Jump to content

REdirect Virus

raewyn

By raewyn
in Resolved Malware Removal Logs

 Share

Recommended Posts

raewyn

raewyn

Posted
Posted

Hope I have followed instructions correctly:

MAlwarebytes log:

Malwarebytes' Anti-Malware 1.51.2.1300

www.malwarebytes.org

Database version: 7786

Windows 6.1.7600

Internet Explorer 8.0.7600.16385

24/09/2011 2:48:55 p.m.

mbam-log-2011-09-24 (14-48-55).txt

Scan type: Quick scan

Objects scanned: 185611

Time elapsed: 13 minute(s), 56 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

DDS Log:

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 8.0.7600.16385

Run by Raewyn at 14:51:59 on 2011-09-24

Microsoft Windows 7 Professional 6.1.7600.0.1252.64.1033.18.2046.789 [GMT 12:00]

.

AV: ESET Smart Security 5.0 *Enabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}

AV: Spyware Doctor with AntiVirus *Disabled/Updated* {2F668A56-D5E0-2DF1-A0AE-CB1284F42AB2}

AV: Microsoft Security Essentials *Enabled/Updated* {BF5CEBDC-F2D3-7540-343C-F0CE11FD6E66}

SP: Microsoft Security Essentials *Enabled/Updated* {043D0A38-D4E9-7ACE-0E8C-CBBC6A7A24DB}

SP: SPYWAREfighter *Disabled/Updated* {2CA2BED9-C3E1-63C9-3FCE-3527C816A7C9}

SP: ESET Smart Security 5.0 *Enabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: Spyware Doctor *Disabled/Updated* {94076BB2-F3DA-227F-9A1E-F060FF73600F}

FW: ESET Personal firewall *Enabled* {4FE52EC8-CB26-1113-0EFE-8842E2773BAA}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

c:\Program Files\Microsoft Security Essentials\MsMpEng.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\CISVC.EXE

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\system32\SearchIndexer.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe

C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe

C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

C:\Program Files\Genie-Soft\GBMPro8\GBMAgent.exe

C:\Windows\System32\rundll32.exe

C:\Program Files\Brother\ControlCenter3\brccMCtl.exe

C:\Program Files\Citrix\GoToMeeting\723\g2mstart.exe

C:\Program Files\Citrix\GoToMeeting\723\g2mcomm.exe

C:\Program Files\Citrix\GoToMeeting\723\g2mlauncher.exe

C:\Windows\system32\wuauclt.exe

C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE

C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files\PC Tools Security\BDT\BDTUpdateService.exe

C:\Program Files\PC Tools Security\BDT\FGuard.exe

C:\Windows\system32\taskhost.exe

C:\Program Files\Fighters\FighterSuiteService.exe

C:\Program Files\Common Files\Common Toolkit Suite\AVEngine\AVScanningService.exe

C:\Program Files\Common Files\Common Toolkit Suite\AVEngine\AVWatchService.exe

C:\Program Files\Fighters\SPYWAREfighter\SWPROTray.exe

C:\Program Files\ESET\ESET Smart Security\ekrn.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Program Files\ESET\ESET Smart Security\egui.exe

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrobat.exe

C:\Standard19\Myob.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Windows\system32\LogonUI.exe

C:\Windows\system32\conhost.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://google.co.nz/

uURLSearchHooks: PC Tools Browser Guard: {472734ea-242a-422b-adf8-83d1e48cc825} - c:\program files\pc tools security\bdt\PCTBrowserDefender.dll

BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll

BHO: PC Tools Browser Guard BHO: {2a0f3d1b-0909-4ff4-b272-609cce6054e7} - c:\program files\pc tools security\bdt\PCTBrowserDefender.dll

BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll

BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~1\office14\URLREDIR.DLL

TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll

TB: PC Tools Browser Guard: {472734ea-242a-422b-adf8-83d1e48cc825} - c:\program files\pc tools security\bdt\PCTBrowserDefender.dll

EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll

uRun: [GBMPro8Agent] c:\program files\genie-soft\gbmpro8\GBMAgent.exe

uRun: [Google Update] "c:\users\raewyn\appdata\local\google\update\GoogleUpdate.exe" /c

uRun: [GoToMeeting] "c:\program files\citrix\gotomeeting\723\g2mstart.exe" "/Trigger RunAtLogon"

uRun: [skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized

uRun: [AdobeUpdater] "c:\program files\common files\adobe\updater5\AdobeUpdater.exe"

uRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil10w_ActiveX.exe -update activex

mRun: [LWS] c:\program files\logitech\lws\webcam software\LWS.exe -hide

mRun: [MSSE] "c:\program files\microsoft security essentials\msseces.exe" -hide -runkey

mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 8.0\acrobat\Acrotray.exe"

mRun: [<NO NAME>]

mRun: [GBMPro8Agent] c:\program files\genie-soft\gbmpro8\GBMAgent.exe

mRun: [brMfcWnd] c:\program files\brother\brmfcmon\BrMfcWnd.exe /AUTORUN

mRun: [ControlCenter3] c:\program files\brother\controlcenter3\brctrcen.exe /autorun

mRun: [Nikon Message Center 2] c:\program files\nikon\nikon message center 2\NkMC2.exe -s

