Jump to content

sirefef.ah loss of ip address


Recommended Posts

Hi

I think that I am in big trouble. I recently found sirefef.ac and .ah through MSE which kept on finding them every 15 min. While malware found nothing. MSE recently updated itself and asked me to restart.

Since then I cant get online. Modem working fine, however my comp cant get an IP address. If I try and repair, it says failed to query TCP/IP settings of the connections. I did a system restore and now MSE found sirefef.j and win32/karagany.I

Any advice????

Link to post
Share on other sites

Hello and :welcome:

We need to see some information about what is happening in your machine. Please perform the following scan:

  • Download DDS by sUBs from one of the following links. Save it to your desktop.

    [*]Double click on the DDS icon, allow it to run.

    [*]A small box will open, with an explaination about the tool. No input is needed, the scan is running.

    [*]Notepad will open with the results.

    [*]Follow the instructions that pop up for posting the results.

    [*]Close the program window, and delete the program from your desktop.

Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

Link to post
Share on other sites

Thank you for answering me.

Hope this works out.

Here is the info you were after

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 8.0.6001.18702

Run by User at 23:45:58 on 2012-05-10

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.958.554 [GMT 10:00]

.

AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}

.

============== Running Processes ===============

.

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\Program Files\Microsoft Security Client\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup

svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\LogMeIn\x86\LogMeInSystray.exe

C:\WINDOWS\system32\VTTimer.exe

C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

C:\Program Files\Microsoft Security Client\msseces.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\WINDOWS\System32\svchost.exe -k HTTPFilter

C:\Program Files\Java\jre7\bin\jqs.exe

C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe

C:\Program Files\LogMeIn\x86\RaMaint.exe

C:\WINDOWS\System32\svchost.exe -k imgsvc

C:\Program Files\memoMiiO-HK\memoMiiO-HK.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.tradingroom.com.au/apps/mkt/forex.ac

uSearch Page = hxxp://www.google.com

uWindow Title = Microsoft Internet Explorer provided by OptusNet

uSearch Bar = hxxp://www.google.com/ie

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

BHO: AutorunsDisabled - No File

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre7\bin\ssv.dll

BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre7\bin\jp2ssv.dll

BHO: SimpleAdblock Class: {ffcb3198-32f3-4e8b-9539-4324694ed664} - c:\program files\common files\simple adblock\SimpleAdblock.dll

TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

EB: Groove Folder Synchronization: {2a541ae1-5bf6-4665-a8a3-cfa9672e4291} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"

uRun: [Google Update] "c:\documents and settings\user\local settings\application data\google\update\GoogleUpdate.exe" /c

mRun: [LogMeIn GUI] "c:\program files\logmein\x86\LogMeInSystray.exe"

mRun: [VTTimer] VTTimer.exe

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime

mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"

mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey

mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

dRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe

StartupFolder: c:\docume~1\user\startm~1\programs\startup\dropbox.lnk - c:\documents and settings\user\application data\dropbox\bin\Dropbox.exe

IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL

LSP: mswsock.dll

DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://www.apple.com/qtactivex/qtplugin.cab

DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} - hxxp://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab

DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} - hxxp://dl.tvunetworks.com/TVUAx.cab

DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1173184360781

DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab

DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab

DPF: {CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_03-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab

DPF: {CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.adobe.com/pub/shockwave/cabs/flash/swflash.cab

DPF: {D4003189-95B1-4A2F-9A87-F2B03665960D} - hxxp://www.freecricket.tv/plugins/freecricket.cab

DPF: {DD3641E5-A9CF-11D1-9AA1-444553540000} - hxxp://www.belairresort.com.au/virtual-tour/tours/cabs/svideo3.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxps://secure.logmein.com/activex/ractrl.cab?lmi=724

TCP: DhcpNameServer = 192.168.1.1

TCP: Interfaces\{03781020-5ECC-48FF-B925-FED478BC9CDB} : DhcpNameServer = 192.168.1.1

Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll

Handler: ic32pp - {BBCA9F81-8F4F-11D2-90FF-0080C83D3571} - c:\windows\wc98pp.dll

Notify: LMIinit - LMIinit.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

.

============= SERVICES / DRIVERS ===============

.

R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-10-24 171064]

R0 xfilt;VIA SATA IDE Hot-plug Driver;c:\windows\system32\drivers\xfilt.sys [2007-2-6 22168]

R1 MpKsl7c7883cc;MpKsl7c7883cc;c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{9a709846-5fbe-44aa-8896-cd99f87233f5}\MpKsl7c7883cc.sys [2012-5-10 29904]

R2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\logmein\x86\LMIGuardianSvc.exe [2010-10-2 374152]

R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\logmein\x86\rainfo.sys [2007-4-17 12856]

R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2007-7-10 47640]

R3 radpms;Driver for RADPMS Device;c:\windows\system32\drivers\radpms.sys [2007-4-17 13408]

RUnknown MpKslbf9d4c48;MpKslbf9d4c48; [x]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-1 253088]

S3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshim.sys --> c:\windows\system32\drivers\AVGIDSShim.Sys [?]

S3 SR9USB;SR9600 USB To Fast Ethernet Adapter;c:\windows\system32\drivers\SR9USB.sys [2011-5-30 14592]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

S4 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-2-1 135664]

S4 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-2-1 135664]

S4 LMIRfsClientNP;LMIRfsClientNP; [x]

.

=============== Created Last 30 ================

.

2012-05-10 08:26:36 29904 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{9a709846-5fbe-44aa-8896-cd99f87233f5}\MpKsl7c7883cc.sys

2012-05-09 15:46:01 29904 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{9a709846-5fbe-44aa-8896-cd99f87233f5}\MpKslbf9d4c48.sys

2012-05-09 03:38:29 56200 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{9a709846-5fbe-44aa-8896-cd99f87233f5}\offreg.dll

2012-05-08 23:11:46 6734704 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{9a709846-5fbe-44aa-8896-cd99f87233f5}\mpengine.dll

2012-05-07 18:16:05 6734704 ------w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll

2012-05-05 13:22:57 0 --sha-w- c:\windows\system32\dds_trash_log.cmd

2012-05-05 13:21:57 -------- d-----w- c:\documents and settings\user\local settings\application data\{4608863F-96B5-11E1-826D-B8AC6F996F26}

2012-05-05 11:42:13 -------- d-----w- c:\documents and settings\user\application data\memoMiiO-HK

2012-05-05 11:40:50 -------- d-----w- c:\program files\memoMiiO-HK

2012-04-28 09:58:25 -------- d-----w- c:\program files\Dropbox

.

==================== Find3M ====================

.

2012-05-09 15:28:18 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-05-09 15:27:55 418464 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-04-04 05:56:40 22344 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-03-20 10:44:12 171064 ----a-w- c:\windows\system32\drivers\MpFilter.sys

2012-03-01 11:01:32 916992 ----a-w- c:\windows\system32\wininet.dll

2012-03-01 11:01:32 43520 ------w- c:\windows\system32\licmgr10.dll

2012-03-01 11:01:32 1469440 ------w- c:\windows\system32\inetcpl.cpl

2012-02-29 14:10:16 177664 ----a-w- c:\windows\system32\wintrust.dll

2012-02-29 14:10:16 148480 ----a-w- c:\windows\system32\imagehlp.dll

2012-02-29 12:17:40 385024 ------w- c:\windows\system32\html.iec

.

============= FINISH: 23:48:37.32 ===============

Link to post
Share on other sites

ZeroAccess is indeed still active. Before continuing, please read the following information.

BACKDOOR WARNING

------------------------------

One or more of the identified infections is known to use a backdoor.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would advice you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the infection has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?

When Should I Format, How Should I Reinstall

We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do. If you decide to go through with the cleanup, please proceed with the following steps.

COMBOFIX

---------------

Please download ComboFix from one of these locations:


Bleepingcomputer
ForoSpyware

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Combofix.exe and follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, or if you are running Vista, ComboFix will continue it's malware removal procedures.

Query_RC.gif

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

RC_successful.gif

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\Combofix.txt in your next reply.

Link to post
Share on other sites

Hi, and thanks again

Did what you asked, and here is the log.

Still don't have IP address and cannot connect. Should I run this same scan again?

ComboFix 12-05-10.02 - User 11/05/2012 1:44.1.2 - x86

Running from: c:\documents and settings\User\Desktop\ComboFix.exe

AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}

* Created a new restore point

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\documents and settings\All Users\Application Data\TEMP

