyone)

@="IFlashBroker2"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]

@Denied: (A 2) (Everyone)

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]

@="Shockwave Flash"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]

@Denied: (A 2) (Everyone)

@=""

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]

@="FlashBroker"

.

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Classes]

"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,

00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\

.

------------------------ Other Running Processes ------------------------

.

c:\program files (x86)\Sygate\SPF\smc.exe

c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe

c:\program files (x86)\Bonjour\mDNSResponder.exe

c:\programdata\SingleClick Systems\Advanced Networking Service\hnm_svc.exe

c:\program files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe

c:\program files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe

c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

c:\program files (x86)\Yahoo!\Messenger\ymsgr_tray.exe

.

**************************************************************************

.

Completion time: 2011-08-11 22:53:08 - machine was rebooted

ComboFix-quarantined-files.txt 2011-08-12 02:53

.

Pre-Run: 158,126,481,408 bytes free

Post-Run: 158,032,404,480 bytes free

.

- - End Of File - - 475059FAAB725638D686C2F2EC38BCE3

Share this post


Link to post
Share on other sites

Looks as if ComboFix met some resistance with some program's interference.

 

Continue to disable your AntiVirus program and any AntiSpyware programs while performing the scan. It will preclude conflicts, and will speed up scan time.

However, don't go surfing while your protection is disabled! Once we are done running some programs, you can re-enable protection.

 

Now, let's run an ESET Online Scanner:

 

Since you are using Windows Vista to perform this scan, go to Start button, look for the browser icon, right-click it and select: 'Run as administrator.

 

In the browser address bar, copy paste the following:

http://www.eset.com/us/online-scanner
Press the ESET Online Scanner button
  • In the prompt that appears, check 'Yes' to Accept Terms of Use, and click the 'Start' button
  • Allow the ActiveX to download, and click: 'Install'
  • In the next screen, make sure the option Remove found threats is unchecked, and press the Start button again.
  • ESET downloads its updates, installs, and begins scanning your computer. Scan Screenshots
  • When the scan is done, press Posted Image
  • Press Posted Image, and save the file to your desktop as: ESET Scan.
  • Push the Posted Image button.
  • Push Posted Image

Please provide the contents of this report in your reply.

Edited by Aaflac

Share this post


Link to post
Share on other sites

C:\Program Files (x86)\SlySoft\AnyDVD\Keygen_and_Patch.exe a variant of Win32/Keygen.AE application

C:\Users\richie\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\25\d26dc99-48b9a224 a variant of Win32/Kryptik.RMO trojan

C:\Users\richie\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\45\420eb72d-5c9e356e a variant of Win32/Kryptik.REU trojan

 

 

 

[email protected] as downloader log:

all ok

# version=7

# OnlineScannerApp.exe=1.0.0.1

# OnlineScanner.ocx=1.0.0.6528

# api_version=3.0.2

# EOSSerial=273301be4e5f514cba1a21a150b9561b

# end=finished

# remove_checked=false

# archives_checked=true

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2011-08-12 08:08:32

# local_time=2011-08-12 04:08:32 (-0500, Eastern Daylight Time)

# country="United States"

# lang=1033

# osver=6.0.6001 NT Service Pack 1

# compatibility_mode=768 16777215 100 0 74912624 74912624 0 0

# compatibility_mode=5892 16776574 100 95 111369825 149775100 0 0

# compatibility_mode=8192 67108863 100 0 0 0 0 0

# scanned=184914

# found=3

# cleaned=0

# scan_time=3317

C:\Program Files (x86)\SlySoft\AnyDVD\Keygen_and_Patch.exe a variant of Win32/Keygen.AE application (unable to clean) 00000000000000000000000000000000 I

C:\Users\richie\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\25\d26dc99-48b9a224 a variant of Win32/Kryptik.RMO trojan (unable to clean) 00000000000000000000000000000000 I

C:\Users\richie\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\45\420eb72d-5c9e356e a variant of Win32/Kryptik.REU trojan (unable to clean) 00000000000000000000000000000000 I

Edited by cutloop

Share this post


Link to post
Share on other sites

You have an illegal program installed:

C:\Program Files (x86)\SlySoft\AnyDVD\Keygen_and_Patch.exe

 

Great way of acquiring malware on your computer!

 

 

Let's see what the following Kaspersky tool can remove...

 

Please download the Kaspersky Virus Removal Tool

 

The Kaspersky Virus Removal Tool 2011 does not require installation. You can launch the program from any drive, for example form a removable drive. In order to launch the program, perform the following actions:

 

Download the program distributive.

 

Click on 'Run' in the download prompt: setup_<build_number>_<date>_<time>.exe (example setup_9.0.0.722_22.01.2010_10-04.exe)

 

Wait till the program unpacks its temporary files.

 

In the lower part of the welcome window select the required language to use during the installation.

 

Read the license agreement and check the 'I accept the license agreement' option.

 

