Jump to content

Unable to remove this malware


Menda

Recommended Posts

Unfortunately some accounts of mine have been stolen and I suspect it is because of Malware. I have done several scans with MBAM/ESET but have found nothing. However I recently did a scan with Super Anti-Spyware and I found a malware piece/strand, can be seen here:

http://i56.tinypic.com/rm1idz.jpg

Here is my HJT log:

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 4:15:25 PM, on 5/12/2010

Platform: Windows 7 (WinNT 6.00.3504)

MSIE: Internet Explorer v8.00 (8.00.7600.16671)

Boot mode: Normal

Running processes:

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe

C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe

C:\Program Files\lg_fwupdate\fwupdate.exe

C:\Program Files\Razer\Arctosa\razerhid.exe

C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe

C:\Program Files\Microsoft IntelliPoint\ipoint.exe

C:\Program Files\Logitech\Gaming Software\LWEMon.exe

C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe

c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

C:\Program Files\Steam\Steam.exe

C:\Windows\notepad.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Mozilla Firefox\plugin-container.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Users\Michael J\Downloads\HijackThis(3).exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O1 - Hosts:

Link to post
Share on other sites

Sorry for the delayed response.

Combo fix log as requested:

ComboFix 10-12-09.04 - Michael J 11/12/2010  12:05:56.2.6 - x86
Microsoft Windows 7 Professional 6.1.7600.0.1252.61.1033.18.3327.1872 [GMT 11:00]
Running from: c:\users\Michael J\Desktop\ComboFix.exe
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_monitor


((((((((((((((((((((((((( Files Created from 2010-11-11 to 2010-12-11 )))))))))))))))))))))))))))))))
.

2010-12-11 01:10 . 2010-12-11 01:10 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-12-11 01:05 . 2010-12-11 01:05 -------- d-----w- C:\32788R22FWJFW
2010-12-10 22:31 . 2010-12-10 22:31 -------- d-----w- c:\windows\en
2010-12-10 22:28 . 2010-12-10 22:28 -------- dc----w- c:\windows\system32\DRVSTORE
2010-12-10 22:28 . 2010-09-22 13:21 39272 ----a-w- c:\windows\system32\drivers\fssfltr.sys
2010-12-10 22:25 . 2010-12-10 22:25 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2010-12-10 22:18 . 2010-12-10 22:18 -------- d-----w- c:\program files\MSN Toolbar
2010-12-10 22:18 . 2010-12-10 22:18 -------- d-----w- c:\program files\Bing Bar Installer
2010-12-10 22:18 . 2010-12-10 22:18 469256 ----a-w- c:\program files\Common Files\Windows Live\.cache\2d5114411cb98b807\InstallManager_WLE_WLE.exe
2010-12-10 22:18 . 2010-12-10 22:18 15712 ----a-w- c:\program files\Common Files\Windows Live\.cache\1f01ff4f1cb98b806\MeshBetaRemover.exe
2010-12-10 22:18 . 2010-12-10 22:18 94040 ----a-w- c:\program files\Common Files\Windows Live\.cache\1be8a5c11cb98b805\DSETUP.dll
2010-12-10 22:18 . 2010-12-10 22:18 525656 ----a-w- c:\program files\Common Files\Windows Live\.cache\1be8a5c11cb98b805\DXSETUP.exe
2010-12-10 22:18 . 2010-12-10 22:18 1691480 ----a-w- c:\program files\Common Files\Windows Live\.cache\1be8a5c11cb98b805\dsetup32.dll
