Jump to content

Spyware.password infection, need help.


Recommended Posts

Today I ran several scans, 1 aborted full mbam scan that detected a spyware.password infection, 1 quick scan that detected 2 Trojan.FakeMS infection in wordpad and 1 norton fullscan that did not detect anything. Mbam cleared these threats, (I think it cleared them but i can still see them in quarantine tab), so to be sure I ran a safe mode scan that did not detect anything.

Can someone help me check to see if there are any infections/threats still left in my system that I did not get. The results for the scans are shown below. DDS is also attached below

Any help would be greatly appreciated. Thanks.

----------------------------MBAM---------------------------------------

Malwarebytes Anti-Malware 1.65.1.1000

www.malwarebytes.org

Database version: v2012.11.17.06

Windows Vista Service Pack 2 x86 NTFS (Safe Mode)

Internet Explorer 9.0.8112.16421

Luis :: LUIS-PC [administrator]

12/10/2012 2:18:26 PM mbam-log-2012-12-10 (14-18-26).txt

Scan type: Full scan (C:\|)

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 270032

Time elapsed: 1 hour(s), 10 minute(s), 38 second(s) [aborted]

Memory Processes Detected: 0 (No malicious items detected)

Memory Modules Detected: 0 (No malicious items detected)

Registry Keys Detected: 0 (No malicious items detected)

Registry Values Detected: 0 (No malicious items detected)

Registry Data Items Detected: 0 (No malicious items detected)

Folders Detected: 0 (No malicious items detected)

Files Detected: 1

C:\Program Files\CyberScrub Privacy Suite\Scheduler.exe (Spyware.Password) -> Quarantined and deleted successfully.

(end)

Malwarebytes Anti-Malware 1.65.1.1000

www.malwarebytes.org

Database version: v2012.12.10.10

Windows Vista Service Pack 2 x86 NTFS

Internet Explorer 9.0.8112.16421

Luis :: LUIS-PC [administrator]

12/10/2012 5:40:36 PM mbam-log-2012-12-10 (17-40-36).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 255946

Time elapsed: 12 minute(s), 43 second(s)

Memory Processes Detected: 0 (No malicious items detected)

Memory Modules Detected: 0 (No malicious items detected)

Registry Keys Detected: 0 (No malicious items detected)

Registry Values Detected: 0 (No malicious items detected)

Registry Data Items Detected: 0 (No malicious items detected)

Folders Detected: 0 (No malicious items detected)

Files Detected: 2

C:\Windows\System32\notepad.exe (Trojan.FakeMS) -> Quarantined and deleted successfully.

C:\Windows\notepad.exe (Trojan.FakeMS) -> Quarantined and deleted successfully.

(end)

Malwarebytes Anti-Malware 1.65.1.1000

www.malwarebytes.org

Database version: v2012.12.11.01

Windows Vista Service Pack 2 x86 NTFS (Safe Mode)

Internet Explorer 9.0.8112.16421

Luis :: LUIS-PC [administrator]

12/10/2012 7:04:20 PM mbam-log-2012-12-10 (19-04-20).txt

Scan type: Full scan (C:\|)

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 658320

Time elapsed: 3 hour(s), 8 minute(s), 51 second(s)

Memory Processes Detected: 0 (No malicious items detected)

Memory Modules Detected: 0 (No malicious items detected)

Registry Keys Detected: 0 (No malicious items detected)

Registry Values Detected: 0 (No malicious items detected)

Registry Data Items Detected: 0 (No malicious items detected)

Folders Detected: 0 (No malicious items detected)

Files Detected: 0 (No malicious items detected)

(end)

------------DDS---------------

DDS (Ver_2012-11-20.01) - NTFS_x86

Internet Explorer: 9.0.8112.16455 BrowserJavaVersion: 10.9.2

Run by Luis at 23:01:09 on 2012-12-10

Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2038.346 [GMT -6:00]

.

AV: Norton 360 *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: Norton 360 *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}

FW: Norton 360 *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}

.

============== Running Processes ================

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\SLsvc.exe

C:\Windows\System32\spoolsv.exe

C:\Program Files\SUPERAntiSpyware\SASCORE.EXE

C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Autodesk\Content Service\Connect.Service.ContentService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe

C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe

C:\Windows\system32\lxddcoms.exe

C:\Program Files\Autodesk\3ds Max 2013\NVIDIA\raysat_3dsmax2013_32server.exe

C:\Program Files\Autodesk\Inventor 2013\Moldflow\bin\mitsijm.exe

C:\Program Files\Norton 360\Engine\6.4.0.9\ccSvcHst.exe

C:\Windows\system32\Dwm.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\taskeng.exe

C:\Windows\Explorer.EXE

C:\Program Files\Norton 360\Engine\6.4.0.9\ccSvcHst.exe

C:\Windows\system32\stacsv.exe

C:\Windows\system32\taskeng.exe

C:\Program Files\Sony\VAIO Event Service\VESMgr.exe

C:\Windows\system32\SearchIndexer.exe

C:\Windows\system32\DRIVERS\xaudio.exe

C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe

C:\Program Files\Sony\VAIO Event Service\VESMgrSub.exe

C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe

C:\Program Files\Apoint\Apoint.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files\Apoint\ApMsgFwd.exe

C:\Program Files\Apoint\Apntex.exe

C:\Program Files\Apoint\Apvfb.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Windows\system32\DllHost.exe

C:\Program Files\Sony\VAIO Care\VCPerfService.exe

C:\Program Files\Sony\VAIO Care\listener.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Mozilla Firefox\plugin-container.exe

C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe

C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe

C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k rpcss

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k GPSvcGroup

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\System32\svchost.exe -k Akamai

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\svchost.exe -k imgsvc

C:\Windows\System32\svchost.exe -k WerSvcGroup

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.com/

uSearch Bar = Preserve

uDefault_Page_URL = hxxp://www.sony.com/vaiopeople

mDefault_Page_URL = hxxp://www.sony.com/vaiopeople

uProxyOverride = <local>;*.local

BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - c:\program files\norton 360\engine\6.4.0.9\coieplg.dll

BHO: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - c:\program files\norton 360\engine\6.4.0.9\ips\ipsbho.dll

BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office 2010\office14\GROOVEEX.DLL

BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll

BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - c:\program files\microsoft office 2010\office14\URLREDIR.DLL

BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll

TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll

TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll

TB: Contribute Toolbar: {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - c:\program files\adobe\/Adobe Contribute CS4/contributeieplugin.dll

TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - c:\program files\norton 360\engine\6.4.0.9\coieplg.dll

uRun: [sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun

uRun: [Google Update] "c:\users\luis\appdata\local\google\update\GoogleUpdate.exe" /c

uRunOnce: [] c:\program files\internet explorer\iexplore.exe http://www.symantec....0000e6.0000026f

mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide

mRun: [Apoint] c:\program files\apoint\Apoint.exe

mRun: [iSBMgr.exe] "c:\program files\sony\isb utility\ISBMgr.exe"

mRun: [igfxTray] c:\windows\system32\igfxtray.exe

mRun: [Persistence] c:\windows\system32\igfxpers.exe

mRun: [Adobe Acrobat Speed Launcher] "c:\program files\adobe\acrobat 9.0\acrobat\Acrobat_sl.exe"

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"

mRun: [Autodesk Sync] c:\program files\autodesk\autodesk sync\AdSync.exe

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

uPolicies-Explorer: NoDriveTypeAutoRun = dword:145

uPolicies-Explorer: HideClock = dword:0

mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0

mPolicies-System: EnableUIADesktopToggle = dword:0

IE: E&xport to Microsoft Excel - c:\progra~1\mi7967~1\office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - c:\progra~1\mi7967~1\office14\ONBttnIE.dll/105

IE: Transfer by Image Converter 3 - c:\program files\sony\image converter 3\menu.htm

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office 2010\office14\ONBttnIE.dll

IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office 2010\office14\ONBttnIELinkedNotes.dll

LSP: c:\windows\system32\wpclsp.dll

.