c:\documents and settings\All Users\Application Data\TEMP\AVG\avi7.avg

c:\documents and settings\All Users\Application Data\TEMP\AVG\crt_x64.msi

c:\documents and settings\All Users\Application Data\TEMP\AVG\files.dat

c:\documents and settings\All Users\Application Data\TEMP\AVG\incavi.avm

c:\documents and settings\All Users\Application Data\TEMP\AVG\license_cz.htm

c:\documents and settings\All Users\Application Data\TEMP\AVG\license_da.htm

c:\documents and settings\All Users\Application Data\TEMP\AVG\license_fr.htm

c:\documents and settings\All Users\Application Data\TEMP\AVG\license_ge.htm

c:\documents and settings\All Users\Application Data\TEMP\AVG\license_hu.htm

c:\documents and settings\All Users\Application Data\TEMP\AVG\license_id.htm

c:\documents and settings\All Users\Application Data\TEMP\AVG\license_in.htm

c:\documents and settings\All Users\Application Data\TEMP\AVG\license_it.htm

c:\documents and settings\All Users\Application Data\TEMP\AVG\license_jp.htm

c:\documents and settings\All Users\Application Data\TEMP\AVG\license_ko.htm

c:\documents and settings\All Users\Application Data\TEMP\AVG\license_ms.htm

c:\documents and settings\All Users\Application Data\TEMP\AVG\license_nl.htm

c:\documents and settings\All Users\Application Data\TEMP\AVG\license_pb.htm

c:\documents and settings\All Users\Application Data\TEMP\AVG\license_pl.htm

c:\documents and settings\All Users\Application Data\TEMP\AVG\license_pt.htm

c:\documents and settings\All Users\Application Data\TEMP\AVG\license_ru.htm

c:\documents and settings\All Users\Application Data\TEMP\AVG\license_sc.htm

c:\documents and settings\All Users\Application Data\TEMP\AVG\license_sk.htm

c:\documents and settings\All Users\Application Data\TEMP\AVG\license_sp.htm

c:\documents and settings\All Users\Application Data\TEMP\AVG\license_tr.htm

c:\documents and settings\All Users\Application Data\TEMP\AVG\license_us.htm

c:\documents and settings\All Users\Application Data\TEMP\AVG\license_zh.htm

c:\documents and settings\All Users\Application Data\TEMP\AVG\license_zt.htm

c:\documents and settings\All Users\Application Data\TEMP\AVG\microavi.avg

c:\documents and settings\All Users\Application Data\TEMP\AVG\miniavi.avg

c:\documents and settings\All Users\Application Data\TEMP\AVG\setup.dat

c:\documents and settings\All Users\Application Data\TEMP\AVG\setup.exe

c:\documents and settings\All Users\Application Data\TEMP\AVG\setup.ini

c:\documents and settings\All Users\Application Data\TEMP\AVG\setupcz.lns

c:\documents and settings\All Users\Application Data\TEMP\AVG\setupda.lns

c:\documents and settings\All Users\Application Data\TEMP\AVG\setupfr.lns

c:\documents and settings\All Users\Application Data\TEMP\AVG\setupge.lns

c:\documents and settings\All Users\Application Data\TEMP\AVG\setuphu.lns

c:\documents and settings\All Users\Application Data\TEMP\AVG\setupid.lns

c:\documents and settings\All Users\Application Data\TEMP\AVG\setupin.lns

c:\documents and settings\All Users\Application Data\TEMP\AVG\setupit.lns

c:\documents and settings\All Users\Application Data\TEMP\AVG\setupjp.lns

c:\documents and settings\All Users\Application Data\TEMP\AVG\setupko.lns

c:\documents and settings\All Users\Application Data\TEMP\AVG\setupms.lns

c:\documents and settings\All Users\Application Data\TEMP\AVG\setupnl.lns

c:\documents and settings\All Users\Application Data\TEMP\AVG\setuppb.lns

c:\documents and settings\All Users\Application Data\TEMP\AVG\setuppl.lns

c:\documents and settings\All Users\Application Data\TEMP\AVG\setuppt.lns

c:\documents and settings\All Users\Application Data\TEMP\AVG\setupru.lns

c:\documents and settings\All Users\Application Data\TEMP\AVG\setupsc.lns

c:\documents and settings\All Users\Application Data\TEMP\AVG\setupsk.lns

c:\documents and settings\All Users\Application Data\TEMP\AVG\setupsp.lns

c:\documents and settings\All Users\Application Data\TEMP\AVG\setuptr.lns

c:\documents and settings\All Users\Application Data\TEMP\AVG\setupus.lns

c:\documents and settings\All Users\Application Data\TEMP\AVG\setupzh.lns

c:\documents and settings\All Users\Application Data\TEMP\AVG\setupzt.lns

c:\documents and settings\All Users\Application Data\TEMP\AVG\trialkey.dat

c:\documents and settings\All Users\Application Data\TEMP\AVG\vcredis1.cab

c:\documents and settings\All Users\Application Data\TEMP\AVG\vcredist.msi

c:\documents and settings\User\Application Data\8d51356f4bb435f1b6f84a242a76b34c-i686.cache-2

c:\documents and settings\User\Favorites\Thumbs.db

c:\documents and settings\User\Local Settings\Temporary Internet Files\ab_1A1.tmp

c:\documents and settings\User\Local Settings\Temporary Internet Files\ab_1A2.tmp

c:\documents and settings\User\Local Settings\Temporary Internet Files\simpleadblock.msi

c:\documents and settings\User\My Documents\~WRL0352.tmp

c:\documents and settings\User\My Documents\~WRL2886.tmp

c:\documents and settings\User\WINDOWS

c:\windows\$NtUninstallKB60531$

c:\windows\$NtUninstallKB60531$\1000425851

c:\windows\$NtUninstallKB60531$\634767782\@

c:\windows\$NtUninstallKB60531$\634767782\cfg.ini

c:\windows\$NtUninstallKB60531$\634767782\Desktop.ini

c:\windows\$NtUninstallKB60531$\634767782\L\kmkgcnpi

c:\windows\$NtUninstallKB60531$\634767782\oemid

c:\windows\$NtUninstallKB60531$\634767782\U\00000001.@

c:\windows\$NtUninstallKB60531$\634767782\U\00000002.@

c:\windows\$NtUninstallKB60531$\634767782\U\00000004.@

c:\windows\$NtUninstallKB60531$\634767782\U\80000000.@

c:\windows\$NtUninstallKB60531$\634767782\U\80000004.@

c:\windows\$NtUninstallKB60531$\634767782\U\80000032.@

c:\windows\$NtUninstallKB60531$\634767782\version

c:\windows\system32\dds_trash_log.cmd

c:\windows\system32\Nagasoft

c:\windows\system32\Nagasoft\Codecs\asyncflt.ax

c:\windows\system32\Nagasoft\Codecs\atrc.dll

c:\windows\system32\Nagasoft\Codecs\cook.dll

c:\windows\system32\Nagasoft\Codecs\drvc.dll

c:\windows\system32\Nagasoft\Codecs\raac.dll

c:\windows\system32\Nagasoft\Codecs\RealMediaSplitter.ax

c:\windows\system32\Nagasoft\Codecs\WMFDemux.dll

c:\windows\system32\Nagasoft\GifShower.dll

c:\windows\system32\Nagasoft\vjocx.dll

c:\windows\system32\service

c:\windows\system32\service\07032009_TIS17_SfFniAU.log

c:\windows\system32\service\09022009_TIS17_SfFniAU.log

c:\windows\system32\service\10022009_TIS17_SfFniAU.log

c:\windows\system32\service\11032009_TIS17_SfFniAU.log

c:\windows\system32\SET15B.tmp

c:\windows\system32\SET15D.tmp

c:\windows\system32\SET161.tmp

c:\windows\system32\SET162.tmp

c:\windows\system32\SET169.tmp

c:\windows\system32\SET16B.tmp

c:\windows\system32\SET1D6.tmp

c:\windows\system32\SET1DD.tmp

c:\windows\wc98pp.dll

.

c:\windows\system32\drivers\ipsec.sys was missing

Restored copy from - c:\windows\system32\dllcache\ipsec.sys

.

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

-------\Legacy_vvdsvc

-------\Legacy_vvdsvc

-------\Service_vvdsvc

-------\Service_vvdsvc

.

.

((((((((((((((((((((((((( Files Created from 2012-04-10 to 2012-05-10 )))))))))))))))))))))))))))))))

.

.

2012-05-10 16:03 . 2008-04-13 13:49 75264 -c--a-w- c:\windows\system32\dllcache\ipsec.sys

2012-05-10 16:03 . 2008-04-13 13:49 75264 ----a-w- c:\windows\system32\drivers\ipsec.sys

2012-05-08 23:11 . 2012-04-13 07:36 6734704 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{9A709846-5FBE-44AA-8896-CD99F87233F5}\mpengine.dll

2012-05-08 12:57 . 2012-05-08 12:57 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Sun

2012-05-07 18:16 . 2012-04-13 07:36 6734704 ------w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2012-05-05 13:21 . 2012-05-05 13:21 -------- d-----w- c:\documents and settings\User\Local Settings\Application Data\{4608863F-96B5-11E1-826D-B8AC6F996F26}

2012-05-05 11:42 . 2012-05-05 11:42 -------- d-----w- c:\documents and settings\User\Application Data\memoMiiO-HK

2012-05-05 11:40 . 2012-05-05 11:41 -------- d-----w- c:\program files\memoMiiO-HK

2012-04-28 09:58 . 2012-04-28 09:58 -------- d-----w- c:\program files\Dropbox

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-05-09 15:28 . 2011-05-30 04:34 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-05-09 15:27 . 2012-04-01 04:35 418464 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-04-04 05:56 . 2011-05-23 13:06 22344 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-03-20 10:44 . 2010-10-24 11:25 171064 ----a-w- c:\windows\system32\drivers\MpFilter.sys

2012-03-01 11:01 . 2003-03-31 12:00 916992 ----a-w- c:\windows\system32\wininet.dll

2012-03-01 11:01 . 2003-03-31 12:00 43520 ------w- c:\windows\system32\licmgr10.dll

2012-03-01 11:01 . 2003-03-31 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl

2012-02-29 14:10 . 2003-03-31 12:00 177664 ----a-w- c:\windows\system32\wintrust.dll

2012-02-29 14:10 . 2003-03-31 12:00 148480 ----a-w- c:\windows\system32\imagehlp.dll

2012-02-29 12:17 . 2006-02-28 12:00 385024 ------w- c:\windows\system32\html.iec

.

.

------- Sigcheck -------

Note: Unsigned files aren't necessarily malware.

.

[-] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB2509553\SP3QFE\tcpip.sys

[-] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys

[-] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3GDR\tcpip.sys

[-] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\tcpip.sys

[-] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\system32\drivers\tcpip.sys

[-] 2008-06-20 . 744E57C99232201AE98C49168B918F48 . 360960 . . [5.1.2600.3394] . . c:\windows\$hf_mig$\KB951748\SP2QFE\tcpip.sys

[7] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\tcpip.sys

[-] 2007-10-30 . 90CAFF4B094573449A0872A0F919B178 . 360064 . . [5.1.2600.3244] . . c:\windows\$NtUninstallKB951748_0$\tcpip.sys

[-] 2007-10-30 . 64798ECFA43D78C7178375FCDD16D8C8 . 360832 . . [5.1.2600.3244] . . c:\windows\$hf_mig$\KB941644\SP2QFE\tcpip.sys

[-] 2006-04-20 . B2220C618B42A2212A59D91EBD6FC4B4 . 360576 . . [5.1.2600.2892] . . c:\windows\$hf_mig$\KB917953\SP2QFE\tcpip.sys

[-] 2006-04-20 . 1DBF125862891817F374F407626967F4 . 359808 . . [5.1.2600.2892] . . c:\windows\$NtUninstallKB941644$\tcpip.sys

[-] 2006-02-28 . 9F4B36614A0FC234525BA224957DE55C . 359040 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB917953$\tcpip.sys

[-] 2003-03-31 . 244A2F9816BC9B593957281EF577D976 . 332928 . . [5.1.2600.1106] . . c:\windows\$NtServicePackUninstall$\tcpip.sys

.

[-] 2009-02-09 . 6B27A5C03DFB94B4245739065431322C . 401408 . . [5.1.2600.5755] . . c:\windows\system32\rpcss.dll

[-] 2009-02-09 . 6B27A5C03DFB94B4245739065431322C . 401408 . . [5.1.2600.5755] . . c:\windows\system32\dllcache\rpcss.dll

[-] 2009-02-09 . 9222562D44021B988B9F9F62207FB6F2 . 401408 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\rpcss.dll

[7] 2008-04-13 . 2589FE6015A316C0F5D5112B4DA7B509 . 399360 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB956572$\rpcss.dll

[7] 2008-04-13 . 2589FE6015A316C0F5D5112B4DA7B509 . 399360 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\rpcss.dll

[-] 2006-02-28 . 5C83A4408604F737717AB96371201680 . 395776 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB894391$\rpcss.dll

[-] 2005-07-26 . C369DF215D352B6F3A0B8C3469AA34F8 . 398336 . . [5.1.2600.2726] . . c:\windows\$hf_mig$\KB902400\SP2QFE\rpcss.dll

[-] 2005-04-28 . DA383FB39A6F1C445F3AFC94B3EB1248 . 396288 . . [5.1.2600.2665] . . c:\windows\$hf_mig$\KB894391\SP2QFE\rpcss.dll

[-] 2005-04-28 . C8061F289E000703E7672916B7FE1571 . 395776 . . [5.1.2600.2665] . . c:\windows\$NtUninstallKB902400$\rpcss.dll

[-] 2003-03-31 . 493FCBED180DCACF0B5D4C8C29949CA9 . 260608 . . [5.1.2600.1106] . . c:\windows\$NtServicePackUninstall$\rpcss.dll

.

[-] 2009-02-06 . 65DF52F5B8B6E9BBD183505225C37315 . 110592 . . [5.1.2600.5755] . . c:\windows\system32\services.exe

[-] 2009-02-06 . 65DF52F5B8B6E9BBD183505225C37315 . 110592 . . [5.1.2600.5755] . . c:\windows\system32\dllcache\services.exe

[-] 2009-02-06 . 020CEAAEDC8EB655B6506B8C70D53BB6 . 110592 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\services.exe

[7] 2008-04-13 . 0E776ED5F7CC9F94299E70461B7B8185 . 108544 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB956572$\services.exe

[7] 2008-04-13 . 0E776ED5F7CC9F94299E70461B7B8185 . 108544 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\services.exe

[-] 2003-03-31 . E3DF4A0252D287C44606EE55355E1623 . 101376 . . [5.1.2600.0] . . c:\windows\$NtServicePackUninstall$\services.exe

.

