Jump to content

continued background attempts to connect with malicious sites


Recommended Posts

Over the last few days the pc has been attempting to connect with malicious sites according to both malwarebytes and ESET Smart Security. Malwarebytes has caught the following IPs

78.47.249.228

85.12.46.159

94.228.209.200

91.212.226.67

195.170.178.55

91.212.226.59

ESET has caught the url clkh71yhks66.com

DDS (Ver_10-03-17.01) - NTFSx86

Run by Dave at 2:30:22.02 on Thu 06/10/2010

Internet Explorer: 8.0.7600.16385

Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.3325.2152 [GMT -4:00]

============== Running Processes ===============

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\nvvsvc.exe

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\nvvsvc.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\Dwm.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\taskhost.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files\BWMeter\BWMeterConSvc.exe

C:\Program Files\ESET\ESET Smart Security\ekrn.exe

C:\Program Files\NeoSmart Technologies\iReboot\iRebootd.exe

C:\Program Files\Microsoft IntelliType Pro\itype.exe

C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe

C:\Program Files\ESET\ESET Smart Security\egui.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files\Common Files\LightScribe\LSSrvc.exe

C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe

C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe

C:\Windows\system32\SearchIndexer.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\system32\taskeng.exe

C:\Program Files\DisplayFusion\DisplayFusion.exe

C:\Program Files\Internet Download Manager\IDMan.exe

C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe

C:\Program Files\NeoSmart Technologies\iReboot\iReboot.exe

C:\Program Files\BWMeter\BWMeter.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

I:\Downloads\Everest\5.50.2154\Everest\everest.exe

C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe

C:\Program Files\Internet Download Manager\IEMonitor.exe

c:\program files\logitech\logitech webcam software\lu\lulnchr.exe

C:\program files\logitech\logitech webcam software\lu\LogitechUpdate.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Windows\System32\svchost.exe -k secsvcs

C:\Windows\system32\wuauclt.exe

C:\Program Files\Shiretoko\firefox.exe

C:\Users\Dave\Desktop\Defogger.exe

C:\Windows\system32\conhost.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Users\Dave\Desktop\dds.scr

C:\Windows\system32\conhost.exe

C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/

uDefault_Search_URL = hxxp://www.google.com/ie

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

BHO: IDMIEHlprObj Class: {0055c089-8582-441b-a0bf-17b458c2a3a8} - c:\program files\internet download manager\IDMIECC.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~2\office14\URLREDIR.DLL

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

uRun: [sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun

uRun: [DisplayFusion] "c:\program files\displayfusion\DisplayFusion.exe"

uRun: [iDMan] c:\program files\internet download manager\IDMan.exe /onboot

uRun: [indxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\nero\lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020

mRun: [itype] "c:\program files\microsoft intellitype pro\itype.exe"

mRun: [LogitechQuickCamRibbon] "c:\program files\logitech\logitech webcam software\LWS.exe" /hide

mRun: [egui] "c:\program files\eset\eset smart security\egui.exe" /hide /waitservice

mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

StartupFolder: c:\users\dave\appdata\roaming\micros~1\windows\startm~1\programs\startup\bwmeter.lnk - c:\program files\bwmeter\BWMeter.exe

StartupFolder: c:\users\dave\appdata\roaming\micros~1\windows\startm~1\programs\startup\everes~1.lnk - i:\downloads\everest\5.50.2154\everest\everest.exe

StartupFolder: c:\users\dave\appdata\roaming\micros~1\windows\startm~1\programs\startup\mailwa~1.lnk - c:\program files\firetrust\mailwasher pro\MailWasher.exe

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\ireboo~1.lnk - c:\program files\neosmart technologies\ireboot\iReboot.exe

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: Download all links with IDM - c:\program files\internet download manager\IEGetAll.htm

IE: Download FLV video content with IDM - c:\program files\internet download manager\IEGetVL.htm

IE: Download with IDM - c:\program files\internet download manager\IEExt.htm

IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - c:\progra~1\micros~2\office14\ONBttnIE.dll/105

IE: {FB858B22-55E2-413f-87F5-30ADC5552151} - c:\program files\plotsoft\pdfill\DownloadPDF.exe

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll

IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll

LSP: c:\windows\system32\idmmbc.dll

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL

mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"

================= FIREFOX ===================

FF - ProfilePath - c:\users\dave\appdata\roaming\mozilla\firefox\profiles\febeprof.dave\

FF - prefs.js: browser.search.selectedEngine - eBay

FF - prefs.js: browser.startup.homepage - hxxp://sirocco.accuweather.com/nx_mosaic_640x480_public/sir/inmaSIRNY_.gif|http://192.168.0.1/fap_meter/

FF - prefs.js: network.proxy.type - 4

FF - component: c:\users\dave\appdata\roaming\idm\idmmzcc3\components\idmmzcc.dll

FF - component: c:\users\dave\appdata\roaming\mozilla\firefox\profiles\febeprof.dave\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll

FF - plugin: c:\progra~1\micros~2\office14\NPAUTHZ.DLL

FF - plugin: c:\progra~1\micros~2\office14\NPSPWRAP.DLL

FF - plugin: c:\program files\google\picasa3\npPicasa3.dll

FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\users\dave\appdata\local\google\google earth\plugin\npgeplugin.dll

---- FIREFOX POLICIES ----

c:\program files\shiretoko\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pr

ef", true);

c:\program files\shiretoko\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");

c:\program files\shiretoko\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);

c:\program files\shiretoko\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);

c:\program files\shiretoko\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

c:\program files\shiretoko\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "");

c:\program files\shiretoko\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "");

c:\program files\shiretoko\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-f-CN", "");

============= SERVICES / DRIVERS ===============

R2 BWMeterConSvc;BWMeter Connections Service;c:\program files\bwmeter\BWMeterConSvc.exe [2010-5-22 62464]

R2 ekrn;ESET Service;c:\program files\eset\eset smart security\ekrn.exe [2009-9-11 735960]

R2 epfwwfp;epfwwfp;c:\windows\system32\drivers\epfwwfp.sys [2009-9-11 38240]

R2 iReboot;iReboot Background Service;c:\program files\neosmart technologies\ireboot\iRebootd.exe [2009-9-15 17408]

R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2010-6-7 304464]

R3 dsnpfdMP;dsnpfdMP;c:\windows\system32\drivers\dsnpfd.sys [2010-5-22 28552]

R3 EverestDriver;Lavalys EVEREST Kernel Driver;i:\downloads\everest\5.50.2154\everest\kerneld.wnt [2010-5-28 27760]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-6-7 20952]

R3 NMgamingmsFltr;USB Optical Mouse;c:\windows\system32\drivers\NMgamingms.sys [2009-7-24 9472]

R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2009-3-1 139776]

R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\drivers\WSDPrint.sys [2009-7-13 17920]

S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]

S3 dsnpfd;Dsnpfd Service;c:\windows\system32\drivers\dsnpfd.sys [2010-5-22 28552]

S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]

S4 KMService;KMService;c:\windows\system32\srvany.exe [2010-5-22 8192]

=============== Created Last 30 ================

2010-06-10 06:06:44 0 ----a-w- c:\users\dave\defogger_reenable

2010-06-09 22:38:37 0 d-----w- C:\QUARANTINE

2010-06-09 22:15:56 0 d-----w- c:\program files\common files\Cisco Systems

2010-06-09 22:10:49 65536 --sha-w- c:\users\dave\ntuser.dat{3331e2bb-7413-11df-ad39-6cf049077546}.TM.blf

2010-06-09 22:10:49 524288 --sha-w- c:\users\dave\ntuser.dat{3331e2bb-7413-11df-ad39-6cf049077546}.TMContainer00000000000000000002.regtrans-ms

2010-06-09 22:10:49 524288 --sha-w- c:\users\dave\ntuser.dat{3331e2bb-7413-11df-ad39-6cf049077546}.TMContainer00000000000000000001.regtrans-ms

2010-06-09 21:49:01 0 d-----w- c:\programdata\McAfee

2010-06-09 21:48:57 0 d-----w- c:\program files\McAfee

2010-06-09 19:35:22 0 d-----w- c:\windows\pss

2010-06-09 19:17:09 0 d-----w- c:\programdata\Sun

2010-06-09 15:56:42 287301911 ----a-w- c:\windows\MEMORY.DMP

2010-06-09 15:44:43 0 d-s---w- C:\Combo-Fix9146C

2010-06-09 15:22:35 0 d-sh--w- C:\$RECYCLE.BIN

2010-06-09 11:49:48 0 d-----w- c:\program files\NeroInstall.bak

2010-06-09 11:47:39 1024 ----a-w- c:\users\dave\.rnd

2010-06-09 11:46:47 0 d-----w- c:\programdata\Nero

2010-06-09 11:46:47 0 d-----w- c:\program files\Nero

2010-06-08 03:50:44 0 d-----w- c:\programdata\LightScribe

2010-06-08 03:39:44 0 d-----w- C:\Combo-Fix

2010-06-08 02:41:14 98816 ----a-w- c:\windows\sed.exe

2010-06-08 02:41:14 77312 ----a-w- c:\windows\MBR.exe

2010-06-08 02:41:14 256512 ----a-w- c:\windows\PEV.exe

2010-06-08 02:41:14 161792 ----a-w- c:\windows\SWREG.exe

2010-06-07 13:10:04 0 d-----w- c:\users\dave\appdata\roaming\Malwarebytes

2010-06-07 13:09:58 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-06-07 13:09:56 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-06-07 13:09:56 0 d-----w- c:\programdata\Malwarebytes

2010-06-07 13:09:53 0 d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-06-06 19:15:40 0 d-----w- c:\programdata\Apple Computer

2010-06-06 19:15:04 0 d-----w- c:\programdata\Apple

2010-06-05 07:21:35 65602 ----a-w- c:\windows\system32\cook3260.dll

2010-06-05 07:21:35 626688 ----a-w- c:\windows\system32\vp7vfw.dll

2010-06-05 07:21:35 217127 ----a-w- c:\windows\system32\drv43260.dll

2010-06-05 07:21:35 208935 ----a-w- c:\windows\system32\drv33260.dll

2010-06-05 07:21:35 176165 ----a-w- c:\windows\system32\drv23260.dll

2010-06-05 07:21:35 1184984 ----a-w- c:\windows\system32\wvc1dmod.dll

2010-06-05 07:21:35 102439 ----a-w- c:\windows\system32\sipr3260.dll

2010-06-05 07:21:30 0 d-----w- c:\program files\VSO

2010-06-05 07:16:24 67 ----a-w- c:\windows\My Video Converter.INI

2010-06-05 07:15:57 0 d-----w- c:\program files\My Video Converter

2010-06-04 06:48:08 0 d-----w- c:\users\dave\appdata\roaming\WebcamMax

2010-06-04 06:48:08 0 d-----w- c:\programdata\WebcamMax

2010-06-04 06:46:06 0 d-----w- c:\program files\WebcamMax

2010-06-03 12:17:08 0 d-----w- c:\users\dave\appdata\roaming\DisplayFusion

2010-06-03 12:00:54 0 d-----w- c:\users\dave\appdata\roaming\Binary Fortress Software