Click: Start

 

~~~~

In the 'Automatic Scan' tab, click the 'Settings' gear (right top)

Under 'Scan Scope', select your C:\ drive

 

Click the 'Start Scanning' button to launch the application.

 

When the scan is finished, click on: 'Reports' icon (next to the gear icon)

 

Select: 'Automatic Scan Report'

 

Click on 'Save', and save to the Desktop

 

Please provide the Kaspersky Virus Removal Tool report in your reply.

Share this post


Link to post
Share on other sites

I had no idea that was on my system. I tried to find it and could not..

I have a good idea who might have done it, and deleted it thats why i cant find it.

 

I ran the Kaspersky tool and it deleted some stuff but i closed it out by mistake

and now the report is gone.. seen something about a rootkit during the scan, thats all i remember sorry, what now???

Share this post


Link to post
Share on other sites

Let's see if a RootKit is detected, and hiding somewhere in your system...

 

Please download GMER:

http://gmer.net/download.php

[Downloads a randomly named file. (Recommended)]

 

Close all running programs, and temporarily disable any real-time protection so your security programs do not conflict with gmer's driver. Info:

http://www.bleepingcomputer.com/forums/topic114351.html

 

Double-click on the randomly named GMER file (i.e. n7gmo46c.exe)

Allow the gmer.sys driver to load...

 

GMER opens to the Rootkit/Malware tab and performs an automatic quick scan when first run. (Please do not use the computer while the scan is in progress.)

 

If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO

 

Now, click the >Scan< button.

If you see a rootkit warning window, click OK.

 

When the scan finishes, click the 'Save...' button to save the scan results to your Desktop.

Save the file as >gmer.log<

 

>>Click the Copy button and Paste the results of the GMER log in your reply.<<

 

Note: Please, do not take action on any of the information on the GMER report!!

 

If you encounter any problems, try running GMER in Safe Mode:

http://www.computerhope.com/issues/chsafe.htm

 

If GMER crashes or keeps resulting in a BSODs, uncheck 'Devices' (on the right side) before scanning.

 

 

 

Next, download TDSSKiller

http://support.kaspersky.com/downloads/utils/tdsskiller.exe

 

 

Execute TDSSKiller.exe by double-clicking on it.

 

Click: ‘Start Scan’

 

If Malicious objects are found, DO NOT allow the tool to Cure.

Click the arrow next to 'Cure' and select Skip

We need to see the report first, as it may show false detections!!

 

Click Continue.

 

When the tool is done, a log is produced at the root drive which is typically C:\

For example, C:\TDSSKiller.2.4.0.0_24.07.2010_13.10.52_log.txt

 

Please post the TDSSKiller log in your reply.

Share this post


Link to post
Share on other sites

GMER 1.0.15.15641 - http://www.gmer.net

Rootkit scan 2011-08-15 10:03:59

Windows 6.0.6001 Service Pack 1

Running: 8813xtzg.exe

 

 

---- Registry - GMER 1.0.15 ----

 

Reg HKCU\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\[email protected]:\Users\richie\Downloads\Real.Spy.Monitor.v2.89.WinAll.Incl.Keygen [swadesh_code4u]\x2122\NewSpy.exe 1

Reg HKCU\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\[email protected]:\Program Files (x86)\PlayFirst\Daycare Nightmare\x2122 - mini-monsters\x2122\Uninstall.exe 1

 

---- EOF - GMER 1.0.15 ----

 

2011/08/15 10:11:24.0603 4152 TDSS rootkit removing tool 2.5.15.0 Aug 11 2011 16:32:13

2011/08/15 10:11:25.0242 4152 ================================================================================

2011/08/15 10:11:25.0242 4152 SystemInfo:

2011/08/15 10:11:25.0242 4152

2011/08/15 10:11:25.0242 4152 OS Version: 6.0.6001 ServicePack: 1.0

2011/08/15 10:11:25.0242 4152 Product type: Workstation

2011/08/15 10:11:25.0242 4152 ComputerName: RICHIE-PC

2011/08/15 10:11:25.0242 4152 UserName: richie

2011/08/15 10:11:25.0242 4152 Windows directory: C:\Windows

2011/08/15 10:11:25.0242 4152 System windows directory: C:\Windows

2011/08/15 10:11:25.0242 4152 Running under WOW64

2011/08/15 10:11:25.0242 4152 Processor architecture: Intel x64

2011/08/15 10:11:25.0242 4152 Number of processors: 2

2011/08/15 10:11:25.0242 4152 Page size: 0x1000

2011/08/15 10:11:25.0242 4152 Boot type: Normal boot

2011/08/15 10:11:25.0242 4152 ================================================================================

2011/08/15 10:11:26.0303 4152 Initialize success

2011/08/15 10:11:29.0953 3208 ================================================================================

2011/08/15 10:11:29.0953 3208 Scan started

2011/08/15 10:11:29.0953 3208 Mode: Manual;

2011/08/15 10:11:29.0953 3208 ================================================================================

2011/08/15 10:11:30.0562 3208 ACPI (375243251c24028da6c9761645b43f21) C:\Windows\system32\drivers\acpi.sys

2011/08/15 10:11:30.0609 3208 adp94xx (f14215e37cf124104575073f782111d2) C:\Windows\system32\drivers\adp94xx.sys

2011/08/15 10:11:30.0640 3208 adpahci (7d05a75e3066861a6610f7ee04ff085c) C:\Windows\system32\drivers\adpahci.sys

2011/08/15 10:11:30.0671 3208 adpu160m (820a201fe08a0c345b3bedbc30e1a77c) C:\Windows\system32\drivers\adpu160m.sys

2011/08/15 10:11:30.0718 3208 adpu320 (9b4ab6854559dc168fbb4c24fc52e794) C:\Windows\system32\drivers\adpu320.sys

2011/08/15 10:11:30.0780 3208 AFD (db37041ab857abc7e179e856d8e1582c) C:\Windows\system32\drivers\afd.sys

2011/08/15 10:11:30.0811 3208 agp440 (f6f6793b7f17b550ecfdbd3b229173f7) C:\Windows\system32\drivers\agp440.sys

2011/08/15 10:11:30.0858 3208 aic78xx (222cb641b4b8a1d1126f8033f9fd6a00) C:\Windows\system32\drivers\djsvs.sys

2011/08/15 10:11:30.0905 3208 aliide (9544c2c55541c0c6bfd7b489d0e7d430) C:\Windows\system32\drivers\aliide.sys

2011/08/15 10:11:30.0936 3208 amdide (970fa5059e61e30d25307b99903e991e) C:\Windows\system32\drivers\amdide.sys

2011/08/15 10:11:30.0967 3208 AmdK8 (cdc3632a3a5ea4dbb83e46076a3165a1) C:\Windows\system32\drivers\amdk8.sys

2011/08/15 10:11:31.0030 3208 arc (ba8417d4765f3988ff921f30f630e303) C:\Windows\system32\drivers\arc.sys

2011/08/15 10:11:31.0061 3208 arcsas (9d41c435619733b34cc16a511e644b11) C:\Windows\system32\drivers\arcsas.sys