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [PCTools FGuard] c:\program files\pc tools security\bdt\FGuard.exe

mRun: [sWPROguard] c:\program files\fighters\spywarefighter\SWPROTray.exe

mRun: [egui] "c:\program files\eset\eset smart security\egui.exe" /hide /waitservice

mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: Append to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: E&xport to Microsoft Excel - c:\progra~1\micros~1\office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - c:\progra~1\micros~1\office14\ONBttnIE.dll/105

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll

IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

LSP: c:\program files\common files\pc tools\lsp\PCTLsp.dll

Trusted Zone: softpedia.com

DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

TCP: DhcpNameServer = 192.168.1.254

TCP: Interfaces\{D1726423-1A96-4482-9966-9AB28BD9517B} : DhcpNameServer = 192.168.1.254

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\users\raewyn\appdata\roaming\mozilla\firefox\profiles\drzcq1je.default\

FF - prefs.js: browser.startup.homepage - hxxp://google.co.nz/

FF - prefs.js: network.proxy.type - 0

FF - plugin: c:\progra~1\micros~1\office14\NPAUTHZ.DLL

FF - plugin: c:\progra~1\micros~1\office14\NPSPWRAP.DLL

FF - plugin: c:\users\raewyn\appdata\local\google\update\1.3.21.69\npGoogleUpdate3.dll

FF - plugin: c:\users\raewyn\appdata\roaming\mozilla\plugins\npgoogletalk.dll

FF - plugin: c:\users\raewyn\appdata\roaming\mozilla\plugins\npgtpo3dautoplugin.dll

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

.

============= SERVICES / DRIVERS ===============

.

R0 epfwwfp;epfwwfp;c:\windows\system32\drivers\epfwwfp.sys [2011-8-4 50624]

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2011-9-21 326688]

R0 pctDS;PC Tools Data Store;c:\windows\system32\drivers\pctDS.sys [2011-9-21 338880]

R0 pctEFA;PC Tools Extended File Attributes;c:\windows\system32\drivers\pctEFA.sys [2011-9-21 656320]

R1 EpfwLWF;Epfw NDIS LightWeight Filter;c:\windows\system32\drivers\EpfwLWF.sys [2011-8-4 33656]

R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-3-26 151216]

R1 MpKsl24f17207;MpKsl24f17207;c:\programdata\microsoft\microsoft antimalware\definition updates\{79cdc7c4-4cfa-4e80-83ce-9bb7c01171d9}\MpKsl24f17207.sys [2011-9-24 28752]

R1 PCTSD;PC Tools Spyware Doctor Driver;c:\windows\system32\drivers\PCTSD.sys [2011-9-21 184536]

R2 AV Engine Scanning Service;AV Engine Scanning Service;c:\program files\common files\common toolkit suite\avengine\AVScanningService.exe [2011-8-17 831000]

R2 AV Watch Service;AV Watch Service;c:\program files\common files\common toolkit suite\avengine\AVWatchService.exe [2011-8-17 142960]

R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\pc tools security\bdt\BDTUpdateService.exe [2011-9-21 337872]

R2 eamonm;eamonm;c:\windows\system32\drivers\eamonm.sys [2011-8-9 163424]

R2 ekrn;ESET Service;c:\program files\eset\eset smart security\ekrn.exe [2011-8-9 974944]

R2 Suite Service;Suite Service;c:\program files\fighters\FighterSuiteService.exe [2011-8-17 1302152]

R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\drivers\MpNWMon.sys [2010-3-26 42368]

R3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-10 4640000]

R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2009-6-11 139776]

RUnknown 34130660;34130660; [x]

RUnknown 6056478drv;6056478drv; [x]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S3 AVFSFilter;AVFSFilter;c:\windows\system32\drivers\avfsfilter.sys [2011-8-17 10264]

S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888]

S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\pc tools security\pctsAuxs.exe [2011-9-21 371472]

S3 sdCoreService;PC Tools Security Service;c:\program files\pc tools security\pctsSvc.exe [2011-9-21 1117144]

S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 20992]

S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-11-4 1343400]

.

=============== Created Last 30 ================

.

2011-09-24 02:34:26 -------- d-----w- c:\users\raewyn\appdata\roaming\Malwarebytes

2011-09-24 02:34:05 -------- d-----w- c:\programdata\Malwarebytes

2011-09-24 02:34:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-09-24 02:33:59 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-09-23 15:37:32 28752 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{79cdc7c4-4cfa-4e80-83ce-9bb7c01171d9}\MpKsl24f17207.sys

2011-09-23 15:37:00 56200 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{79cdc7c4-4cfa-4e80-83ce-9bb7c01171d9}\offreg.dll

2011-09-23 15:36:42 7269712 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{79cdc7c4-4cfa-4e80-83ce-9bb7c01171d9}\mpengine.dll

2011-09-21 10:42:24 -------- d-----w- c:\programdata\Kaspersky Lab

2011-09-21 03:56:59 -------- d-----w- c:\users\raewyn\appdata\roaming\ESET

2011-09-21 03:56:59 -------- d-----w- c:\users\raewyn\appdata\local\ESET

2011-09-21 03:55:03 -------- d-----w- c:\program files\ESET

2011-09-21 03:53:03 -------- d-----w- c:\programdata\clp

2011-09-21 03:52:06 -------- d-----w- c:\programdata\Common Toolkit Suite

2011-09-21 03:52:06 -------- d-----w- c:\program files\Fighters

2011-09-21 03:52:06 -------- d-----w- c:\program files\common files\Common Toolkit Suite