INFO: HKCU has more than 50 listed domains.

If you wish to scan all of them, select the 'Force scan all domains' option.

.

DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

TCP: NameServer = 192.168.0.1

TCP: Interfaces\{72616F6C-3EB8-412D-BFE6-BE2B5B5AC5C3} : DHCPNameServer = 192.168.0.1

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL

Notify: igfxcui - igfxdev.dll

Notify: VESWinlogon - VESWinlogon.dll

SSODL: 0aMCPClient - <orphaned>

STS: {EC654325-1273-C2A9-2B7C-45D29BCE68FB} - <orphaned>

SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office 2010\office14\GROOVEEX.DLL

SEH: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - c:\program files\superantispyware\SASSEH.DLL

LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\users\luis\appdata\roaming\mozilla\firefox\profiles\wnrhp4o2.default\

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - www.google.com

FF - plugin: c:\progra~1\mi7967~1\office14\NPAUTHZ.DLL

FF - plugin: c:\progra~1\mi7967~1\office14\NPSPWRAP.DLL

FF - plugin: c:\program files\adobe\acrobat 9.0\acrobat\air\nppdf32.dll

FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll

FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll

FF - plugin: c:\program files\microsoft silverlight\5.1.10411.0\npctrlui.dll

FF - plugin: c:\users\luis\appdata\local\google\update\1.3.21.123\npGoogleUpdate3.dll

FF - plugin: c:\users\luis\appdata\roaming\mozilla\firefox\profiles\wnrhp4o2.default\extensions\widevinemediatransformer@widevine\plugins\npwidevinemediatransformer.dll

FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_5_502_110.dll

FF - plugin: c:\windows\system32\npdeployJava1.dll

FF - plugin: c:\windows\system32\npmproxy.dll

FF - plugin: c:\windows\system32\NPSWF32.dll

.

---- FIREFOX POLICIES ----

FF - user.js: yahoo.ytff.general.dontshowhpoffer - true

============= SERVICES / DRIVERS ===============

.

R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\n360\0604000.009\symds.sys [2012-10-1 340088]

R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\n360\0604000.009\symefa.sys [2012-10-1 924320]

R1 BHDrvx86;BHDrvx86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_6.0.1.2\definitions\bashdefs\20121130.005\BHDrvx86.sys [2012-12-3 995488]

R1 ccSet_N360;Norton 360 Settings Manager;c:\windows\system32\drivers\n360\0604000.009\ccsetx86.sys [2012-10-1 132768]

R1 IDSVix86;IDSVix86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_6.0.1.2\definitions\ipsdefs\20121208.001\IDSvix86.sys [2012-12-10 386720]

R1 nm3;Microsoft Network Monitor 3 Driver;c:\windows\system32\drivers\nm3.sys [2010-6-9 39736]

R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\SASDIFSV.SYS [2010-2-17 12880]

R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67664]

R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\n360\0604000.009\ironx86.sys [2012-10-1 149624]

R1 SYMTDIv;Symantec Vista Network Dispatch Driver;c:\windows\system32\drivers\n360\0604000.009\symtdiv.sys [2012-10-1 345208]

R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCORE.EXE [2011-5-4 116608]

R2 Akamai;Akamai NetSession Interface;c:\windows\system32\svchost.exe -k Akamai [2008-5-23 21504]

R2 Autodesk Content Service;Autodesk Content Service;c:\program files\autodesk\content service\Connect.Service.ContentService.exe [2012-1-31 19232]

R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-5-23 21504]

R2 lxdd_device;lxdd_device;c:\windows\system32\lxddcoms.exe -service --> c:\windows\system32\lxddcoms.exe -service [?]

R2 mi-raysat_3dsmax2013_32;mental ray 3.10 Satellite for Autodesk 3ds Max 2013 32-bit;c:\program files\autodesk\3ds max 2013\nvidia\raysat_3dsmax2013_32server.exe [2011-9-14 86016]

R2 mitsijm2013;Autodesk Moldflow Inventor Tool Suite Integration 2013 Job Manager;c:\program files\autodesk\inventor 2013\moldflow\bin\mitsijm.exe [2012-1-30 257344]

R2 N360;Norton 360;c:\program files\norton 360\engine\6.4.0.9\ccsvchst.exe [2012-10-1 138272]

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2012-10-11 106656]

R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2012-12-10 40776]

R3 NETwLv32; Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\NETwLv32.sys [2011-1-27 6639616]

R3 R5U870FLx86;R5U870 UVC Lower Filter ;c:\windows\system32\drivers\R5U870FLx86.sys [2007-3-30 74240]

R3 R5U870FUx86;R5U870 UVC Upper Filter ;c:\windows\system32\drivers\R5U870FUx86.sys [2007-3-30 43904]

R3 SonyImgF;Sony Image Conversion Filter Driver;c:\windows\system32\drivers\SonyImgF.sys [2007-4-2 31104]

R3 ti21sony;ti21sony;c:\windows\system32\drivers\ti21sony.sys [2007-4-23 812544]

RUnknown SampleCollector;SampleCollector; [x]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 lxddCATSCustConnectService;lxddCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxddserv.exe [2007-4-25 99248]

S3 ICScsiSV;Image Converter SCSI Service;c:\program files\sony\image converter 3\ICScsiSV.exe [2008-6-7 75952]

S3 IcVzMonLauncher;IcVzMonLauncher;c:\program files\sony\image converter 3\IcVzMonLauncher.exe [2008-6-7 67760]

S3 NETw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\NETw5v32.sys [2009-6-13 3668480]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

S4 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files\common files\adobe\adobe version cue cs4\server\bin\VersionCueCS4.exe [2008-8-15 288112]

S4 VAIOMediaPlatform-UCLS-AppServer;VAIO Media Content Collection;c:\program files\sony\vaio media integrated server\UCLS.exe [2008-6-7 745472]

S4 VAIOMediaPlatform-UCLS-HTTP;VAIO Media Content Collection (HTTP);c:\program files\sony\vaio media integrated server\platform\SV_Httpd.exe [2011-5-24 397312]

S4 VAIOMediaPlatform-UCLS-UPnP;VAIO Media Content Collection (UPnP);c:\program files\sony\vaio media integrated server\platform\UPnPFramework.exe [2011-5-24 1089536]

.

=============== File Associations ===============

.