2010-12-10 22:17 . 2010-12-10 22:17 94040 ----a-w- c:\program files\Common Files\Windows Live\.cache\16f7c62b1cb98b804\DSETUP.dll
2010-12-10 22:17 . 2010-12-10 22:17 525656 ----a-w- c:\program files\Common Files\Windows Live\.cache\16f7c62b1cb98b804\DXSETUP.exe
2010-12-10 22:17 . 2010-12-10 22:17 1691480 ----a-w- c:\program files\Common Files\Windows Live\.cache\16f7c62b1cb98b804\dsetup32.dll
2010-12-10 22:17 . 2010-12-10 22:17 -------- d-----w- c:\program files\Microsoft Silverlight
2010-12-10 22:17 . 2010-12-10 22:17 6260088 ----a-w- c:\program files\Common Files\Windows Live\.cache\e392e841cb98b803\Silverlight.4.0.exe
2010-12-10 22:17 . 2010-08-11 04:44 2983424 ----a-w- c:\windows\system32\UIRibbon.dll
2010-12-10 22:17 . 2010-08-11 04:35 1164800 ----a-w- c:\windows\system32\UIRibbonRes.dll
2010-12-10 22:17 . 2010-05-23 10:15 1619456 ----a-w- c:\windows\system32\WMVDECOD.DLL
2010-12-10 22:17 . 2010-05-23 10:11 196608 ----a-w- c:\windows\system32\mfreadwrite.dll
2010-12-10 22:17 . 2010-05-23 10:11 3181568 ----a-w- c:\windows\system32\mf.dll
2010-12-10 22:16 . 2010-12-10 23:06 -------- d-----w- c:\users\Michael J\AppData\Local\Windows Live
2010-12-06 07:58 . 2010-12-06 07:58 -------- d-----w- c:\windows\system32\xlive
2010-12-06 07:58 . 2010-12-06 07:58 -------- d-----w- c:\program files\Microsoft Games for Windows - LIVE
2010-12-05 07:36 . 2010-12-06 06:17 -------- d-----w- c:\users\Michael J\AppData\Roaming\Systweak
2010-12-05 07:36 . 2010-12-06 06:17 -------- d-----w- c:\programdata\Systweak
2010-12-05 06:49 . 2010-12-05 06:49 -------- d-----w- c:\programdata\IObit
2010-12-05 06:48 . 2010-12-05 06:48 -------- d-----w- c:\program files\IObit
2010-12-05 03:54 . 2010-12-05 03:54 -------- d-----w- c:\users\Michael J\AppData\Roaming\SUPERAntiSpyware.com
2010-12-05 03:54 . 2010-12-05 03:54 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2010-12-05 03:54 . 2010-12-05 03:54 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-12-01 10:02 . 2010-12-01 10:02 444952 ----a-w- c:\windows\system32\wrap_oal.dll
2010-12-01 10:02 . 2010-12-01 10:02 109080 ----a-w- c:\windows\system32\OpenAL32.dll
2010-12-01 10:02 . 2010-12-01 10:02 -------- d-----w- c:\program files\OpenAL
2010-12-01 05:19 . 2010-12-01 05:19 -------- d-----w- c:\users\Michael J\AppData\Local\Electronic Arts
2010-12-01 05:19 . 2010-12-01 05:19 -------- d-----w- c:\programdata\Electronic Arts
2010-11-26 07:18 . 2010-11-26 07:18 -------- d-----w- c:\users\Michael J\AppData\Roaming\Malwarebytes
2010-11-26 07:18 . 2010-11-29 06:42 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-11-26 07:18 . 2010-11-29 06:42 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-11-26 07:18 . 2010-11-26 07:18 -------- d-----w- c:\programdata\Malwarebytes
2010-11-26 07:18 . 2010-12-04 23:57 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-11-26 05:30 . 2010-11-26 05:30 -------- d-----w- c:\program files\Hand-Crafted Software
2010-11-26 05:27 . 2010-11-26 05:29 -------- d-----w- c:\users\Michael J\AppData\Roaming\JonDo
2010-11-26 05:07 . 2010-11-26 05:07 -------- d-----w- c:\users\Michael J\AppData\Roaming\Creative Software
2010-11-25 21:16 . 2010-11-25 21:16 -------- d-----w- c:\program files\S.A.D
2010-11-18 09:56 . 2010-11-26 06:01 -------- d-----w- c:\users\Michael J\AppData\Local\Google

