Jump to content

please help i cant get rid of


Recommended Posts

hi ive tried getting rid of this virus to no avail it keeps reapearing and opening IE windows .

so far ive used Mbam,MSE,Adaware and spybot search and destroy.

Mse seems only program to find virus

all help appreciated as at the moment we cant use the laptop as where worried putting in passswords and credit card details

Many Thanks in advance.

Eddie

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

Database version: 4412

Windows 6.1.7600

Internet Explorer 8.0.7600.16385

10/08/2010 13:59:54

mbam-log-2010-08-10 (13-59-54).txt

Scan type: Quick scan

Objects scanned: 141163

Time elapsed: 5 minute(s), 6 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 2

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

C:\System volume information\Microsoft\services.exe (Trojan.Cycler) -> Delete on reboot.

C:\System volume information\Microsoft\smss.exe (Trojan.Cycler) -> Delete on reboot.

DDS (Ver_10-03-17.01) - NTFSx86

Run by Eddie at 13:24:11.72 on 10/08/2010

Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_18

Microsoft Windows 7 Home Premium 6.1.7600.0.1252.44.1033.18.3070.1692 [GMT 1:00]

SP: SUPERAntiSpyware *enabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}

============== Running Processes ===============

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\nvvsvc.exe

C:\Windows\system32\svchost.exe -k RPCSS

C:\Program Files\Microsoft Security Essentials\MsMpEng.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\nvvsvc.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\AVG\AVG9\avgwdsvc.exe

C:\Windows\system32\bgsvcgen.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files\Dell\QuickSet\NicConfigSvc.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\AVG\AVG9\avgnsx.exe

C:\Windows\OEM02Mon.exe

C:\Program Files\Common Files\Logitech\LCD Manager\LCDMon.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

C:\Windows\WindowsMobile\wmdc.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe

C:\Program Files\Windows Live\Device Integrator\wldi.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\HTC\HTC Sync\Application Launcher\Application Launcher.exe

C:\Program Files\Microsoft Security Essentials\msseces.exe

C:\Program Files\Common Files\Logitech\LCD Manager\Applets\LCDCountdown.exe

C:\Program Files\Common Files\Logitech\LCD Manager\Applets\LCDPOP3.exe

C:\Program Files\Common Files\Logitech\LCD Manager\Applets\LCDMedia.exe

C:\Program Files\Common Files\Logitech\LCD Manager\Applets\LCDClock.exe

C:\Windows\system32\svchost.exe -k WindowsMobile

C:\Windows\system32\WUDFHost.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

C:\Program Files\AVG\AVG9\avgrsx.exe

C:\Program Files\AVG\AVG9\avgchsvx.exe

C:\Program Files\AVG\AVG9\avgcsrvx.exe

C:\Program Files\Windows Live\Device Integrator\DI_HIDServer.exe

C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

C:\Program Files\Dell\QuickSet\quickset.exe

C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\Common Files\Teleca Shared\logger.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Common Files\Teleca Shared\Generic.exe

C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\HTC\HTC Sync\ClientInitiatedStarter\ClientInitiatedStarter.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\HTC\HTC Sync\Mobile Phone Monitor\epmworker.exe

C:\Program Files\HTC\HTC Sync\Mobile Phone Monitor\HTCVBTServer.exe

C:\Program Files\HTC\HTC Sync\Mobile Phone Monitor\FsynSrvStarter.exe

C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Windows\system32\wuauclt.exe

C:\Windows\system32\svchost.exe -k SDRSVC

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Windows Live\Companion\companionuser.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Users\Eddie\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4XABQI24\dds[1].scr

C:\Windows\system32\conhost.exe

C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.co.uk/

uInternet Settings,ProxyOverride = *.local

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll

BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - c:\program files\windows live\companion\companioncore.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background

uRun: [sUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe

mRun: [OEM02Mon.exe] c:\windows\OEM02Mon.exe

mRun: [Launch LCDMon] "c:\program files\common files\logitech\lcd manager\lcdmon.exe"

mRun: [synTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe

mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [XboxStat] "c:\program files\microsoft xbox 360 accessories\XboxStat.exe" silentrun

mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime

mRun: [NVHotkey] rundll32.exe c:\windows\system32\nvHotkey.dll,Start

mRun: [Microsoft Default Manager] "c:\program files\microsoft\search enhancement pack\default manager\DefMgr.exe" -resume

mRun: [WindowsLiveDeviceIntegrator] c:\program files\windows live\device integrator\wldi.exe

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRun: [Mobile Connectivity Suite] "c:\program files\htc\htc sync\application launcher\Application Launcher.exe" /startoptions

mRun: [MSSE] "c:\program files\microsoft security essentials\msseces.exe" -hide -runkey

dRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil10e.exe

dRunOnce: [Application Restart #1] c:\program files\internet explorer\iexplore.exe -restart /WERRESTART

dRunOnce: [Application Restart #3] c:\program files\internet explorer\iexplore.exe -restart /WERRESTART

StartupFolder: c:\users\eddie\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\quickset.lnk - c:\program files\dell\quickset\quickset.exe

mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableLUA = 0 (0x0)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

mPolicies-system: PromptOnSecureDesktop = 0 (0x0)

IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office12\EXCEL.EXE/3000

IE: Send to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm

IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - c:\program files\windows live\companion\companioncore.dll

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~4\office12\ONBttnIE.dll

IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll

IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office12\REFIEBAR.DLL

DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab

DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll

Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL

AppInit_DLLs: c:\windows\system32\avgrsstx.dll

SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

================= FIREFOX ===================

FF - ProfilePath - c:\users\eddie\appdata\roaming\mozilla\firefox\profiles\aqup51nq.default\

