Jump to content

Recommended Posts

Recently my browsers have been opening random spam pages when I click links and also sporadically so I tried to run MBAM. I have had what seems to be a common problem of MBAM downloading but closing shortly after the scan begins. I am then unable to open the file again.

I think I've followed the correct procedure here and have attached the two .txt files. Any help would be appreciated thanks.

dds.txt

attach.txt

Link to post
Share on other sites

  • Staff

Hi and welcome to Malwarebytes.

Please don't attach logs unless otherwise noted.

  • Download the file TDSSKiller.zip and extract it into a folder on the infected PC.
  • Execute the file TDSSKiller.exe by double-clicking on it.
  • Wait for the scan and disinfection process to be over.
  • When its work is over, the utility prompts for a reboot to complete the disinfection.

By default, the utility outputs runtime log into the system disk root directory (the disk where the operating system is installed, C:\ as a rule).

The log is like UtilityName.Version_Date_Time_log.txt.

for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt.

Please post that log here.

Please update MBAM, run a Quick Scan, and post its log.

Next, please visit this webpage for instructions for running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

  • When the tool is finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt along with a new DDS log so we may continue cleaning the system.

-screen317

Link to post
Share on other sites

I have read the thread involving the member kta1234 and I have the same symptoms. I have recently used my debit card online and am now worried that passwords etc. may have been stolen, should I be looking to follow a similar procedure of creating a new restore point?

Link to post
Share on other sites

Ran ComboFix, heres the log.

ComboFix 11-11-03.03 - James 03/11/2011 20:53:08.1.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.1014.521 [GMT 0:00]

Running from: c:\documents and settings\James\Desktop\ComboFix.exe

* Created a new restore point

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

C:\cleansweep.exe

c:\cleansweep.exe\cleansweep.exe

c:\cleansweep.exe\config.bin

c:\documents and settings\Administrator\WINDOWS

c:\documents and settings\Default User\WINDOWS

c:\documents and settings\James\Application Data\UPd.exe

c:\documents and settings\James\Local Settings\Application Data\f31f805d

c:\documents and settings\James\Local Settings\Application Data\f31f805d\@

c:\documents and settings\James\Local Settings\Application Data\f31f805d\U\80000000.@

c:\documents and settings\James\Local Settings\Application Data\f31f805d\U\800000cb.@

