oxadiba Posted March 23, 2011 ID:403639 Share Posted March 23, 2011 Hello, so i got hacked yesterday in a game yesterday,Not angry over it since it gave me a reason to quit, however i am wondering if the keylogger is still on my computer.I'm sure its a key logger because i play on two accounts, and only the account that i typed in was hacked. The other one already had the username in, so i only typed in the passwordI ran MBAM in safe mode and these two files came up.Rogue.Agent, located in Appdata/LocalLow/Sun/JavaMalware.Trace, located in System32This is the log file: Malwarebytes' Anti-Malware 1.50.1.1100www.malwarebytes.orgDatabase version: 6130Windows 6.1.7600 (Safe Mode)Internet Explorer 8.0.7600.1638523/03/2011 12:11:58 AMmbam-log-2011-03-23 (00-11-58).txtScan type: Full scan (C:\|)Objects scanned: 280262Time elapsed: 28 minute(s), 34 second(s)Memory Processes Infected: 0Memory Modules Infected: 0Registry Keys Infected: 0Registry Values Infected: 0Registry Data Items Infected: 0Folders Infected: 0Files Infected: 2Memory Processes Infected:(No malicious items detected)Memory Modules Infected:(No malicious items detected)Registry Keys Infected:(No malicious items detected)Registry Values Infected:(No malicious items detected)Registry Data Items Infected:(No malicious items detected)Folders Infected:(No malicious items detected)Files Infected:c:\Users\Chris\AppData\LocalLow\Sun\Java\deployment\cache\6.0\3\6f657583-178db2f9 (Rogue.Agent) -> Quarantined and deleted successfully.c:\Windows\System32\secushr.dat (Malware.Trace) -> Quarantined and deleted successfully.I also ran combofix, and this is the log:ComboFix 11-03-22.05 - Chris 23/03/2011 18:19:59.2.1 - x86 MINIMALMicrosoft Windows 7 Ultimate 6.1.7600.0.1252.61.1033.18.960.527 [GMT 11:00]Running from: c:\users\Chris\Desktop\ComboFix.exeAV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}..((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))..c:\programdata\hpe9C7A.dllc:\windows\system32\AVSredirect.dll..((((((((((((((((((((((((( Files Created from 2011-02-23 to 2011-03-23 )))))))))))))))))))))))))))))))..2011-03-23 07:27 . 2011-03-23 07:27 -------- d-----w- c:\users\Tiffany\AppData\Local\temp2011-03-23 07:27 . 2011-03-23 07:27 -------- d-----w- c:\users\Jenni\AppData\Local\temp2011-03-23 07:27 . 2011-03-23 07:27 -------- d-----w- c:\users\Default\AppData\Local\temp2011-03-23 07:27 . 2011-03-23 07:27 -------- d-----w- c:\users\Chris\AppData\Local\temp2011-03-20 05:41 . 2011-02-11 06:54 5943120 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{DBB4108F-4833-4632-9F28-63316911FDD1}\mpengine.dll2011-03-15 08:40 . 2011-03-15 08:40 -------- d-----w- c:\program files\iPod to Computer Transfer Safe2011-03-15 08:31 . 2011-03-15 08:31 -------- d-----w- c:\program files\CandySoft2011-03-13 13:08 . 2011-03-13 13:08 -------- d-----w- c:\users\Jenni\AppData\Roaming\vlc2011-03-12 01:39 . 2011-03-12 01:39 -------- d-----w- c:\program files\Microsoft Research2011-03-11 04:54 . 2011-03-11 04:54 -------- d-----w- c:\programdata\Nexon2011-03-10 09:06 . 2011-03-11 04:32 -------- d-----w- c:\program files\Pando Networks2011-03-04 12:50 . 2011-03-04 13:05 -------- d-----w- c:\program files\Bulk Rename Utility..(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2011-02-11 11:23 . 2009-08-27 02:23 348160 ----a-w- c:\windows\system32\msvcr71.dll2011-02-11 11:23 . 2009-02-19 06:49 499712 ----a-w- c:\windows\system32\msvcp71.dll2011-02-11 06:54 . 2011-02-05 00:28 5943120 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll2006-05-03 00:06 163328 --sha-r- c:\windows\System32\flvDX.dll2007-02-21 01:47 31232 --sha-r- c:\windows\System32\msfDX.dll2008-03-16 03:30 216064 --sha-r- c:\windows\System32\nbDX.dll..((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shown REGEDIT4.[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]"{872b5b88-9db5-4310-bdd0-ac189557e5f5}"= "c:\program files\DVDVideoSoftTB\tbDVDV.dll" [2010-04-27 2393184].[HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}].[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]2010-04-27 00:08 2393184 ----a-w- c:\program files\DVDVideoSoftTB\tbDVDV.dll.[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]2010-10-11 05:12 1244040 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll.[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]"{872b5b88-9db5-4310-bdd0-ac189557e5f5}"= "c:\program files\DVDVideoSoftTB\tbDVDV.dll" [2010-04-27 2393184]"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-10-11 1244040].[HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}].[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}][HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1][HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}][HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd].[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-10-11 1244040]"{872B5B88-9DB5-4310-BDD0-AC189557E5F5}"= "c:\program files\DVDVideoSoftTB\tbDVDV.dll" [2010-04-27 2393184].