FF - prefs.js: browser.startup.homepage - www.hotukdeals.com

FF - component: c:\program files\avg\avg9\firefox\components\avgssff.dll

FF - component: c:\program files\microsoft\search enhancement pack\default manager\dmextension\components\FFGlobalExtension.dll

FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll

FF - plugin: c:\program files\google\update\1.2.183.29\npGoogleOneClick8.dll

FF - plugin: c:\program files\microsoft\office live\npOLW.dll

FF - plugin: c:\program files\pando networks\media booster\npPandoWebPlugin.dll

FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----

c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);

c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);

c:\program files\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);

c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);

c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);

c:\program files\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pr

ef", true);

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);

c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");

c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2010-6-30 64288]

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2010-3-19 216400]

R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2010-3-19 29584]

R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2010-3-19 243024]

R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-3-25 151216]

R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]

R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]

R2 avg9wd;AVG Free WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-7-17 308136]

R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2010-7-12 1352832]

R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]

R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\drivers\MpNWMon.sys [2010-3-25 42368]

R3 netw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\netw5v32.sys [2009-6-10 4231168]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-3-27 136176]

S3 androidusb;ADB Interface Driver;c:\windows\system32\drivers\androidusb.sys [2010-4-29 26112]

S3 i1display;i1 Display;c:\windows\system32\drivers\i1display.sys [2010-6-8 44344]

S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-5-24 1343400]

S4 wlcrasvc;Windows Live Devices remote connections service;c:\program files\windows live\mesh\wlcrasvc.exe [2010-6-4 49504]

=============== Created Last 30 ================

2010-08-10 09:57:30 0 ----a-w- c:\users\eddie\defogger_reenable

2010-08-10 09:39:14 84992 ----a-w- c:\windows\system32\drivers\sdbus.sys

2010-08-10 09:39:14 12800 ----a-w- c:\windows\system32\drivers\sffp_sd.sys

2010-08-10 09:10:55 0 d-----w- c:\program files\Turbine

2010-08-09 18:53:08 0 d-----w- c:\programdata\PMB Files

2010-08-09 18:52:50 0 d-----w- c:\program files\Pando Networks

2010-08-03 19:30:16 0 d-----w- c:\program files\ESET

2010-08-03 16:56:57 0 d-----w- c:\program files\Microsoft Security Essentials

2010-08-02 21:59:55 0 d-----w- c:\users\eddie\appdata\roaming\Teleca

2010-08-02 21:59:20 0 d-----w- c:\programdata\HTC

2010-08-02 21:59:19 0 d-----w- c:\programdata\Teleca

2010-08-02 21:59:19 0 d-----w- c:\program files\common files\Teleca Shared

2010-08-02 21:59:00 0 d-----w- c:\program files\Spirent Communications

2010-08-02 21:58:57 0 d-----w- c:\program files\HTC

2010-08-02 21:58:35 0 d-----w- c:\windows\Downloaded Installations

2010-08-02 21:51:43 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_androidusb_01009.Wdf

2010-08-02 21:51:03 0 d-----w- C:\ruu_log

2010-08-02 14:02:00 36 ----a-w- c:\windows\iltwain.ini

2010-08-02 14:01:59 9391 ----a-w- c:\windows\system32\dymourl.ini

2010-08-02 14:01:45 9216 ----a-w- c:\windows\system32\LW400MON.DLL

2010-08-02 14:01:45 4608 ----a-w- c:\windows\system32\DYMOVendorSetup.dll

2010-08-02 14:01:44 8704 ----a-w- c:\windows\system32\DYMOAsyncUI.dll

2010-08-02 14:01:40 61440 ----a-w- c:\windows\system32\DYMOCFG.DLL

2010-08-02 14:01:40 4096 ----a-w- c:\windows\system32\lmmonres.dll

2010-08-02 14:01:35 421888 ----a-w- c:\windows\system32\DYMOSmartPaste.dll

2010-08-02 14:01:34 0 d-----w- c:\program files\DYMO Label

2010-08-02 14:00:24 184320 ----a-w- c:\windows\system32\DymoInst.dll

2010-07-28 18:28:36 0 d-----w- c:\users\eddie\appdata\roaming\SUPERAntiSpyware.com

2010-07-22 17:52:24 0 dc-h--w- c:\programdata\{BD986C1B-72EC-4B82-B47B-6CAC4E6F494E}