2010-06-03 11:56:44 0 d-----w- c:\program files\DisplayFusion

2010-06-02 00:06:44 0 d-----w- c:\users\dave\.jbidwatcher

2010-06-01 22:21:34 411368 ----a-w- c:\windows\system32\deployJava1.dll

2010-05-31 23:32:09 222172 ----a-w- c:\users\dave\YouTube - MAH00120.pdf

2010-05-31 23:22:06 0 d-----w- c:\users\dave\.javaws

2010-05-31 23:09:34 0 d-----w- c:\programdata\PlotSoft

2010-05-31 23:09:34 0 d-----w- c:\program files\PlotSoft

2010-05-31 22:50:29 0 d-----w- c:\program files\Acro Software

2010-05-31 14:13:27 52 ----a-w- c:\windows\system32\everest_cpl.ini

2010-05-31 14:13:27 162304 ----a-w- c:\windows\system32\everest_cpl.cpl

2010-05-28 19:13:57 0 d-----w- C:\New folder

2010-05-28 14:57:06 0 d-----w- c:\program files\NeoSmart Technologies

2010-05-28 01:05:31 499712 ----a-w- c:\windows\system32\msvcp71.dll

2010-05-28 01:05:21 0 d-----w- c:\program files\Real Alternative

2010-05-27 06:43:04 0 d-----w- c:\users\dave\appdata\roaming\TweetDeckFast.FFF259DC0CE2657847BBB4AFF0E62062EFC56543.1

2010-05-27 06:43:01 0 d-----w- c:\program files\TweetDeck

2010-05-27 04:04:04 2048 ----a-w- c:\windows\system32\tzres.dll

2010-05-27 03:46:19 47360 ----a-w- c:\windows\system32\drivers\pcouffin.sys

2010-05-27 03:46:19 47360 ----a-w- c:\users\dave\appdata\roaming\pcouffin.sys

2010-05-27 03:46:18 0 d-----w- c:\users\dave\appdata\roaming\NVIDIA

2010-05-27 03:45:59 0 d-----w- c:\program files\DVDFab 7

2010-05-26 19:07:39 0 d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2

2010-05-26 12:21:52 0 d-----w- c:\program files\Wireshark

2010-05-26 08:47:43 1386496 ----a-w- c:\windows\system32\temp.000

2010-05-26 08:47:42 0 d-----w- c:\program files\WS_FTP Password Recoverer 2.5

2010-05-24 20:19:39 0 d-----w- c:\programdata\NCH Software

2010-05-24 20:19:31 0 d-----w- c:\program files\NCH Software

2010-05-24 20:19:27 0 d-----w- c:\users\dave\appdata\roaming\NCH Software

2010-05-24 06:48:31 0 d-----w- c:\users\dave\appdata\roaming\URSoft

2010-05-24 06:48:30 0 d---a-w- c:\programdata\TEMP

2010-05-24 06:48:17 0 d-----w- c:\program files\Your Uninstaller 2010

2010-05-24 06:42:50 0 d-----w- C:\temp

2010-05-24 06:41:41 0 d-----w- C:\quiz

2010-05-24 06:41:26 110592 ----a-w- c:\windows\system32\tsccvid.dll

2010-05-23 20:48:44 0 d-----w- C:\gig

2010-05-23 06:03:27 0 d-----w- c:\program files\common files\Windows Live

2010-05-23 04:38:00 0 d-----w- c:\users\dave\appdata\roaming\ESET

2010-05-23 04:32:38 0 d-----w- c:\programdata\ESET

2010-05-23 04:32:38 0 d-----w- c:\program files\ESET

2010-05-22 23:19:10 0 d-----w- c:\program files\Matroska Pack

2010-05-22 20:15:13 0 d-----w- c:\users\dave\appdata\roaming\MailWasherPro

2010-05-22 20:15:12 0 d-----w- c:\program files\FireTrust

2010-05-22 20:06:30 0 d-----w- c:\programdata\LogiShrd

2010-05-22 19:57:47 299552 ----a-w- c:\windows\wmsysprx.prx

2010-05-22 19:56:50 0 d-----w- c:\users\dave\appdata\roaming\Acoustica

2010-05-22 19:54:22 0 d-----w- c:\program files\Acoustica CD Label Maker

2010-05-22 19:54:03 348160 ----a-w- c:\windows\system32\msvcr71.dll

2010-05-22 19:32:12 8192 ----a-w- c:\windows\system32\srvany.exe

2010-05-22 14:25:20 0 d-----w- c:\program files\Microsoft IntelliType Pro

2010-05-22 13:33:59 0 d-----w- c:\windows\PCHEALTH

2010-05-22 13:33:16 0 d-----w- c:\program files\Microsoft Analysis Services

2010-05-22 13:32:52 0 d-----w- c:\programdata\Microsoft Help

2010-05-22 12:59:45 0 d-----w- c:\programdata\DeskSoft

2010-05-22 12:57:01 28552 ----a-w- c:\windows\system32\drivers\dsnpfd.sys

2010-05-22 12:57:01 0 d-----w- c:\users\dave\appdata\roaming\DeskSoft

2010-05-22 12:57:01 0 d-----w- c:\program files\BWMeter

2010-05-22 07:51:12 0 d-----w- c:\programdata\Adobe

2010-05-22 07:19:31 0 d-----w- c:\users\dave\appdata\roaming\IDM

2010-05-22 07:19:30 0 d-----w- c:\users\dave\appdata\roaming\DMCache

2010-05-22 07:19:24 0 d-----w- c:\program files\Internet Download Manager

2010-05-22 07:06:29 0 d-----w- c:\program files\common files\Software Update Utility

2010-05-22 07:02:01 0 d-----w- c:\programdata\NVIDIA

2010-05-22 07:01:41 0 d-sh--w- c:\windows\Installer

2010-05-22 07:01:35 0 d-----w- c:\program files\NVIDIA Corporation

2010-05-22 06:56:15 0 d-----w- c:\program files\AIM Toolbar

2010-05-22 06:55:23 0 d-----w- c:\programdata\AIM

2010-05-22 06:55:22 0 d-----w- c:\program files\AIM

2010-05-22 06:55:20 0 d-----w- c:\program files\common files\AOL

2010-05-22 06:54:15 1042 ---ha-w- C:\IPH.PH

2010-05-22 06:40:48 728648 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys

2010-05-22 06:40:48 507568 ----a-w- c:\windows\system32\winload.exe

2010-05-22 06:40:48 442920 ----a-w- c:\windows\system32\winresume.exe

2010-05-22 06:40:48 1320960 ----a-w- c:\windows\system32\CertEnroll.dll

2010-05-22 06:40:47 12625408 ----a-w- c:\windows\system32\wmploc.DLL

2010-05-22 06:38:10 0 d-----w- c:\programdata\Google

2010-05-22 06:29:57 0 d-----w- c:\program files\Shiretoko

2010-05-22 05:45:27 0 ----a-w- c:\windows\system32\drivers\lvuvc.hs

2010-05-22 05:45:13 12800 ----a-w- c:\windows\system32\drivers\sffp_sd.sys

2010-05-22 05:42:59 85504 ----a-w- c:\windows\system32\secproc_ssp_isv.dll

2010-05-22 05:42:59 85504 ----a-w- c:\windows\system32\secproc_ssp.dll

2010-05-22 05:42:59 280064 ----a-w- c:\windows\system32\RMActivate_ssp.exe

2010-05-22 05:42:59 277504 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe

2010-05-22 05:42:59 132608 ----a-w- c:\windows\system32\cabview.dll

2010-05-22 00:58:28 8192 --sha-r- C:\BOOTSECT.BAK

2010-05-22 00:58:26 383562 --sha-r- C:\bootmgr

2010-05-22 00:58:26 0 d-----w- C:\Boot

2010-05-22 00:00:44 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_09_00.Wdf

2010-05-21 21:11:07 713888 ----a-w- c:\windows\system32\PerfStringBackup.INI

2010-05-21 21:10:54 0 d-----w- c:\windows\system32\wbem\Performance

2010-05-21 21:05:17 171136 --sha-r- C:\w7ldr

2010-05-21 21:04:42 0 d-sh--we c:\programdata\Documents

2010-05-21 21:04:42 0 d-----w- C:\Recovery

2010-05-21 21:04:41 0 d-sh--we C:\Documents and Settings

==================== Find3M ====================

2010-05-12 15:21:16 221568 ------w- c:\windows\system32\MpSigStub.exe

2010-04-29 18:47:18 3600384 ----a-w- c:\windows\system32\GPhotos.scr

2010-04-03 22:27:00 985704 ----a-w- c:\windows\system32\nvsvc.dll

2010-04-03 22:27:00 66664 ----a-w- c:\windows\system32\nvshext.dll

2010-04-03 22:27:00 13683816 ----a-w- c:\windows\system32\nvcpl.dll

2010-04-03 22:27:00 129640 ----a-w- c:\windows\system32\nvvsvc.exe

2010-04-03 22:27:00 110696 ----a-w- c:\windows\system32\nvmctray.dll

2010-03-26 00:07:00 20768 ----a-w- c:\windows\system32\MFEOtlk.dll

2009-07-14 04:56:42 31548 ----a-w- c:\windows\inf\perflib\0409\perfd.dat

2009-07-14 04:56:42 31548 ----a-w- c:\windows\inf\perflib\0409\perfc.dat

2009-07-14 04:56:42 291294 ----a-w- c:\windows\inf\perflib\0409\perfi.dat

2009-07-14 04:56:42 291294 ----a-w- c:\windows\inf\perflib\0409\perfh.dat

2009-07-14 04:41:57 174 --sha-w- c:\program files\desktop.ini

2009-07-14 00:34:40 291294 ----a-w- c:\windows\inf\perflib\0000\perfi.dat

2009-07-14 00:34:40 291294 ----a-w- c:\windows\inf\perflib\0000\perfh.dat

2009-07-14 00:34:38 31548 ----a-w- c:\windows\inf\perflib\0000\perfd.dat

2009-07-14 00:34:38 31548 ----a-w- c:\windows\inf\perflib\0000\perfc.dat

2009-06-10 21:26:35 9633792 --sha-r- c:\windows\fonts\StaticCache.dat

2009-07-14 01:14:45 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe

============= FINISH: 2:31:13.28 ===============

Link to post
Share on other sites

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

Database version: 4185

Windows 6.1.7600

Internet Explorer 8.0.7600.16385

6/10/2010 3:16:20 AM

mbam-log-2010-06-10 (03-16-20).txt

Scan type: Quick scan

Objects scanned: 123368

Time elapsed: 6 minute(s), 13 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Link to post
Share on other sites

Hello ,

And :) My name is Elise and I'll be glad to help you with your computer problems.

