gazzer77's Content - Malwarebytes Forums

My MBAM Log ,

gazzer77 replied to gazzer77's topic in Resolved Malware Removal Logs

i know it's no much , I will try to send more next month

My MBAM Log ,

gazzer77 replied to gazzer77's topic in Resolved Malware Removal Logs

I thank you very much for your great help. I will do something i get some money this morning. but i realy don't have much. .

My MBAM Log ,

gazzer77 replied to gazzer77's topic in Resolved Malware Removal Logs

ok the eset scan . C:\Qoobox\Quarantine\C\Users\G\AppData\Roaming\qupup.dll.vir a variant of Win32/Medfos.HK trojan C:\Qoobox\Quarantine\C\Users\G\AppData\Roaming\spavc.dll.vir a variant of Win32/Medfos.HK trojan

My MBAM Log ,

gazzer77 replied to gazzer77's topic in Resolved Malware Removal Logs

ok i reinstalled the programs BitTorrent ,FrostWire 5.5.1,,,Java 7 Update 7 then i uninstalled using revo so i didn't know how else to remove the regit intries or all traces of the programs if that's posable. i'm curently donwnload eset online def. and will do the scan shortly. meantime here is the hijack log , i ran it as per your instructions . thanks G Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 7:10:57 PM, on 1/2/2013 Platform: Windows Vista SP2 (WinNT 6.00.1906) MSIE: Internet Explorer v9.00 (9.00.8112.16457) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Microsoft Security Client\msseces.exe C:\Program Files\Real\RealPlayer\Update\realsched.exe C:\Windows\System32\DeltaIITray.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\DllHost.exe C:\Windows\System32\notepad.exe C:\Windows\system32\SearchFilterHost.exe C:\Users\G\Desktop\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) R3 - URLSearchHook: (no name) - - (no file) R3 - URLSearchHook: (no name) - {b6ac5e3c-5ceb-4e72-b451-f0e1ba983c14} - (no file) O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll O2 - BHO: (no name) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - (no file) O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll O3 - Toolbar: (no name) - {b6ac5e3c-5ceb-4e72-b451-f0e1ba983c14} - (no file) O4 - HKLM\..\Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey O4 - HKLM\..\Run: [TkBellExe] "c:\program files\real\realplayer\Update\realsched.exe" -osboot O4 - HKLM\..\Run: [M-Audio Taskbar Icon] C:\Windows\system32\DeltaIITray.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe O4 - HKCU\..\Run: [bitTorrent] "C:\Program Files\BitTorrent\BitTorrent.exe" /MINIMIZED O9 - Extra button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files\Windows Live\Companion\companioncore.dll O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} (GMNRev Class) - http://h20614.www2.hp.com/ediags/gmd/Install/Cab/hpdetect119b.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Acer\Empowering Technology\eMode\PCM\Kernel\TV\CLCapSvc.exe O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Acer\Empowering Technology\eMode\PCM\Kernel\TV\CLSched.exe O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing) O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe O23 - Service: RealNetworks Downloader Resolver Service - Unknown owner - C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe -- End of file - 7019 bytes

My MBAM Log ,

gazzer77 replied to gazzer77's topic in Resolved Malware Removal Logs

hold off i did not run a adminstrator the hijack program, please here is the right hijack report. Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 3:30:20 PM, on 1/2/2013 Platform: Windows Vista SP2 (WinNT 6.00.1906) MSIE: Internet Explorer v9.00 (9.00.8112.16457) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Microsoft Security Client\msseces.exe C:\Program Files\Real\RealPlayer\Update\realsched.exe C:\Windows\System32\DeltaIITray.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Windows\system32\taskeng.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Windows\system32\Macromed\Flash\FlashUtil32_11_5_502_135_ActiveX.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Windows\System32\notepad.exe C:\Users\G\Downloads\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) R3 - URLSearchHook: (no name) - - (no file) O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll O2 - BHO: (no name) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - (no file) O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll O4 - HKLM\..\Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey O4 - HKLM\..\Run: [TkBellExe] "c:\program files\real\realplayer\Update\realsched.exe" -osboot O4 - HKLM\..\Run: [M-Audio Taskbar Icon] C:\Windows\system32\DeltaIITray.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe O9 - Extra button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files\Windows Live\Companion\companioncore.dll O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} (GMNRev Class) - http://h20614.www2.hp.com/ediags/gmd/Install/Cab/hpdetect119b.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Acer\Empowering Technology\eMode\PCM\Kernel\TV\CLCapSvc.exe O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Acer\Empowering Technology\eMode\PCM\Kernel\TV\CLSched.exe O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing) O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe O23 - Service: RealNetworks Downloader Resolver Service - Unknown owner - C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe -- End of file - 6915 bytes

My MBAM Log ,

gazzer77 replied to gazzer77's topic in Resolved Malware Removal Logs

Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 3:23:47 PM, on 1/2/2013 Platform: Windows Vista SP2 (WinNT 6.00.1906) MSIE: Internet Explorer v9.00 (9.00.8112.16457) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Microsoft Security Client\msseces.exe C:\Program Files\Real\RealPlayer\Update\realsched.exe C:\Windows\System32\DeltaIITray.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Windows\system32\taskeng.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Windows\system32\Macromed\Flash\FlashUtil32_11_5_502_135_ActiveX.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Users\G\Downloads\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) R3 - URLSearchHook: (no name) - - (no file) O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll O2 - BHO: (no name) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - (no file) O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll O4 - HKLM\..\Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey O4 - HKLM\..\Run: [TkBellExe] "c:\program files\real\realplayer\Update\realsched.exe" -osboot O4 - HKLM\..\Run: [M-Audio Taskbar Icon] C:\Windows\system32\DeltaIITray.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe O9 - Extra button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files\Windows Live\Companion\companioncore.dll O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} (GMNRev Class) - http://h20614.www2.hp.com/ediags/gmd/Install/Cab/hpdetect119b.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Acer\Empowering Technology\eMode\PCM\Kernel\TV\CLCapSvc.exe O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Acer\Empowering Technology\eMode\PCM\Kernel\TV\CLSched.exe O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing) O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe O23 - Service: RealNetworks Downloader Resolver Service - Unknown owner - C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe -- End of file - 6882 bytes

