Wofstar Posted February 16, 2011 ID:390002 Share Posted February 16, 2011 Last night my wife was browsing a site and a AntiVira AV program popped up saying my laptop was infected. She clicked on the program and everything went crazy. I immediately shut-off my wireless card and searched for the virus online. I found a site on how to remove this particular virus and went through the steps to do so. My problem was that I upgraded my computer from Windows Vista to Windows 7, and the walkthrough called for me to reboot in Safe Mode, but no matter what I tried I could not boot into Safe Mode. I searched for causes and found that others have had the same problem after upgrading to Windows 7, so I went ahead with the walk-through in Normal Mode. It had me download and run rkill.exe which brought up several programs, then had me run Malwarebytes. Once MB was completed it detected several viruses and I removed them. Just to be on the safe side I re-ran runkill.exe and MB again to be sure nothing was on the system. MB found no infections, but when I re-ran runkill.exe it found and stopped:This log file is located at C:\rkill.log. Please post this only if requested to by the person helping you. Otherwise you can close this log when you wish. Rkill was run on 02/16/2011 at 3:17:00. Operating System: Windows 7 Home Premium Processes terminated by Rkill or while it was running: C:\Windows\SysWOW64\InfDefaultInstall.exeC:\Windows\SysWOW64\runonce.exe.exeRkill completed on 02/16/2011 at 3:17:07. I then searched for the programs it had terminated and found a thread here on MBForums about these two programs being a threat. So I just wanted to check in and see if I needed to pursue these any further, or am I good to go?Cheers,Wof Link to post Share on other sites More sharing options...
Wofstar Posted February 16, 2011 Author ID:390021 Share Posted February 16, 2011 I can supply other reports if need be, I just want to know if I do indeed need to go ahead and download and run everything to get the reports, of am I worrying over nothing? Link to post Share on other sites More sharing options...
Wofstar Posted February 16, 2011 Author ID:390062 Share Posted February 16, 2011 Ok I had some time and was able to run the scans. Can you please let me know if my Laptop is still infected, and also if there is any certain programs/tools I can get to keep this from happening again?DDS (Ver_10-12-12.02) - NTFS_AMD64 Run by AngelsBaby at 13:32:51.91 on Wed 02/16/2011Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_23Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.4086.2982 [GMT -6:00]AV: Spyware Doctor with AntiVirus *Disabled/Updated* {2F668A56-D5E0-2DF1-A0AE-CB1284F42AB2}SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}SP: Spyware Doctor *Disabled/Updated* {94076BB2-F3DA-227F-9A1E-F060FF73600F}============== Running Processes ===============C:\Windows\system32\wininit.exeC:\Windows\system32\lsm.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\system32\svchost.exe -k RPCSSC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\Windows\System32\svchost.exe -k LocalSystemNetworkRestrictedC:\Windows\system32\svchost.exe -k netsvcsC:\Windows\system32\svchost.exe -k LocalServiceC:\Windows\system32\svchost.exe -k NetworkServiceC:\Windows\System32\spoolsv.exeC:\Windows\system32\svchost.exe -k LocalServiceNoNetworkC:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonationC:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exeC:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exeC:\Program Files (x86)\HP\QuickPlay\Kernel\TV\QPCapSvc.exeC:\Windows\system32\taskhost.exeC:\Windows\system32\Dwm.exeC:\Windows\Explorer.EXEC:\Windows\system32\taskeng.exeC:\Windows\RAVCpl64.exeC:\Program Files\Motorola\SMSERIAL\sm56hlpr.exeC:\Program Files\Synaptics\SynTP\SynTPEnh.exeC:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exeC:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exeC:\Windows\System32\igfxtray.exeC:\Windows\System32\igfxpers.exeC:\Program Files\Windows Sidebar\sidebar.exeC:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exeC:\Windows\system32\igfxsrvc.exeC:\Program Files (x86)\CyberLink\Shared Files\RichVideo.exeC:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXEC:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exeC:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exeC:\Windows\system32\wbem\wmiprvse.exeC:\Program Files (x86)\Adobe\Reader 8.0\Reader\reader_sl.exeC:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exeC:\Program Files (x86)\HP\Digital Imaging\bin\HpqSRmon.exeC:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exeC:\Program Files (x86)\HP\QuickPlay\Kernel\TV\QPSched.exeC:\Program Files (x86)\HP\QuickPlay\QPService.exeC:\Program Files (x86)\Common Files\Java\Java Update\jusched.exeC:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exeC:\Windows\system32\wbem\wmiprvse.exeC:\Windows\system32\svchost.exe -k imgsvcC:\Program Files (x86)\ClamWin\bin\ClamTray.exeC:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestrictedC:\Program Files\Synaptics\SynTP\SynTPHelper.exeC:\Windows\sysWOW64\wbem\wmiprvse.exeC:\Windows\system32\SearchIndexer.exeC:\Program Files\Windows Media Player\wmpnetwk.exeC:\Windows\system32\SearchProtocolHost.exeC:\Windows\system32\SearchFilterHost.exeC:\Windows\System32\svchost.exe -k LocalServicePeerNetC:\Program Files (x86)\Hewlett-Packard\Shared\HpqToaster.exeC:\Program Files (x86)\Mozilla Firefox\firefox.exeC:\Windows\System32\svchost.exe -k WerSvcGroupC:\Windows\system32\msiexec.exec:\program files (x86)\hughesnetstatusmeter\HughesNetStatusMeter\HughesNetStatusMeter.exeC:\Windows\system32\DllHost.exeC:\Windows\system32\DllHost.exeC:\Users\AngelsBaby\Downloads\dds.scrC:\Windows\system32\conhost.exe============== Pseudo HJT Report ===============uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=laptopuStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=laptopuInternet Settings,ProxyOverride = <local>uURLSearchHooks: H - No FilemWinlogon: Userinit=userinit.exe,BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No FileBHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dllBHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No FileBHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dllBHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dllBHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dllBHO: HP Print Clips: {ffffffff-ff12-44c5-91ec-068e3aa1b2d7} - c:\Program Files (x86)\HP\Smart Web Printing\hpswp_framework.dllTB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No FileuRun: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRunuRun: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hiddenuRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /backgrounduRun: [Google