I will be working on your malware issues, this may or may not solve other issues you may have with your machine.

Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.

  • The cleaning process is not instant. Logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that happen.
  • Please reply using the Add/Reply button in the lower right hand corner of your screen. Do not start a new topic.
  • The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.
  • Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, send me or a moderator a personal message with the address of the thread or feel free to create a new one.

You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications.

-----------------------------------------------------------

Please download GMER from one of the following locations and save it to your desktop:

  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.

  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.
    gmer_zip.gif
  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and re-enable all active protection when done.

-- If you encounter any problems, try running GMER in Safe Mode.

-------------------------------------------------------------

In the meantime please, do NOT install any new programs or update anything unless told to do so while we are fixing your problem

If you still need help, please include the following in your next reply

  • A detailed description of your problems
  • GMER log
  • attach.txt (created by DDS)

Link to post
Share on other sites

I forgot to mention I seem to be blocked from accessing Windows Updates. Attempting to download updates results in error Code80072EFE

Here is the GMER.LOG

GMER 1.0.15.15281 - http://www.gmer.net

Rootkit scan 2010-06-10 10:06:03

Windows 6.1.7600

Running: 128efx3u.exe; Driver: C:\Users\Dave\AppData\Local\Temp\kxldapow.sys

---- System - GMER 1.0.15 ----

INT 0x1F \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82C26AF8

INT 0x37 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82C26104

INT 0xC1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82C263F4

INT 0xD1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82C0F2D8

INT 0xD2 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82C0E898

INT 0xDF \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82C261DC

INT 0xE1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82C26958

INT 0xE3 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82C266F8

INT 0xFD \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82C26F2C

INT 0xFE \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82C271A8

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwSaveKeyEx + 13AD 82C86599 1 Byte [06]

.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82CAAF52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}

.text peauth.sys A7222C9D 28 Bytes [84, 89, CB, 9F, 7E, FE, 59, ...]

.text peauth.sys A7222CC1 28 Bytes [84, 89, CB, 9F, 7E, FE, 59, ...]

PAGE peauth.sys A7228B9B 72 Bytes [49, 1F, D4, 05, 56, 98, C1, ...]

PAGE peauth.sys A7228BEC 111 Bytes [99, 4B, C6, 7C, F9, D5, 58, ...]

PAGE peauth.sys A722902C 102 Bytes [10, D5, FD, A4, 49, CF, 62, ...]

---- User code sections - GMER 1.0.15 ----

.text C:\Windows\system32\svchost.exe[1052] ntdll.dll!NtProtectVirtualMemory 773B5360 5 Bytes JMP 0029000A

.text C:\Windows\system32\svchost.exe[1052] ntdll.dll!NtWriteVirtualMemory 773B5EE0 5 Bytes JMP 002A000A

.text C:\Windows\system32\svchost.exe[1052] ntdll.dll!KiUserExceptionDispatcher 773B6448 5 Bytes JMP 0027000A

.text C:\Windows\system32\svchost.exe[1052] ole32.dll!CoCreateInstance 765457FC 5 Bytes JMP 0091000A

.text C:\Windows\system32\svchost.exe[1052] USER32.dll!GetCursorPos 772AC198 5 Bytes JMP 00F0000A

.text C:\Windows\system32\wuauclt.exe[1152] ntdll.dll!NtProtectVirtualMemory 773B5360 5 Bytes JMP 0010000A

.text C:\Windows\system32\wuauclt.exe[1152] ntdll.dll!NtWriteVirtualMemory 773B5EE0 5 Bytes JMP 0019000A

.text C:\Windows\system32\wuauclt.exe[1152] ntdll.dll!KiUserExceptionDispatcher 773B6448 5 Bytes JMP 000F000A

.text C:\Windows\Explorer.EXE[1584] ntdll.dll!NtProtectVirtualMemory 773B5360 5 Bytes JMP 0040000A

.text C:\Windows\Explorer.EXE[1584] ntdll.dll!NtWriteVirtualMemory 773B5EE0 5 Bytes JMP 0041000A

.text C:\Windows\Explorer.EXE[1584] ntdll.dll!KiUserExceptionDispatcher 773B6448 5 Bytes JMP 000D000A

.text C:\Program Files\ESET\ESET Smart Security\ekrn.exe[1908] kernel32.dll!SetUnhandledExceptionFilter 75C53142 4 Bytes [C2, 04, 00, 00]

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs eamon.sys (Amon monitor/ESET)

Device \Driver\ACPI_HAL \Device\00000057 halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

AttachedDevice \Driver\volmgr \Device\HarddiskVolume5 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

AttachedDevice \Driver\volmgr \Device\HarddiskVolume6 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

AttachedDevice \Driver\volmgr \Device\HarddiskVolume7 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

AttachedDevice \Driver\volmgr \Device\HarddiskVolume8 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

AttachedDevice \Driver\volmgr \Device\HarddiskVolume9 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----

Link to post
Share on other sites

Hello there,

COMBOFIX

---------------

Please download ComboFix from one of these locations:

Bleepingcomputer
ForoSpyware

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Combofix.exe and follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, or if you are running Vista, ComboFix will continue it's malware removal procedures.

Query_RC.gif

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

RC_successful.gif

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

Link to post
Share on other sites

During this run beginning just after stage 3 completed an error window continued to pop up "Find String (QREP) Utility has stopped working". Each time it did I clicked "Close the program". I lost count but this must have happened at least 20 times. It did not happen at every stage. Some stages had more than others and some had no error. This did not happen after the reboot.

Both Malwarebytes and Eset continue to catch attempts to connect to malicious sites.

Here is the ComboFix log file:

ComboFix 10-06-09.04 - Dave 06/10/2010 11:12:16.3.4 - x86

Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.3325.1946 [GMT -4:00]

Running from: c:\users\Dave\Desktop\Combo---Fix.exe

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

Infected copy of c:\windows\system32\wuauclt.exe was found and disinfected

Restored copy from - c:\windows\ERDNT\cache\wuauclt.exe

Infected copy of c:\windows\system32\ctfmon.exe was found and disinfected

Restored copy from - c:\windows\ERDNT\cache\ctfmon.exe

.

((((((((((((((((((((((((( Files Created from 2010-05-10 to 2010-06-10 )))))))))))))))))))))))))))))))

.

2010-06-10 15:24 . 2010-06-10 15:24 -------- d-----w- c:\users\Public\AppData\Local\temp

2010-06-10 15:24 . 2010-06-10 15:24 -------- d-----w- c:\users\Default\AppData\Local\temp

2010-06-10 15:07 . 2010-06-10 15:08 -------- d-----w- C:\32788R22FWJFW

2010-06-10 09:26 . 2010-05-25 18:31 2480736 -c----w- c:\programdata\Microsoft\Windows\WER\ReportQueue\Critical_Windows Defender_bf198b4d16606a9398f328e8c57f8381c5e49721_cab_148db270\everest.exe

2010-06-09 22:38 . 2010-06-09 22:38 -------- d-----w- C:\QUARANTINE

2010-06-09 22:15 . 2010-06-09 22:15 -------- d-----w- c:\program files\Common Files\Cisco Systems

2010-06-09 21:49 . 2010-06-10 05:52 -------- d-----w- c:\programdata\McAfee

2010-06-09 21:48 . 2010-06-09 21:49 -------- d-----w- c:\program files\McAfee

2010-06-09 19:17 . 2010-06-09 19:17 -------- d-----w- c:\program files\Common Files\Java

2010-06-09 19:16 . 2010-06-09 19:16 -------- d-----w- c:\program files\Java

2010-06-09 19:13 . 2010-06-09 19:13 -------- d-----w- c:\program files\Common Files\Adobe

2010-06-09 15:17 . 2010-06-10 15:26 -------- d-----w- c:\users\Dave\AppData\Local\temp

2010-06-09 13:10 . 2010-06-09 13:10 -------- d-----w- c:\program files\FLV Player

2010-06-09 11:53 . 2010-06-09 11:53 -------- d-----w- c:\users\Dave\AppData\Roaming\Nero

2010-06-09 11:49 . 2010-06-09 11:49 -------- d-----w- c:\users\Dave\AppData\Local\Ahead

2010-06-09 11:49 . 2010-06-09 11:49 -------- d-----w- c:\program files\NeroInstall.bak

2010-06-09 11:46 . 2010-06-09 11:47 -------- d-----w- c:\program files\Common Files\Nero

2010-06-09 11:46 . 2010-06-09 11:46 -------- d-----w- c:\programdata\Nero

2010-06-09 11:46 . 2010-06-09 11:46 -------- d-----w- c:\program files\Nero

2010-06-08 03:50 . 2010-06-08 03:50 -------- d-----w- c:\programdata\LightScribe

2010-06-08 03:39 . 2010-06-08 03:41 -------- d-----w- C:\Combo-Fix

2010-06-08 02:51 . 2010-06-08 02:51 -------- d-----w- c:\users\Dave\AppData\Local\Diagnostics

2010-06-07 13:10 . 2010-06-07 13:10 -------- d-----w- c:\users\Dave\AppData\Roaming\Malwarebytes

2010-06-07 13:09 . 2010-04-29 19:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-06-07 13:09 . 2010-06-07 13:09 -------- d-----w- c:\programdata\Malwarebytes

2010-06-07 13:09 . 2010-04-29 19:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-06-07 13:09 . 2010-06-07 13:11 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-06-06 19:20 . 2010-06-06 19:20 -------- d-----w- c:\users\Dave\AppData\Local\Apple Computer

2010-06-06 19:17 . 2010-06-06 19:17 -------- d-----w- c:\users\Dave\AppData\Local\ESET

2010-06-06 19:15 . 2010-06-06 19:20 -------- d-----w- c:\programdata\Apple Computer

2010-06-06 19:15 . 2010-06-06 19:16 -------- d-----w- c:\program files\QuickTime

2010-06-06 19:15 . 2010-06-06 19:15 -------- d-----w- c:\users\Dave\AppData\Local\Apple

2010-06-06 19:15 . 2010-06-06 19:15 -------- d-----w- c:\program files\Apple Software Update

2010-06-06 19:15 . 2010-06-06 19:15 -------- d-----w- c:\programdata\Apple

2010-06-05 07:21 . 2010-02-09 19:37 65602 ----a-w- c:\windows\system32\cook3260.dll