My MBAM Log ,

gazzer77 replied to gazzer77's topic in Resolved Malware Removal Logs

Malwarebytes Anti-Malware 1.70.0.1100 www.malwarebytes.org Database version: v2013.01.02.08 Windows Vista Service Pack 2 x86 NTFS Internet Explorer 9.0.8112.16421 G :: G-PC [administrator] 1/2/2013 3:02:17 PM mbam-log-2013-01-02 (15-02-17).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 231367 Time elapsed: 9 minute(s), 26 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end)

My MBAM Log ,

gazzer77 replied to gazzer77's topic in Resolved Malware Removal Logs

damn i didn't read the whole post before i uninstalled the programs without revo sorry what now? thanks again

My MBAM Log ,

gazzer77 replied to gazzer77's topic in Resolved Malware Removal Logs

32 Bit HP CIO Components Installer Acer eMode Management Acer Registration Adobe Flash Player 11 ActiveX Adobe Photoshop 6.0 Adobe Reader X (10.1.4) Adobe SVG Viewer AIO_CDA_ProductContext AIO_CDA_Software AIO_CDB_Software AIO_Scan BitTorrent BufferChm C3100 c3100_Help Canon MP240 series MP Drivers Canon My Printer Copy CustomerResearchQFolder D3DX10 Delta Destinations DivX Setup DocProc DocProcQFolder eSupportQFolder Fax FrostWire 5.5.1 Google Earth Google Update Helper Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484) HP Customer Participation Program 8.0 HP Imaging Device Functions 8.0 HP OCR Software 8.0 HP Photosmart Essential HP Photosmart, Officejet, PSC and Deskjet All-In-One Driver Software 8.0.B HP Photosmart.All-In-One Driver Software 8.0 .A HP Product Assistant HP Product Detection HP Solution Center 8.0 HP Update HPProductAssistant HPSSupply Java 7 Update 7 Java Auto Updater Junk Mail filter update LightScribe 1.4.124.1 Malwarebytes Anti-Malware version 1.70.0.1100 MarketResearch Mesh Runtime Messenger Companion Microsoft .NET Framework 3.5 SP1 Microsoft .NET Framework 4 Client Profile Microsoft Application Error Reporting Microsoft Office 2000 Premium Microsoft Security Client Microsoft Security Essentials Microsoft Silverlight Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 Microsoft Word 2000 SR-1 Microsoft Works 6.0 Microsoft Works Suite Add-in for Microsoft Word MSVCRT MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) Nero 7 Ultra Edition neroxml NTI Backup NOW! 4.7 NTI CD & DVD-Maker NVIDIA Drivers PowerProducer RealDownloader RealNetworks - Microsoft Visual C++ 2008 Runtime RealNetworks - Microsoft Visual C++ 2010 Runtime Realtek High Definition Audio Driver RealUpgrade 1.1 Scan Security Update for CAPICOM (KB931906) Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111) Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424) Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405) Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827) Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449) Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019) Segoe UI Skype™ 6.0 SolutionCenter SONAR X1 Producer Status Toolbox TrayApp UnloadSupport Update for Microsoft .NET Framework 3.5 SP1 (KB963707) Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) VC80CRTRedist - 8.0.50727.6195 WebReg Windows Live Communications Platform Windows Live Essentials Windows Live Family Safety Windows Live ID Sign-in Assistant Windows Live Installer Windows Live Mail Windows Live Mesh Windows Live Mesh ActiveX Control for Remote Connections Windows Live Messenger Windows Live Messenger Companion Core Windows Live MIME IFilter Windows Live Movie Maker Windows Live Photo Common Windows Live Photo Gallery Windows Live PIMT Platform Windows Live Remote Client Windows Live Remote Client Resources Windows Live Remote Service Windows Live Remote Service Resources Windows Live SOXE Windows Live SOXE Definitions Windows Live UX Platform Windows Live UX Platform Language Pack Windows Live Writer Windows Live Writer Resources WinRAR 4.00 (32-bit) Works Suite OS Pack Works Synchronization