2011/08/15 10:11:31.0092 3208 AsyncMac (22d13ff3dafec2a80634752b1eaa2de6) C:\Windows\system32\DRIVERS\asyncmac.sys

2011/08/15 10:11:31.0123 3208 atapi (f988bb0690cd660318037908e9b8dbf7) C:\Windows\system32\drivers\atapi.sys

2011/08/15 10:11:31.0186 3208 blbdrive (79feeb40056683f8f61398d81dda65d2) C:\Windows\system32\drivers\blbdrive.sys

2011/08/15 10:11:31.0217 3208 bowser (8b2b19031d0aeade6e1b933df1acba7e) C:\Windows\system32\DRIVERS\bowser.sys

2011/08/15 10:11:31.0279 3208 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\brfiltlo.sys

2011/08/15 10:11:31.0389 3208 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\brfiltup.sys

2011/08/15 10:11:31.0435 3208 Brserid (f0f0ba4d815be446aa6a4583ca3bca9b) C:\Windows\system32\drivers\brserid.sys

2011/08/15 10:11:31.0467 3208 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\system32\drivers\brserwdm.sys

2011/08/15 10:11:31.0482 3208 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\system32\drivers\brusbmdm.sys

2011/08/15 10:11:31.0513 3208 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\system32\drivers\brusbser.sys

2011/08/15 10:11:31.0529 3208 BTHMODEM (e0777b34e05f8a82a21856efc900c29f) C:\Windows\system32\drivers\bthmodem.sys

2011/08/15 10:11:31.0576 3208 cdfs (b4d787db8d30793a4d4df9feed18f136) C:\Windows\system32\DRIVERS\cdfs.sys

2011/08/15 10:11:31.0607 3208 cdrom (3b2fb35363423ed60c8fbf15fc8680bd) C:\Windows\system32\DRIVERS\cdrom.sys

2011/08/15 10:11:31.0638 3208 circlass (02ea568d498bbdd4ba55bf3fce34d456) C:\Windows\system32\drivers\circlass.sys

2011/08/15 10:11:31.0685 3208 CLFS (c12c4ee07843b595036da0baa6317936) C:\Windows\system32\CLFS.sys

2011/08/15 10:11:31.0747 3208 cmdide (e5d5499a1c50a54b5161296b6afe6192) C:\Windows\system32\drivers\cmdide.sys

2011/08/15 10:11:31.0779 3208 Compbatt (7fb8ad01db0eabe60c8a861531a8f431) C:\Windows\system32\drivers\compbatt.sys

2011/08/15 10:11:31.0810 3208 crcdisk (a8585b6412253803ce8efcbd6d6dc15c) C:\Windows\system32\drivers\crcdisk.sys

2011/08/15 10:11:31.0841 3208 DfsC (bd4acc56e477ad7419cbe90fceeb621b) C:\Windows\system32\Drivers\dfsc.sys

2011/08/15 10:11:31.0888 3208 disk (2dc415fc05fb8a079f896cbbacb19324) C:\Windows\system32\drivers\disk.sys

2011/08/15 10:11:31.0997 3208 drmkaud (f1a78a98cfc2ee02144c6bec945447e6) C:\Windows\system32\drivers\drmkaud.sys

2011/08/15 10:11:32.0044 3208 DXGKrnl (412964040ce920ff83aff6b5b551bf99) C:\Windows\System32\drivers\dxgkrnl.sys

2011/08/15 10:11:32.0106 3208 e1express (17d40652ef3e55eeae187a89df40965a) C:\Windows\system32\DRIVERS\e1e6032e.sys

2011/08/15 10:11:32.0122 3208 E1G60 (264cee7b031a9d6c827f3d0cb031f2fe) C:\Windows\system32\DRIVERS\E1G6032E.sys

2011/08/15 10:11:32.0169 3208 Ecache (7343d950a34a95dcb7441642e3e6beef) C:\Windows\system32\drivers\ecache.sys

2011/08/15 10:11:32.0215 3208 elxstor (c4636d6e10469404ab5308d9fd45ed07) C:\Windows\system32\drivers\elxstor.sys

2011/08/15 10:11:32.0247 3208 ErrDev (bc3a58e938bb277e46bf4b3003b01abd) C:\Windows\system32\drivers\errdev.sys

2011/08/15 10:11:32.0293 3208 exfat (2a546b9a84658b0554b1ec35cd9adaf5) C:\Windows\system32\drivers\exfat.sys

2011/08/15 10:11:32.0309 3208 fastfat (fe731d345ed9eeabbc72a59b35941834) C:\Windows\system32\drivers\fastfat.sys

2011/08/15 10:11:32.0356 3208 fdc (81b79b6df71fa1d2c6d688d830616e39) C:\Windows\system32\DRIVERS\fdc.sys

2011/08/15 10:11:32.0387 3208 FileInfo (457b7d1d533e4bd62a99aed9c7bb4c59) C:\Windows\system32\drivers\fileinfo.sys

2011/08/15 10:11:32.0418 3208 Filetrace (d421327fd6efccaf884a54c58e1b0d7f) C:\Windows\system32\drivers\filetrace.sys

2011/08/15 10:11:32.0434 3208 flpydisk (230923ea2b80f79b0f88d90f87b87ebd) C:\Windows\system32\DRIVERS\flpydisk.sys

2011/08/15 10:11:32.0465 3208 FltMgr (7dacf1a3a4219575070c6dc7c957428a) C:\Windows\system32\drivers\fltmgr.sys

2011/08/15 10:11:32.0481 3208 Fs_Rec (29d99e860a1ca0a03c6a733fdd0da703) C:\Windows\system32\drivers\Fs_Rec.sys

2011/08/15 10:11:32.0512 3208 gagp30kx (c8e416668d3dc2be3d4fe4c79224997f) C:\Windows\system32\drivers\gagp30kx.sys

2011/08/15 10:11:32.0559 3208 HDAudBus (0c0d0f8a3ff09ecc81963d09ec6a0a84) C:\Windows\system32\DRIVERS\HDAudBus.sys

2011/08/15 10:11:32.0574 3208 HidBth (b4881c84a180e75b8c25dc1d726c375f) C:\Windows\system32\drivers\hidbth.sys

2011/08/15 10:11:32.0590 3208 HidIr (4e77a77e2c986e8f88f996bb3e1ad829) C:\Windows\system32\drivers\hidir.sys

2011/08/15 10:11:32.0652 3208 HidUsb (128e2da8483fdd4dd0c7b3f9abd6f323) C:\Windows\system32\DRIVERS\hidusb.sys

2011/08/15 10:11:32.0699 3208 HpCISSs (d7109a1e6bd2dfdbcba72a6bc626a13b) C:\Windows\system32\drivers\hpcisss.sys

2011/08/15 10:11:32.0746 3208 HTTP (e690736da6c543f5d99c8fa27bea31db) C:\Windows\system32\drivers\HTTP.sys

2011/08/15 10:11:32.0761 3208 i2omp (da94c854cea5fac549d4e1f6e88349e8) C:\Windows\system32\drivers\i2omp.sys

2011/08/15 10:11:32.0808 3208 i8042prt (cbb597659a2713ce0c9cc20c88c7591f) C:\Windows\system32\DRIVERS\i8042prt.sys

2011/08/15 10:11:32.0855 3208 iaStor (ceb53bb804b41c52ab0782505c8e2994) C:\Windows\system32\drivers\iastor.sys

2011/08/15 10:11:32.0886 3208 iaStorV (3e3bf3627d886736d0b4e90054f929f6) C:\Windows\system32\drivers\iastorv.sys

2011/08/15 10:11:33.0120 3208 igfx (2161876969e428a494f8d7c38fa6f513) C:\Windows\system32\DRIVERS\igdkmd64.sys

2011/08/15 10:11:33.0183 3208 iirsp (8c3951ad2fe886ef76c7b5027c3125d3) C:\Windows\system32\drivers\iirsp.sys

2011/08/15 10:11:33.0245 3208 IntcAzAudAddService (0dd17d4b59d0ec40e3c86a505bb0b6dd) C:\Windows\system32\drivers\RTKVHD64.sys

2011/08/15 10:11:33.0276 3208 intelide (df797a12176f11b2d301c5b234bb200e) C:\Windows\system32\drivers\intelide.sys

2011/08/15 10:11:33.0307 3208 intelppm (bfd84af32fa1bad6231c4585cb469630) C:\Windows\system32\DRIVERS\intelppm.sys

2011/08/15 10:11:33.0339 3208 IpFilterDriver (99b821f5bebd6a3cc3fe564f802ae0fd) C:\Windows\system32\DRIVERS\ipfltdrv.sys

2011/08/15 10:11:33.0385 3208 IPMIDRV (9c2ee2e6e5a7203bfae15c299475ec67) C:\Windows\system32\drivers\ipmidrv.sys

2011/08/15 10:11:33.0417 3208 IPNAT (b7e6212f581ea5f6ab0c3a6ceeeb89be) C:\Windows\system32\DRIVERS\ipnat.sys

2011/08/15 10:11:33.0448 3208 IRENUM (8c42ca155343a2f11d29feca67faa88d) C:\Windows\system32\drivers\irenum.sys

