Jump to content

Keylogged?


Recommended Posts

Hello, so i got hacked yesterday in a game yesterday,

Not angry over it since it gave me a reason to quit, however i am wondering if the keylogger is still on my computer.

I'm sure its a key logger because i play on two accounts, and only the account that i typed in was hacked. The other one already had the username in, so i only typed in the password

I ran MBAM in safe mode and these two files came up.

Rogue.Agent, located in Appdata/LocalLow/Sun/Java

Malware.Trace, located in System32

This is the log file:

Malwarebytes' Anti-Malware 1.50.1.1100

www.malwarebytes.org

Database version: 6130

Windows 6.1.7600 (Safe Mode)

Internet Explorer 8.0.7600.16385

23/03/2011 12:11:58 AM

mbam-log-2011-03-23 (00-11-58).txt

Scan type: Full scan (C:\|)

Objects scanned: 280262

Time elapsed: 28 minute(s), 34 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 2

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

c:\Users\Chris\AppData\LocalLow\Sun\Java\deployment\cache\6.0\3\6f657583-178db2f9 (Rogue.Agent) -> Quarantined and deleted successfully.

c:\Windows\System32\secushr.dat (Malware.Trace) -> Quarantined and deleted successfully.

I also ran combofix, and this is the log:

ComboFix 11-03-22.05 - Chris 23/03/2011 18:19:59.2.1 - x86 MINIMAL

Microsoft Windows 7 Ultimate 6.1.7600.0.1252.61.1033.18.960.527 [GMT 11:00]

Running from: c:\users\Chris\Desktop\ComboFix.exe

AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}

SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\programdata\hpe9C7A.dll

c:\windows\system32\AVSredirect.dll

.

.

((((((((((((((((((((((((( Files Created from 2011-02-23 to 2011-03-23 )))))))))))))))))))))))))))))))

.

.

2011-03-23 07:27 . 2011-03-23 07:27 -------- d-----w- c:\users\Tiffany\AppData\Local\temp

2011-03-23 07:27 . 2011-03-23 07:27 -------- d-----w- c:\users\Jenni\AppData\Local\temp

2011-03-23 07:27 . 2011-03-23 07:27 -------- d-----w- c:\users\Default\AppData\Local\temp

2011-03-23 07:27 . 2011-03-23 07:27 -------- d-----w- c:\users\Chris\AppData\Local\temp

2011-03-20 05:41 . 2011-02-11 06:54 5943120 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{DBB4108F-4833-4632-9F28-63316911FDD1}\mpengine.dll

2011-03-15 08:40 . 2011-03-15 08:40 -------- d-----w- c:\program files\iPod to Computer Transfer Safe

2011-03-15 08:31 . 2011-03-15 08:31 -------- d-----w- c:\program files\CandySoft

2011-03-13 13:08 . 2011-03-13 13:08 -------- d-----w- c:\users\Jenni\AppData\Roaming\vlc

2011-03-12 01:39 . 2011-03-12 01:39 -------- d-----w- c:\program files\Microsoft Research

2011-03-11 04:54 . 2011-03-11 04:54 -------- d-----w- c:\programdata\Nexon

2011-03-10 09:06 . 2011-03-11 04:32 -------- d-----w- c:\program files\Pando Networks

2011-03-04 12:50 . 2011-03-04 13:05 -------- d-----w- c:\program files\Bulk Rename Utility

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-02-11 11:23 . 2009-08-27 02:23 348160 ----a-w- c:\windows\system32\msvcr71.dll

2011-02-11 11:23 . 2009-02-19 06:49 499712 ----a-w- c:\windows\system32\msvcp71.dll

2011-02-11 06:54 . 2011-02-05 00:28 5943120 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2006-05-03 00:06 163328 --sha-r- c:\windows\System32\flvDX.dll

2007-02-21 01:47 31232 --sha-r- c:\windows\System32\msfDX.dll

2008-03-16 03:30 216064 --sha-r- c:\windows\System32\nbDX.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{872b5b88-9db5-4310-bdd0-ac189557e5f5}"= "c:\program files\DVDVideoSoftTB\tbDVDV.dll" [2010-04-27 2393184]

.

[HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]

.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]

2010-04-27 00:08 2393184 ----a-w- c:\program files\DVDVideoSoftTB\tbDVDV.dll

.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]

2010-10-11 05:12 1244040 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{872b5b88-9db5-4310-bdd0-ac189557e5f5}"= "c:\program files\DVDVideoSoftTB\tbDVDV.dll" [2010-04-27 2393184]

"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-10-11 1244040]

.

[HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]

.

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]

[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]

[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]

[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

.

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]

"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-10-11 1244040]

"{872B5B88-9DB5-4310-BDD0-AC189557E5F5}"= "c:\program files\DVDVideoSoftTB\tbDVDV.dll" [2010-04-27 2393184]

.

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]

[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]

[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]

[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

.

[HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" [2009-11-20 434176]

"RoboForm"="c:\program files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2010-06-27 160592]

"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-04-16 3872080]

"Window Hide Tool"="c:\program files\Window Hide Tool\Window Hide Tool.exe" [2008-01-18 307200]

"NetLimiter"="c:\program files\NetLimiter 3\NLClientApp.exe" [2010-08-30 1781760]

"VeohPlugin"="c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe" [2010-07-06 2634048]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"VX1000"="c:\windows\vVX1000.exe" [2010-05-20 762736]

"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-18 421888]

"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2010-04-12 180224]

"LifeCam"="c:\program files\Microsoft LifeCam\LifeExp.exe" [2010-05-20 119152]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-07-21 141608]

"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]

"AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-21 406992]

"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-05 500208]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-21 35760]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]

"LogMeIn Hamachi Ui"="c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe" [2010-12-05 1910152]

"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2010-11-30 997408]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

"GrpConv"="grpconv -o" [X]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 0 (0x0)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

.

R1 MpKsl0a64b4c9;MpKsl0a64b4c9;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C9AE0654-F4C9-45A3-AAF7-90230F4832C1}\MpKsl0a64b4c9.sys [x]

R1 MpKsl4114a2e3;MpKsl4114a2e3;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A11D47D4-B2D2-4D6F-8211-E3F44999483B}\MpKsl4114a2e3.sys [x]

R1 MpKsl473fce8d;MpKsl473fce8d;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E44489FE-430E-4ED0-87EF-4D39C29D6DCE}\MpKsl473fce8d.sys [x]

R1 MpKsl58b60863;MpKsl58b60863;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{823CECA2-0D2C-4FF2-8B62-E4C10AF7A73E}\MpKsl58b60863.sys [x]

R1 MpKsl5d49a998;MpKsl5d49a998;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{D21D0FFD-9455-4450-9B7F-6E09F15A970C}\MpKsl5d49a998.sys [x]

R1 MpKsl68c98d0c;MpKsl68c98d0c;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{3DE23A87-38A4-4AC6-81B1-903617D37255}\MpKsl68c98d0c.sys [x]

R1 MpKsl71f6da39;MpKsl71f6da39;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{8945A828-88B9-4810-8981-1BE93B95427D}\MpKsl71f6da39.sys [x]

R1 MpKsl74d34c53;MpKsl74d34c53;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{DBB4108F-4833-4632-9F28-63316911FDD1}\MpKsl74d34c53.sys [x]

R1 MpKsl88e72bd7;MpKsl88e72bd7;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{3D524FF2-DF7B-4EF8-9440-76990FAA2184}\MpKsl88e72bd7.sys [x]

R1 MpKsl89314201;MpKsl89314201;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{6359E0E0-1B30-44FB-9911-1A1CC1993472}\MpKsl89314201.sys [x]

R1 MpKsla8d8c55e;MpKsla8d8c55e;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{6A77F341-6197-4F03-B515-C77A60D3A8EB}\MpKsla8d8c55e.sys [x]

R1 MpKsld332f3d2;MpKsld332f3d2;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F8CF47CD-354B-4422-B934-6E89AE8A1FEE}\MpKsld332f3d2.sys [x]

