Jump to content

Infected with lots of malware PLEASE help

Recommended Posts

i noticed i had a problem when my email started sending out hundreds of blank emails to random contacts

here are my logs thank you!


DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 8.0.6001.19088

Run by Michael Heller at 1:30:52 on 2012-08-12

Microsoft® Windows Vista™ Home Basic 6.0.6001.1.1252.1.1033.18.2036.470 [GMT -4:00]


AV: Norton Security Suite *Disabled/Outdated* {63DF5164-9100-186D-2187-8DC619EFD8BF}

AV: AVG Anti-Virus Free *Enabled/Updated* {0C939084-9E57-CBDB-EA61-0B0C7F62AF82}

SP: AVG Anti-Virus Free *Enabled/Updated* {B7F27160-B86D-C455-D0D1-307E04E5E53F}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: Norton Security Suite *Disabled/Outdated* {D8BEB080-B73A-17E3-1B37-B6B462689202}

FW: Norton Security Suite *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}


============== Running Processes ===============




C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k rpcss

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k GPSvcGroup


C:\Windows\system32\svchost.exe -k LocalService

C:\Program Files\Dell\DellDock\DockLogin.exe

C:\Windows\system32\svchost.exe -k NetworkService


C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork



C:\Program Files\SUPERAntiSpyware\SASCORE.EXE

C:\Program Files\Belkin\Router Setup and Monitor\BelkinService.exe

C:\Program Files\comcasttb\ComcastSpywareScan\ComcastAntiSpyService.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe


C:\Program Files\Bonjour\mDNSResponder.exe


C:\Windows\system32\svchost.exe -k hpdevmgmt

C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe

C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe



C:\Program Files\Common Files\Motive\McciCMService.exe

C:\Program Files\Norton Security Suite\Engine\\ccSvcHst.exe

C:\Program Files\Norton PC Checkup 3.0\SymcPCCULaunchSvc.exe

C:\Program Files\Norton PC Checkup\Norton PC Checkup\Engine\\ccSvcHst.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Program Files\Dell Support Center\bin\sprtsvc.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files\Viewpoint\Common\ViewpointService.exe

C:\Windows\System32\svchost.exe -k WerSvcGroup


C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe


C:\Program Files\Constant Guard Protection Suite\IDVaultSvc.exe

C:\Program Files\AVG\AVG8\avgcsrvx.exe

C:\Program Files\Norton Security Suite\Engine\\ccSvcHst.exe

C:\Program Files\MyWebSearch\bar\2.bin\M3SRCHMN.EXE

C:\Program Files\Norton PC Checkup\Norton PC Checkup\Engine\\ccSvcHst.exe

C:\Program Files\Dell Support Center\bin\sprtcmd.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\comcasttb\ComcastSpywareScan\ComcastAntiSpy.exe

C:\Program Files\Common Files\Apple\Internet Services\ubd.exe

C:\Users\Michael Heller\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe

C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

C:\Program Files\Constant Guard Protection Suite\IDVault.exe




C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Common Files\Apple\Apple Application Support\distnoted.exe



C:\Program Files\Safari\Safari.exe

C:\Program Files\Safari\Apple Application Support\WebKit2WebProcess.exe










============== Pseudo HJT Report ===============


uWindow Title = Internet Explorer provided by Dell

uStart Page = hxxp://xfinity.comcast.net/?cid=cgps12032011

uDefault_Page_URL = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=3080902

uInternet Settings,ProxyServer =

uInternet Settings,ProxyOverride = *.local

uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll

uURLSearchHooks: YTNavAssistPlugin Class: {81017ea9-9aa8-4a6a-9734-7af40e7d593f} - c:\program files\yahoo!\companion\installs\cpn2\yt.dll

uURLSearchHooks: H - No File

mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll

mWinlogon: Userinit=c:\windows\system32\userinit.exe

BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn2\yt.dll

BHO: HP Print Clips: {053f9267-dc04-4294-a72c-58f732d338c0} - c:\program files\hp\smart web printing\hpswp_framework.dll

BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll

BHO: {1036AD63-AEAC-460B-9060-C96005D4DC86} - No File

BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll

BHO: Updater For ooVoo Toolbar: {442ae524-eba5-4b17-82f3-888d68bc999a} - c:\program files\oovootb\auxi\oovooAu.dll

BHO: XFINITY Toolbar: {4b9bcce8-a70b-402a-a7e1-db96831ee26f} - c:\program files\xfin_portal\comcastdx.dll

BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton security suite\engine\\coIEPlg.dll

BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton security suite\engine\\ips\IPSBHO.DLL

BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_05\bin\ssv.dll

BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File

BHO: {99E00A4C-D35E-11DD-BA95-9B6A56D89593} - No File

BHO: ooVoo Toolbar: {a1fb2f9a-d35e-11dd-8935-e46a56d89593} - c:\program files\oovootb\oovoodx.dll

BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll

BHO: Privacy Safeguard BHO: {a42d2eb4-dd31-4bb5-8aa5-8d4e04806dbe} - c:\program files\privacysafeguard\PrivacySafeGuard.dll

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar2.dll

BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.3.4501.1418\swg.dll

BHO: Constant Guard Protection Suite (COM): {b84cdbe7-1b46-494b-a188-01d4c52deb61} - c:\programdata\white sky, inc\id vault\iebho1.1.716.0\NativeBHO.dll

BHO: Updater For XFIN_PORTAL: {bb46be07-13eb-4c49-b0f0-fc78b9ea4983} - c:\program files\xfin_portal\auxi\comcastAu.dll

BHO: Windows Live Toolbar Helper: {bdbd1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dll

BHO: 1 (0x1) - No File

BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\dell\bae\BAE.dll

BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn0\YTSingleInstance.dll

TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar2.dll

TB: Windows Live Toolbar: {bdad1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dll

TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg8\toolbar\IEToolbar.dll

TB: ooVoo Toolbar: {a1fb2f9a-d35e-11dd-8935-e46a56d89593} - c:\program files\oovootb\oovoodx.dll

TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn2\yt.dll

TB: XFINITY Toolbar: {4b9bcce8-a70b-402a-a7e1-db96831ee26f} - c:\program files\xfin_portal\comcastdx.dll

TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton security suite\engine\\coIEPlg.dll

TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File

TB: {687578B9-7132-4A7A-80E4-30EE31099E03} - No File

uRun: [ComcastAntispyClient] "c:\program files\comcasttb\comcastspywarescan\ComcastAntispy.exe" /hide

uRun: [MobileDocuments] c:\program files\common files\apple\internet services\ubd.exe

uRun: [spotify Web Helper] "c:\users\michael heller\appdata\roaming\spotify\data\SpotifyWebHelper.exe"

uRunOnce: [shockwave Updater] "c:\windows\system32\adobe\shockwave 11\SwHelper_1100465.exe" -Update -1100465 -"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0; Trident/4.0; FunWebProducts; SLCC1; .NET CLR 2.0.50727; .NET CLR 3.0.04506)" -"http://blitinteractive.com/clients/powell/MaxDrifter.htm"

mRun: [dellsupportcenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P dellsupportcenter

mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"

mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe

mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRun: [Malwarebytes' Anti-Malware] "c:\desktop\mbamgui.exe" /starttray

mRunOnce: [Malwarebytes Anti-Malware] c:\desktop\mbamgui.exe /install /silent

StartupFolder: c:\users\michae~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\dropbox.lnk - c:\users\michael heller\appdata\roaming\dropbox\bin\Dropbox.exe

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\consta~1.lnk - c:\program files\constant guard protection suite\IDVault.exe

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

dPolicies-explorer: EnableUIADesktopToggle = 0 (0x0)

IE: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZJxdm025YYUS

IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_05\bin\ssv.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll

IE: {58ECB495-38F0-49cb-A538-10282ABF65E7} - {E763472E-A716-4CD9-89BD-DBDA6122F741} - c:\program files\hp\smart web printing\hpswp_extensions.dll