2011/08/15 10:11:33.0479 3208 isapnp (0672bfcedc6fc468a2b0500d81437f4f) C:\Windows\system32\drivers\isapnp.sys

2011/08/15 10:11:33.0526 3208 iScsiPrt (49e4ccbf74783fce5d2cc1ff6480e1f4) C:\Windows\system32\DRIVERS\msiscsi.sys

2011/08/15 10:11:33.0573 3208 iteatapi (63c766cdc609ff8206cb447a65abba4a) C:\Windows\system32\drivers\iteatapi.sys

2011/08/15 10:11:33.0619 3208 iteraid (1281fe73b17664631d12f643cbea3f59) C:\Windows\system32\drivers\iteraid.sys

2011/08/15 10:11:33.0666 3208 Iviaspi (cfe46dd772cc2e158ce8107416bee5c6) C:\Windows\system32\drivers\Iviaspi.sys

2011/08/15 10:11:33.0682 3208 kbdclass (423696f3ba6472dd17699209b933bc26) C:\Windows\system32\DRIVERS\kbdclass.sys

2011/08/15 10:11:33.0697 3208 kbdhid (bf8783a5066cfecf45095459e8010fa7) C:\Windows\system32\DRIVERS\kbdhid.sys

2011/08/15 10:11:33.0791 3208 KSecDD (ccdcce6224e1e207e953af826b98a9d9) C:\Windows\system32\Drivers\ksecdd.sys

2011/08/15 10:11:33.0822 3208 ksthunk (1d419cf43db29396ecd7113d129d94eb) C:\Windows\system32\drivers\ksthunk.sys

2011/08/15 10:11:33.0885 3208 Leapfrog-USBLAN (797289607a5ebf31353aa5ead141f872) C:\Windows\system32\DRIVERS\btblan.sys

2011/08/15 10:11:33.0916 3208 lltdio (96ece2659b6654c10a0c310ae3a6d02c) C:\Windows\system32\DRIVERS\lltdio.sys

2011/08/15 10:11:33.0963 3208 LSI_FC (acbe1af32d3123e330a07bfbc5ec4a9b) C:\Windows\system32\drivers\lsi_fc.sys

2011/08/15 10:11:33.0994 3208 LSI_SAS (799ffb2fc4729fa46d2157c0065b3525) C:\Windows\system32\drivers\lsi_sas.sys

2011/08/15 10:11:34.0025 3208 LSI_SCSI (f445ff1daad8a226366bfaf42551226b) C:\Windows\system32\drivers\lsi_scsi.sys

2011/08/15 10:11:34.0056 3208 luafv (52f87b9cc8932c2a7375c3b2a9be5e3e) C:\Windows\system32\drivers\luafv.sys

2011/08/15 10:11:34.0103 3208 megasas (5c5cd6aaced32fb26c3fb34b3dcf972f) C:\Windows\system32\drivers\megasas.sys

2011/08/15 10:11:34.0119 3208 MegaSR (859bc2436b076c77c159ed694acfe8f8) C:\Windows\system32\drivers\megasr.sys

2011/08/15 10:11:34.0150 3208 Modem (59848d5cc74606f0ee7557983bb73c2e) C:\Windows\system32\drivers\modem.sys

2011/08/15 10:11:34.0181 3208 monitor (c247cc2a57e0a0c8c6dccf7807b3e9e5) C:\Windows\system32\DRIVERS\monitor.sys

2011/08/15 10:11:34.0212 3208 mouclass (9367304e5e412b120cf5f4ea14e4e4f1) C:\Windows\system32\DRIVERS\mouclass.sys

2011/08/15 10:11:34.0228 3208 mouhid (c2c2bd5c5ce5aaf786ddd74b75d2ac69) C:\Windows\system32\DRIVERS\mouhid.sys

2011/08/15 10:11:34.0243 3208 MountMgr (11bc9b1e8801b01f7f6adb9ead30019b) C:\Windows\system32\drivers\mountmgr.sys

2011/08/15 10:11:34.0275 3208 MpFilter (e6ba8e5a4a871899e23d64573ef58ee9) C:\Windows\system32\DRIVERS\MpFilter.sys

2011/08/15 10:11:34.0290 3208 mpio (f8276eb8698142884498a528dfea8478) C:\Windows\system32\drivers\mpio.sys

2011/08/15 10:11:34.0321 3208 MpNWMon (98b09a4f2c462441030b83a80a3f6fb3) C:\Windows\system32\DRIVERS\MpNWMon.sys

2011/08/15 10:11:34.0353 3208 mpsdrv (c92b9abdb65a5991e00c28f13491dba2) C:\Windows\system32\drivers\mpsdrv.sys

2011/08/15 10:11:34.0384 3208 Mraid35x (3c200630a89ef2c0864d515b7a75802e) C:\Windows\system32\drivers\mraid35x.sys

2011/08/15 10:11:34.0384 3208 MRxDAV (fe2706c15f8345c342820e4e4583fea0) C:\Windows\system32\drivers\mrxdav.sys

2011/08/15 10:11:34.0431 3208 mrxsmb (937512d4321b4f5218ad5a0aebf2b5cc) C:\Windows\system32\DRIVERS\mrxsmb.sys

2011/08/15 10:11:34.0446 3208 mrxsmb10 (152b673b3984356390e7baa4199f1114) C:\Windows\system32\DRIVERS\mrxsmb10.sys

2011/08/15 10:11:34.0493 3208 mrxsmb20 (65e45c26ba6fd66cd2889913f73823ef) C:\Windows\system32\DRIVERS\mrxsmb20.sys

2011/08/15 10:11:34.0509 3208 msahci (730b784962d22d2c6481eae2370e7c8c) C:\Windows\system32\drivers\msahci.sys

2011/08/15 10:11:34.0555 3208 msdsm (264bbb4aaf312a485f0e44b65a6b7202) C:\Windows\system32\drivers\msdsm.sys

2011/08/15 10:11:34.0618 3208 Msfs (704f59bfc4512d2bb0146aec31b10a7c) C:\Windows\system32\drivers\Msfs.sys

2011/08/15 10:11:34.0649 3208 msisadrv (00ebc952961664780d43dca157e79b27) C:\Windows\system32\drivers\msisadrv.sys

2011/08/15 10:11:34.0680 3208 MSKSSRV (0ea73e498f53b96d83dbfca074ad4cf8) C:\Windows\system32\drivers\MSKSSRV.sys

2011/08/15 10:11:34.0727 3208 MSPCLOCK (52e59b7e992a58e740aa63f57edbae8b) C:\Windows\system32\drivers\MSPCLOCK.sys

2011/08/15 10:11:34.0758 3208 MSPQM (49084a75bae043ae02d5b44d02991bb2) C:\Windows\system32\drivers\MSPQM.sys

2011/08/15 10:11:34.0774 3208 MsRPC (b8e32e6103fbba9fbb1d0c11ff0d13b5) C:\Windows\system32\drivers\MsRPC.sys

2011/08/15 10:11:34.0805 3208 mssmbios (855796e59df77ea93af46f20155bf55b) C:\Windows\system32\DRIVERS\mssmbios.sys

2011/08/15 10:11:34.0821 3208 MSTEE (86d632d75d05d5b7c7c043fa3564ae86) C:\Windows\system32\drivers\MSTEE.sys

2011/08/15 10:11:34.0836 3208 Mup (ddf133501f68d6988a0f55dfa88637b4) C:\Windows\system32\Drivers\mup.sys

2011/08/15 10:11:34.0899 3208 NativeWifiP (73b99c98fa3a2ed1566e02d6fe1913a5) C:\Windows\system32\DRIVERS\nwifi.sys

2011/08/15 10:11:34.0945 3208 NDIS (f9a3ae5c9f047d71a36a99f9abca7d02) C:\Windows\system32\drivers\ndis.sys

2011/08/15 10:11:35.0055 3208 NdisTapi (64df698a425478e321981431ac171334) C:\Windows\system32\DRIVERS\ndistapi.sys

2011/08/15 10:11:35.0070 3208 Ndisuio (8baa43196d7b5bb972c9a6b2bbf61a19) C:\Windows\system32\DRIVERS\ndisuio.sys

2011/08/15 10:11:35.0101 3208 NdisWan (52e3e8e35101399be9b2938c992aa087) C:\Windows\system32\DRIVERS\ndiswan.sys

2011/08/15 10:11:35.0133 3208 NDProxy (9cb77ed7cb72850253e973a2d6afdf49) C:\Windows\system32\drivers\NDProxy.sys

2011/08/15 10:11:35.0148 3208 NetBIOS (a499294f5029a7862adc115bda7371ce) C:\Windows\system32\DRIVERS\netbios.sys

2011/08/15 10:11:35.0179 3208 netbt (7a29ca243a629230799754162d80120f) C:\Windows\system32\DRIVERS\netbt.sys

2011/08/15 10:11:35.0226 3208 nfrd960 (4ac08bd6af2df42e0c3196d826c8aea7) C:\Windows\system32\drivers\nfrd960.sys

2011/08/15 10:11:35.0257 3208 NisDrv (3713e8452b88d3e0be095e06b6fbc776) C:\Windows\system32\DRIVERS\NisDrvWFP.sys

2011/08/15 10:11:35.0304 3208 Npfs (b06154e2a2c91e9be5599fca53bc4cd0) C:\Windows\system32\drivers\Npfs.sys

2011/08/15 10:11:35.0320 3208 nsiproxy (1523af19ee8b030ba682f7a53537eaeb) C:\Windows\system32\drivers\nsiproxy.sys

2011/08/15 10:11:35.0367 3208 Ntfs (fe86ba5ac3b50e2ca911e9c60c07b638) C:\Windows\system32\drivers\Ntfs.sys

