Tech Support Guy banner
  • IMPORTANT: Only authorized members may reply to threads in this forum due to the complexity of the malware removal process. Authorized members include Malware Specialists and Trainees, Administrators, Moderators, and Trusted Advisors. Regular members are not permitted to reply, and any such posts will be deleted without notice or further explanation. Notice
Status
Not open for further replies.

Trojan problems

1K views 14 replies 2 participants last post by  NeonFx 
#1 ·

Attachments

#2 ·
Hello there :cool: Welcome to the TSG Forums.
My name is NeonFx. I'll be glad to help you with your computer problems. Logs can take some time to research, so please be patient with me.

Please note the following:
  • The fixes are specific to your problem and should only be used on this machine.
  • Please continue to review my answers until I tell you your machine appears to be clean. Absence of symptoms does not necessarily mean that the system is completely clean.
  • It's often worth reading through these instructions and printing them for ease of reference. I may ask you to boot into Safe Mode where you will be unable to follow my instructions online.
  • If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
  • Please reply to this thread. Do not start a new topic.

Step 1

NOTE: ComboFix should NOT be used without supervision by someone trained in its use. It does a whole lot more to a system than just remove infected files.

Download ComboFix from one of these locations:

Link 1
Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Note: If you are having difficulty properly disabling your protective programs, or are unsure as to what programs need to be disabled, please refer to the information available through this link : Disabling Security Programs
  • Double click on ComboFix.exe & follow the prompts.

    Note: Combofix will run without the Recovery Console installed.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:



Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

Notes:

1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
3. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you please let me know. A increasing number of infections are spreading using Autoplay and leaving it disabled is a good idea.
4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
 
#3 ·
Gday Neonfx
Here is copy of combofix log
Only thing when running it said avg was still running and i disabled sheild etc in avg options so unless i unistalled it then it could not be disabled.
If you want me to uninstall then i will