c:\documents and settings\James\Local Settings\Application Data\f31f805d\X

c:\documents and settings\James\WINDOWS

c:\windows\

c:\windows\$NtUninstallKB36029$\1402405832

c:\windows\$NtUninstallKB36029$\4078927965\@

c:\windows\$NtUninstallKB36029$\4078927965\L\bguemkzf

c:\windows\$NtUninstallKB36029$\4078927965\loader.tlb

c:\windows\$NtUninstallKB36029$\4078927965\U\@00000001

c:\windows\$NtUninstallKB36029$\4078927965\U\@000000c0

c:\windows\$NtUninstallKB36029$\4078927965\U\@000000cb

c:\windows\$NtUninstallKB36029$\4078927965\U\@000000cf

c:\windows\$NtUninstallKB36029$\4078927965\U\@80000000

c:\windows\$NtUninstallKB36029$\4078927965\U\@800000c0

c:\windows\$NtUninstallKB36029$\4078927965\U\@800000cb

c:\windows\$NtUninstallKB36029$\4078927965\U\@800000cf

c:\windows\{2521BB91-29B1-4d7e-9137-AC9875D77735}

c:\windows\1568677875

c:\windows\assembly\GAC_MSIL\desktop.ini

c:\windows\kb913800.exe

c:\windows\system32\

c:\windows\system32\config\systemprofile\WINDOWS

c:\windows\system32\d3d9caps.dat

c:\windows\system32\muzapp.exe

c:\windows\system32\system32

c:\windows\system32\system32\3DAudio.ax

c:\windows\system32\system32\avrt.dll

c:\windows\system32\system32\cis-2.4.dll

c:\windows\system32\system32\issacapi_bs-2.3.dll

c:\windows\system32\system32\issacapi_pe-2.3.dll

c:\windows\system32\system32\issacapi_se-2.3.dll

c:\windows\system32\system32\MACXMLProto.dll

c:\windows\system32\system32\MaDRM.dll

c:\windows\system32\system32\MaJGUILib.dll

c:\windows\system32\system32\MAMACExtract.dll

c:\windows\system32\system32\MASetupCleaner.exe

c:\windows\system32\system32\MaXMLProto.dll

c:\windows\system32\system32\mfplat.dll

c:\windows\system32\system32\MK_Lyric.dll

c:\windows\system32\system32\MSCLib.dll

c:\windows\system32\system32\MSFLib.dll

c:\windows\system32\system32\MSLUR71.dll

c:\windows\system32\system32\msvcp60.dll

c:\windows\system32\system32\MTTELECHIP.dll

c:\windows\system32\system32\MTXSYNCICON.dll

c:\windows\system32\system32\muzaf1.dll

c:\windows\system32\system32\muzapp.dll

c:\windows\system32\system32\muzapp.exe

c:\windows\system32\system32\muzdecode.ax

c:\windows\system32\system32\muzeffect.ax

c:\windows\system32\system32\muzmp4sp.ax

c:\windows\system32\system32\muzmpgsp.ax

c:\windows\system32\system32\muzoggsp.ax

c:\windows\system32\system32\muzwmts.dll

c:\windows\system32\system32\psapi.dll

c:\windows\$NtUninstallKB36029$ . . . . Failed to delete

.

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

-------\Service_f31f805d

.

.

((((((((((((((((((((((((( Files Created from 2011-10-03 to 2011-11-03 )))))))))))))))))))))))))))))))

.

.

2011-10-31 16:10 . 2011-08-31 17:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-10-29 16:25 . 2011-10-29 16:25 -------- d-----w- C:\TDSSKiller_Quarantine

2011-10-24 22:59 . 2011-10-24 22:59 -------- d--h--w- c:\windows\PIF

2011-10-24 10:43 . 2011-10-31 16:11 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-10-24 10:42 . 2011-10-24 10:42 -------- d-----w- c:\documents and settings\James\Application Data\Malwarebytes

2011-10-24 10:42 . 2011-10-24 10:42 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2011-10-24 10:42 . 2011-11-01 17:12 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-10-20 22:07 . 2011-10-20 22:07 -------- d-sh--w- c:\windows\system32\config\systemprofile\PrivacIE

2011-10-20 22:06 . 2011-10-20 22:06 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache

2011-10-20 19:47 . 2011-10-20 19:47 -------- d-----w- c:\documents and settings\LocalService\Application Data\Apple Computer

2011-10-20 19:45 . 2011-10-20 19:45 -------- d-----w- c:\program files\Bonjour

2011-10-17 22:28 . 2011-10-17 22:28 -------- d-----w- c:\documents and settings\James\Application Data\AVG2012

2011-10-17 22:26 . 2011-10-17 22:46 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG2012

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-10-17 11:05 . 2011-05-17 18:17 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-09-26 10:41 . 2008-07-29 18:59 611328 ----a-w- c:\windows\system32\uiautomationcore.dll

2011-09-26 10:41 . 2006-08-24 20:55 220160 ----a-w- c:\windows\system32\oleacc.dll

2011-09-26 10:41 . 2006-08-24 20:55 20480 ----a-w- c:\windows\system32\oleaccrc.dll

2011-09-13 05:30 . 2010-09-07 02:48 32592 ----a-w- c:\windows\system32\drivers\avgrkx86.sys

2011-09-09 09:12 . 2006-08-24 20:53 599040 ----a-w- c:\windows\system32\crypt32.dll

2011-09-06 13:20 . 2005-09-16 19:27 1858944 ----a-w- c:\windows\system32\win32k.sys

2011-08-30 22:05 . 2011-08-30 22:05 83816 ----a-w- c:\windows\system32\dns-sd.exe

2011-08-30 22:05 . 2011-08-30 22:05 73064 ----a-w- c:\windows\system32\dnssd.dll

2011-08-22 23:48 . 2005-09-16 19:27 916480 ----a-w- c:\windows\system32\wininet.dll

2011-08-22 23:48 . 2006-08-24 20:54 43520 ----a-w- c:\windows\system32\licmgr10.dll