2011/08/15 10:11:35.0382 3208 Null (dd5d684975352b85b52e3fd5347c20cb) C:\Windows\system32\drivers\Null.sys

2011/08/15 10:11:35.0429 3208 nvraid (2c040b7ada5b06f6facadac8514aa034) C:\Windows\system32\drivers\nvraid.sys

2011/08/15 10:11:35.0460 3208 nvstor (f7ea0fe82842d05eda3efdd376dbfdba) C:\Windows\system32\drivers\nvstor.sys

2011/08/15 10:11:35.0491 3208 nv_agp (19067ca93075ef4823e3938a686f532f) C:\Windows\system32\drivers\nv_agp.sys

2011/08/15 10:11:35.0569 3208 ohci1394 (1b30103fde512915a9214b108b6e7a9c) C:\Windows\system32\DRIVERS\ohci1394.sys

2011/08/15 10:11:35.0632 3208 Packet (43e24699a18126f11e3d9bf6db85518b) C:\Windows\system32\DRIVERS\packet.sys

2011/08/15 10:11:35.0710 3208 Parport (aecd57f94c887f58919f307c35498ea0) C:\Windows\system32\drivers\parport.sys

2011/08/15 10:11:35.0725 3208 partmgr (5ab40c36894f4c06bdab0c9a2fba282d) C:\Windows\system32\drivers\partmgr.sys

2011/08/15 10:11:35.0803 3208 pbfilter (7c0582921913d00180ec2b8518ba135c) C:\Program Files\PeerBlock\pbfilter.sys

2011/08/15 10:11:35.0835 3208 pci (2a5b2a51559066ea84742909b5b2cd69) C:\Windows\system32\drivers\pci.sys

2011/08/15 10:11:35.0866 3208 pciide (8d618c829034479985a9ed56106cc732) C:\Windows\system32\drivers\pciide.sys

2011/08/15 10:11:35.0897 3208 pcmcia (037661f3d7c507c9993b7010ceee6288) C:\Windows\system32\drivers\pcmcia.sys

2011/08/15 10:11:35.0975 3208 pcouffin (af7ce12c4f3dc8cb2b07685c916bbcfe) C:\Windows\system32\Drivers\pcouffin.sys

2011/08/15 10:11:36.0006 3208 PEAUTH (58865916f53592a61549b04941bfd80d) C:\Windows\system32\drivers\peauth.sys

2011/08/15 10:11:36.0100 3208 PptpMiniport (f5739f2c6db2534c384ad5150808e8f5) C:\Windows\system32\DRIVERS\raspptp.sys

2011/08/15 10:11:36.0131 3208 Processor (5080e59ecee0bc923f14018803aa7a01) C:\Windows\system32\drivers\processr.sys

2011/08/15 10:11:36.0193 3208 PSched (0e0e205a296095fe4c631e6a4775ad6c) C:\Windows\system32\DRIVERS\pacer.sys

2011/08/15 10:11:36.0225 3208 PxHlpa64 (87b04878a6d59d6c79251dc960c674c1) C:\Windows\system32\Drivers\PxHlpa64.sys

2011/08/15 10:11:36.0271 3208 ql2300 (0b83f4e681062f3839be2ec1d98fd94a) C:\Windows\system32\drivers\ql2300.sys

2011/08/15 10:11:36.0303 3208 ql40xx (e1c80f8d4d1e39ef9595809c1369bf2a) C:\Windows\system32\drivers\ql40xx.sys

2011/08/15 10:11:36.0349 3208 QWAVEdrv (e8d76edab77ec9c634c27b8eac33adc5) C:\Windows\system32\drivers\qwavedrv.sys

2011/08/15 10:11:36.0771 3208 R300 (2a09a6b271d1f50adf5e33b37d460de6) C:\Windows\system32\DRIVERS\atikmdag.sys

2011/08/15 10:11:36.0817 3208 RasAcd (1013b3b663a56d3ddd784f581c1bd005) C:\Windows\system32\DRIVERS\rasacd.sys

2011/08/15 10:11:36.0849 3208 Rasl2tp (3b9085f91ef00abd15a6f36570e90e12) C:\Windows\system32\DRIVERS\rasl2tp.sys

2011/08/15 10:11:36.0895 3208 RasPppoe (2ce1703c27196094fb6e4c6e439f2c21) C:\Windows\system32\DRIVERS\raspppoe.sys

2011/08/15 10:11:36.0911 3208 RasSstp (fcd04fa67e8b40fa0ad361dd38593942) C:\Windows\system32\DRIVERS\rassstp.sys

2011/08/15 10:11:36.0942 3208 rdbss (33fa5b6136d92ee0f53f021c79091300) C:\Windows\system32\DRIVERS\rdbss.sys

2011/08/15 10:11:36.0958 3208 RDPCDD (603900cc05f6be65ccbf373800af3716) C:\Windows\system32\DRIVERS\RDPCDD.sys

2011/08/15 10:11:37.0005 3208 rdpdr (c045d1fb111c28df0d1be8d4bda22c06) C:\Windows\system32\drivers\rdpdr.sys

2011/08/15 10:11:37.0020 3208 RDPENCDD (cab9421daf3d97b33d0d055858e2c3ab) C:\Windows\system32\drivers\rdpencdd.sys

2011/08/15 10:11:37.0067 3208 RDPWD (7747082f672aa2846235c9cea42e2e72) C:\Windows\system32\drivers\RDPWD.sys

2011/08/15 10:11:37.0114 3208 rspndr (22a9cb08b1a6707c1550c6bf099aae73) C:\Windows\system32\DRIVERS\rspndr.sys

2011/08/15 10:11:37.0192 3208 RTL8169 (d53c84ec99ab4d78a90001e5ce5386ec) C:\Windows\system32\DRIVERS\Rtlh64.sys

2011/08/15 10:11:37.0270 3208 SASDIFSV (5bf35c4ea3f00fa8d3f1e5bf03d24584) C:\Program Files (x86)\SUPERAntiSpyware\SASDIFSV.SYS

2011/08/15 10:11:37.0301 3208 SASENUM (a22f08c98ac2f44587bf3a1fb52bf8cd) C:\Program Files (x86)\SUPERAntiSpyware\SASENUM.SYS

2011/08/15 10:11:37.0332 3208 SASKUTIL (c7d81c10d3befeee41f3408714637438) C:\Program Files (x86)\SUPERAntiSpyware\SASKUTIL.sys

2011/08/15 10:11:37.0348 3208 sbp2port (cd9c693589c60ad59bbbcfb0e524e01b) C:\Windows\system32\drivers\sbp2port.sys

2011/08/15 10:11:37.0410 3208 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys

2011/08/15 10:11:37.0441 3208 Serenum (f71bfe7ac6c52273b7c82cbf1bb2a222) C:\Windows\system32\drivers\serenum.sys

2011/08/15 10:11:37.0488 3208 Serial (e62fac91ee288db29a9696a9d279929c) C:\Windows\system32\drivers\serial.sys

2011/08/15 10:11:37.0519 3208 sermouse (a842f04833684bceea7336211be478df) C:\Windows\system32\drivers\sermouse.sys

2011/08/15 10:11:37.0551 3208 sffdisk (14d4b4465193a87c127933978e8c4106) C:\Windows\system32\drivers\sffdisk.sys

2011/08/15 10:11:37.0566 3208 sffp_mmc (7073aee3f82f3d598e3825962aa98ab2) C:\Windows\system32\drivers\sffp_mmc.sys

2011/08/15 10:11:37.0597 3208 sffp_sd (35e59ebe4a01a0532ed67975161c7b82) C:\Windows\system32\drivers\sffp_sd.sys

2011/08/15 10:11:37.0613 3208 sfloppy (6b7838c94135768bd455cbdc23e39e5f) C:\Windows\system32\drivers\sfloppy.sys

2011/08/15 10:11:37.0660 3208 SiSRaid2 (7a5de502aeb719d4594c6471060a78b3) C:\Windows\system32\drivers\sisraid2.sys

2011/08/15 10:11:37.0691 3208 SiSRaid4 (3a2f769fab9582bc720e11ea1dfb184d) C:\Windows\system32\drivers\sisraid4.sys

2011/08/15 10:11:37.0722 3208 Smb (41eb2e8e005feedcafce301983eff932) C:\Windows\system32\DRIVERS\smb.sys

2011/08/15 10:11:37.0785 3208 spldr (f9cb0672162f7f04248e2b82c1ff4617) C:\Windows\system32\drivers\spldr.sys

2011/08/15 10:11:37.0847 3208 srv (4adb9a620ff071ee7d17487a87861659) C:\Windows\system32\DRIVERS\srv.sys

2011/08/15 10:11:37.0878 3208 srv2 (2aea7a85ceb33abb332d35617990f50b) C:\Windows\system32\DRIVERS\srv2.sys

2011/08/15 10:11:37.0894 3208 srvnet (a93df8babf7c7b9637a76e0eae5744b7) C:\Windows\system32\DRIVERS\srvnet.sys

2011/08/15 10:11:37.0941 3208 swenum (8a851ca908b8b974f89c50d2e18d4f0c) C:\Windows\system32\DRIVERS\swenum.sys

2011/08/15 10:11:37.0972 3208 Symc8xx (2f26a2c6fc96b29beff5d8ed74e6625b) C:\Windows\system32\drivers\symc8xx.sys

2011/08/15 10:11:37.0987 3208 Sym_hi (a909667976d3bccd1df813fed517d837) C:\Windows\system32\drivers\sym_hi.sys