[-] 2010-08-17 . 258DD5D4283FD9F9A7166BE9AE45CE73 . 58880 . . [5.1.2600.6024] . . c:\windows\$hf_mig$\KB2347290\SP3QFE\spoolsv.exe

[-] 2010-08-17 . 60784F891563FB1B767F70117FC2428F . 58880 . . [5.1.2600.6024] . . c:\windows\system32\spoolsv.exe

[-] 2010-08-17 . 60784F891563FB1B767F70117FC2428F . 58880 . . [5.1.2600.6024] . . c:\windows\system32\dllcache\spoolsv.exe

[7] 2008-04-13 . D8E14A61ACC1D4A6CD0D38AEBAC7FA3B . 57856 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB2347290$\spoolsv.exe

[7] 2008-04-13 . D8E14A61ACC1D4A6CD0D38AEBAC7FA3B . 57856 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\spoolsv.exe

[-] 2006-02-28 . 7435B108B935E42EA92CA94F59C8E717 . 57856 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB896423$\spoolsv.exe

[-] 2005-06-11 . AD3D9D191AEA7B5445FE1D82FFBB4788 . 57856 . . [5.1.2600.2696] . . c:\windows\$hf_mig$\KB896423\SP2QFE\spoolsv.exe

[-] 2003-03-31 . 9B4155BA58192D4073082B8FC5D42612 . 51200 . . [5.1.2600.0] . . c:\windows\$NtServicePackUninstall$\spoolsv.exe

.

[-] 2010-08-23 . 93AFB83FBC1F9443CAC722FCA63D73BF . 617472 . . [5.82] . . c:\windows\system32\comctl32.dll

[-] 2010-08-23 . 93AFB83FBC1F9443CAC722FCA63D73BF . 617472 . . [5.82] . . c:\windows\system32\dllcache\comctl32.dll

[-] 2010-08-23 . 736B12B725AEB2B07F0241A9F680CB10 . 1054208 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll

[7] 2008-04-14 . BD38D1EBE24A46BD3EDA059560AFBA12 . 1054208 . . [6.0] . . c:\windows\WinSxS\InstallTemp\1226636\comctl32.dll

[7] 2008-04-13 . BD38D1EBE24A46BD3EDA059560AFBA12 . 1054208 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll

[7] 2008-04-13 . 06F247492BC786CE5C24A23E178C711A . 617472 . . [5.82] . . c:\windows\$NtUninstallKB2296011$\comctl32.dll

[7] 2008-04-13 . 06F247492BC786CE5C24A23E178C711A . 617472 . . [5.82] . . c:\windows\ServicePackFiles\i386\comctl32.dll

[-] 2006-08-25 . C4E80875C1CF1222FC5EFD0314AE5C01 . 1054208 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll

[-] 2006-02-28 . A77DFB85FAEE49D66C74DA6024EBC69B . 611328 . . [5.82] . . c:\windows\$NtUninstallKB923191$\comctl32.dll

[7] 2006-02-28 . AEF3D788DBF40C7C4D204EA45EB0C505 . 921088 . . [6.0] . . c:\windows\WinSxS\InstallTemp\86604\comctl32.dll

[-] 2006-02-28 . 5AF68A5E44734A082442668E9C787743 . 1050624 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll

[-] 2003-03-31 . 0B5D337119929505EE72D4E4A41ED1FD . 557056 . . [5.82] . . c:\windows\$NtServicePackUninstall$\comctl32.dll

[7] 2003-03-31 . AEF3D788DBF40C7C4D204EA45EB0C505 . 921088 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a\comctl32.dll

[-] 2003-03-31 . 76B90BD220F1B1CC9E183C6B1AE9FBB4 . 921600 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.10.0_x-ww_f7fb5805\comctl32.dll

.

[-] 2008-07-07 20:26 . D4991D98F2DB73C60D042F1AEF79EFAE . 253952 . . [2001.12.4414.706] . . c:\windows\$hf_mig$\KB950974\SP3GDR\es.dll

[-] 2008-07-07 20:26 . D4991D98F2DB73C60D042F1AEF79EFAE . 253952 . . [2001.12.4414.706] . . c:\windows\system32\es.dll

[-] 2008-07-07 20:26 . D4991D98F2DB73C60D042F1AEF79EFAE . 253952 . . [2001.12.4414.706] . . c:\windows\system32\dllcache\es.dll

[-] 2008-07-07 20:23 . F17F6226BDC0CD5F0BEF0DAF84D29BEC . 253952 . . [2001.12.4414.706] . . c:\windows\$hf_mig$\KB950974\SP3QFE\es.dll

[-] 2008-07-07 20:06 . A4AB3DCA4A383F0DF4988ABDEB84F9A4 . 253952 . . [2001.12.4414.320] . . c:\windows\$hf_mig$\KB950974\SP2QFE\es.dll

[7] 2008-04-13 18:41 . 19A799805B24990867B00C120D300C3A . 246272 . . [2001.12.4414.701] . . c:\windows\ServicePackFiles\i386\es.dll

[-] 2006-02-28 12:00 . ACD36A2DD7D1E9D8A060AA651DC07E63 . 243200 . . [2001.12.4414.258] . . c:\windows\$NtUninstallKB902400$\es.dll

[-] 2005-07-26 04:39 . 34BBD9ACC1538818F2C878898C64E793 . 243200 . . [2001.12.4414.308] . . c:\windows\$NtUninstallKB950974_0$\es.dll

[-] 2005-07-26 04:20 . 95F5FEA4C6DE2C3F28784D0DCC8F0DD3 . 243200 . . [2001.12.4414.308] . . c:\windows\$hf_mig$\KB902400\SP2QFE\es.dll

[-] 2003-03-31 12:00 . C9702DDD814C39DC1254CF757C31C6E4 . 225280 . . [2001.12.4414.46] . . c:\windows\$NtServicePackUninstall$\es.dll

.

[-] 2009-03-21 . B921FB870C9AC0D509B2CCABBBBE95F3 . 989696 . . [5.1.2600.5781] . . c:\windows\system32\kernel32.dll

[-] 2009-03-21 . B921FB870C9AC0D509B2CCABBBBE95F3 . 989696 . . [5.1.2600.5781] . . c:\windows\system32\dllcache\kernel32.dll

[-] 2009-03-21 . DA11D9D6ECBDF0F93436A4B7C13F7BEC . 991744 . . [5.1.2600.5781] . . c:\windows\$hf_mig$\KB959426\SP3QFE\kernel32.dll

[7] 2008-04-13 . C24B983D211C34DA8FCC1AC38477971D . 989696 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB959426$\kernel32.dll

[7] 2008-04-13 . C24B983D211C34DA8FCC1AC38477971D . 989696 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\kernel32.dll

[-] 2007-04-16 . 09F7CB3687F86EDAA4CA081F7AB66C03 . 986112 . . [5.1.2600.3119] . . c:\windows\$hf_mig$\KB935839\SP2QFE\kernel32.dll

[-] 2006-07-05 . 0FDD84928A5DDE2510761B7EC76CCEC9 . 985088 . . [5.1.2600.2945] . . c:\windows\$hf_mig$\KB917422\SP2QFE\kernel32.dll

[-] 2006-07-05 . D8DB5397DE07577C1CB50BA6D23B3AD4 . 984064 . . [5.1.2600.2945] . . c:\windows\$NtUninstallKB935839$\kernel32.dll

[-] 2006-02-28 . 888190E31455FAD793312F8D087146EB . 983552 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB917422$\kernel32.dll

[-] 2003-03-31 . 8F162DC91D67D87C1A481BF602A9DAC8 . 930304 . . [5.1.2600.1106] . . c:\windows\$NtServicePackUninstall$\kernel32.dll

.

[-] 2008-06-20 . 832E4DD8964AB7ACC880B2837CB1ED20 . 245248 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3GDR\mswsock.dll

[-] 2008-06-20 . 832E4DD8964AB7ACC880B2837CB1ED20 . 245248 . . [5.1.2600.5625] . . c:\windows\$NtUninstallKB2509553$\mswsock.dll

[-] 2008-06-20 . FCEE5FCB99F7C724593365C706D28388 . 245248 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB2509553\SP3QFE\mswsock.dll

[-] 2008-06-20 . FCEE5FCB99F7C724593365C706D28388 . 245248 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\mswsock.dll

[-] 2008-06-20 . 1DFCA7713EA5A70D5D93B436AEA0317A . 245248 . . [5.1.2600.3394] . . c:\windows\$hf_mig$\KB951748\SP2QFE\mswsock.dll

[-] 2008-06-20 . 943337D786A56729263071623BBB9DE5 . 245248 . . [5.1.2600.5625] . . c:\windows\system32\mswsock.dll

[-] 2008-06-20 . 943337D786A56729263071623BBB9DE5 . 245248 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\mswsock.dll

[7] 2008-04-13 . B4138E99236F0F57D4CF49BAE98A0746 . 245248 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\mswsock.dll

[-] 2006-02-28 . 4E74AF063C3271FBEA20DD940CFD1184 . 245248 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB951748_0$\mswsock.dll

[-] 2003-03-31 . 18A8BE5A66B93F9C9615F7D4C148EDE2 . 228352 . . [5.1.2600.0] . . c:\windows\$NtServicePackUninstall$\mswsock.dll

.

[-] 2010-04-16 . 9E03DC5AB51CFD0190541CE2038D819D . 406016 . . [1.0420.2600.5969] . . c:\windows\system32\usp10.dll

[-] 2010-04-16 . 9E03DC5AB51CFD0190541CE2038D819D . 406016 . . [1.0420.2600.5969] . . c:\windows\system32\dllcache\usp10.dll

[-] 2010-04-16 . F8894BCC961D461674002B4BAE7AECC1 . 406016 . . [1.0420.2600.5969] . . c:\windows\$hf_mig$\KB981322\SP3QFE\usp10.dll

[7] 2008-04-13 . 7D7D8501F3CB45D0408CDEFA08CDAEFF . 406016 . . [1.0420.2600.5512] . . c:\windows\$NtUninstallKB981322$\usp10.dll

[7] 2008-04-13 . 7D7D8501F3CB45D0408CDEFA08CDAEFF . 406016 . . [1.0420.2600.5512] . . c:\windows\ServicePackFiles\i386\usp10.dll

[-] 2003-03-31 . 73C90911DD86A10D4004C7D6E655A41B . 339456 . . [1.0409.2600.1106] . . c:\windows\$NtServicePackUninstall$\usp10.dll

.