FileExt: .scr: AutoCADScriptFile=c:\windows\system32\notepad.exe "%1"

FileExt: .js: jsfile="c:\program files\adobe\adobe dreamweaver cs4\Dreamweaver.exe","%1"

ShellExec: dreamweaver.exe: Open="c:\program files\adobe\adobe dreamweaver cs4\dreamweaver.exe", "%1"

ShellExec: VCExporterLaunch.exe: open="c:\program files\sony\vaio vp utilities\VCExporter.exe"" %1"

.

=============== Created Last 30 ================

.

2012-12-11 04:48:29 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2012-12-10 22:42:46 161792 ----a-w- c:\windows\system32\msls31.dll

2012-12-10 04:39:58 -------- d-----w- c:\program files\common files\Steam

2012-12-07 15:57:03 -------- d-sh--w- c:\users\luis\appdata\local\.#

2012-11-14 23:28:43 420864 ----a-w- c:\windows\system32\vbscript.dll

2012-11-14 23:28:41 1800704 ----a-w- c:\windows\system32\jscript9.dll

2012-11-14 22:29:41 75776 ----a-w- c:\windows\system32\synceng.dll

2012-11-14 22:29:13 2047488 ----a-w- c:\windows\system32\win32k.sys

.

==================== Find3M ====================

.

2012-11-12 16:24:46 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-11-12 16:24:45 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-10-08 07:48:03 1129472 ----a-w- c:\windows\system32\wininet.dll

2012-10-08 07:47:44 1427968 ----a-w- c:\windows\system32\inetcpl.cpl

2012-10-08 07:44:05 142848 ----a-w- c:\windows\system32\ieUnatt.exe

2012-10-08 07:40:56 2382848 ----a-w- c:\windows\system32\mshtml.tlb

2012-09-30 00:54:26 22856 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-09-25 04:16:36 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll

2012-09-13 13:28:08 2048 ----a-w- c:\windows\system32\tzres.dll

.

============= FINISH: 23:02:54.76 ===============

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2012-11-20.01)

.

Microsoft® Windows Vista™ Home Premium

Boot Device: \Device\HarddiskVolume2

Install Date: 6/7/2008 6:14:02 PM

System Uptime: 12/10/2012 10:22:09 PM (1 hours ago)

.

Motherboard: Sony Corporation | | VAIO

Processor: Intel® Core™2 Duo CPU T7100 @ 1.80GHz | N/A | 1801/200mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 179 GiB total, 86.74 GiB free.

D: is Removable

E: is Removable

F: is Removable

H: is CDROM ()

.

==== Disabled Device Manager Items =============

.

Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}

Description: Cisco Systems VPN Adapter

Device ID: ROOT\NET\0000

Manufacturer: Cisco Systems

Name: Cisco Systems VPN Adapter

PNP Device ID: ROOT\NET\0000

Service: CVirtA

.

==== System Restore Points ===================

.

.

==== Installed Programs ======================

.

"Nero SoundTrax Help

Activation (Gracenote Plug-in)

Activation (Nero 9 HD)

Activation (Nero BackItUp 4)

Activation (Nero MediaHome 4)

Activation (Nero Move it)

Adobe Acrobat 9 Pro - English, Français, Deutsch

Adobe Acrobat 9.5.2 - CPSID_83708

Adobe After Effects CS4

Adobe After Effects CS4 Presets

Adobe After Effects CS4 Third Party Content

Adobe AIR

Adobe Anchor Service CS4

Adobe Asset Services CS4

Adobe Bridge CS4

Adobe CMaps CS4

Adobe Color - Photoshop Specific CS4

Adobe Color EU Extra Settings CS4

Adobe Color JA Extra Settings CS4

Adobe Color NA Recommended Settings CS4

Adobe Color Video Profiles AE CS4

Adobe Color Video Profiles CS CS4

Adobe Contribute CS4

Adobe Creative Suite 4 Master Collection

Adobe CS4 American English Speech Analysis Models

Adobe CSI CS4

Adobe Default Language CS4

Adobe Device Central CS4

Adobe Dreamweaver CS4

Adobe Drive CS4

Adobe Dynamiclink Support

Adobe Encore CS4

Adobe Encore CS4 Codecs

Adobe ExtendScript Toolkit CS4

Adobe Extension Manager CS4

Adobe Fireworks CS4

Adobe Flash CS4

Adobe Flash CS4 Extension - Flash Lite STI en

Adobe Flash CS4 STI-en

Adobe Flash Player 11 Plugin

Adobe Fonts All

Adobe Illustrator CS4

Adobe InDesign CS4

Adobe InDesign CS4 Application Feature Set Files (Roman)

Adobe InDesign CS4 Common Base Files

Adobe InDesign CS4 Icon Handler

Adobe Linguistics CS4

Adobe Media Encoder CS4

Adobe Media Encoder CS4 Additional Exporter

Adobe Media Encoder CS4 Dolby

Adobe Media Encoder CS4 Exporter

Adobe Media Encoder CS4 Importer

Adobe Media Player

Adobe MotionPicture Color Files CS4

Adobe OnLocation CS4

Adobe Output Module

Adobe PDF Library Files CS4

Adobe Photoshop CS4

Adobe Photoshop CS4 Support

Adobe Photoshop Lightroom 2.2

Adobe Premiere Pro CS4

Adobe Premiere Pro CS4 Functional Content

Adobe Premiere Pro CS4 Third Party Content

Adobe Reader X (10.1.4)

Adobe Search for Help

Adobe Service Manager Extension

Adobe Setup

Adobe SGM CS4

Adobe SING CS4

Adobe Soundbooth CS4

Adobe Soundbooth CS4 Codecs

Adobe Type Support CS4

Adobe Update Manager CS4

Adobe Version Cue CS4 Server

Adobe WinSoft Linguistics Plugin

Adobe XMP Panels CS4

AdobeColorCommonSetCMYK

AdobeColorCommonSetRGB

Advertising Center

Akamai NetSession Interface

Akamai NetSession Interface Service

Alps Pointing-device for VAIO

Apple Application Support

Apple Mobile Device Support

Apple Software Update

AutoCAD 2013 - English

AutoCAD 2013 Language Pack - English

AutoCAD Electrical 2013

AutoCAD Electrical 2013 Language Pack - English

AutoCAD Mechanical 2013 - English

AutoCAD Mechanical 2013 Language Pack - English

Autodesk 3ds Max 2013 32-bit

Autodesk Backburner 2013.0.0

Autodesk Content Service

Autodesk Content Service Language Pack

Autodesk Design Review 2013

Autodesk DirectConnect 2013 32-bit

Autodesk Essential Skills Movies for 3ds Max 2013 32-bit

Autodesk FBX Plug-in 2013.1 - 3ds Max 2013

Autodesk Inventor 2013 Quick Uninstaller

Autodesk Inventor Content Center Libraries 2013 (Desktop Content)