2011-09-21 03:51:53 -------- d-----w- c:\programdata\Fighters

2011-09-21 03:51:16 -------- dc-h--w- c:\programdata\{7AF9B877-7A67-4D6F-9644-806B2CF285EC}

2011-09-21 03:49:39 -------- d-----w- c:\users\raewyn\appdata\roaming\Fighters

2011-09-21 03:49:35 -------- d-----w- c:\users\raewyn\appdata\local\PackageAware

2011-09-21 03:31:44 767952 ----a-w- c:\windows\BDTSupport.dll

2011-09-21 03:31:43 149456 ----a-w- c:\windows\SGDetectionTool.dll

2011-09-21 03:31:41 2189264 ----a-w- c:\windows\PCTBDCore.dll

2011-09-21 03:31:41 1533904 ----a-w- c:\windows\PCTBDRes.dll

2011-09-21 03:29:03 656320 ----a-w- c:\windows\system32\drivers\pctEFA.sys

2011-09-21 03:29:03 338880 ----a-w- c:\windows\system32\drivers\pctDS.sys

2011-09-21 03:29:01 252712 ----a-w- c:\windows\system32\drivers\pctgntdi.sys

2011-09-21 03:29:01 107864 ----a-w- c:\windows\system32\drivers\pctwfpfilter.sys

2011-09-21 03:28:52 326688 ----a-w- c:\windows\system32\drivers\PCTCore.sys

2011-09-21 03:28:52 162200 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys

2011-09-21 03:28:48 184536 ----a-w- c:\windows\system32\drivers\PCTSD.sys

2011-09-21 03:28:41 70664 ----a-w- c:\windows\system32\drivers\pctplsg.sys

2011-09-21 03:28:00 -------- d-----w- c:\program files\common files\PC Tools

2011-09-21 03:27:59 -------- d-----w- c:\program files\PC Tools Security

2011-09-21 03:24:31 -------- d-----w- c:\programdata\PC Tools

2011-09-15 22:18:35 29272 ----a-r- c:\windows\system32\AdobePDF.dll

2011-09-15 22:18:11 95600 ----a-w- c:\program files\mozilla firefox\plugins\nppdf32.dll

2011-09-11 22:30:01 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

.

==================== Find3M ====================

.

2011-08-17 10:42:07 72080 ----a-w- c:\users\raewyn\g2mdlhlpx.exe

2011-08-16 13:10:00 10264 ----a-w- c:\windows\system32\drivers\avfsfilter.sys

2011-08-09 01:57:10 163424 ----a-w- c:\windows\system32\drivers\eamonm.sys

2011-08-03 21:20:38 50624 ----a-w- c:\windows\system32\drivers\epfwwfp.sys

2011-08-03 21:20:38 33656 ----a-w- c:\windows\system32\drivers\EpfwLWF.sys

2011-08-03 21:20:38 147480 ----a-w- c:\windows\system32\drivers\epfw.sys

2011-08-03 21:20:36 118104 ----a-w- c:\windows\system32\drivers\ehdrv.sys

2011-07-22 04:56:17 1638912 ----a-w- c:\windows\system32\mshtml.tlb

2011-07-16 04:37:32 169984 ----a-w- c:\windows\system32\winsrv.dll

2011-07-16 04:34:28 290816 ----a-w- c:\windows\system32\KernelBase.dll

2011-07-16 04:31:12 271360 ----a-w- c:\windows\system32\conhost.exe

2011-07-16 02:21:47 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll

2011-07-16 02:21:47 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll

2011-07-16 02:21:47 3584 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll

2011-07-16 02:21:47 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll

2011-07-09 04:30:52 2048 ----a-w- c:\windows\system32\tzres.dll

2011-07-09 02:26:10 222720 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys

.

============= FINISH: 14:53:19.10 ===============

Could someone please confirm I have posted in the right place and someone will respond at some point please

attach.zip

Link to post
Share on other sites
  • Staff
screen317

screen317

Posted
  • Staff
Posted

Hi and welcome to Malwarebytes.

I notice that you are using more than one antivirus program (ESET, Microsoft, and Spyware Doctor). This is very dangerous, as multiple AVs can interfere with one another and actually allow MORE viruses to get through. I strongly suggest you go to Start -> Control Panel -> Add or Remove Programs and uninstall all but one antivirus program.

Please update MBAM, run a Quick Scan, and post its log.

Next, run DDS again and post DDS.txt directly into your reply.

Link to post
Share on other sites
raewyn

raewyn

Posted
  • Author
Posted

Malwarebytes' Anti-Malware 1.51.2.1300

www.malwarebytes.org

Database version: 7813

Windows 6.1.7600

Internet Explorer 8.0.7600.16385

28/09/2011 7:08:32 p.m.

mbam-log-2011-09-28 (19-08-32).txt

Scan type: Quick scan

Objects scanned: 185209

Time elapsed: 9 minute(s), 37 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 8.0.7600.16385

Run by Raewyn at 19:13:11 on 2011-09-28

Microsoft Windows 7 Professional 6.1.7600.0.1252.64.1033.18.2046.1134 [GMT 13:00]

.