IE: {700259D7-1666-479a-93B1-3250410481E8} - {A93C41D8-01F8-4F8B-B14C-DE20B117E636} - c:\program files\hp\smart web printing\hpswp_extensions.dll

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL

LSP: mswsock.dll

DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab

DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - hxxp://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei-4/ZwinkyInitialSetup1.0.1.1.cab

DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab

DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

DPF: {D64CF6D4-45DF-4D8F-9F14-E65FADF2777C} - hxxp://www.dvrstation.com/pdvratl.php?vendor=7

TCP: DhcpNameServer =

TCP: Interfaces\{66181F27-F2D7-4CC9-A9A8-D251DFDB3BCB} : DhcpNameServer =

TCP: Interfaces\{A0EE75E2-6D86-4A88-8EAA-8705DBA8C486} : DhcpNameServer =

TCP: Interfaces\{B6CC6E43-A91F-4805-AB82-17A098DCA663} : DhcpNameServer =

TCP: Interfaces\{C5F9D9FF-A389-4C3A-BBFB-8D9964E8A295} : DhcpNameServer =

Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\avg\avg8\toolbar\IEToolbar.dll

Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL

Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL

Notify: GoToAssist - c:\program files\citrix\gotoassist\514\G2AWinLogon.dll

Notify: igfxcui - igfxdev.dll

AppInit_DLLs: c:\progra~1\google\google~2\GOEC62~1.DLL

SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL


============= SERVICES / DRIVERS ===============


R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\n360\0502020.003\symds.sys [2012-7-17 340088]

R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\n360\0502020.003\symefa.sys [2012-7-17 744568]

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-1-21 335240]

R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-1-21 27784]

R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-1-31 108552]

R1 BHDrvx86;BHDrvx86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_5.0.0.125\definitions\bashdefs\20111123.001\BHDrvx86.sys [2011-11-24 819320]

R1 IDSVix86;IDSVix86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_5.0.0.125\definitions\ipsdefs\20111212.002\IDSvix86.sys [2011-12-13 368248]

R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]

R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]

R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\n360\0502020.003\ironx86.sys [2012-7-17 136312]

R1 SYMTDIv;Symantec Vista Network Dispatch Driver;c:\windows\system32\drivers\n360\0502020.003\symtdiv.sys [2012-7-17 331384]

R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2011-8-11 116608]

R2 AntiSpywareService;Comcast AntiSpyware;c:\program files\comcasttb\comcastspywarescan\ComcastAntiSpyService.exe [2009-6-17 616408]

R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\avg\avg8\avgemc.exe [2009-6-23 908056]

R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-6-23 297752]

R2 DockLoginService;Dock Login Service;c:\program files\dell\delldock\DockLogin.exe [2008-4-28 161048]

R2 IDVaultSvc;CGPS Service;c:\program files\constant guard protection suite\IDVaultSvc.exe [2012-7-18 66160]

R2 MBAMService;MBAMService;c:\desktop\mbamservice.exe [2012-8-12 655944]

R2 N360;Norton Security Suite;c:\program files\norton security suite\engine\\ccsvchst.exe [2012-7-17 130008]

R2 Norton PC Checkup Application Launcher;Norton PC Checkup Application Launcher;c:\program files\norton pc checkup 3.0\SymcPCCULaunchSvc.exe [2012-8-5 131512]

R2 PCCUJobMgr;Common Client Job Manager Service;c:\program files\norton pc checkup\norton pc checkup\engine\\ccSvcHst.exe [2009-12-9 126392]

R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2008-9-8 24652]

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2011-12-3 106104]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-8-12 22344]

R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2012-8-12 40776]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 gupdate1c96258450e02c0;Google Update Service (gupdate1c96258450e02c0);c:\program files\google\update\GoogleUpdate.exe [2008-12-20 133104]

S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-7-27 250056]

S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\avg\avg8\toolbar\ToolbarBroker.exe [2010-10-26 1025352]