[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}][HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1][HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}][HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd].[HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}].[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" [2009-11-20 434176]"RoboForm"="c:\program files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2010-06-27 160592]"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-04-16 3872080]"Window Hide Tool"="c:\program files\Window Hide Tool\Window Hide Tool.exe" [2008-01-18 307200]"NetLimiter"="c:\program files\NetLimiter 3\NLClientApp.exe" [2010-08-30 1781760]"VeohPlugin"="c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe" [2010-07-06 2634048]"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504].[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"VX1000"="c:\windows\vVX1000.exe" [2010-05-20 762736]"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-18 421888]"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2010-04-12 180224]"LifeCam"="c:\program files\Microsoft LifeCam\LifeExp.exe" [2010-05-20 119152]"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-07-21 141608]"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]"AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-21 406992]"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-05 500208]"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-21 35760]"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]"LogMeIn Hamachi Ui"="c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe" [2010-12-05 1910152]"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2010-11-30 997408].[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]"GrpConv"="grpconv -o" [X].[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]"ConsentPromptBehaviorAdmin"= 0 (0x0)"ConsentPromptBehaviorUser"= 3 (0x3)"EnableLUA"= 0 (0x0)"EnableUIADesktopToggle"= 0 (0x0)"PromptOnSecureDesktop"= 0 (0x0).[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]@="Service".R1 MpKsl0a64b4c9;MpKsl0a64b4c9;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C9AE0654-F4C9-45A3-AAF7-90230F4832C1}\MpKsl0a64b4c9.sys [x]R1 MpKsl4114a2e3;MpKsl4114a2e3;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A11D47D4-B2D2-4D6F-8211-E3F44999483B}\MpKsl4114a2e3.sys [x]R1 MpKsl473fce8d;MpKsl473fce8d;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E44489FE-430E-4ED0-87EF-4D39C29D6DCE}\MpKsl473fce8d.sys [x]R1 MpKsl58b60863;MpKsl58b60863;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{823CECA2-0D2C-4FF2-8B62-E4C10AF7A73E}\MpKsl58b60863.sys [x]R1 MpKsl5d49a998;MpKsl5d49a998;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{D21D0FFD-9455-4450-9B7F-6E09F15A970C}\MpKsl5d49a998.sys [x]R1 MpKsl68c98d0c;MpKsl68c98d0c;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{3DE23A87-38A4-4AC6-81B1-903617D37255}\MpKsl68c98d0c.sys [x]R1 MpKsl71f6da39;MpKsl71f6da39;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{8945A828-88B9-4810-8981-1BE93B95427D}\MpKsl71f6da39.sys [x]R1 MpKsl74d34c53;MpKsl74d34c53;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{DBB4108F-4833-4632-9F28-63316911FDD1}\MpKsl74d34c53.sys [x]R1 MpKsl88e72bd7;MpKsl88e72bd7;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{3D524FF2-DF7B-4EF8-9440-76990FAA2184}\MpKsl88e72bd7.sys [x]R1 MpKsl89314201;MpKsl89314201;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{6359E0E0-1B30-44FB-9911-1A1CC1993472}\MpKsl89314201.sys [x]R1 MpKsla8d8c55e;MpKsla8d8c55e;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{6A77F341-6197-4F03-B515-C77A60D3A8EB}\MpKsla8d8c55e.sys [x]R1 MpKsld332f3d2;MpKsld332f3d2;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F8CF47CD-354B-4422-B934-6E89AE8A1FEE}\MpKsld332f3d2.sys [x]R1 MpKsldae26589;MpKsldae26589;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{59AB2401-DD06-45E8-9269-0B8F0C6D82E8}\MpKsldae26589.sys [x]R1 MpKsldce0ef64;MpKsldce0ef64;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{D4CE89D6-85C6-47AE-A2A7-91DFB2AEF4B4}\MpKsldce0ef64.sys [x]R1 MpKsle28c4144;MpKsle28c4144;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{90731F6A-CE1D-4E77-8781-8A6CBD6F348A}\MpKsle28c4144.sys [x]R1 MpKslefb7a966;MpKslefb7a966;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A11D47D4-B2D2-4D6F-8211-E3F44999483B}\MpKslefb7a966.sys [x]R1 MpKslf45e4804;MpKslf45e4804;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E44489FE-430E-4ED0-87EF-4D39C29D6DCE}\MpKslf45e4804.sys [x]R1 nltdi;nltdi;c:\program files\NetLimiter 3\nltdi.sys [2010-08-30 5281672]R2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;c:\program files\LogMeIn Hamachi\hamachi-2.exe [2010-12-05 1238408]R2 HssWd;Hotspot Shield Monitoring Service;c:\program files\Hotspot Shield\bin\hsswd.exe [2010-06-16 322608]R2 Joulemeter Service;Joulemeter Service;c:\program files\Microsoft Research\Joulemeter\JoulemeterService.exe [2010-09-10 