2010-06-05 07:21 . 2010-02-09 19:37 626688 ----a-w- c:\windows\system32\vp7vfw.dll

2010-06-05 07:21 . 2010-02-09 19:37 217127 ----a-w- c:\windows\system32\drv43260.dll

2010-06-05 07:21 . 2010-02-09 19:37 208935 ----a-w- c:\windows\system32\drv33260.dll

2010-06-05 07:21 . 2010-02-09 19:37 176165 ----a-w- c:\windows\system32\drv23260.dll

2010-06-05 07:21 . 2010-02-09 19:37 1184984 ----a-w- c:\windows\system32\wvc1dmod.dll

2010-06-05 07:21 . 2010-02-09 19:37 102439 ----a-w- c:\windows\system32\sipr3260.dll

2010-06-05 07:21 . 2010-06-05 07:21 -------- d-----w- c:\program files\VSO

2010-06-05 07:15 . 2010-06-05 07:18 -------- d-----w- c:\program files\My Video Converter

2010-06-04 06:48 . 2010-06-04 06:58 -------- d-----w- c:\programdata\WebcamMax

2010-06-04 06:48 . 2010-06-04 06:48 -------- d-----w- c:\users\Dave\AppData\Roaming\WebcamMax

2010-06-04 06:46 . 2010-06-04 06:46 -------- d-----w- c:\program files\WebcamMax

2010-06-03 12:17 . 2010-06-10 06:28 -------- d-----w- c:\users\Dave\AppData\Roaming\DisplayFusion

2010-06-03 12:00 . 2010-06-03 12:01 -------- d-----w- c:\users\Dave\AppData\Roaming\Binary Fortress Software

2010-06-03 11:56 . 2010-06-03 12:01 -------- d-----w- c:\program files\DisplayFusion

2010-06-02 00:06 . 2010-06-02 00:29 -------- d-----w- c:\users\Dave\.jbidwatcher

2010-06-01 22:21 . 2010-06-09 19:16 411368 ----a-w- c:\windows\system32\deployJava1.dll

2010-06-01 07:20 . 2010-06-01 07:20 -------- d-----w- c:\users\Dave\AppData\Local\Sony

2010-05-31 23:22 . 2010-05-31 23:22 -------- d-----w- c:\users\Dave\.javaws

2010-05-31 23:21 . 2010-05-31 23:21 -------- d-----w- c:\users\Dave\AppData\Local\Programs

2010-05-31 23:09 . 2010-05-31 23:09 -------- d-----w- c:\programdata\PlotSoft

2010-05-31 23:09 . 2010-05-31 23:09 -------- d-----w- c:\program files\PlotSoft

2010-05-31 22:50 . 2010-05-31 22:50 -------- d-----w- c:\program files\Acro Software

2010-05-28 19:13 . 2010-05-28 19:16 -------- d-----w- C:\New folder

2010-05-28 18:05 . 2010-05-28 18:05 -------- d-----w- c:\users\Dave\AppData\Local\NeoSmart_Technologies

2010-05-28 15:51 . 2010-05-28 15:52 2209198 ----a-w- c:\users\Dave\AppData\Roaming\IDM\DwnlData\Dave\vegaspro90c_64bit_777\vegaspro90c_64bit.exe

2010-05-28 14:57 . 2010-05-28 14:57 -------- d-----w- c:\program files\NeoSmart Technologies

2010-05-28 07:34 . 2010-05-28 07:34 -------- d-----w- c:\program files\Google

2010-05-28 01:05 . 2003-03-19 03:14 499712 ----a-w- c:\windows\system32\msvcp71.dll

2010-05-28 01:05 . 2010-05-28 01:05 -------- d-----w- c:\program files\Real Alternative

2010-05-27 06:43 . 2010-05-27 06:43 -------- d-----w- c:\users\Dave\AppData\Roaming\TweetDeckFast.FFF259DC0CE2657847BBB4AFF0E62062EFC56543.1

2010-05-27 06:43 . 2010-06-09 14:31 -------- d-----w- c:\program files\TweetDeck

2010-05-27 06:42 . 2010-06-09 14:31 -------- d-----w- c:\program files\Common Files\Adobe AIR

2010-05-27 04:04 . 2010-04-23 07:13 2048 ----a-w- c:\windows\system32\tzres.dll

2010-05-27 03:46 . 2010-06-09 12:43 -------- d-----w- c:\users\Dave\AppData\Roaming\Vso

2010-05-27 03:46 . 2010-05-27 03:46 47360 ----a-w- c:\windows\system32\drivers\pcouffin.sys

2010-05-27 03:46 . 2010-05-27 03:46 47360 ----a-w- c:\users\Dave\AppData\Roaming\pcouffin.sys

2010-05-27 03:46 . 2010-05-27 03:46 -------- d-----w- c:\users\Dave\AppData\Roaming\NVIDIA

2010-05-27 03:45 . 2010-06-09 03:04 -------- d-----w- c:\program files\DVDFab 7

2010-05-26 19:07 . 2010-05-26 19:07 -------- d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2

2010-05-26 12:21 . 2010-06-09 14:32 -------- d-----w- c:\program files\Wireshark

2010-05-26 08:47 . 2010-05-28 16:05 -------- d-----w- c:\program files\WS_FTP Password Recoverer 2.5

2010-05-24 20:19 . 2010-05-24 20:19 -------- d-----w- c:\programdata\NCH Software

2010-05-24 20:19 . 2010-05-24 20:19 -------- d-----w- c:\program files\NCH Software

2010-05-24 20:19 . 2010-05-24 20:19 -------- d-----w- c:\users\Dave\AppData\Roaming\NCH Software

2010-05-24 07:10 . 2010-05-22 11:58 28135936 ----a-w- c:\users\Dave\AppData\Roaming\IDM\Activator\Activator\w7lxe.exe

2010-05-24 06:48 . 2010-05-24 06:48 -------- d-----w- c:\users\Dave\AppData\Roaming\URSoft

2010-05-24 06:48 . 2010-05-24 06:48 -------- d-----w- c:\program files\Your Uninstaller 2010

2010-05-24 06:42 . 2010-05-24 06:42 -------- d-----w- C:\temp

2010-05-24 06:41 . 2010-05-24 06:49 -------- d-----w- C:\quiz

2010-05-24 06:41 . 2002-10-18 05:00 110592 ----a-w- c:\windows\system32\tsccvid.dll

2010-05-23 20:48 . 2010-05-23 20:51 -------- d-----w- C:\gig

2010-05-23 06:03 . 2010-05-23 06:03 -------- d-----w- c:\program files\Common Files\Windows Live

2010-05-23 04:38 . 2010-05-23 04:38 -------- d-----w- c:\program files\TNod User & Password Finder

2010-05-23 04:32 . 2010-05-23 04:32 -------- d-----w- c:\program files\ESET

2010-05-22 23:19 . 2010-05-22 23:19 -------- d-----w- c:\program files\Matroska Pack

2010-05-22 23:18 . 2010-05-22 23:18 -------- d-----w- c:\users\Dave\AppData\Roaming\Media Player Classic

2010-05-22 20:15 . 2010-06-10 15:25 -------- d-----w- c:\users\Dave\AppData\Roaming\MailWasherPro

2010-05-22 20:15 . 2010-05-22 20:15 -------- d-----w- c:\program files\FireTrust

2010-05-22 20:08 . 2010-05-22 20:08 -------- d-----w- c:\users\Dave\AppData\Local\LogiShrd

2010-05-22 20:08 . 2010-05-22 20:08 -------- d-----w- c:\users\Dave\AppData\Roaming\Leadertech

2010-05-22 20:06 . 2010-05-26 20:14 -------- d-----w- c:\programdata\LogiShrd

2010-05-22 20:06 . 2010-05-22 20:08 -------- d-----w- c:\program files\Logitech

2010-05-22 20:04 . 2010-05-22 20:04 -------- d-----w- c:\program files\Common Files\LightScribe

2010-05-22 19:56 . 2010-05-22 19:56 -------- d-----w- c:\users\Dave\AppData\Roaming\Acoustica

2010-05-22 19:54 . 2010-05-22 19:57 -------- d-----w- c:\program files\Acoustica CD Label Maker

2010-05-22 19:54 . 2007-12-21 21:07 348160 ----a-w- c:\windows\system32\msvcr71.dll

2010-05-22 19:32 . 2003-04-18 23:06 8192 ----a-w- c:\windows\system32\srvany.exe

2010-05-22 14:25 . 2010-05-22 14:25 -------- d-----w- c:\program files\Microsoft IntelliType Pro

2010-05-22 13:33 . 2010-05-22 13:33 -------- d-----w- c:\windows\PCHEALTH

2010-05-22 13:33 . 2010-05-22 13:33 -------- d-----w- c:\program files\Microsoft.NET

2010-05-22 13:33 . 2010-05-22 13:33 -------- d-----w- c:\program files\Microsoft Analysis Services

2010-05-22 13:33 . 2010-05-28 17:37 -------- d-----w- c:\users\Dave\AppData\Local\Microsoft Help

2010-05-22 13:32 . 2010-05-22 13:35 -------- d-----w- c:\programdata\Microsoft Help

2010-05-22 13:32 . 2010-05-22 13:32 -------- d-----r- C:\MSOCache

2010-05-22 12:59 . 2010-05-22 12:59 -------- d-----w- c:\programdata\DeskSoft

2010-05-22 12:57 . 2010-05-22 12:59 -------- d-----w- c:\program files\BWMeter

2010-05-22 12:57 . 2010-05-22 12:57 28552 ----a-w- c:\windows\system32\drivers\dsnpfd.sys

2010-05-22 12:57 . 2010-05-22 12:57 -------- d-----w- c:\users\Dave\AppData\Roaming\DeskSoft

2010-05-22 07:53 . 2010-06-09 19:13 -------- d-----w- c:\users\Dave\AppData\Local\Adobe

2010-05-22 07:19 . 2010-05-22 07:19 214448 ----a-w- c:\users\Dave\AppData\Roaming\IDM\idmmzcc3\components\idmmzcc.dll

2010-05-22 07:19 . 2010-06-01 07:33 -------- d-----w- c:\users\Dave\AppData\Roaming\IDM

2010-05-22 07:19 . 2010-06-10 15:25 -------- d-----w- c:\users\Dave\AppData\Roaming\DMCache

2010-05-22 07:19 . 2010-05-22 07:19 -------- d-----w- c:\program files\Internet Download Manager

2010-05-22 07:06 . 2010-05-22 07:06 -------- d-----w- c:\program files\Common Files\Software Update Utility

2010-05-22 07:02 . 2010-05-22 07:02 -------- d-----w- c:\programdata\NVIDIA

2010-05-22 07:01 . 2010-05-22 07:01 -------- d-----w- c:\windows\system32\Macromed