S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\google\google desktop search\GoogleDesktop.exe [2008-9-2 30192]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2008-12-20 133104]

S3 netr73;Linksys Compact Wireless-G USB Adapter Driver for Vista;c:\windows\system32\drivers\WUSB54GCx86.sys [2008-9-4 256000]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]


=============== Created Last 30 ================


2012-08-12 05:13:02 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2012-08-12 05:13:00 -------- d-----w- c:\users\michael heller\appdata\roaming\Malwarebytes

2012-08-12 05:11:57 -------- d-----w- c:\programdata\Malwarebytes

2012-08-12 05:11:53 22344 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-08-12 05:11:53 -------- d-----w- C:\desktop

2012-08-11 23:35:24 -------- d-----w- c:\users\michael heller\appdata\roaming\SUPERAntiSpyware.com

2012-08-11 23:35:05 -------- d-----w- c:\programdata\SUPERAntiSpyware.com

2012-08-11 23:35:05 -------- d-----w- c:\program files\SUPERAntiSpyware

2012-08-07 20:18:47 -------- d-----w- c:\windows\system32\?

2012-08-06 13:17:48 -------- d-----w- c:\windows\system32\?

2012-07-27 14:33:22 -------- d-----w- c:\program files\iPod

2012-07-27 14:33:08 -------- d-----w- c:\program files\iTunes

2012-07-27 13:54:59 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin7.dll

2012-07-27 13:54:59 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin6.dll

2012-07-27 13:54:59 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin5.dll

2012-07-27 13:54:59 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin4.dll

2012-07-27 13:54:59 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin3.dll

2012-07-27 13:54:59 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin2.dll

2012-07-27 13:54:59 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin.dll

2012-07-27 13:51:16 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-07-27 13:51:16 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-07-17 15:27:15 744568 ----a-w- c:\windows\system32\drivers\n360\0502020.003\symefa.sys

2012-07-17 15:27:15 516216 ----a-w- c:\windows\system32\drivers\n360\0502020.003\srtsp.sys

2012-07-17 15:27:15 50168 ----a-w- c:\windows\system32\drivers\n360\0502020.003\srtspx.sys

2012-07-17 15:27:15 340088 ----a-w- c:\windows\system32\drivers\n360\0502020.003\symds.sys

2012-07-17 15:27:15 331384 ----a-w- c:\windows\system32\drivers\n360\0502020.003\symtdiv.sys

2012-07-17 15:27:15 299640 ----a-w- c:\windows\system32\drivers\n360\0502020.003\symnets.sys

2012-07-17 15:27:14 136312 ----a-r- c:\windows\system32\drivers\n360\0502020.003\ironx86.sys

2012-07-17 07:08:04 -------- d-----w- c:\windows\system32\drivers\n360\0502020.003

2012-07-13 06:28:41 56200 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{f6923b47-36dd-4da9-b1e4-e879b9c0f65e}\offreg.dll

2012-07-13 06:11:00 6762896 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{f6923b47-36dd-4da9-b1e4-e879b9c0f65e}\mpengine.dll


==================== Find3M ====================



============= FINISH: 1:32:36.93 ===============





DDS (Ver_2011-08-26.01)


Microsoft® Windows Vista™ Home Basic

Boot Device: \Device\HarddiskVolume3

Install Date: 9/2/2008 7:23:03 AM

System Uptime: 8/11/2012 11:38:45 PM (2 hours ago)


Motherboard: Dell Inc. | | 0RY007

Processor: Intel® Pentium® Dual CPU E2180 @ 2.00GHz | Socket 775 | 2000/200mhz


==== Disk Partitions =========================


C: is FIXED (NTFS) - 288 GiB total, 70.671 GiB free.

D: is FIXED (NTFS) - 10 GiB total, 5.919 GiB free.