Autodesk Inventor Fusion 2013

Autodesk Inventor Fusion for Inventor 2013 Add-in

Autodesk Inventor Fusion plug-in for AutoCAD 2013

Autodesk Inventor Fusion plug-in language pack for AutoCAD 2013

Autodesk Inventor Professional 2013

Autodesk Inventor Professional 2013 English

Autodesk Inventor Professional 2013 English Language Pack

Autodesk Inventor Server Engine for 3ds Max 2013 32-bit

Autodesk Inventor View 2013

Autodesk Inventor View 2013 English

Autodesk Inventor View 2013 English Language Pack

Autodesk Material Library 2011

Autodesk Material Library 2011 Base Image library

Autodesk Material Library 2011 Medium Image library

Autodesk Material Library 2013

Autodesk Material Library Base Resolution Image Library 2013

Autodesk Material Library Low Resolution Image Library 2013

Autodesk Material Library Medium Resolution Image Library 2013

Autodesk Revit Interoperability for 3ds Max and 3ds Max Design 2013 32-bit

Autodesk Sync

Autodesk Vault Basic 2013 (Client)

Autodesk Vault Basic 2013 (Client) English Language Pack

Blu-ray Video Plug-in

Blu-ray/HD DVD Video Plug-in

Bonjour

CCleaner

Cisco Systems VPN Client 5.0.06.0110

Composite 2013

Connect

Core Temp 1.0 RC3

CyberScrub® Privacy Suite™ 4.7

D3DX10

Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition

Dev-C++ 5 beta 9 release (4.9.9.2)

DHTML Editing Component

Diskeeper 2008 Pro Premier

DolbyFiles

DSD Direct

DSD Playback Plug-in

DTS Plug-in

DWG TrueView 2013

Eco Materials Adviser for Autodesk Inventor 2013

FARO LS 1.1.406.58

GearDrvs

Google Chrome

GPL Ghostscript

Gracenote Plug-in

GSview 5.0

HDAUDIO SoftV92 Data Fax Modem with SmartCP

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

IDT Audio

Image Converter 3

ImagXpress

Intel® Graphics Media Accelerator Driver

Intel® Matrix Storage Manager

iTunes

Java 7 Update 9

Java Auto Updater

Junk Mail filter update

KaleidaGraph 4.1 Demo

kuler

Lexmark 2500 Series

Malwarebytes Anti-Malware version 1.65.1.1000

MATLAB Student R2009a

Menu Templates - Starter Kit

Microsoft .NET Framework 1.1

Microsoft .NET Framework 1.1 Security Update (KB2656370)

Microsoft .NET Framework 1.1 Security Update (KB2698023)

Microsoft .NET Framework 1.1 Security Update (KB979906)

Microsoft .NET Framework 3.5 SP1

Microsoft .NET Framework 4 Client Profile

Microsoft .NET Framework 4 Extended

Microsoft Application Error Reporting

Microsoft Network Monitor 3.4

Microsoft Network Monitor: NetworkMonitor Parsers 3.4

Microsoft Office 2010 Service Pack 1 (SP1)

Microsoft Office Access MUI (English) 2010

Microsoft Office Access Setup Metadata MUI (English) 2010

Microsoft Office Excel MUI (English) 2010

Microsoft Office File Validation Add-In

Microsoft Office Groove MUI (English) 2010

Microsoft Office InfoPath MUI (English) 2010

Microsoft Office OneNote MUI (English) 2010

Microsoft Office Outlook MUI (English) 2010

Microsoft Office PowerPoint MUI (English) 2010

Microsoft Office Professional Plus 2010

Microsoft Office Proof (English) 2010

Microsoft Office Proof (French) 2010

Microsoft Office Proof (Spanish) 2010

Microsoft Office Proofing (English) 2010

Microsoft Office Publisher MUI (English) 2010

Microsoft Office Shared MUI (English) 2010

Microsoft Office Shared Setup Metadata MUI (English) 2010

Microsoft Office Word MUI (English) 2010

Microsoft Silverlight

Microsoft SQL Server Native Client

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219

Microsoft WSE 3.0 Runtime

MiKTeX 2.9

Movie Templates - Starter Kit

Mozilla Firefox 17.0.1 (x86 en-US)

Mozilla Maintenance Service

mp3PRO Plug-in

MSVCRT

MSXML 4.0 SP2 (KB927978)

MSXML 4.0 SP2 (KB936181)

MSXML 4.0 SP2 (KB941833)

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

MSXML 4.0 SP2 Parser and SDK

MSXML 4.0 SP3 Parser

MSXML 4.0 SP3 Parser (KB2721691)

MSXML 4.0 SP3 Parser (KB973685)

Nero 9

Nero 9 HD

Nero BackItUp 4

Nero BurningROM

Nero BurnRights

Nero ControlCenter

Nero CoverDesigner

Nero CoverDesigner Help

Nero Disc Copy Gadget

Nero Disc Copy Gadget Help

Nero DiscSpeed

Nero DriveSpeed

Nero Express

Nero InCD-Reader

Nero InfoTool

Nero Installer

Nero MediaHome 4

Nero Move it

Nero PhotoSnap

Nero PhotoSnap Help

Nero Recode

Nero Recode Help

Nero Rescue Agent

Nero RescueAgent Help

Nero ShowTime

Nero StartSmart

Nero StartSmart Help

Nero Vision

Nero WaveEditor

Nero WaveEditor Help

NeroBurningROM

NeroExpress

neroxml

Norton 360

Octoshape add-in for Adobe Flash Player

OGA Notifier 2.0.0048.0

OpenMG Limited Patch 4.7-07-13-24-01

OpenMG Secure Module 4.7.00

PDF Settings CS4

Photoshop Camera Raw

Picture Viewer (Beta) for Windows SideShow

Pixel Bender Toolkit

QuickTime

SecurDisc Viewer

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)

Security Update for Microsoft .NET Framework 4 Extended (KB2487367)

Security Update for Microsoft .NET Framework 4 Extended (KB2656351)

Security Update for Microsoft Excel 2010 (KB2597126) 32-Bit Edition

Security Update for Microsoft InfoPath 2010 (KB2687417) 32-Bit Edition

Security Update for Microsoft InfoPath 2010 (KB2687436) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2553091)

Security Update for Microsoft Office 2010 (KB2553096)

Security Update for Microsoft Office 2010 (KB2553260) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2589322) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2597986) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition

Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition

Security Update for Microsoft Visio Viewer 2010 (KB2598287) 32-Bit Edition

Security Update for Microsoft Word 2010 (KB2553488) 32-Bit Edition

Segoe UI

Setting Utility Series

Simple Start Entice

SonicStage 4.3

SonicStage Mastering Studio

SonicStage Mastering Studio Audio Filter

SonicStage Mastering Studio Audio Filter Custom Preset

SonicStage Mastering Studio Plugins

Sony Noise Reduction Plug-In 2.0h

Sony Video Shared Library

SoundTrax

SpywareBlaster 4.6

Suite Shared Configuration CS4

SUPERAntiSpyware

TeXnicCenter Version 2.0 Beta 1

TeXworks 0.4.4

TypingMaster Pro

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

Update for Microsoft .NET Framework 4 Extended (KB2468871)

Update for Microsoft .NET Framework 4 Extended (KB2533523)

Update for Microsoft .NET Framework 4 Extended (KB2600217)

Update for Microsoft Office 2010 (KB2494150)

Update for Microsoft Office 2010 (KB2553065)

Update for Microsoft Office 2010 (KB2553092)

Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553272) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition

Update for Microsoft Office 2010 (KB2566458)

Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition

Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition

Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition

Update for Microsoft OneNote 2010 (KB2687277) 32-Bit Edition

Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition

Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition

Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition

VAIO AV Mode Launcher

VAIO Camera Capture Utility

VAIO Care

VAIO Central

VAIO Event Service

VAIO Help And Support

VAIO Media

VAIO Media 6.0

VAIO Media AC3 Decoder 1.0

VAIO Media Content Collection 6.0

VAIO Media Integrated Server 6.2

VAIO Media Redistribution 6.0

VAIO Media Registration Tool

VAIO Media Registration Tool 6.0

VAIO OOBE

VAIO Power Management

VAIO Productivity Center

VAIO Security Center

VAIO Startup Control

VAIO Video & Photo Suite

VBA (2627.01)

VLC media player 2.0.2

Windows Live Communications Platform

Windows Live Essentials

Windows Live ID Sign-in Assistant

Windows Live Installer

Windows Live Mail

Windows Live MIME IFilter

Windows Live Photo Common

Windows Live PIMT Platform

Windows Live SOXE

Windows Live SOXE Definitions

Windows Live UX Platform

Windows Live UX Platform Language Pack

Windows Live Writer

Windows Live Writer Resources

WinZip 12.0

Wireless Switch Setting Utility

Wolfram Mathematica 7 (M-WIN-L 7.0.0 1148351)

Wolfram Notebook Indexer 2.0

.

==== End Of File ===========================

Link to post
Share on other sites

Welcome to the forum.

This one looks to be OK:

C:\Program Files\CyberScrub Privacy Suite\Scheduler.exe (Spyware.Password) -> Quarantined and deleted successfully.

http://www.systemloo...eduler_exe.html

~~~~~~~~~~~~~~~~

Please remove any usb or external drives from the computer before you run this scan!

Please download and run RogueKiller to your desktop.

Quit all running programs.

For Windows XP, double-click to start.

For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Click Scan to scan the system.

When the scan completes > Close out the program > Don't Fix anything!

Don't run any other options, they're not all bad!!!!!!!

Post back the report which should be located on your desktop.

MrC

------->Your topic will be closed if you haven't replied within 3 days!<--------

(If I don't respond within 48 hours, please send me a PM)

Link to post
Share on other sites

First, Thanks for the help MrCharlie. After deactivating norton I was able to install and run the program. The results are shown below.

RogueKiller V8.3.2 [Dec 10 2012] by Tigzy

mail : tigzyRK<at>gmail<dot>com

Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/

Website : http://tigzy.geekstogo.com/roguekiller.php

Blog : http://tigzyrk.blogspot.com/

Operating System : Windows Vista (6.0.6002 Service Pack 2) 32 bits version

Started in : Normal mode

User : Luis [Admin rights]

Mode : Scan -- Date : 12/11/2012 08:42:24

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 6 ¤¤¤

[HJ SMENU] HKCU\[...]\Advanced : Start_ShowRecentDocs (0) -> FOUND

[HJ SMENU] HKCU\[...]\Advanced : Start_ShowPrinters (0) -> FOUND

[HJ SMENU] HKCU\[...]\Advanced : Start_ShowRun (0) -> FOUND

[HJ DESK] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤

SSDT[13] : NtAlertResumeThread @ 0x82ACA65D -> HOOKED (Unknown @ 0x95B14330)

SSDT[14] : NtAlertThread @ 0x82A43295 -> HOOKED (Unknown @ 0x95B143F0)

SSDT[18] : NtAllocateVirtualMemory @ 0x82A7F54B -> HOOKED (Unknown @ 0x95AEFBA0)

SSDT[21] : NtAlpcConnectPort @ 0x82A2188B -> HOOKED (Unknown @ 0x880125C0)

SSDT[42] : NtAssignProcessToJobObject @ 0x829F4B47 -> HOOKED (Unknown @ 0x95B07F90)

SSDT[67] : NtCreateMutant @ 0x82A57862 -> HOOKED (Unknown @ 0x95B14080)

SSDT[77] : NtCreateSymbolicLinkObject @ 0x829F735E -> HOOKED (Unknown @ 0x95B07CB0)

SSDT[78] : NtCreateThread @ 0x82AC8C74 -> HOOKED (Unknown @ 0x95AF1488)

SSDT[116] : NtDebugActiveProcess @ 0x82A9BD78 -> HOOKED (Unknown @ 0x96DFC128)

SSDT[129] : NtDuplicateObject @ 0x82A2F581 -> HOOKED (Unknown @ 0x95B05A50)

SSDT[147] : NtFreeVirtualMemory @ 0x828BBF1D -> HOOKED (Unknown @ 0x95AEF9B8)

SSDT[156] : NtImpersonateAnonymousToken @ 0x829F1F16 -> HOOKED (Unknown @ 0x95B14170)

SSDT[158] : NtImpersonateThread @ 0x82A07553 -> HOOKED (Unknown @ 0x95B14250)

SSDT[165] : NtLoadDriver @ 0x829A2DEE -> HOOKED (Unknown @ 0x87A92A70)

SSDT[177] : NtMapViewOfSection @ 0x82A478DA -> HOOKED (Unknown @ 0x95AEF8D8)

SSDT[184] : NtOpenEvent @ 0x82A30DFF -> HOOKED (Unknown @ 0x96DFC510)

SSDT[194] : NtOpenProcess @ 0x82A57FFE -> HOOKED (Unknown @ 0x95B05BF0)

SSDT[195] : NtOpenProcessToken @ 0x82A38A60 -> HOOKED (Unknown @ 0x95B05990)

SSDT[197] : NtOpenSection @ 0x82A486AD -> HOOKED (Unknown @ 0x96DFC350)

SSDT[201] : NtOpenThread @ 0x82A5354F -> HOOKED (Unknown @ 0x95B05B20)

SSDT[210] : NtProtectVirtualMemory @ 0x82A51332 -> HOOKED (Unknown @ 0x95B07EA0)

SSDT[282] : NtResumeThread @ 0x82A52B9A -> HOOKED (Unknown @ 0x95ABEC20)