64816]R2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2010-06-25 35088]R2 OMSI download service;Sony Ericsson OMSI download service;c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe [2009-04-30 90112]R3 EagleXNt;EagleXNt;c:\windows\system32\drivers\EagleXNt.sys [x]R3 GGSAFERDriver;GGSAFER Driver;c:\program files\Garena\plugins\UI\safedrv.sys [x]R3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.12.1;c:\windows\system32\drivers\libusb0.sys [2007-03-20 28672]R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2010-10-24 43392]R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl.sys [2010-04-19 18432]R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2010-10-24 54144]R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2010-11-11 206360]R3 NLNdisMP;NLNdisMP;c:\windows\system32\DRIVERS\nlndis.sys [2010-08-30 5230088]R3 NLNdisPT;NetLimiter Ndis Protocol Service;c:\windows\system32\DRIVERS\nlndis.sys [2010-08-30 5230088]R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [2010-10-20 3966416]R3 s1018bus;Sony Ericsson Device 1018 driver (WDM);c:\windows\system32\DRIVERS\s1018bus.sys [2009-03-25 86824]R3 s1018mdfl;Sony Ericsson Device 1018 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s1018mdfl.sys [2009-03-25 15016]R3 s1018mdm;Sony Ericsson Device 1018 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s1018mdm.sys [2009-03-25 114728]R3 s1018mgmt;Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s1018mgmt.sys [2009-03-25 106208]R3 s1018nd5;Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS);c:\windows\system32\DRIVERS\s1018nd5.sys [2009-03-25 26024]R3 s1018obex;Sony Ericsson Device 1018 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s1018obex.sys [2009-03-25 104744]R3 s1018unic;Sony Ericsson Device 1018 USB Ethernet Emulation (WDM);c:\windows\system32\DRIVERS\s1018unic.sys [2009-03-25 109864]R3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]R3 USBTINSP;TI-Nspire Handheld or TI Network Bridge Device Driver;c:\windows\system32\DRIVERS\tinspusb.sys [2010-03-29 122752]..[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12..------- Supplementary Scan -------.uInternet Settings,ProxyOverride = *.localIE: Customize Menu - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.htmlIE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000IE: Fill Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComFillForms.htmlIE: Free YouTube to Mp3 Converter - c:\users\Chris\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htmIE: RoboForm Toolbar - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.htmlIE: Save Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComSavePass.htmlTrusted Zone: kuaiche.com\softwareFF - ProfilePath - c:\users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\q7jpcjki.default\FF - prefs.js: browser.startup.homepage - www.google.comFF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}FF - Ext: Veoh Web Player Toolbar: {cd90bf73-20f6-44ef-993d-bb920303bd2e} - %profile%\extensions\{cd90bf73-20f6-44ef-993d-bb920303bd2e}FF - Ext: AI Roboform Toolbar for Firefox: {22119944-ED35-4ab1-910B-E619EA06A115} - c:\program files\Siber Systems\AI RoboForm\Firefox..------- File Associations -------.regfile\shell\edit\command=%SystemRoot%\system32\notepad.exe "%1".- - - - ORPHANS REMOVED - - - -.HKCU-Run-FlashGet 3 - c:\program files\FlashGet Network\FlashGet 3\Flashget3.exeHKCU-Run-AdobeBridge - (no file)HKLM-RunOnce-<NO NAME> - (no file)AddRemove-ESI - Romio MIDI Driver Setup - c:\program files\ESI\Romio\uninst.exe Software\ESI\Romio\Setup...[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npggsvc]"ImagePath"="c:\windows\system32\GameMon.des -service".--------------------- LOCKED REGISTRY KEYS ---------------------.[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]@Denied: (A 2) (Everyone)@="FlashBroker""LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]"Enabled"=dword:00000001.[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]@Denied: (A 2) (Everyone)@="IFlashBroker4".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]@="{00020424-0000-0000-C000-000000000046}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}""Version"="1.0".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]@Denied: (A) (Users)@Denied: (A) (Everyone)@Allowed: (B 1 2 3 4 5) (S-1-5-20)"BlindDial"=dword:00000000.[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]@Denied: (A) (Users)@Denied: (A) (Everyone)@Allowed: (B 1 2 3 4 5) (S-1-5-20)"BlindDial"=dword:00000000.[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]@Denied: (Full) (Everyone).Completion time: 2011-03-23 18:29:50ComboFix-quarantined-files.txt 2011-03-23 07:29.Pre-Run: 45,085,720,576 bytes freePost-Run: 44,678,004,736 bytes free.- - End Of File - - 12D4F5C20ABA8C188605EDA371988AF0Are any of these the infected files the culprits? If they're not then what other action should i take?Thanks Link to post Share on other sites More sharing options...