AV: Microsoft Security Essentials *Enabled/Updated* {BF5CEBDC-F2D3-7540-343C-F0CE11FD6E66}

SP: Microsoft Security Essentials *Enabled/Updated* {043D0A38-D4E9-7ACE-0E8C-CBBC6A7A24DB}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

c:\Program Files\Microsoft Security Essentials\MsMpEng.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\CISVC.EXE

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe

C:\Program Files\Microsoft Security Essentials\msseces.exe

C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe

C:\Program Files\Genie-Soft\GBMPro8\GBMAgent.exe

C:\Program Files\Brother\ControlCenter3\brccMCtl.exe

C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files\Citrix\GoToMeeting\723\g2mstart.exe

C:\Program Files\Skype\Phone\Skype.exe

C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\Citrix\GoToMeeting\723\g2mcomm.exe

C:\Program Files\Citrix\GoToMeeting\723\g2mlauncher.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroDist.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Windows\system32\conhost.exe

C:\Windows\system32\DllHost.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://google.co.nz/

BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll

BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll

BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~1\office14\URLREDIR.DLL

TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll

TB: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File

EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll

uRun: [GBMPro8Agent] c:\program files\genie-soft\gbmpro8\GBMAgent.exe

uRun: [Google Update] "c:\users\raewyn\appdata\local\google\update\GoogleUpdate.exe" /c

uRun: [GoToMeeting] "c:\program files\citrix\gotomeeting\723\g2mstart.exe" "/Trigger RunAtLogon"

uRun: [skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized

mRun: [LWS] c:\program files\logitech\lws\webcam software\LWS.exe -hide

mRun: [MSSE] "c:\program files\microsoft security essentials\msseces.exe" -hide -runkey

mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 8.0\acrobat\Acrotray.exe"

mRun: [<NO NAME>]

mRun: [GBMPro8Agent] c:\program files\genie-soft\gbmpro8\GBMAgent.exe

mRun: [brMfcWnd] c:\program files\brother\brmfcmon\BrMfcWnd.exe /AUTORUN

mRun: [ControlCenter3] c:\program files\brother\controlcenter3\brctrcen.exe /autorun

mRun: [Nikon Message Center 2] c:\program files\nikon\nikon message center 2\NkMC2.exe -s

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: Append to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: E&xport to Microsoft Excel - c:\progra~1\micros~1\office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - c:\progra~1\micros~1\office14\ONBttnIE.dll/105

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll

IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

Trusted Zone: softpedia.com

DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

TCP: DhcpNameServer = 192.168.1.254

TCP: Interfaces\{D1726423-1A96-4482-9966-9AB28BD9517B} : DhcpNameServer = 192.168.1.254

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\users\raewyn\appdata\roaming\mozilla\firefox\profiles\drzcq1je.default\

FF - prefs.js: browser.startup.homepage - hxxp://google.co.nz/

FF - prefs.js: network.proxy.type - 0

FF - plugin: c:\progra~1\micros~1\office14\NPAUTHZ.DLL

FF - plugin: c:\progra~1\micros~1\office14\NPSPWRAP.DLL

FF - plugin: c:\users\raewyn\appdata\local\google\update\1.3.21.69\npGoogleUpdate3.dll

FF - plugin: c:\users\raewyn\appdata\roaming\mozilla\plugins\npgoogletalk.dll

FF - plugin: c:\users\raewyn\appdata\roaming\mozilla\plugins\npgtpo3dautoplugin.dll

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

.

============= SERVICES / DRIVERS ===============

.

R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-3-26 151216]

R1 MpKsl007ebfb5;MpKsl007ebfb5;c:\programdata\microsoft\microsoft antimalware\definition updates\{41ba0038-1820-4429-b5a0-a2eb97de1b6e}\MpKsl007ebfb5.sys [2011-9-28 28752]

R1 MpKsl5aeaf8c2;MpKsl5aeaf8c2;c:\programdata\microsoft\microsoft antimalware\definition updates\{41ba0038-1820-4429-b5a0-a2eb97de1b6e}\MpKsl5aeaf8c2.sys [2011-9-28 28752]

R1 MpKslad4ef183;MpKslad4ef183;c:\programdata\microsoft\microsoft antimalware\definition updates\{41ba0038-1820-4429-b5a0-a2eb97de1b6e}\MpKslad4ef183.sys [2011-9-28 28752]

R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\drivers\MpNWMon.sys [2010-3-26 42368]

R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2009-6-11 139776]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888]

S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-10 4640000]

S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 20992]

S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-11-4 1343400]

.

=============== Created Last 30 ================

.

2011-09-28 06:11:18 28752 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{41ba0038-1820-4429-b5a0-a2eb97de1b6e}\MpKsl007ebfb5.sys

2011-09-28 05:55:33 28752 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{41ba0038-1820-4429-b5a0-a2eb97de1b6e}\MpKsl5aeaf8c2.sys

2011-09-28 05:51:15 -------- d-----w- c:\users\raewyn\appdata\local\Threat Expert

2011-09-27 19:26:53 28752 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{41ba0038-1820-4429-b5a0-a2eb97de1b6e}\MpKslad4ef183.sys

2011-09-27 18:49:14 56200 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{41ba0038-1820-4429-b5a0-a2eb97de1b6e}\offreg.dll

2011-09-27 18:49:06 7269712 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{41ba0038-1820-4429-b5a0-a2eb97de1b6e}\mpengine.dll

2011-09-24 02:34:26 -------- d-----w- c:\users\raewyn\appdata\roaming\Malwarebytes

2011-09-24 02:34:05 -------- d-----w- c:\programdata\Malwarebytes

2011-09-24 02:34:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-09-24 02:33:59 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-09-21 10:42:24 -------- d-----w- c:\programdata\Kaspersky Lab