My MBAM Log ,

gazzer77 replied to gazzer77's topic in Resolved Malware Removal Logs

RogueKiller V8.4.2 [Dec 31 2012] by Tigzy mail : tigzyRK<at>gmail<dot>com Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/ Website : http://tigzy.geekstogo.com/roguekiller.php Blog : http://tigzyrk.blogspot.com/ Operating System : Windows Vista (6.0.6002 Service Pack 2) 32 bits version Started in : Normal mode User : G [Admin rights] Mode : Scan -- Date : 01/02/2013 00:37:37 ¤¤¤ Bad processes : 1 ¤¤¤ [sUSP PATH] adwcleaner.exe -- C:\Users\G\Desktop\adwcleaner.exe -> KILLED [TermProc] ¤¤¤ Registry Entries : 5 ¤¤¤ [TASK][ROGUE ST] 0 : c:\program files\internet explorer\iexplore.exe -> FOUND [TASK][ROGUE ST] 4252 : wscript.exe C:\Users\G\AppData\Local\Temp\launchie.vbs //B -> FOUND [HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [LOADED] ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ --> C:\Windows\system32\drivers\etc\hosts 127.0.0.1 localhost ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: WDC WD16 00JS-22NCB1 SCSI Disk Device +++++ --- User --- [MBR] cd9df49a3e1b5786913ed5427629d905 [bSP] a19c07e5f7d009c359e91676307d0273 : Windows Vista MBR Code Partition table: 0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 63 | Size: 6997 Mo 1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 14329980 | Size: 72990 Mo 2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 163814805 | Size: 72637 Mo User = LL1 ... OK! Error reading LL2 MBR! Finished : << RKreport[1]_S_01022013_02d0037.txt >> RKreport[1]_S_01022013_02d0037.txt RogueKiller V8.4.2 [Dec 31 2012] by Tigzy mail : tigzyRK<at>gmail<dot>com Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/ Website : http://tigzy.geekstogo.com/roguekiller.php Blog : http://tigzyrk.blogspot.com/ Operating System : Windows Vista (6.0.6002 Service Pack 2) 32 bits version Started in : Normal mode User : G [Admin rights] Mode : Remove -- Date : 01/02/2013 00:38:15 ¤¤¤ Bad processes : 1 ¤¤¤ [sUSP PATH] adwcleaner.exe -- C:\Users\G\Desktop\adwcleaner.exe -> KILLED [TermProc] ¤¤¤ Registry Entries : 5 ¤¤¤ [TASK][ROGUE ST] 0 : c:\program files\internet explorer\iexplore.exe -> DELETED [TASK][ROGUE ST] 4252 : wscript.exe C:\Users\G\AppData\Local\Temp\launchie.vbs //B -> DELETED [HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> DELETED [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0) [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0) ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [LOADED] ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ --> C:\Windows\system32\drivers\etc\hosts 127.0.0.1 localhost ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: WDC WD16 00JS-22NCB1 SCSI Disk Device +++++ --- User --- [MBR] cd9df49a3e1b5786913ed5427629d905 [bSP] a19c07e5f7d009c359e91676307d0273 : Windows Vista MBR Code Partition table: 0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 63 | Size: 6997 Mo 1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 14329980 | Size: 72990 Mo 2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 163814805 | Size: 72637 Mo User = LL1 ... OK! Error reading LL2 MBR! Finished : << RKreport[2]_D_01022013_02d0038.txt >> RKreport[1]_S_01022013_02d0037.txt ; RKreport[2]_D_01022013_02d0038.txt

My MBAM Log ,

gazzer77 replied to gazzer77's topic in Resolved Malware Removal Logs

# AdwCleaner v2.104 - Logfile created 01/02/2013 at 00:34:09 # Updated 29/12/2012 by Xplode # Operating system : Windows Vista Home Basic Service Pack 2 (32 bits) # User : G - G-PC # Boot Mode : Normal # Running from : C:\Users\G\Desktop\adwcleaner.exe # Option [search] ***** [services] ***** ***** [Files / Folders] ***** File Found : C:\Users\G\AppData\Local\funmoods-speeddial.crx Folder Found : C:\Program Files\1ClickDownload Folder Found : C:\Program Files\Conduit Folder Found : C:\ProgramData\Babylon Folder Found : C:\ProgramData\Tarma Installer Folder Found : C:\Users\G\AppData\Local\Conduit Folder Found : C:\Users\G\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpglkicenollcignonpgiafdgfeehoj Folder Found : C:\Users\G\AppData\Local\Google\Chrome\User Data\Default\Extensions\dknkjnkhedbanphkkpbpcgoblmkbfhlf Folder Found : C:\Users\G\AppData\LocalLow\Conduit Folder Found : C:\Users\G\AppData\RoaminG\Babylon ***** [Registry] ***** Key Found : HKCU\Software\1ClickDownload Key Found : HKCU\Software\APN PIP Key Found : HKCU\Software\AppDataLow\Software\Conduit Key Found : HKCU\Software\AppDataLow\Software\ConduitSearchScopes Key Found : HKCU\Software\AppDataLow\Software\SmartBar Key Found : HKCU\Software\Conduit Key Found : HKCU\Software\Google\Chrome\Extensions\dknkjnkhedbanphkkpbpcgoblmkbfhlf Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE} Key Found : HKCU\Software\SweetIM Key Found : HKLM\Software\Babylon Key Found : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826} Key Found : HKLM\SOFTWARE\Classes\AppID\{960DF771-CFCB-4E53-A5B5-6EF2BBE6E706} Key Found : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB} Key Found : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C} Key Found : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1} Key Found : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D} Key Found : HKLM\SOFTWARE\Classes\FCTB000100683.FCTB000100683Pos Key Found : HKLM\SOFTWARE\Classes\FCTB000100683.FCTB000100683Pos.1 Key Found : HKLM\SOFTWARE\Classes\FCTB000100683.IEToolbar Key Found : HKLM\SOFTWARE\Classes\FCTB000100683.IEToolbar.1 Key Found : HKLM\SOFTWARE\Classes\FCTB000100683.JSOptionsImpl Key Found : HKLM\SOFTWARE\Classes\FCTB000100683.JSOptionsImpl.1 Key Found : HKLM\SOFTWARE\Classes\Interface\{23C70BCA-6E23-4A65-AD2E-1389062074F1} Key Found : HKLM\SOFTWARE\Classes\Interface\{23D8EEF7-0E13-4000-B9C4-6603C1E912D1} Key Found : HKLM\SOFTWARE\Classes\Interface\{295CACB4-51F5-46FD-914E-C72BAAE1B672} Key Found : HKLM\SOFTWARE\Classes\Interface\{2CE5C4B9-6DBE-4528-96FA-C9FF38EF1762} Key Found : HKLM\SOFTWARE\Classes\Interface\{34C1FDF7-02C1-4F23-B393-F48B16E071D1} Key Found : HKLM\SOFTWARE\Classes\Interface\{54291324-7A3D-4F11-B707-3FB6A2C97BD9} Key Found : HKLM\SOFTWARE\Classes\Interface\{59C63F11-D4E5-46E7-9B8A-EE158DCA83A8} Key Found : HKLM\SOFTWARE\Classes\Interface\{5DA22CBD-0029-4A09-B757-CF0FAFC488ED} Key Found : HKLM\SOFTWARE\Classes\Interface\{77A6E7D4-4A83-4A9B-A2A0-EF3B125DC29D} Key Found : HKLM\SOFTWARE\Classes\Interface\{C0585B2F-74D7-4734-88DE-6C150C5D4036} Key Found : HKLM\SOFTWARE\Classes\Interface\{CA17D76B-F91D-4659-A7FD-A9F7ED375CDD} Key Found : HKLM\SOFTWARE\Classes\Interface\{D8242E89-2F81-484A-AE5B-BA8CAD5B7347} Key Found : HKLM\SOFTWARE\Classes\Interface\{EF0588D6-1621-4A75-B8BE-F4BC34794136} Key Found : HKLM\SOFTWARE\Classes\Prod.cap Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT3225826 Key Found : HKLM\Software\Conduit Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\dknkjnkhedbanphkkpbpcgoblmkbfhlf Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\pmlghpafmmnmmkjdhacccolfgnkiboco Key Found : HKLM\Software\Iminent Key Found : HKLM\Software\PIP Key Found : HKLM\Software\SweetIM Key Found : HKU\S-1-5-21-633011263-2948650064-3403545423-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9} ***** [internet Browsers] ***** -\\ Internet Explorer v9.0.8112.16457 [HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls - Tabs] = hxxp://start.funmoods.com/?f=2&a=nv1&chnl=nv1&cd=2XzuyEtN2Y1L1QzutDtDtCzytBtC0EyBtB0A0D0BtDyCtC0EtN0D0Tzu0CtByCzztN1L2XzutBtFtCtFtCtFtAtCtB&cr=1065031074 -\\ Google Chrome v [unable to get version] File : C:\Users\G\AppData\Local\GooGle\Chrome\User Data\Default\Preferences [OK] File is clean. ************************* AdwCleaner[R3].txt - [4645 octets] - [02/01/2013 00:34:09] ########## EOF - C:\AdwCleaner[R3].txt - [4705 octets] ##########