2010-07-22 10:08:35 0 d-----w- c:\program files\iPod

2010-07-22 10:08:34 0 d-----w- c:\program files\iTunes

2010-07-19 23:07:57 0 d-----w- c:\programdata\vsosdk

2010-07-19 22:46:46 87608 ----a-w- c:\users\eddie\appdata\roaming\inst.exe

2010-07-19 22:46:46 47360 ----a-w- c:\windows\system32\drivers\pcouffin.sys

2010-07-19 22:46:46 47360 ----a-w- c:\users\eddie\appdata\roaming\pcouffin.sys

2010-07-19 22:46:41 65602 ----a-w- c:\windows\system32\cook3260.dll

2010-07-19 22:46:41 217127 ----a-w- c:\windows\system32\drv43260.dll

2010-07-19 22:46:41 208935 ----a-w- c:\windows\system32\drv33260.dll

2010-07-19 22:46:41 176165 ----a-w- c:\windows\system32\drv23260.dll

2010-07-19 22:46:41 102439 ----a-w- c:\windows\system32\sipr3260.dll

2010-07-19 22:46:40 626688 ----a-w- c:\windows\system32\vp7vfw.dll

2010-07-19 22:46:40 1184984 ----a-w- c:\windows\system32\wvc1dmod.dll

2010-07-19 22:46:39 0 d-----w- c:\program files\VSO

2010-07-17 08:05:45 12536 ----a-w- c:\windows\system32\avgrsstx.dll

2010-07-15 17:57:15 0 d-----w- c:\program files\common files\i4j_jres

2010-07-13 17:09:45 0 d-----w- c:\program files\SquareEnix

==================== Find3M ====================

2010-07-17 08:05:46 243024 ----a-w- c:\windows\system32\drivers\avgtdix.sys

2010-07-17 08:05:24 216400 ----a-w- c:\windows\system32\drivers\avgldx86.sys

2010-07-12 08:55:39 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys

2010-07-12 08:55:38 15880 ----a-w- c:\windows\system32\lsdelete.exe

2010-06-30 17:49:41 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys

2010-06-07 16:47:34 579688 ----a-w- c:\windows\system32\nv3dappshext.dll

2010-06-07 16:47:34 53864 ----a-w- c:\windows\system32\nv3dappshextr.dll

2010-06-07 16:47:34 408168 ----a-w- c:\windows\system32\easyUpdatusAPIU.dll

2010-06-07 16:47:34 258142 ----a-w- c:\windows\system32\nvcoproc.bin

2010-06-07 16:47:34 255592 ----a-w- c:\windows\system32\nvhotkey.dll

2010-06-07 16:47:34 1691752 ----a-w- c:\windows\system32\nvsvcr.dll

2010-06-07 16:47:34 13917800 ----a-w- c:\windows\system32\nvcpl.dll

2010-06-07 16:47:34 1331816 ----a-w- c:\windows\system32\nvsvc.dll

2010-06-07 16:47:34 129640 ----a-w- c:\windows\system32\nvvsvc.exe

2010-06-07 16:47:34 110696 ----a-w- c:\windows\system32\nvmctray.dll

2010-06-07 16:33:38 49016 ----a-w- c:\windows\system32\sirenacm.dll

2010-06-07 16:19:28 297328 ----a-w- c:\windows\WLXPGSS.SCR

2010-06-01 17:37:48 221568 ------w- c:\windows\system32\MpSigStub.exe

2010-05-27 07:24:13 34304 ----a-w- c:\windows\system32\atmlib.dll

2010-05-27 03:49:37 293888 ----a-w- c:\windows\system32\atmfd.dll

2010-05-26 11:59:26 213376 ----a-w- c:\windows\system32\LIVESSP.DLL

2010-05-21 05:18:06 977920 ----a-w- c:\windows\system32\wininet.dll

2010-05-18 15:35:16 91424 ----a-w- c:\windows\system32\dnssd.dll

2010-05-18 15:35:16 75040 ----a-w- c:\windows\system32\jdns_sd.dll

2010-05-18 15:35:16 197920 ----a-w- c:\windows\system32\dnssdX.dll

2010-05-18 15:35:16 107808 ----a-w- c:\windows\system32\dns-sd.exe

2009-07-14 04:56:42 31548 ----a-w- c:\windows\inf\perflib\0409\perfd.dat

2009-07-14 04:56:42 31548 ----a-w- c:\windows\inf\perflib\0409\perfc.dat

2009-07-14 04:56:42 291294 ----a-w- c:\windows\inf\perflib\0409\perfi.dat

2009-07-14 04:56:42 291294 ----a-w- c:\windows\inf\perflib\0409\perfh.dat

2009-07-14 04:41:57 174 --sha-w- c:\program files\desktop.ini

2009-07-14 00:34:40 291294 ----a-w- c:\windows\inf\perflib\0000\perfi.dat

2009-07-14 00:34:40 291294 ----a-w- c:\windows\inf\perflib\0000\perfh.dat

2009-07-14 00:34:38 31548 ----a-w- c:\windows\inf\perflib\0000\perfd.dat

2009-07-14 00:34:38 31548 ----a-w- c:\windows\inf\perflib\0000\perfc.dat

2009-06-10 21:26:35 9633792 --sha-r- c:\windows\fonts\StaticCache.dat

2010-03-18 20:12:20 245760 --sha-w- c:\windows\serviceprofiles\localservice\appdata\roaming\microsoft\windows\ietldcache\index.dat

2010-03-04 21:13:03 245760 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\ietldcache\index.dat

2009-07-14 01:14:45 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe

============= FINISH: 13:24:44.79 ===============

ark.rar

Attach.rar

Link to post
Share on other sites

thankyou for your help and sorry for late reply Ive not long finished work.

ComboFix 10-08-10.03 - Eddie 10/08/2010 21:59:20.3.2 - x86

Microsoft Windows 7 Home Premium 6.1.7600.0.1252.44.1033.18.3070.2037 [GMT 1:00]

Running from: c:\users\Eddie\Desktop\ComboFix.exe

SP: SUPERAntiSpyware *enabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}

* Created a new restore point

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\system volume information\Microsoft

c:\system volume information\Microsoft\services.exe

c:\system volume information\Microsoft\smss.exe

c:\users\Eddie\AppData\Roaming\inst.exe

c:\windows\system32\%appdata%

.

\\.\PhysicalDrive0 - Bootkit Whistler was found and disinfected

\\.\PhysicalDrive1 - Bootkit Whistler was found and disinfected

\\.\PhysicalDrive2 - Bootkit Whistler was found and disinfected

.

((((((((((((((((((((((((( Files Created from 2010-07-10 to 2010-08-10 )))))))))))))))))))))))))))))))

.