2011/08/15 10:11:38.0019 3208 Sym_u3 (36887b56ec2d98b9c362f6ae4de5b7b0) C:\Windows\system32\drivers\sym_u3.sys

2011/08/15 10:11:38.0081 3208 Tcpip (d43d5336be9dd93e02ee124297295713) C:\Windows\system32\drivers\tcpip.sys

2011/08/15 10:11:38.0128 3208 Tcpip6 (d43d5336be9dd93e02ee124297295713) C:\Windows\system32\DRIVERS\tcpip.sys

2011/08/15 10:11:38.0159 3208 tcpipreg (c29d4b3b08ad0b7e8564814e4ff6a57b) C:\Windows\system32\drivers\tcpipreg.sys

2011/08/15 10:11:38.0175 3208 TDPIPE (1d8bf4aaa5fb7a2761475781dc1195bc) C:\Windows\system32\drivers\tdpipe.sys

2011/08/15 10:11:38.0206 3208 TDTCP (7f7e00cdf609df657f4cda02dd1c9bb1) C:\Windows\system32\drivers\tdtcp.sys

2011/08/15 10:11:38.0221 3208 tdx (8c39c72e0e853de04748c0337d9b9216) C:\Windows\system32\DRIVERS\tdx.sys

2011/08/15 10:11:38.0268 3208 TermDD (3f0ebf6ee609f2a276c0d5faf244ec90) C:\Windows\system32\DRIVERS\termdd.sys

2011/08/15 10:11:38.0315 3208 tssecsrv (9e5409cd17c8bef193aad498f3bc2cb8) C:\Windows\system32\DRIVERS\tssecsrv.sys

2011/08/15 10:11:38.0346 3208 tunmp (89ec74a9e602d16a75a4170511029b3c) C:\Windows\system32\DRIVERS\tunmp.sys

2011/08/15 10:11:38.0377 3208 tunnel (2dc2c423572946e9a3131425bda73cb6) C:\Windows\system32\DRIVERS\tunnel.sys

2011/08/15 10:11:38.0424 3208 uagp35 (fec266ef401966311744bd0f359f7f56) C:\Windows\system32\drivers\uagp35.sys

2011/08/15 10:11:38.0455 3208 udfs (eca6629e33f122afff18a2ab7c3eb033) C:\Windows\system32\DRIVERS\udfs.sys

2011/08/15 10:11:38.0487 3208 uliagpkx (4ec9447ac3ab462647f60e547208ca00) C:\Windows\system32\drivers\uliagpkx.sys

2011/08/15 10:11:38.0518 3208 uliahci (697f0446134cdc8f99e69306184fbbb4) C:\Windows\system32\drivers\uliahci.sys

2011/08/15 10:11:38.0533 3208 UlSata (31707f09846056651ea2c37858f5ddb0) C:\Windows\system32\drivers\ulsata.sys

2011/08/15 10:11:38.0565 3208 ulsata2 (85e5e43ed5b48c8376281bab519271b7) C:\Windows\system32\drivers\ulsata2.sys

2011/08/15 10:11:38.0596 3208 umbus (46e9a994c4fed537dd951f60b86ad3f4) C:\Windows\system32\DRIVERS\umbus.sys

2011/08/15 10:11:38.0674 3208 usbaudio (c899fb269be4740dbe2801b204cd71d4) C:\Windows\system32\drivers\usbaudio.sys

2011/08/15 10:11:38.0721 3208 usbccgp (89842ce16285b73405284224cc386dcf) C:\Windows\system32\DRIVERS\usbccgp.sys

2011/08/15 10:11:38.0736 3208 usbcir (9247f7e0b65852c1f6631480984d6ed2) C:\Windows\system32\drivers\usbcir.sys

2011/08/15 10:11:38.0783 3208 usbehci (07b738a1f57e4ec870406e74da5754af) C:\Windows\system32\DRIVERS\usbehci.sys

2011/08/15 10:11:38.0830 3208 usbhub (b668e8e0ef2910f28baf550b04de57f2) C:\Windows\system32\DRIVERS\usbhub.sys

2011/08/15 10:11:38.0845 3208 usbohci (eba14ef0c07cec233f1529c698d0d154) C:\Windows\system32\drivers\usbohci.sys

2011/08/15 10:11:38.0892 3208 usbprint (28b693b6d31e7b9332c1bdcefef228c1) C:\Windows\system32\DRIVERS\usbprint.sys

2011/08/15 10:11:38.0923 3208 usbscan (ea0bf666868964fbe8cb10e50c97b9f1) C:\Windows\system32\DRIVERS\usbscan.sys

2011/08/15 10:11:38.0955 3208 USBSTOR (586d9876a4945779c8eea926c0d16889) C:\Windows\system32\DRIVERS\USBSTOR.SYS

2011/08/15 10:11:38.0986 3208 usbuhci (e76f2b26a5917f555844c128954bb52b) C:\Windows\system32\DRIVERS\usbuhci.sys

2011/08/15 10:11:39.0017 3208 vga (916b94bcf1e09873fff2d5fb11767bbc) C:\Windows\system32\DRIVERS\vgapnp.sys

2011/08/15 10:11:39.0048 3208 VgaSave (b83ab16b51feda65dd81b8c59d114d63) C:\Windows\System32\drivers\vga.sys

2011/08/15 10:11:39.0064 3208 viaide (8294b6c3fdb6c33f24e150de647ecdaa) C:\Windows\system32\drivers\viaide.sys

2011/08/15 10:11:39.0079 3208 volmgr (793d9b32a1c462c91f6f70358283ac97) C:\Windows\system32\drivers\volmgr.sys

2011/08/15 10:11:39.0126 3208 volmgrx (5aa217da5dc4ff5b9ac9ab86563b3223) C:\Windows\system32\drivers\volmgrx.sys

2011/08/15 10:11:39.0157 3208 volsnap (de4307412d98050239026e56a7dff3c0) C:\Windows\system32\drivers\volsnap.sys

2011/08/15 10:11:39.0235 3208 vsmraid (a68f455ed2673835209318dd61bfbb0e) C:\Windows\system32\drivers\vsmraid.sys

2011/08/15 10:11:39.0298 3208 WacomPen (fef8fe5923fead2cee4dfabfce3393a7) C:\Windows\system32\drivers\wacompen.sys

2011/08/15 10:11:39.0313 3208 Wanarp (aea75207e443c8623c36b8d03596f84f) C:\Windows\system32\DRIVERS\wanarp.sys

2011/08/15 10:11:39.0329 3208 Wanarpv6 (aea75207e443c8623c36b8d03596f84f) C:\Windows\system32\DRIVERS\wanarp.sys

2011/08/15 10:11:39.0376 3208 Wd (0c17a0816f65b89e362e682ad5e7266e) C:\Windows\system32\drivers\wd.sys

2011/08/15 10:11:39.0407 3208 Wdf01000 (d02e7e4567da1e7582fbf6a91144b0df) C:\Windows\system32\drivers\Wdf01000.sys

2011/08/15 10:11:39.0563 3208 WmiAcpi (e18aebaaa5a773fe11aa2c70f65320f5) C:\Windows\system32\drivers\wmiacpi.sys

2011/08/15 10:11:39.0625 3208 WpdUsb (6329d1990db931073b86ab5946d8e317) C:\Windows\system32\DRIVERS\wpdusb.sys

2011/08/15 10:11:39.0688 3208 WUDFRd (501a65252617b495c0f1832f908d54d8) C:\Windows\system32\DRIVERS\WUDFRd.sys

2011/08/15 10:11:39.0766 3208 xnacc (da1c23f65ef1894ab5b6ff79d81f544a) C:\Windows\system32\DRIVERS\xnacc.sys

2011/08/15 10:11:39.0797 3208 MBR (0x1B8) (cdb4de4bbd714f152979da2dcbef57eb) \Device\Harddisk0\DR0

2011/08/15 10:11:39.0828 3208 Boot (0x1200) (2bd43f59bd1fa455adf4cc796604d954) \Device\Harddisk0\DR0\Partition0

2011/08/15 10:11:39.0844 3208 Boot (0x1200) (af40be1c19670493f6ae8b2c2b4cb009) \Device\Harddisk0\DR0\Partition1

2011/08/15 10:11:39.0859 3208 ================================================================================

2011/08/15 10:11:39.0859 3208 Scan finished

2011/08/15 10:11:39.0859 3208 ================================================================================

2011/08/15 10:11:39.0859 2876 Detected object count: 0

2011/08/15 10:11:39.0859 2876 Actual detected object count: 0

Share this post


Link to post
Share on other sites

Please do the following:

 

Open Notepad and copy/paste the text in the codebox below into it:

 

Folder::
C:\Program Files (x86)\SlySoft\AnyDVD
C:\Users\richie\Downloads\Real.Spy.Monitor.v2.89.WinAll.Incl.Keygen 

ClearJavaCache::

Save as CFScript.txt

 

 

Posted Image

 

Referring to the picture above, drag CFScript.txt into ComboFix.exe

 

When finished, it produces a log.

 

Please post the new ComboFix log in your reply.

 