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-12-08 09:02 . 2010-08-22 09:56 138416 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2010-12-08 09:02 . 2010-08-31 09:58 268720 ----a-w- c:\windows\system32\PnkBstrB.xtr
2010-12-08 09:02 . 2010-08-22 09:55 268720 ----a-w- c:\windows\system32\PnkBstrB.exe
2010-12-08 09:01 . 2010-08-22 09:55 218496 ----a-w- c:\windows\system32\PnkBstrB.ex0
2010-11-19 10:35 . 2010-08-22 09:55 75136 ----a-w- c:\windows\system32\PnkBstrA.exe
2010-11-09 15:54 . 2010-11-09 15:54 49016 ----a-w- c:\windows\system32\sirenacm.dll
2010-11-09 15:28 . 2010-11-09 15:28 301936 ----a-w- c:\windows\WLXPGSS.SCR
2010-10-24 08:15 . 2010-08-22 09:56 138056 ----a-w- c:\users\Michael J\AppData\Roaming\PnkBstrK.sys
2010-10-22 22:26 . 2010-10-05 06:07 2601752 ----a-w- c:\windows\system32\pbsvc_moh.exe
2010-10-15 03:32 . 2010-10-15 03:32 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-10-13 14:36 . 2010-10-13 14:36 15451288 ----a-w- c:\windows\system32\xlive.dll
2010-10-13 14:36 . 2010-10-13 14:36 13642904 ----a-w- c:\windows\system32\xlivefnt.dll
2010-09-21 03:03 . 2010-09-21 03:03 208768 ----a-w- c:\windows\system32\LIVESSP.DLL
2010-09-16 06:55 . 2010-09-16 06:55 176128 ----a-w- c:\windows\system32\atiesrxx.exe
2010-09-16 06:55 . 2010-09-16 06:54 3392000 ----a-w- c:\windows\system32\atiumdva.dll
2010-09-16 06:55 . 2010-09-16 06:55 6380032 ----a-w- c:\windows\system32\drivers\atikmdag.sys
2010-09-16 06:55 . 2010-09-16 06:55 221696 ----a-w- c:\windows\system32\drivers\atikmpag.sys
2010-09-16 06:55 . 2009-10-19 13:12 3914240 ----a-w- c:\windows\system32\atidxx32.dll
2010-09-16 06:55 . 2010-09-16 06:55 30208 ----a-w- c:\windows\system32\atiuxpag.dll
2010-09-16 06:55 . 2010-09-16 06:55 46080 ----a-w- c:\windows\system32\aticalrt.dll
2010-09-16 06:55 . 2010-09-16 06:55 44032 ----a-w- c:\windows\system32\aticalcl.dll
2010-09-16 06:54 . 2010-09-16 06:54 15830016 ----a-w- c:\windows\system32\atioglxx.dll
2010-09-16 06:54 . 2010-09-16 06:54 28160 ----a-w- c:\windows\system32\atiu9pag.dll
2010-09-16 06:54 . 2010-09-16 06:54 19968 ----a-w- c:\windows\system32\atigktxx.dll
2010-09-16 06:54 . 2010-09-16 06:54 43520 ----a-w- c:\windows\system32\ati2edxx.dll
2010-09-16 06:54 . 2010-09-16 06:54 4375552 ----a-w- c:\windows\system32\aticaldd.dll
2010-09-16 06:54 . 2010-09-16 06:54 101904 ----a-w- c:\windows\system32\drivers\AtihdW73.sys
2010-09-16 06:54 . 2010-09-16 06:54 528384 ----a-w- c:\windows\system32\aticfx32.dll
2010-09-16 06:54 . 2010-09-16 06:54 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2010-09-16 06:54 . 2010-09-16 06:54 65536 ----a-w- c:\windows\system32\coinst.dll
2010-09-16 06:54 . 2010-09-16 06:54 52736 ----a-w- c:\windows\system32\atimpc32.dll
2010-09-16 06:54 . 2010-09-16 06:54 52736 ----a-w- c:\windows\system32\amdpcom32.dll
2010-09-16 06:54 . 2010-09-16 06:54 12800 ----a-w- c:\windows\system32\atiglpxx.dll
2010-09-16 06:54 . 2010-09-16 06:54 356352 ----a-w- c:\windows\system32\atipdlxx.dll
2010-09-16 06:54 . 2010-09-16 06:54 159744 ----a-w- c:\windows\system32\atitmmxx.dll
2010-09-16 06:54 . 2010-09-16 06:54 11776 ----a-w- c:\windows\system32\atimuixx.dll
2010-09-16 06:54 . 2010-09-16 06:54 278528 ----a-w- c:\windows\system32\Oemdspif.dll
2010-09-16 06:54 . 2010-09-16 06:53 4032512 ----a-w- c:\windows\system32\atiumdag.dll
2010-09-16 06:53 . 2010-09-16 06:53 450560 ----a-w- c:\windows\system32\ATIDEMGX.dll
2010-09-16 06:53 . 2010-09-16 06:53 380928 ----a-w- c:\windows\system32\atieclxx.exe
2010-09-16 06:53 . 2010-09-16 06:53 143360 ----a-w- c:\windows\system32\atiapfxx.exe
2010-09-16 06:53 . 2010-09-16 06:53 241664 ----a-w- c:\windows\system32\atiadlxx.dll
2010-09-14 17:50 . 2010-09-26 01:45 472808 ----a-w- c:\windows\system32\deployJava1.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files\Steam\steam.exe" [2010-11-16 1242448]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-11-09 4240760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UpdateLBPShortCut"="c:\program files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2009-05-19 222504]
"CLMLServer"="c:\program files\CyberLink\Power2Go\CLMLSvc.exe" [2009-06-03 103720]
"UpdateP2GoShortCut"="c:\program files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2009-05-19 222504]
"RemoteControl8"="c:\program files\CyberLink\PowerDVD8\PDVD8Serv.exe" [2009-04-15 91432]
"PDVD8LanguageShortcut"="c:\program files\CyberLink\PowerDVD8\Language\Language.exe" [2009-04-15 50472]
"UpdatePPShortCut"="c:\program files\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe" [2009-05-19 222504]
"UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2009-02-17 218408]
"LGODDFU"="c:\program files\lg_fwupdate\fwupdate.exe" [2008-10-01 548864]
"UpdatePSTShortCut"="c:\program files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" [2009-09-29 210216]
"Arctosa"="c:\program files\Razer\Arctosa\razerhid.exe" [2008-10-06 147456]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2010-08-12 2215064]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2009-11-11 1468256]
"Start WingMan Profiler"="c:\program files\Logitech\Gaming Software\LWEMon.exe" [2008-04-04 88584]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2010-03-17 8546848]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-08-25 98304]
"ATICustomerCare"="c:\program files\ATI\ATICustomerCare\ATICustomerCare.exe" [2010-03-04 311296]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0sasnative32