SSDT[289] : NtSetContextThread @ 0x82ACA10B -> HOOKED (Unknown @ 0x95ABEEC0)

SSDT[305] : NtSetInformationProcess @ 0x82A4B908 -> HOOKED (Unknown @ 0x95ABEF80)

SSDT[317] : NtSetSystemInformation @ 0x82A1DEEF -> HOOKED (Unknown @ 0x96DFC208)

SSDT[330] : NtSuspendProcess @ 0x82ACA597 -> HOOKED (Unknown @ 0x96DFC430)

SSDT[331] : NtSuspendThread @ 0x829D192D -> HOOKED (Unknown @ 0x95ABED00)

SSDT[334] : NtTerminateProcess @ 0x82A28173 -> HOOKED (Unknown @ 0x95AF1568)

SSDT[335] : NtTerminateThread @ 0x82A53584 -> HOOKED (Unknown @ 0x95ABEDE0)

SSDT[348] : NtUnmapViewOfSection @ 0x82A47B9D -> HOOKED (Unknown @ 0x95AEF818)

SSDT[358] : NtWriteVirtualMemory @ 0x82A4496D -> HOOKED (Unknown @ 0x95AEFA88)

SSDT[382] : NtCreateThreadEx @ 0x82A53039 -> HOOKED (Unknown @ 0x95B07DA0)

S_SSDT[317] : NtUserAttachThreadInput -> HOOKED (Unknown @ 0x972571E8)

S_SSDT[397] : NtUserGetAsyncKeyState -> HOOKED (Unknown @ 0x973040B0)

S_SSDT[428] : NtUserGetKeyboardState -> HOOKED (Unknown @ 0x97312E80)

S_SSDT[430] : NtUserGetKeyState -> HOOKED (Unknown @ 0x875CA390)

S_SSDT[442] : NtUserGetRawInputData -> HOOKED (Unknown @ 0x97343128)

S_SSDT[479] : NtUserMessageCall -> HOOKED (Unknown @ 0x97312C10)

S_SSDT[497] : NtUserPostMessage -> HOOKED (Unknown @ 0x97312DB0)

S_SSDT[498] : NtUserPostThreadMessage -> HOOKED (Unknown @ 0x97312CE0)

S_SSDT[573] : NtUserSetWindowsHookEx -> HOOKED (Unknown @ 0x973040E8)

S_SSDT[576] : NtUserSetWinEventHook -> HOOKED (Unknown @ 0x9730DFB0)

IRP[iRP_MJ_CREATE] : \SystemRoot\system32\DRIVERS\iaStor.sys -> HOOKED ([MAJOR] Unknown @ 0x85C171F8)

IRP[iRP_MJ_CLOSE] : \SystemRoot\system32\DRIVERS\iaStor.sys -> HOOKED ([MAJOR] Unknown @ 0x85C171F8)

IRP[iRP_MJ_DEVICE_CONTROL] : \SystemRoot\system32\DRIVERS\iaStor.sys -> HOOKED ([MAJOR] Unknown @ 0x85C171F8)

IRP[iRP_MJ_INTERNAL_DEVICE_CONTROL] : \SystemRoot\system32\DRIVERS\iaStor.sys -> HOOKED ([MAJOR] Unknown @ 0x85C171F8)

IRP[iRP_MJ_POWER] : \SystemRoot\system32\DRIVERS\iaStor.sys -> HOOKED ([MAJOR] Unknown @ 0x85C171F8)

IRP[iRP_MJ_SYSTEM_CONTROL] : \SystemRoot\system32\DRIVERS\iaStor.sys -> HOOKED ([MAJOR] Unknown @ 0x85C171F8)

IRP[iRP_MJ_PNP] : \SystemRoot\system32\DRIVERS\iaStor.sys -> HOOKED ([MAJOR] Unknown @ 0x85C171F8)

¤¤¤ HOSTS File: ¤¤¤

--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1 localhost

::1 localhost

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: TOSHIBA MK2035GSS +++++

--- User ---

[MBR] 35066f1065438938f1eddcd8687fd4a2

[bSP] 9d3efa3a0863042cc631c7390f92f09e : Windows Vista MBR Code

Partition table:

0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 7160 Mo

1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 14665728 | Size: 183620 Mo

User = LL1 ... OK!

User = LL2 ... OK!

Finished : << RKreport[1]_S_12112012_02d0842.txt >>

RKreport[1]_S_12112012_02d0842.txt

Link to post
Share on other sites

That scan looks OK

------------------

You can restore this file:

C:\Program Files\CyberScrub Privacy Suite\Scheduler.exe

It looks OK:

http://www.systemloo...eduler_exe.html

You can upload it to VirusTotal for a free scan to check it: (just copy back the url)

http://www.virustotal.com/

------------------------------

We can run some more scans to check the system:

Please read the directions carefully so you don't end up deleting something that is good!!

Please note that TDSSKiller can be run in safe mode if needed.

Here's a video that explains how to run it if needed:

Please download the latest version of TDSSKiller from here and save it to your Desktop.

  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
    image000q.png
  • Put a checkmark beside loaded modules.
    2012081514h0118.png
  • A reboot will be needed to apply the changes. Do it.
  • TDSSKiller will launch automatically after the reboot. Also your computer may seem very slow and unusable. This is normal. Give it enough time to load your background programs.
  • Then click on Change parameters in TDSSKiller.
  • Check all boxes then click OK.
    clip.jpg
  • Click the Start Scan button.
    19695967.jpg
  • The scan should take no longer than 2 minutes.
  • If a suspicious object is detected, the default action will be Skip, click on Continue.
    67776163.jpg
    Any entries like this: \Device\Harddisk0\DR0 ( TDSS File System ) - please choose Skip.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
    Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
    62117367.jpg
    Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
  • A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here. There may be 3 logs > so post or attach all of them.
  • Sometimes these logs can be very large, in that case please attach it or zip it up and attach it.

Here's a summary of what to do if you would like to print it out:

If a suspicious object is detected, the default action will be Skip, click on Continue

If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose

Skip and click on Continue

Any entries like this: \Device\Harddisk0\DR0 ( TDSS File System ) - please choose Skip.

If malicious objects are found, they will show in the Scan results and offer three (3) options.

Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