Staff screen317 Posted March 25, 2011 Staff ID:404783 Share Posted March 25, 2011 Hi and welcome to Malwarebytes.Please update MBAM, run a Quick Scan, and post its log.Next, download DDS by sUBs and save it to your Desktop.Double-click on the DDS icon and let the scan run. When it has run two logs will be produced, please post DDS.txt directly into your reply. Link to post Share on other sites More sharing options...
oxadiba Posted March 26, 2011 Author ID:405252 Share Posted March 26, 2011 Hi and welcome to Malwarebytes.Please update MBAM, run a Quick Scan, and post its log.Next, download DDS by sUBs and save it to your Desktop.Double-click on the DDS icon and let the scan run. When it has run two logs will be produced, please post DDS.txt directly into your reply.Malwarebytes' Anti-Malware 1.50.1.1100www.malwarebytes.orgDatabase version: 6172Windows 6.1.7600Internet Explorer 8.0.7600.1638526/03/2011 4:59:51 PMmbam-log-2011-03-26 (16-59-51).txtScan type: Quick scanObjects scanned: 172458Time elapsed: 7 minute(s), 9 second(s)Memory Processes Infected: 0Memory Modules Infected: 0Registry Keys Infected: 1Registry Values Infected: 0Registry Data Items Infected: 0Folders Infected: 0Files Infected: 0Memory Processes Infected:(No malicious items detected)Memory Modules Infected:(No malicious items detected)Registry Keys Infected:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A078F691-9C07-4AF2-BF43-35E79EECF8B7} (Adware.Softomate) -> Quarantined and deleted successfully.Registry Values Infected:(No malicious items detected)Registry Data Items Infected:(No malicious items detected)Folders Infected:(No malicious items detected)Files Infected:(No malicious items detected)DDS file is attachedDDS.txt Link to post Share on other sites More sharing options...
oxadiba Posted March 26, 2011 Author ID:405253 Share Posted March 26, 2011 Malwarebytes' Anti-Malware 1.50.1.1100www.malwarebytes.orgDatabase version: 6172Windows 6.1.7600Internet Explorer 8.0.7600.1638526/03/2011 4:59:51 PMmbam-log-2011-03-26 (16-59-51).txtScan type: Quick scanObjects scanned: 172458Time elapsed: 7 minute(s), 9 second(s)Memory Processes Infected: 0Memory Modules Infected: 0Registry Keys Infected: 1Registry Values Infected: 0Registry Data Items Infected: 0Folders Infected: 0Files Infected: 0Memory Processes Infected:(No malicious items detected)Memory Modules Infected:(No malicious items detected)Registry Keys Infected:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A078F691-9C07-4AF2-BF43-35E79EECF8B7} (Adware.Softomate) -> Quarantined and deleted successfully.Registry Values Infected:(No malicious items detected)Registry Data Items Infected:(No malicious items detected)Folders Infected:(No malicious items detected)Files Infected:(No malicious items detected)DDS file is attached.DDS (Ver_11-03-05.01) - NTFSx86 Run by Chris at 17:00:20.14 on Sat 26/03/2011Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_20Microsoft Windows 7 Ultimate 6.1.7600.0.1252.61.1033.18.960.186 [GMT 11:00].AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}.============== Running Processes ===============.C:\Windows\system32\wininit.exeC:\Windows\system32\lsm.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\system32\nvvsvc.exeC:\Windows\system32\svchost.exe -k RPCSSc:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exeC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\Windows\System32\svchost.exe -k LocalSystemNetworkRestrictedC:\Windows\system32\svchost.exe -k netsvcsC:\Windows\system32\svchost.exe -k LocalServiceC:\Windows\system32\nvvsvc.exeC:\Windows\system32\svchost.exe -k NetworkServiceC:\Windows\System32\spoolsv.exeC:\Windows\system32\svchost.exe -k LocalServiceNoNetworkC:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\Program Files\Microsoft Research\Joulemeter\JoulemeterService.exeC:\Program Files\Microsoft LifeCam\MSCamS32.exeC:\Windows\System32\svchost.exe -k HPZ12C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exeC:\Windows\System32\svchost.exe -k HPZ12C:\Windows\system32\svchost.exe -k imgsvcC:\Windows\system32\taskhost.exeC:\Windows\system32\Dwm.exeC:\Windows\Explorer.EXEC:\Windows\vVX1000.exeC:\Program Files\Common Files\Java\Java Update\jusched.exeC:\Program Files\PowerISO\PWRISOVM.EXEC:\Program Files\iTunes\iTunesHelper.exeC:\Program Files\Microsoft Security Client\msseces.exeC:\Program Files\Window Hide Tool\Window Hide Tool.exeC:\Program Files\Windows Sidebar\sidebar.exeC:\Program Files\Warcraft III\ManaBars.exeC:\Program Files\iPod\bin\iPodService.exeC:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonationc:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exeC:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestrictedC:\Program Files\Windows Media Player\wmpnetwk.exeC:\Windows\system32\wbem\WmiApSrv.exeC:\Windows\system32\SearchIndexer.exeC:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exeC:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exeC:\Program Files\Windows Live\Messenger\msnmsgr.exeC:\Program Files\Windows Live\Contacts\wlcomm.exeC:\Program Files\Mozilla Firefox\firefox.exeC:\Program Files\Mozilla Firefox\plugin-container.exeC:\Program Files\Malwarebytes' Anti-Malware\mbam.exeC:\Windows\system32\NOTEPAD.EXEC:\Users\Chris\Desktop\dds.scrC:\Windows\system32\conhost.exeC:\Windows\system32\wbem\wmiprvse.exe.