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-09-20 12:07 932288 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-09-22 17:47 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes Anti-Malware (reboot)]
2010-11-29 06:42 963976 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware]
2010-11-29 06:42 443728 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-05-14 01:44 248552 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
2010-11-22 16:29 2424560 ----a-w- c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe

R3 BCASPROT;Advanced System Protector;c:\program files\Systweak\Advanced System Protector\sasprot32.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-08-23 1343400]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-10-15 691696]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2010-07-29 115008]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-17 12872]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2010-05-10 67656]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-09-16 176128]
S2 DriveHQ FileManagerFun;DriveHQ FileManagerFun;c:\program files\DriveHQ\DriveHQ FileManager\DHQFMSvc.exe [2009-04-01 45568]
S2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [2010-07-29 136632]
S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2010-08-12 810144]
S2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys [2010-07-29 96920]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2010-11-29 363344]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2010-09-16 6380032]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2010-09-16 221696]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW73.sys [2010-09-16 101904]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-11-29 20952]
S3 netr28;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28.sys [2009-06-19 604672]

.
.
------- Supplementary Scan -------
.
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\Michael J\AppData\Roaming\Mozilla\Firefox\Profiles\3mxok4nw.default\
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: c:\programdata\NexonUS\NGM\npNxGameUS.dll
FF - Extension: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-SunJavaUpdateSched - c:\program files\Java\jre6\bin\jusched.exe


.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-3190900179-3420051416-1164175200-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"

[HKEY_USERS\S-1-5-21-3190900179-3420051416-1164175200-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"

[HKEY_USERS\S-1-5-21-3190900179-3420051416-1164175200-1000\Software\SecuROM\License information*]
"datasecu"=hex:c5,97,59,20,8b,21,29,f3,5c,01,5c,06,78,e5,12,73,b6,78,58,e0,f1,
de,62,b2,ad,d5,ae,4e,6a,d2,1c,63,ff,4a,ef,71,c6,b5,23,af,99,e3,59,fc,b7,76,\
"rkeysecu"=hex:4c,4d,cc,f8,ea,5f,10,02,8c,7d,ee,f9,30,37,0b,02

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'Explorer.exe'(6016)
c:\program files\DriveHQ\DriveHQ FileManager\ShellCopyHookDLL.dll
c:\program files\DriveHQ\DriveHQ FileManager\LoadStringDll.dll
c:\program files\DriveHQ\DriveHQ FileManager\funlib.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\atieclxx.exe
c:\windows\system32\PnkBstrA.exe
c:\program files\CyberLink\Shared files\RichVideo.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\taskhost.exe
c:\windows\system32\conhost.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
c:\windows\system32\sppsvc.exe
c:\windows\system32\taskhost.exe
c:\windows\system32\DllHost.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\\?\c:\windows\system32\wbem\WMIADAP.EXE
.
**************************************************************************
.
Completion time: 2010-12-11 12:16:10 - machine was rebooted
ComboFix-quarantined-files.txt 2010-12-11 01:16

Pre-Run: 769,941,434,368 bytes free
Post-Run: 769,806,909,440 bytes free

- - End Of File - - ACA1AFE4B0BCA2E9CFE24DBD7564AA0A

Well my computer is behaving as it normally would. The reason why I am checking for malware is because of the hi-jacking of several email accounts of mine.

Link to post
Share on other sites

I don't know why everything is blacked out.

I can't read it so I don't know if it removed anything or if anything else needs removed.

Instead of putting the results in Code or Quotes, just use plain old copy/paste

My apologies, I thought it would be easier to read in Code tags.

ComboFix 10-12-09.04 - Michael J 11/12/2010 12:05:56.2.6 - x86

Microsoft Windows 7 Professional 6.1.7600.0.1252.61.1033.18.3327.1872 [GMT 11:00]

Running from: c:\users\Michael J\Desktop\ComboFix.exe

SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}

* Created a new restore point

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\Service_monitor

((((((((((((((((((((((((( Files Created from 2010-11-11 to 2010-12-11 )))))))))))))))))))))))))))))))

.