ComboFix 10-04-15.05 - lee 4/2010 Sat 12:01:22.2.1 - x86 NETWORK
Microsoft Windows XP Professional 5.1.2600.3.932.81.1033.18.3455.3100 [GMT 9.5:30]
Running from: c:\documents and settings\lee\Desktop\virus fix\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
((((((((((((((((((((((((( Files Created from 2010-03-17 to 2010-04-17 )))))))))))))))))))))))))))))))
.
2010-04-16 14:55 . 2010-04-16 14:55 3584 ----a-r- c:\documents and settings\lee\Application Data\Microsoft\Installer\{121634B0-2F4B-11D3-ADA3-00C04F52DD52}\Icon386ED4E3.exe
2010-04-16 14:55 . 2010-04-16 14:55 -------- d-----w- c:\program files\Windows Installer Clean Up
2010-04-16 14:55 . 2010-04-16 14:55 -------- d-----w- c:\program files\MSECACHE
2010-04-16 08:01 . 2010-04-16 08:01 -------- d-----w- c:\documents and settings\Administrator.ATSUKO\Application Data\Malwarebytes
2010-04-16 06:44 . 2010-04-16 06:44 -------- d-----w- c:\documents and settings\lee\Application Data\Malwarebytes
2010-04-16 06:43 . 2010-03-29 15:16 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-16 06:43 . 2010-04-16 06:43 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-04-16 06:43 . 2010-03-29 15:15 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-14 16:14 . 2010-04-14 16:14 1685784 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgupd.dll
2010-04-14 16:14 . 2010-04-14 16:14 1035032 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgupd.exe
2010-04-14 02:04 . 2010-04-14 02:04 -------- d-----w- C:\$AVG
2010-04-13 11:04 . 2010-04-13 11:04 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2010-04-13 11:04 . 2010-04-13 11:04 242696 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-04-13 11:04 . 2010-04-13 11:04 216200 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-04-13 11:04 . 2010-04-13 11:04 29512 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-04-13 11:04 . 2010-04-17 01:11 -------- d-----w- c:\windows\system32\drivers\Avg
2010-04-13 11:04 . 2010-04-13 11:04 -------- d-----w- c:\program files\AVG
2010-04-13 11:04 . 2010-04-13 11:04 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9
2010-04-13 01:50 . 2010-04-13 12:33 -------- d-----w- c:\documents and settings\lee\Application Data\GetRight
2010-04-05 08:21 . 2010-04-05 08:21 -------- d-----w- c:\documents and settings\atsuko m\Application Data\Samsung
2010-04-05 08:08 . 2010-04-05 08:08 -------- d-----w- c:\program files\Samsung
2010-04-05 07:57 . 2010-04-05 07:57 -------- d-----w- c:\documents and settings\lee\Application Data\Samsung
2010-04-02 01:53 . 2010-04-02 01:53 -------- d-----w- c:\program files\iPod
2010-04-02 01:52 . 2010-04-02 01:53 -------- d-----w- c:\program files\iTunes
2010-04-02 01:52 . 2010-04-02 01:53 -------- d-----w- c:\documents and settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-04-02 01:45 . 2010-04-02 01:45 -------- d-----w- c:\program files\Bonjour
2010-04-02 01:23 . 2010-04-02 01:23 73000 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.1.0.79\SetupAdmin.exe
2010-04-01 16:37 . 2010-04-01 16:37 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files
2010-04-01 13:59 . 2010-04-01 13:59 -------- d-sh--w- c:\documents and settings\Administrator.ATSUKO\PrivacIE
2010-04-01 06:34 . 2010-04-01 06:34 -------- d-----w- c:\documents and settings\Administrator.ATSUKO\Application Data\Windows Search
2010-04-01 06:10 . 2010-04-16 02:04 -------- d-----w- c:\program files\Windows Live Safety Center
2010-04-01 05:44 . 2010-04-01 16:33 1100 ----a-w- c:\windows\system32\d3d8caps.dat
2010-04-01 05:44 . 2010-04-06 04:20 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
2010-03-31 10:09 . 2010-03-31 10:09 130240 ----a-w- c:\documents and settings\Administrator.ATSUKO\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-03-31 06:12 . 2010-03-31 06:12 -------- d-sh--w- c:\documents and settings\Administrator.ATSUKO\IETldCache
2010-03-31 06:05 . 2010-03-31 06:05 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2010-03-31 06:02 . 2010-03-31 06:02 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2010-03-29 02:31 . 2007-05-08 01:02 61440 ----a-w- c:\windows\system32\PWContextMenu.dll