2010-05-22 07:01 . 2010-06-10 05:52 -------- d-sh--w- c:\windows\Installer

2010-05-22 07:01 . 2010-05-22 07:01 -------- d-----w- c:\program files\NVIDIA Corporation

2010-05-22 06:56 . 2010-06-05 21:30 -------- d-----w- c:\program files\AIM Toolbar

2010-05-22 06:55 . 2010-05-22 07:06 -------- d-----w- c:\users\Dave\AppData\Local\AIM

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-06-10 15:25 . 2010-05-22 05:45 0 ----a-w- c:\windows\system32\drivers\lvuvc.hs

2010-05-22 05:48 . 2009-07-14 02:37 -------- d-----w- c:\program files\Windows Mail

2010-05-22 00:00 . 2010-05-22 00:00 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_09_00.Wdf

2010-05-21 21:04 . 2010-05-21 21:04 -------- d-sh--we c:\programdata\Templates

2010-05-21 21:04 . 2010-05-21 21:04 -------- d-sh--we c:\programdata\Start Menu

2010-05-21 21:04 . 2010-05-21 21:04 -------- d-sh--we c:\programdata\Favorites

2010-05-21 21:04 . 2010-05-21 21:04 -------- d-sh--we c:\programdata\Documents

2010-05-21 21:04 . 2010-05-21 21:04 -------- d-sh--we c:\programdata\Desktop

2010-05-12 15:21 . 2009-10-14 09:58 221568 ------w- c:\windows\system32\MpSigStub.exe

2010-04-29 18:47 . 2010-04-29 18:47 3600384 ----a-w- c:\windows\system32\GPhotos.scr

2010-04-03 22:27 . 2010-04-03 22:27 985704 ----a-w- c:\windows\system32\nvsvc.dll

2010-04-03 22:27 . 2010-04-03 22:27 66664 ----a-w- c:\windows\system32\nvshext.dll

2010-04-03 22:27 . 2010-04-03 22:27 13683816 ----a-w- c:\windows\system32\nvcpl.dll

2010-04-03 22:27 . 2010-04-03 22:27 129640 ----a-w- c:\windows\system32\nvvsvc.exe

2010-04-03 22:27 . 2010-04-03 22:27 110696 ----a-w- c:\windows\system32\nvmctray.dll

2010-03-26 00:07 . 2010-03-26 00:07 20768 ----a-w- c:\windows\system32\MFEOtlk.dll

2009-06-10 21:26 . 2009-07-14 02:04 9633792 --sha-r- c:\windows\Fonts\StaticCache.dat

2009-07-14 01:14 . 2009-07-13 23:42 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe

.

((((((((((((((((((((((((((((( SnapShot@2010-06-09_15.20.27 )))))))))))))))))))))))))))))))))))))))))

.

+ 2010-05-21 22:25 . 2010-06-10 06:14 29252 c:\windows\System32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin

+ 2009-07-14 04:55 . 2010-06-10 15:27 35458 c:\windows\System32\wdi\BootPerformanceDiagnostics_SystemData.bin

+ 2010-06-09 19:14 . 2010-06-09 19:14 84661 c:\windows\System32\Macromed\Flash\uninstall_plugin.exe

- 2010-05-22 00:03 . 2010-06-09 14:15 49152 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2010-05-22 00:03 . 2010-06-10 06:12 49152 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2009-07-14 04:41 . 2010-06-10 06:12 49152 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

- 2009-07-14 04:41 . 2010-06-09 14:15 49152 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2009-07-14 04:34 . 2010-06-09 20:20 73256 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat

- 2010-05-21 22:31 . 2010-06-09 15:12 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2010-05-21 22:31 . 2010-06-10 06:12 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2010-05-22 15:06 . 2010-06-10 15:07 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Temp\Temporary Internet Files\Content.IE5\index.dat

- 2010-05-22 15:06 . 2010-06-09 14:05 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Temp\Temporary Internet Files\Content.IE5\index.dat

- 2010-05-22 15:06 . 2010-06-09 14:05 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Temp\History\History.IE5\index.dat

+ 2010-05-22 15:06 . 2010-06-10 15:07 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Temp\History\History.IE5\index.dat

- 2010-05-22 15:06 . 2010-06-09 14:05 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Temp\Cookies\index.dat

+ 2010-05-22 15:06 . 2010-06-10 15:07 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Temp\Cookies\index.dat

- 2010-05-21 22:31 . 2010-06-09 15:12 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

+ 2010-05-21 22:31 . 2010-06-10 15:07 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

- 2010-05-21 22:31 . 2010-06-09 15:12 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2010-05-21 22:31 . 2010-06-10 06:12 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2010-05-21 21:08 . 2010-06-10 15:27 7024 c:\windows\System32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2225359714-1735385368-1201117027-1000_UserData.bin

+ 2010-06-10 06:12 . 2010-06-10 15:25 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

- 2010-06-09 14:15 . 2010-06-09 15:19 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

- 2010-06-09 14:15 . 2010-06-09 15:19 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

+ 2010-06-10 06:12 . 2010-06-10 15:25 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

- 2010-06-09 15:19 . 2009-10-07 05:47 109080 c:\windows\temp\logishrd\LVPrcInj01.dll

+ 2010-06-10 15:25 . 2009-10-07 05:47 109080 c:\windows\temp\logishrd\LVPrcInj01.dll

- 2009-07-14 02:05 . 2010-06-09 14:19 615122 c:\windows\System32\perfh009.dat

+ 2009-07-14 02:05 . 2010-06-10 06:17 615122 c:\windows\System32\perfh009.dat

- 2009-07-14 02:05 . 2010-06-09 14:19 103496 c:\windows\System32\perfc009.dat

+ 2009-07-14 02:05 . 2010-06-10 06:17 103496 c:\windows\System32\perfc009.dat

+ 2010-01-27 01:07 . 2010-01-27 01:07 256280 c:\windows\System32\Macromed\Flash\NPSWF32_FlashUtil.exe

+ 2010-06-09 19:16 . 2010-06-09 19:16 153376 c:\windows\System32\javaws.exe

+ 2010-06-09 19:16 . 2010-06-09 19:16 145184 c:\windows\System32\javaw.exe

+ 2010-06-09 19:16 . 2010-06-09 19:16 145184 c:\windows\System32\java.exe

- 2009-10-14 09:58 . 2010-06-09 14:32 245760 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat

+ 2009-10-14 09:58 . 2010-06-10 06:27 245760 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat

+ 2010-05-22 00:03 . 2010-06-10 06:12 425984 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

- 2010-05-22 00:03 . 2010-06-09 14:15 425984 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

+ 2010-06-09 19:17 . 2010-06-09 19:17 183808 c:\windows\Installer\b3fc6c.msi

+ 2010-06-09 19:15 . 2010-06-09 19:15 581120 c:\windows\Installer\b3fc63.msi

+ 2009-07-14 02:03 . 2010-06-10 14:20 7077888 c:\windows\System32\SMI\Store\Machine\schema.dat

- 2009-07-14 02:03 . 2010-06-09 14:28 7077888 c:\windows\System32\SMI\Store\Machine\SCHEMA.DAT

+ 2010-01-27 01:07 . 2010-01-27 01:07 3884312 c:\windows\System32\Macromed\Flash\NPSWF32.dll

+ 2010-01-04 18:41 . 2010-01-04 18:41 3972608 c:\windows\Installer\b3fc5e.msi

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]

2010-02-28 06:20 561552 ----a-w- c:\progra~1\MICROS~2\Office14\URLREDIR.DLL

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504]

"DisplayFusion"="c:\program files\DisplayFusion\DisplayFusion.exe" [2010-03-17 800944]

"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2010-04-29 3220912]

"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2008-02-28 1828136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2009-06-01 1501064]

"LogitechQuickCamRibbon"="c:\program files\Logitech\Logitech WebCam Software\LWS.exe" [2009-10-14 2793304]

"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2009-09-11 2054360]

"TNOD UP"="c:\program files\TNod User & Password Finder\TNODUP.exe" [2010-04-01 1811968]

"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2010-04-29 437584]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]

c:\users\Dave\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

BWMeter.lnk - c:\program files\BWMeter\BWMeter.exe [2010-5-22 1171968]

everest.exe - Shortcut.lnk - i:\downloads\Everest\5.50.2154\Everest\everest.exe [2010-5-28 2480736]

MailWasherPro.lnk - c:\program files\FireTrust\MailWasher Pro\MailWasher.exe [2010-5-22 19121072]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

iReboot 1.1.1.lnk - c:\program files\NeoSmart Technologies\iReboot\iReboot.exe [2009-9-15 232960]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

[HKLM\~\startupfolder\C:^Users^Dave^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2010 Screen Clipper and Launcher.lnk]

path=c:\users\Dave\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk

backup=c:\windows\pss\OneNote 2010 Screen Clipper and Launcher.lnk.Startup

backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

2009-01-05 20:18 413696 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WebcamMaxAutoRun]

2009-12-31 03:50 1561232 ----a-w- c:\program files\WebcamMax\WebcamMax.exe

R3 dsnpfd;Dsnpfd Service;c:\windows\system32\DRIVERS\dsnpfd.sys [2010-05-22 28552]

R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4640000]

R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2009-07-14 17920]

R4 KMService;KMService;c:\windows\system32\srvany.exe [2003-04-18 8192]

S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2009-09-11 108792]

S2 BWMeterConSvc;BWMeter Connections Service;c:\program files\BWMeter\BWMeterConSvc.exe [2010-05-22 62464]

S2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [2009-09-11 735960]

S2 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys [2009-09-11 38240]

S2 iReboot;iReboot Background Service;c:\program files\NeoSmart Technologies\iReboot\iRebootd.exe [2009-09-15 17408]

S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2010-04-29 304464]

S3 dsnpfdMP;dsnpfdMP;c:\windows\system32\DRIVERS\dsnpfd.sys [2010-05-22 28552]

S3 EverestDriver;Lavalys EVEREST Kernel Driver;i:\downloads\Everest\5.50.2154\Everest\kerneld.wnt [2010-05-21 27760]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-04-29 20952]

S3 NMgamingmsFltr;USB Optical Mouse;c:\windows\system32\drivers\NMgamingms.sys [2009-07-24 9472]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-03-02 139776]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - EVERESTDRIVER

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]

2009-03-17 17:14 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.com/

uDefault_Search_URL = hxxp://www.google.com/ie

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: Download all links with IDM - c:\program files\Internet Download Manager\IEGetAll.htm

IE: Download FLV video content with IDM - c:\program files\Internet Download Manager\IEGetVL.htm

IE: Download with IDM - c:\program files\Internet Download Manager\IEExt.htm

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105

LSP: c:\windows\system32\idmmbc.dll

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL

FF - ProfilePath - c:\users\Dave\AppData\Roaming\Mozilla\Firefox\Profiles\febeprof.Dave\