2010-12-11 01:10 . 2010-12-11 01:10 -------- d-----w- c:\users\Default\AppData\Local\temp

2010-12-11 01:05 . 2010-12-11 01:05 -------- d-----w- C:\32788R22FWJFW

2010-12-10 22:31 . 2010-12-10 22:31 -------- d-----w- c:\windows\en

2010-12-10 22:28 . 2010-12-10 22:28 -------- dc----w- c:\windows\system32\DRVSTORE

2010-12-10 22:28 . 2010-09-22 13:21 39272 ----a-w- c:\windows\system32\drivers\fssfltr.sys

2010-12-10 22:25 . 2010-12-10 22:25 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition

2010-12-10 22:18 . 2010-12-10 22:18 -------- d-----w- c:\program files\MSN Toolbar

2010-12-10 22:18 . 2010-12-10 22:18 -------- d-----w- c:\program files\Bing Bar Installer

2010-12-10 22:18 . 2010-12-10 22:18 469256 ----a-w- c:\program files\Common Files\Windows Live\.cache\2d5114411cb98b807\InstallManager_WLE_WLE.exe

2010-12-10 22:18 . 2010-12-10 22:18 15712 ----a-w- c:\program files\Common Files\Windows Live\.cache\1f01ff4f1cb98b806\MeshBetaRemover.exe

2010-12-10 22:18 . 2010-12-10 22:18 94040 ----a-w- c:\program files\Common Files\Windows Live\.cache\1be8a5c11cb98b805\DSETUP.dll

2010-12-10 22:18 . 2010-12-10 22:18 525656 ----a-w- c:\program files\Common Files\Windows Live\.cache\1be8a5c11cb98b805\DXSETUP.exe

2010-12-10 22:18 . 2010-12-10 22:18 1691480 ----a-w- c:\program files\Common Files\Windows Live\.cache\1be8a5c11cb98b805\dsetup32.dll

2010-12-10 22:17 . 2010-12-10 22:17 94040 ----a-w- c:\program files\Common Files\Windows Live\.cache\16f7c62b1cb98b804\DSETUP.dll

2010-12-10 22:17 . 2010-12-10 22:17 525656 ----a-w- c:\program files\Common Files\Windows Live\.cache\16f7c62b1cb98b804\DXSETUP.exe

2010-12-10 22:17 . 2010-12-10 22:17 1691480 ----a-w- c:\program files\Common Files\Windows Live\.cache\16f7c62b1cb98b804\dsetup32.dll

2010-12-10 22:17 . 2010-12-10 22:17 -------- d-----w- c:\program files\Microsoft Silverlight

2010-12-10 22:17 . 2010-12-10 22:17 6260088 ----a-w- c:\program files\Common Files\Windows Live\.cache\e392e841cb98b803\Silverlight.4.0.exe

2010-12-10 22:17 . 2010-08-11 04:44 2983424 ----a-w- c:\windows\system32\UIRibbon.dll

2010-12-10 22:17 . 2010-08-11 04:35 1164800 ----a-w- c:\windows\system32\UIRibbonRes.dll

2010-12-10 22:17 . 2010-05-23 10:15 1619456 ----a-w- c:\windows\system32\WMVDECOD.DLL

2010-12-10 22:17 . 2010-05-23 10:11 196608 ----a-w- c:\windows\system32\mfreadwrite.dll

2010-12-10 22:17 . 2010-05-23 10:11 3181568 ----a-w- c:\windows\system32\mf.dll

2010-12-10 22:16 . 2010-12-10 23:06 -------- d-----w- c:\users\Michael J\AppData\Local\Windows Live

2010-12-06 07:58 . 2010-12-06 07:58 -------- d-----w- c:\windows\system32\xlive

2010-12-06 07:58 . 2010-12-06 07:58 -------- d-----w- c:\program files\Microsoft Games for Windows - LIVE

2010-12-05 07:36 . 2010-12-06 06:17 -------- d-----w- c:\users\Michael J\AppData\Roaming\Systweak

2010-12-05 07:36 . 2010-12-06 06:17 -------- d-----w- c:\programdata\Systweak

2010-12-05 06:49 . 2010-12-05 06:49 -------- d-----w- c:\programdata\IObit

2010-12-05 06:48 . 2010-12-05 06:48 -------- d-----w- c:\program files\IObit

2010-12-05 03:54 . 2010-12-05 03:54 -------- d-----w- c:\users\Michael J\AppData\Roaming\SUPERAntiSpyware.com

2010-12-05 03:54 . 2010-12-05 03:54 -------- d-----w- c:\programdata\SUPERAntiSpyware.com

2010-12-05 03:54 . 2010-12-05 03:54 -------- d-----w- c:\program files\SUPERAntiSpyware

2010-12-01 10:02 . 2010-12-01 10:02 444952 ----a-w- c:\windows\system32\wrap_oal.dll

2010-12-01 10:02 . 2010-12-01 10:02 109080 ----a-w- c:\windows\system32\OpenAL32.dll

2010-12-01 10:02 . 2010-12-01 10:02 -------- d-----w- c:\program files\OpenAL

2010-12-01 05:19 . 2010-12-01 05:19 -------- d-----w- c:\users\Michael J\AppData\Local\Electronic Arts

2010-12-01 05:19 . 2010-12-01 05:19 -------- d-----w- c:\programdata\Electronic Arts

2010-11-26 07:18 . 2010-11-26 07:18 -------- d-----w- c:\users\Michael J\AppData\Roaming\Malwarebytes