2010-08-10 21:08 . 2010-08-10 21:15 -------- d-----w- c:\users\Eddie\AppData\Local\temp

2010-08-10 21:08 . 2010-08-10 21:08 -------- d-----w- c:\users\Public\AppData\Local\temp

2010-08-10 21:08 . 2010-08-10 21:08 -------- d-----w- c:\users\Default\AppData\Local\temp

2010-08-10 20:28 . 2010-08-10 20:36 -------- d-----w- C:\WINSSLog

2010-08-10 14:30 . 2010-08-10 14:30 -------- d-----w- c:\users\Eddie\AppData\Local\The Lord of the Rings Online

2010-08-10 14:25 . 2010-08-10 14:25 -------- d-----w- c:\users\Eddie\AppData\Roaming\Turbine

2010-08-10 14:25 . 2010-08-10 14:25 93 ----a-w- c:\users\Eddie\AppData\Local\fusioncache.dat

2010-08-10 14:25 . 2010-08-10 14:25 -------- d-----w- c:\users\Eddie\AppData\Local\Turbine

2010-08-10 14:25 . 2010-08-10 17:35 -------- d-----w- c:\users\Eddie\AppData\Local\ApplicationHistory

2010-08-10 14:23 . 2010-08-10 14:23 -------- d-----w- c:\windows\system32\URTTEMP

2010-08-10 09:39 . 2009-10-10 02:57 12800 ----a-w- c:\windows\system32\drivers\sffp_sd.sys

2010-08-10 09:39 . 2009-10-10 02:31 84992 ----a-w- c:\windows\system32\drivers\sdbus.sys

2010-08-10 09:10 . 2010-08-10 09:10 -------- d-----w- c:\program files\Turbine

2010-08-09 18:53 . 2010-08-10 20:36 -------- d-----w- c:\users\Eddie\AppData\Local\PMB Files

2010-08-09 18:53 . 2010-08-10 19:42 -------- d-----w- c:\programdata\PMB Files

2010-08-09 18:52 . 2010-08-09 18:52 -------- d-----w- c:\program files\Pando Networks

2010-08-03 19:30 . 2010-08-03 19:30 -------- d-----w- c:\program files\ESET

2010-08-02 21:59 . 2010-08-02 22:02 -------- d-----w- c:\users\Eddie\AppData\Roaming\Teleca

2010-08-02 21:59 . 2010-08-02 21:59 -------- d-----w- c:\users\Eddie\AppData\Local\HTC

2010-08-02 21:59 . 2010-08-02 21:59 -------- d-----w- c:\programdata\HTC

2010-08-02 21:59 . 2010-08-02 21:59 -------- d-----w- c:\program files\Common Files\Teleca Shared

2010-08-02 21:59 . 2010-08-02 21:59 -------- d-----w- c:\programdata\Teleca

2010-08-02 21:59 . 2010-08-02 21:59 -------- d-----w- c:\program files\Spirent Communications

2010-08-02 21:58 . 2010-08-02 21:59 -------- d-----w- c:\program files\HTC

2010-08-02 21:58 . 2010-08-02 21:58 -------- d-----w- c:\windows\Downloaded Installations

2010-08-02 21:51 . 2010-08-02 22:34 -------- d-----w- C:\ruu_log

2010-08-02 14:01 . 2007-02-26 12:38 9216 ----a-w- c:\windows\system32\LW400MON.DLL

2010-08-02 14:01 . 2007-02-26 12:38 4608 ----a-w- c:\windows\system32\DYMOVendorSetup.dll

2010-08-02 14:01 . 2007-02-26 12:38 8704 ----a-w- c:\windows\system32\DYMOAsyncUI.dll

2010-08-02 14:01 . 2007-02-05 15:01 4096 ----a-w- c:\windows\system32\lmmonres.dll

2010-08-02 14:01 . 2006-05-10 12:19 61440 ----a-w- c:\windows\system32\DYMOCFG.DLL

2010-08-02 14:01 . 2006-04-25 19:33 421888 ----a-w- c:\windows\system32\DYMOSmartPaste.dll

2010-08-02 14:01 . 2010-08-02 19:47 -------- d-----w- c:\program files\DYMO Label

2010-08-02 14:00 . 2007-04-24 10:21 184320 ----a-w- c:\windows\system32\DymoInst.dll

2010-07-28 18:28 . 2010-07-28 18:28 -------- d-----w- c:\users\Eddie\AppData\Roaming\SUPERAntiSpyware.com

2010-07-22 17:53 . 2010-07-22 17:53 -------- d-----w- c:\users\Eddie\AppData\Local\Sunbelt Software

2010-07-22 17:52 . 2010-07-22 17:52 -------- dc-h--w- c:\programdata\{BD986C1B-72EC-4B82-B47B-6CAC4E6F494E}

2010-07-22 10:08 . 2010-07-22 10:08 -------- d-----w- c:\program files\iPod

2010-07-22 10:08 . 2010-07-22 10:08 -------- d-----w- c:\program files\iTunes

2010-07-19 23:07 . 2010-07-19 23:07 -------- d-----w- c:\programdata\vsosdk

2010-07-19 22:46 . 2010-07-20 08:26 -------- d-----w- c:\users\Eddie\AppData\Roaming\Vso

2010-07-19 22:46 . 2010-07-19 22:46 47360 ----a-w- c:\windows\system32\drivers\pcouffin.sys

2010-07-19 22:46 . 2009-09-02 15:41 65602 ----a-w- c:\windows\system32\cook3260.dll

2010-07-19 22:46 . 2009-09-02 15:41 217127 ----a-w- c:\windows\system32\drv43260.dll