2011-09-21 03:56:59 -------- d-----w- c:\users\raewyn\appdata\roaming\ESET

2011-09-21 03:56:59 -------- d-----w- c:\users\raewyn\appdata\local\ESET

2011-09-21 03:53:03 -------- d-----w- c:\programdata\clp

2011-09-21 03:49:35 -------- d-----w- c:\users\raewyn\appdata\local\PackageAware

2011-09-21 03:24:31 -------- d-----w- c:\programdata\PC Tools

2011-09-15 22:18:35 29272 ----a-r- c:\windows\system32\AdobePDF.dll

2011-09-15 22:18:11 95600 ----a-w- c:\program files\mozilla firefox\plugins\nppdf32.dll

2011-09-11 22:30:01 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

.

==================== Find3M ====================

.

2011-08-17 10:42:07 72080 ----a-w- c:\users\raewyn\g2mdlhlpx.exe

2011-08-03 21:20:38 33656 ----a-w- c:\windows\system32\drivers\EpfwLWF.sys

2011-07-22 04:56:17 1638912 ----a-w- c:\windows\system32\mshtml.tlb

2011-07-16 04:37:32 169984 ----a-w- c:\windows\system32\winsrv.dll

2011-07-16 04:34:28 290816 ----a-w- c:\windows\system32\KernelBase.dll

2011-07-16 04:31:12 271360 ----a-w- c:\windows\system32\conhost.exe

2011-07-16 02:21:47 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll

2011-07-16 02:21:47 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll

2011-07-16 02:21:47 3584 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll

2011-07-16 02:21:47 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll

2011-07-09 04:30:52 2048 ----a-w- c:\windows\system32\tzres.dll

2011-07-09 02:26:10 222720 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys

.

============= FINISH: 19:14:58.26 ===============

Link to post
Share on other sites
raewyn

raewyn

Posted
  • Author
Posted

ComboFix 11-09-30.05 - Raewyn 01/10/2011 11:46:20.1.2 - x86

Microsoft Windows 7 Professional 6.1.7600.0.1252.64.1033.18.2046.1315 [GMT 13:00]

Running from: c:\users\Raewyn\Desktop\ComboFix.exe

AV: Microsoft Security Essentials *Disabled/Updated* {BF5CEBDC-F2D3-7540-343C-F0CE11FD6E66}

SP: Microsoft Security Essentials *Disabled/Updated* {043D0A38-D4E9-7ACE-0E8C-CBBC6A7A24DB}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\users\Raewyn\g2mdlhlpx.exe

.

.

((((((((((((((((((((((((( Files Created from 2011-08-28 to 2011-09-30 )))))))))))))))))))))))))))))))

.

.

2011-09-30 22:51 . 2011-09-30 22:51 -------- d-----w- c:\users\zharna\AppData\Local\temp

2011-09-30 22:51 . 2011-09-30 22:51 -------- d-----w- c:\users\Default\AppData\Local\temp

2011-09-30 22:37 . 2011-09-30 22:37 -------- d-----w- c:\users\Raewyn\AppData\Roaming\PC-FAX TX

2011-09-30 06:17 . 2011-09-30 06:17 28752 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{957198A4-491F-4AC0-BB6F-E182CDB77216}\MpKsl730667d0.sys

2011-09-30 06:17 . 2011-09-30 06:17 56200 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{957198A4-491F-4AC0-BB6F-E182CDB77216}\offreg.dll

2011-09-30 06:17 . 2011-09-12 23:14 7269712 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{957198A4-491F-4AC0-BB6F-E182CDB77216}\mpengine.dll

2011-09-28 05:51 . 2011-09-28 05:51 -------- d-----w- c:\users\Raewyn\AppData\Local\Threat Expert

2011-09-24 02:34 . 2011-09-24 02:34 -------- d-----w- c:\users\Raewyn\AppData\Roaming\Malwarebytes

2011-09-24 02:34 . 2011-09-24 02:34 -------- d-----w- c:\programdata\Malwarebytes

2011-09-24 02:34 . 2011-08-31 05:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-09-24 02:33 . 2011-09-24 02:34 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-09-21 10:42 . 2011-09-21 10:42 -------- d-----w- c:\programdata\Kaspersky Lab

2011-09-21 03:56 . 2011-09-21 03:56 -------- d-----w- c:\users\Raewyn\AppData\Local\ESET

2011-09-21 03:53 . 2011-09-28 05:55 -------- d-----w- c:\programdata\clp

2011-09-21 03:49 . 2011-09-21 03:49 -------- d-----w- c:\users\Raewyn\AppData\Local\PackageAware

2011-09-21 03:24 . 2011-09-28 05:51 -------- d-----w- c:\programdata\PC Tools

2011-09-15 22:18 . 2007-03-22 15:05 29272 ----a-r- c:\windows\system32\AdobePDF.dll

2011-09-15 22:18 . 2009-10-02 09:13 95600 ----a-w- c:\program files\Mozilla Firefox\plugins\nppdf32.dll

2011-09-11 22:30 . 2011-09-11 22:30 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-09-12 23:14 . 2010-11-05 01:57 7269712 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2011-08-03 21:20 . 2011-08-03 21:20 33656 ----a-w- c:\windows\system32\drivers\EpfwLWF.sys