2010-11-26 07:18 . 2010-11-29 06:42 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-11-26 07:18 . 2010-11-29 06:42 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-11-26 07:18 . 2010-11-26 07:18 -------- d-----w- c:\programdata\Malwarebytes

2010-11-26 07:18 . 2010-12-04 23:57 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-11-26 05:30 . 2010-11-26 05:30 -------- d-----w- c:\program files\Hand-Crafted Software

2010-11-26 05:27 . 2010-11-26 05:29 -------- d-----w- c:\users\Michael J\AppData\Roaming\JonDo

2010-11-26 05:07 . 2010-11-26 05:07 -------- d-----w- c:\users\Michael J\AppData\Roaming\Creative Software

2010-11-25 21:16 . 2010-11-25 21:16 -------- d-----w- c:\program files\S.A.D

2010-11-18 09:56 . 2010-11-26 06:01 -------- d-----w- c:\users\Michael J\AppData\Local\Google

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-12-08 09:02 . 2010-08-22 09:56 138416 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys

2010-12-08 09:02 . 2010-08-31 09:58 268720 ----a-w- c:\windows\system32\PnkBstrB.xtr

2010-12-08 09:02 . 2010-08-22 09:55 268720 ----a-w- c:\windows\system32\PnkBstrB.exe

2010-12-08 09:01 . 2010-08-22 09:55 218496 ----a-w- c:\windows\system32\PnkBstrB.ex0

2010-11-19 10:35 . 2010-08-22 09:55 75136 ----a-w- c:\windows\system32\PnkBstrA.exe

2010-11-09 15:54 . 2010-11-09 15:54 49016 ----a-w- c:\windows\system32\sirenacm.dll

2010-11-09 15:28 . 2010-11-09 15:28 301936 ----a-w- c:\windows\WLXPGSS.SCR

2010-10-24 08:15 . 2010-08-22 09:56 138056 ----a-w- c:\users\Michael J\AppData\Roaming\PnkBstrK.sys

2010-10-22 22:26 . 2010-10-05 06:07 2601752 ----a-w- c:\windows\system32\pbsvc_moh.exe

2010-10-15 03:32 . 2010-10-15 03:32 691696 ----a-w- c:\windows\system32\drivers\sptd.sys

2010-10-13 14:36 . 2010-10-13 14:36 15451288 ----a-w- c:\windows\system32\xlive.dll

2010-10-13 14:36 . 2010-10-13 14:36 13642904 ----a-w- c:\windows\system32\xlivefnt.dll

2010-09-21 03:03 . 2010-09-21 03:03 208768 ----a-w- c:\windows\system32\LIVESSP.DLL

2010-09-16 06:55 . 2010-09-16 06:55 176128 ----a-w- c:\windows\system32\atiesrxx.exe

2010-09-16 06:55 . 2010-09-16 06:54 3392000 ----a-w- c:\windows\system32\atiumdva.dll

2010-09-16 06:55 . 2010-09-16 06:55 6380032 ----a-w- c:\windows\system32\drivers\atikmdag.sys

2010-09-16 06:55 . 2010-09-16 06:55 221696 ----a-w- c:\windows\system32\drivers\atikmpag.sys

2010-09-16 06:55 . 2009-10-19 13:12 3914240 ----a-w- c:\windows\system32\atidxx32.dll

2010-09-16 06:55 . 2010-09-16 06:55 30208 ----a-w- c:\windows\system32\atiuxpag.dll

2010-09-16 06:55 . 2010-09-16 06:55 46080 ----a-w- c:\windows\system32\aticalrt.dll

2010-09-16 06:55 . 2010-09-16 06:55 44032 ----a-w- c:\windows\system32\aticalcl.dll

2010-09-16 06:54 . 2010-09-16 06:54 15830016 ----a-w- c:\windows\system32\atioglxx.dll

2010-09-16 06:54 . 2010-09-16 06:54 28160 ----a-w- c:\windows\system32\atiu9pag.dll

2010-09-16 06:54 . 2010-09-16 06:54 19968 ----a-w- c:\windows\system32\atigktxx.dll

2010-09-16 06:54 . 2010-09-16 06:54 43520 ----a-w- c:\windows\system32\ati2edxx.dll

2010-09-16 06:54 . 2010-09-16 06:54 4375552 ----a-w- c:\windows\system32\aticaldd.dll

2010-09-16 06:54 . 2010-09-16 06:54 101904 ----a-w- c:\windows\system32\drivers\AtihdW73.sys

2010-09-16 06:54 . 2010-09-16 06:54 528384 ----a-w- c:\windows\system32\aticfx32.dll

2010-09-16 06:54 . 2010-09-16 06:54 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll

2010-09-16 06:54 . 2010-09-16 06:54 65536 ----a-w- c:\windows\system32\coinst.dll

2010-09-16 06:54 . 2010-09-16 06:54 52736 ----a-w- c:\windows\system32\atimpc32.dll