~~~~

Next, please download TFC to your Desktop.

  • Save any unsaved work. TFC will close all open application windows.
  • Double-click TFC.exe to run the program.
  • If prompted, click "Yes" to reboot.
Note:

-Save your work, TFC automatically closes any open programs.

 

~~~~

Last, download Security Check

 

Save it to the Desktop.

Double click SecurityCheck.exe and follow the onscreen instructions (in the black box.)

When done, a Notepad document opens automatically: checkup.txt

 

Please post the contents of checkup.txt in your reply.

Share this post


Link to post
Share on other sites

ComboFix 11-08-11.03 - richie 08/15/2011 12:23:59.2.2 - x64

Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.4084.2138 [GMT -4:00]

Running from: c:\users\richie\Desktop\ComboFix.exe

Command switches used :: c:\users\richie\Desktop\CFScript.txt

AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}

SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

 

 

c:\program files (x86)\SlySoft\AnyDVD

c:\program files (x86)\SlySoft\AnyDVD\AnyDVDtray.bak

c:\program files (x86)\SlySoft\AnyDVD\Fox Killer 8.exe

c:\program files (x86)\SlySoft\AnyDVD\HD.AnyDVD

c:\program files (x86)\SlySoft\AnyDVD\Key.AnyDVD

c:\program files (x86)\SlySoft\AnyDVD\Keygen_and_Patch.exe

.

.

((((((((((((((((((((((((( Files Created from 2011-07-15 to 2011-08-15 )))))))))))))))))))))))))))))))

.

.

2011-08-15 16:28 . 2011-08-15 16:30 -------- d-----w- c:\users\richie\AppData\Local\temp

2011-08-15 16:28 . 2011-08-15 16:28 -------- d-----w- c:\users\Default\AppData\Local\temp

2011-08-15 14:12 . 2011-07-13 04:53 8578896 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A5DCB4DA-DBA5-4D4A-8E8C-E6700F1AE271}\mpengine.dll

2011-08-13 22:43 . 2011-08-13 22:43 -------- d-----w- c:\programdata\Kaspersky Lab

2011-08-13 02:49 . 2011-01-31 14:24 601424 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{24951914-FC70-480D-A877-31A8DF73B75E}\gapaengine.dll

2011-08-12 19:09 . 2011-08-12 19:09 -------- d-----w- c:\program files (x86)\ESET

2011-08-12 01:04 . 2011-08-12 01:04 -------- d-----w- c:\users\richie\AppData\Local\Opera

2011-08-12 01:04 . 2011-08-12 01:04 -------- d-----w- c:\program files (x86)\Opera

2011-08-11 13:57 . 2011-08-11 13:57 0 ----a-w- c:\programdata\stnj.exe

2011-08-11 13:57 . 2011-08-11 13:57 0 ----a-w- c:\programdata\ijpj.exe

2011-08-11 13:57 . 2011-08-11 13:57 0 ----a-w- c:\programdata\gmfj.exe

2011-08-11 13:57 . 2011-08-11 13:57 0 ----a-w- c:\programdata\dnof.exe

2011-08-11 03:30 . 2011-08-11 03:30 -------- d-----w- c:\programdata\Freemake

2011-08-04 20:58 . 2011-08-04 20:58 -------- d-----w- c:\windows\F34D9A5F484A4E31A9D3908CB265B289.TMP

2011-08-04 20:49 . 2004-08-10 21:05 14240 ----a-w- c:\windows\SysWow64\drivers\wg6n.sys

2011-08-04 20:49 . 2004-08-10 21:05 14240 ----a-w- c:\windows\SysWow64\drivers\wg5n.sys

2011-08-04 20:49 . 2004-08-10 21:05 14240 ----a-w- c:\windows\SysWow64\drivers\wg4n.sys

2011-08-04 20:49 . 2004-08-10 21:05 14240 ----a-w- c:\windows\SysWow64\drivers\wg3n.sys

2011-08-04 20:49 . 2004-08-10 20:51 59984 ----a-w- c:\windows\SysWow64\drivers\Teefer.sys

2011-08-04 20:49 . 2004-08-10 20:53 21075 ----a-w- c:\windows\SysWow64\drivers\wpsdrvnt.sys

2011-08-04 20:48 . 2004-08-10 21:05 83096 ----a-w- c:\windows\SysWow64\SSSensor.dll

2011-08-04 20:48 . 2011-08-04 20:48 -------- d-----w- c:\program files (x86)\Sygate

2011-07-31 08:26 . 2011-07-31 08:26 0 ----a-w- c:\programdata\wils.exe

2011-07-31 08:26 . 2011-07-31 08:26 0 ----a-w- c:\programdata\nbej.exe

2011-07-31 08:26 . 2011-07-31 08:26 0 ----a-w- c:\programdata\gobs.exe

2011-07-31 08:26 . 2011-07-31 08:26 0 ----a-w- c:\programdata\edwa.exe

2011-07-28 19:29 . 2011-07-28 19:29 0 ----a-w- c:\programdata\qxjt.exe

2011-07-28 19:29 . 2011-07-28 19:29 0 ----a-w- c:\programdata\mqdb.exe

2011-07-28 19:29 . 2011-07-28 19:29 0 ----a-w- c:\programdata\kpno.exe

2011-07-28 19:29 . 2011-07-28 19:29 0 ----a-w- c:\programdata\elmo.exe

2011-07-26 17:53 . 2011-07-26 17:53 0 ----a-w- c:\programdata\tklb.exe

2011-07-26 17:53 . 2011-07-26 17:53 0 ----a-w- c:\programdata\hhlg.exe

2011-07-26 17:53 . 2011-07-26 17:53 0 ----a-w- c:\programdata\dych.exe

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-07-13 04:53 . 2009-11-23 16:38 8578896 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2011-07-06 23:52 . 2009-07-16 13:59 25912 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-07-06 23:52 . 2009-03-11 00:16 41272 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys

.

.

((((((((((((((((((((((((((((( [email protected]_02.42.46 )))))))))))))))))))))))))))))))))))))))))

.

+ 2008-01-21 03:20 . 2011-08-15 16:29 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2008-01-21 03:20 . 2011-08-12 02:42 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2008-01-21 03:20 . 2011-08-12 02:42 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

+ 2008-01-21 03:20 . 2011-08-15 16:29 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

+ 2008-01-21 03:20 . 2011-08-15 16:29 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

- 2008-01-21 03:20 . 2011-08-12 02:42 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2008-01-21 02:23 . 2011-08-15 16:31 56512 c:\windows\system32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin

+ 2006-11-02 15:45 . 2011-08-15 16:31 72574 c:\windows\system32\WDI\BootPerformanceDiagnostics_SystemData.bin

+ 2009-03-10 19:35 . 2011-08-15 16:31 10704 c:\windows\system32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3742679786-2105395673-3587602292-1000_UserData.bin

- 2009-03-10 18:53 . 2011-08-11 14:48 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2009-03-10 18:53 . 2011-08-15 15:31 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2009-03-10 18:53 . 2011-08-11 14:48 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

+ 2009-03-10 18:53 . 2011-08-15 15:31 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

- 2009-03-10 18:53 . 2011-08-11 14:48 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2009-03-10 18:53 . 2011-08-15 15:31 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

- 2009-12-17 16:06 . 2011-08-11 14:49 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2009-12-17 16:06 . 2011-08-15 16:30 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2009-12-17 16:06 . 2011-08-15 16:30 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

- 2009-12-17 16:06 . 2011-08-11 14:49 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

+ 2009-12-17 16:06 . 2011-08-15 16:30 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

- 2009-12-17 16:06 . 2011-08-11 14:49 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2009-12-17 16:06 . 2011-08-14 22:42 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2009-12-17 16:06 . 2011-08-11 14:48 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2009-12-17 16:06 . 2011-08-14 22:42 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

- 2009-12-17 16:06 . 2011-08-11 14:48 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2009-03-13 20:12 . 2011-08-15 16:28 3514 c:\windows\system32\WDI\ERCQueuedResolutions.dat

- 2011-08-12 02:41 . 2011-08-12 02:41 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

+ 2011-08-15 16:29 . 2011-08-15 16:29 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

- 2011-08-12 02:41 . 2011-08-12 02:41 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

+ 2011-08-15 16:29 . 2011-08-15 16:29 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-21 1555968]

"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 138240]

"cdloader"="c:\users\richie\AppData\Roaming\mjusbsp\cdloader2.exe" [2011-05-16 50592]

"SUPERAntiSpyware"="c:\program files (x86)\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-10-13 2000112]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-06-08 37296]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]

"Monitor"="c:\program files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe" [2010-11-19 193880]

"DivX Download Manager"="c:\program files (x86)\DivX\DivX Plus Web Player\DDmService.exe" [2010-12-08 63360]

"Conime"="c:\windows\system32\conime.exe" [2008-01-21 69120]

"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-03-21 1230704]

"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888]

"SmcService"="c:\progra~2\Sygate\SPF\smc.exe" [2004-08-13 2532576]

.

c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2008-9-24 1295656]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

.

[hkey_local_machine\software\Wow6432Node\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files (x86)\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

2009-09-03 19:21 548352 ----a-w- c:\program files (x86)\SUPERAntiSpyware\SASWINLO.dll

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

.

R1 SASDIFSV;SASDIFSV;c:\program files (x86)\SUPERAntiSpyware\SASDIFSV.SYS [2009-10-13 9968]

R1 SASKUTIL;SASKUTIL;c:\program files (x86)\SUPERAntiSpyware\SASKUTIL.sys [2009-10-13 74480]

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R3 Leapfrog-USBLAN;Leapfrog-USBLAN;c:\windows\system32\DRIVERS\btblan.sys [x]

R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [x]

R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]

R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2010-11-11 282616]

R3 SASENUM;SASENUM;c:\program files (x86)\SUPERAntiSpyware\SASENUM.SYS [2009-10-13 7408]

R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 1020768]

S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]

S2 AERTFilters;Andrea RT Filters Service;c:\windows\system32\AERTSr64.exe [x]

S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2008-09-24 155648]

S2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;c:\program files (x86)\Kodak\AiO\Center\ekdiscovery.exe [2010-09-13 308656]

S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]

.

.

.

--------- x86-64 -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RtHDVCpl"="RAVCpl64.exe" [2008-07-28 6431232]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-09-17 151064]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-09-17 208920]

"Persistence"="c:\windows\system32\igfxpers.exe" [2008-09-17 176152]

"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2010-11-30 1436224]

"EKIJ5000StatusMonitor"="c:\windows\system32\spool\DRIVERS\x64\3\EKIJ5000MUI.exe" [2010-09-02 2045440]

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = hxxp://my.yahoo.com/

mLocal Page = %SystemRoot%\system32\blank.htm

TCP: DhcpNameServer = 192.168.0.1

CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll

FF - ProfilePath - c:\users\richie\AppData\Roaming\Mozilla\Firefox\Profiles\3zfettwr.default\

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - hxxp://my.yahoo.com/

FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q=

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension

FF - Ext: DivX Plus Web Player HTML5 <video>: {23fcfd51-4958-4f00-80a3-ae97e717ed8b} - c:\program files (x86)\DivX\DivX Plus Web Player\firefox\html5video

FF - Ext: DivX HiQ: {6904342A-8307-11DF-A508-4AE2DFD72085} - c:\program files (x86)\DivX\DivX Plus Web Player\firefox\wpa

FF - Ext: Freemake Video Converter Plugin: [email protected] - c:\program files (x86)\Freemake\Freemake Video Converter\BrowserPlugin\Firefox

FF - Ext: Yahoo! Toolbar: {635abd67-4fe9-1b23-4f01-e679fa7484c1} - %profile%\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}

FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}

FF - user.js: yahoo.homepage.dontask - true

.

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\vsdatant]

"ImagePath"=""

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10a.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\LocalServer32]

@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10a.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10a.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.10"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10a.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10a.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10a.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}]

@Denied: (A 2) (Everyone)

@="IFlashBroker2"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]

@Denied: (A 2) (Everyone)

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]

@="Shockwave Flash"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]

@Denied: (A 2) (Everyone)

@=""

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]

@="FlashBroker"

.

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Classes]

"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,

00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\

.

------------------------ Other Running Processes ------------------------

.

c:\program files (x86)\Sygate\SPF\smc.exe

c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe

c:\program files (x86)\Bonjour\mDNSResponder.exe

c:\programdata\SingleClick Systems\Advanced Networking Service\hnm_svc.exe

c:\program files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe

c:\program files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe

c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

.

**************************************************************************

.

Completion time: 2011-08-15 12:34:18 - machine was rebooted

ComboFix-quarantined-files.txt 2011-08-15 16:34

ComboFix2.txt 2011-08-12 02:53

.

Pre-Run: 156,097,400,832 bytes free

Post-Run: 156,472,926,208 bytes free

.

- - End Of File - - 751D561E63B35B86CA5BB7138C10ADAF

Edited by cutloop

Share this post


Link to post
Share on other sites

Results of screen317's Security Check version 0.99.7

Windows Vista (UAC is enabled)

Out of date service pack!!

Internet Explorer 7 Out of date!