FF - prefs.js: browser.search.selectedEngine - eBay

FF - prefs.js: browser.startup.homepage - hxxp://sirocco.accuweather.com/nx_mosaic_640x480_public/sir/inmaSIRNY_.gif|http://192.168.0.1/fap_meter/

FF - prefs.js: network.proxy.type - 4

FF - component: c:\users\Dave\AppData\Roaming\IDM\idmmzcc3\components\idmmzcc.dll

FF - component: c:\users\Dave\AppData\Roaming\Mozilla\Firefox\Profiles\febeprof.Dave\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll

FF - plugin: c:\progra~1\MICROS~2\Office14\NPAUTHZ.DLL

FF - plugin: c:\progra~1\MICROS~2\Office14\NPSPWRAP.DLL

FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll

FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\users\Dave\AppData\Local\Google\Google Earth\plugin\npgeplugin.dll

---- FIREFOX POLICIES ----

c:\program files\Shiretoko\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pr

ef", true);

c:\program files\Shiretoko\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");

c:\program files\Shiretoko\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);

c:\program files\Shiretoko\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);

c:\program files\Shiretoko\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "");

c:\program files\Shiretoko\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "");

c:\program files\Shiretoko\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-f-CN", "");

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\EverestDriver]

"ImagePath"="\??\i:\downloads\Everest\5.50.2154\Everest\kerneld.wnt"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'Explorer.exe'(1632)

c:\program files\DisplayFusion\DisplayFusionHookx86.dll

c:\windows\system32\idmmbc.dll

.

------------------------ Other Running Processes ------------------------

.

c:\windows\system32\nvvsvc.exe

c:\windows\system32\nvvsvc.exe

c:\windows\system32\taskhost.exe

c:\program files\Common Files\LightScribe\LSSrvc.exe

c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe

c:\windows\system32\sppsvc.exe

c:\windows\system32\conhost.exe

c:\program files\Common Files\Logishrd\LQCVFX\COCIManager.exe

c:\program files\Common Files\Nero\Lib\NMIndexingService.exe

.

**************************************************************************

.

Completion time: 2010-06-10 11:28:54 - machine was rebooted

ComboFix-quarantined-files.txt 2010-06-10 15:28

ComboFix2.txt 2010-06-09 15:23

Pre-Run: 1,204,200,792,064 bytes free

Post-Run: 1,204,147,245,056 bytes free

- - End Of File - - 2E856C191F28D950E39B0CA9A21C6084

Link to post
Share on other sites

Lets try the following:

  • Please download TDSSKiller.zip and save it to your desktop.
  • Extract the zip file to your desktop (important, before continuing, make sure the file is located on your desktop, otherwise the following steps will not work!). Do NOT run the file yet!
  • Click Start > Run and copy paste the following bolded text in the run box
    "%userprofile%\desktop\tdsskiller.exe" -l report.txt
  • When it finished press any key to continue.
  • If needed reboot the computer.

A logfile (report.txt) will be created on your desktop. Please post its contents in your next reply.

Link to post
Share on other sites

15:23:43:773 5672 TDSS rootkit removing tool 2.3.2.0 May 31 2010 10:39:48

15:23:43:773 5672 ================================================================================

15:23:43:773 5672 SystemInfo:

15:23:43:773 5672 OS Version: 6.1.7600 ServicePack: 0.0

15:23:43:773 5672 Product type: Workstation

15:23:43:773 5672 ComputerName: DAVE-PC

15:23:43:776 5672 UserName: Dave

15:23:43:776 5672 Windows directory: C:\Windows

15:23:43:776 5672 Processor architecture: Intel x86

15:23:43:776 5672 Number of processors: 4

15:23:43:776 5672 Page size: 0x1000

15:23:43:781 5672 Boot type: Normal boot

15:23:43:781 5672 ================================================================================

15:23:44:159 5672 Initialize success

15:23:44:159 5672

15:23:44:160 5672 Scanning Services ...

15:23:44:923 5672 Raw services enum returned 457 services

15:23:44:929 5672

15:23:44:930 5672 Scanning Drivers ...

15:23:46:369 5672 1394ohci (6d2aca41739bfe8cb86ee8e85f29697d) C:\Windows\system32\DRIVERS\1394ohci.sys

15:23:46:676 5672 ACPI (f0e07d144c8685b8774bc32fc8da4df0) C:\Windows\system32\DRIVERS\ACPI.sys

15:23:46:979 5672 AcpiPmi (98d81ca942d19f7d9153b095162ac013) C:\Windows\system32\DRIVERS\acpipmi.sys

15:23:47:320 5672 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys

15:23:47:476 5672 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys

15:23:47:532 5672 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys

15:23:47:551 5672 AFD (ddc040fdb01ef1712a6b13e52afb104c) C:\Windows\system32\drivers\afd.sys

15:23:47:573 5672 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\DRIVERS\agp440.sys

15:23:47:587 5672 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys

15:23:47:599 5672 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\DRIVERS\aliide.sys

15:23:47:616 5672 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\DRIVERS\amdagp.sys

15:23:47:626 5672 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\DRIVERS\amdide.sys

15:23:47:634 5672 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys

15:23:47:655 5672 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys

15:23:47:664 5672 amdsata (2101a86c25c154f8314b24ef49d7fbc2) C:\Windows\system32\DRIVERS\amdsata.sys

15:23:47:674 5672 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys

15:23:47:683 5672 amdxata (b81c2b5616f6420a9941ea093a92b150) C:\Windows\system32\DRIVERS\amdxata.sys

15:23:47:699 5672 AppID (feb834c02ce1e84b6a38f953ca067706) C:\Windows\system32\drivers\appid.sys

15:23:47:727 5672 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys

15:23:47:762 5672 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys

15:23:47:802 5672 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys

15:23:47:824 5672 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\DRIVERS\atapi.sys

15:23:47:907 5672 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys

15:23:47:954 5672 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys

15:23:47:972 5672 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys

15:23:48:014 5672 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys

15:23:48:026 5672 bowser (fcafaef6798d7b51ff029f99a9898961) C:\Windows\system32\DRIVERS\bowser.sys

15:23:48:051 5672 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys

15:23:48:076 5672 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys

15:23:48:104 5672 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys

15:23:48:131 5672 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys

15:23:48:175 5672 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys

15:23:48:194 5672 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys

15:23:48:224 5672 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys

15:23:48:300 5672 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys

15:23:48:323 5672 cdrom (ba6e70aa0e6091bc39de29477d866a77) C:\Windows\system32\DRIVERS\cdrom.sys

15:23:48:345 5672 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys

15:23:48:385 5672 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys

15:23:48:410 5672 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys

15:23:48:448 5672 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\DRIVERS\cmdide.sys

15:23:48:481 5672 CNG (1b675691ed940766149c93e8f4488d68) C:\Windows\system32\Drivers\cng.sys

15:23:48:588 5672 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys

15:23:48:665 5672 CompositeBus (f1724ba27e97d627f808fb0ba77a28a6) C:\Windows\system32\DRIVERS\CompositeBus.sys

15:23:48:685 5672 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys

15:23:48:699 5672 CSC (27c9490bdd0ae48911ab8cf1932591ed) C:\Windows\system32\drivers\csc.sys

15:23:48:723 5672 DfsC (8e09e52ee2e3ceb199ef3dd99cf9e3fb) C:\Windows\system32\Drivers\dfsc.sys

15:23:48:751 5672 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys

15:23:48:767 5672 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys

15:23:48:805 5672 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys

15:23:48:846 5672 dsnpfd (8c264a7f2bc8b20941f01e06969c6e90) C:\Windows\system32\DRIVERS\dsnpfd.sys

15:23:48:857 5672 dsnpfdMP (8c264a7f2bc8b20941f01e06969c6e90) C:\Windows\system32\DRIVERS\dsnpfd.sys

15:23:48:918 5672 DXGKrnl (8b6c3464d7fac176500061dbfff42ad4) C:\Windows\System32\drivers\dxgkrnl.sys

15:23:48:944 5672 E1G60 (22ef8965101685add128f03a2b03ce16) C:\Windows\system32\DRIVERS\E1G60I32.sys

15:23:48:991 5672 eamon (30372bcc67d63bee538cdfeca755d81c) C:\Windows\system32\DRIVERS\eamon.sys

15:23:49:082 5672 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys

15:23:49:155 5672 ehdrv (6504d6afb75fef830dd99e8c4235d54d) C:\Windows\system32\DRIVERS\ehdrv.sys

15:23:49:179 5672 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys

15:23:49:205 5672 epfw (86895d4413316becc2d7944d2749586c) C:\Windows\system32\DRIVERS\epfw.sys

15:23:49:225 5672 Epfwndis (3b47010b2425b69826004767e59045ba) C:\Windows\system32\DRIVERS\Epfwndis.sys

15:23:49:242 5672 epfwwfp (396ce762d1650387a2fe184e245fbba1) C:\Windows\system32\DRIVERS\epfwwfp.sys

15:23:49:264 5672 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\DRIVERS\errdev.sys

15:23:49:287 5672 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys

15:23:49:321 5672 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys

15:23:49:336 5672 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys

15:23:49:372 5672 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys

15:23:49:386 5672 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys

15:23:49:407 5672 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys

15:23:49:424 5672 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys

15:23:49:454 5672 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys

15:23:49:472 5672 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys

15:23:49:517 5672 fvevol (dafbd9fe39197495aed6d51f3b85b5d2) C:\Windows\system32\DRIVERS\fvevol.sys

15:23:49:546 5672 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys

15:23:49:586 5672 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys

15:23:49:619 5672 HdAudAddService (3530cad25deba7dc7de8bb51632cbc5f) C:\Windows\system32\drivers\HdAudio.sys

15:23:49:636 5672 HDAudBus (717a2207fd6f13ad3e664c7d5a43c7bf) C:\Windows\system32\DRIVERS\HDAudBus.sys

15:23:49:661 5672 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys

15:23:49:684 5672 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys

15:23:49:716 5672 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys

15:23:49:738 5672 HidUsb (25072fb35ac90b25f9e4e3bacf774102) C:\Windows\system32\DRIVERS\hidusb.sys

15:23:49:764 5672 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\DRIVERS\HpSAMD.sys

15:23:49:805 5672 HTTP (c531c7fd9e8b62021112787c4e2c5a5a) C:\Windows\system32\drivers\HTTP.sys

15:23:49:847 5672 hwpolicy (8305f33cde89ad6c7a0763ed0b5a8d42) C:\Windows\system32\drivers\hwpolicy.sys