2010-09-16 06:54 . 2010-09-16 06:54 52736 ----a-w- c:\windows\system32\amdpcom32.dll

2010-09-16 06:54 . 2010-09-16 06:54 12800 ----a-w- c:\windows\system32\atiglpxx.dll

2010-09-16 06:54 . 2010-09-16 06:54 356352 ----a-w- c:\windows\system32\atipdlxx.dll

2010-09-16 06:54 . 2010-09-16 06:54 159744 ----a-w- c:\windows\system32\atitmmxx.dll

2010-09-16 06:54 . 2010-09-16 06:54 11776 ----a-w- c:\windows\system32\atimuixx.dll

2010-09-16 06:54 . 2010-09-16 06:54 278528 ----a-w- c:\windows\system32\Oemdspif.dll

2010-09-16 06:54 . 2010-09-16 06:53 4032512 ----a-w- c:\windows\system32\atiumdag.dll

2010-09-16 06:53 . 2010-09-16 06:53 450560 ----a-w- c:\windows\system32\ATIDEMGX.dll

2010-09-16 06:53 . 2010-09-16 06:53 380928 ----a-w- c:\windows\system32\atieclxx.exe

2010-09-16 06:53 . 2010-09-16 06:53 143360 ----a-w- c:\windows\system32\atiapfxx.exe

2010-09-16 06:53 . 2010-09-16 06:53 241664 ----a-w- c:\windows\system32\atiadlxx.dll

2010-09-14 17:50 . 2010-09-26 01:45 472808 ----a-w- c:\windows\system32\deployJava1.dll

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Steam"="c:\program files\Steam\steam.exe" [2010-11-16 1242448]

"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-11-09 4240760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"UpdateLBPShortCut"="c:\program files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2009-05-19 222504]

"CLMLServer"="c:\program files\CyberLink\Power2Go\CLMLSvc.exe" [2009-06-03 103720]

"UpdateP2GoShortCut"="c:\program files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2009-05-19 222504]

"RemoteControl8"="c:\program files\CyberLink\PowerDVD8\PDVD8Serv.exe" [2009-04-15 91432]

"PDVD8LanguageShortcut"="c:\program files\CyberLink\PowerDVD8\Language\Language.exe" [2009-04-15 50472]

"UpdatePPShortCut"="c:\program files\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe" [2009-05-19 222504]

"UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2009-02-17 218408]

"LGODDFU"="c:\program files\lg_fwupdate\fwupdate.exe" [2008-10-01 548864]

"UpdatePSTShortCut"="c:\program files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" [2009-09-29 210216]

"Arctosa"="c:\program files\Razer\Arctosa\razerhid.exe" [2008-10-06 147456]

"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2010-08-12 2215064]

"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2009-11-11 1468256]

"Start WingMan Profiler"="c:\program files\Logitech\Gaming Software\LWEMon.exe" [2008-04-04 88584]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2010-03-17 8546848]

"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-08-25 98304]

"ATICustomerCare"="c:\program files\ATI\ATICustomerCare\ATICustomerCare.exe" [2010-03-04 311296]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 0 (0x0)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ autocheck autochk *\0sasnative32

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]

2010-09-20 12:07 932288 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

2010-09-22 17:47 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes Anti-Malware (reboot)]

2010-11-29 06:42 963976 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware]

2010-11-29 06:42 443728 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

2010-05-14 01:44 248552 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]

2010-11-22 16:29 2424560 ----a-w- c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe

R3 BCASPROT;Advanced System Protector;c:\program files\Systweak\Advanced System Protector\sasprot32.sys [x]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-08-23 1343400]

R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]

S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-10-15 691696]

S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2010-07-29 115008]

S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-17 12872]

S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2010-05-10 67656]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]

S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-09-16 176128]

S2 DriveHQ FileManagerFun;DriveHQ FileManagerFun;c:\program files\DriveHQ\DriveHQ FileManager\DHQFMSvc.exe [2009-04-01 45568]

S2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [2010-07-29 136632]

S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2010-08-12 810144]

S2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys [2010-07-29 96920]

S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2010-11-29 363344]

S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2010-09-16 6380032]

S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2010-09-16 221696]

S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW73.sys [2010-09-16 101904]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-11-29 20952]

S3 netr28;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28.sys [2009-06-19 604672]

.

.

------- Supplementary Scan -------

.

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000

FF - ProfilePath - c:\users\Michael J\AppData\Roaming\Mozilla\Firefox\Profiles\3mxok4nw.default\

FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll

FF - plugin: c:\programdata\NexonUS\NGM\npNxGameUS.dll

FF - Extension: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Extension: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

FF - Extension: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}

.

- - - - ORPHANS REMOVED - - - -

HKLM-Run-SunJavaUpdateSched - c:\program files\Java\jre6\bin\jusched.exe

.