2010-03-24 08:04 . 2010-03-24 18:17 952768 ----a-w- c:\documents and settings\All Users\Application Data\Adobe\Reader\9.3\ARM\26302\AdobeARM.exe
2010-03-24 08:04 . 2010-03-24 18:17 70584 ----a-w- c:\documents and settings\All Users\Application Data\Adobe\Reader\9.3\ARM\26302\AdobeExtractFiles.dll
2010-03-24 08:04 . 2010-03-24 18:17 326056 ----a-w- c:\documents and settings\All Users\Application Data\Adobe\Reader\9.3\ARM\26302\ReaderUpdater.exe
2010-03-24 08:04 . 2010-03-24 18:17 326056 ----a-w- c:\documents and settings\All Users\Application Data\Adobe\Reader\9.3\ARM\26302\AcrobatUpdater.exe
2010-03-23 10:10 . 2010-03-23 10:10 -------- d-----w- c:\program files\Common Files\Skype
2010-03-20 03:14 . 2010-03-20 03:15 -------- d-----w- c:\documents and settings\lee\Application Data\Photo! Web Album
2010-03-20 03:14 . 2010-03-20 03:14 -------- d-----w- c:\program files\Photo!
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-17 01:40 . 2009-02-17 13:32 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-04-17 01:40 . 2008-01-02 23:49 -------- d-----w- c:\documents and settings\lee\Application Data\Skype
2010-04-17 01:40 . 2008-10-18 01:58 -------- d-----w- c:\documents and settings\lee\Application Data\DNA
2010-04-17 01:05 . 2008-09-23 02:44 -------- d-----w- c:\documents and settings\lee\Application Data\skypePM
2010-04-17 01:05 . 2009-02-17 13:33 36928 ----a-w- c:\windows\system32\drivers\pssdk41.sys
2010-04-17 01:03 . 2008-10-18 01:58 -------- d-----w- c:\program files\DNA
2010-04-16 02:03 . 2009-11-10 05:23 -------- d-----w- c:\documents and settings\lee\Application Data\vlc
2010-04-14 08:04 . 2008-01-02 23:21 -------- d-----w- c:\documents and settings\lee\Application Data\LimeWire
2010-04-13 10:15 . 2008-12-08 11:29 1324 ----a-w- c:\windows\system32\d3d9caps.dat
2010-04-13 01:50 . 2009-06-09 12:25 -------- d-----w- c:\program files\GetRight
2010-04-12 16:18 . 2004-08-04 12:00 125056 ----a-w- c:\windows\system32\drivers\ftdisk.sys
2010-04-12 14:07 . 2007-12-05 06:35 -------- d-----w- c:\documents and settings\lee\Application Data\BitTorrent
2010-04-07 13:25 . 2007-12-20 07:45 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2010-04-05 09:55 . 2007-12-21 02:19 -------- d-----w- c:\documents and settings\atsuko m\Application Data\Skype
2010-04-05 08:36 . 2008-08-30 07:30 -------- d-----w- c:\documents and settings\atsuko m\Application Data\Sony
2010-04-05 08:20 . 2009-12-30 10:49 5632 ----a-w- c:\windows\system32\drivers\StarOpen.sys
2010-04-05 08:08 . 2007-10-01 03:49 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-04-05 08:00 . 2008-11-12 11:10 -------- d-----w- c:\documents and settings\atsuko m\Application Data\skypePM
2010-04-04 05:42 . 2009-03-14 01:13 -------- d-----w- c:\program files\graphics
2010-04-03 08:28 . 2007-10-04 23:36 -------- d-----w- c:\program files\multimedia
2010-04-02 01:52 . 2009-01-07 07:13 -------- d-----w- c:\program files\Common Files\Apple
2010-03-31 15:38 . 2007-10-01 03:49 -------- d-----w- c:\program files\Common Files\Java
2010-03-31 15:37 . 2009-01-30 03:09 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-03-31 05:20 . 2009-11-03 06:34 -------- d-----w- c:\documents and settings\lee\Application Data\SmartDraw
2010-03-30 13:07 . 2007-10-02 01:28 -------- d-----w- c:\program files\Common Files\Adobe
2010-03-28 14:22 . 2007-10-01 03:54 130240 ----a-w- c:\documents and settings\lee\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-03-25 03:22 . 2007-10-01 11:15 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-03-25 02:38 . 2007-10-01 04:22 -------- d-----w- c:\program files\MSI
2010-03-21 13:18 . 2007-10-09 04:05 -------- d-----w- c:\program files\Google
2010-03-20 02:58 . 2009-03-14 01:43 -------- d-----w- c:\program files\Web Photo Album
2010-03-02 17:52 . 2010-03-02 17:52 59952 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files\Kaspersky PURE 9.0.0.192\Australian\setup.exe
2010-03-01 16:58 . 2009-11-10 05:27 -------- d-----w- c:\documents and settings\lee\Application Data\dvdcss