2010-07-19 22:46 . 2009-09-02 15:41 208935 ----a-w- c:\windows\system32\drv33260.dll

2010-07-19 22:46 . 2009-09-02 15:41 176165 ----a-w- c:\windows\system32\drv23260.dll

2010-07-19 22:46 . 2009-09-02 15:41 102439 ----a-w- c:\windows\system32\sipr3260.dll

2010-07-19 22:46 . 2009-09-02 15:41 626688 ----a-w- c:\windows\system32\vp7vfw.dll

2010-07-19 22:46 . 2009-09-02 15:41 1184984 ----a-w- c:\windows\system32\wvc1dmod.dll

2010-07-19 22:46 . 2010-07-19 22:46 -------- d-----w- c:\program files\VSO

2010-07-17 08:05 . 2010-07-17 08:05 12536 ----a-w- c:\windows\system32\avgrsstx.dll

2010-07-15 17:57 . 2010-07-15 17:57 -------- d-----w- c:\program files\Common Files\i4j_jres

2010-07-13 17:09 . 2010-07-13 17:09 -------- d-----w- c:\program files\SquareEnix

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-08-10 09:39 . 2010-03-04 21:09 -------- d-----w- c:\program files\Microsoft

2010-08-02 21:51 . 2010-08-02 21:51 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_androidusb_01009.Wdf

2010-07-28 20:12 . 2010-03-18 23:00 -------- d-----w- c:\programdata\avg9

2010-07-28 18:29 . 2010-07-28 18:29 63488 ----a-w- c:\users\Eddie\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll

2010-07-28 18:29 . 2010-07-28 18:29 52224 ----a-w- c:\users\Eddie\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll

2010-07-28 18:29 . 2010-07-28 18:29 117760 ----a-w- c:\users\Eddie\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL

2010-07-28 18:28 . 2010-05-23 12:09 -------- d-----w- c:\program files\SUPERAntiSpyware

2010-07-28 18:27 . 2010-03-04 19:46 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard

2010-07-22 18:27 . 2010-04-08 17:57 -------- d-----w- c:\users\Eddie\AppData\Roaming\Azureus

2010-07-22 18:07 . 2010-05-07 22:20 -------- d-----w- c:\users\Eddie\AppData\Roaming\Skype

2010-07-22 17:51 . 2010-06-30 17:20 -------- d-----w- c:\program files\Lavasoft

2010-07-22 10:08 . 2010-06-24 10:06 -------- d-----w- c:\program files\Common Files\Apple

2010-07-22 10:04 . 2010-07-22 10:04 73000 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 9.2.1.4\SetupAdmin.exe

2010-07-19 22:46 . 2010-07-19 22:46 47360 ----a-w- c:\users\Eddie\AppData\Roaming\pcouffin.sys

2010-07-19 22:46 . 2010-07-19 22:46 47360 ----a-w- c:\users\Eddie\AppData\Roaming\pcouffin.sys

2010-07-17 08:05 . 2010-03-18 23:00 243024 ----a-w- c:\windows\system32\drivers\avgtdix.sys

2010-07-17 08:05 . 2010-03-18 23:00 216400 ----a-w- c:\windows\system32\drivers\avgldx86.sys

2010-07-15 17:57 . 2010-04-08 17:57 -------- d-----w- c:\program files\Vuze

2010-07-15 02:01 . 2010-03-05 22:48 -------- d-----w- c:\programdata\Microsoft Help

2010-07-13 17:09 . 2010-03-04 20:45 -------- d--h--w- c:\program files\InstallShield Installation Information

2010-07-12 08:56 . 2010-07-22 17:52 2979280 -c--a-w- c:\programdata\{BD986C1B-72EC-4B82-B47B-6CAC4E6F494E}\Ad-AwareInstall.exe

2010-07-12 08:55 . 2010-06-30 17:49 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys

2010-07-12 08:55 . 2010-06-30 19:17 15880 ----a-w- c:\windows\system32\lsdelete.exe

2010-07-08 23:28 . 2010-07-08 23:02 -------- d-----w- c:\users\Eddie\AppData\Roaming\Windows Live Writer

2010-07-08 22:59 . 2010-03-04 21:09 -------- d-----w- c:\program files\Windows Live

2010-07-08 22:28 . 2010-03-05 20:16 -------- d-----w- c:\program files\Windows Live Safety Center

2010-07-05 13:45 . 2010-03-04 19:48 -------- d-----w- c:\programdata\NVIDIA

2010-07-02 16:08 . 2010-03-04 19:46 -------- d-----w- c:\program files\NVIDIA Corporation

2010-07-01 14:29 . 2010-07-01 14:29 -------- d-----w- c:\programdata\NVIDIA Corporation

2010-06-30 17:49 . 2010-06-30 17:20 -------- d-----w- c:\programdata\Lavasoft

2010-06-30 17:49 . 2010-06-30 17:49 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys

2010-06-29 08:39 . 2010-03-08 12:15 -------- d-----w- c:\programdata\NOS

2010-06-28 13:56 . 2010-06-28 13:56 -------- d-----w- c:\program files\CCleaner

2010-06-26 07:39 . 2010-03-05 22:50 -------- d-----w- c:\program files\Microsoft.NET

2010-06-24 13:57 . 2010-06-24 10:09 -------- d-----w- c:\users\Eddie\AppData\Roaming\Apple Computer

2010-06-24 10:09 . 2010-06-24 10:08 -------- d-----w- c:\programdata\{429CAD59-35B1-4DBC-BB6D-1DB246563521}

2010-06-24 10:08 . 2010-06-24 10:07 -------- d-----w- c:\programdata\Apple Computer