[-] 2009-07-27 . 99BC0B50F511924348BE19C7C7313BBF . 135168 . . [6.00.2900.5853] . . c:\windows\system32\shsvcs.dll

[-] 2009-07-27 . 99BC0B50F511924348BE19C7C7313BBF . 135168 . . [6.00.2900.5853] . . c:\windows\system32\dllcache\shsvcs.dll

[-] 2009-07-27 . 888CD7B39C37E13A2419BECFAAF0A28C . 135168 . . [6.00.2900.5853] . . c:\windows\$hf_mig$\KB971029\SP3QFE\shsvcs.dll

[7] 2008-04-13 . 1926899BF9FFE2602B63074971700412 . 135168 . . [6.00.2900.5512] . . c:\windows\$NtUninstallKB971029$\shsvcs.dll

[7] 2008-04-13 . 1926899BF9FFE2602B63074971700412 . 135168 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\shsvcs.dll

[-] 2006-12-19 . 53D9184A21C5CBF600D918E51EF3A7E5 . 135168 . . [6.00.2900.3051] . . c:\windows\$hf_mig$\KB928255\SP2QFE\shsvcs.dll

[-] 2006-02-28 . E7518DC542D3EBDCB80EDD98462C7821 . 134656 . . [6.00.2900.2180] . . c:\windows\$NtUninstallKB928255$\shsvcs.dll

[-] 2003-03-31 . 61684089A54936E40F65DA02D47A28AE . 116224 . . [6.00.2800.1106] . . c:\windows\$NtServicePackUninstall$\shsvcs.dll

.

[-] 2010-09-18 07:18 . 842900DEDBC8E3E8DBCCCB298FD88F65 . 953856 . . [4.1.6151] . . c:\windows\$hf_mig$\KB2387149\SP3QFE\mfc40u.dll

[-] 2010-09-18 06:53 . E76A5C202E68AF5A322D16B5A78F48B9 . 953856 . . [4.1.6151] . . c:\windows\system32\mfc40u.dll

[-] 2010-09-18 06:53 . E76A5C202E68AF5A322D16B5A78F48B9 . 953856 . . [4.1.6151] . . c:\windows\system32\dllcache\mfc40u.dll

[7] 2008-04-13 18:41 . CDDD4416B2B4C7295FE3FDB6DDE57E4E . 927504 . . [4.1.0.61] . . c:\windows\$NtUninstallKB2387149$\mfc40u.dll

[7] 2008-04-13 18:41 . CDDD4416B2B4C7295FE3FDB6DDE57E4E . 927504 . . [4.1.0.61] . . c:\windows\ServicePackFiles\i386\mfc40u.dll

[-] 2006-02-28 12:00 . DDF8D47ACF8FC3FE5F7F2B95C4D4D136 . 924432 . . [4.1.6140] . . c:\windows\$NtUninstallKB924667$\mfc40u.dll

[-] 2003-03-31 12:00 . DDF8D47ACF8FC3FE5F7F2B95C4D4D136 . 924432 . . [4.1.6140] . . c:\windows\$NtServicePackUninstall$\mfc40u.dll

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12 94208 ----a-w- c:\documents and settings\User\Application Data\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12 94208 ----a-w- c:\documents and settings\User\Application Data\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12 94208 ----a-w- c:\documents and settings\User\Application Data\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]

@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12 94208 ----a-w- c:\documents and settings\User\Application Data\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-30 68856]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2007-04-17 63048]

"VTTimer"="VTTimer.exe" [2006-09-21 53248]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-03-10 385024]

"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]

"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 931200]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]

.

c:\documents and settings\User\Start Menu\Programs\Startup\

Dropbox.lnk - c:\documents and settings\User\Application Data\Dropbox\bin\Dropbox.exe [2012-4-27 27264496]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]

2012-02-08 12:38 87424 ----a-w- c:\windows\system32\LMIinit.dll

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]

@="Service"

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\uTorrent\\uTorrent.exe"=

"c:\\Documents and Settings\\User\\Application Data\\Dropbox\\bin\\Dropbox.exe"=

"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=

.

R2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\LogMeIn\x86\LMIGuardianSvc.exe [2/10/2010 7:59 PM 374152]

R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\rainfo.sys [17/04/2007 2:00 PM 12856]

R3 radpms;Driver for RADPMS Device;c:\windows\system32\drivers\radpms.sys [17/04/2007 2:00 PM 13408]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18/03/2010 12:16 PM 130384]

S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [1/04/2012 2:35 PM 253088]

S3 AVGIDSShim;AVGIDSShim;c:\windows\system32\DRIVERS\AVGIDSShim.Sys --> c:\windows\system32\DRIVERS\AVGIDSShim.Sys [?]

S3 SR9USB;SR9600 USB To Fast Ethernet Adapter;c:\windows\system32\drivers\SR9USB.sys [30/05/2011 3:27 PM 14592]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18/03/2010 12:16 PM 753504]

S4 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [1/02/2010 12:11 PM 135664]

S4 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [1/02/2010 12:11 PM 135664]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

vvdsvc REG_MULTI_SZ vvdsvc

.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs

S7oppilx

.

Contents of the 'Scheduled Tasks' folder

.

2012-05-10 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-01 04:36]

.

2011-05-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-01 02:11]

.

2011-05-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-01 02:11]

.

2012-05-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1606980848-1604221776-725345543-1004Core.job

- c:\documents and settings\User\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-05-30 06:15]

.

2012-05-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1606980848-1604221776-725345543-1004UA.job

- c:\documents and settings\User\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-05-30 06:15]

.

2012-05-10 c:\windows\Tasks\Microsoft Antimalware Scheduled Scan.job

- c:\program files\Microsoft Security Client\MpCmdRun.exe [2012-03-26 07:03]

.

2012-05-06 c:\windows\Tasks\UPDATER.job

- c:\documents and settings\User\My Documents\UPDATER.exe [2011-05-30 04:31]

.

2012-05-10 c:\windows\Tasks\User_Feed_Synchronization-{9D82F2A1-14C8-45C5-BD16-8ECA24E56CA0}.job

- c:\windows\system32\msfeedssync.exe [2009-03-07 17:31]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.tradingroom.com.au/apps/mkt/forex.ac

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html

TCP: DhcpNameServer = 192.168.1.1

.

- - - - ORPHANS REMOVED - - - -

.

SafeBoot-WudfPf

SafeBoot-WudfRd

AddRemove-Grand Master Chess OnLine - c:\program files\Alawar\gmchess\Uninstall.exe

AddRemove-{7B63B2922B174135AFC0E1377DD81EC2} - c:\program files\DivX\DivXCodecUninstall.exe

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2012-05-11 02:10

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'winlogon.exe'(592)

c:\windows\system32\LMIinit.dll

c:\windows\system32\LMIRfsClientNP.dll

.

- - - - - - - > 'explorer.exe'(1968)

c:\windows\system32\WININET.dll

c:\documents and settings\User\Application Data\Dropbox\bin\DropboxExt.14.dll

c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Other Running Processes ------------------------

.

c:\program files\Microsoft Security Client\MsMpEng.exe

c:\windows\system32\VTTimer.exe

c:\program files\Java\jre7\bin\jqs.exe

c:\program files\LogMeIn\x86\RaMaint.exe

c:\windows\system32\wscntfy.exe

.

**************************************************************************

.

Completion time: 2012-05-11 02:15:34 - machine was rebooted

ComboFix-quarantined-files.txt 2012-05-10 16:15

.

Pre-Run: 11,472,457,728 bytes free

Post-Run: 12,867,149,824 bytes free

.

- - End Of File - - 46783C8759CE68B3FCB716CFC13D537F

Link to post
Share on other sites

First we had to take care of the infection remnants, now lets concentrate on the connection issues.

Please download Farbar Service Scanner and run it on the computer with the issue.

  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update

    [*]Press "Scan".

    [*]It will create a log (FSS.txt) in the same directory the tool is run.

    [*]Please copy and paste the log to your reply.

Link to post
Share on other sites

Here it is

Farbar Service Scanner Version: 08-05-2012

Ran by User (administrator) on 11-05-2012 at 02:43:01

Running from "C:\Documents and Settings\User\Desktop"

Microsoft Windows XP Home Edition Service Pack 3 (X86)

Boot Mode: Normal

****************************************************************

Internet Services:

============

Dnscache Service is not running. Checking service configuration:

The start type of Dnscache service is set to Disabled. The default start type is Auto.

The ImagePath of Dnscache service is OK.

The ServiceDll of Dnscache service is OK.

Dhcp Service is not running. Checking service configuration:

The start type of Dhcp service is OK.

The ImagePath of Dhcp service is OK.

The ServiceDll of Dhcp service is OK.

Tcpip Service is not running. Checking service configuration:

The start type of Tcpip service is OK.

The ImagePath of Tcpip service is OK.

Connection Status:

==============

Localhost is blocked.

There is no connection to network.

Attempt to access Google IP returned error: Other errors

Attempt to access Yahoo IP returned error: Other errors

Windows Firewall:

=============

sharedaccess Service is not running. Checking service configuration:

The start type of sharedaccess service is OK.

The ImagePath of sharedaccess service is OK.

The ServiceDll of sharedaccess service is OK.

Firewall Disabled Policy:

==================

System Restore:

============

System Restore Disabled Policy:

========================

Security Center:

============

Windows Update:

============

Windows Autoupdate Disabled Policy:

============================

File Check:

========

C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit

C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit

C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit

C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit

C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit

C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit

C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit

C:\WINDOWS\system32\netman.dll => MD5 is legit

C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit

C:\WINDOWS\system32\srsvc.dll => MD5 is legit

C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit

C:\WINDOWS\system32\wscsvc.dll => MD5 is legit

C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit

C:\WINDOWS\system32\wuauserv.dll => MD5 is legit

C:\WINDOWS\system32\qmgr.dll => MD5 is legit

C:\WINDOWS\system32\es.dll => MD5 is legit

C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit

C:\WINDOWS\system32\svchost.exe => MD5 is legit

C:\WINDOWS\system32\rpcss.dll => MD5 is legit

C:\WINDOWS\system32\services.exe => MD5 is legit

Extra List:

=======

Gpc(3) NetBT(6) PSched(7) Tcpip(4)

0x09000000050000000100000002000000070000000400000009000000060000000300000008000000

ATTENTION!=====> IpSec Tag value should be 5. ATTENTION!=====> IpSec Tag value is missing and it should be 5.

**** End of log ****

Should I get rid of all these programs once Iv'e run them?

Link to post
Share on other sites

Press Windows key + R and type regedit. Press enter.

In the left panel highlight HKEY_LOCAL_MACHINE and navigate to SYSTEM\CurrentControlSet\Control\GroupOrderList <--right click this key and select Export. Export the key to export.reg (important do not export to a text file but to a .reg file) and save it to your desktop.

Right click on export.reg and select Edit. This will open notepad, please copy/paste the contents in your next reply.

Link to post
Share on other sites

Hi.

I noticed something interesting when you asked me to copy group order list.

There is a reg just above that one called grou0 order list with almost the same items inside!!!