Update] "C:\Users\AngelsBaby\AppData\Local\Google\Update\GoogleUpdate.exe" /cmRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe"mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exemRun: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exemRun: [hpWirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exemRun: [QlbCtrl] %ProgramFiles(x86)%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /StartmRun: [QPService] "C:\Program Files (x86)\HP\QuickPlay\QPService.exe"mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"mRun: [uCam_Menu] "C:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\YouCam" update "Software\CyberLink\YouCam\1.0"mRun: [WAWifiMessage] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exemRun: [ClamWin] "C:\Program Files (x86)\ClamWin\bin\ClamTray.exe" --logonStartupFolder: C:\Users\ANGELS~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\HUGHES~1.LNK - C:\Program Files (x86)\HughesNetStatusMeter\HughesNetStatusMeter\HughesNetStatusMeter.exemPolicies-explorer: NoActiveDesktop = 1 (0x1)mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)mPolicies-system: EnableUIADesktopToggle = 0 (0x0)IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dllIE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dllIE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dllIE: {58ECB495-38F0-49cb-A538-10282ABF65E7} - {A93C41D8-01F8-4F8B-B14C-DE20B117E636} - c:\Program Files (x86)\HP\Smart Web Printing\hpswp_extensions.dllIE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLLLSP: C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dllDPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cabDPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cabDPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cabDPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cabHandler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dllBHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dllmRun-x64: [RtHDVCpl] RAVCpl64.exemRun-x64: [sMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exemRun-x64: [synTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exemRun-x64: [iAAnotif] "C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe"mRun-x64: [OnScreenDisplay] C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exemRun-x64: [igfxTray] C:\Windows\system32\igfxtray.exemRun-x64: [HotKeysCmds] C:\Windows\system32\hkcmd.exemRun-x64: [Persistence] C:\Windows\system32\igfxpers.exe================= FIREFOX ===================FF - ProfilePath - C:\Users\ANGELS~1\AppData\Roaming\Mozilla\Firefox\Profiles\ime9uo52.default\FF - prefs.js: network.proxy.type - 0FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dllFF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dllFF - plugin: C:\Program Files (x86)\Viewpoint\Viewpoint Experience Technology\npViewpoint.dllFF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dllFF - plugin: C:\Users\AngelsBaby\AppData\Local\Google\Update\1.2.183.39\npGoogleOneClick8.dllFF - plugin: C:\Users\AngelsBaby\AppData\Roaming\Mozilla\Firefox\Profiles\ime9uo52.default\extensions\{ab91efd4-6975-4081-8552-1b3922ed79e2}\plugins\npProductDetectPlugin.dllFF - plugin: C:\Users\AngelsBaby\AppData\Roaming\Mozilla\plugins\npgoogletalk.dllFF - plugin: C:\Users\AngelsBaby\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dllFF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dllFF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}FF - Ext: HP Detect: {ab91efd4-6975-4081-8552-1b3922ed79e2} - %profile%\extensions\{ab91efd4-6975-4081-8552-1b3922ed79e2}============= SERVICES / DRIVERS ===============R0 PCTCore;PCTools KDS;C:\Windows\System32\drivers\PCTCore64.sys [2011-1-4 257232]R0 pctDS;PC Tools Data Store;C:\Windows\System32\drivers\pctDS64.sys [2011-1-4 452872]R0 pctEFA;PC Tools Extended File Attributes;C:\Windows\System32\drivers\pctEFA64.sys [2011-1-4 816016]R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\System32\drivers\netw5v64.sys [2009-6-10 5434368]R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2009-3-1 187392]S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]S3 sdAuxService;PC Tools Auxiliary Service;C:\Program Files (x86)\PC Tools Security\pctsAuxs.exe [2011-1-4 366840]S3 sdCoreService;PC Tools Security Service;C:\Program Files (x86)\PC Tools Security\pctsSvc.exe [2011-1-4 1150936]S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-12-13 1255736]S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]=============== Created Last 30 ================2011-02-16 19:32:23 -------- d-----w- C:\Users\ANGELS~1\AppData\Roaming\com.hughesnet.HughesNetStatusMeter.92D257A0BA68956E9AA1D50589E83FF4134CD6A8.12011-02-15 23:47:40 7844688 ----a-w- C:\PROGRA~3\Microsoft\Windows Defender\Definition Updates\{459E5E6F-9617-4731-B46F-08C11E30DC98}\mpengine.dll2011-02-15 22:27:51 -------- d-----w- C:\Users\ANGELS~1\AppData\Local\{A2EBF9DD-2185-4C91-A8A9-37DAFA43625F}2011-02-11 14:50:20 -------- d-----w- C:\Users\ANGELS~1\AppData\Local\{71ADC5AD-87C6-4F24-B71B-CE9461908A59}2011-02-11 00:28:26 -------- d-----w- C:\Users\ANGELS~1\AppData\Local\{3D159DF5-26A8-45A0-8098-63DFCF51E0BD}2011-02-09 00:11:44 714752 ----a-w- C:\Windows\System32\kerberos.dll2011-02-09 00:10:59 982912 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys2011-02-09 00:00:44 -------- d-----w- C:\Users\ANGELS~1\AppData\Local\{EB1908FF-06F2-42BD-973B-584E7B56341C}2011-02-02 07:47:24 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll2011-02-02 07:47:24 472808 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll2011-01-31 19:08:05 -------- d-----w- C:\Users\ANGELS~1\AppData\Local\{28251F71-2821-4817-99D1-1AC76A154F2F}2011-01-30 14:33:09 -------- d-----w- C:\Users\ANGELS~1\AppData\Local\{6D8DE816-93AB-4242-871F-4D4E1743B74A}2011-01-29 18:15:33 -------- d-----w- C:\Users\ANGELS~1\AppData\Local\{5915C938-676B-4B4B-8079-95F34A4C4E53}2011-01-29 01:54:13 -------- d-----w- C:\Users\ANGELS~1\AppData\Local\{4025AEC5-9663-49DF-BF30-A394F929482C}2011-01-27 22:34:33 -------- d-----w- C:\Users\ANGELS~1\AppData\Local\{E10D78B2-E5D1-48E2-BC3D-6E00356128FA}2011-01-27 10:34:20 -------- d-----w- C:\Users\ANGELS~1\AppData\Local\{BD44123F-A86F-4972-BCD3-78D033F73227}2011-01-26 22:34:01 -------- d-----w- C:\Users\ANGELS~1\AppData\Local\{32BD36FC-9F5D-4769-A72D-6A7CC2474F72}2011-01-26 10:33:47 -------- d-----w- C:\Users\ANGELS~1\AppData\Local\{5CC79FA0-5B70-4323-BFEA-3024EBCD5E0A}2011-01-25 22:42:50 -------- d-----w- C:\Users\ANGELS~1\AppData\Local\Google2011-01-25 22:33:13 -------- d-----w- C:\Users\ANGELS~1\AppData\Local\{87F06104-5F9E-4509-9CFC-07909A2738FD}2011-01-24 14:09:18 -------- d-----w- C:\Users\ANGELS~1\AppData\Local\{14332E2F-46DE-4A2B-A4C8-72E6CE1FD82B}2011-01-22 21:56:39 -------- d-----w- C:\Users\ANGELS~1\AppData\Local\{7FF7ED8E-CD74-4FB4-A15F-D232C91E47AE}2011-01-22 03:00:46 -------- d-----w- C:\Users\ANGELS~1\AppData\Local\{4ACBCE43-3FDC-4DB4-995B-17C75A1B276E}2011-01-20 