2010-06-24 10:08 . 2010-06-24 10:07 -------- d-----w- c:\program files\QuickTime

2010-06-24 10:07 . 2010-06-24 10:07 -------- d-----w- c:\program files\Apple Software Update

2010-06-24 10:07 . 2010-06-24 10:06 -------- d-----w- c:\programdata\Apple

2010-06-24 10:06 . 2010-06-24 10:06 -------- d-----w- c:\program files\Bonjour

2010-06-18 18:57 . 2010-06-14 19:22 -------- d-----w- c:\program files\PageBreeze

2010-06-18 18:56 . 2010-05-07 22:19 -------- d-----r- c:\program files\Skype

2010-06-07 16:47 . 2010-06-07 16:47 579688 ----a-w- c:\windows\system32\nv3dappshext.dll

2010-06-07 16:47 . 2010-06-07 16:47 53864 ----a-w- c:\windows\system32\nv3dappshextr.dll

2010-06-07 16:47 . 2010-06-07 16:47 408168 ----a-w- c:\windows\system32\easyUpdatusAPIU.dll

2010-06-07 16:47 . 2010-06-07 16:47 258142 ----a-w- c:\windows\system32\nvcoproc.bin

2010-06-07 16:47 . 2010-06-07 16:47 255592 ----a-w- c:\windows\system32\nvhotkey.dll

2010-06-07 16:47 . 2010-06-07 16:47 1691752 ----a-w- c:\windows\system32\nvsvcr.dll

2010-06-07 16:47 . 2010-06-07 16:47 13917800 ----a-w- c:\windows\system32\nvcpl.dll

2010-06-07 16:47 . 2010-06-07 16:47 1331816 ----a-w- c:\windows\system32\nvsvc.dll

2010-06-07 16:47 . 2010-06-07 16:47 129640 ----a-w- c:\windows\system32\nvvsvc.exe

2010-06-07 16:47 . 2010-06-07 16:47 110696 ----a-w- c:\windows\system32\nvmctray.dll

2010-06-07 16:33 . 2010-06-07 16:33 49016 ----a-w- c:\windows\system32\sirenacm.dll

2010-06-07 16:19 . 2010-06-07 16:19 297328 ----a-w- c:\windows\WLXPGSS.SCR

2010-06-03 08:13 . 2010-03-18 23:00 29584 ----a-w- c:\windows\system32\drivers\avgmfx86.sys

2010-06-01 17:37 . 2010-03-04 19:30 221568 ------w- c:\windows\system32\MpSigStub.exe

2010-05-27 07:24 . 2010-06-09 07:17 34304 ----a-w- c:\windows\system32\atmlib.dll

2010-05-27 03:49 . 2010-06-09 07:17 293888 ----a-w- c:\windows\system32\atmfd.dll

2010-05-26 11:59 . 2010-05-26 11:59 213376 ----a-w- c:\windows\system32\LIVESSP.DLL

2010-05-26 11:39 . 2010-05-26 11:39 17816 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll

2010-05-23 12:57 . 2010-05-23 12:57 388096 ----a-r- c:\users\Eddie\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2010-05-23 12:51 . 2009-07-14 00:01 7168 ----a-w- c:\windows\system32\drivers\RDPREFMP.sys

2010-05-21 05:18 . 2010-06-09 07:17 977920 ----a-w- c:\windows\system32\wininet.dll

2010-05-18 15:35 . 2010-05-18 15:35 91424 ----a-w- c:\windows\system32\dnssd.dll

2010-05-18 15:35 . 2010-05-18 15:35 75040 ----a-w- c:\windows\system32\jdns_sd.dll

2010-05-18 15:35 . 2010-05-18 15:35 197920 ----a-w- c:\windows\system32\dnssdX.dll

2010-05-18 15:35 . 2010-05-18 15:35 107808 ----a-w- c:\windows\system32\dns-sd.exe

2009-06-10 21:26 . 2009-07-14 02:04 9633792 --sha-r- c:\windows\Fonts\StaticCache.dat

2009-07-14 01:14 . 2009-07-13 23:42 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-06-07 4176760]

"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-07-19 2403568]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"OEM02Mon.exe"="c:\windows\OEM02Mon.exe" [2007-05-09 36864]

"Launch LCDMon"="c:\program files\Common Files\Logitech\LCD Manager\lcdmon.exe" [2007-06-26 775952]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-10-26 1029416]

"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]

"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 648072]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]

"XboxStat"="c:\program files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2009-09-30 718688]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-18 421888]

"NVHotkey"="c:\windows\system32\nvHotkey.dll" [2010-06-07 255592]

"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2010-05-10 439568]

"WindowsLiveDeviceIntegrator"="c:\program files\Windows Live\Device Integrator\wldi.exe" [2010-06-17 240424]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-07-16 141608]

"Mobile Connectivity Suite"="c:\program files\HTC\HTC Sync\Application Launcher\Application Launcher.exe" [2009-11-19 598016]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"FlashPlayerUpdate"="c:\windows\system32\Macromed\Flash\FlashUtil10h_ActiveX.exe" [2010-06-25 231888]

"Application Restart F948199016079EDED0320B6245D59EF3D50EBD93"="c:\program files\Internet Explorer\iexplore.exe" [2009-07-14 673048]

"Application Restart 04C66A2139E7E531DA18BB4F240798B1B69C2B240C39BA9FF102E5A9EF8A79BA"="c:\program files\Internet Explorer\iexplore.exe" [2009-07-14 673048]

c:\users\Eddie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-5-17 568176]