Anyhow here is what you asked for

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\GroupOrderList]

"Base"=hex:13,00,00,00,0e,00,00,00,01,00,00,00,02,00,00,00,03,00,00,00,04,00,\

00,00,05,00,00,00,06,00,00,00,07,00,00,00,08,00,00,00,09,00,00,00,0a,00,00,\

00,0b,00,00,00,0c,00,00,00,0d,00,00,00,0f,00,00,00,10,00,00,00,11,00,00,00,\

12,00,00,00,13,00,00,00

"Boot Bus Extender"=hex:05,00,00,00,01,00,00,00,02,00,00,00,03,00,00,00,04,00,\

00,00,05,00,00,00

"Extended Base"=hex:0d,00,00,00,01,00,00,00,02,00,00,00,04,00,00,00,0b,00,00,\

00,05,00,00,00,0a,00,00,00,08,00,00,00,06,00,00,00,07,00,00,00,09,00,00,00,\

0c,00,00,00,0d,00,00,00,0e,00,00,00

"Keyboard Class"=hex:01,00,00,00,01,00,00,00

"Keyboard Port"=hex:04,00,00,00,01,00,00,00,02,00,00,00,03,00,00,00,04,00,00,\

00

"Ndis"=hex:0e,00,00,00,01,00,00,00,02,00,00,00,03,00,00,00,04,00,00,00,05,00,\

00,00,06,00,00,00,07,00,00,00,08,00,00,00,09,00,00,00,0a,00,00,00,0c,00,00,\

00,0b,00,00,00,0e,00,00,00,0f,00,00,00

"Network"=hex:06,00,00,00,01,00,00,00,02,00,00,00,03,00,00,00,04,00,00,00,05,\

00,00,00,06,00,00,00

"Parallel arbitrator"=hex:01,00,00,00,01,00,00,00

"PNP_TDI"=hex:09,00,00,00,05,00,00,00,01,00,00,00,02,00,00,00,07,00,00,00,04,\

00,00,00,09,00,00,00,06,00,00,00,03,00,00,00,08,00,00,00

"Pointer Class"=hex:01,00,00,00,01,00,00,00

"Pointer Port"=hex:04,00,00,00,01,00,00,00,02,00,00,00,03,00,00,00,04,00,00,00

"Primary Disk"=hex:05,00,00,00,01,00,00,00,02,00,00,00,03,00,00,00,04,00,00,00,\

05,00,00,00

"SCSI CDROM Class"=hex:02,00,00,00,01,00,00,00,02,00,00,00

"SCSI Class"=hex:03,00,00,00,01,00,00,00,02,00,00,00,03,00,00,00

"SCSI Miniport"=hex:40,00,00,00,00,01,00,00,01,01,00,00,19,00,00,00,01,00,00,\

00,02,00,00,00,03,00,00,00,04,00,00,00,05,00,00,00,06,00,00,00,07,00,00,00,\

08,00,00,00,09,00,00,00,0a,00,00,00,0b,00,00,00,0c,00,00,00,0d,00,00,00,0e,\

00,00,00,0f,00,00,00,10,00,00,00,11,00,00,00,12,00,00,00,13,00,00,00,14,00,\

00,00,15,00,00,00,16,00,00,00,17,00,00,00,1a,00,00,00,18,00,00,00,1b,00,00,\

00,1c,00,00,00,1d,00,00,00,1e,00,00,00,1f,00,00,00,20,00,00,00,23,00,00,00,\

24,00,00,00,25,00,00,00,26,00,00,00,27,00,00,00,28,00,00,00,29,00,00,00,2a,\

00,00,00,2b,00,00,00,2c,00,00,00,2d,00,00,00,2e,00,00,00,2f,00,00,00,30,00,\

00,00,31,00,00,00,32,00,00,00,33,00,00,00,34,00,00,00,35,00,00,00,36,00,00,\

00,37,00,00,00,38,00,00,00,39,00,00,00,3a,00,00,00,3b,00,00,00,3c,00,00,00,\

3d,00,00,00,3e,00,00,00,3f,00,00,00,21,00,00,00

"SpoolerGroup"=hex:02,00,00,00,01,00,00,00,02,00,00,00

"System Bus Extender"=hex:0c,00,00,00,03,00,00,00,04,00,00,00,01,00,00,00,08,\

00,00,00,09,00,00,00,0a,00,00,00,0b,00,00,00,0c,00,00,00,0d,00,00,00,0e,00,\

00,00,05,00,00,00,06,00,00,00

"Video"=hex:02,00,00,00,02,00,00,00,01,00,00,00

"Video Init"=hex:01,00,00,00,01,00,00,00

"Video Save"=hex:01,00,00,00,01,00,00,00

"FSFilter Infrastructure"=hex:03,00,00,00,01,00,00,00,02,00,00,00,03,00,00,00

"FSFilter System"=hex:03,00,00,00,01,00,00,00,02,00,00,00,03,00,00,00

"FSFilter Bottom"=hex:03,00,00,00,01,00,00,00,02,00,00,00,03,00,00,00

"FSFilter Copy Protection"=hex:03,00,00,00,01,00,00,00,02,00,00,00,03,00,00,00

"FSFilter Security Enhancer"=hex:03,00,00,00,01,00,00,00,02,00,00,00,03,00,00,\

00

"FSFilter Open File"=hex:03,00,00,00,01,00,00,00,02,00,00,00,03,00,00,00

"FSFilter Physical Quota Management"=hex:03,00,00,00,01,00,00,00,02,00,00,00,\

03,00,00,00

"FSFilter Encryption"=hex:03,00,00,00,01,00,00,00,02,00,00,00,03,00,00,00

"FSFilter Compression"=hex:03,00,00,00,01,00,00,00,02,00,00,00,03,00,00,00

"FSFilter HSM"=hex:03,00,00,00,01,00,00,00,02,00,00,00,03,00,00,00

"FSFilter Cluster File System"=hex:03,00,00,00,01,00,00,00,02,00,00,00,03,00,\

00,00

"FSFilter System Recovery"=hex:04,00,00,00,01,00,00,00,02,00,00,00,03,00,00,00,\

04,00,00,00

"FSFilter Quota Management"=hex:03,00,00,00,01,00,00,00,02,00,00,00,03,00,00,\

00

"FSFilter Content Screener"=hex:05,00,00,00,01,00,00,00,02,00,00,00,03,00,00,\

00,04,00,00,00,05,00,00,00

"FSFilter Continuous Backup"=hex:03,00,00,00,01,00,00,00,02,00,00,00,03,00,00,\

00

"FSFilter Replication"=hex:03,00,00,00,01,00,00,00,02,00,00,00,03,00,00,00

"FSFilter Anti-Virus"=hex:09,00,00,00,01,00,00,00,02,00,00,00,03,00,00,00,04,\

00,00,00,05,00,00,00,06,00,00,00,07,00,00,00,08,00,00,00,09,00,00,00

"FSFilter Undelete"=hex:03,00,00,00,01,00,00,00,02,00,00,00,03,00,00,00

"FSFilter Activity Monitor"=hex:03,00,00,00,01,00,00,00,02,00,00,00,03,00,00,\

00

"FSFilter Top"=hex:03,00,00,00,01,00,00,00,02,00,00,00,03,00,00,00

"Filter"=hex:07,00,00,00,01,00,00,00,02,00,00,00,03,00,00,00,04,00,00,00,05,00,\

00,00,06,00,00,00,07,00,00,00

"PNP Filter"=hex:04,00,00,00,03,00,00,00,01,00,00,00,04,00,00,00,02,00,00,00

"Streams Drivers"=hex:01,00,00,00,01,00,00,00

"NetBIOSGroup"=hex:01,00,00,00,01,00,00,00

Link to post
Share on other sites

Here are the logs

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 8.0.6001.18702

Run by User at 23:39:21 on 2012-05-12

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.958.295 [GMT 10:00]

.

AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}

.

============== Running Processes ===============

.

C:\WINDOWS\system32\svchost.exe -k DcomLaunch

svchost.exe

C:\Program Files\Microsoft Security Client\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup

svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\LogMeIn\x86\LogMeInSystray.exe

C:\WINDOWS\system32\VTTimer.exe

C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

C:\Program Files\Microsoft Security Client\msseces.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\WINDOWS\System32\svchost.exe -k HTTPFilter

C:\Program Files\Java\jre7\bin\jqs.exe

C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe

C:\Program Files\LogMeIn\x86\RaMaint.exe

C:\Program Files\LogMeIn\x86\LogMeIn.exe

C:\WINDOWS\System32\svchost.exe -k imgsvc

C:\WINDOWS\explorer.exe

C:\Program Files\Outlook Express\msimn.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.tradingroom.com.au/apps/mkt/forex.ac

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

BHO: AutorunsDisabled - No File

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre7\bin\ssv.dll

BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre7\bin\jp2ssv.dll

BHO: SimpleAdblock Class: {ffcb3198-32f3-4e8b-9539-4324694ed664} - c:\program files\common files\simple adblock\SimpleAdblock.dll

TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

EB: Groove Folder Synchronization: {2a541ae1-5bf6-4665-a8a3-cfa9672e4291} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File

uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

mRun: [LogMeIn GUI] "c:\program files\logmein\x86\LogMeInSystray.exe"

mRun: [VTTimer] VTTimer.exe

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime

mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"

mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey

mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

dRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe

StartupFolder: c:\docume~1\user\startm~1\programs\startup\dropbox.lnk - c:\documents and settings\user\application data\dropbox\bin\Dropbox.exe

IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL

DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://www.apple.com/qtactivex/qtplugin.cab

DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} - hxxp://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab

DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} - hxxp://dl.tvunetworks.com/TVUAx.cab

DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1173184360781

DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab

DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab

DPF: {CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_03-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab

DPF: {CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.adobe.com/pub/shockwave/cabs/flash/swflash.cab

DPF: {D4003189-95B1-4A2F-9A87-F2B03665960D} - hxxp://www.freecricket.tv/plugins/freecricket.cab

DPF: {DD3641E5-A9CF-11D1-9AA1-444553540000} - hxxp://www.belairresort.com.au/virtual-tour/tours/cabs/svideo3.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxps://secure.logmein.com/activex/ractrl.cab?lmi=724

TCP: DhcpNameServer = 192.168.1.1

TCP: Interfaces\{03781020-5ECC-48FF-B925-FED478BC9CDB} : DhcpNameServer = 192.168.1.1

Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll

Notify: LMIinit - LMIinit.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

.

============= SERVICES / DRIVERS ===============

.

R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-10-24 171064]

R0 xfilt;VIA SATA IDE Hot-plug Driver;c:\windows\system32\drivers\xfilt.sys [2007-2-6 22168]

R1 MpKslfd5d7bbf;MpKslfd5d7bbf;c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{1016886e-c7ca-4fd4-b6d8-a49cfa978ab6}\MpKslfd5d7bbf.sys [2012-5-12 29904]

R2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\logmein\x86\LMIGuardianSvc.exe [2010-10-2 374152]

R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\logmein\x86\rainfo.sys [2007-4-17 12856]

R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2007-7-10 47640]

R3 radpms;Driver for RADPMS Device;c:\windows\system32\drivers\radpms.sys [2007-4-17 13408]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-1 253088]

S3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshim.sys --> c:\windows\system32\drivers\AVGIDSShim.Sys [?]

S3 SR9USB;SR9600 USB To Fast Ethernet Adapter;c:\windows\system32\drivers\SR9USB.sys [2011-5-30 14592]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

S4 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-2-1 135664]

S4 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-2-1 135664]

S4 LMIRfsClientNP;LMIRfsClientNP; [x]

.

=============== Created Last 30 ================

.