20:35:16 -------- d-----w- C:\Users\ANGELS~1\AppData\Local\{4FB1F410-D4AB-4857-ACAE-74EF73EA14EB}2011-01-20 20:35:16 -------- d-----w- C:\Users\ANGELS~1\AppData\Local\{11E2D418-941A-43FE-9009-B266EB1B21BC}2011-01-19 22:26:00 -------- d-----w- C:\Users\ANGELS~1\AppData\Local\{B9BB8D9E-FC2F-4355-86C2-F4D21BB78A03}==================== Find3M ====================2011-01-26 06:53:10 265088 ----a-w- C:\Windows\System32\drivers\dxgmms1.sys2011-01-26 06:31:20 144384 ----a-w- C:\Windows\System32\cdd.dll2011-01-07 08:06:50 46080 ----a-w- C:\Windows\System32\atmlib.dll2011-01-07 07:27:11 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll2011-01-07 05:49:20 366080 ----a-w- C:\Windows\System32\atmfd.dll2011-01-07 05:33:11 294400 ----a-w- C:\Windows\SysWow64\atmfd.dll2011-01-05 06:20:30 612352 ----a-w- C:\Windows\System32\vbscript.dll2011-01-05 05:37:33 428032 ----a-w- C:\Windows\SysWow64\vbscript.dll2011-01-05 04:00:16 3127808 ----a-w- C:\Windows\System32\win32k.sys2010-12-21 06:16:27 97280 ----a-w- C:\Windows\System32\wscsvc.dll2010-12-21 06:16:27 62976 ----a-w- C:\Windows\System32\wscapi.dll2010-12-21 06:16:16 214016 ----a-w- C:\Windows\System32\winsrv.dll2010-12-21 06:16:14 442880 ----a-w- C:\Windows\System32\winhttp.dll2010-12-21 06:16:14 1197056 ----a-w- C:\Windows\System32\wininet.dll2010-12-21 06:16:09 258048 ----a-w- C:\Windows\System32\WebClnt.dll2010-12-21 06:15:55 264192 ----a-w- C:\Windows\System32\upnp.dll2010-12-21 06:15:31 15360 ----a-w- C:\Windows\System32\slwga.dll2010-12-21 06:13:03 2003968 ----a-w- C:\Windows\System32\msxml6.dll2010-12-21 06:13:03 1880576 ----a-w- C:\Windows\System32\msxml3.dll2010-12-21 06:10:22 100864 ----a-w- C:\Windows\System32\davclnt.dll2010-12-21 05:38:24 51200 ----a-w- C:\Windows\SysWow64\wscapi.dll2010-12-21 05:38:22 981504 ----a-w- C:\Windows\SysWow64\wininet.dll2010-12-21 05:38:22 350720 ----a-w- C:\Windows\SysWow64\winhttp.dll2010-12-21 05:38:21 204800 ----a-w- C:\Windows\SysWow64\WebClnt.dll2010-12-21 05:38:19 204288 ----a-w- C:\Windows\SysWow64\upnp.dll2010-12-21 05:38:16 14336 ----a-w- C:\Windows\SysWow64\slwga.dll2010-12-21 05:36:17 1389568 ----a-w- C:\Windows\SysWow64\msxml6.dll2010-12-21 05:36:16 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll2010-12-21 05:34:12 80384 ----a-w- C:\Windows\SysWow64\davclnt.dll2010-12-21 00:08:40 24152 ----a-w- C:\Windows\System32\drivers\mbam.sys2010-12-18 06:11:41 57856 ----a-w- C:\Windows\System32\licmgr10.dll2010-12-18 05:29:40 44544 ----a-w- C:\Windows\SysWow64\licmgr10.dll2010-12-18 05:29:31 541184 ----a-w- C:\Windows\SysWow64\kerberos.dll2010-12-18 04:55:03 482816 ----a-w- C:\Windows\System32\html.iec2010-12-18 04:20:55 386048 ----a-w- C:\Windows\SysWow64\html.iec2010-12-18 04:13:40 1638912 ----a-w- C:\Windows\System32\mshtml.tlb2010-12-18 03:47:59 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb2010-12-13 02:37:28 525792 ----a-w- C:\Windows\DIFxAPI.dll2010-12-13 02:37:26 315392 ----a-w- C:\Windows\HideWin.exe2010-11-25 16:43:26 257232 ----a-w- C:\Windows\System32\drivers\PCTCore64.sys2010-11-25 16:42:10 92896 ----a-w- C:\Windows\System32\drivers\pctplsg64.sys============= FINISH: 13:33:39.94 ===============Attach.zip Link to post Share on other sites More sharing options...
Wofstar Posted February 17, 2011 Author ID:390414 Share Posted February 17, 2011 Can anyone please help me here? I really need to get my laptop back up and running for school.Thanks,Wof Link to post Share on other sites More sharing options...
Staff screen317 Posted February 23, 2011 Staff ID:392335 Share Posted February 23, 2011 Hi and welcome to Malwarebytes.Please post the MBAM scan where items were found.Next, update MBAM, run a Quick Scan, and post its new log.Next, please visit this webpage for instructions for running ComboFix: http://www.bleepingcomputer.com/combofix/how-to-use-combofixWhen the tool is finished, it will produce a report for you.Please post the C:\ComboFix.txt along with a new DDS log so we may continue cleaning the system.-screen317 Link to post Share on other sites More sharing options...
Wofstar Posted February 23, 2011 Author ID:392355 Share Posted February 23, 2011 Here is the first scan where the original virus was detected:Malwarebytes' Anti-Malware 1.50.1.1100www.malwarebytes.orgDatabase version: 5772Windows 6.1.7600Internet Explorer 8.0.7600.163852/16/2011 3:11:04 AMmbam-log-2011-02-16 (03-11-04).txtScan type: Full scan (C:\|D:\|)Objects scanned: 314240Time elapsed: 48 minute(s), 5 second(s)Memory Processes Infected: 0Memory Modules Infected: 0Registry Keys Infected: 0Registry Values Infected: 2Registry Data Items Infected: 0Folders Infected: 0Files Infected: 2Memory Processes Infected:(No malicious items detected)Memory Modules Infected:(No malicious items detected)Registry Keys Infected:(No malicious items detected)Registry Values Infected:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyServer (PUM.Bad.Proxy) -> Value: ProxyServer -> Quarantined and deleted successfully.HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\agikgaht (Trojan.FakeAlert.Gen) -> Value: agikgaht -> Quarantined and deleted successfully.Registry Data Items Infected:(No malicious items detected)Folders Infected:(No malicious items detected)Files Infected:c:\Users\angelsbaby\AppData\LocalLow\Sun\Java\deployment\cache\6.0\20\70ffd514-7e920e76 (Rogue.Palladium) -> Quarantined and deleted successfully.c:\Users\angelsbaby\AppData\Local\Temp\ykutyqkdw\nmtpgrjsika.exe (Trojan.FakeAlert.Gen) -> Quarantined and deleted successfully.Here is the new scan, and I now have 3 new threats since I've reconnected to the net to update MB:Malwarebytes' Anti-Malware 1.50.1.1100www.malwarebytes.orgDatabase version: 5850Windows 6.1.7600Internet Explorer 8.0.7600.163852/23/2011 1:00:59 AMmbam-log-2011-02-23 (01-00-52).txtScan type: Quick scanObjects scanned: 165039Time elapsed: 5 minute(s), 12 second(s)Memory Processes Infected: 0Memory Modules Infected: 0Registry Keys Infected: 1Registry Values Infected: 0Registry Data Items Infected: 0Folders Infected: 0Files Infected: 2Memory Processes Infected:(No malicious items detected)Memory Modules Infected:(No malicious items detected)Registry Keys Infected:HKEY_CURRENT_USER\SOFTWARE\g043oqxanu (Trojan.FakeAlert) -> No action taken.Registry Values Infected:(No malicious items detected)Registry Data Items Infected:(No malicious items detected)Folders Infected:(No malicious items detected)Files Infected:c:\Users\angelsbaby\AppData\Local\Temp\jar_cache6310443834960232336.tmp (Trojan.Downloader) -> No action taken.c:\Users\angelsbaby\local settings\temporary internet files\Content.IE5\YGM1J31T\so[1].exe (Trojan.FakeAlert) -> No action taken.I am working on running the combofix now and will post it once completed. Link to post Share on other sites More sharing options...