QuickSet.lnk - c:\program files\Dell\QuickSet\quickset.exe [2009-3-23 2894928]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 0 (0x0)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=c:\windows\System32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

@="Service"

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-03-27 136176]

R3 androidusb;ADB Interface Driver;c:\windows\system32\Drivers\androidusb.sys [2010-04-29 26112]

R3 i1display;i1 Display;c:\windows\system32\Drivers\i1display.sys [2007-03-28 44344]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-05-24 1343400]

R4 wlcrasvc;Windows Live Devices remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-06-04 49504]

S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2010-07-12 64288]

S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\Drivers\avgldx86.sys [2010-07-17 216400]

S1 AvgTdiX;AVG Free Network Redirector;c:\windows\System32\Drivers\avgtdix.sys [2010-07-17 243024]

S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-17 12872]

S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2010-05-10 67656]

S2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [2010-07-17 308136]

S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2010-07-12 1352832]

S3 netw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

WindowsMobile REG_MULTI_SZ wcescomm rapimgr

LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr

.

Contents of the 'Scheduled Tasks' folder

2010-08-10 c:\windows\Tasks\Ad-Aware Update (Weekly).job

- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-07-12 08:55]

2010-08-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-27 15:21]

2010-08-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-27 15:21]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.co.uk/

uInternet Settings,ProxyOverride = *.local

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000

IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

IE: {{0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - c:\program files\Windows Live\Companion\companioncore.dll

FF - ProfilePath - c:\users\Eddie\AppData\Roaming\Mozilla\Firefox\Profiles\aqup51nq.default\

FF - prefs.js: browser.startup.homepage - www.hotukdeals.com

FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll

FF - component: c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\components\FFGlobalExtension.dll

FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll

FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll

FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll

FF - plugin: c:\program files\Pando Networks\Media Booster\npPandoWebPlugin.dll

FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll

---- FIREFOX POLICIES ----

c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pr

ef", true);

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]

@Denied: (2) (LocalSystem)

"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,89,93,7d,bb,59,ee,5e,40,93,f1,20,\

"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,89,93,7d,bb,59,ee,5e,40,93,f1,20,\

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="IE.AssocFile.HTM"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="IE.AssocFile.HTM"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mht\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="IE.AssocFile.MHT"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mhtml\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="IE.AssocFile.MHT"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.url\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="IE.AssocFile.URL"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'Explorer.exe'(1404)

c:\windows\system32\btmmhook.dll

c:\windows\system32\btncopy.dll

.

------------------------ Other Running Processes ------------------------

.

c:\windows\system32\nvvsvc.exe

c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe

c:\windows\system32\nvvsvc.exe

c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\windows\system32\bgsvcgen.exe

c:\program files\Bonjour\mDNSResponder.exe

c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

c:\program files\Dell\QuickSet\NicConfigSvc.exe

c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

c:\windows\system32\wbem\unsecapp.exe

c:\windows\system32\taskhost.exe

c:\program files\AVG\AVG9\avgnsx.exe

c:\windows\system32\WUDFHost.exe

c:\windows\system32\conhost.exe

c:\program files\AVG\AVG9\avgrsx.exe

c:\program files\AVG\AVG9\avgcsrvx.exe

c:\program files\Common Files\Logitech\LCD Manager\Applets\LCDCountdown.exe

c:\program files\Common Files\Logitech\LCD Manager\Applets\LCDClock.exe

c:\program files\AVG\AVG9\avgchsvx.exe

c:\program files\Synaptics\SynTP\SynTPHelper.exe

c:\program files\Windows Live\Device Integrator\DI_HIDServer.exe

c:\program files\Common Files\Teleca Shared\CapabilityManager.exe

c:\program files\Common Files\Teleca Shared\logger.exe

c:\progra~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE

c:\program files\Common Files\Teleca Shared\Generic.exe

c:\program files\HTC\HTC Sync\ClientInitiatedStarter\ClientInitiatedStarter.exe

c:\program files\HTC\HTC Sync\Mobile Phone Monitor\epmworker.exe

c:\program files\HTC\HTC Sync\Mobile Phone Monitor\HTCVBTServer.exe

c:\program files\HTC\HTC Sync\Mobile Phone Monitor\FsynSrvStarter.exe

c:\program files\iPod\bin\iPodService.exe

c:\program files\Windows Media Player\wmpnetwk.exe

c:\windows\system32\sppsvc.exe

c:\program files\Lavasoft\Ad-Aware\AAWTray.exe

c:\\?\c:\windows\system32\wbem\WMIADAP.EXE

c:\windows\system32\DllHost.exe

.

**************************************************************************

.

Completion time: 2010-08-10 22:22:34 - machine was rebooted

ComboFix-quarantined-files.txt 2010-08-10 21:22

ComboFix2.txt 2010-05-23 14:02

ComboFix3.txt 2010-05-23 13:30

Pre-Run: 18,968,608,768 bytes free

Post-Run: 19,090,153,472 bytes free

- - End Of File - - C5D8DD13687C56C4288A2ACDCBB0202F

Link to post
Share on other sites

eddied,

icon11.gif Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system.

Java 6 Update 18 can be updated from the Java control panel Start > Control Panel (Classic View) > Java (looks like a coffee cup) > Update Tab > Update Now. An update should begin; follow the prompts. If it does not, let me know.

Once the install is complete...

Go into the Control Panel and double-click the Java Icon. (looks like a coffee cup)

  • On the General tab, under Temporary Internet Files, click the Settings button.
  • Next, click on the Delete Files button
  • There are two options in the window to clear the cache - Leave BOTH Checked
    • Applications and Applets
    • Trace and Log Files

    [*]Click OK on Delete Temporary Files Window

Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.