15:23:49:869 5672 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\DRIVERS\i8042prt.sys

15:23:49:887 5672 iaStorV (934af4d7c5f457b9f0743f4299b77b67) C:\Windows\system32\DRIVERS\iaStorV.sys

15:23:49:930 5672 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys

15:23:49:951 5672 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\DRIVERS\intelide.sys

15:23:49:962 5672 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys

15:23:49:995 5672 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys

15:23:50:036 5672 IPMIDRV (e4454b6c37d7ffd5649611f6496308a7) C:\Windows\system32\DRIVERS\IPMIDrv.sys

15:23:50:051 5672 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys

15:23:50:093 5672 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys

15:23:50:108 5672 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\DRIVERS\isapnp.sys

15:23:50:123 5672 iScsiPrt (ed46c223ae46c6866ab77cdc41c404b7) C:\Windows\system32\DRIVERS\msiscsi.sys

15:23:50:149 5672 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys

15:23:50:191 5672 kbdhid (3d9f0ebf350edcfd6498057301455964) C:\Windows\system32\DRIVERS\kbdhid.sys

15:23:50:246 5672 klmd23 (67e1faa88fb397b3d56909d7e04f4dd3) C:\Windows\system32\drivers\klmd.sys

15:23:50:292 5672 KSecDD (e36a061ec11b373826905b21be10948f) C:\Windows\system32\Drivers\ksecdd.sys

15:23:50:340 5672 KSecPkg (debdc8c8c7abaa72fe5a7352c5246994) C:\Windows\system32\Drivers\ksecpkg.sys

15:23:50:342 5672 Suspicious file (Forged): C:\Windows\system32\Drivers\ksecpkg.sys. Real md5: debdc8c8c7abaa72fe5a7352c5246994, Fake md5: 365c6154bbbc5377173f1ca7bfb6cc59

15:23:50:343 5672 File "C:\Windows\system32\Drivers\ksecpkg.sys" infected by TDSS rootkit ... 15:23:50:454 5672 Backup copy found, using it..

15:23:50:491 5672 will be cured on next reboot

15:23:50:511 5672 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys

15:23:50:531 5672 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys

15:23:50:574 5672 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys

15:23:50:615 5672 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys

15:23:50:658 5672 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys

15:23:50:680 5672 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys

15:23:50:723 5672 LVPr2Mon (1a7db7a00a4b0d8da24cd691a4547291) C:\Windows\system32\DRIVERS\LVPr2Mon.sys

15:23:50:749 5672 LVRS (37072ec9299e825f4335cc554b6fac6a) C:\Windows\system32\DRIVERS\lvrs.sys

15:23:50:928 5672 LVUVC (a240e42a7402e927a71b6e8aa4629b13) C:\Windows\system32\DRIVERS\lvuvc.sys

15:23:51:069 5672 MBAMProtector (67b48a903430c6d4fb58cbaca1866601) C:\Windows\system32\drivers\mbam.sys

15:23:51:098 5672 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys

15:23:51:134 5672 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys

15:23:51:178 5672 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys

15:23:51:234 5672 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys

15:23:51:254 5672 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys

15:23:51:278 5672 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys

15:23:51:303 5672 mountmgr (921c18727c5920d6c0300736646931c2) C:\Windows\system32\drivers\mountmgr.sys

15:23:51:320 5672 mpio (2af5997438c55fb79d33d015c30e1974) C:\Windows\system32\DRIVERS\mpio.sys

15:23:51:345 5672 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys

15:23:51:379 5672 MRxDAV (b1be47008d20e43da3adc37c24cdb89d) C:\Windows\system32\drivers\mrxdav.sys

15:23:51:413 5672 mrxsmb (f1b6aa08497ea86ca6ef6f7a08b0bfb8) C:\Windows\system32\DRIVERS\mrxsmb.sys

15:23:51:429 5672 mrxsmb10 (5613358b4050f46f5a9832da8050d6e4) C:\Windows\system32\DRIVERS\mrxsmb10.sys

15:23:51:455 5672 mrxsmb20 (25c9792778d80feb4c8201e62281bfdf) C:\Windows\system32\DRIVERS\mrxsmb20.sys

15:23:51:477 5672 msahci (4326d168944123f38dd3b2d9c37a0b12) C:\Windows\system32\DRIVERS\msahci.sys

15:23:51:492 5672 msdsm (455029c7174a2dbb03dba8a0d8bddd9a) C:\Windows\system32\DRIVERS\msdsm.sys

15:23:51:511 5672 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys

15:23:51:564 5672 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys

15:23:51:585 5672 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\DRIVERS\msisadrv.sys

15:23:51:614 5672 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys

15:23:51:628 5672 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys

15:23:51:636 5672 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys

15:23:51:653 5672 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys

15:23:51:667 5672 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\DRIVERS\mssmbios.sys

15:23:51:690 5672 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys

15:23:51:720 5672 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys

15:23:51:745 5672 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys

15:23:51:789 5672 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys

15:23:51:818 5672 NDIS (23759d175a0a9baaf04d05047bc135a8) C:\Windows\system32\drivers\ndis.sys

15:23:51:845 5672 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys

15:23:51:868 5672 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys

15:23:51:895 5672 Ndisuio (b30ae7f2b6d7e343b0df32e6c08fce75) C:\Windows\system32\DRIVERS\ndisuio.sys

15:23:51:904 5672 NdisWan (267c415eadcbe53c9ca873dee39cf3a4) C:\Windows\system32\DRIVERS\ndiswan.sys

15:23:51:932 5672 NDProxy (af7e7c63dcef3f8772726f86039d6eb4) C:\Windows\system32\drivers\NDProxy.sys

15:23:51:958 5672 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys

15:23:51:974 5672 NetBT (dd52a733bf4ca5af84562a5e2f963b91) C:\Windows\system32\DRIVERS\netbt.sys

15:23:52:009 5672 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys

15:23:52:052 5672 NMgamingmsFltr (dd0216110ae219f333d0f99079a4be42) C:\Windows\system32\drivers\NMgamingms.sys

15:23:52:071 5672 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys

15:23:52:096 5672 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys

15:23:52:146 5672 Ntfs (3795dcd21f740ee799fb7223234215af) C:\Windows\system32\drivers\Ntfs.sys

15:23:52:187 5672 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys

15:23:52:454 5672 nvlddmkm (c8cb6135884cbc2a10225c4c3cef0f95) C:\Windows\system32\DRIVERS\nvlddmkm.sys

15:23:52:586 5672 nvraid (3f3d04b1d08d43c16ea7963954ec768d) C:\Windows\system32\DRIVERS\nvraid.sys

15:23:52:606 5672 nvstor (c99f251a5de63c6f129cf71933aced0f) C:\Windows\system32\DRIVERS\nvstor.sys

15:23:52:629 5672 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\DRIVERS\nv_agp.sys

15:23:52:694 5672 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\DRIVERS\ohci1394.sys

15:23:52:732 5672 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys

15:23:52:753 5672 partmgr (ff4218952b51de44fe910953a3e686b9) C:\Windows\system32\drivers\partmgr.sys

15:23:52:776 5672 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys

15:23:52:797 5672 pci (c858cb77c577780ecc456a892e7e7d0f) C:\Windows\system32\DRIVERS\pci.sys

15:23:52:813 5672 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\DRIVERS\pciide.sys

15:23:52:841 5672 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys

15:23:52:887 5672 pcouffin (5b6c11de7e839c05248ced8825470fef) C:\Windows\system32\Drivers\pcouffin.sys

15:23:52:903 5672 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys

15:23:52:941 5672 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys

15:23:52:972 5672 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys

15:23:53:003 5672 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys

15:23:53:023 5672 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys

15:23:53:065 5672 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys

15:23:53:096 5672 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys

15:23:53:125 5672 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys

15:23:53:163 5672 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys

15:23:53:193 5672 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys

15:23:53:218 5672 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys

15:23:53:235 5672 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys

15:23:53:260 5672 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys

15:23:53:270 5672 rdbss (835d7e81bf517a3b72384bdcc85e1ce6) C:\Windows\system32\DRIVERS\rdbss.sys

15:23:53:295 5672 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys

15:23:53:312 5672 RDPCDD (1e016846895b15a99f9a176a05029075) C:\Windows\system32\DRIVERS\RDPCDD.sys

15:23:53:321 5672 RDPDR (c5ff95883ffef704d50c40d21cfb3ab5) C:\Windows\system32\drivers\rdpdr.sys

15:23:53:356 5672 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys

15:23:53:381 5672 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys

15:23:53:395 5672 RDPWD (801371ba9782282892d00aadb08ee367) C:\Windows\system32\drivers\RDPWD.sys

15:23:53:414 5672 rdyboost (4ea225bf1cf05e158853f30a99ca29a7) C:\Windows\system32\drivers\rdyboost.sys

15:23:53:453 5672 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys

15:23:53:551 5672 RTL8167 (3983cea05bb855351d75f5482b6c42ce) C:\Windows\system32\DRIVERS\Rt86win7.sys

15:23:53:590 5672 s3cap (5423d8437051e89dd34749f242c98648) C:\Windows\system32\DRIVERS\vms3cap.sys

15:23:53:641 5672 sbp2port (34ee0c44b724e3e4ce2eff29126de5b5) C:\Windows\system32\DRIVERS\sbp2port.sys

15:23:53:700 5672 scfilter (a95c54b2ac3cc9c73fcdf9e51a1d6b51) C:\Windows\system32\DRIVERS\scfilter.sys

15:23:53:748 5672 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys

15:23:53:790 5672 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys

15:23:53:846 5672 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys

15:23:53:904 5672 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys

15:23:53:957 5672 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\DRIVERS\sffdisk.sys

15:23:53:967 5672 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\DRIVERS\sffp_mmc.sys

15:23:54:015 5672 sffp_sd (a0708bbd07d245c06ff9de549ca47185) C:\Windows\system32\DRIVERS\sffp_sd.sys

15:23:54:080 5672 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys

15:23:54:115 5672 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\DRIVERS\sisagp.sys

15:23:54:146 5672 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys

15:23:54:165 5672 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys

15:23:54:204 5672 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys

15:23:54:229 5672 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys

15:23:54:290 5672 srv (50a83ca406c808bd35ac9141a0c7618f) C:\Windows\system32\DRIVERS\srv.sys

15:23:54:328 5672 srv2 (dce7e10feaabd4cae95948b3de5340bb) C:\Windows\system32\DRIVERS\srv2.sys

15:23:54:345 5672 srvnet (bd1433a32792fd0dc450479094fc435a) C:\Windows\system32\DRIVERS\srvnet.sys