``````````````````````````````

Antivirus/Firewall Check:

Windows Firewall Enabled!

ESET Online Scanner v3

Sygate Personal Firewall

WMI entry may not exist for antivirus; attempting automatic update.

```````````````````````````````

Anti-malware/Other Utilities Check:

Malwarebytes' Anti-Malware

Java 6 Update 18

Out of date Java installed!

Adobe Flash Player 10.2.159.1

Adobe Reader 9.4.5

Out of date Adobe Reader installed!

Mozilla Thunderbird (3.1.11) Thunderbird Out of Date!

````````````````````````````````

Process Check:

objlist.exe by Laurent

Windows Defender MSMpEng.exe

Spybot Teatimer.exe is disabled!

Microsoft Security Essentials msseces.exe

Microsoft Security Client Antimalware MsMpEng.exe

Microsoft Security Client Antimalware NisSrv.exe

``````````End of Log````````````

Share this post


Link to post
Share on other sites

Let’s get some files analyzed at VirusTotal

 

First, need to View Hidden Files and Folders

 

Next, in Virus Total, submit each of the following files, one at a time:

 

c:\programdata\stnj.exe
c:\programdata\ijpj.exe
c:\programdata\gmfj.exe
c:\programdata\dnof.exe

 

Use the 'Browse' button to navigate to the location of each file

 

Click on a file, and then click the 'Open' button.

The file is now displayed in the Submit Box.

 

Scroll down and click 'Send File', and wait for the results.

 

If you get a message saying: 'File has already been analyzed', click 'Reanalyze file now'

 

Once scanned, please provide the link to the results page for each file in your reply.

Edited by Aaflac

Share this post


Link to post
Share on other sites

cutloop,

 

Sorry for the delay...

 

Somehow, it is not showing the correct file names. It shows 1.txt, 2.txt, etc...

 

Anyway, we will press on.

 

Need to go out for a while, and will be back with further instructions.

 

Thanks for your patience!

Edited by Aaflac

Share this post


Link to post
Share on other sites

NP

I saved each one to notepad and named them that. Thats the only way i could browse for them to upload.

Sorry!!

Edited by cutloop

Share this post


Link to post
Share on other sites

Here we go…

 

Once again, open Notepad and copy/paste the text in the code box below into it:

 

File::
c:\programdata\stnj.exe
c:\programdata\ijpj.exe
c:\programdata\gmfj.exe
c:\programdata\dnof.exe
c:\programdata\wils.exe
c:\programdata\nbej.exe
c:\programdata\gobs.exe
c:\programdata\edwa.exe
c:\programdata\qxjt.exe
c:\programdata\mqdb.exe
c:\programdata\kpno.exe
c:\programdata\elmo.exe
c:\programdata\tklb.exe
c:\programdata\hhlg.exe
c:\programdata\dych.exe

Save as CFScript.txt

 

 

Posted Image

 

Referring to the picture above, drag CFScript.txt into ComboFix.exe

 

When finished, it produces a log.

 

Please post the new ComboFix log in your reply.

Share this post


Link to post
Share on other sites

ComboFix 11-08-18.03 - richie 08/18/2011 21:47:47.3.2 - x64

Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.4084.1952 [GMT -4:00]

Running from: c:\users\richie\Desktop\ComboFix.exe

Command switches used :: c:\users\richie\Desktop\CFScript.txt

AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}

SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

FILE ::

"c:\programdata\dnof.exe"

"c:\programdata\dych.exe"

"c:\programdata\edwa.exe"

"c:\programdata\elmo.exe"

"c:\programdata\gmfj.exe"

"c:\programdata\gobs.exe"

"c:\programdata\hhlg.exe"

"c:\programdata\ijpj.exe"

"c:\programdata\kpno.exe"

"c:\programdata\mqdb.exe"

"c:\programdata\nbej.exe"

"c:\programdata\qxjt.exe"

"c:\programdata\stnj.exe"

"c:\programdata\tklb.exe"

"c:\programdata\wils.exe"

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\programdata\dnof.exe

c:\programdata\dych.exe

c:\programdata\edwa.exe

c:\programdata\elmo.exe

c:\programdata\gmfj.exe

c:\programdata\gobs.exe

c:\programdata\hhlg.exe

c:\programdata\ijpj.exe

c:\programdata\kpno.exe

c:\programdata\mqdb.exe

c:\programdata\nbej.exe

c:\programdata\qxjt.exe

c:\programdata\stnj.exe

c:\programdata\tklb.exe

c:\programdata\wils.exe

.

.

((((((((((((((((((((((((( Files Created from 2011-07-19 to 2011-08-19 )))))))))))))))))))))))))))))))

.

.

2011-08-19 01:52 . 2011-08-19 01:54 -------- d-----w- c:\users\richie\AppData\Local\temp

2011-08-19 01:52 . 2011-08-19 01:52 -------- d-----w- c:\users\Default\AppData\Local\temp

2011-08-18 19:40 . 2011-08-12 04:10 8862544 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{72A352E7-74F5-4F94-99BF-1706F01D8E1A}\mpengine.dll

2011-08-13 22:43 . 2011-08-13 22:43 -------- d-----w- c:\programdata\Kaspersky Lab

2011-08-13 02:49 . 2011-01-31 14:24 601424 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{24951914-FC70-480D-A877-31A8DF73B75E}\gapaengine.dll

2011-08-12 19:09 . 2011-08-12 19:09 -------- d-----w- c:\program files (x86)\ESET

2011-08-12 01:04 . 2011-08-12 01:04 -------- d-----w- c:\users\richie\AppData\Local\Opera

2011-08-12 01:04 . 2011-08-12 01:04 -------- d-----w- c:\program files (x86)\Opera

2011-08-11 03:30 . 2011-08-11 03:30 -------- d-----w- c:\programdata\Freemake

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-08-12 04:10 . 2009-11-23 16:38 8862544 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2011-07-06 23:52 . 2009-07-16 13:59 25912 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-07-06 23:52 . 2009-03-11 00:16 41272 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys

.

.

((((((((((((((((((((((((((((( [email protected]_02.42.46 )))))))))))))))))))))))))))))))))))))))))

.

+ 2008-01-21 03:20 . 2011-08-19 01:53 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2008-01-21 03:20 . 2011-08-12 02:42 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2011-08-15 16:41 . 2011-08-19 01:53 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

- 2008-01-21 03:20 . 2011-08-12 02:42 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

- 2008-01-21 03:20 . 2011-08-12 02:42 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2008-01-21 03:20 . 2011-08-19 01:53 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2008-01-21 02:23 . 2011-08-15 19:36 56858 c:\windows\system32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin

+ 2006-11-02 15:45 . 2011-08-15 19:36 72678 c:\windows\system32\WDI\BootPerformanceDiagnostics_SystemData.bin

+ 2009-03-10 19:35 . 2011-08-15 19:36 10720 c:\windows\system32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3742679786-2105395673-3587602292-1000_UserData.bin

- 2009-03-10 18:53 . 2011-08-11 14:48 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2009-03-10 18:53 . 2011-08-16 10:31 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2009-03-10 18:53 . 2011-08-11 14:48 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

+ 2009-03-10 18:53 . 2011-08-16 10:31 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

- 2009-03-10 18:53 . 2011-08-11 14:48 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2009-03-10 18:53 . 2011-08-16 10:31 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

- 2009-12-17 16:06 . 2011-08-11 14:49 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2009-12-17 16:06 . 2011-08-19 01:54 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2009-12-17 16:06 . 2011-08-11 14:49 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

+ 2009-12-17 16:06 . 2011-08-19 01:54 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

- 2009-12-17 16:06 . 2011-08-11 14:49 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2009-12-17 16:06 . 2011-08-19 01:54 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2009-12-17 16:06 . 2011-08-15 19:34 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2009-12-17 16:06 . 2011-08-11 14:48 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2009-12-17 16:06 . 2011-08-15 19:34 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

- 2009-12-17 16:06 . 2011-08-11 14:48 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2009-03-13 20:12 . 2011-08-15 16:28 3514 c:\windows\system32\WDI\ERCQueuedResolutions.dat

+ 2011-08-19 01:53 . 2011-08-19 01:53 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

- 2011-08-12 02:41 . 2011-08-12 02:41 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

+ 2011-08-19 01:53 . 2011-08-19 01:53 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

- 2011-08-12 02:41 . 2011-08-12 02:41 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-21 1555968]

"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 138240]

"cdloader"="c:\users\richie\AppData\Roaming\mjusbsp\cdloader2.exe" [2011-05-16 50592]

"SUPERAntiSpyware"="c:\program files (x86)\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-10-13 2000112]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-06-08 37296]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]

"Monitor"="c:\program files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe" [2010-11-19 193880]

"DivX Download Manager"="c:\program files (x86)\DivX\DivX Plus Web Player\DDmService.exe" [2010-12-08 63360]

"Conime"="c:\windows\system32\conime.exe" [2008-01-21 69120]

"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-03-21 1230704]

"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888]

.

c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2008-9-24 1295656]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

.

[hkey_local_machine\software\Wow6432Node\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files (x86)\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

2009-09-03 19:21 548352 ----a-w- c:\program files (x86)\SUPERAntiSpyware\SASWINLO.dll

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

.

R1 SASDIFSV;SASDIFSV;c:\program files (x86)\SUPERAntiSpyware\SASDIFSV.SYS [2009-10-13 9968]

R1 SASKUTIL;SASKUTIL;c:\program files (x86)\SUPERAntiSpyware\SASKUTIL.sys [2009-10-13 74480]

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R3 Leapfrog-USBLAN;Leapfrog-USBLAN;c:\windows\system32\DRIVERS\btblan.sys [x]

R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [x]

R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]

R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2010-11-11 282616]

R3 SASENUM;SASENUM;c:\program files (x86)\SUPERAntiSpyware\SASENUM.SYS [2009-10-13 7408]

R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 1020768]

S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]

S2 AERTFilters;Andrea RT Filters Service;c:\windows\system32\AERTSr64.exe [x]

S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2008-09-24 155648]

S2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;c:\program files (x86)\Kodak\AiO\Center\ekdiscovery.exe [2010-09-13 308656]

S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]

.

.

.

--------- x86-64 -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RtHDVCpl"="RAVCpl64.exe" [2008-07-28 6431232]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-09-17 151064]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-09-17 208920]

"Persistence"="c:\windows\system32\igfxpers.exe" [2008-09-17 176152]

"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2010-11-30 1436224]

"EKIJ5000StatusMonitor"="c:\windows\system32\spool\DRIVERS\x64\3\EKIJ5000MUI.exe" [2010-09-02 2045440]

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = hxxp://my.yahoo.com/

mLocal Page = %SystemRoot%\system32\blank.htm

TCP: DhcpNameServer = 192.168.0.1

CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll

FF - ProfilePath - c:\users\richie\AppData\Roaming\Mozilla\Firefox\Profiles\3zfettwr.default\

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - hxxp://my.yahoo.com/

FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q=

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension

FF - Ext: DivX Plus Web Player HTML5 <video>: {23fcfd51-4958-4f00-80a3-ae97e717ed8b} - c:\program files (x86)\DivX\DivX Plus Web Player\firefox\html5video

FF - Ext: DivX HiQ: {6904342A-8307-11DF-A508-4AE2DFD72085} - c:\program files (x86)\DivX\DivX Plus Web Player\firefox\wpa

FF - Ext: Freemake Video Converter Plugin: [email protected] - c:\program files (x86)\Freemake\Freemake Video Converter\BrowserPlugin\Firefox

FF - Ext: Yahoo! Toolbar: {635abd67-4fe9-1b23-4f01-e679fa7484c1} - %profile%\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}

FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}

FF - user.js: yahoo.homepage.dontask - true

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10a.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\LocalServer32]

@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10a.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10a.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.10"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10a.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10a.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10a.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}]

@Denied: (A 2) (Everyone)

@="IFlashBroker2"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]

@Denied: (A 2) (Everyone)

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]

@="Shockwave Flash"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]

@Denied: (A 2) (Everyone)

@=""

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]

@="FlashBroker"

.

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Classes]

"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,

00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\

.

------------------------ Other Running Processes ------------------------

.

c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe

c:\program files (x86)\Bonjour\mDNSResponder.exe

c:\programdata\SingleClick Systems\Advanced Networking Service\hnm_svc.exe

c:\program files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe

c:\program files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe

c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

.

**************************************************************************

.

Completion time: 2011-08-18 21:58:47 - machine was rebooted

ComboFix-quarantined-files.txt 2011-08-19 01:58

ComboFix2.txt 2011-08-15 16:34

ComboFix3.txt 2011-08-12 02:53

.

Pre-Run: 157,638,930,432 bytes free

Post-Run: 157,513,400,320 bytes free

.

- - End Of File - - CD71B9E5E1E112038309574BB198FE79

Share this post


Link to post
Share on other sites

Some maintenance tasks:

 

Please take care of the out of date service pack!!

and updating Internet Explorer 7:

 

How to obtain the latest Windows Vista service pack

http://support.microsoft.com/kb/935791

 

~~~~

There is also an out of date Java installed!

 

Please verify the version of Java you have installed.

http://www.java.com/en/download/installed.jsp

 

If your version of Java is outdated, it needs to be updated to eliminate security vulnerabilities.

 

When done, uninstall older versions:

http://www.java.com/en/download/uninstall.jsp

 

Also update the following:

 

>>Mozilla Thunderbird (3.1.11) Thunderbird Out of Date!

 

 

~~~~

Some suggestions to improve computer performance:

 

Slow PC? Optimize your computer for peak performance

http://www.microsoft.com/athome/moredone/optimize.mspx

 

Speed up your PC: Automate your computer maintenance schedule

http://www.microsoft.com/athome/moredone/maintenance.mspx

 

 

Good luck, cutloop!!

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.
Sign in to follow this  

×
×
  • Create New...