R1 MpKsldae26589;MpKsldae26589;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{59AB2401-DD06-45E8-9269-0B8F0C6D82E8}\MpKsldae26589.sys [x]

R1 MpKsldce0ef64;MpKsldce0ef64;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{D4CE89D6-85C6-47AE-A2A7-91DFB2AEF4B4}\MpKsldce0ef64.sys [x]

R1 MpKsle28c4144;MpKsle28c4144;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{90731F6A-CE1D-4E77-8781-8A6CBD6F348A}\MpKsle28c4144.sys [x]

R1 MpKslefb7a966;MpKslefb7a966;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A11D47D4-B2D2-4D6F-8211-E3F44999483B}\MpKslefb7a966.sys [x]

R1 MpKslf45e4804;MpKslf45e4804;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E44489FE-430E-4ED0-87EF-4D39C29D6DCE}\MpKslf45e4804.sys [x]

R1 nltdi;nltdi;c:\program files\NetLimiter 3\nltdi.sys [2010-08-30 5281672]

R2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;c:\program files\LogMeIn Hamachi\hamachi-2.exe [2010-12-05 1238408]

R2 HssWd;Hotspot Shield Monitoring Service;c:\program files\Hotspot Shield\bin\hsswd.exe [2010-06-16 322608]

R2 Joulemeter Service;Joulemeter Service;c:\program files\Microsoft Research\Joulemeter\JoulemeterService.exe [2010-09-10 64816]

R2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2010-06-25 35088]

R2 OMSI download service;Sony Ericsson OMSI download service;c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe [2009-04-30 90112]

R3 EagleXNt;EagleXNt;c:\windows\system32\drivers\EagleXNt.sys [x]

R3 GGSAFERDriver;GGSAFER Driver;c:\program files\Garena\plugins\UI\safedrv.sys [x]

R3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.12.1;c:\windows\system32\drivers\libusb0.sys [2007-03-20 28672]

R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2010-10-24 43392]

R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl.sys [2010-04-19 18432]

R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2010-10-24 54144]

R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2010-11-11 206360]

R3 NLNdisMP;NLNdisMP;c:\windows\system32\DRIVERS\nlndis.sys [2010-08-30 5230088]

R3 NLNdisPT;NetLimiter Ndis Protocol Service;c:\windows\system32\DRIVERS\nlndis.sys [2010-08-30 5230088]

R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [2010-10-20 3966416]

R3 s1018bus;Sony Ericsson Device 1018 driver (WDM);c:\windows\system32\DRIVERS\s1018bus.sys [2009-03-25 86824]

R3 s1018mdfl;Sony Ericsson Device 1018 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s1018mdfl.sys [2009-03-25 15016]

R3 s1018mdm;Sony Ericsson Device 1018 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s1018mdm.sys [2009-03-25 114728]

R3 s1018mgmt;Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s1018mgmt.sys [2009-03-25 106208]

R3 s1018nd5;Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS);c:\windows\system32\DRIVERS\s1018nd5.sys [2009-03-25 26024]

R3 s1018obex;Sony Ericsson Device 1018 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s1018obex.sys [2009-03-25 104744]

R3 s1018unic;Sony Ericsson Device 1018 USB Ethernet Emulation (WDM);c:\windows\system32\DRIVERS\s1018unic.sys [2009-03-25 109864]

R3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]

R3 USBTINSP;TI-Nspire Handheld or TI Network Bridge Device Driver;c:\windows\system32\DRIVERS\tinspusb.sys [2010-03-29 122752]

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

.

.