2010-01-31 04:19 . 2010-01-31 04:19 348160 ----a-w- c:\documents and settings\atsuko m\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-6d38ebb4-n\msvcr71.dll
2010-01-31 04:19 . 2010-01-31 04:19 503808 ----a-w- c:\documents and settings\atsuko m\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-6d38ebb4-n\msvcp71.dll
2010-01-31 04:19 . 2010-01-31 04:19 499712 ----a-w- c:\documents and settings\atsuko m\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-6d38ebb4-n\jmc.dll
2010-01-31 04:19 . 2010-01-31 04:19 61440 ----a-w- c:\documents and settings\atsuko m\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-1b53c93b-n\decora-sse.dll
2010-01-31 04:19 . 2010-01-31 04:19 12800 ----a-w- c:\documents and settings\atsuko m\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-1b53c93b-n\decora-d3d.dll
2010-01-27 14:44 . 2009-06-20 09:38 862040 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\threatwork.exe
2010-01-27 14:43 . 2009-06-01 09:39 163728 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\ShellExt.dll
2010-01-27 14:43 . 2009-06-01 09:38 327000 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\RPAPI.dll
2010-01-27 14:43 . 2009-06-20 09:37 1643272 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-Aware.exe
2010-01-27 08:45 . 2009-06-01 09:39 15880 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lsdelete.exe
2010-01-27 08:45 . 2009-04-27 02:49 15880 ----a-w- c:\windows\system32\lsdelete.exe
2010-01-27 08:45 . 2009-06-20 09:38 206944 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lavamessage.dll
2010-01-27 08:45 . 2009-06-20 09:38 390288 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lavalicense.dll
2010-01-27 08:45 . 2009-11-22 08:43 537576 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\aawapi.dll
2010-01-27 08:44 . 2009-06-20 09:38 8 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Savapibridge.dll
2010-01-27 08:44 . 2009-06-20 09:38 6296864 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Resources.dll
2010-01-27 08:44 . 2009-06-01 09:38 87496 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\PrivacyClean.dll
2010-01-27 08:44 . 2009-06-20 09:37 933120 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\CEAPI.dll
2010-01-27 08:44 . 2009-06-20 09:37 816784 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-AwareCommand.exe
2010-01-27 08:44 . 2009-06-20 09:37 788880 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWTray.exe
2010-01-27 06:35 . 2010-01-27 06:35 503808 ----a-w- c:\documents and settings\lee\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-3d635c3a-n\msvcp71.dll
2010-01-27 06:35 . 2010-01-27 06:35 499712 ----a-w- c:\documents and settings\lee\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-3d635c3a-n\jmc.dll
2010-01-27 06:35 . 2010-01-27 06:35 348160 ----a-w- c:\documents and settings\lee\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-3d635c3a-n\msvcr71.dll
2010-01-27 06:35 . 2010-01-27 06:35 61440 ----a-w- c:\documents and settings\lee\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-416df5d3-n\decora-sse.dll
2010-01-27 06:35 . 2010-01-27 06:35 12800 ----a-w- c:\documents and settings\lee\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-416df5d3-n\decora-d3d.dll
2010-01-22 02:41 . 2010-03-01 09:47 24904 ----a-w- c:\windows\system32\ventmon.dll
2009-02-18 10:38 . 2009-02-18 10:38 14356 ----a-w- c:\program files\settings.dat
2004-03-11 03:57 . 2007-10-13 10:22 40960 ----a-w- c:\program files\Uninstall_CDS.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-10-09 139264]
"BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2009-11-13 323392]
"Messenger (Yahoo!)"="c:\progra~1\Yahoo!\MESSEN~1\YahooMessenger.exe" [2009-11-10 5244216]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-03-09 26100520]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2005-08-12 45056]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"Acrobat Assistant 7.0"="c:\program files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2008-04-22 483328]
"Windows Defender"="c:\program files\system\protect\Windows Defender\MSASCui.exe" [2010-04-17 866584]