  • Click OK to leave the Temporary Files Window
  • Click OK to leave the Java Control Panel.

icon11.gif You have this program installed, Malwarebytes' Anti-Malware (MBAM). Please update it and run a scan.

Open MBAM

  • Click the Update tab
  • Click Check for Updates
  • If an update is found, it will download and install the latest version.
  • The program will close to update and reopen.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

icon11.gif Using Internet Explorer or Firefox, visit Kaspersky Online Scanner

1. Click Accept, when prompted to download and install the program files and database of malware definitions.

2. To optimize scanning time and produce a more sensible report for review:

  • Close any open programs
  • Turn off the real time scanner of any existing antivirus program while performing the online scan. Click HERE to see how to disable the most common antivirus programs.

3. Click Run at the Security prompt.

The program will then begin downloading and installing and will also update the database.

Please be patient as this can take quite a long time to download.

  • Once the update is complete, click on Settings.
  • Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:

    • Spyware, adware, dialers, and other riskware
    • Archives
    • E-mail databases

    [*]Click on My Computer under the green Scan bar to the left to start the scan.

    [*]Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.

    [*]Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.

    [*]Click View report... at the bottom.

    [*] Click the Save report... button.

    [*] Change the Files of type dropdown box to Text file (.txt) and name the file KasReport.txt to save the file to your desktop so that you may post it in your next reply

Please include the following in your next post:

  • MBAM log
  • Kaspersky log

Link to post
Share on other sites

thankyou for your quick reply.

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

Database version: 4416

Windows 6.1.7600

Internet Explorer 8.0.7600.16385

10/08/2010 23:03:36

mbam-log-2010-08-10 (23-03-36).txt

Scan type: Quick scan

Objects scanned: 140481

Time elapsed: 4 minute(s), 36 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

KASPERSKY ONLINE SCANNER 7.0: scan report

Wednesday, August 11, 2010

Operating system: Microsoft Home Edition (build 7600)

Kaspersky Online Scanner version: 7.0.26.13

Last database update: Wednesday, August 11, 2010 05:39:38

Records in database: 4128856

--------------------------------------------------------------------------------

Scan settings:

scan using the following database: extended

Scan archives: yes

Scan e-mail databases: yes

Scan area - My Computer:

C:\

D:\

E:\

F:\

G:\

Scan statistics:

Objects scanned: 280882

Threats found: 3

Infected objects found: 5

Suspicious objects found: 3

Scan duration: 03:03:40

File name / Threat / Threats count

C:\Qoobox\Quarantine\C\System Volume Information\Microsoft\services.exe.vir Infected: Trojan-Clicker.Win32.Cycler.ajtz 1

C:\Qoobox\Quarantine\C\System Volume Information\Microsoft\smss.exe.vir Infected: Trojan-Clicker.Win32.Cycler.ajtz 1

C:\Qoobox\Quarantine\MBR_HardDisk0.mbr Infected: Trojan-Clicker.Win32.Wistler.a 1

C:\Qoobox\Quarantine\MBR_HardDisk1.mbr Infected: Trojan-Clicker.Win32.Wistler.a 1

C:\Qoobox\Quarantine\MBR_HardDisk2.mbr Infected: Trojan-Clicker.Win32.Wistler.a 1

C:\Users\Eddie\AppData\Local\Microsoft\Outlook\Outlook.pst Suspicious: Trojan-Spy.HTML.Fraud.gen 1

C:\Users\Eddie\AppData\Local\Microsoft\Windows Live Mail\Hotmail (ed 686\Junk e-mail\00294823-00000652.eml Suspicious: Trojan-Spy.HTML.Fraud.gen 1

C:\Users\Eddie\AppData\Local\Microsoft\Windows Live Mail\Hotmail (ed 686\Junk e-mail\4FA977E2-0000063B.eml Suspicious: Trojan-Spy.HTML.Fraud.gen 1

Selected area has been scanned.

Link to post
Share on other sites

eddied,

report.gif Several of the infections identified by Kaspersky are in your Outlook and Windows Live Hotmail email. Unfortunately Kaspersky is unable to identify which particular email is infected (the Hotmail detections appear to be in your junk mail though), so delete any emails from anyone you don't know or any that have attachments, such as jokes, videos etc. (don't open them to check).

Otherwise your logs look good! Now I have some very important cleanup for you to take care of:

icon11.gif Uninstall ComboFix

  • Press the Windows key + R on your keyboard or click Start -> Run. Copy and past the following text into the run box that opens and press OK:
    Combofix /Uninstall

Combofix_uninstall_image.jpg

icon11.gif Delete the following tools along with any other logs you saved from our work:

  • DDS
  • GMER

icon11.gif Download TFC to your desktop

  • Close any open windows.
  • Double click the TFC icon to run the program
  • TFC will close all open programs itself in order to run,
  • Click the Start button to begin the process.
  • Allow TFC to run uninterrupted.
  • The program should not take long to finish it's job
  • Once its finished it should automatically reboot your machine,
  • if it doesn't, manually reboot to ensure a complete clean

icon11.gif Finally, I'd like to make a couple of suggestions to help you stay clean in the future:

  • Restart any anti-malware programs that we disabled while we were cleaning your machine.
  • Keep your antivirus application current and updated. Also, hang on to MBAM. Scan with them at least weekly.
  • Avoid using P2P programs. Refer back to my earlier post for more information.
  • Please visit the General Computer Security Forum and review this post for some helpful information.

Please post once more so I know you are all set and I can mark this thread resolved. Good luck and stay safe!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.