E: is CDROM ()


==== Disabled Device Manager Items =============


Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}

Description: Microsoft 6to4 Adapter

Device ID: ROOT\*6TO4MP\0027

Manufacturer: Microsoft

Name: 6TO4 Adapter

PNP Device ID: ROOT\*6TO4MP\0027

Service: tunnel


Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}

Description: Microsoft ISATAP Adapter

Device ID: ROOT\*ISATAP\0018

Manufacturer: Microsoft

Name: isatap.{92A21619-F471-42B0-88F7-4E7980AAD88A}

PNP Device ID: ROOT\*ISATAP\0018

Service: tunnel


==== System Restore Points ===================



==== Installed Programs ======================


Update for Microsoft Office 2007 (KB2508958)

Adobe Flash Player 11 ActiveX

Adobe Flash Player 11 Plugin

Adobe Reader 8.1.3

Adobe Shockwave Player

Apple Application Support

Apple Mobile Device Support

Apple Software Update


Audacity 1.3.12 (Unicode)

AVG Free 8.5

Belkin Setup and Router Monitor


Browser Address Error Redirector


CA Pest Patrol Realtime Protection


Constant Guard Protection Suite





Dell Best of Web

Dell DataSafe Online

Dell Dock

Dell Getting Started Guide

Dell Support Center (Support Software)






Download Updater (AOL LLC)

Drivers Install For Linksys Easylink Advisor


DVD Flick




Express Burn

Free Convert M4A to MP3 AMR OGG AAC Converter 5.8

Google Chrome

Google Desktop

Google Earth

Google Toolbar for Internet Explorer

Google Update Helper

Google Updater


Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

HP Customer Participation Program 9.0

HP Deskjet Printer Driver Software 9.0

HP Imaging Device Functions 9.0

HP Photosmart Essential 2.01

HP Photosmart Essential2.01

HP Product Assistant

HP Smart Web Printing

HP Solution Center 9.0

HP Update




Intel® PRO Network Connections


Java 6 Update 5

LAME v3.98.2 for Audacity

Linksys EasyLink Advisor 1.6 (0032)

Logitech Vid

Logitech Webcam Software

LWS Facebook

LWS Gallery

LWS Help_main

LWS Launcher

LWS Motion Detection

LWS Pictures And Video

LWS Video Mask Maker

LWS VideoEffects

LWS Webcam Software

LWS WLM Plugin

LWS YouTube Plugin

Malwarebytes Anti-Malware version


Microsoft .NET Framework 3.5 SP1

Microsoft .NET Framework 4 Client Profile

Microsoft Office 2007 Service Pack 3 (SP3)

Microsoft Office Excel MUI (English) 2007

Microsoft Office Home and Student 2007

Microsoft Office OneNote MUI (English) 2007

Microsoft Office PowerPoint MUI (English) 2007

Microsoft Office Proof (English) 2007

Microsoft Office Proof (French) 2007

Microsoft Office Proof (Spanish) 2007

Microsoft Office Proofing (English) 2007

Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

Microsoft Office Shared MUI (English) 2007

Microsoft Office Shared Setup Metadata MUI (English) 2007

Microsoft Office Word MUI (English) 2007

Microsoft Silverlight

Microsoft VC9 runtime libraries

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable


MobileMe Control Panel

Myxer MP3 Downloader

NCH Toolbox

Norton PC Checkup

Norton Security Suite


ooVoo Toolbar (Remove Toolbar Only)



Prism Video Converter

Privacy SafeGuard version 1.0


QQ Bubble Arena

QQ Hearts

QQ Puzzle Dasher


Reader Rabbit's 1st Grade

Realtek High Definition Audio Driver

Roxio Creator Audio

Roxio Creator Copy

Roxio Creator Data

Roxio Creator DE

Roxio Creator Tools

Roxio Express Labeler 3

Roxio Update Manager


Security Update for CAPICOM (KB931906)

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596880) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2598041) 32-Bit Edition

Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition

Security Update for Microsoft Office InfoPath 2007 (KB2596786) 32-Bit Edition

Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition

Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition

Security Update for Microsoft Office Word 2007 (KB2596917) 32-Bit Edition

Skype Toolbars

Skype™ 4.2

SMS (remove only)