"RemoteControl"="c:\program files\multimedia\Cyberlink DVD Solution\PowerDVD\PDVDServ.exe" [2003-12-08 32768]
"Easy-PrintToolBox"="c:\program files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE" [2006-10-17 398944]
"Omnipage"="c:\program files\multimedia\omnipage\opware32.exe" [2001-05-25 49152]
"FixCamera"="c:\windows\FixCamera.exe" [2007-02-12 20480]
"snp325"="c:\windows\vsnp325.exe" [2007-05-10 835584]
"SoundMan"="SOUNDMAN.EXE" [2006-11-16 577536]
"WD Drive Manager"="c:\program files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe" [2008-01-29 438272]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2010-01-27 788880]
"EEventManager"="c:\program files\EPSON\Creativity Suite\Event Manager\EEventManager.exe" [2006-10-12 102400]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-21 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"QuickTime Task"="c:\program files\multimedia\QuickTime\qttask.exe" [2010-03-17 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-03-25 142120]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\system\protect\Malwarebytes' Anti-Malware\mbam.exe" [2010-03-29 1086856]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2008-11-03 435096]
c:\documents and settings\lee\Start Menu\Programs\Startup\
PRTG System Tray Notifier.lnk - c:\program files\system\network\PRTG Network Monitor\PRTG System Tray Notifier.exe [2009-2-17 1505064]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Acrobat Speed Launcher.lnk - c:\windows\Installer\{AC76BA86-1033-F400-7760-000000000002}\SC_Acrobat.exe [2007-10-3 25214]
DigiCell.lnk - c:\program files\MSI\DigiCell\DigiCell.exe [2007-1-2 1376256]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-04-13 11:04 12464 ----a-w- c:\windows\system32\avgrsstx.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\internet\\downloading\\bittorrent\\bittorrent.exe"=
"c:\\Program Files\\internet\\downloading\\eMule\\emule.exe"=
"c:\\Program Files\\multimedia\\omnipage\\EregEng\\NAVBrowser.exe"=
"c:\\Program Files\\internet\\downloading\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Common Files\\Ahead\\Nero Web\\SetupX.exe"=
"c:\\Program Files\\VoipDiscount.com\\VoipDiscount\\VoipDiscount.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\WINDOWS\\pchealth\\helpctr\\binaries\\helpctr.exe"=
"c:\\Program Files\\system\\network\\PRTG Network Monitor\\PRTG Probe.exe"=
"c:\\Program Files\\system\\network\\PRTG Network Monitor\\PRTG Server Administrator.exe"=
"c:\\Program Files\\system\\network\\PRTG Network Monitor\\PRTG Server.exe"=
"c:\\Program Files\\ATI Technologies\\ATI.ACE\\CLI.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"%windir%\\system32\\drivers\\svchost.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\WINDOWS\\system32\\spoolsv.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\system\\protect\\avg\\avgupd.exe"=
"c:\\Program Files\\system\\protect\\avg\\avgnsx.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:*:Disabled:mad:xpsp2res.dll,-22009
"1700:TCP"= 1700:TCP:MioNet Remote Drive Access 0
"1701:TCP"= 1701:TCP:MioNet Remote Drive Access 1
"1702:TCP"= 1702:TCP:MioNet Remote Drive Access 2
"1703:TCP"= 1703:TCP:MioNet Remote Drive Access 3
"1704:TCP"= 1704:TCP:MioNet Remote Drive Access 4
"1705:TCP"= 1705:TCP:MioNet Remote Drive Access 5
"1706:TCP"= 1706:TCP:MioNet Remote Drive Access 6
"1707:TCP"= 1707:TCP:MioNet Remote Drive Access 7
"1708:TCP"= 1708:TCP:MioNet Remote Drive Access 8
"1709:TCP"= 1709:TCP:MioNet Remote Drive Access 9
"1641:TCP"= 1641:TCP:MioNet Remote Drive Verification
"1647:TCP"= 1647:TCP:MioNet Storage Device Configuration
"5432:UDP"= 5432:UDP:MioNet Storage Device Discovery
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [18/04/2009 7:07 PM 64288]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [13/04/2010 8:34 PM 242696]
R2 WinDefend;Windows Defender;c:\program files\system\protect\Windows Defender\MsMpEng.exe [3/11/2006 7:19 PM 13592]
S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [13/04/2010 8:34 PM 216200]
S2 AdobeActiveFileMonitor;Adobe Active File Monitor;c:\program files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe [20/10/2004 4:47 AM 98304]