2011-07-22 04:56 . 2011-08-10 10:40 1638912 ----a-w- c:\windows\system32\mshtml.tlb

2011-07-16 04:37 . 2011-08-10 10:40 169984 ----a-w- c:\windows\system32\winsrv.dll

2011-07-16 04:34 . 2011-08-10 10:40 290816 ----a-w- c:\windows\system32\KernelBase.dll

2011-07-16 04:31 . 2011-08-10 10:40 271360 ----a-w- c:\windows\system32\conhost.exe

2011-07-16 04:19 . 2011-08-10 10:40 4608 ---ha-w- c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll

2011-07-16 04:19 . 2011-08-10 10:40 4096 ---ha-w- c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll

2011-07-16 04:19 . 2011-08-10 10:40 4096 ---ha-w- c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll

2011-07-16 04:19 . 2011-08-10 10:40 4096 ---ha-w- c:\windows\system32\api-ms-win-core-misc-l1-1-0.dll

2011-07-16 04:19 . 2011-08-10 10:40 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll

2011-07-16 04:19 . 2011-08-10 10:40 3584 ---ha-w- c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll

2011-07-16 04:19 . 2011-08-10 10:40 3584 ---ha-w- c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll

2011-07-16 04:19 . 2011-08-10 10:40 3584 ---ha-w- c:\windows\system32\api-ms-win-core-memory-l1-1-0.dll

2011-07-16 04:19 . 2011-08-10 10:40 3584 ---ha-w- c:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll

2011-07-16 04:19 . 2011-08-10 10:40 3584 ---ha-w- c:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll

2011-07-16 04:19 . 2011-08-10 10:40 3584 ---ha-w- c:\windows\system32\api-ms-win-core-heap-l1-1-0.dll

2011-07-16 04:19 . 2011-08-10 10:40 3072 ---ha-w- c:\windows\system32\api-ms-win-core-string-l1-1-0.dll

2011-07-16 04:19 . 2011-08-10 10:40 3072 ---ha-w- c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll

2011-07-16 04:19 . 2011-08-10 10:40 3072 ---ha-w- c:\windows\system32\api-ms-win-core-profile-l1-1-0.dll

2011-07-16 04:19 . 2011-08-10 10:40 3072 ---ha-w- c:\windows\system32\api-ms-win-core-io-l1-1-0.dll

2011-07-16 04:19 . 2011-08-10 10:40 5120 ---ha-w- c:\windows\system32\api-ms-win-core-file-l1-1-0.dll

2011-07-16 04:19 . 2011-08-10 10:40 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll

2011-07-16 04:19 . 2011-08-10 10:40 3072 ---ha-w- c:\windows\system32\api-ms-win-core-handle-l1-1-0.dll

2011-07-16 04:19 . 2011-08-10 10:40 3072 ---ha-w- c:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll

2011-07-16 04:19 . 2011-08-10 10:40 3072 ---ha-w- c:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll

2011-07-16 04:19 . 2011-08-10 10:40 3072 ---ha-w- c:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll

2011-07-16 04:19 . 2011-08-10 10:40 3072 ---ha-w- c:\windows\system32\api-ms-win-core-debug-l1-1-0.dll

2011-07-16 04:19 . 2011-08-10 10:40 3072 ---ha-w- c:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll

2011-07-16 04:19 . 2011-08-10 10:40 3072 ---ha-w- c:\windows\system32\api-ms-win-core-console-l1-1-0.dll

2011-07-16 02:21 . 2011-08-10 10:40 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll

2011-07-16 02:21 . 2011-08-10 10:40 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll

2011-07-16 02:21 . 2011-08-10 10:40 3584 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll

2011-07-16 02:21 . 2011-08-10 10:40 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll

2011-07-09 04:30 . 2011-08-23 20:41 2048 ----a-w- c:\windows\system32\tzres.dll

2011-07-09 02:26 . 2011-08-10 10:41 222720 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"GBMPro8Agent"="c:\program files\Genie-Soft\GBMPro8\GBMAgent.exe" [2008-05-27 189056]

"GoToMeeting"="c:\program files\Citrix\GoToMeeting\723\g2mstart.exe" [2011-08-17 39816]

"Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-06-15 15141768]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"LWS"="c:\program files\Logitech\LWS\Webcam Software\LWS.exe" [2010-05-08 165208]

"MSSE"="c:\program files\Microsoft Security Essentials\msseces.exe" [2010-09-15 1094224]

"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2008-10-14 623992]

"GBMPro8Agent"="c:\program files\Genie-Soft\GBMPro8\GBMAgent.exe" [2008-05-27 189056]

"BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2009-05-26 1159168]

"ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2008-12-23 114688]

"Nikon Message Center 2"="c:\program files\Nikon\Nikon Message Center 2\NkMC2.exe" [2010-05-25 619008]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-03 935288]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"aux1"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

.