~~~~~~~~~~~~~~~~~~~~

You can attach the logs if they're too long:

Bottom right corner of this page.

more-reply-options.jpg

New window that comes up.

choose-files1.jpg

MrC

Link to post
Share on other sites

That scan was clean.

Did you restore that file and check it??

~~~~~~~~~~~~~~~~~~~~

Please download and run ComboFix.

The most important things to remember when running it is to disable all your malware programs and run Combofix from your desktop.

Please visit this webpage for download links, and instructions for running ComboFix

http://www.bleepingc...to-use-combofix

Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Information on disabling your malware programs can be found Here.

Make sure you run ComboFix from your desktop.

Give it at least 30-45 minutes to finish if needed.

Please include the C:\ComboFix.txt in your next reply for further review.

---------->NOTE<----------

If you get the message Illegal operation attempted on registry key that has been marked for deletion after you run ComboFix....please reboot the computer, this should resolve the problem. You may have to do this several times if needed.

MrC

Link to post
Share on other sites

Hello MrCharlie,

I ran the ComboFix, the log is shown below, and have attached the file you requested.

ComboFix 12-12-10.01 - Luis 12/11/2012 10:58:57.1.2 - x86

Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2038.771 [GMT -6:00]

Running from: c:\users\Luis\Desktop\ComboFix.exe

AV: Norton 360 *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}

FW: Norton 360 *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}

SP: Norton 360 *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\programdata\pswi_preloaded.exe

c:\programdata\SPL3BEF.tmp

c:\programdata\SPLDA90.tmp

c:\users\Luis\AppData\Local\.#

c:\windows\Downloaded Program Files\IDropPTB.dll

c:\windows\system32\URTTemp

c:\windows\system32\URTTemp\regtlib.exe

c:\windows\WinRAR

c:\windows\WinRAR\uninstall.exe

.

.

((((((((((((((((((((((((( Files Created from 2012-11-11 to 2012-12-11 )))))))))))))))))))))))))))))))

.

.

2012-12-11 17:15 . 2012-12-11 17:16 -------- d-----w- c:\users\Luis\AppData\Local\temp

2012-12-11 17:15 . 2012-12-11 17:15 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-12-10 22:42 . 2012-12-10 22:42 161792 ----a-w- c:\windows\system32\msls31.dll

2012-12-10 04:39 . 2012-12-10 04:53 -------- d-----w- c:\program files\Common Files\Steam

2012-11-14 23:28 . 2012-10-08 07:43 420864 ----a-w- c:\windows\system32\vbscript.dll

2012-11-14 23:28 . 2012-10-08 07:56 1800704 ----a-w- c:\windows\system32\jscript9.dll

2012-11-14 22:29 . 2012-09-25 16:19 75776 ----a-w- c:\windows\system32\synceng.dll

2012-11-14 22:29 . 2012-10-12 14:29 2047488 ----a-w- c:\windows\system32\win32k.sys

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-11-12 16:24 . 2012-04-07 15:28 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-11-12 16:24 . 2011-05-13 15:34 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-09-30 00:54 . 2011-05-18 16:10 22856 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-09-25 04:16 . 2012-10-31 15:03 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll

2012-09-13 13:28 . 2012-10-10 23:32 2048 ----a-w- c:\windows\system32\tzres.dll

2012-12-06 19:12 . 2012-12-06 19:12 262112 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Apoint"="c:\program files\Apoint\Apoint.exe" [2006-11-13 118784]

"ISBMgr.exe"="c:\program files\Sony\ISB Utility\ISBMgr.exe" [2007-01-23 321656]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-07-03 141848]

"Persistence"="c:\windows\system32\igfxpers.exe" [2007-06-26 137752]

"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2012-07-31 41944]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-11 919008]

"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-28 59280]

"Autodesk Sync"="c:\program files\Autodesk\Autodesk Sync\AdSync.exe" [2012-02-06 383424]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-04-19 421888]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-09-10 421776]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

.

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-11-25 113024]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]

2007-02-13 22:19 98304 ----a-w- c:\windows\System32\VESWinlogon.dll

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ autocheck autochk *\0autocheck SsiEfr.exe

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]

@=""

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]

2012-07-30 20:02 640480 ----a-w- c:\program files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe]

2008-01-19 07:33 125952 ----a-w- c:\windows\ehome\ehtray.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

2012-09-10 04:30 421776 ----a-w- c:\program files\iTunes\iTunesHelper.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

2012-04-19 01:56 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]

2011-11-25 19:38 4617600 ----a-w- c:\program files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

.

R4 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [x]

S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [x]

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

Akamai REG_MULTI_SZ Akamai

LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache

.

Contents of the 'Scheduled Tasks' folder

.

2012-12-11 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-07 16:24]

.

2012-12-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1264302015-3741238098-3494674021-1005Core.job

- c:\users\Luis\AppData\Local\Google\Update\GoogleUpdate.exe [2012-04-18 22:06]

.

2012-12-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1264302015-3741238098-3494674021-1005UA.job

- c:\users\Luis\AppData\Local\Google\Update\GoogleUpdate.exe [2012-04-18 22:06]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.com/

uInternet Settings,ProxyOverride = <local>;*.local

IE: E&xport to Microsoft Excel - c:\progra~1\MI7967~1\Office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - c:\progra~1\MI7967~1\Office14\ONBttnIE.dll/105

IE: Transfer by Image Converter 3 - c:\program files\Sony\Image Converter 3\menu.htm

LSP: c:\windows\system32\wpclsp.dll

TCP: DhcpNameServer = 192.168.0.1

FF - ProfilePath - c:\users\Luis\AppData\Roaming\Mozilla\Firefox\Profiles\wnrhp4o2.default\

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - www.google.com

FF - user.js: yahoo.ytff.general.dontshowhpoffer - true

.

.

------- File Associations -------

.

.scr=AutoCADScriptFile

.

- - - - ORPHANS REMOVED - - - -

.

SafeBoot-98343737.sys

SafeBoot-98685825.sys

MSConfigStartUp-GrooveMonitor - c:\program files\Microsoft Office\Office12\GrooveMonitor.exe

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2012-12-11 11:16

Windows 6.0.6002 Service Pack 2 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\N360]

"ImagePath"="\"c:\program files\Norton 360\Engine\6.4.0.9\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton 360\Engine\6.4.0.9\diMaster.dll\" /prefetch:1"

--

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SampleCollector]

"ImagePath"="\"c:\program files\Sony\VAIO Care\VCPerfService.exe\" \"/service\" \"/sstates\" \"/sampleinterval=5000\" \"/procinterval=5\" \"/dllinterval=120\" \"/counter=\Processor(_Total)\% Processor Time:1/counter=\PhysicalDisk(_Total)\Disk Bytes/sec:1\" \"/counter=\Network Interface(*)\Bytes Total/sec:1\" \"/expandcounter=\Processor Information(*)\Processor Frequency:1\" \"/expandcounter=\Processor(*)\% Idle Time:1\" \"/expandcounter=\Processor(*)\% C1 Time:1\" \"/expandcounter=\Processor(*)\% C2 Time:1\" \"/expandcounter=\Processor(*)\% C3 Time:1\" \"/expandcounter=\Processor(*)\% Processor Time:1\" \"/directory=inteldata\""

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Akamai]

"ServiceDll"="c:\program files\common files\akamai/netsession_win_ce5ba24.dll"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

Completion time: 2012-12-11 11:20:51

ComboFix-quarantined-files.txt 2012-12-11 17:20

.

Pre-Run: 90,116,153,344 bytes free

Post-Run: 90,050,822,144 bytes free

.

- - End Of File - - 15E0FF38B2FBE45E4C1A2F3ECB495233

Scheduler.rar

Link to post
Share on other sites

Log from ComboFix looks OK.....

Please download AdwCleaner from here and save it on your Desktop.

  1. Right-click on adwcleaner.exe and select Run As Administrator (for XP just double click) to launch the application.
  2. Now click on the Search tab.
  3. Please post the contents of the log-file created in your next post.

Note: The log can also be located at C:\ >> AdwCleaner[XX].txt >> XX <-- Denotes the number of times the application has been ran, so in this should be something like R1.

MrC

Link to post
Share on other sites

Hi MrCharlie, here is the AdwCleaner log.

# AdwCleaner v2.100 - Logfile created 12/11/2012 at 12:05:37

# Updated 09/12/2012 by Xplode

# Operating system : Windows Vista Home Premium Service Pack 2 (32 bits)

# User : Luis - LUIS-PC

# Boot Mode : Normal

# Running from : C:\Users\Luis\Desktop\adwcleaner.exe

# Option [search]

***** [services] *****

***** [Files / Folders] *****

File Found : C:\Users\Luis\AppData\Roaming\Mozilla\Firefox\Profiles\wnrhp4o2.default\searchplugins\safesearch.xml

***** [Registry] *****

Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}

Key Found : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}

Key Found : HKLM\Software\Freeze.com

Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}

Key Found : HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}

Key Found : HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}

Key Found : HKU\S-1-5-21-1264302015-3741238098-3494674021-1005\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}

***** [internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16455

[OK] Registry is clean.

-\\ Mozilla Firefox v17.0.1 (en-US)

Profile name : default

File : C:\Users\Luis\AppData\Roaming\Mozilla\Firefox\Profiles\wnrhp4o2.default\prefs.js

[OK] File is clean.

-\\ Google Chrome v23.0.1271.95

File : C:\Users\Luis\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [1673 octets] - [11/12/2012 12:05:37]

########## EOF - C:\AdwCleaner[R1].txt - [1733 octets] ##########

Link to post
Share on other sites

Some adware found....lets clear it out.....

  1. Please re-run AdwCleaner
  2. Click on Delete button.
  3. Confirm each time with OK if asked.
  4. Your computer will be rebooted automatically. A text file will open after the restart. Please post the content of that logfile in your reply.

Note: You can find the logfile at C:\AdwCleaner[sn].txt as well - n is the order number.