============== Pseudo HJT Report ===============.uInternet Settings,ProxyOverride = *.localuURLSearchHooks: DVDVideoSoftTB Toolbar: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - c:\program files\dvdvideosofttb\tbDVDV.dllmURLSearchHooks: DVDVideoSoftTB Toolbar: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - c:\program files\dvdvideosofttb\tbDVDV.dllBHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dllBHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No FileBHO: RoboForm BHO: {724d43a9-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dllBHO: DVDVideoSoftTB Toolbar: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - c:\program files\dvdvideosofttb\tbDVDV.dllBHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dllBHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dllTB: &RoboForm: {724d43a0-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dllTB: DVDVideoSoftTB Toolbar: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - c:\program files\dvdvideosofttb\tbDVDV.dllTB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No FileuRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /backgrounduRun: [Window Hide Tool] c:\program files\window hide tool\Window Hide Tool.exeuRun: [sidebar] c:\program files\windows sidebar\sidebar.exe /autoRunuRun: [RoboForm] "c:\program files\siber systems\ai roboform\RoboTaskBarIcon.exe"mRun: [VX1000] c:\windows\vVX1000.exemRun: [switchBoard] c:\program files\common files\adobe\switchboard\SwitchBoard.exemRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottimemRun: [PWRISOVM.EXE] c:\program files\poweriso\PWRISOVM.EXEmRun: [LifeCam] "c:\program files\microsoft lifecam\LifeExp.exe"mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"mRun: [AdobeCS5ServiceManager] "c:\program files\common files\adobe\cs5servicemanager\CS5ServiceManager.exe" -launchedbyloginmRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe"mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkeymRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\manaba~1.lnk - c:\program files\warcraft iii\ManaBars.exemPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)mPolicies-system: EnableLUA = 0 (0x0)mPolicies-system: EnableUIADesktopToggle = 0 (0x0)mPolicies-system: PromptOnSecureDesktop = 0 (0x0)IE: Customize Menu - file://c:\program files\siber systems\ai roboform\RoboFormComCustomizeIEMenu.htmlIE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000IE: Fill Forms - file://c:\program files\siber systems\ai roboform\RoboFormComFillForms.htmlIE: Free YouTube to Mp3 Converter - c:\users\chris\appdata\roaming\dvdvideosoftiehelpers\youtubetomp3.htmIE: RoboForm Toolbar - file://c:\program files\siber systems\ai roboform\RoboFormComShowToolbar.htmlIE: Save Forms - file://c:\program files\siber systems\ai roboform\RoboFormComSavePass.htmlIE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - c:\program files\siber systems\ai roboform\RoboFormComFillForms.htmlIE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - c:\program files\siber systems\ai roboform\RoboFormComSavePass.htmlIE: {724d43aa-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\RoboFormComShowToolbar.htmlIE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLLTrusted Zone: kuaiche.com\softwareDPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cabDPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cabDPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cabDPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cabHandler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL.================= FIREFOX ===================.FF - ProfilePath - c:\users\chris\appdata\roaming\mozilla\firefox\profiles\q7jpcjki.default\FF - prefs.js: browser.startup.homepage - www.google.comFF - component: c:\program files\siber systems\ai roboform\firefox\components\rfproxy_31.dllFF - component: c:\users\chris\appdata\roaming\mozilla\firefox\profiles\q7jpcjki.default\extensions\{cd90bf73-20f6-44ef-993d-bb920303bd2e}\components\FFExternalAlert.dllFF - component: c:\users\chris\appdata\roaming\mozilla\firefox\profiles\q7jpcjki.default\extensions\{cd90bf73-20f6-44ef-993d-bb920303bd2e}\components\RadioWMPCore.dllFF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dllFF - plugin: c:\program files\mozilla firefox\plugins\npijjiautoinstallpluginff.dllFF - plugin: c:\program files\mozilla firefox\plugins\npijjiFFPlugin1.dllFF - plugin: c:\programdata\nexonus\ngm\npNxGameUS.dllFF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}FF - Ext: Veoh Web Player Toolbar: {cd90bf73-20f6-44ef-993d-bb920303bd2e} - %profile%\extensions\{cd90bf73-20f6-44ef-993d-bb920303bd2e}FF - Ext: Roboform Toolbar for Firefox: {22119944-ED35-4ab1-910B-E619EA06A115} - c:\program files\siber systems\ai roboform\Firefox.============= SERVICES / DRIVERS ===============.R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-10-24 165264]R1 MpKsl1259af21;MpKsl1259af21;c:\programdata\microsoft\microsoft antimalware\definition updates\{d22c8912-f6e6-4446-948d-e51be27f3cf6}\MpKsl1259af21.sys [2011-3-25 28752]R2 Joulemeter Service;Joulemeter Service;c:\program files\microsoft research\joulemeter\JoulemeterService.exe [2010-9-10 64816]R2 OMSI download service;Sony Ericsson OMSI download service;c:\program files\sony ericsson\sony ericsson pc suite\SupServ.exe [2010-6-27 90112]R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\drivers\MpNWMon.sys [2010-10-24 43392]R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2010-10-24 54144]R3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\antimalware\NisSrv.exe [2010-11-11 206360]S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888]S3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.12.1;c:\windows\system32\drivers\libusb0.sys [2010-9-19 28672]S3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\drivers\netaapl.sys [2010-4-19 18432]S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?]S3 s1018bus;Sony Ericsson Device 1018 driver (WDM);c:\windows\system32\drivers\s1018bus.sys [2010-6-27 86824]S3 s1018mdfl;Sony Ericsson Device 1018 USB WMC Modem Filter;c:\windows\system32\drivers\s1018mdfl.sys [2010-6-27 15016]S3 s1018mdm;Sony Ericsson Device 1018 USB WMC Modem Driver;c:\windows\system32\drivers\s1018mdm.sys [2010-6-27 114728]S3 s1018mgmt;Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s1018mgmt.sys [2010-6-27 106208]S3 s1018nd5;Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS);c:\windows\system32\drivers\s1018nd5.sys [2010-6-27 26024]S3 s1018obex;Sony Ericsson Device 1018 USB WMC OBEX Interface;c:\windows\system32\drivers\s1018obex.sys [2010-6-27 104744]S3 s1018unic;Sony Ericsson Device 1018 USB Ethernet Emulation (WDM);c:\windows\system32\drivers\s1018unic.sys [2010-6-27 109864]S3 SwitchBoard;SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]S3 USBTINSP;TI-Nspire Handheld or TI Network Bridge Device Driver;c:\windows\system32\drivers\tinspusb.sys [2010-3-29 122752]SUnknown cmpyvtuj;cmpyvtuj; [x].=============== File Associations ===============.regfile\shell\edit\command=%SystemRoot%\system32\notepad.exe "%1".=============== Created Last 30 ================.2011-03-25 00:55:12 28752 ----a-w- c:\progra~2\microsoft\microsoft antimalware\definition updates\{d22c8912-f6e6-4446-948d-e51be27f3cf6}\MpKsl1259af21.sys2011-03-25 00:54:56 6792528 ----a-w- c:\progra~2\microsoft\microsoft antimalware\definition updates\{d22c8912-f6e6-4446-948d-e51be27f3cf6}\mpengine.dll2011-03-23 07:29:56 -------- d-sh--w- C:\$RECYCLE.BIN2011-03-23 07:29:52 -------- d-----w- c:\users\chris\appdata\local\temp2011-03-23 05:15:06 98816 ----a-w- c:\windows\sed.exe2011-03-23 05:15:06 89088 ----a-w- c:\windows\MBR.exe2011-03-23 05:15:06 256512 ----a-w- c:\windows\PEV.exe2011-03-23 05:15:06 161792 ----a-w- c:\windows\SWREG.exe2011-03-15 08:40:15 -------- d-----w- c:\program files\iPod to Computer Transfer Safe2011-03-15 08:31:47 -------- d-----w- c:\program files\CandySoft2011-03-12 01:39:55 -------- d-----w- c:\program files\Microsoft Research2011-03-12 01:28:40 103864 ----a-w- c:\program files\mozilla firefox\plugins\nppdf32.dll2011-03-12 01:28:40 103864 ----a-w- c:\program files\internet explorer\plugins\nppdf32.dll2011-03-11 04:54:23 -------- d-----w- c:\progra~2\Nexon2011-03-10 09:06:48 -------- d-----w- c:\program files\Pando Networks2011-03-04 12:50:39 -------- d-----w- c:\program files\Bulk Rename Utility.==================== Find3M ====================.2011-02-11 11:23:29 499712 ----a-w- c:\windows\system32\msvcp71.dll2011-02-11 11:23:29 348160 ----a-w- c:\windows\system32\msvcr71.dll2006-05-03 00:06:54 163328 --sha-r- c:\windows\system32\flvDX.dll2007-02-21 01:47:16 31232 --sha-r- c:\windows\system32\msfDX.dll2008-03-16 03:30:52 216064 --sha-r- c:\windows\system32\nbDX.dll.============= FINISH: 17:01:35.41 =============== Link to post Share on other sites More sharing options...