R1 MpKsl28c931bc;MpKsl28c931bc;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E532E9D5-5A88-4D5D-ACBF-03E4826CF1CE}\MpKsl28c931bc.sys [x]

R1 MpKsl32b5aa64;MpKsl32b5aa64;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A305DCDB-A798-4262-B2A6-4FA8E1C49E31}\MpKsl32b5aa64.sys [x]

R1 MpKsl81652072;MpKsl81652072;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B02D6045-FA5E-44C1-B4E2-9535566A15DD}\MpKsl81652072.sys [x]

R1 MpKsl9689ad31;MpKsl9689ad31;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{8B746EBE-CFCF-4E35-8DE6-6F84BAC0E7DF}\MpKsl9689ad31.sys [x]

R1 MpKslc9c6cd00;MpKslc9c6cd00;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{75BD020B-ABF9-4DA1-89EA-BF09C2AF8465}\MpKslc9c6cd00.sys [x]

R1 MpKslde9da616;MpKslde9da616;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E05E1B60-C870-4813-9F1D-94CF73DE00EA}\MpKslde9da616.sys [x]

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R3 AVFSFilter;AVFSFilter;c:\windows\system32\DRIVERS\avfsfilter.sys [x]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-11-03 1343400]

S1 MpKsl5aeaf8c2;MpKsl5aeaf8c2;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{41BA0038-1820-4429-B5A0-A2EB97DE1B6E}\MpKsl5aeaf8c2.sys [x]

S1 MpKsl730667d0;MpKsl730667d0;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{957198A4-491F-4AC0-BB6F-E182CDB77216}\MpKsl730667d0.sys [2011-09-30 28752]

S1 MpKslad4ef183;MpKslad4ef183;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{41BA0038-1820-4429-B5A0-A2EB97DE1B6E}\MpKslad4ef183.sys [x]

S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2010-03-26 42368]

S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4640000]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-07-13 139776]

.

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - MPKSL105FC212

*NewlyCreated* - MPKSL730667D0

*Deregistered* - MpKsl105fc212

.

Contents of the 'Scheduled Tasks' folder

.

2011-09-30 c:\windows\Tasks\GBM - RAEWYNS_MACHINE-Full.job

- c:\program files\Genie-Soft\GBMPro8\GBM8.exe [2010-11-03 16:42]

.

2011-09-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1356440525-2428298981-381662446-1001Core.job

- c:\users\Raewyn\AppData\Local\Google\Update\GoogleUpdate.exe [2011-01-07 01:38]

.

2011-09-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1356440525-2428298981-381662446-1001UA.job

- c:\users\Raewyn\AppData\Local\Google\Update\GoogleUpdate.exe [2011-01-07 01:38]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://google.co.nz/

IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - c:\progra~1\MICROS~1\Office14\ONBttnIE.dll/105

Trusted Zone: softpedia.com

TCP: DhcpNameServer = 192.168.1.254

FF - ProfilePath - c:\users\Raewyn\AppData\Roaming\Mozilla\Firefox\Profiles\drzcq1je.default\

FF - prefs.js: browser.startup.homepage - hxxp://google.co.nz/

FF - prefs.js: network.proxy.type - 0

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Completion time: 2011-10-01 11:52:57

ComboFix-quarantined-files.txt 2011-09-30 22:52

.

Pre-Run: 214,970,466,304 bytes free

Post-Run: 216,394,805,248 bytes free

.

- - End Of File - - FB3E821316FC6F5B6926A44EEA9033FC

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 8.0.7600.16385

Run by Raewyn at 11:54:29 on 2011-10-01

Microsoft Windows 7 Professional 6.1.7600.0.1252.64.1033.18.2046.928 [GMT 13:00]

.

AV: Microsoft Security Essentials *Disabled/Updated* {BF5CEBDC-F2D3-7540-343C-F0CE11FD6E66}

SP: Microsoft Security Essentials *Disabled/Updated* {043D0A38-D4E9-7ACE-0E8C-CBBC6A7A24DB}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

c:\Program Files\Microsoft Security Essentials\MsMpEng.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\CISVC.EXE

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\system32\svchost.exe -k imgsvc

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe

C:\Program Files\Microsoft Security Essentials\msseces.exe

C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe

C:\Program Files\Genie-Soft\GBMPro8\GBMAgent.exe

C:\Program Files\Brother\ControlCenter3\brccMCtl.exe

C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

C:\Program Files\Citrix\GoToMeeting\723\g2mstart.exe

C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\Citrix\GoToMeeting\723\g2mcomm.exe

C:\Program Files\Citrix\GoToMeeting\723\g2mlauncher.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\wuauclt.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\explorer.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Windows\system32\conhost.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://google.co.nz/

BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll

BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll

BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~1\office14\URLREDIR.DLL

TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll

TB: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File

uRun: [GBMPro8Agent] c:\program files\genie-soft\gbmpro8\GBMAgent.exe

uRun: [GoToMeeting] "c:\program files\citrix\gotomeeting\723\g2mstart.exe" "/Trigger RunAtLogon"

uRun: [skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized

mRun: [LWS] c:\program files\logitech\lws\webcam software\LWS.exe -hide

mRun: [MSSE] "c:\program files\microsoft security essentials\msseces.exe" -hide -runkey

mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 8.0\acrobat\Acrotray.exe"

mRun: [GBMPro8Agent] c:\program files\genie-soft\gbmpro8\GBMAgent.exe

mRun: [brMfcWnd] c:\program files\brother\brmfcmon\BrMfcWnd.exe /AUTORUN

mRun: [ControlCenter3] c:\program files\brother\controlcenter3\brctrcen.exe /autorun

mRun: [Nikon Message Center 2] c:\program files\nikon\nikon message center 2\NkMC2.exe -s

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: Append to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: E&xport to Microsoft Excel - c:\progra~1\micros~1\office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - c:\progra~1\micros~1\office14\ONBttnIE.dll/105