My MBAM Log ,

gazzer77 replied to gazzer77's topic in Resolved Malware Removal Logs

Hi i say happy new year too you. yes computer before i ran the script in combo , was not updateing security essentiale . took for ever ane never did. now iLl let you know after while. but in the mean time the compo report,. ComboFix 13-01-01.02 - G 01/01/2013 3:15.2.1 - x86 Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.1.1033.18.3327.1657 [GMT -5:00] Running from: c:\users\G\Desktop\malware programs\ComboFix.exe Command switches used :: c:\users\G\Desktop\CFScript.txt AV: Microsoft Security Essentials *Disabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C} SP: Microsoft Security Essentials *Disabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21} SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\programdata\SpeedyPC Software c:\users\G\AppData\Roaming\DriverCure c:\users\G\AppData\Roaming\DriverCure\LogFile.txt c:\users\G\AppData\Roaming\SpeedyPC Software . . --------------- FCopy --------------- . c:\windows\winsxs\x86_microsoft-windows-printing-spooler-core_31bf3856ad364e35_6.0.6002.22468_none_d882e000d7f61b4c\spoolsv.exe --> c:\windows\System32\spoolsv.exe . ((((((((((((((((((((((((( Files Created from 2012-12-01 to 2013-01-01 ))))))))))))))))))))))))))))))) . . 2013-01-01 08:22 . 2013-01-01 08:23 -------- d-----w- c:\users\G\AppData\Local\temp 2013-01-01 08:22 . 2013-01-01 08:22 -------- d-----w- c:\users\Jonathon Drake\AppData\Local\temp 2013-01-01 08:22 . 2013-01-01 08:22 -------- d-----w- c:\users\Default\AppData\Local\temp 2013-01-01 08:15 . 2010-08-17 14:20 128000 ----a-w- c:\windows\system32\spoolsv.exe 2013-01-01 00:51 . 2012-11-08 18:00 6812136 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{CA24EEB9-60AB-4D3E-B469-7744930BC2F9}\mpengine.dll 2013-01-01 00:00 . 2013-01-01 00:00 -------- d-----w- c:\program files\M-Audio Delta 2012-12-31 23:46 . 2012-11-08 18:00 6812136 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2012-12-31 14:09 . 2012-12-31 14:09 -------- d-----w- c:\programdata\WindowsSearch 2012-12-31 13:40 . 2012-12-31 13:40 -------- d-sh--w- c:\windows\system32\%APPDATA% 2012-12-31 13:19 . 2012-12-31 13:19 15616 ----a-w- c:\windows\system32\drivers\TrueSight.sys 2012-12-31 12:54 . 2012-12-31 12:54 -------- d-----w- C:\FRST 2012-12-30 19:54 . 2012-12-30 19:54 -------- d-----w- c:\windows\Sun 2012-12-30 08:37 . 2012-12-30 16:35 -------- d-----w- c:\windows\Microsoft Antimalware 2012-12-29 22:27 . 2012-12-29 22:27 -------- d-----w- c:\users\G\AppData\Roaming\RealNetworks 2012-12-29 22:25 . 2012-12-29 22:25 -------- d-----w- c:\program files\RealNetworks 2012-12-29 22:25 . 2012-12-29 22:25 -------- d-----w- c:\programdata\RealNetworks 2012-12-29 22:24 . 2012-12-29 22:24 -------- d-----w- c:\program files\Common Files\xing shared 2012-12-26 04:18 . 2012-12-30 01:28 -------- d-----w- c:\users\G\AppData\Roaming\Skype 2012-12-26 04:18 . 2012-12-26 04:18 -------- d-----w- c:\program files\Common Files\Skype 2012-12-26 04:17 . 2012-12-26 04:18 -------- d-----r- c:\program files\Skype 2012-12-26 04:17 . 2012-12-26 04:18 -------- d-----w- c:\programdata\Skype 2012-12-21 20:57 . 2012-12-21 20:57 -------- d-----w- c:\programdata\HP Product Assistant 2012-12-21 07:09 . 2012-12-16 13:12 34304 ----a-w- c:\windows\system32\atmlib.dll 2012-12-21 07:09 . 2012-12-16 10:50 293376 ----a-w- c:\windows\system32\atmfd.dll 2012-12-11 23:04 . 2012-07-26 02:46 9728 ----a-w- c:\windows\system32\Wdfres.dll 2012-12-11 23:03 . 2012-07-26 02:32 155136 ----a-w- c:\windows\system32\drivers\WUDFRd.sys 2012-12-11 23:03 . 2012-07-26 02:33 66560 ----a-w- c:\windows\system32\drivers\WUDFPf.sys 2012-12-11 23:03 . 2009-07-14 12:12 16896 ----a-w- c:\windows\system32\winusb.dll 2012-12-11 23:03 . 2012-07-26 03:20 73216 ----a-w- c:\windows\system32\WUDFSvc.dll 2012-12-11 23:03 . 2012-07-26 03:20 172032 ----a-w- c:\windows\system32\WUDFPlatform.dll 2012-12-11 23:03 . 2012-07-26 03:39 47720 ----a-w- c:\windows\system32\drivers\WdfLdr.sys 2012-12-11 23:03 . 2012-07-26 03:39 526952 ----a-w- c:\windows\system32\drivers\Wdf01000.sys 2012-12-11 23:03 . 2012-07-26 03:20 38912 ----a-w- c:\windows\system32\WUDFCoinstaller.dll 2012-12-11 23:03 . 2012-07-26 03:21 196608 ----a-w- c:\windows\system32\WUDFHost.exe 2012-12-11 23:03 . 2012-07-26 03:20 613888 ----a-w- c:\windows\system32\WUDFx.dll 2012-12-11 22:56 . 2012-11-13 01:29 2048 ----a-w- c:\windows\system32\tzres.dll 2012-12-11 22:56 . 2012-11-13 01:36 2048000 ----a-w- c:\windows\system32\win32k.sys 2012-12-11 22:56 . 2012-11-02 10:18 376320 ----a-w- c:\windows\system32\dpnet.dll 2012-12-11 22:56 . 2012-11-02 08:26 23040 ----a-w- c:\windows\system32\dpnsvr.exe 2012-12-11 22:56 . 2012-08-21 11:47 224640 ----a-w- c:\windows\system32\drivers\volsnap.sys 2012-12-07 23:34 . 2012-12-07 23:34 -------- d-----w- c:\program files\Canon 2012-12-07 22:05 . 2012-12-07 22:05 -------- d--h--w- c:\windows\system32\CanonIJ Uninstaller Information 2012-12-07 21:43 . 2012-12-07 21:43 -------- d--h--w- c:\programdata\CanonBJ 2012-12-07 21:42 . 2008-04-01 10:00 69632 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\CNMPP9H.DLL 2012-12-07 21:42 . 2008-04-01 10:00 27136 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\CNMPD9H.DLL 2012-12-07 21:42 . 2008-04-01 01:00 230912 ----a-w- c:\windows\system32\CNMLM9H.DLL . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-12-14 21:49 . 2012-08-23 01:59 21104 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-12-12 01:38 . 2012-08-22 22:45 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-12-12 01:38 . 