------- Supplementary Scan -------

.

uInternet Settings,ProxyOverride = *.local

IE: Customize Menu - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

IE: Fill Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComFillForms.html

IE: Free YouTube to Mp3 Converter - c:\users\Chris\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm

IE: RoboForm Toolbar - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html

IE: Save Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComSavePass.html

Trusted Zone: kuaiche.com\software

FF - ProfilePath - c:\users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\q7jpcjki.default\

FF - prefs.js: browser.startup.homepage - www.google.com

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

FF - Ext: Veoh Web Player Toolbar: {cd90bf73-20f6-44ef-993d-bb920303bd2e} - %profile%\extensions\{cd90bf73-20f6-44ef-993d-bb920303bd2e}

FF - Ext: AI Roboform Toolbar for Firefox: {22119944-ED35-4ab1-910B-E619EA06A115} - c:\program files\Siber Systems\AI RoboForm\Firefox

.

.

------- File Associations -------

.

regfile\shell\edit\command=%SystemRoot%\system32\notepad.exe "%1"

.

- - - - ORPHANS REMOVED - - - -

.

HKCU-Run-FlashGet 3 - c:\program files\FlashGet Network\FlashGet 3\Flashget3.exe

HKCU-Run-AdobeBridge - (no file)

HKLM-RunOnce-<NO NAME> - (no file)

AddRemove-ESI - Romio MIDI Driver Setup - c:\program files\ESI\Romio\uninst.exe Software\ESI\Romio\Setup

.

.

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npggsvc]

"ImagePath"="c:\windows\system32\GameMon.des -service"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Completion time: 2011-03-23 18:29:50

ComboFix-quarantined-files.txt 2011-03-23 07:29

.

Pre-Run: 45,085,720,576 bytes free

Post-Run: 44,678,004,736 bytes free

.

- - End Of File - - 12D4F5C20ABA8C188605EDA371988AF0

Are any of these the infected files the culprits? If they're not then what other action should i take?

Thanks

Link to post
Share on other sites

Hi and welcome to Malwarebytes.

Please update MBAM, run a Quick Scan, and post its log.

Next, download DDS by sUBs and save it to your Desktop.

Double-click on the DDS icon and let the scan run. When it has run two logs will be produced, please post DDS.txt directly into your reply.

Malwarebytes' Anti-Malware 1.50.1.1100

www.malwarebytes.org

Database version: 6172

Windows 6.1.7600

Internet Explorer 8.0.7600.16385

26/03/2011 4:59:51 PM

mbam-log-2011-03-26 (16-59-51).txt

Scan type: Quick scan

Objects scanned: 172458

Time elapsed: 7 minute(s), 9 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 1

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A078F691-9C07-4AF2-BF43-35E79EECF8B7} (Adware.Softomate) -> Quarantined and deleted successfully.

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

DDS file is attached

DDS.txt

Link to post
Share on other sites

Malwarebytes' Anti-Malware 1.50.1.1100

www.malwarebytes.org

Database version: 6172

Windows 6.1.7600

Internet Explorer 8.0.7600.16385

26/03/2011 4:59:51 PM

mbam-log-2011-03-26 (16-59-51).txt

Scan type: Quick scan

Objects scanned: 172458

Time elapsed: 7 minute(s), 9 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 1

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A078F691-9C07-4AF2-BF43-35E79EECF8B7} (Adware.Softomate) -> Quarantined and deleted successfully.

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

DDS file is attached

.

DDS (Ver_11-03-05.01) - NTFSx86

Run by Chris at 17:00:20.14 on Sat 26/03/2011

Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_20

Microsoft Windows 7 Ultimate 6.1.7600.0.1252.61.1033.18.960.186 [GMT 11:00]

.

AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}

SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\nvvsvc.exe

C:\Windows\system32\svchost.exe -k RPCSS

c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\nvvsvc.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Microsoft Research\Joulemeter\JoulemeterService.exe

C:\Program Files\Microsoft LifeCam\MSCamS32.exe

C:\Windows\System32\svchost.exe -k HPZ12

C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe

C:\Windows\System32\svchost.exe -k HPZ12

C:\Windows\system32\svchost.exe -k imgsvc

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\vVX1000.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\PowerISO\PWRISOVM.EXE

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Microsoft Security Client\msseces.exe

C:\Program Files\Window Hide Tool\Window Hide Tool.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files\Warcraft III\ManaBars.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\system32\wbem\WmiApSrv.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe

C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\Program Files\Windows Live\Contacts\wlcomm.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Mozilla Firefox\plugin-container.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe

C:\Windows\system32\NOTEPAD.EXE

C:\Users\Chris\Desktop\dds.scr

C:\Windows\system32\conhost.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uInternet Settings,ProxyOverride = *.local

uURLSearchHooks: DVDVideoSoftTB Toolbar: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - c:\program files\dvdvideosofttb\tbDVDV.dll

mURLSearchHooks: DVDVideoSoftTB Toolbar: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - c:\program files\dvdvideosofttb\tbDVDV.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO: RoboForm BHO: {724d43a9-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll

BHO: DVDVideoSoftTB Toolbar: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - c:\program files\dvdvideosofttb\tbDVDV.dll

BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

TB: &RoboForm: {724d43a0-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll

TB: DVDVideoSoftTB Toolbar: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - c:\program files\dvdvideosofttb\tbDVDV.dll

TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File

uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background

uRun: [Window Hide Tool] c:\program files\window hide tool\Window Hide Tool.exe

uRun: [sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun

uRun: [RoboForm] "c:\program files\siber systems\ai roboform\RoboTaskBarIcon.exe"

mRun: [VX1000] c:\windows\vVX1000.exe

mRun: [switchBoard] c:\program files\common files\adobe\switchboard\SwitchBoard.exe

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime

mRun: [PWRISOVM.EXE] c:\program files\poweriso\PWRISOVM.EXE

mRun: [LifeCam] "c:\program files\microsoft lifecam\LifeExp.exe"

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRun: [AdobeCS5ServiceManager] "c:\program files\common files\adobe\cs5servicemanager\CS5ServiceManager.exe" -launchedbylogin

mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe"

mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\manaba~1.lnk - c:\program files\warcraft iii\ManaBars.exe

mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableLUA = 0 (0x0)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

mPolicies-system: PromptOnSecureDesktop = 0 (0x0)

IE: Customize Menu - file://c:\program files\siber systems\ai roboform\RoboFormComCustomizeIEMenu.html

IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000

IE: Fill Forms - file://c:\program files\siber systems\ai roboform\RoboFormComFillForms.html

IE: Free YouTube to Mp3 Converter - c:\users\chris\appdata\roaming\dvdvideosoftiehelpers\youtubetomp3.htm

IE: RoboForm Toolbar - file://c:\program files\siber systems\ai roboform\RoboFormComShowToolbar.html

IE: Save Forms - file://c:\program files\siber systems\ai roboform\RoboFormComSavePass.html

IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - c:\program files\siber systems\ai roboform\RoboFormComFillForms.html

IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - c:\program files\siber systems\ai roboform\RoboFormComSavePass.html

IE: {724d43aa-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\RoboFormComShowToolbar.html

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL

Trusted Zone: kuaiche.com\software

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\users\chris\appdata\roaming\mozilla\firefox\profiles\q7jpcjki.default\

FF - prefs.js: browser.startup.homepage - www.google.com

FF - component: c:\program files\siber systems\ai roboform\firefox\components\rfproxy_31.dll

FF - component: c:\users\chris\appdata\roaming\mozilla\firefox\profiles\q7jpcjki.default\extensions\{cd90bf73-20f6-44ef-993d-bb920303bd2e}\components\FFExternalAlert.dll

FF - component: c:\users\chris\appdata\roaming\mozilla\firefox\profiles\q7jpcjki.default\extensions\{cd90bf73-20f6-44ef-993d-bb920303bd2e}\components\RadioWMPCore.dll

FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npijjiautoinstallpluginff.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npijjiFFPlugin1.dll

FF - plugin: c:\programdata\nexonus\ngm\npNxGameUS.dll

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

FF - Ext: Veoh Web Player Toolbar: {cd90bf73-20f6-44ef-993d-bb920303bd2e} - %profile%\extensions\{cd90bf73-20f6-44ef-993d-bb920303bd2e}

FF - Ext: Roboform Toolbar for Firefox: {22119944-ED35-4ab1-910B-E619EA06A115} - c:\program files\siber systems\ai roboform\Firefox

.