Wofstar Posted February 23, 2011 Author ID:392357 Share Posted February 23, 2011 Oops! here is the completed new scan with the actions taken:Malwarebytes' Anti-Malware 1.50.1.1100www.malwarebytes.orgDatabase version: 5850Windows 6.1.7600Internet Explorer 8.0.7600.163852/23/2011 1:04:35 AMmbam-log-2011-02-23 (01-04-35).txtScan type: Quick scanObjects scanned: 165039Time elapsed: 5 minute(s), 12 second(s)Memory Processes Infected: 0Memory Modules Infected: 0Registry Keys Infected: 1Registry Values Infected: 0Registry Data Items Infected: 0Folders Infected: 0Files Infected: 2Memory Processes Infected:(No malicious items detected)Memory Modules Infected:(No malicious items detected)Registry Keys Infected:HKEY_CURRENT_USER\SOFTWARE\g043oqxanu (Trojan.FakeAlert) -> Quarantined and deleted successfully.Registry Values Infected:(No malicious items detected)Registry Data Items Infected:(No malicious items detected)Folders Infected:(No malicious items detected)Files Infected:c:\Users\angelsbaby\AppData\Local\Temp\jar_cache6310443834960232336.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.c:\Users\angelsbaby\local settings\temporary internet files\Content.IE5\YGM1J31T\so[1].exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. Link to post Share on other sites More sharing options...
Staff screen317 Posted February 23, 2011 Staff ID:392361 Share Posted February 23, 2011 Hi,Okay thanks. I await the ComboFix report. Link to post Share on other sites More sharing options...
Wofstar Posted February 23, 2011 Author ID:392367 Share Posted February 23, 2011 Combofix:ComboFix 11-02-22.03 - AngelsBaby 02/23/2011 1:19.1.2 - x64Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.4086.2932 [GMT -6:00]Running from: c:\users\AngelsBaby\Desktop\ComboFix.exeAV: Spyware Doctor with AntiVirus *Disabled/Updated* {2F668A56-D5E0-2DF1-A0AE-CB1284F42AB2}SP: Spyware Doctor *Disabled/Updated* {94076BB2-F3DA-227F-9A1E-F060FF73600F}SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}.((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))).c:\windows\SysWow64\KBL.LOG.((((((((((((((((((((((((( Files Created from 2011-01-23 to 2011-02-23 ))))))))))))))))))))))))))))))).2011-02-23 07:34 . 2011-02-23 07:34 -------- d-----w- c:\users\AngelsBaby\AppData\Local\{B9363457-6143-4EFE-9F82-9B44CEE42544}2011-02-23 07:31 . 2011-02-23 07:31 -------- d-----w- c:\users\Default\AppData\Local\temp2011-02-23 07:11 . 2011-02-23 07:11 -------- d-----w- c:\users\AngelsBaby\AppData\Local\{BB438AEE-1749-4CAA-A192-9689394CF653}2011-02-23 07:04 . 2011-01-13 10:20 7844688 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{EE8E15FD-BEC2-4118-A5B9-28438509678E}\mpengine.dll2011-02-16 19:32 . 2011-02-16 19:32 -------- d-----w- c:\users\AngelsBaby\AppData\Roaming\com.hughesnet.HughesNetStatusMeter.92D257A0BA68956E9AA1D50589E83FF4134CD6A8.12011-02-15 22:27 . 2011-02-15 22:28 -------- d-----w- c:\users\AngelsBaby\AppData\Local\{A2EBF9DD-2185-4C91-A8A9-37DAFA43625F}2011-02-11 14:50 . 2011-02-12 03:13 -------- d-----w- c:\users\AngelsBaby\AppData\Local\{71ADC5AD-87C6-4F24-B71B-CE9461908A59}2011-02-11 00:28 . 2011-02-11 00:28 -------- d-----w- c:\users\AngelsBaby\AppData\Local\{3D159DF5-26A8-45A0-8098-63DFCF51E0BD}2011-02-09 00:11 . 2010-12-18 06:11 714752 ----a-w- c:\windows\system32\kerberos.dll2011-02-09 00:10 . 2011-01-26 06:53 982912 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys2011-02-09 00:00 . 2011-02-09 00:00 -------- d-----w- c:\users\AngelsBaby\AppData\Local\{EB1908FF-06F2-42BD-973B-584E7B56341C}2011-02-02 07:47 . 2011-02-02 07:47 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll2011-02-02 07:47 . 2011-02-02 07:47 472808 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll2011-01-31 19:08 . 2011-01-31 19:08 -------- d-----w- c:\users\AngelsBaby\AppData\Local\{28251F71-2821-4817-99D1-1AC76A154F2F}2011-01-30 14:33 . 2011-01-30 14:33 -------- d-----w- c:\users\AngelsBaby\AppData\Local\{6D8DE816-93AB-4242-871F-4D4E1743B74A}2011-01-29 18:15 . 2011-01-29 18:15 -------- d-----w- c:\users\AngelsBaby\AppData\Local\{5915C938-676B-4B4B-8079-95F34A4C4E53}2011-01-29 01:54 . 2011-01-29 01:54 -------- d-----w- c:\users\AngelsBaby\AppData\Local\{4025AEC5-9663-49DF-BF30-A394F929482C}2011-01-27 22:34 . 2011-01-27 22:34 -------- d-----w- c:\users\AngelsBaby\AppData\Local\{E10D78B2-E5D1-48E2-BC3D-6E00356128FA}2011-01-27 10:34 . 2011-01-27 10:34 -------- d-----w- c:\users\AngelsBaby\AppData\Local\{BD44123F-A86F-4972-BCD3-78D033F73227}2011-01-26 22:34 . 2011-01-26 22:34 -------- d-----w- c:\users\AngelsBaby\AppData\Local\{32BD36FC-9F5D-4769-A72D-6A7CC2474F72}2011-01-26 10:33 . 2011-01-26 10:34 -------- d-----w- c:\users\AngelsBaby\AppData\Local\{5CC79FA0-5B70-4323-BFEA-3024EBCD5E0A}2011-01-25 22:42 . 2011-01-25 22:45 -------- d-----w- c:\users\AngelsBaby\AppData\Local\Google2011-01-25 22:33 . 2011-01-25 22:33 -------- d-----w- c:\users\AngelsBaby\AppData\Local\{87F06104-5F9E-4509-9CFC-07909A2738FD}2011-01-24 14:09 . 2011-01-24 14:09 -------- d-----w- c:\users\AngelsBaby\AppData\Local\{14332E2F-46DE-4A2B-A4C8-72E6CE1FD82B}.(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2010-12-21 00:09 . 2011-01-08 04:09 38224 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys2010-12-21 00:08 . 2011-01-08 04:09 24152 ----a-w- c:\windows\system32\drivers\mbam.sys2010-12-13 02:37 . 2010-12-13 02:37 525792 ----a-w- c:\windows\DIFxAPI.dll2010-12-13 02:37 . 2010-12-13 02:37 315392 ----a-w- c:\windows\HideWin.exe2010-11-25 16:43 . 2011-01-05 04:47 257232 ----a-w- c:\windows\system32\drivers\PCTCore64.sys2010-11-25 16:42 . 2011-01-05 04:47 92896 ----a-w- c:\windows\system32\drivers\pctplsg64.sys.((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shown REGEDIT4[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1475072]"LightScribe Control Panel"="c:\program files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-08-23 455968]"msnmsgr"="c:\program files (x86)\Windows Live\Messenger\msnmsgr.exe" [2010-11-10 4240760]"Google Update"="c:\users\AngelsBaby\AppData\Local\Google\Update\GoogleUpdate.exe" [2011-01-25 136176][HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 40048]"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-09 54840]"hpqSRMon"="c:\program files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe" [2007-08-23 80896]"hpWirelessAssistant"="c:\program files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-09-13 480560]"QPService"="c:\program files (x86)\HP\QuickPlay\QPService.exe" [2007-12-20 468264]"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]"UCam_Menu"="c:\program files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2007-08-17 218408]"WAWifiMessage"="c:\program files (x86)\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2007-01-08 311296]"ClamWin"="c:\program files (x86)\ClamWin\bin\ClamTray.exe" [2010-12-06 86016]c:\users\AngelsBaby\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HughesNetStatusMeter.lnk - c:\program files (x86)\HughesNetStatusMeter\HughesNetStatusMeter\HughesNetStatusMeter.exe [2011-2-16 142336][HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]"ConsentPromptBehaviorAdmin"= 5 (0x5)"ConsentPromptBehaviorUser"= 3 (0x3)"EnableUIADesktopToggle"= 0 (0x0)[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livesspR2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]R3 sdAuxService;PC Tools Auxiliary Service;c:\program files (x86)\PC Tools Security\pctsAuxs.exe [2010-03-15 366840]R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-12-13 1255736]R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]S0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore64.sys [2010-11-25 257232]S0 pctDS;PC Tools Data Store;c:\windows\system32\drivers\pctDS64.sys [2010-06-29 452872]S0 pctEFA;PC Tools Extended File Attributes;c:\windows\system32\drivers\pctEFA64.sys [2010-07-16 816016]S3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [2009-06-10 5434368]S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-03-02 187392].Contents of the 'Scheduled Tasks' folder2011-02-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-765764038-2876004717-2175413507-1000Core.job- c:\users\AngelsBaby\AppData\Local\Google\Update\GoogleUpdate.exe [2011-01-25 22:42]2011-02-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-765764038-2876004717-2175413507-1000UA.job- c:\users\AngelsBaby\AppData\Local\Google\Update\GoogleUpdate.exe [2011-01-25 22:42].--------- x86-64 -----------[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"RtHDVCpl"="RAVCpl64.exe" [2007-10-09 5429760]"SMSERIAL"="c:\program files\Motorola\SMSERIAL\sm56hlpr.exe" [2009-10-26 1702400]"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2007-10-24 178712]"OnScreenDisplay"="c:\program files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe" [2007-09-04 701440]"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-24 165912]"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-24 385560]"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-24 363544][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]"LoadAppInit_DLLs"=0x0.------- Supplementary Scan -------.uLocal Page = c:\windows\system32\blank.htmuStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=laptopmLocal Page = c:\windows\SysWOW64\blank.htmuInternet Settings,ProxyOverride = <local>IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000LSP: c:\program files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dllFF - ProfilePath - c:\users\AngelsBaby\AppData\Roaming\Mozilla\Firefox\Profiles\ime9uo52.default\FF - prefs.js: network.proxy.type - 0FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}FF - Ext: HP Detect: {ab91efd4-6975-4081-8552-1b3922ed79e2} - %profile%\extensions\{ab91efd4-6975-4081-8552-1b3922ed79e2}.- - - - ORPHANS REMOVED - - - -Wow6432Node-HKLM-Run-QlbCtrl - %ProgramFiles(x86)%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exeHKLM-Run-SynTPEnh - %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe.--------------------- LOCKED REGISTRY KEYS ---------------------[HKEY_USERS\S-1-5-21-765764038-2876004717-2175413507-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]@Denied: (2) (LocalSystem)"Progid"="WindowsLiveMail.Email.1"[HKEY_USERS\S-1-5-21-765764038-2876004717-2175413507-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]@Denied: (2) (LocalSystem)"Progid"="WindowsLiveMail.VCard.1"[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{1171A62F-05D2-11D1-83FC-00A0C9089C5A}]@Denied: (A 2) (Everyone)@SACL=@="FlashProp Class"[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{1171A62F-05D2-11D1-83FC-00A0C9089C5A}\InprocServer32]@SACL=@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash9d.ocx""ThreadingModel"="Apartment"[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{1171A62F-05D2-11D1-83FC-00A0C9089C5A}\Programmable]@SACL=[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]@Denied: (A 2) (Everyone)@SACL=@="Shockwave Flash Object"[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Control]@SACL=[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\EnableFullPage]@SACL=[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Implemented Categories]@SACL=[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]@SACL=@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash9d.ocx""ThreadingModel"="Apartment"[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]@SACL=@="0"[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]@SACL=@="ShockwaveFlash.ShockwaveFlash.9"[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Programmable]@SACL=[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]@SACL=@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash9d.ocx, 1"[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]@SACL=@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]@SACL=@="1.0"[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]@SACL=@="ShockwaveFlash.ShockwaveFlash"[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]@Denied: (A 2) (Everyone)@SACL=@="Macromedia Flash Factory Object"[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Control]@SACL=[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]@SACL=@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash9d.ocx""ThreadingModel"="Apartment"[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]@SACL=@="FlashFactory.FlashFactory.1"[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Programmable]@SACL=[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]@SACL=@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash9d.ocx, 1"[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]@SACL=@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]@SACL=@="1.0"[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]@SACL=@="FlashFactory.FlashFactory"[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D4304BCF-B8E9-4B35-BEA0-DC5B522670C2}]@Denied: (A 2) (Everyone)@SACL=@="FlashBroker""LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil9d.exe,-101"[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D4304BCF-B8E9-4B35-BEA0-DC5B522670C2}\Elevation]@SACL="Enabled"=dword:00000001[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D4304BCF-B8E9-4B35-BEA0-DC5B522670C2}\LocalServer32]@SACL=@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil9d.exe"[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D4304BCF-B8E9-4B35-BEA0-DC5B522670C2}\TypeLib]@SACL=@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}]@Denied: (A 2) (Everyone)@SACL=@="IFlashBroker"[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}\ProxyStubClsid32]@SACL=@="{00020424-0000-0000-C000-000000000046}"[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}\TypeLib]@SACL=@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}""Version"="1.0"[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]@Denied: (A) (Users)@Denied: (A) (Everyone)@Allowed: (B 1 2 3 4 5) (S-1-5-20)"BlindDial"=dword:00000001"MSCurrentCountry"=dword:000000b5[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]@Denied: (Full) (Everyone).------------------------ Other Running Processes ------------------------.c:\program files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exec:\program files (x86)\Common Files\LightScribe\LSSrvc.exec:\program files (x86)\HP\QuickPlay\Kernel\TV\QPCapSvc.exec:\program files (x86)\CyberLink\Shared Files\RichVideo.exec:\program files (x86)\Hewlett-Packard\Shared\hpqwmiex.exec:\program files (x86)\HP\QuickPlay\Kernel\TV\QPSched.exec:\program files (x86)\Hewlett-Packard\Shared\HpqToaster.exe.