2012-08-22 22:45 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Microsoft Works Update Detection"="c:\program files\Microsoft Works\WkDetect.exe" [2000-08-08 28739] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-09-12 947176] "TkBellExe"="c:\program files\real\realplayer\Update\realsched.exe" [2012-12-29 295072] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc] @="Service" . [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Gamma Loader.exe.lnk] path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.exe.lnk backup=c:\windows\pss\Adobe Gamma Loader.exe.lnk.CommonStartup backupExtension=.CommonStartup . [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk] path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk backup=c:\windows\pss\Adobe Reader Speed Launch.lnk.CommonStartup backupExtension=.CommonStartup . [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Empowering Technology Launcher.lnk] path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Empowering Technology Launcher.lnk backup=c:\windows\pss\Empowering Technology Launcher.lnk.CommonStartup backupExtension=.CommonStartup . [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk] path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup backupExtension=.CommonStartup . [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Microsoft Office.lnk] path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk backup=c:\windows\pss\Microsoft Office.lnk.CommonStartup backupExtension=.CommonStartup . [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Microsoft Works Calendar Reminders.lnk] path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Works Calendar Reminders.lnk backup=c:\windows\pss\Microsoft Works Calendar Reminders.lnk.CommonStartup backupExtension=.CommonStartup . [HKLM\~\startupfolder\C:^Users^G^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Acer Product Registration.lnk] path=c:\users\G\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Acer Product Registration.lnk backup=c:\windows\pss\Acer Product Registration.lnk.Startup backupExtension=.Startup . [HKLM\~\startupfolder\C:^Users^G^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^FrostWire On Startup.lnk] path=c:\users\G\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FrostWire On Startup.lnk backup=c:\windows\pss\FrostWire On Startup.lnk.Startup backupExtension=.Startup . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\?????????] ??????????????e [?] . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acer Empowering Technology Monitor] 2006-11-23 23:24 319488 ----a-w- c:\windows\System32\SysMonitor.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acer Product Registration] 2006-12-13 18:55 3166208 ----a-w- c:\program files\Acer Registration\ACE1.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM] 2012-07-27 20:51 919008 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DeltaIITaskbarApp] 2008-03-03 14:13 236040 ----a-w- c:\windows\System32\DeltaIITray.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXMediaServer] 2012-11-13 18:13 450560 ----a-w- c:\program files\DivX\DivX Media Server\DivXMediaServer.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate] 2012-11-30 02:06 1263512 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update] 2006-12-11 01:52 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\M-Audio Taskbar Icon] 2008-03-03 14:13 236040 ----a-w- c:\windows\System32\DeltaIITray.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Works Portfolio] 2000-08-08 20:00 311350 ----a-w- c:\program files\Microsoft Works\wkssb.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Works Update Detection] 2000-08-08 20:00 28739 ----a-w- c:\program files\Microsoft Works\WkDetect.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] 2008-05-28 12:27 570664 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon] 2008-06-20 07:04 13535776 ----a-w- c:\windows\System32\nvcpl.dll . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter] 2008-06-20 07:04 92704 ----a-w- c:\windows\System32\nvmctray.dll . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService] 2006-11-25 08:57 151552 ------w- c:\acer\Empowering Technology\eMode\PCM\PCMService.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl] 2006-12-01 13:37 4186112 ----a-w- c:\windows\RtHDVCpl.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar] 2009-04-11 06:28 1233920 ----a-w- c:\program files\Windows Sidebar\sidebar.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] 2012-07-03 13:04 252848 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe] 2012-12-29 22:23 295072 ----a-w- c:\program files\Real\RealPlayer\Update\realsched.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WindowsWelcomeCenter] 2009-04-11 06:28 2153472 ----a-w- c:\windows\System32\oobefldr.dll . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG] 2008-01-19 06:33 202240 ----a-w- c:\program files\Windows Media Player\wmpnscfg.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WorksFUD] 2000-08-08 20:00 24576 ----a-w- c:\program files\Microsoft Works\wkfud.exe . [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-] "Microsoft Works Update Detection"=c:\program files\Microsoft Works\WkDetect.exe "WMPNSCFG"=c:\program files\Windows Media Player\WMPNSCFG.exe . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc . Contents of the 'Scheduled Tasks' folder . 2013-01-01 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-22 01:38] . 2012-12-31 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2012-09-12 22:24] . 2013-01-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2012-09-12 22:24] . . ------- Supplementary Scan ------- . uStart Page = https://www.google.com/ uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7 uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com TCP: DhcpNameServer = 192.168.1.1 . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2013-01-01 03:23 Windows 6.0.6002 Service Pack 2 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\6e6a1780] "imagepath"="\??\c:\windows\TEMP\D69E.tmp" . Completion time: 2013-01-01 03:25:18 ComboFix-quarantined-files.txt 2013-01-01 08:25 ComboFix2.txt 2012-12-31 23:36 . Pre-Run: 28,297,682,944 bytes free Post-Run: 28,344,463,360 bytes free . - - End Of File - - 2C67BDD812D840174797D097D9638E79