============= SERVICES / DRIVERS ===============

.

R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-10-24 165264]

R1 MpKsl1259af21;MpKsl1259af21;c:\programdata\microsoft\microsoft antimalware\definition updates\{d22c8912-f6e6-4446-948d-e51be27f3cf6}\MpKsl1259af21.sys [2011-3-25 28752]

R2 Joulemeter Service;Joulemeter Service;c:\program files\microsoft research\joulemeter\JoulemeterService.exe [2010-9-10 64816]

R2 OMSI download service;Sony Ericsson OMSI download service;c:\program files\sony ericsson\sony ericsson pc suite\SupServ.exe [2010-6-27 90112]

R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\drivers\MpNWMon.sys [2010-10-24 43392]

R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2010-10-24 54144]

R3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\antimalware\NisSrv.exe [2010-11-11 206360]

S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888]

S3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.12.1;c:\windows\system32\drivers\libusb0.sys [2010-9-19 28672]

S3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\drivers\netaapl.sys [2010-4-19 18432]

S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?]

S3 s1018bus;Sony Ericsson Device 1018 driver (WDM);c:\windows\system32\drivers\s1018bus.sys [2010-6-27 86824]

S3 s1018mdfl;Sony Ericsson Device 1018 USB WMC Modem Filter;c:\windows\system32\drivers\s1018mdfl.sys [2010-6-27 15016]

S3 s1018mdm;Sony Ericsson Device 1018 USB WMC Modem Driver;c:\windows\system32\drivers\s1018mdm.sys [2010-6-27 114728]

S3 s1018mgmt;Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s1018mgmt.sys [2010-6-27 106208]

S3 s1018nd5;Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS);c:\windows\system32\drivers\s1018nd5.sys [2010-6-27 26024]

S3 s1018obex;Sony Ericsson Device 1018 USB WMC OBEX Interface;c:\windows\system32\drivers\s1018obex.sys [2010-6-27 104744]

S3 s1018unic;Sony Ericsson Device 1018 USB Ethernet Emulation (WDM);c:\windows\system32\drivers\s1018unic.sys [2010-6-27 109864]

S3 SwitchBoard;SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]

S3 USBTINSP;TI-Nspire Handheld or TI Network Bridge Device Driver;c:\windows\system32\drivers\tinspusb.sys [2010-3-29 122752]

SUnknown cmpyvtuj;cmpyvtuj; [x]

.

=============== File Associations ===============

.

regfile\shell\edit\command=%SystemRoot%\system32\notepad.exe "%1"

.

=============== Created Last 30 ================

.

2011-03-25 00:55:12 28752 ----a-w- c:\progra~2\microsoft\microsoft antimalware\definition updates\{d22c8912-f6e6-4446-948d-e51be27f3cf6}\MpKsl1259af21.sys

2011-03-25 00:54:56 6792528 ----a-w- c:\progra~2\microsoft\microsoft antimalware\definition updates\{d22c8912-f6e6-4446-948d-e51be27f3cf6}\mpengine.dll

2011-03-23 07:29:56 -------- d-sh--w- C:\$RECYCLE.BIN

2011-03-23 07:29:52 -------- d-----w- c:\users\chris\appdata\local\temp

2011-03-23 05:15:06 98816 ----a-w- c:\windows\sed.exe

2011-03-23 05:15:06 89088 ----a-w- c:\windows\MBR.exe

2011-03-23 05:15:06 256512 ----a-w- c:\windows\PEV.exe

2011-03-23 05:15:06 161792 ----a-w- c:\windows\SWREG.exe

2011-03-15 08:40:15 -------- d-----w- c:\program files\iPod to Computer Transfer Safe

2011-03-15 08:31:47 -------- d-----w- c:\program files\CandySoft

2011-03-12 01:39:55 -------- d-----w- c:\program files\Microsoft Research

2011-03-12 01:28:40 103864 ----a-w- c:\program files\mozilla firefox\plugins\nppdf32.dll

2011-03-12 01:28:40 103864 ----a-w- c:\program files\internet explorer\plugins\nppdf32.dll

2011-03-11 04:54:23 -------- d-----w- c:\progra~2\Nexon

2011-03-10 09:06:48 -------- d-----w- c:\program files\Pando Networks

2011-03-04 12:50:39 -------- d-----w- c:\program files\Bulk Rename Utility

.