**************************************************************************.Completion time: 2011-02-23 01:40:19 - machine was rebootedComboFix-quarantined-files.txt 2011-02-23 07:40Pre-Run: 159,327,096,832 bytes freePost-Run: 159,523,332,096 bytes free- - End Of File - - 50E435A6E7B9F96BD9C8AF485FF01761DSS:DDS (Ver_10-12-12.02) - NTFS_AMD64 Run by AngelsBaby at 1:44:01.37 on Wed 02/23/2011Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_23Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.4086.2818 [GMT -6:00]AV: Spyware Doctor with AntiVirus *Disabled/Updated* {2F668A56-D5E0-2DF1-A0AE-CB1284F42AB2}SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}SP: Spyware Doctor *Disabled/Updated* {94076BB2-F3DA-227F-9A1E-F060FF73600F}============== Running Processes ===============C:\Windows\system32\wininit.exeC:\Windows\system32\lsm.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\system32\svchost.exe -k RPCSSC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\Windows\System32\svchost.exe -k LocalSystemNetworkRestrictedC:\Windows\system32\svchost.exe -k netsvcsC:\Windows\system32\svchost.exe -k LocalServiceC:\Windows\system32\svchost.exe -k NetworkServiceC:\Windows\System32\spoolsv.exeC:\Windows\system32\svchost.exe -k LocalServiceNoNetworkC:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonationC:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exeC:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exeC:\Program Files (x86)\HP\QuickPlay\Kernel\TV\QPCapSvc.exeC:\Windows\system32\taskhost.exeC:\Windows\system32\Dwm.exeC:\Windows\Explorer.EXEC:\Program Files (x86)\CyberLink\Shared Files\RichVideo.exeC:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXEC:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exeC:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exeC:\Program Files (x86)\HP\QuickPlay\Kernel\TV\QPSched.exeC:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestrictedC:\Windows\System32\rundll32.exeC:\Windows\RAVCpl64.exeC:\Program Files\Motorola\SMSERIAL\sm56hlpr.exeC:\Program Files\Synaptics\SynTP\SynTPEnh.exeC:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exeC:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exeC:\Windows\System32\igfxtray.exeC:\Windows\System32\igfxpers.exeC:\Program Files\Windows Sidebar\sidebar.exeC:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exeC:\Windows\system32\igfxsrvc.exeC:\Program Files (x86)\HughesNetStatusMeter\HughesNetStatusMeter\HughesNetStatusMeter.exeC:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exeC:\Program Files (x86)\HP\Digital Imaging\bin\HpqSRmon.exeC:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exeC:\Program Files (x86)\HP\QuickPlay\QPService.exeC:\Program Files\Synaptics\SynTP\SynTPHelper.exeC:\Program Files (x86)\Common Files\Java\Java Update\jusched.exeC:\Windows\system32\svchost.exe -k imgsvcC:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exeC:\Windows\system32\wbem\wmiprvse.exeC:\Program Files (x86)\ClamWin\bin\ClamTray.exeC:\Windows\system32\SearchIndexer.exeC:\Program Files (x86)\Hewlett-Packard\Shared\HpqToaster.exeC:\Program Files\Windows Media Player\wmpnetwk.exeC:\Windows\System32\svchost.exe -k LocalServicePeerNetC:\Windows\System32\svchost.exe -k secsvcsC:\Windows\system32\wuauclt.exeC:\Windows\servicing\TrustedInstaller.exeC:\Windows\system32\notepad.exeC:\Windows\system32\SearchProtocolHost.exeC:\Windows\system32\SearchFilterHost.exeC:\Windows\system32\DllHost.exeC:\Windows\system32\DllHost.exeC:\Users\AngelsBaby\Downloads\dds.scrC:\Windows\system32\conhost.exeC:\Windows\system32\wbem\wmiprvse.exe============== Pseudo HJT Report ===============uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=laptopuInternet Settings,ProxyOverride = <local>uURLSearchHooks: H - No FileBHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No FileBHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dllBHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No FileBHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dllBHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dllBHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dllBHO: HP Print Clips: {ffffffff-ff12-44c5-91ec-068e3aa1b2d7} - c:\Program Files (x86)\HP\Smart Web Printing\hpswp_framework.dllTB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No FileuRun: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRunuRun: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hiddenuRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /backgrounduRun: [Google Update] "C:\Users\AngelsBaby\AppData\Local\Google\Update\GoogleUpdate.exe" /cmRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe"mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exemRun: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exemRun: [hpWirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exemRun: [QPService] "C:\Program Files (x86)\HP\QuickPlay\QPService.exe"mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"mRun: [uCam_Menu] "C:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\YouCam" update "Software\CyberLink\YouCam\1.0"mRun: [WAWifiMessage] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exemRun: [ClamWin] "C:\Program Files (x86)\ClamWin\bin\ClamTray.exe" --logonStartupFolder: C:\Users\ANGELS~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\HUGHES~1.LNK - C:\Program Files (x86)\HughesNetStatusMeter\HughesNetStatusMeter\HughesNetStatusMeter.exemPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)mPolicies-system: EnableUIADesktopToggle = 0 (0x0)IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dllIE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dllIE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dllIE: {58ECB495-38F0-49cb-A538-10282ABF65E7} - {A93C41D8-01F8-4F8B-B14C-DE20B117E636} - c:\Program Files (x86)\HP\Smart Web Printing\hpswp_extensions.dllIE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLLLSP: C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dllDPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cabDPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cabDPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cabDPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cabHandler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dllBHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dllmRun-x64: [RtHDVCpl] RAVCpl64.exemRun-x64: [sMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exemRun-x64: [synTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exemRun-x64: [iAAnotif] "C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe"mRun-x64: [OnScreenDisplay] C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exemRun-x64: [igfxTray] C:\Windows\system32\igfxtray.exemRun-x64: [HotKeysCmds] C:\Windows\system32\hkcmd.exemRun-x64: [Persistence] C:\Windows\system32\igfxpers.exe================= FIREFOX ===================FF - ProfilePath - C:\Users\ANGELS~1\AppData\Roaming\Mozilla\Firefox\Profiles\ime9uo52.default\FF - prefs.js: network.proxy.type - 0FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dllFF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dllFF - plugin: C:\Program Files (x86)\Viewpoint\Viewpoint Experience