2011-08-22 23:48 . 2006-08-24 20:54 1469440 ------w- c:\windows\system32\inetcpl.cpl

2011-08-22 11:56 . 2006-08-24 20:54 385024 ----a-w- c:\windows\system32\html.iec

2011-08-17 13:49 . 2006-08-24 20:52 138496 ----a-w- c:\windows\system32\drivers\afd.sys

2011-08-08 05:08 . 2010-09-07 02:48 40016 ----a-w- c:\windows\system32\drivers\avgmfx86.sys

2003-08-27 21:19 . 2005-09-16 21:54 36963 ----a-r- c:\program files\Common Files\SM1updtr.dll

2011-10-01 12:01 . 2011-08-30 14:49 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Steam"="c:\program files\Steam\Steam.exe" [2011-08-02 1242448]

"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 1289000]

"BitComet"="c:\program files\BitComet\BitComet.exe" [2009-01-20 2523960]

"Xvid"="c:\program files\Xvid\CheckUpdate.exe" [2011-01-17 8192]

"KiesHelper"="c:\program files\Samsung\Kies\KiesHelper.exe" [2011-08-01 958352]

"KiesTrayAgent"="c:\program files\Samsung\Kies\KiesTrayAgent.exe" [2011-08-01 3507088]

"KiesPDLR"="c:\program files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe" [2011-08-01 20880]

"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-29 67584]

"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2002-09-13 212992]

"NapsterShell"="c:\program files\Napster\napster.exe" [2006-06-29 319488]

"AOL_Demo"="c:\applications\Tool\AOL Demo\DSGDemo.exe" [2006-03-01 177178]

"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2005-01-07 61952]

"igfxtray"="c:\windows\system32\igfxtray.exe" [2006-03-23 94208]

"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2006-03-23 77824]

"igfxpers"="c:\windows\system32\igfxpers.exe" [2006-03-23 118784]

"SMSERIAL"="sm56hlpr.exe" [2006-01-20 544768]

"SkyTel"="SkyTel.EXE" [2006-05-16 2879488]

"RTHDCPL"="RTHDCPL.EXE" [2006-11-14 16270848]

"AOLDialer"="c:\program files\Common Files\AOL\ACS\AOLDial.exe" [2007-12-07 71008]

"RealTray"="c:\program files\Real\RealPlayer\RealPlay.exe" [2008-10-26 26112]

"AOL Spyware Protection"="c:\progra~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe" [2004-10-18 79448]

"HostManager"="c:\program files\Common Files\AOL\1225112753\ee\AOLSoftware.exe" [2006-09-26 50736]

"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-04-13 47392]

"fssui"="c:\program files\Windows Live\Family Safety\fsui.exe" [2009-08-05 647520]

"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]

"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2011-09-23 2404704]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-07-05 421888]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]

"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-10-09 421736]

"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

.

c:\documents and settings\James\Start Menu\Programs\Startup\

Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]

Shrink Pic.lnk - c:\program files\Shrink Pic\shrink_pic.exe [2009-5-4 2528256]

.

c:\documents and settings\All Users\Start Menu\Programs\Startup\

Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]

AOL 9.0 Tray Icon.lnk - c:\program files\AOL 9.0\aoltray.exe [2008-10-26 156784]

AOL Companion.lnk - c:\program files\AOL Companion\companion.exe [2008-10-26 250992]

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Messenger\\msmsgs.exe"=

"c:\\Program Files\\LimeWire\\LimeWire.exe"=

"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=

"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=

"c:\\Program Files\\AOL 9.0\\waol.exe"=

"c:\\Program Files\\Common Files\\AOL\\1225112753\\ee\\aolsoftware.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\BitComet\\BitComet.exe"=

"c:\\Program Files\\Steam\\SteamApps\\common\\football manager 2009\\fm.exe"=

"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=

"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=

"%windir%\\system32\\drivers\\svchost.exe"=

"c:\\WINDOWS\\system32\\rtcshare.exe"=

"c:\\Program Files\\NetMeeting\\conf.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=