==================== Find3M ====================

.

2011-02-11 11:23:29 499712 ----a-w- c:\windows\system32\msvcp71.dll

2011-02-11 11:23:29 348160 ----a-w- c:\windows\system32\msvcr71.dll

2006-05-03 00:06:54 163328 --sha-r- c:\windows\system32\flvDX.dll

2007-02-21 01:47:16 31232 --sha-r- c:\windows\system32\msfDX.dll

2008-03-16 03:30:52 216064 --sha-r- c:\windows\system32\nbDX.dll

.

============= FINISH: 17:01:35.41 ===============

Link to post
Share on other sites

  • Staff

Hi,

Next, please run a free online scan with the ESET Online Scanner

Note: You will need to use Internet Explorer for this scan.

  1. Tick the box next to YES, I accept the Terms of Use.
  2. Click Start
  3. When asked, allow the ActiveX control to install
  4. Click Start
  5. Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  6. Click Scan
    Wait for the scan to finish
  7. Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  8. Copy and paste that log as a reply to this topic

Next, download my Security Check from here or here.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Let me know how things are running now and what issues remain.

-screen317

Link to post
Share on other sites

Hi,

Next, please run a free online scan with the ESET Online Scanner

Note: You will need to use Internet Explorer for this scan.

  1. Tick the box next to YES, I accept the Terms of Use.
  2. Click Start
  3. When asked, allow the ActiveX control to install
  4. Click Start
  5. Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  6. Click Scan
    Wait for the scan to finish
  7. Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  8. Copy and paste that log as a reply to this topic

Next, download my Security Check from here or here.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Let me know how things are running now and what issues remain.

-screen317

ESETSmartInstaller@High as CAB hook log:

OnlineScanner.ocx - registred OK

# version=7

# iexplore.exe=8.00.7600.16385 (win7_rtm.090713-1255)

# OnlineScanner.ocx=1.0.0.6425

# api_version=3.0.2

# EOSSerial=f177bf4379b0354dbe619fb1e14a7a1b

# end=finished

# remove_checked=true

# archives_checked=false

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2011-03-29 09:30:08

# local_time=2011-03-29 08:30:08 (+1000, AUS Eastern Daylight Time)

# country="Australia"

# lang=9

# osver=6.1.7600 NT

# compatibility_mode=768 16777215 100 0 22939693 22939693 0 0

# compatibility_mode=5893 16776574 100 94 22947373 53019898 0 0

# compatibility_mode=8192 67108863 100 0 0 0 0 0

# scanned=118324

# found=7

# cleaned=7

# scan_time=5901

C:\Program Files\Registry Easy\Recoveryer.dll Win32/Adware.RegistryEasy application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Program Files\Registry Easy\RegEasyCleaner.exe a variant of Win32/Adware.RegistryEasy application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Users\Chris\Documents\Programs\MDL_1.3.0322.exe Win32/Adware.DiscoveryLive application (deleted - quarantined) 00000000000000000000000000000000 C

C:\Users\Chris\Documents\Programs\MsgPlusLive-450.exe a variant of Win32/Adware.CiDHelp application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Users\Chris\Documents\Programs\MsgPlusLive-483.exe a variant of Win32/Adware.CiDHelp application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Users\Chris\Documents\Programs\MsgPlusLive-490.exe a variant of Win32/MessengerPlus application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Users\Chris\Documents\Programs\RegistryEasy.exe a variant of Win32/Adware.RegistryEasy application (deleted - quarantined) 00000000000000000000000000000000 C

Link to post
Share on other sites

Hi,

Next, please run a free online scan with the ESET Online Scanner

Note: You will need to use Internet Explorer for this scan.