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll

IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

Trusted Zone: softpedia.com

DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

TCP: DhcpNameServer = 192.168.1.254

TCP: Interfaces\{D1726423-1A96-4482-9966-9AB28BD9517B} : DhcpNameServer = 192.168.1.254

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\users\raewyn\appdata\roaming\mozilla\firefox\profiles\drzcq1je.default\

FF - prefs.js: browser.startup.homepage - hxxp://google.co.nz/

FF - prefs.js: network.proxy.type - 0

FF - plugin: c:\progra~1\micros~1\office14\NPAUTHZ.DLL

FF - plugin: c:\progra~1\micros~1\office14\NPSPWRAP.DLL

FF - plugin: c:\users\raewyn\appdata\local\google\update\1.3.21.69\npGoogleUpdate3.dll

FF - plugin: c:\users\raewyn\appdata\roaming\mozilla\plugins\npgoogletalk.dll

FF - plugin: c:\users\raewyn\appdata\roaming\mozilla\plugins\npgtpo3dautoplugin.dll

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

.

============= SERVICES / DRIVERS ===============

.

R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-3-26 151216]

R1 MpKsl730667d0;MpKsl730667d0;c:\programdata\microsoft\microsoft antimalware\definition updates\{957198a4-491f-4ac0-bb6f-e182cdb77216}\MpKsl730667d0.sys [2011-9-30 28752]

R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\drivers\MpNWMon.sys [2010-3-26 42368]

R3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-10 4640000]

R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2009-6-11 139776]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888]

S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 20992]

S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-11-4 1343400]

.

=============== Created Last 30 ================

.

2011-09-30 22:53:00 -------- d-sh--w- C:\$RECYCLE.BIN

2011-09-30 22:44:42 98816 ----a-w- c:\windows\sed.exe

2011-09-30 22:44:42 518144 ----a-w- c:\windows\SWREG.exe

2011-09-30 22:44:42 256000 ----a-w- c:\windows\PEV.exe

2011-09-30 22:44:42 208896 ----a-w- c:\windows\MBR.exe

2011-09-30 22:37:41 -------- d-----w- c:\users\raewyn\appdata\roaming\PC-FAX TX

2011-09-30 06:17:44 28752 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{957198a4-491f-4ac0-bb6f-e182cdb77216}\MpKsl730667d0.sys

2011-09-30 06:17:10 56200 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{957198a4-491f-4ac0-bb6f-e182cdb77216}\offreg.dll

2011-09-30 06:17:04 7269712 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{957198a4-491f-4ac0-bb6f-e182cdb77216}\mpengine.dll

2011-09-28 05:51:15 -------- d-----w- c:\users\raewyn\appdata\local\Threat Expert

2011-09-24 02:34:26 -------- d-----w- c:\users\raewyn\appdata\roaming\Malwarebytes

2011-09-24 02:34:05 -------- d-----w- c:\programdata\Malwarebytes

2011-09-24 02:34:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-09-24 02:33:59 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-09-21 10:42:24 -------- d-----w- c:\programdata\Kaspersky Lab

2011-09-21 03:56:59 -------- d-----w- c:\users\raewyn\appdata\roaming\ESET

2011-09-21 03:56:59 -------- d-----w- c:\users\raewyn\appdata\local\ESET

2011-09-21 03:53:03 -------- d-----w- c:\programdata\clp

2011-09-21 03:49:35 -------- d-----w- c:\users\raewyn\appdata\local\PackageAware

2011-09-21 03:24:31 -------- d-----w- c:\programdata\PC Tools

2011-09-15 22:18:35 29272 ----a-r- c:\windows\system32\AdobePDF.dll

2011-09-15 22:18:11 95600 ----a-w- c:\program files\mozilla firefox\plugins\nppdf32.dll

2011-09-11 22:30:01 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

.

==================== Find3M ====================

.

2011-08-03 21:20:38 33656 ----a-w- c:\windows\system32\drivers\EpfwLWF.sys

2011-07-22 04:56:17 1638912 ----a-w- c:\windows\system32\mshtml.tlb

2011-07-16 04:37:32 169984 ----a-w- c:\windows\system32\winsrv.dll

2011-07-16 04:34:28 290816 ----a-w- c:\windows\system32\KernelBase.dll

2011-07-16 04:31:12 271360 ----a-w- c:\windows\system32\conhost.exe

2011-07-16 02:21:47 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll

2011-07-16 02:21:47 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll

2011-07-16 02:21:47 3584 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll

2011-07-16 02:21:47 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll

2011-07-09 04:30:52 2048 ----a-w- c:\windows\system32\tzres.dll

2011-07-09 02:26:10 222720 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys

.

============= FINISH: 11:54:42.96 ===============

Link to post
Share on other sites
  • Staff
screen317

screen317

Posted
  • Staff
Posted

Hi,

Next, please run a free online scan with the ESET Online Scanner

Note: You will need to use Internet Explorer for this scan.

  1. Tick the box next to YES, I accept the Terms of Use.
  2. Click Start
  3. When asked, allow the ActiveX control to install
  4. Click Start
  5. Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  6. Click Scan
    Wait for the scan to finish
  7. Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  8. Copy and paste that log as a reply to this topic

Next, download my Security Check from here or here.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Let me know how things are running now and what issues remain.

Link to post
Share on other sites
  • Root Admin
AdvancedSetup

AdvancedSetup

Posted
  • Root Admin
Posted

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.