2012-05-12 11:31:21 56200 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{1016886e-c7ca-4fd4-b6d8-a49cfa978ab6}\offreg.dll

2012-05-12 11:31:20 29904 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{1016886e-c7ca-4fd4-b6d8-a49cfa978ab6}\MpKslfd5d7bbf.sys

2012-05-12 11:28:24 6734704 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{1016886e-c7ca-4fd4-b6d8-a49cfa978ab6}\mpengine.dll

2012-05-10 16:18:14 6734704 ------w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll

2012-05-10 16:03:33 75264 -c--a-w- c:\windows\system32\dllcache\ipsec.sys

2012-05-10 16:03:33 75264 ----a-w- c:\windows\system32\drivers\ipsec.sys

2012-05-10 15:35:35 -------- d-sha-r- C:\cmdcons

2012-05-10 15:35:34 -------- d-----w- c:\windows\setup.pss

2012-05-10 15:23:35 98816 ----a-w- c:\windows\sed.exe

2012-05-10 15:23:35 518144 ----a-w- c:\windows\SWREG.exe

2012-05-10 15:23:35 256000 ----a-w- c:\windows\PEV.exe

2012-05-10 15:23:35 208896 ----a-w- c:\windows\MBR.exe

2012-05-05 13:21:57 -------- d-----w- c:\documents and settings\user\local settings\application data\{4608863F-96B5-11E1-826D-B8AC6F996F26}

2012-05-05 11:42:13 -------- d-----w- c:\documents and settings\user\application data\memoMiiO-HK

2012-05-05 11:40:50 -------- d-----w- c:\program files\memoMiiO-HK

2012-04-28 09:58:25 -------- d-----w- c:\program files\Dropbox

.

==================== Find3M ====================

.

2012-05-09 15:28:18 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-05-09 15:27:55 418464 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-04-04 05:56:40 22344 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-03-20 10:44:12 171064 ----a-w- c:\windows\system32\drivers\MpFilter.sys

2012-03-01 11:01:32 916992 ----a-w- c:\windows\system32\wininet.dll

2012-03-01 11:01:32 43520 ------w- c:\windows\system32\licmgr10.dll

2012-03-01 11:01:32 1469440 ------w- c:\windows\system32\inetcpl.cpl

2012-02-29 14:10:16 177664 ----a-w- c:\windows\system32\wintrust.dll

2012-02-29 14:10:16 148480 ----a-w- c:\windows\system32\imagehlp.dll

2012-02-29 12:17:40 385024 ------w- c:\windows\system32\html.iec

.

============= FINISH: 23:41:31.90 ===============

and here is the other one

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft Windows XP Home Edition

Boot Device: \Device\HarddiskVolume2

Install Date: 8/02/2009 7:51:01 PM

System Uptime: 12/05/2012 9:19:32 PM (2 hours ago)

.

Motherboard: ASUSTeK Computer INC. | | P5VD2-MX

Processor: Intel® Core2 CPU 6300 @ 1.86GHz | Socket 775 | 1861/266mhz

.

==== Disk Partitions =========================

.

A: is Removable

C: is FIXED (NTFS) - 75 GiB total, 11.572 GiB free.

D: is CDROM ()

E: is FIXED (NTFS) - 932 GiB total, 53.998 GiB free.

G: is Removable

H: is Removable

I: is Removable

J: is Removable

.

==== Disabled Device Manager Items =============

.

Class GUID: {EEC5AD98-8080-425F-922A-DABF3DE3F69A}

Description: Nokia 6280

Device ID: ROOT\WPD\0000

Manufacturer: Nokia

Name: Nokia 6280

PNP Device ID: ROOT\WPD\0000

Service: WUDFRd

.

==== System Restore Points ===================

.

RP1257: 21/03/2012 9:10:10 AM - Microsoft Antimalware Checkpoint

RP1258: 21/03/2012 12:51:00 PM - Software Distribution Service 3.0

RP1259: 22/03/2012 12:03:57 AM - Software Distribution Service 3.0

RP1260: 22/03/2012 3:48:39 AM - Software Distribution Service 3.0

RP1261: 23/03/2012 4:02:06 AM - System Checkpoint

RP1262: 24/03/2012 9:11:54 PM - Software Distribution Service 3.0

RP1263: 25/03/2012 3:34:22 AM - Software Distribution Service 3.0

RP1264: 25/03/2012 9:07:12 PM - Software Distribution Service 3.0

RP1265: 26/03/2012 3:33:19 AM - Software Distribution Service 3.0

RP1266: 26/03/2012 11:58:38 PM - Software Distribution Service 3.0

RP1267: 27/03/2012 3:32:35 AM - Software Distribution Service 3.0

RP1268: 28/03/2012 12:04:44 AM - Software Distribution Service 3.0

RP1269: 28/03/2012 3:33:08 AM - Software Distribution Service 3.0

RP1270: 28/03/2012 11:58:44 PM - Software Distribution Service 3.0

RP1271: 29/03/2012 3:33:18 AM - Software Distribution Service 3.0

RP1272: 29/03/2012 11:59:11 PM - Software Distribution Service 3.0

RP1273: 30/03/2012 3:32:57 AM - Software Distribution Service 3.0

RP1274: 31/03/2012 9:02:26 PM - Software Distribution Service 3.0

RP1275: 1/04/2012 4:57:01 AM - Software Distribution Service 3.0

RP1276: 2/04/2012 4:44:42 AM - Software Distribution Service 3.0

RP1277: 2/04/2012 11:31:47 AM - Software Distribution Service 3.0

RP1278: 3/04/2012 4:44:22 AM - Software Distribution Service 3.0

RP1279: 3/04/2012 11:30:47 AM - Software Distribution Service 3.0

RP1280: 4/04/2012 4:43:46 AM - Software Distribution Service 3.0

RP1281: 4/04/2012 11:31:43 AM - Software Distribution Service 3.0

RP1282: 5/04/2012 4:43:49 AM - Software Distribution Service 3.0

RP1283: 5/04/2012 11:31:23 AM - Software Distribution Service 3.0

RP1284: 6/04/2012 4:43:45 AM - Software Distribution Service 3.0

RP1285: 6/04/2012 11:31:53 AM - Software Distribution Service 3.0

RP1286: 7/04/2012 4:44:07 AM - Software Distribution Service 3.0

RP1287: 7/04/2012 11:29:50 AM - Software Distribution Service 3.0

RP1288: 8/04/2012 4:43:36 AM - Software Distribution Service 3.0

RP1289: 8/04/2012 11:30:28 AM - Software Distribution Service 3.0

RP1290: 9/04/2012 3:44:02 AM - Software Distribution Service 3.0

RP1291: 9/04/2012 10:30:19 AM - Software Distribution Service 3.0

RP1292: 10/04/2012 3:44:00 AM - Software Distribution Service 3.0

RP1293: 10/04/2012 10:31:05 AM - Software Distribution Service 3.0

RP1294: 11/04/2012 3:44:10 AM - Software Distribution Service 3.0

RP1295: 11/04/2012 10:32:04 AM - Software Distribution Service 3.0

RP1296: 12/04/2012 3:01:11 AM - Software Distribution Service 3.0

RP1297: 12/04/2012 3:56:19 AM - Software Distribution Service 3.0

RP1298: 14/04/2012 7:20:48 PM - Software Distribution Service 3.0

RP1299: 15/04/2012 3:31:45 AM - Software Distribution Service 3.0

RP1300: 15/04/2012 9:05:56 AM - Microsoft Antimalware Checkpoint

RP1301: 15/04/2012 9:09:53 AM - Software Distribution Service 3.0

RP1302: 16/04/2012 4:13:43 AM - Software Distribution Service 3.0

RP1303: 16/04/2012 6:57:04 PM - Software Distribution Service 3.0

RP1304: 17/04/2012 4:12:35 AM - Software Distribution Service 3.0

RP1305: 17/04/2012 6:57:03 PM - Software Distribution Service 3.0

RP1306: 18/04/2012 4:12:30 AM - Software Distribution Service 3.0

RP1307: 18/04/2012 6:57:10 PM - Software Distribution Service 3.0

RP1308: 19/04/2012 4:12:34 AM - Software Distribution Service 3.0

RP1309: 19/04/2012 6:56:34 PM - Software Distribution Service 3.0

RP1310: 20/04/2012 4:13:19 AM - Software Distribution Service 3.0

RP1311: 21/04/2012 8:20:44 PM - Software Distribution Service 3.0

RP1312: 22/04/2012 3:59:12 AM - Software Distribution Service 3.0

RP1313: 22/04/2012 8:15:41 PM - Software Distribution Service 3.0

RP1314: 23/04/2012 3:58:40 AM - Software Distribution Service 3.0

RP1315: 24/04/2012 3:51:03 AM - Software Distribution Service 3.0

RP1316: 24/04/2012 7:12:47 PM - Software Distribution Service 3.0

RP1317: 25/04/2012 3:50:43 AM - Software Distribution Service 3.0

RP1318: 25/04/2012 7:12:32 PM - Software Distribution Service 3.0

RP1319: 26/04/2012 3:50:50 AM - Software Distribution Service 3.0

RP1320: 26/04/2012 7:13:21 PM - Software Distribution Service 3.0

RP1321: 27/04/2012 3:50:58 AM - Software Distribution Service 3.0

RP1322: 28/04/2012 8:02:47 PM - Software Distribution Service 3.0

RP1323: 29/04/2012 3:37:21 AM - Software Distribution Service 3.0

RP1324: 30/04/2012 3:55:56 AM - System Checkpoint

RP1325: 30/04/2012 4:12:30 AM - Software Distribution Service 3.0

RP1326: 30/04/2012 2:47:51 PM - Software Distribution Service 3.0

RP1327: 1/05/2012 4:13:21 AM - Software Distribution Service 3.0

RP1328: 1/05/2012 2:47:55 PM - Software Distribution Service 3.0

RP1329: 2/05/2012 4:12:45 AM - Software Distribution Service 3.0

RP1330: 2/05/2012 2:48:31 PM - Software Distribution Service 3.0

RP1331: 3/05/2012 3:43:14 AM - Software Distribution Service 3.0

RP1332: 3/05/2012 10:58:51 PM - Software Distribution Service 3.0

RP1333: 4/05/2012 3:42:56 AM - Software Distribution Service 3.0

RP1334: 5/05/2012 6:52:59 PM - Software Distribution Service 3.0

RP1335: 5/05/2012 11:20:31 PM - Microsoft Antimalware Checkpoint

RP1336: 6/05/2012 12:45:10 AM - Software Distribution Service 3.0

RP1337: 6/05/2012 11:27:11 PM - Microsoft Antimalware Checkpoint

RP1338: 7/05/2012 3:38:38 AM - Software Distribution Service 3.0

RP1339: 7/05/2012 8:05:19 AM - Software Distribution Service 3.0

RP1340: 7/05/2012 9:04:15 AM - Software Distribution Service 3.0

RP1341: 7/05/2012 11:30:20 PM - Microsoft Antimalware Checkpoint

RP1342: 8/05/2012 4:16:02 AM - Software Distribution Service 3.0

RP1343: 8/05/2012 8:47:04 AM - Software Distribution Service 3.0

RP1344: 8/05/2012 11:44:27 PM - Microsoft Antimalware Checkpoint

RP1345: 9/05/2012 4:02:17 AM - Software Distribution Service 3.0

RP1346: 9/05/2012 9:11:42 AM - Software Distribution Service 3.0

RP1347: 10/05/2012 1:17:03 AM - Restore Operation

RP1348: 10/05/2012 1:45:38 AM - Microsoft Antimalware Checkpoint

RP1349: 11/05/2012 1:23:49 AM - ComboFix created restore point

RP1350: 12/05/2012 7:23:12 PM - System Checkpoint

RP1351: 12/05/2012 9:28:12 PM - Software Distribution Service 3.0

.

==== Installed Programs ======================

.