  1. Tick the box next to YES, I accept the Terms of Use.
  2. Click Start
  3. When asked, allow the ActiveX control to install
  4. Click Start
  5. Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  6. Click Scan
    Wait for the scan to finish
  7. Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  8. Copy and paste that log as a reply to this topic

Next, download my Security Check from here or here.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Let me know how things are running now and what issues remain.

-screen317

Results of screen317's Security Check version 0.99.10

Windows 7 (UAC is disabled!)

Internet Explorer 8

``````````````````````````````

Antivirus/Firewall Check:

Windows Firewall Enabled!

ESET Online Scanner v3

Microsoft Security Essentials

WMI entry may not exist for antivirus; attempting automatic update.

```````````````````````````````

Anti-malware/Other Utilities Check:

Malwarebytes' Anti-Malware

CCleaner

Java 6 Update 20

Out of date Java installed!

Adobe Flash Player 10.2.152.26

Adobe Reader 9.4.3

Out of date Adobe Reader installed!

Mozilla Firefox (x86 en-US..)

````````````````````````````````

Process Check:

objlist.exe by Laurent

Windows Defender MSMpEng.exe

Microsoft Security Essentials msseces.exe

Microsoft Security Client Antimalware MsMpEng.exe

Microsoft Security Client Antimalware NisSrv.exe

``````````End of Log````````````

Link to post
Share on other sites

  • Staff

Hi,

Please use the Add Reply button to reply instead of the button you're currently using.

Navigate to Start --> Run, and type Combofix /uninstall in the box that appears. Click OK afterward. Notice the space between the X and the /uninstall

This uninstalls all of ComboFix's components.

Delete SecurityCheck.

After that, navigate to Start --> Control Panel --> Add or Remove Programs, and uninstall the following programs (if present):

Java

Link to post
Share on other sites

  • Staff

Hi,

Post a new SecurityCheck log.

Next, please run the PCPitstop Full Tests here (NOT the PCMatic scan or any other scan; simply register with the box on the left and you will be taken to the Full Tests/Overdrive Test). When the tests are complete, a results page will pop up. Copy and paste the URL of the Results screen and post it here for me.

Link to post
Share on other sites

Results of screen317's Security Check version 0.99.10

Windows 7 (UAC is disabled!)

Internet Explorer 8

``````````````````````````````

Antivirus/Firewall Check:

Windows Firewall Enabled!

ESET Online Scanner v3

Microsoft Security Essentials

WMI entry may not exist for antivirus; attempting automatic update.

```````````````````````````````

Anti-malware/Other Utilities Check:

Malwarebytes' Anti-Malware

CCleaner

Eusing Free Registry Cleaner

Java 6 Update 24

Adobe Flash Player 10.2.153.1

Adobe Reader X (10.0.1)

Mozilla Firefox (x86 en-US..)

````````````````````````````````

Process Check:

objlist.exe by Laurent

Windows Defender MSMpEng.exe

Microsoft Security Essentials msseces.exe

Microsoft Security Client Antimalware MsMpEng.exe

Microsoft Security Client Antimalware NisSrv.exe

``````````End of Log````````````

Link to post
Share on other sites

  • Staff

Hi,

Empty your Recycle Bin.

Your hardware is pretty outdated, and personally I'm not surprised if it's performing poorly.

Download the latest graphics card driver for your nVidia 6100 from here:

http://www.nvidia.com/object/win7-winvista-32bit-260.99-whql-driver.html

Install it, restart your computer and see how things are running now.

Link to post
Share on other sites

Hello, the crashing has stopped but now i have another problem.

The driver keeps crashing. When it crashes the screen turns off and when the driver recovers, the screen goes all crazy.

This happens usually when im in mozilla, and the screen stops going crazy when i close it.

By crazy i mean this. I have uploaded a screenshot

http://img847.imageshack.us/i/screennk.png/

It looks like that, and flickers everywhere.

Thanks for your help.

Link to post
Share on other sites

 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.