"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager

"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager

"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application

"c:\\Program Files\\SopCast\\adv\\SopAdver.exe"=

"c:\\Program Files\\SopCast\\SopCast.exe"=

"c:\\Program Files\\AVG\\AVG2012\\avgnsx.exe"=

"c:\\Program Files\\AVG\\AVG2012\\avgdiagex.exe"=

"c:\\Program Files\\AVG\\AVG2012\\avgmfapx.exe"=

"c:\\Program Files\\AVG\\AVG2012\\avgemcx.exe"=

"c:\\Program Files\\Google\\Chrome\\Application\\chrome.exe"=

"c:\\Program Files\\Samsung\\Kies\\KiesTrayAgent.exe"=

"c:\\Program Files\\Samsung\\Kies\\KiesHelper.exe"=

"c:\\Program Files\\Common Files\\Java\\Java Update\\jucheck.exe"=

"c:\\Program Files\\Mozilla Firefox\\plugin-container.exe"=

"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"c:\\Program Files\\Malwarebytes' Anti-Malware\\mbam.exe"=

"c:\\Program Files\\Google\\Update\\GoogleUpdate.exe"=

"c:\\Program Files\\Xvid\\autoupdate-windows.exe"=

"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=

"c:\\Program Files\\Steam\\Steam.exe"=

"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=

"c:\\Program Files\\Adobe\\Acrobat 7.0\\Reader\\AcroRd32.exe"=

"c:\\Program Files\\Malwarebytes' Anti-Malware\\explorer.exe.exe"=

"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=

"c:\\Program Files\\Samsung\\Kies\\External\\FirmwareUpdate\\KiesPDLR.exe"=

"c:\\Program Files\\Common Files\\Java\\Java Update\\jusched.exe"=

"c:\\Program Files\\Microsoft Office\\OFFICE11\\WINWORD.EXE"=

"c:\\Documents and Settings\\James\\My Documents\\Downloads\\tdsskiller\\TDSSKiller.exe"=

"c:\\Program Files\\Last.fm\\LastFM.exe"=

"c:\\Program Files\\Microsoft\\Office Live\\OfficeLiveSignIn.exe"=

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"18461:TCP"= 18461:TCP:BitComet 18461 TCP

"18461:UDP"= 18461:UDP:BitComet 18461 UDP

"5353:TCP"= 5353:TCP:Adobe CSI CS4

"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

.

R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [13/09/2010 15:27 23120]

R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [07/09/2010 02:48 32592]

R0 O2MDRDR;O2MDRDR;c:\windows\system32\drivers\o2media.sys [08/11/2006 13:40 34880]

R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [07/09/2010 02:48 229840]

R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [07/09/2010 02:49 295248]

R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [19/08/2010 20:42 134608]

R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [19/08/2010 20:42 24272]

R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [19/08/2010 20:42 16720]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [31/10/2011 16:10 22216]

S2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\AVGIDSAgent.exe [12/09/2011 05:23 5265248]

S2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [02/08/2011 05:09 192776]

S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [09/09/2011 16:13 136176]

S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [31/10/2011 16:10 366152]

S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\drivers\ssudbus.sys [14/05/2011 11:39 66112]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [09/09/2011 16:13 136176]

S3 RTLWUSB;Realtek RTL8187 Wireless 802.11g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8187.sys [05/09/2006 13:03 176128]

S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\drivers\ssudmdm.sys [14/05/2011 11:39 180672]

S3 VNUWL5B;VIA Networking Technologies USB Wireless LAN Adapter Driver Service;c:\windows\system32\drivers\VNUWL5B.SYS [05/09/2006 13:03 134656]

.

Contents of the 'Scheduled Tasks' folder

.

2011-06-13 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 16:57]

.

2011-11-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2011-09-09 16:11]

.