Technology\npViewpoint.dllFF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dllFF - plugin: C:\Users\AngelsBaby\AppData\Local\Google\Update\1.2.183.39\npGoogleOneClick8.dllFF - plugin: C:\Users\AngelsBaby\AppData\Roaming\Mozilla\Firefox\Profiles\ime9uo52.default\extensions\{ab91efd4-6975-4081-8552-1b3922ed79e2}\plugins\npProductDetectPlugin.dllFF - plugin: C:\Users\AngelsBaby\AppData\Roaming\Mozilla\plugins\npgoogletalk.dllFF - plugin: C:\Users\AngelsBaby\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dllFF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dllFF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}FF - Ext: HP Detect: {ab91efd4-6975-4081-8552-1b3922ed79e2} - %profile%\extensions\{ab91efd4-6975-4081-8552-1b3922ed79e2}============= SERVICES / DRIVERS ===============R0 PCTCore;PCTools KDS;C:\Windows\System32\drivers\PCTCore64.sys [2011-1-4 257232]R0 pctDS;PC Tools Data Store;C:\Windows\System32\drivers\pctDS64.sys [2011-1-4 452872]R0 pctEFA;PC Tools Extended File Attributes;C:\Windows\System32\drivers\pctEFA64.sys [2011-1-4 816016]R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\System32\drivers\netw5v64.sys [2009-6-10 5434368]R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2009-3-1 187392]S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]S3 sdAuxService;PC Tools Auxiliary Service;C:\Program Files (x86)\PC Tools Security\pctsAuxs.exe [2011-1-4 366840]S3 sdCoreService;PC Tools Security Service;C:\Program Files (x86)\PC Tools Security\pctsSvc.exe [2011-1-4 1150936]S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-12-13 1255736]S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]=============== Created Last 30 ================2011-02-23 07:34:04 -------- d-----w- C:\Users\ANGELS~1\AppData\Local\{B9363457-6143-4EFE-9F82-9B44CEE42544}2011-02-23 07:17:46 98816 ----a-w- C:\Windows\sed.exe2011-02-23 07:17:46 89088 ----a-w- C:\Windows\MBR.exe2011-02-23 07:17:46 256512 ----a-w- C:\Windows\PEV.exe2011-02-23 07:17:46 161792 ----a-w- C:\Windows\SWREG.exe2011-02-23 07:11:11 -------- d-----w- C:\Users\ANGELS~1\AppData\Local\{BB438AEE-1749-4CAA-A192-9689394CF653}2011-02-23 07:04:13 7844688 ----a-w- C:\PROGRA~3\Microsoft\Windows Defender\Definition Updates\{EE8E15FD-BEC2-4118-A5B9-28438509678E}\mpengine.dll2011-02-16 19:32:23 -------- d-----w- C:\Users\ANGELS~1\AppData\Roaming\com.hughesnet.HughesNetStatusMeter.92D257A0BA68956E9AA1D50589E83FF4134CD6A8.12011-02-15 22:27:51 -------- d-----w- C:\Users\ANGELS~1\AppData\Local\{A2EBF9DD-2185-4C91-A8A9-37DAFA43625F}2011-02-11 14:50:20 -------- d-----w- C:\Users\ANGELS~1\AppData\Local\{71ADC5AD-87C6-4F24-B71B-CE9461908A59}2011-02-11 00:28:26 -------- d-----w- C:\Users\ANGELS~1\AppData\Local\{3D159DF5-26A8-45A0-8098-63DFCF51E0BD}2011-02-09 00:11:44 714752 ----a-w- C:\Windows\System32\kerberos.dll2011-02-09 00:10:59 982912 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys2011-02-09 00:00:44 -------- d-----w- C:\Users\ANGELS~1\AppData\Local\{EB1908FF-06F2-42BD-973B-584E7B56341C}2011-02-02 07:47:24 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll2011-02-02 07:47:24 472808 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll2011-01-31 19:08:05 -------- d-----w- C:\Users\ANGELS~1\AppData\Local\{28251F71-2821-4817-99D1-1AC76A154F2F}2011-01-30 14:33:09 -------- d-----w- C:\Users\ANGELS~1\AppData\Local\{6D8DE816-93AB-4242-871F-4D4E1743B74A}2011-01-29 18:15:33 -------- d-----w- C:\Users\ANGELS~1\AppData\Local\{5915C938-676B-4B4B-8079-95F34A4C4E53}2011-01-29 01:54:13 -------- d-----w- C:\Users\ANGELS~1\AppData\Local\{4025AEC5-9663-49DF-BF30-A394F929482C}2011-01-27 22:34:33 -------- d-----w- C:\Users\ANGELS~1\AppData\Local\{E10D78B2-E5D1-48E2-BC3D-6E00356128FA}2011-01-27 10:34:20 -------- d-----w- C:\Users\ANGELS~1\AppData\Local\{BD44123F-A86F-4972-BCD3-78D033F73227}2011-01-26 22:34:01 -------- d-----w- C:\Users\ANGELS~1\AppData\Local\{32BD36FC-9F5D-4769-A72D-6A7CC2474F72}2011-01-26 10:33:47 -------- d-----w- C:\Users\ANGELS~1\AppData\Local\{5CC79FA0-5B70-4323-BFEA-3024EBCD5E0A}2011-01-25 22:42:50 -------- d-----w- C:\Users\ANGELS~1\AppData\Local\Google2011-01-25 22:33:13 -------- d-----w- C:\Users\ANGELS~1\AppData\Local\{87F06104-5F9E-4509-9CFC-07909A2738FD}2011-01-24 14:09:18 -------- d-----w- C:\Users\ANGELS~1\AppData\Local\{14332E2F-46DE-4A2B-A4C8-72E6CE1FD82B}==================== Find3M ====================2011-01-26 06:53:10 265088 ----a-w- C:\Windows\System32\drivers\dxgmms1.sys2011-01-26 06:31:20 144384 ----a-w- C:\Windows\System32\cdd.dll2011-01-07 08:06:50 46080 ----a-w- C:\Windows\System32\atmlib.dll2011-01-07 07:27:11 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll2011-01-07 05:49:20 366080 ----a-w- C:\Windows\System32\atmfd.dll2011-01-07 05:33:11 294400 ----a-w- C:\Windows\SysWow64\atmfd.dll2011-01-05 06:20:30 612352 ----a-w- C:\Windows\System32\vbscript.dll2011-01-05 05:37:33 428032 ----a-w- C:\Windows\SysWow64\vbscript.dll2011-01-05 04:00:16 3127808 ----a-w- C:\Windows\System32\win32k.sys2010-12-21 06:16:27 97280 ----a-w- C:\Windows\System32\wscsvc.dll2010-12-21 06:16:27 62976 ----a-w- C:\Windows\System32\wscapi.dll2010-12-21 06:16:16 214016 ----a-w- C:\Windows\System32\winsrv.dll2010-12-21 06:16:14 442880 ----a-w- C:\Windows\System32\winhttp.dll2010-12-21 06:16:14 1197056 ----a-w- C:\Windows\System32\wininet.dll2010-12-21 06:16:09 258048 ----a-w- C:\Windows\System32\WebClnt.dll2010-12-21 06:15:55 264192 ----a-w- C:\Windows\System32\upnp.dll2010-12-21 06:15:31 15360 ----a-w- C:\Windows\System32\slwga.dll2010-12-21 06:13:03 2003968 ----a-w- C:\Windows\System32\msxml6.dll2010-12-21 06:13:03 1880576 ----a-w- C:\Windows\System32\msxml3.dll2010-12-21 06:10:22 100864 ----a-w- C:\Windows\System32\davclnt.dll2010-12-21 05:38:24 51200 ----a-w- C:\Windows\SysWow64\wscapi.dll2010-12-21 05:38:22 981504 ----a-w- C:\Windows\SysWow64\wininet.dll2010-12-21 05:38:22 350720 ----a-w- C:\Windows\SysWow64\winhttp.dll2010-12-21 05:38:21 204800 ----a-w- C:\Windows\SysWow64\WebClnt.dll2010-12-21 05:38:19 204288 ----a-w- C:\Windows\SysWow64\upnp.dll2010-12-21 05:38:16 14336 ----a-w- C:\Windows\SysWow64\slwga.dll2010-12-21 05:36:17 1389568 ----a-w- C:\Windows\SysWow64\msxml6.dll2010-12-21 05:36:16 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll2010-12-21 05:34:12 80384 ----a-w- C:\Windows\SysWow64\davclnt.dll2010-12-21 00:08:40 24152 ----a-w- C:\Windows\System32\drivers\mbam.sys2010-12-18 06:11:41 57856 ----a-w- C:\Windows\System32\licmgr10.dll2010-12-18 05:29:40 44544 ----a-w- C:\Windows\SysWow64\licmgr10.dll2010-12-18 05:29:31 541184 ----a-w- C:\Windows\SysWow64\kerberos.dll2010-12-18 04:55:03 482816 ----a-w- C:\Windows\System32\html.iec2010-12-18 04:20:55 386048 ----a-w- C:\Windows\SysWow64\html.iec2010-12-18 04:13:40 1638912 ----a-w- C:\Windows\System32\mshtml.tlb2010-12-18 03:47:59 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb2010-12-13 02:37:28 525792 ----a-w- C:\Windows\DIFxAPI.dll2010-12-13 02:37:26 315392 ----a-w- C:\Windows\HideWin.exe2010-11-25 16:43:26 257232 ----a-w- C:\Windows\System32\drivers\PCTCore64.sys2010-11-25 16:42:10 92896 ----a-w- C:\Windows\System32\drivers\pctplsg64.sys============= FINISH: 1:44:48.57 ===============Attach2.zip Link to post Share on other sites More sharing options...