µTorrent

aaa

ABC Color with Me

Adobe AIR

Adobe Bridge 1.0

Adobe Common File Installer

Adobe Flash Player 11 ActiveX

Adobe Flash Player 11 Plugin

Adobe Help Center 1.0

Adobe Photoshop CS2

Adobe Reader X (10.1.3)

Adobe Stock Photos 1.0

Audacity 1.3.14 (Unicode)

Audacity 2.0

AutoUpdate

Bit Che

Bookworm Deluxe 1.13

Camera Window

Canon Camera WIA Driver

Canon Camera Window for ZoomBrowser EX

Canon EOS Kiss REBEL 300D WIA Driver

Canon RAW Image Task for ZoomBrowser EX

Canon RemoteCapture Task for ZoomBrowser EX

Canon Utilities File Viewer Utility 1.3

Canon Utilities PhotoStitch 3.1

Canon Utilities RemoteCapture 2.7

Chinese Simplified Fonts Support For Adobe Reader 8

Connected Kids Coloring Book #1

Critical Update for Windows Media Player 11 (KB959772)

Defraggler

Device Doctor

DivX Version Checker

Dropbox

EPSON Printer Software

Family Tree Maker

File Viewer Utility 1.3.2

Free CD to MP3 Converter

Free M4a to MP3 Converter 6.1

Google Chrome

Google Toolbar for Internet Explorer

Google Update Helper

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

Hotfix for Windows XP (KB2158563)

Hotfix for Windows XP (KB2443685)

Hotfix for Windows XP (KB2570791)

Hotfix for Windows XP (KB2633952)

Hotfix for Windows XP (KB954550-v5)

Hotfix for Windows XP (KB961118)

Hotfix for Windows XP (KB970653-v3)

Hotfix for Windows XP (KB976098-v2)

Hotfix for Windows XP (KB979306)

Hotfix for Windows XP (KB981793)

HP USB Disk Storage Format Tool

Icy Tower v1.4

InterActual Player

J2SE Runtime Environment 5.0 Update 3

Java Auto Updater

Java 6 Update 2

Java 6 Update 3

Java 6 Update 32

Java 6 Update 5

Java 6 Update 7

Java 7 Update 1

Java SE Runtime Environment 6 Update 1

JMB36X Raid Configurer

JPEGCrops 0.7.3 beta

LaserJet 1020 series

LimeWire 4.18.5

LogMeIn

Malwarebytes Anti-Malware version 1.61.0.1400

Mario Forever v 2.16 !

memoMiiO-HK

Microsoft .NET Framework 2.0 Service Pack 2

Microsoft .NET Framework 3.0 Service Pack 2

Microsoft .NET Framework 3.5 SP1

Microsoft .NET Framework 4 Client Profile

Microsoft Application Error Reporting

Microsoft Choice Guard

Microsoft Compression Client Pack 1.0 for Windows XP

Microsoft Kernel-Mode Driver Framework Feature Pack 1.5

Microsoft Kernel-Mode Driver Framework Feature Pack 1.7

Microsoft Kernel-Mode Driver Framework Feature Pack 1.9

Microsoft Office 2007 Service Pack 3 (SP3)

Microsoft Office Access MUI (English) 2007

Microsoft Office Access Setup Metadata MUI (English) 2007

Microsoft Office Enterprise 2007

Microsoft Office Excel MUI (English) 2007

Microsoft Office File Validation Add-In

Microsoft Office Groove MUI (English) 2007

Microsoft Office Groove Setup Metadata MUI (English) 2007

Microsoft Office InfoPath MUI (English) 2007

Microsoft Office OneNote MUI (English) 2007

Microsoft Office Outlook MUI (English) 2007

Microsoft Office PowerPoint MUI (English) 2007

Microsoft Office Professional Edition 2003

Microsoft Office Proof (English) 2007

Microsoft Office Proof (French) 2007

Microsoft Office Proof (Spanish) 2007

Microsoft Office Proofing (English) 2007

Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

Microsoft Office Publisher MUI (English) 2007

Microsoft Office Shared MUI (English) 2007

Microsoft Office Shared Setup Metadata MUI (English) 2007

Microsoft Office Word MUI (English) 2007

Microsoft Security Client

Microsoft Security Essentials

Microsoft Silverlight

Microsoft Software Update for Web Folders (English) 12

Microsoft User-Mode Driver Framework Feature Pack 1.9

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

MSVC80_x86

MSVC80_x86_v2

MSVCRT

MSXML 4.0 SP2 (KB936181)

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

OGA Notifier 1.7.0105.35.0

OptusNet DSL

PC Connectivity Solution

PhotoStitch

Platform

PowerDVD

RAW Image Task

RemoteCapture 2.7.5

RemoteCapture Task

Samsung PC Studio

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)

Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2598041) 32-Bit Edition

Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition

Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition

Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition

Security Update for Microsoft Windows (KB2564958)

Security Update for Windows Internet Explorer 8 (KB2510531)

Security Update for Windows Internet Explorer 8 (KB2544521)

Security Update for Windows Internet Explorer 8 (KB2618444)

Security Update for Windows Internet Explorer 8 (KB2647516)

Security Update for Windows Internet Explorer 8 (KB2675157)

Security Update for Windows Internet Explorer 8 (KB982381)

Security Update for Windows Media Player (KB2378111)

Security Update for Windows Media Player (KB954155)

Security Update for Windows Media Player (KB968816)

Security Update for Windows Media Player (KB973540)

Security Update for Windows Media Player (KB975558)

Security Update for Windows Media Player (KB978695)

Security Update for Windows XP (KB2079403)

Security Update for Windows XP (KB2115168)

Security Update for Windows XP (KB2121546)

Security Update for Windows XP (KB2160329)

Security Update for Windows XP (KB2183461)

Security Update for Windows XP (KB2229593)

Security Update for Windows XP (KB2259922)

Security Update for Windows XP (KB2279986)

Security Update for Windows XP (KB2286198)

Security Update for Windows XP (KB2296011)

Security Update for Windows XP (KB2296199)

Security Update for Windows XP (KB2347290)

Security Update for Windows XP (KB2360131)

Security Update for Windows XP (KB2360937)

Security Update for Windows XP (KB2387149)

Security Update for Windows XP (KB2393802)

Security Update for Windows XP (KB2412687)

Security Update for Windows XP (KB2416400)

Security Update for Windows XP (KB2419632)

Security Update for Windows XP (KB2423089)

Security Update for Windows XP (KB2436673)

Security Update for Windows XP (KB2440591)

Security Update for Windows XP (KB2443105)

Security Update for Windows XP (KB2476490)

Security Update for Windows XP (KB2476687)

Security Update for Windows XP (KB2478960)

Security Update for Windows XP (KB2478971)

Security Update for Windows XP (KB2479628)

Security Update for Windows XP (KB2479943)

Security Update for Windows XP (KB2481109)

Security Update for Windows XP (KB2482017)

Security Update for Windows XP (KB2483185)

Security Update for Windows XP (KB2485376)

Security Update for Windows XP (KB2485663)

Security Update for Windows XP (KB2491683)

Security Update for Windows XP (KB2503658)

Security Update for Windows XP (KB2503665)

Security Update for Windows XP (KB2506212)

Security Update for Windows XP (KB2506223)

Security Update for Windows XP (KB2507618)

Security Update for Windows XP (KB2507938)

Security Update for Windows XP (KB2508272)

Security Update for Windows XP (KB2508429)

Security Update for Windows XP (KB2509553)

Security Update for Windows XP (KB2511455)

Security Update for Windows XP (KB2524375)

Security Update for Windows XP (KB2535512)

Security Update for Windows XP (KB2536276-v2)

Security Update for Windows XP (KB2536276)

Security Update for Windows XP (KB2544893-v2)

Security Update for Windows XP (KB2544893)

Security Update for Windows XP (KB2555917)

Security Update for Windows XP (KB2562937)

Security Update for Windows XP (KB2566454)

Security Update for Windows XP (KB2567053)

Security Update for Windows XP (KB2567680)

Security Update for Windows XP (KB2570222)

Security Update for Windows XP (KB2570947)

Security Update for Windows XP (KB2584146)

Security Update for Windows XP (KB2585542)

Security Update for Windows XP (KB2592799)

Security Update for Windows XP (KB2598479)

Security Update for Windows XP (KB2603381)

Security Update for Windows XP (KB2618451)

Security Update for Windows XP (KB2619339)

Security Update for Windows XP (KB2620712)

Security Update for Windows XP (KB2621440)

Security Update for Windows XP (KB2624667)

Security Update for Windows XP (KB2631813)

Security Update for Windows XP (KB2633171)

Security Update for Windows XP (KB2639417)

Security Update for Windows XP (KB2641653)

Security Update for Windows XP (KB2646524)

Security Update for Windows XP (KB2647518)

Security Update for Windows XP (KB2653956)

Security Update for Windows XP (KB2660465)

Security Update for Windows XP (KB2661637)

Security Update for Windows XP (KB923561)

Security Update for Windows XP (KB923789)

Security Update for Windows XP (KB946648)

Security Update for Windows XP (KB952004)

Security Update for Windows XP (KB953155)

Security Update for Windows XP (KB956572)

Security Update for Windows XP (KB956744)

Security Update for Windows XP (KB956844)

Security Update for Windows XP (KB958690)

Security Update for Windows XP (KB958869)

Security Update for Windows XP (KB959426)

Security Update for Windows XP (KB960225)

Security Update for Windows XP (KB960715)

Security Update for Windows XP (KB960803)

Security Update for Windows XP (KB960859)

Security Update for Windows XP (KB961371)

Security Update for Windows XP (KB961373)

Security Update for Windows XP (KB961501)

Security Update for Windows XP (KB963027)

Security Update for Windows XP (KB968537)

Security Update for Windows XP (KB969059)

Security Update for Windows XP (KB969897)

Security Update for Windows XP (KB969898)

Security Update for Windows XP (KB969947)

Security Update for Windows XP (KB970238)

Security Update for Windows XP (KB970430)

Security Update for Windows XP (KB971468)

Security Update for Windows XP (KB971486)

Security Update for Windows XP (KB971557)

Security Update for Windows XP (KB971633)

Security Update for Windows XP (KB971657)

Security Update for Windows XP (KB971961)

Security Update for Windows XP (KB972260)

Security Update for Windows XP (KB972270)

Security Update for Windows XP (KB973346)

Security Update for Windows XP (KB973354)

Security Update for Windows XP (KB973507)

Security Update for Windows XP (KB973525)

Security Update for Windows XP (KB973869)

Security Update for Windows XP (KB973904)

Security Update for Windows XP (KB974112)

Security Update for Windows XP (KB974318)

Security Update for Windows XP (KB974392)

Security Update for Windows XP (KB974455)

Security Update for Windows XP (KB974571)

Security Update for Windows XP (KB975025)

Security Update for Windows XP (KB975467)

Security Update for Windows XP (KB975560)

Security Update for Windows XP (KB975561)

Security Update for Windows XP (KB975562)

Security Update for Windows XP (KB975713)

Security Update for Windows XP (KB976325)

Security Update for Windows XP (KB977165)

Security Update for Windows XP (KB977816)

Security Update for Windows XP (KB977914)

Security Update for Windows XP (KB978037)

Security Update for Windows XP (KB978251)

Security Update for Windows XP (KB978262)

Security Update for Windows XP (KB978338)

Security Update for Windows XP (KB978542)

Security Update for Windows XP (KB978601)

Security Update for Windows XP (KB978706)

Security Update for Windows XP (KB979309)