My MBAM Log ,

gazzer77 replied to gazzer77's topic in Resolved Malware Removal Logs

the machine seems to be fine now.

My MBAM Log ,

gazzer77 replied to gazzer77's topic in Resolved Malware Removal Logs

ComboFix 12-12-31.01 - G 12/31/2012 18:20:19.1.1 - x86 Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.1.1033.18.3327.2227 [GMT -5:00] Running from: c:\users\G\Desktop\malware programs\ComboFix.exe AV: Microsoft Security Essentials *Disabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C} SP: Microsoft Security Essentials *Disabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21} SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\users\G\AppData\Roaming\qupup.dll c:\users\G\AppData\Roaming\skype.ini c:\users\G\AppData\Roaming\spavc.dll . . ((((((((((((((((((((((((( Files Created from 2012-11-28 to 2012-12-31 ))))))))))))))))))))))))))))))) . . 2012-12-31 23:28 . 2012-12-31 23:30 -------- d-----w- c:\users\G\AppData\Local\temp 2012-12-31 23:28 . 2012-12-31 23:28 -------- d-----w- c:\users\Jonathon Drake\AppData\Local\temp 2012-12-31 23:28 . 2012-12-31 23:28 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-12-31 22:14 . 2012-12-31 22:14 60872 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{232F868D-17CC-4523-BE6D-5CCF1DE44CE0}\offreg.dll 2012-12-31 22:10 . 2012-11-08 18:00 6812136 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{232F868D-17CC-4523-BE6D-5CCF1DE44CE0}\mpengine.dll 2012-12-31 14:09 . 2012-12-31 14:09 -------- d-----w- c:\programdata\WindowsSearch 2012-12-31 13:40 . 2012-12-31 13:40 -------- d-sh--w- c:\windows\system32\%APPDATA% 2012-12-31 13:19 . 2012-12-31 13:19 15616 ----a-w- c:\windows\system32\drivers\TrueSight.sys 2012-12-31 12:54 . 2012-12-31 12:54 -------- d-----w- C:\FRST 2012-12-31 05:54 . 2012-11-08 18:00 6812136 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2012-12-30 19:54 . 2012-12-30 19:54 -------- d-----w- c:\windows\Sun 2012-12-30 08:37 . 2012-12-30 16:35 -------- d-----w- c:\windows\Microsoft Antimalware 2012-12-29 22:27 . 2012-12-29 22:27 -------- d-----w- c:\users\G\AppData\Roaming\RealNetworks 2012-12-29 22:25 . 2012-12-29 22:25 -------- d-----w- c:\program files\RealNetworks 2012-12-29 22:25 . 2012-12-29 22:25 -------- d-----w- c:\programdata\RealNetworks 2012-12-29 22:24 . 2012-12-29 22:24 -------- d-----w- c:\program files\Common Files\xing shared 2012-12-26 04:18 . 2012-12-30 01:28 -------- d-----w- c:\users\G\AppData\Roaming\Skype 2012-12-26 04:18 . 2012-12-26 04:18 -------- d-----w- c:\program files\Common Files\Skype 2012-12-26 04:17 . 2012-12-26 04:18 -------- d-----r- c:\program files\Skype 2012-12-26 04:17 . 2012-12-26 04:18 -------- d-----w- c:\programdata\Skype 2012-12-21 20:57 . 2012-12-21 20:57 -------- d-----w- c:\programdata\HP Product Assistant 2012-12-21 07:09 . 2012-12-16 13:12 34304 ----a-w- c:\windows\system32\atmlib.dll 2012-12-21 07:09 . 2012-12-16 10:50 293376 ----a-w- c:\windows\system32\atmfd.dll 2012-12-11 23:04 . 2012-07-26 02:46 9728 ----a-w- c:\windows\system32\Wdfres.dll 2012-12-11 23:03 . 2012-07-26 02:32 155136 ----a-w- c:\windows\system32\drivers\WUDFRd.sys 2012-12-11 23:03 . 2012-07-26 02:33 66560 ----a-w- c:\windows\system32\drivers\WUDFPf.sys 2012-12-11 23:03 . 2009-07-14 12:12 16896 ----a-w- c:\windows\system32\winusb.dll 2012-12-11 23:03 . 2012-07-26 03:20 73216 ----a-w- c:\windows\system32\WUDFSvc.dll 2012-12-11 23:03 . 2012-07-26 03:20 172032 ----a-w- c:\windows\system32\WUDFPlatform.dll 2012-12-11 23:03 . 2012-07-26 03:39 47720 ----a-w- c:\windows\system32\drivers\WdfLdr.sys 2012-12-11 23:03 . 2012-07-26 03:39 526952 ----a-w- c:\windows\system32\drivers\Wdf01000.sys 2012-12-11 23:03 . 2012-07-26 03:20 38912 ----a-w- c:\windows\system32\WUDFCoinstaller.dll 2012-12-11 23:03 . 2012-07-26 03:21 196608 ----a-w- c:\windows\system32\WUDFHost.exe 2012-12-11 23:03 . 2012-07-26 03:20 613888 ----a-w- c:\windows\system32\WUDFx.dll 2012-12-11 22:56 . 2012-11-13 01:29 2048 ----a-w- c:\windows\system32\tzres.dll 2012-12-11 22:56 . 2012-11-13 01:36 2048000 ----a-w- c:\windows\system32\win32k.sys 2012-12-11 22:56 . 2012-11-02 10:18 376320 ----a-w- c:\windows\system32\dpnet.dll 2012-12-11 22:56 . 2012-11-02 08:26 23040 ----a-w- c:\windows\system32\dpnsvr.exe 2012-12-11 22:56 . 2012-08-21 11:47 224640 ----a-w- c:\windows\system32\drivers\volsnap.sys 2012-12-10 01:47 . 2012-12-10 01:47 -------- d-----w- c:\users\G\AppData\Roaming\SpeedyPC Software 2012-12-10 01:47 . 2012-12-10 01:47 -------- d-----w- c:\users\G\AppData\Roaming\DriverCure 2012-12-10 01:46 . 2012-12-11 04:31 -------- d-----w- c:\programdata\SpeedyPC Software 2012-12-07 23:34 . 2012-12-07 23:34 -------- d-----w- c:\program files\Canon 2012-12-07 22:05 . 2012-12-07 22:05 -------- d--h--w- c:\windows\system32\CanonIJ Uninstaller Information 2012-12-07 21:43 . 2012-12-07 21:43 -------- d--h--w- c:\programdata\CanonBJ 2012-12-07 21:42 . 2008-04-01 10:00 69632 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\CNMPP9H.DLL 2012-12-07 21:42 . 