--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-3190900179-3420051416-1164175200-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="WindowsLiveMail.Email.1"

[HKEY_USERS\S-1-5-21-3190900179-3420051416-1164175200-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="WindowsLiveMail.VCard.1"

[HKEY_USERS\S-1-5-21-3190900179-3420051416-1164175200-1000\Software\SecuROM\License information*]

"datasecu"=hex:c5,97,59,20,8b,21,29,f3,5c,01,5c,06,78,e5,12,73,b6,78,58,e0,f1,

de,62,b2,ad,d5,ae,4e,6a,d2,1c,63,ff,4a,ef,71,c6,b5,23,af,99,e3,59,fc,b7,76,\

"rkeysecu"=hex:4c,4d,cc,f8,ea,5f,10,02,8c,7d,ee,f9,30,37,0b,02

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'Explorer.exe'(6016)

c:\program files\DriveHQ\DriveHQ FileManager\ShellCopyHookDLL.dll

c:\program files\DriveHQ\DriveHQ FileManager\LoadStringDll.dll

c:\program files\DriveHQ\DriveHQ FileManager\funlib.dll

.

------------------------ Other Running Processes ------------------------

.

c:\windows\system32\atieclxx.exe

c:\windows\system32\PnkBstrA.exe

c:\program files\CyberLink\Shared files\RichVideo.exe

c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

c:\windows\system32\taskhost.exe

c:\windows\system32\conhost.exe

c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

c:\windows\system32\sppsvc.exe

c:\windows\system32\taskhost.exe

c:\windows\system32\DllHost.exe

c:\program files\Windows Media Player\wmpnetwk.exe

c:\\?\c:\windows\system32\wbem\WMIADAP.EXE

.

**************************************************************************

.

Completion time: 2010-12-11 12:16:10 - machine was rebooted

ComboFix-quarantined-files.txt 2010-12-11 01:16

Pre-Run: 769,941,434,368 bytes free

Post-Run: 769,806,909,440 bytes free

- - End Of File - - ACA1AFE4B0BCA2E9CFE24DBD7564AA0A

Nothing seems to have been deleted but the taskman registry value no longer appears.

Link to post
Share on other sites

As for your email accounts.

Did you change all passwords?

Good job thumbup.gif

The following will implement some cleanup procedures as well as reset System Restore points:

For XP:

  • Click START run
  • Now type ComboFix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.

For Vista / Windows 7

  • Click START Search
  • Now type ComboFix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.

If you used DeFogger

To re-enable your Emulation drivers, double click DeFogger to run the tool.

  • The application window will appear
  • Click the Re-enable button to re-enable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger will now ask to reboot the machine - click OK

IMPORTANT! If you receive an error message while running DeFogger, please post the log defogger_enable which will appear on your desktop.

Your Emulation drivers are now re-enabled.

Here's my usual all clean post

To be on the safe side, I would also change all my passwords.

This infection appears to have been cleaned, but as the malware could be configured to run any program a remote attacker requires, it's impossible to be 100% sure that any machine is clean.

Log looks good :)

  • Make your Internet Explorer more secure - This can be done by following these simple instructions:
    1. From within Internet Explorer click on the Tools menu and then click on Options.
    2. Click once on the Security tab
    3. Click once on the Internet icon so it becomes highlighted.
    4. Click once on the Custom Level button.
    5. Change the Download signed ActiveX controls to Prompt
    6. Change the Download unsigned ActiveX controls to Disable
    7. Change the Initialize and script ActiveX controls not marked as safe to Disable
    8. Change the Installation of desktop items to Prompt
    9. Change the Launching programs and files in an IFRAME to Prompt
    10. Change the Navigate sub-frames across different domains to Prompt
    11. When all these settings have been made, click on the OK button.
    12. If it prompts you as to whether or not you want to save the settings, press the Yes button.
    13. Next press the Apply button and then the OK to exit the Internet Properties page.

    [*]Update your AntiVirus Software - It is imperative that you update your Antivirus software at least once a week

    (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out.

    [*]Use a Firewall - I can not stress how important it is that you use a Firewall on your computer.

    Without a firewall your computer is succeptible to being hacked and taken over.

    I am very serious about this and see it happen almost every day with my clients.

    Simply using a Firewall in its default configuration can lower your risk greatly.

    [*] WOT , Web of Trust, As 'Googling' is such an integral part of internet life, this free browser add on warns you about risky websites that try to scam visitors, deliver malware or send spam. It is especially helpful when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:

    Green to go

    Yellow for caution

    Red to stop

    WOT has an addon available for both Firefox and IE.

    [*]Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly.

    This will ensure your computer has always the latest security updates available installed on your computer.

    If there are new updates to install, install them immediately, reboot your computer, and revisit the site

    until there are no more critical updates.

Only run one Anti-Virus and Firewall program.

I would suggest you read:

PC Safety and Security--What Do I Need?.

How to Prevent Malware:

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.