Security Update for Windows XP (KB979482)

Security Update for Windows XP (KB979559)

Security Update for Windows XP (KB979683)

Security Update for Windows XP (KB979687)

Security Update for Windows XP (KB980195)

Security Update for Windows XP (KB980218)

Security Update for Windows XP (KB980232)

Security Update for Windows XP (KB980436)

Security Update for Windows XP (KB981322)

Security Update for Windows XP (KB981349)

Security Update for Windows XP (KB981852)

Security Update for Windows XP (KB981957)

Security Update for Windows XP (KB981997)

Security Update for Windows XP (KB982132)

Security Update for Windows XP (KB982214)

Security Update for Windows XP (KB982381)

Security Update for Windows XP (KB982665)

Security Update for Windows XP (KB982802)

Segoe UI

Siemens Subscriber Networks SpeedStream DSL

Simple Adblock

Snood 2.2R (Full Version)

Spelling Dictionaries Support For Adobe Reader 8

SR9600 Driver

Switch Sound File Converter

Update for 2007 Microsoft Office System (KB967642)

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)

Update for Microsoft Office 2007 Help for Common Features (KB963673)

Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition

Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition

Update for Microsoft Office 2007 suites (KB2598306) 32-Bit Edition

Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition

Update for Microsoft Office Excel 2007 Help (KB963678)

Update for Microsoft Office Powerpoint 2007 Help (KB963669)

Update for Microsoft Office Word 2007 Help (KB963665)

Update for Windows Internet Explorer 8 (KB2598845)

Update for Windows Internet Explorer 8 (KB2632503)

Update for Windows XP (KB2141007)

Update for Windows XP (KB2345886)

Update for Windows XP (KB2467659)

Update for Windows XP (KB2492386)

Update for Windows XP (KB2541763)

Update for Windows XP (KB2607712)

Update for Windows XP (KB2616676)

Update for Windows XP (KB2641690)

Update for Windows XP (KB955759)

Update for Windows XP (KB961503)

Update for Windows XP (KB967715)

Update for Windows XP (KB968389)

Update for Windows XP (KB971029)

Update for Windows XP (KB971737)

Update for Windows XP (KB973687)

Update for Windows XP (KB973815)

Update for Windows XP (KB976749)

Update for Windows XP (KB978207)

Update for Windows XP (KB980182)

USB Storage Driver

VIA Platform Device Manager

VIA Rhine-Family Fast-Ethernet Adapter

VIA/S3G Display Driver 6.14.10.0359

VLC media player 2.0.1

WebFldrs XP

Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0)

Windows Genuine Advantage Notifications (KB905474)

Windows Genuine Advantage Validation Tool (KB892130)

Windows Internet Explorer 8

Windows Live Call

Windows Live Communications Platform

Windows Live Essentials

Windows Live Messenger

Windows Live Sign-in Assistant

Windows Media Format 11 runtime

Windows Media Player 11

Windows XP Service Pack 3

WinRAR 4.11 (32-bit)

.

==== Event Viewer Messages From Past Week ========

.

12/05/2012 6:51:17 PM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.125.1435.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8304.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.

11/05/2012 5:10:55 AM, error: Service Control Manager [7001] - The Network Location Awareness (NLA) service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: The system cannot find the file specified.

11/05/2012 4:08:39 AM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.125.1435.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8304.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.

11/05/2012 3:50:47 PM, error: DCOM [10005] - DCOM got error "%1068" attempting to start the service upnphost with arguments "" in order to run the server: {204810B9-73B2-11D4-BF42-00B0D0118B56}

11/05/2012 2:50:45 AM, error: Service Control Manager [7023] - The Windows Firewall/Internet Connection Sharing (ICS) service terminated with the following error: The system cannot find the file specified.

11/05/2012 2:17:43 AM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.125.1435.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8304.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.

11/05/2012 2:10:09 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Tcpip

11/05/2012 2:10:00 AM, error: Service Control Manager [7001] - The Universal Plug and Play Device Host service depends on the SSDP Discovery Service service which failed to start because of the following error: The operation completed successfully.

11/05/2012 2:10:00 AM, error: Service Control Manager [7001] - The DHCP Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.

11/05/2012 2:07:50 AM, error: NetBT [4311] - Initialization failed because the driver device could not be created.

11/05/2012 2:02:44 AM, error: Service Control Manager [7001] - The TCP/IP Protocol Driver service depends on the IPSec service which failed to start because of the following error: The system cannot find the file specified.

11/05/2012 2:02:44 AM, error: Service Control Manager [7000] - The IPSec service failed to start due to the following error: The system cannot find the file specified.

11/05/2012 11:17:48 AM, error: Service Control Manager [7000] - The TCP/IP Protocol Driver service failed to start due to the following error: The system cannot find the file specified.

11/05/2012 1:57:07 AM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.125.1435.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8304.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.

11/05/2012 1:44:50 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: IPSec Tcpip

11/05/2012 1:40:22 AM, error: Service Control Manager [7003] - The TCP/IP Protocol Driver service depends on the following nonexistent service: IPSec

11/05/2012 1:37:59 AM, error: Service Control Manager [7001] - The Network Location Awareness (NLA) service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: The dependency service does not exist or has been marked for deletion.

11/05/2012 1:07:07 AM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service helpsvc with arguments "" in order to run the server: {833E4010-AFF7-4AC3-AAC2-9F24C1457BCE}

10/05/2012 8:46:32 PM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service gusvc with arguments "" in order to run the server: {89DAE4CD-9F17-4980-902A-99BA84A8F5C8}

.

==== End Of File ===========================

Link to post
Share on other sites

Hi again,

P2P WARNING

-------------------

Going over your logs I noticed that you have uTorrent installed.

  • Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.
  • They are a security risk which can make your computer susceptible to a wide variety of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.
  • Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users.
  • The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications.

It is pretty much certain that if you continue to use P2P programs, you will get infected again.

I would recommend that you uninstall uTorrent, however that choice is up to you. If you choose to remove these programs, you can do so via Start > Control Panel > Add/Remove Programs.

If you wish to keep it, please do not use it until your computer is cleaned.

ESET ONLINE SCANNER

----------------------------

I'd like us to scan your machine with ESET OnlineScan

  1. Hold down Control and click on this link to open ESET OnlineScan in a new window.
  2. Click the esetonlinebtn.png button.
  3. For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

    1. Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
    2. Double click on the esetsmartinstaller_enu.png
      icon on your desktop.

    3. Check "YES, I accept the Terms of Use."
    4. Click the Start button.
    5. Accept any security warnings from your browser.
    6. Under scan settings, check "Scan Archives" and "Remove found threats"
    7. Click Advanced settings and select the following:
      • Scan potentially unwanted applications
      • Scan for potentially unsafe applications
      • Enable Anti-Stealth technology

[*]ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.

[*]When the scan completes, click List Threats

[*]Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.

[*]Click the Back button.

[*]Click the Finish button.

Link to post
Share on other sites

<p sab="3266">I found 5 infected files during a scan which was half way through, however I lost the connection and had to start again.</p>

<p sab="3267">Here are the results</p>

<p sab="3268"> </p>

<p sab="3269">E:\Age Of Empires 3 Incl Expansion and keys\freefileviewer_2_1283.exe a variant of Win32/InstallIQ application cleaned by deleting - quarantined<br sab="3270" />

 </p>

<p sab="3271">I recall that 2 of them were in Java one of the viruses was called softonicdownloader.d another called java agent.ac trojan and a third called openstream.nby. All 3 must have been deleted.</p>

<p sab="3272"> </p>

<p sab="3273">I only use utorrents for avi files</p>

<p sab="3274"> </p>

<p sab="3275">Is there anything else I shoud do?</p>

<p sab="3276">Thanks again<img alt=":)" class="bbc_emoticon" height="20" sab="3277" src="http://forums.malwarebytes.org/public/style_emoticons/default/smile.png" title=":)" width="20" /></p>

Link to post
Share on other sites

<p sab="3344">Something wierd happened with the previous post</p>

<p sab="3344"> </p>

<p sab="3344">I found 5 infected files during a scan which was half way through, however I lost the connection and had to start again</p>

<p sab="3344">Here are the results</p>

<p sab="3344">E:\Age Of Empires 3 Incl Expansion and keys\freefileviewer_2_1283.exe a variant of Win32/InstallIQ application cleaned by deleting - quarantined</p>

<p sab="3344">I recall that 2 of them were in Java one of the viruses was called softonicdownloader.d another called java agent.ac trojan and a third called openstream.nby. All 3 must have been deleted</p>

<p sab="3344">I only use utorrents for avi files</p>

<p sab="3344">Is there anything else I shoud do?</p>

<p sab="3344">Thanks again</p>

Link to post
Share on other sites

Downloading pirated .avi files is (aside from legal issues) just as much a risk as anything else as malware can be embedded.

ALL CLEAN

--------------

Your machine appears to be clean, please take the time to read below on how to secure the machine and take the necessary steps to keep it clean :)

Please do the following to remove the remaining programs from your PC:

  • Delete the tools used during the disinfection:
    • Press windows key Windows_Logo_key.gif + r on your keyboard at the same time. In the run box type combofix /uninstall, then press OK.
      run-box.jpg
    • This will remove Combofix and other tools we used from your computer.

    [*]You can delete any other tool or log by simply deleting them.

Please read the following advice on how to prevent reinfecting your PC:

  1. Install and update the following programs regularly:
    • an outbound firewall. If you are connected to the internet through a router, you are already behind a hardware firewall and as such you do not need an extra software firewall.
      A comprehensive tutorial and a list of possible firewalls can be found here.
    • an AntiVirus Software
      It is imperative that you update your AntiVirus Software on regular basis.If you do not update your AntiVirus Software then it will not be able to catch the latest threats.
    • an Anti-Spyware program
      Malware Byte's Anti Malware is an excellent Anti-Spyware scanner. It's scan times are usually under ten minutes, and has excellent detection and removal rates.
      SUPERAntiSpyware is another good scanner with high detection and removal rates.
      Both programs are free for non commercial home use but provide a resident and do not nag if you purchase the paid versions.
    • Spyware Blaster
      A tutorial for Spywareblaster can be found here. If you wish, the commercial version provides automatic updating.

[*]Keep Windows (and your other Microsoft software) up to date!

I cannot stress how important this is enough. Often holes are found in Internet Explorer or Windows itself that require patching. Sometimes these holes will allow an attacker unrestricted access to your computer.

Therefore, please, visit the Microsoft Update Website and follow the on screen instructions to setup Microsoft Update. Also follow the instructions to update your system. Please REBOOT and repeat this process until there are no more updates to install!!

[*]Keep your other software up to date as well

Software does not need to be made by Microsoft to be insecure. You can use the Secunia Online Software occasionally to help you check for out of date software on yourmachine.

[*]Stay up to date!

The MOST IMPORTANT part of any security setup is keeping the software up to date. Malware writers release new variants every single day. If your software updates don't keep up, then the malware will always be one step ahead. Not a good thing.

Some more links you might find of interest:

Please reply to this topic if you have read the above information. If your computer is working fine, this topic will be closed afterwards.

Link to post
Share on other sites

You can't, it is a part of Windows. It takes up a minimum of space though and is useful to have; in case you can't boot into windows for some reason it provides you with a command line environment that can be used for recovery. If it really bothers you we can remove its reference from the boot.ini file, but I wouldn't recommend it.

Link to post
Share on other sites

  • 4 weeks later...

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.