2008-04-01 10:00 27136 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\CNMPD9H.DLL 2012-12-07 21:42 . 2008-04-01 01:00 230912 ----a-w- c:\windows\system32\CNMLM9H.DLL . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-12-14 21:49 . 2012-08-23 01:59 21104 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-12-12 01:38 . 2012-08-22 22:45 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-12-12 01:38 . 2012-08-22 22:45 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe . . ------- Sigcheck ------- Note: Unsigned files aren't necessarily malware. . [7] 2010-08-17 . AAE98B295E88D439A6E0F6E8929424FB . 128000 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-printing-spooler-core_31bf3856ad364e35_6.0.6002.22468_none_d882e000d7f61b4c\spoolsv.exe [7] 2010-08-17 . 8554097E5136C3BF9F69FE578A1B35F4 . 128000 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-printing-spooler-core_31bf3856ad364e35_6.0.6002.18294_none_d7d4d063bef46cd2\spoolsv.exe [7] 2010-08-17 . 3665F79026A3F91FBCA63F2C65A09B19 . 126464 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-printing-spooler-core_31bf3856ad364e35_6.0.6001.18511_none_d641dcfdc18fec21\spoolsv.exe [7] 2010-08-17 . E807FC542C295BA256CE3567829E02A6 . 128000 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-printing-spooler-core_31bf3856ad364e35_6.0.6001.22743_none_d6ad0c7edac40f93\spoolsv.exe [7] 2009-04-11 . 524BFBEA40E6E404737CCBC754647A2E . 127488 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-printing-spooler-core_31bf3856ad364e35_6.0.6002.18005_none_d8371c2dbeaa9062\spoolsv.exe [7] 2008-01-19 . 846CDF9A3CF4DA9B306ADFB7D55EE4C2 . 125952 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-printing-spooler-core_31bf3856ad364e35_6.0.6001.18000_none_d64ba321c188c516\spoolsv.exe [7] 2006-11-02 . DA612EF2556776DF2630B68BF2D48935 . 124928 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-printing-spooler-core_31bf3856ad364e35_6.0.6000.16386_none_d414e125c49db442\spoolsv.exe . c:\windows\System32\spoolsv.exe ... is missing !! . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Microsoft Works Update Detection"="c:\program files\Microsoft Works\WkDetect.exe" [2000-08-08 28739] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-09-12 947176] "TkBellExe"="c:\program files\real\realplayer\Update\realsched.exe" [2012-12-29 295072] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "mixer1"=wdmaud.drv . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc] @="Service" . [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Gamma Loader.exe.lnk] path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.exe.lnk backup=c:\windows\pss\Adobe Gamma Loader.exe.lnk.CommonStartup backupExtension=.CommonStartup . [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk] path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk backup=c:\windows\pss\Adobe Reader Speed Launch.lnk.CommonStartup backupExtension=.CommonStartup . [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Empowering Technology Launcher.lnk] path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Empowering Technology Launcher.lnk backup=c:\windows\pss\Empowering Technology Launcher.lnk.CommonStartup backupExtension=.CommonStartup . [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk] path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup backupExtension=.CommonStartup . [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Microsoft Office.lnk] path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk backup=c:\windows\pss\Microsoft Office.lnk.CommonStartup backupExtension=.CommonStartup . [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Microsoft Works Calendar Reminders.lnk] path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Works Calendar Reminders.lnk backup=c:\windows\pss\Microsoft Works Calendar Reminders.lnk.CommonStartup backupExtension=.CommonStartup . [HKLM\~\startupfolder\C:^Users^G^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Acer Product Registration.lnk] path=c:\users\G\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Acer Product Registration.lnk backup=c:\windows\pss\Acer Product Registration.lnk.Startup backupExtension=.Startup . [HKLM\~\startupfolder\C:^Users^G^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^FrostWire On Startup.lnk] path=c:\users\G\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FrostWire On Startup.lnk backup=c:\windows\pss\FrostWire On Startup.lnk.Startup backupExtension=.Startup . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\?????????] ??????????????e [?] . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acer Empowering Technology Monitor] 2006-11-23 23:24 319488 ----a-w- c:\windows\System32\SysMonitor.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acer Product Registration] 2006-12-13 18:55 3166208 ----a-w- c:\program files\Acer Registration\ACE1.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM] 2012-07-27 20:51 919008 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DeltaIITaskbarApp] 2008-03-03 14:13 236040 ----a-w- c:\windows\System32\DeltaIITray.