15:23:54:365 5672 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys

15:23:54:378 5672 storflt (957e346ca948668f2496a6ccf6ff82cc) C:\Windows\system32\DRIVERS\vmstorfl.sys

15:23:54:394 5672 storvsc (d5751969dc3e4b88bf482ac8ec9fe019) C:\Windows\system32\DRIVERS\storvsc.sys

15:23:54:421 5672 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\DRIVERS\swenum.sys

15:23:54:457 5672 Tcpip (2cc3d75488abd3ec628bbb9a4fc84efc) C:\Windows\system32\drivers\tcpip.sys

15:23:54:489 5672 TCPIP6 (2cc3d75488abd3ec628bbb9a4fc84efc) C:\Windows\system32\DRIVERS\tcpip.sys

15:23:54:521 5672 tcpipreg (e64444523add154f86567c469bc0b17f) C:\Windows\system32\drivers\tcpipreg.sys

15:23:54:550 5672 TDPIPE (1875c1490d99e70e449e3afae9fcbadf) C:\Windows\system32\drivers\tdpipe.sys

15:23:54:574 5672 TDTCP (7551e91ea999ee9a8e9c331d5a9c31f3) C:\Windows\system32\drivers\tdtcp.sys

15:23:54:595 5672 tdx (cb39e896a2a83702d1737bfd402b3542) C:\Windows\system32\DRIVERS\tdx.sys

15:23:54:611 5672 TermDD (c36f41ee20e6999dbf4b0425963268a5) C:\Windows\system32\DRIVERS\termdd.sys

15:23:54:634 5672 tssecsrv (98ae6fa07d12cb4ec5cf4a9bfa5f4242) C:\Windows\system32\DRIVERS\tssecsrv.sys

15:23:54:654 5672 tunnel (3e461d890a97f9d4c168f5fda36e1d00) C:\Windows\system32\DRIVERS\tunnel.sys

15:23:54:682 5672 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys

15:23:54:727 5672 udfs (09cc3e16f8e5ee7168e01cf8fcbe061a) C:\Windows\system32\DRIVERS\udfs.sys

15:23:54:760 5672 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\DRIVERS\uliagpkx.sys

15:23:54:783 5672 umbus (049b3a50b3d646baeeee9eec9b0668dc) C:\Windows\system32\DRIVERS\umbus.sys

15:23:54:820 5672 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys

15:23:54:876 5672 usbaudio (2436a42aab4ad48a9b714e5b0f344627) C:\Windows\system32\drivers\usbaudio.sys

15:23:54:898 5672 usbccgp (8455c4ed038efd09e99327f9d2d48ffa) C:\Windows\system32\DRIVERS\usbccgp.sys

15:23:54:921 5672 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\DRIVERS\usbcir.sys

15:23:54:943 5672 usbehci (1c333bfd60f2fed2c7ad5daf533cb742) C:\Windows\system32\DRIVERS\usbehci.sys

15:23:54:971 5672 usbhub (ee6ef93ccfa94fae8c6ab298273d8ae2) C:\Windows\system32\DRIVERS\usbhub.sys

15:23:54:999 5672 usbohci (a6fb7957ea7afb1165991e54ce934b74) C:\Windows\system32\DRIVERS\usbohci.sys

15:23:55:032 5672 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys

15:23:55:072 5672 USBSTOR (d8889d56e0d27e57ed4591837fe71d27) C:\Windows\system32\DRIVERS\USBSTOR.SYS

15:23:55:127 5672 usbuhci (78780c3ebce17405b1ccd07a3a8a7d72) C:\Windows\system32\DRIVERS\usbuhci.sys

15:23:55:159 5672 usbvideo (f642a7e4bf78cfa359cca0a3557c28d7) C:\Windows\system32\Drivers\usbvideo.sys

15:23:55:230 5672 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\DRIVERS\vdrvroot.sys

15:23:55:279 5672 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys

15:23:55:309 5672 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys

15:23:55:330 5672 vhdmp (3be6e1f3a4f1afec8cee0d7883f93583) C:\Windows\system32\DRIVERS\vhdmp.sys

15:23:55:357 5672 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\DRIVERS\viaagp.sys

15:23:55:408 5672 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys

15:23:55:429 5672 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\DRIVERS\viaide.sys

15:23:55:443 5672 vmbus (379b349f65f453d2a6e75ea6b7448e49) C:\Windows\system32\DRIVERS\vmbus.sys

15:23:55:477 5672 VMBusHID (ec2bbab4b84d0738c6c83d2234dc36fe) C:\Windows\system32\DRIVERS\VMBusHID.sys

15:23:55:516 5672 volmgr (384e5a2aa49934295171e499f86ba6f3) C:\Windows\system32\DRIVERS\volmgr.sys

15:23:55:541 5672 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys

15:23:55:576 5672 volsnap (58df9d2481a56edde167e51b334d44fd) C:\Windows\system32\DRIVERS\volsnap.sys

15:23:55:610 5672 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys

15:23:55:629 5672 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\System32\drivers\vwifibus.sys

15:23:55:657 5672 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys

15:23:55:689 5672 WANARP (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys

15:23:55:696 5672 Wanarpv6 (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys

15:23:55:754 5672 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys

15:23:55:817 5672 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys

15:23:55:902 5672 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys

15:23:55:921 5672 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys

15:23:55:968 5672 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\DRIVERS\wmiacpi.sys

15:23:55:985 5672 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys

15:23:56:023 5672 WSDPrintDevice (553f6ccd7c58eb98d4a8fbdaf283d7a9) C:\Windows\system32\DRIVERS\WSDPrint.sys

15:23:56:048 5672 WudfPf (6f9b6c0c93232cff47d0f72d6db1d21e) C:\Windows\system32\drivers\WudfPf.sys

15:23:56:073 5672 WUDFRd (f91ff1e51fca30b3c3981db7d5924252) C:\Windows\system32\DRIVERS\WUDFRd.sys

15:23:56:079 5672 Reboot required for cure complete..

15:23:56:471 5672 Cure on reboot scheduled successfully

15:23:56:471 5672

15:23:56:472 5672 Completed

15:23:56:473 5672

15:23:56:473 5672 Results:

15:23:56:474 5672 Registry objects infected / cured / cured on reboot: 0 / 0 / 0

15:23:56:475 5672 File objects infected / cured / cured on reboot: 1 / 0 / 1

15:23:56:476 5672

15:23:56:481 5672 KLMD(ARK) unloaded successfully

Link to post
Share on other sites

It's looking good now! No pop ups and I can access windows updates (although I did not install any yet). This computer is a dual boot with windows 7 32bit and 64bit. I have not booted into the 64bit since before all this started. If it turns out it is also infected, can i just do the TDSSKiller on that installation as well? Can I do it as a check to make sure?

Link to post
Share on other sites

Gotcha, that was indeed a rootkit. Although it ought to be gone now, please consider the following information first.

BACKDOOR WARNING

------------------------------

One or more of the identified infections is known to use a backdoor.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the infection has been identified and cleaned, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?

When Should I Format, How Should I Reinstall

We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do. If you decide to go through with the cleanup, please proceed with the following steps.

Please let me know how things are running now. Do you still get the ESET and MBAM warnings?

Link to post
Share on other sites

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

Database version: 4185

Windows 6.1.7600

Internet Explorer 8.0.7600.16385

6/10/2010 6:42:19 PM

mbam-log-2010-06-10 (18-42-19).txt

Scan type: Full scan (C:\|F:\|G:\|H:\|)

Objects scanned: 466222

Time elapsed: 1 hour(s), 54 minute(s), 27 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Link to post
Share on other sites

Scan Log

Version of virus signature database: 5190 (20100611)

Date: 6/11/2010 Time: 2:21:53 PM

Scanned disks, folders and files: Operating memory;C:\Boot sector;C:\;D:\Boot sector;D:\;E:\Boot sector;E:\;F:\Boot sector;F:\;G:\Boot sector;G:\;H:\Boot sector;H:\;J:\Boot sector;J:\;K:\Boot sector;K:\;L:\Boot sector;L:\;M:\Boot sector;M:\

Number of scanned objects: 309316

Number of threats found: 0

Time of completion: 3:39:51 PM Total scanning time: 4678 sec (01:17:58)

I think we're good. Thanks again!

Link to post
Share on other sites

I think you are right :P Unless you have any problems left, you are good to go.

ALL CLEAN

--------------

Your machine appears to be clean, please take the time to read below on how to secure the machine and take the necessary steps to keep it clean :P

Please do the following to remove the remaining programs from your PC:

  • Delete the tools used during the disinfection:
    • Click start > run and type combofix /uninstall, press enter. This will remove Combofix from your computer.
    • Delete DDS and GMER (this is a random named file).

Please read these advices, in order to prevent reinfecting your PC:

  1. Install and update the following programs regularly:
    • an outbound firewall
      A comprehensive tutorial and a list of possible firewalls can be found here.
    • an AntiVirus Software
      It is imperative that you update your AntiVirus Software on regular basis.If you do not update your AntiVirus Software then it will not be able to catch the latest threats.
    • an Anti-Spyware program
      Malware Byte's Anti Malware is an excellent Anti-Spyware scanner. It's scan times are usually under ten minutes, and has excellent detection and removal rates.
      SUPERAntiSpyware is another good scanner with high detection and removal rates.
      Both programs are free for non commercial home use but provide a resident and do not nag if you purchase the paid versions.
    • Spyware Blaster
      A tutorial for Spywareblaster can be found here. If you wish, the commercial version provides automatic updating.
    • MVPs hosts file
      A tutorial for MVPs hosts file can be found here. If you would like automatic updates you might want to take a look at HostMan host file manager. For more information on thehosts file, and what it can do for you,please consult the Tutorial on the Hosts file

[*]Keep Windows (and your other Microsoft software) up to date!

I cannot stress how important this is enough. Often holes are found in Internet Explorer or Windows itself that require patching. Sometimes these holes will allow an attacker unrestricted access to your computer.

Therefore, please, visit the Microsoft Update Website and follow the on screen instructions to setup Microsoft Update. Also follow the instructions to update your system. Please REBOOT and repeat this process until there are no more updates to install!!

[*]Keep your other software up to date as well

Software does not need to be made by Microsoft to be insecure. You can use the Secunia Online Software occasionally to help you check for out of date software on yourmachine.

[*]Stay up to date!

The MOST IMPORTANT part of any security setup is keeping the software up to date. Malware writers release new variants every single day. If your software updates don't keep up, then the malware will always be one step ahead. Not a good thing.

Some more links you might find of interest:

Please reply to this topic if you have read the above information. If your computer is working fine, this topic will be closed afterwards.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.