Staff screen317 Posted February 23, 2011 Staff ID:392371 Share Posted February 23, 2011 Hi,Next, please run a free online scan with the ESET Online ScannerNote: You will need to use Internet Explorer for this scan.Tick the box next to YES, I accept the Terms of Use.Click StartWhen asked, allow the ActiveX control to installClick StartMake sure that the options Remove found threats and the option Scan unwanted applications is checkedClick ScanWait for the scan to finishUse Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txtCopy and paste that log as a reply to this topicNext, download my Security Check from here or here.Save it to your Desktop.Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.A Notepad document should open automatically called checkup.txt; please post the contents of that document.Let me know how things are running now and what issues remain.-screen317 Link to post Share on other sites More sharing options...
Wofstar Posted February 23, 2011 Author ID:392383 Share Posted February 23, 2011 I ran the Eset scanner, it found 2 threats but did not give me a log file. Did I do something wrong to not get a log? Link to post Share on other sites More sharing options...
Wofstar Posted February 23, 2011 Author ID:392459 Share Posted February 23, 2011 I reran the Eset scanner and it said there were no viruses, I rechecked for a log and this is the only log file in the folder you had me look:ESETSmartInstaller@High as CAB hook log:OnlineScanner64.ocx - registred OKOnlineScanner.ocx - registred OKI don't know if this is correct though. Link to post Share on other sites More sharing options...
Wofstar Posted February 23, 2011 Author ID:392482 Share Posted February 23, 2011 Here is the security check log: Results of screen317's Security Check version 0.99.8 Windows 7 (UAC is enabled) Internet Explorer 8 `````````````````````````````` Antivirus/Firewall Check: Windows Firewall Enabled! ClamWin Free Antivirus 0.96.5 ESET Online Scanner v3 Spyware Doctor with AntiVirus 8.0 WMI entry may not exist for antivirus; attempting automatic update. ``````````````````````````````` Anti-malware/Other Utilities Check: Malwarebytes' Anti-Malware Java 6 Update 23 Java 6 Update 2 Out of date Java installed! Adobe Flash Player 10.1.102.64 Adobe Reader 8.1.0 Out of date Adobe Reader installed! Mozilla Firefox (3.6.13) ```````````````````````````````` Process Check: objlist.exe by Laurent ``````````End of Log```````````` Link to post Share on other sites More sharing options...
Staff screen317 Posted February 23, 2011 Staff ID:392517 Share Posted February 23, 2011 Do you not see the log here:C:\Program Files\EsetOnlineScanner\log.txt Link to post Share on other sites More sharing options...
Wofstar Posted February 24, 2011 Author ID:392694 Share Posted February 24, 2011 Nope this that was the only log file I had, though it isn't located at the same place you said. The only place I can find anything to do with ESET in my program files is at:C:\Program Files(x86)\ESET\EsetOnlineScanner\log.txtI've attached a picture of the ESET folder Link to post Share on other sites More sharing options...
Staff screen317 Posted February 25, 2011 Staff ID:393014 Share Posted February 25, 2011 Hi,That's okay since it said nothing was found.Navigate to Start --> Run, and type Combofix /uninstall in the box that appears. Click OK afterward. Notice the space between the X and the /uninstallThis uninstalls all of ComboFix's components.Delete SecurityCheck.After that, navigate to Start --> Control Panel --> Add or Remove Programs, and uninstall the following programs (if present):Java Link to post Share on other sites More sharing options...
Wofstar Posted February 25, 2011 Author ID:393040 Share Posted February 25, 2011 Alright, done with all your orders Boss! The computer is running much smoother. I'm assuming that I'm virus free after running the MB and ESET scanners also? Link to post Share on other sites More sharing options...
Staff screen317 Posted February 25, 2011 Staff ID:393285 Share Posted February 25, 2011 Yes things look good from here. Are you currently using the PRO version of MBAM? Link to post Share on other sites More sharing options...
Wofstar Posted February 26, 2011 Author ID:393470 Share Posted February 26, 2011 Nope, I am planning on getting it just waiting on a paycheck xD Link to post Share on other sites More sharing options...
Staff screen317 Posted February 26, 2011 Staff ID:393482 Share Posted February 26, 2011 Cool! Then you are good to go.Now that your computer seems to be in proper working order, please take the following steps to help prevent reinfection:1) Download and install Javacool's SpywareBlaster, which will prevent malware from being installed on your computer. A tutorial on it can be found here.2) Download and install IE-Spyad, which will place over 5000 'bad' sites on your Internet Explorer Restricted List. A tutorial on it can be found here.3) Go to Windows Update frequently to get all of the latest updates (security or otherwise) for Windows.4) Make sure your programs are up to date! Older versions may contain security risks. To find out what programs need to be updated, please run Secunia's Software Inspector.5) WOT, Web of Trust, warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:Green to go Yellow for caution Red to stop WOT has an addon available for both Firefox and IE.6) Be sure to update your Antivirus and Antispyware programs often!Finally, please also take the time to read Tony Klein's excellent article on: So How Did I Get Infected in the First Place?Safe surfing,-screen317 Link to post Share on other sites More sharing options...
Wofstar Posted February 26, 2011 Author ID:393527 Share Posted February 26, 2011 After running the Secunia's Software Inspector, it gave me 1 program that needed to be updated; Adobe Flash Player 9.x but when I try to update it I keep getting a version 10 not the one it says: "9.0.283.0 (ActiveX)" can ya help me on updating this? Other than this I've finished everything you suggested. I am wanting to make sure I have this all right though:Clamwin = Virus Protector (should I swap this too Avast like on my desktop?)SpywareBlaster = Spyware ProtectorMalwareBytes = Malware Protector (will have the PRO edition this weekend)and I can run all these programs actively at the same time? Also do you suggest a certain Firewall protector that wont conflict with the above programs?I've also attached a jpeg of the update issue: Link to post Share on other sites More sharing options...
Staff screen317 Posted February 27, 2011 Staff ID:393958 Share Posted February 27, 2011 Hi,The Secunia scan always seems to be buggy with Flash. It's fine as is.You can switch to avast; I've never personally used ClamWin (I use Microsoft Security Essentials), but in the end it's up to you.Yes you can run them all together. I haven't personally tested any 64bit firewalls so I couldn't make any recommendations for you. You could check out these vendors; I think they offer free versions of their commercial firewalls.Sunbelt Personal FirewallComodoOutpost Link to post Share on other sites More sharing options...
Wofstar Posted February 27, 2011 Author ID:394077 Share Posted February 27, 2011 Alright, thanks!So am I good to go? Link to post Share on other sites More sharing options...
Staff screen317 Posted March 1, 2011 Staff ID:394716 Share Posted March 1, 2011 Yes looks like it. I'll keep this thread open for a few days in case you have any other questions. Link to post Share on other sites More sharing options...
Wofstar Posted March 1, 2011 Author ID:394739 Share Posted March 1, 2011 Coolz!Can I run the Defogger again and turn that back on?I'll hop on it and start pushing it at little to test things out and see if I encounter any problems.Thanks again!-Wof Link to post Share on other sites More sharing options...
Recommended Posts