Staff screen317 Posted March 28, 2011 Staff ID:406417 Share Posted March 28, 2011 Hi,Next, please run a free online scan with the ESET Online ScannerNote: You will need to use Internet Explorer for this scan.Tick the box next to YES, I accept the Terms of Use.Click StartWhen asked, allow the ActiveX control to installClick StartMake sure that the options Remove found threats and the option Scan unwanted applications is checkedClick ScanWait for the scan to finishUse Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txtCopy and paste that log as a reply to this topicNext, download my Security Check from here or here.Save it to your Desktop.Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.A Notepad document should open automatically called checkup.txt; please post the contents of that document.Let me know how things are running now and what issues remain.-screen317 Link to post Share on other sites More sharing options...
oxadiba Posted March 29, 2011 Author ID:406697 Share Posted March 29, 2011 Hi,Next, please run a free online scan with the ESET Online ScannerNote: You will need to use Internet Explorer for this scan.Tick the box next to YES, I accept the Terms of Use.Click StartWhen asked, allow the ActiveX control to installClick StartMake sure that the options Remove found threats and the option Scan unwanted applications is checkedClick ScanWait for the scan to finishUse Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txtCopy and paste that log as a reply to this topicNext, download my Security Check from here or here.Save it to your Desktop.Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.A Notepad document should open automatically called checkup.txt; please post the contents of that document.Let me know how things are running now and what issues remain.-screen317ESETSmartInstaller@High as CAB hook log:OnlineScanner.ocx - registred OK# version=7# iexplore.exe=8.00.7600.16385 (win7_rtm.090713-1255)# OnlineScanner.ocx=1.0.0.6425# api_version=3.0.2# EOSSerial=f177bf4379b0354dbe619fb1e14a7a1b# end=finished# remove_checked=true# archives_checked=false# unwanted_checked=true# unsafe_checked=false# antistealth_checked=true# utc_time=2011-03-29 09:30:08# local_time=2011-03-29 08:30:08 (+1000, AUS Eastern Daylight Time)# country="Australia"# lang=9# osver=6.1.7600 NT # compatibility_mode=768 16777215 100 0 22939693 22939693 0 0# compatibility_mode=5893 16776574 100 94 22947373 53019898 0 0# compatibility_mode=8192 67108863 100 0 0 0 0 0# scanned=118324# found=7# cleaned=7# scan_time=5901C:\Program Files\Registry Easy\Recoveryer.dll Win32/Adware.RegistryEasy application (cleaned by deleting - quarantined) 00000000000000000000000000000000 CC:\Program Files\Registry Easy\RegEasyCleaner.exe a variant of Win32/Adware.RegistryEasy application (cleaned by deleting - quarantined) 00000000000000000000000000000000 CC:\Users\Chris\Documents\Programs\MDL_1.3.0322.exe Win32/Adware.DiscoveryLive application (deleted - quarantined) 00000000000000000000000000000000 CC:\Users\Chris\Documents\Programs\MsgPlusLive-450.exe a variant of Win32/Adware.CiDHelp application (cleaned by deleting - quarantined) 00000000000000000000000000000000 CC:\Users\Chris\Documents\Programs\MsgPlusLive-483.exe a variant of Win32/Adware.CiDHelp application (cleaned by deleting - quarantined) 00000000000000000000000000000000 CC:\Users\Chris\Documents\Programs\MsgPlusLive-490.exe a variant of Win32/MessengerPlus application (cleaned by deleting - quarantined) 00000000000000000000000000000000 CC:\Users\Chris\Documents\Programs\RegistryEasy.exe a variant of Win32/Adware.RegistryEasy application (deleted - quarantined) 00000000000000000000000000000000 C Link to post Share on other sites More sharing options...
oxadiba Posted March 29, 2011 Author ID:406698 Share Posted March 29, 2011 Hi,Next, please run a free online scan with the ESET Online ScannerNote: You will need to use Internet Explorer for this scan.Tick the box next to YES, I accept the Terms of Use.Click StartWhen asked, allow the ActiveX control to installClick StartMake sure that the options Remove found threats and the option Scan unwanted applications is checkedClick ScanWait for the scan to finishUse Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txtCopy and paste that log as a reply to this topicNext, download my Security Check from here or here.Save it to your Desktop.Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.A Notepad document should open automatically called checkup.txt; please post the contents of that document.Let me know how things are running now and what issues remain.-screen317 Results of screen317's Security Check version 0.99.10 Windows 7 (UAC is disabled!) Internet Explorer 8 `````````````````````````````` Antivirus/Firewall Check: Windows Firewall Enabled! ESET Online Scanner v3 Microsoft Security Essentials WMI entry may not exist for antivirus; attempting automatic update. ``````````````````````````````` Anti-malware/Other Utilities Check: Malwarebytes' Anti-Malware CCleaner Java 6 Update 20 Out of date Java installed! Adobe Flash Player 10.2.152.26 Adobe Reader 9.4.3 Out of date Adobe Reader installed! Mozilla Firefox (x86 en-US..) ```````````````````````````````` Process Check: objlist.exe by Laurent Windows Defender MSMpEng.exe Microsoft Security Essentials msseces.exe Microsoft Security Client Antimalware MsMpEng.exe Microsoft Security Client Antimalware NisSrv.exe ``````````End of Log```````````` Link to post Share on other sites More sharing options...