2011-11-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2011-09-09 16:11]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://google.atcomet.com/b/

uInternet Settings,ProxyOverride = *.local

uSearchURL,(Default) = hxxp://search.aol.co.uk/web?isinit=true&query=%s

IE: &AOL Toolbar search - c:\program files\AOL Toolbar\toolbar.dll/SEARCH.HTML

IE: &D&ownload &with BitComet - c:\program files\BitComet\BitComet.exe/AddLink.htm

IE: &D&ownload all video with BitComet - c:\program files\BitComet\BitComet.exe/AddVideo.htm

IE: &D&ownload all with BitComet - c:\program files\BitComet\BitComet.exe/AddAllLink.htm

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000

IE: Free YouTube to Mp3 Converter - c:\documents and settings\James\Application Data\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm

TCP: DhcpNameServer = 192.168.0.1

FF - ProfilePath - c:\documents and settings\James\Application Data\Mozilla\Firefox\Profiles\au82lx48.default\

FF - prefs.js: browser.search.defaulturl - hxxp://search.live.com/results.aspx?FORM=IEFM1&q=

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/firefox

FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&btnI=745&q=

FF - user.js: yahoo.homepage.dontask - true

.

- - - - ORPHANS REMOVED - - - -

.

Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)

WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)

HKCU-Run-Power2GoExpress - (no file)

SafeBoot-40330103.sys

SafeBoot-41413781.sys

AddRemove-01_Simmental - c:\program files\Samsung\USB Drivers\01_Simmental\Uninstall.exe

AddRemove-02_Siberian - c:\program files\Samsung\USB Drivers\02_Siberian\Uninstall.exe

AddRemove-03_Swallowtail - c:\program files\Samsung\USB Drivers\03_Swallowtail\Uninstall.exe

AddRemove-04_semseyite - c:\program files\Samsung\USB Drivers\04_semseyite\Uninstall.exe

AddRemove-05_Sloan - c:\program files\Samsung\USB Drivers\05_Sloan\Uninstall.exe

AddRemove-06_Spencer - c:\program files\Samsung\USB Drivers\06_Spencer\Uninstall.exe

AddRemove-07_Schorl - c:\program files\Samsung\USB Drivers\07_Schorl\Uninstall.exe

AddRemove-08_EMPChipset - c:\program files\Samsung\USB Drivers\08_EMPChipset\Uninstall.exe

AddRemove-09_Hsp - c:\program files\Samsung\USB Drivers\09_Hsp\Uninstall.exe

AddRemove-11_HSP_Plus_Default - c:\program files\Samsung\USB Drivers\11_HSP_Plus_Default\Uninstall.exe

AddRemove-16_Shrewsbury - c:\program files\Samsung\USB Drivers\16_Shrewsbury\Uninstall.exe

AddRemove-17_EMP_Chipset2 - c:\program files\Samsung\USB Drivers\17_EMP_Chipset2\Uninstall.exe

AddRemove-18_Zinia_Serial_Driver - c:\program files\Samsung\USB Drivers\18_Zinia_Serial_Driver\Uninstall.exe

AddRemove-19_VIA_driver - c:\program files\Samsung\USB Drivers\19_VIA_driver\Uninstall.exe

AddRemove-20_NXP_Driver - c:\program files\Samsung\USB Drivers\20_NXP_Driver\Uninstall.exe

AddRemove-21_Searsburg - c:\program files\Samsung\USB Drivers\21_Searsburg\Uninstall.exe

AddRemove-22_WiBro_WiMAX - c:\program files\Samsung\USB Drivers\22_WiBro_WiMAX\Uninstall.exe

AddRemove-24_flashusbdriver - c:\program files\Samsung\USB Drivers\24_flashusbdriver\Uninstall.exe

AddRemove-25_escape - c:\program files\Samsung\USB Drivers\25_escape\Uninstall.exe

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2011-11-03 21:25

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'winlogon.exe'(1012)

c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll

.

- - - - - - - > 'explorer.exe'(3368)

c:\windows\system32\WININET.dll

c:\program files\Shrink Pic\shrinkpici.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll

.

------------------------ Other Running Processes ------------------------

.

c:\progra~1\AVG\AVG2012\avgrsx.exe

c:\program files\AVG\AVG2012\avgcsrvx.exe

c:\program files\Bonjour\mDNSResponder.exe

c:\windows\eHome\ehRecvr.exe

c:\windows\sm56hlpr.exe

c:\windows\RTHDCPL.EXE

c:\windows\eHome\ehSched.exe

c:\progra~1\MI3AA1~1\rapimgr.exe

c:\windows\ehome\mcrdsvc.exe

c:\windows\system32\wscntfy.exe

c:\windows\eHome\ehmsas.exe

c:\windows\system32\dllhost.exe

c:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe

c:\program files\Common Files\Java\Java Update\jucheck.exe

.