~~~~~~~~~~~~~~~~~~~~~~

Then......

Lets check your computers security before you go and we have a little cleanup to do also:

Download Security Check by screen317 from HERE or HERE.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt.
  • Please Post the contents of that document.
  • Do Not Attach It!!!

MrC

Link to post
Share on other sites

Hi MrCharlie,

I ran AdwCleaner (Log shown below). I also ran Security Check but the checkup.txt file would not open since mbam originally detected a Trojan.FakeMSin Wordpad and its currently in quarantine.

# AdwCleaner v2.100 - Logfile created 12/11/2012 at 13:39:17

# Updated 09/12/2012 by Xplode

# Operating system : Windows Vista Home Premium Service Pack 2 (32 bits)

# User : Luis - LUIS-PC

# Boot Mode : Normal

# Running from : C:\Users\Luis\Desktop\adwcleaner.exe

# Option [Delete]

***** [services] *****

***** [Files / Folders] *****

File Deleted : C:\Users\Luis\AppData\Roaming\Mozilla\Firefox\Profiles\wnrhp4o2.default\searchplugins\safesearch.xml

***** [Registry] *****

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}

Key Deleted : HKLM\Software\Freeze.com

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}

Key Deleted : HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}

Key Deleted : HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}

***** [internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16455

[OK] Registry is clean.

-\\ Mozilla Firefox v17.0.1 (en-US)

Profile name : default

File : C:\Users\Luis\AppData\Roaming\Mozilla\Firefox\Profiles\wnrhp4o2.default\prefs.js

C:\Users\Luis\AppData\Roaming\Mozilla\Firefox\Profiles\wnrhp4o2.default\user.js ... Deleted !

[OK] File is clean.

-\\ Google Chrome v23.0.1271.95

File : C:\Users\Luis\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [1802 octets] - [11/12/2012 12:05:37]

AdwCleaner[R2].txt - [1862 octets] - [11/12/2012 13:37:57]

AdwCleaner[s1].txt - [1751 octets] - [11/12/2012 13:39:17]

########## EOF - C:\AdwCleaner[s1].txt - [1811 octets] ##########

Link to post
Share on other sites

Looks like notepad.exe is also a false positive:

http://forums.malwar...ndpost&p=622072

Please restore al of those files, update Malwarebytes and .......

Click the Start Menu.

2. Click Run.

3. Type in "mbam.exe /developer", without the quotes.

4. Run the same type of scan you did before (quick) and save the logfile and post it.

MrC

Link to post
Share on other sites

Hi MrCharlie,

I restored Notepad and followed the provided instructions. The log is show below including the log for Security Check.

----------------------------------------

Malwarebytes Anti-Malware 1.65.1.1000

www.malwarebytes.org

Database version: v2012.12.11.11

Windows Vista Service Pack 2 x86 NTFS

Internet Explorer 9.0.8112.16421

Luis :: LUIS-PC [administrator]

12/11/2012 2:45:01 PM

mbam-log-2012-12-11 (14-45-01).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 262569

Time elapsed: 17 minute(s), 40 second(s)

Memory Processes Detected: 0 (No malicious items detected)

Memory Modules Detected: 0 (No malicious items detected)

Registry Keys Detected: 0 (No malicious items detected)

Registry Values Detected: 0 (No malicious items detected)

Registry Data Items Detected: 0 (No malicious items detected)

Folders Detected: 0 (No malicious items detected)

Files Detected: 0 (No malicious items detected)

(end)

Results of screen317's Security Check version 0.99.56

Windows Vista Service Pack 2 x86 (UAC is enabled)

Internet Explorer 9

``````````````Antivirus/Firewall Check:``````````````

Windows Firewall Disabled!

Norton 360

WMI entry may not exist for antivirus; attempting automatic update.

`````````Anti-malware/Other Utilities Check:`````````

SpywareBlaster 4.6

SUPERAntiSpyware

Malwarebytes Anti-Malware version 1.65.1.1000

CCleaner

Java 7 Update 9

Adobe Flash Player 11.5.502.110

Adobe Reader 10.1.4 Adobe Reader out of Date!

Mozilla Firefox (17.0.1)

Google Chrome 21.0.1180.83

Google Chrome 21.0.1180.89

Google Chrome 22.0.1229.79

Google Chrome 22.0.1229.92

Google Chrome 22.0.1229.94

Google Chrome 23.0.1271.64

Google Chrome 23.0.1271.91

Google Chrome 23.0.1271.95

````````Process Check: objlist.exe by Laurent````````

Norton ccSvcHst.exe

Malwarebytes Anti-Malware mbam.exe

`````````````````System Health check`````````````````

Total Fragmentation on Drive C: 0 %

````````````````````End of Log``````````````````````

Link to post
Share on other sites

OK, so all 3 of those files were false positives and the system is clean.

Just check this program for an update:

Adobe Reader 10.1.4 Adobe Reader out of Date! <----Check for an update

You have out dated programs on the system which are vulnerable to malware.

Please update or uninstall them

Info on doing that can be found in my Preventive Maintenance

~~~~~~~~~~~~~~~~~~~~~

A little clean up to do....

Please Uninstall ComboFix: (if you used it)

Press the Windows logo key + R to bring up the "run box"

Copy and paste next command in the field:

ComboFix /uninstall

Make sure there's a space between Combofix and /

cf2.jpg

Then hit enter.

This will uninstall Combofix, delete its related folders and files, hide file extensions, hide the system/hidden files and clears System Restore cache and create new Restore point

(If that doesn't work.....you can simply rename ComboFix.exe to Uninstall.exe and double click it to complete the uninstall)

---------------------------------

Please download OTL from one of the links below: (you may already have OTL on the system)

http://oldtimer.geekstogo.com/OTL.exe

http://oldtimer.geekstogo.com/OTL.com

http://www.itxassoci...T-Tools/OTL.exe

Save it to your desktop.

Run OTL and hit the CleanUp button. (This will cleanup the tools and logs used including itself)

Any other programs or logs you can manually delete.

IE: RogueKiller.exe, RKreport.txt, RK_Quarantine folder, C:\FRST, etc....

-------------------------------

Any questions...please post back.

If you think I've helped you, please leave a comment > click on my avatar picture > click Profile Feed.

Take a look at My Preventive Maintenance to avoid being infected again.

Good Luck and Thanks for using the forum, MrC

Link to post
Share on other sites

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.