Staff screen317 Posted March 30, 2011 Staff ID:407791 Share Posted March 30, 2011 Hi,Please use the Add Reply button to reply instead of the button you're currently using.Navigate to Start --> Run, and type Combofix /uninstall in the box that appears. Click OK afterward. Notice the space between the X and the /uninstallThis uninstalls all of ComboFix's components.Delete SecurityCheck.After that, navigate to Start --> Control Panel --> Add or Remove Programs, and uninstall the following programs (if present):Java Link to post Share on other sites More sharing options...
oxadiba Posted April 2, 2011 Author ID:409519 Share Posted April 2, 2011 Everything seems to be fine, no other suspicious behavior.Thanks a bunch for your help. Link to post Share on other sites More sharing options...
oxadiba Posted April 4, 2011 Author ID:410720 Share Posted April 4, 2011 Hmmm it seems that my computer freezes now. Didn't happen before but after all this its freezing around twice a day.Any ideas? I thought it was just coincidental but its been happening for a couple of days now. Link to post Share on other sites More sharing options...
Staff screen317 Posted April 6, 2011 Staff ID:412291 Share Posted April 6, 2011 Hi,Post a new SecurityCheck log.Next, please run the PCPitstop Full Tests here (NOT the PCMatic scan or any other scan; simply register with the box on the left and you will be taken to the Full Tests/Overdrive Test). When the tests are complete, a results page will pop up. Copy and paste the URL of the Results screen and post it here for me. Link to post Share on other sites More sharing options...
oxadiba Posted April 7, 2011 Author ID:412477 Share Posted April 7, 2011 Results of screen317's Security Check version 0.99.10 Windows 7 (UAC is disabled!) Internet Explorer 8 `````````````````````````````` Antivirus/Firewall Check: Windows Firewall Enabled! ESET Online Scanner v3 Microsoft Security Essentials WMI entry may not exist for antivirus; attempting automatic update. ``````````````````````````````` Anti-malware/Other Utilities Check: Malwarebytes' Anti-Malware CCleaner Eusing Free Registry Cleaner Java 6 Update 24 Adobe Flash Player 10.2.153.1 Adobe Reader X (10.0.1) Mozilla Firefox (x86 en-US..) ```````````````````````````````` Process Check: objlist.exe by Laurent Windows Defender MSMpEng.exe Microsoft Security Essentials msseces.exe Microsoft Security Client Antimalware MsMpEng.exe Microsoft Security Client Antimalware NisSrv.exe ``````````End of Log```````````` Link to post Share on other sites More sharing options...
oxadiba Posted April 7, 2011 Author ID:412478 Share Posted April 7, 2011 http://www.pcpitstop.com/betapit/sec.asp?conid=24297577 Link to post Share on other sites More sharing options...
Staff screen317 Posted April 10, 2011 Staff ID:413749 Share Posted April 10, 2011 Hi,Empty your Recycle Bin.Your hardware is pretty outdated, and personally I'm not surprised if it's performing poorly.Download the latest graphics card driver for your nVidia 6100 from here:http://www.nvidia.com/object/win7-winvista-32bit-260.99-whql-driver.htmlInstall it, restart your computer and see how things are running now. Link to post Share on other sites More sharing options...
oxadiba Posted April 17, 2011 Author ID:417333 Share Posted April 17, 2011 Hello, the crashing has stopped but now i have another problem.The driver keeps crashing. When it crashes the screen turns off and when the driver recovers, the screen goes all crazy.This happens usually when im in mozilla, and the screen stops going crazy when i close it.By crazy i mean this. I have uploaded a screenshothttp://img847.imageshack.us/i/screennk.png/It looks like that, and flickers everywhere.Thanks for your help. Link to post Share on other sites More sharing options...
Staff screen317 Posted April 20, 2011 Staff ID:418573 Share Posted April 20, 2011 Hi,Try installing that graphics driver update again; the download may have been corrupted. Link to post Share on other sites More sharing options...
oxadiba Posted April 25, 2011 Author ID:420699 Share Posted April 25, 2011 The screen still crashes, but it doesn't go crazy anymore. Good enough, thank you very much for all your help, i really appreciate it. Link to post Share on other sites More sharing options...
Staff screen317 Posted April 27, 2011 Staff ID:421548 Share Posted April 27, 2011 Thanks for letting me know.I'll leave this topic open if you have any additional questions. Link to post Share on other sites More sharing options...
Recommended Posts