**************************************************************************

.

Completion time: 2011-11-03 21:32:26 - machine was rebooted

ComboFix-quarantined-files.txt 2011-11-03 21:32

.

Pre-Run: 5,303,541,760 bytes free

Post-Run: 9,286,500,352 bytes free

.

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

UnsupportedDebug="do not select this" /debug

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect

.

- - End Of File - - 47FED770C086C8C63B2E1F31F9362CD7

awaiting your next instructions.

Link to post
Share on other sites

DDS log:

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_26

Run by James at 21:53:47 on 2011-11-03

Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.1014.236 [GMT 0:00]

.

.

============== Running Processes ===============

.

C:\PROGRA~1\AVG\AVG2012\avgrsx.exe

C:\Program Files\AVG\AVG2012\avgcsrvx.exe

C:\WINDOWS\system32\svchost.exe -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup

svchost.exe

svchost.exe

svchost.exe

C:\WINDOWS\ehome\ehtray.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Napster\napster.exe

C:\WINDOWS\system32\igfxtray.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\eHome\ehRecvr.exe

C:\WINDOWS\system32\igfxpers.exe

C:\WINDOWS\sm56hlpr.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Program Files\Real\RealPlayer\RealPlay.exe

C:\Program Files\Common Files\AOL\1225112753\ee\AOLSoftware.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\Microsoft ActiveSync\wcescomm.exe

C:\Program Files\BitComet\BitComet.exe

C:\WINDOWS\eHome\ehSched.exe

C:\Program Files\Samsung\Kies\KiesTrayAgent.exe

C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe

svchost.exe

C:\Program Files\AOL 9.0\aoltray.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\Program Files\Shrink Pic\shrink_pic.exe

C:\Program Files\AOL Companion\companion.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\eHome\ehmsas.exe

C:\WINDOWS\system32\dllhost.exe

C:\WINDOWS\System32\svchost.exe -k HTTPFilter

C:\Program Files\Common Files\Java\Java Update\jucheck.exe

C:\WINDOWS\system32\notepad.exe

C:\WINDOWS\explorer.exe

C:\Program Files\Mozilla Firefox\firefox.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://google.atcomet.com/b/

uInternet Settings,ProxyOverride = *.local

uSearchURL,(Default) = hxxp://search.aol.co.uk/web?isinit=true&query=%s

mURLSearchHooks: H - No File

BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll

BHO: BitComet Helper: {39f7e362-828a-4b5a-bcaf-5b79bfdfea60} - c:\program files\bitcomet\tools\BitCometBHO_1.3.1.15.dll

BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg2012\avgssie.dll

BHO: Windows Live Family Safety Browser Helper Class: {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - c:\program files\windows live\family safety\fssbho.dll

BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll

BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

TB: AOL Toolbar: {4982d40a-c53b-4615-b15b-b5b5e98d167c} - c:\program files\aol toolbar\toolbar.dll

TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll

uRun: [steam] "c:\program files\steam\Steam.exe" -silent

uRun: [H/PC Connection Agent] "c:\program files\microsoft activesync\wcescomm.exe"

uRun: [bitComet] "c:\program files\bitcomet\BitComet.exe" /tray

uRun: [Xvid] c:\program files\xvid\CheckUpdate.exe

uRun: [KiesHelper] c:\program files\samsung\kies\KiesHelper.exe /s

uRun: [KiesTrayAgent] c:\program files\samsung\kies\KiesTrayAgent.exe

uRun: [KiesPDLR] c:\program files\samsung\kies\external\firmwareupdate\KiesPDLR.exe

mRun: [ehTray] c:\windows\ehome\ehtray.exe

mRun: [Recguard] c:\windows\sminst\RECGUARD.EXE

mRun: [NapsterShell] c:\program files\napster\napster.exe /systray

mRun: [AOL_Demo] c:\applications\tool\aol demo\DSGDemo.exe

mRun: [High Definition Audio Property Page Shortcut] HDAShCut.exe

mRun: [igfxtray] c:\windows\system32\igfxtray.exe

mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe

mRun: [igfxpers] c:\windows\system32\igfxpers.exe

mRun: [sMSERIAL] sm56hlpr.exe

mRun: [skyTel] SkyTel.EXE

mRun: [RTHDCPL] RTHDCPL.EXE

mRun: [AOLDialer] c:\program files\common files\aol\acs\AOLDial.exe

mRun: [RealTray] c:\program files\real\realplayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER

mRun: [AOL Spyware Protection] "c:\progra~1\common~1\aol\aolspy~1\AOLSP Scheduler.exe"

mRun: [HostManager] c:\program files\common files\aol\1225112753\ee\AOLSoftware.exe

mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe

mRun: [fssui] "c:\program files\windows live\family safety\fsui.exe" -autorun

mRun: [AdobeCS4ServiceManager] "c:\program files\common files\adobe\cs4servicemanager\CS4ServiceManager.exe" -launchedbylogin

mRun: [AVG_TRAY] "c:\program files\avg\avg2012\avgtray.exe"

mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray

dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE

StartupFolder: c:\docume~1\james\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe

StartupFolder: c:\docume~1\james\startm~1\programs\startup\shrink~1.lnk - c:\program files\shrink pic\shrink_pic.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\aol90t~1.lnk - c:\program files\aol 9.0\aoltray.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\aolcom~1.lnk - c:\program files\aol companion\companion.exe

IE: &AOL Toolbar search - c:\program files\aol toolbar\toolbar.dll/SEARCH.HTML

IE: &D&ownload &with BitComet - c:\program files\bitcomet\BitComet.exe/AddLink.htm

IE: &D&ownload all video with BitComet - c:\program files\bitcomet\BitComet.exe/AddVideo.htm

IE: &D&ownload all with BitComet - c:\program files\bitcomet\BitComet.exe/AddAllLink.htm

IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000

IE: Free YouTube to Mp3 Converter - c:\documents and settings\james\application data\dvdvideosoftiehelpers\freeyoutubetomp3converter.htm

IE: {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://c:\program files\bitcomet\tools\BitCometBHO_1.3.1.15.dll/206

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll

IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll

IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll

IE: {4982D40A-C53B-4615-B15B-B5B5E98D167C} - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - c:\program files\aol toolbar\toolbar.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL

IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll

DPF: {00000055-9980-0010-8000-00AA00389B71} - hxxp://codecs.microsoft.com/codecs/i386/fhg.CAB

DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} - hxxp://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

TCP: DhcpNameServer = 192.168.0.1

TCP: Interfaces\{A176F9FA-9AE3-4B94-A494-A2CDF58432DC} : DhcpNameServer = 192.168.0.1

Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg2012\avgpp.dll

Notify: igfxcui - igfxdev.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\documents and settings\james\application data\mozilla\firefox\profiles\au82lx48.default\

FF - prefs.js: browser.search.defaulturl - hxxp://search.live.com/results.aspx?FORM=IEFM1&q=

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/firefox

FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&btnI=745&q=

FF - plugin: c:\program files\ace mega codecs pack\systems\realmedia\browser\plugins\nppl3260.dll

FF - plugin: c:\program files\ace mega codecs pack\systems\realmedia\browser\plugins\nprpjplug.dll

FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll

FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\microsoft silverlight\4.0.60831.0\npctrlui.dll

FF - plugin: c:\program files\microsoft\office live\npOLW.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll

FF - plugin: c:\program files\veetle\player\npvlc.dll

FF - plugin: c:\program files\veetle\plugins\npVeetle.dll

FF - plugin: c:\program files\veetle\vlcbroadcast\npvbp.dll

FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll

FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll

.

---- FIREFOX POLICIES ----

FF - user.js: yahoo.homepage.dontask - true

.

============= SERVICES / DRIVERS ===============

.