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXMediaServer] 2012-11-13 18:13 450560 ----a-w- c:\program files\DivX\DivX Media Server\DivXMediaServer.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate] 2012-11-30 02:06 1263512 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update] 2006-12-11 01:52 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\M-Audio Taskbar Icon] 2008-03-03 14:13 236040 ----a-w- c:\windows\System32\DeltaIITray.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Works Portfolio] 2000-08-08 20:00 311350 ----a-w- c:\program files\Microsoft Works\wkssb.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Works Update Detection] 2000-08-08 20:00 28739 ----a-w- c:\program files\Microsoft Works\WkDetect.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] 2008-05-28 12:27 570664 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon] 2008-06-20 07:04 13535776 ----a-w- c:\windows\System32\nvcpl.dll . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter] 2008-06-20 07:04 92704 ----a-w- c:\windows\System32\nvmctray.dll . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService] 2006-11-25 08:57 151552 ------w- c:\acer\Empowering Technology\eMode\PCM\PCMService.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl] 2006-12-01 13:37 4186112 ----a-w- c:\windows\RtHDVCpl.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar] 2009-04-11 06:28 1233920 ----a-w- c:\program files\Windows Sidebar\sidebar.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] 2012-07-03 13:04 252848 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe] 2012-12-29 22:23 295072 ----a-w- c:\program files\Real\RealPlayer\Update\realsched.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WindowsWelcomeCenter] 2009-04-11 06:28 2153472 ----a-w- c:\windows\System32\oobefldr.dll . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG] 2008-01-19 06:33 202240 ----a-w- c:\program files\Windows Media Player\wmpnscfg.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WorksFUD] 2000-08-08 20:00 24576 ----a-w- c:\program files\Microsoft Works\wkfud.exe . [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-] "Microsoft Works Update Detection"=c:\program files\Microsoft Works\WkDetect.exe "WMPNSCFG"=c:\program files\Windows Media Player\WMPNSCFG.exe . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc . Contents of the 'Scheduled Tasks' folder . 2012-12-31 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-22 01:38] . 2012-12-31 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2012-09-12 22:24] . 2012-12-31 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2012-09-12 22:24] . . ------- Supplementary Scan ------- . uStart Page = https://www.google.com/ uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7 mStart Page = hxxp://start.funmoods.com/?f=1&a=nv1&chnl=nv1&cd=2XzuyEtN2Y1L1QzutDtDtCzytBtC0EyBtB0A0D0BtDyCtC0EtN0D0Tzu0CtByCzztN1L2XzutBtFtCtFtCtFtAtCtB&cr=1065031074 uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com TCP: DhcpNameServer = 192.168.1.1 . - - - - ORPHANS REMOVED - - - - . URLSearchHooks-{b6ac5e3c-5ceb-4e72-b451-f0e1ba983c14} - (no file) WebBrowser-{B6AC5E3C-5CEB-4E72-B451-F0E1BA983C14} - (no file) HKCU-Run-qupup - c:\users\G\AppData\Roaming\qupup.dll HKCU-Run-spavc - c:\users\G\AppData\Roaming\spavc.dll HKLM-Run-eRecoveryService - (no file) SafeBoot-WudfPf SafeBoot-WudfRd MSConfigStartUp-Acer Assist Launcher - c:\program files\Acer Assist\launcher.exe MSConfigStartUp-BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} - c:\program files\Common Files\Nero\Lib\NMBgMonitor.exe MSConfigStartUp-eDataSecurity Loader - c:\acer\Empowering Technology\eDataSecurity\eDSloader.exe MSConfigStartUp-NBKeyScan - c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe AddRemove-RealPlayer 16.0 - c:\program files\real\realplayer\Update\r1puninst.exe . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2012-12-31 18:30 Windows 6.0.6002 Service Pack 2 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\6e6a1780] "imagepath"="\??\c:\windows\TEMP\D69E.tmp" . Completion time: 2012-12-31 18:36:31 ComboFix-quarantined-files.txt 2012-12-31 23:36 . Pre-Run: 25,659,117,568 bytes free Post-Run: 27,118,759,936 bytes free . - - End Of File - - E3B14A19743A8D31100CE3F9E8EBB3DC

My MBAM Log ,

gazzer77 replied to gazzer77's topic in Resolved Malware Removal Logs

hold off cobo fix is rnning

My MBAM Log ,

gazzer77 replied to gazzer77's topic in Resolved Malware Removal Logs

it won't run now , i'm where i started rundll 32 has stopped working . what?

My MBAM Log ,

gazzer77 replied to gazzer77's topic in Resolved Malware Removal Logs

i ran ok I did it run the scanner twice second time there was no infection. i had to run fix tool, because the fire wall was stimimed . wait , wait. security essentials just popped up like it was doing perionicaly looks like i still have the malware .

Events

Profiles

Forums

Everything posted by gazzer77

Important Information