Switch Sound File Converter




Update for 2007 Microsoft Office System (KB967642)

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)

Update for Microsoft Office 2007 Help for Common Features (KB963673)

Update for Microsoft Office Excel 2007 Help (KB963678)

Update for Microsoft Office OneNote 2007 Help (KB963670)

Update for Microsoft Office Powerpoint 2007 Help (KB963669)

Update for Microsoft Office Script Editor Help (KB963671)

Update for Microsoft Office Word 2007 Help (KB963665)


Viewpoint Media Player

WavePad Sound Editor


Windows Live Messenger

Windows Live Toolbar

Windows Live Toolbar Extension (Windows Live Toolbar)

Windows Media Player Firefox Plugin

WinRAR archiver


Xvid 1.2.1 final uninstall

Yahoo! Messenger

Yahoo! Software Update

Yahoo! Toolbar


==== Event Viewer Messages From Past Week ========


8/11/2012 6:15:17 PM, Error: EventLog [6008] - The previous system shutdown at 3:27:40 PM on 8/11/2012 was unexpected.

8/10/2012 12:10:56 PM, Error: Service Control Manager [7024] - The Windows Firewall service terminated with service-specific error 5 (0x5).

8/10/2012 12:09:18 PM, Error: EventLog [6008] - The previous system shutdown at 12:07:30 PM on 8/10/2012 was unexpected.


==== End Of File ===========================

Link to post
Share on other sites


my name is Daniel and I will be assisting you with your Malware related problems.

Before we move on, please read the following points carefully.

  • First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while you are follow my instructions, Stop there and tell me the exact nature of your problem.
  • Do not run any other scans without instruction or Add/ Remove Software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all Logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
  • My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

Use a clean Computer ( Smartphone, Tablet,... ) and change your Passwords. Don't log in with this PC while we are working on it.

Download ComboFix from this location:

Link 1

* IMPORTANT- Save ComboFix.exe to your Desktop


Disable your AntiVirus and AntiSpyware applications as they will interfere with our tools and the removal. If you are unsure how to do this, please refer to this topic How to disable your security applications


Double click on combofix.exe & follow the prompts.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply for further review.

*Note - if after running ComboFix you see a message similar to 'registry key marked for deletion..' rebooting the machine will resolve that.

Link to post
Share on other sites

Reboot your System in Safe Mode.

  • Restart the computer. The computer begins processing a set of instructions known as BIOS.
  • After hearing your computer beep once during startup, but before the Windows icon appears, press F8 (dependent on your system this may be F5 or another key)
  • Instead of Windows loading as normal, a menu should appear
  • Use the arrow key to highlight Safe Mode and press Enter.

Please launch Combofix again.

Link to post
Share on other sites

Please if your not going to help me can another representative take over for you? Iv had this program on the same screen for almost 2 hours again and still no progress, I'm going to work now until six and when I get home im more than positive that no progress will have been made Can we try something else or atleast make some progress instead of sitting and waiting

Link to post
Share on other sites


I am helping here in my sparetime and wont sit behind the desktop the whole day. If it is not fast enough for you, than there is a faster solution. Reformat and Reinstall.

Download Farbar Recovery Scan Tool 32-Bit and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:

  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Choose your language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:

  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Choose your language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.

On the System Recovery Options menu you will get the following options:

    • Startup Repair
      System Restore
      Windows Complete PC Restore
      Windows Memory Diagnostic Tool
      Command Prompt

[*]Select Command Prompt

[*]In the command window type in notepad and press Enter.

[*]The notepad opens. Under File menu select Open.

[*]Select "Computer" and find your flash drive letter and close the notepad.

[*]In the command window type e:\frst.exe and press Enter

Note: Replace letter e with the drive letter of your flash drive.

[*]The tool will start to run.

[*]When the tool opens click Yes to disclaimer.

[*]Press Scan button.

[*]It will make a log ( FRST.txt ) on the flash drive. Please copy and paste it to your reply.

Link to post
Share on other sites

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

This topic is now closed to further replies.

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.