R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2010-9-13 23120]

R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2010-9-7 32592]

R0 O2MDRDR;O2MDRDR;c:\windows\system32\drivers\o2media.sys [2006-11-8 34880]

R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2010-9-7 229840]

R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2010-9-7 40016]

R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2010-9-7 295248]

R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2009-1-10 54752]

R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]

R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2010-8-19 134608]

R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2010-8-19 24272]

R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2010-8-19 16720]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-10-31 22216]

S2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2012\AVGIDSAgent.exe [2011-9-12 5265248]

S2 avgwd;AVG WatchDog;c:\program files\avg\avg2012\avgwdsvc.exe [2011-8-2 192776]

S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-9-9 136176]

S2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-10-31 366152]

S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\drivers\ssudbus.sys [2011-5-14 66112]

S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2009-8-5 704864]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-9-9 136176]

S3 RTLWUSB;Realtek RTL8187 Wireless 802.11g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8187.sys [2006-9-5 176128]

S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\drivers\ssudmdm.sys [2011-5-14 180672]

S3 VNUWL5B;VIA Networking Technologies USB Wireless LAN Adapter Driver Service;c:\windows\system32\drivers\VNUWL5B.SYS [2006-9-5 134656]

.

=============== Created Last 30 ================

.

2011-11-03 20:40:14 -------- d-sha-r- C:\cmdcons

2011-11-03 20:37:17 98816 ----a-w- c:\windows\sed.exe

2011-11-03 20:37:17 518144 ----a-w- c:\windows\SWREG.exe

2011-11-03 20:37:17 256000 ----a-w- c:\windows\PEV.exe

2011-11-03 20:37:17 208896 ----a-w- c:\windows\MBR.exe

2011-10-31 16:10:45 22216 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-10-29 16:25:53 -------- d-----w- C:\TDSSKiller_Quarantine

2011-10-24 22:59:56 -------- d--h--w- c:\windows\PIF

2011-10-24 22:48:55 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware2

2011-10-24 10:43:15 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-10-24 10:42:55 -------- d-----w- c:\documents and settings\james\application data\Malwarebytes

2011-10-24 10:42:36 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes

2011-10-24 10:42:30 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-10-20 19:45:56 -------- d-----w- c:\program files\Bonjour

2011-10-17 22:28:41 -------- d-----w- c:\documents and settings\james\application data\AVG2012

2011-10-17 22:26:04 -------- d-----w- c:\documents and settings\all users\application data\AVG2012

.

==================== Find3M ====================

.

2011-10-17 11:05:06 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-09-26 10:41:20 611328 ----a-w- c:\windows\system32\uiautomationcore.dll

2011-09-26 10:41:20 220160 ----a-w- c:\windows\system32\oleacc.dll

2011-09-26 10:41:14 20480 ----a-w- c:\windows\system32\oleaccrc.dll

2011-09-13 05:30:10 32592 ----a-w- c:\windows\system32\drivers\avgrkx86.sys

2011-09-09 09:12:13 599040 ----a-w- c:\windows\system32\crypt32.dll

2011-09-06 13:20:51 1858944 ----a-w- c:\windows\system32\win32k.sys

2011-08-30 22:05:04 83816 ----a-w- c:\windows\system32\dns-sd.exe

2011-08-30 22:05:04 73064 ----a-w- c:\windows\system32\dnssd.dll

2011-08-22 23:48:55 916480 ----a-w- c:\windows\system32\wininet.dll

2011-08-22 23:48:54 43520 ----a-w- c:\windows\system32\licmgr10.dll

2011-08-22 23:48:54 1469440 ------w- c:\windows\system32\inetcpl.cpl

2011-08-22 11:56:39 385024 ----a-w- c:\windows\system32\html.iec

2011-08-17 13:49:54 138496 ----a-w- c:\windows\system32\drivers\afd.sys

2003-08-27 21:19:18 36963 ----a-r- c:\program files\common files\SM1updtr.dll

.

============= FINISH: 21:54:45.75 ===============

Link to post
Share on other sites

  • Staff

Hi,

Next, please run a free online scan with the ESET Online Scanner

Note: You will need to use Internet Explorer for this scan.

  1. Tick the box next to YES, I accept the Terms of Use.
  2. Click Start
  3. When asked, allow the ActiveX control to install
  4. Click Start
  5. Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  6. Click Scan
    Wait for the scan to finish
  7. Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  8. Copy and paste that log as a reply to this topic

Next, download my Security Check from here or here.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Let me know how things are running now and what issues remain.

Link to post
Share on other sites

  • 2 weeks later...
  • 3 weeks later...
  • Staff

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.