S2 avg9wd;AVG Free WatchDog;c:\program files\system\protect\avg\avgwdsvc.exe [13/04/2010 8:34 PM 308064]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [4/11/2009 5:30 PM 135664]
S2 MemeoBackgroundService;MemeoBackgroundService;c:\program files\WD\WD Anywhere Backup\MemeoBackgroundService.exe [10/07/2008 5:26 PM 25824]
S2 PhotoshopElementsDeviceConnect;Photoshop Elements Device Connect;c:\program files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe [20/10/2004 3:40 AM 118784]
S2 PRTG7CoreService;PRTG 7 Core Server Service;c:\program files\system\network\PRTG Network Monitor\PRTG Server.exe [17/02/2009 11:01 PM 2679592]
S2 PRTG7ProbeService;PRTG 7 Probe Service;c:\program files\system\network\PRTG Network Monitor\PRTG Probe.exe [17/02/2009 11:01 PM 2826536]
S2 WDBtnMgrSvc.exe;WD Drive Manager Service;c:\program files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe [30/01/2008 3:52 AM 106496]
S3 DigiCellDriver;DigiCellDriver;c:\program files\MSI\DigiCell\NTGLM7X.sys [7/06/2006 9:00 AM 28672]
S3 FLASHSYS;FLASHSYS;c:\program files\MSI\Live Update 4\LU4\FlashSys.sys [25/03/2010 12:02 PM 9216]
S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [24/09/2009 8:47 PM 1181328]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [7/11/2007 5:52 AM 34064]
S3 PIXMCVA;JVC PIX-MCV Audio Capture;c:\windows\system32\drivers\pixmcva.sys [29/10/2008 8:37 PM 27961]
S3 PsSdk41;PsSdk41;c:\windows\system32\drivers\pssdk41.sys [17/02/2009 11:03 PM 36928]
S3 rdsdrvdm;rdsdrvdm;c:\windows\system32\drivers\rdsdrvdm.sys [21/10/2008 2:20 PM 8128]
S3 SNP325;USB PC Camera (SNPSTD325);c:\windows\system32\drivers\snp325.sys [24/09/2008 4:02 PM 10343168]
.
Contents of the 'Scheduled Tasks' folder
2010-04-17 c:\windows\Tasks\Ad-Aware Update (Daily 1).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 02:43]
2010-04-17 c:\windows\Tasks\Ad-Aware Update (Daily 2).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 02:43]
2010-04-17 c:\windows\Tasks\Ad-Aware Update (Daily 3).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 02:43]
2010-04-17 c:\windows\Tasks\Ad-Aware Update (Daily 4).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 02:43]
2010-04-17 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 02:43]
2010-04-10 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 02:04]
2010-04-17 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-12-20 06:14]
2010-04-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-11-04 08:00]
2010-04-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-11-04 08:00]
2010-04-17 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\system\protect\Windows Defender\MpCmdRun.exe [2006-11-03 09:50]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.ninemsn.com.au/
uInternet Settings,ProxyOverride = *.local
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Easy-WebPrint Add To Print List - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
IE: Easy-WebPrint High Speed Print - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
IE: Easy-WebPrint Preview - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
IE: Easy-WebPrint Print - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
Trusted Zone: microsoft.com\www.update
DPF: {15A02B79-60BB-42B8-814E-BF8364106B9E} - hxxp://images.commsec.com.au/downloads/pco3/Pco3X_Commsec.cab
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-04-17 12:10
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net
device: opened successfully
user: MBR read successfully
called modules: ntoskrnl.exe catchme.sys CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x8AA5FAC8]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf765bf28
\Driver\ACPI -> ACPI.sys @ 0xf758ecb8
\Driver\atapi -> atapi.sys @ 0xf7480852
IoDeviceObjectType -> DeleteProcedure -> ntoskrnl.exe @ 0x805a0598
ParseProcedure -> ntoskrnl.exe @ 0x8056ea15
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntoskrnl.exe @ 0x805a0598
ParseProcedure -> ntoskrnl.exe @ 0x8056ea15
NDIS: Marvell Yukon 88E8053 PCI-E Gigabit Ethernet Controller -> SendCompleteHandler -> NDIS.sys @ 0xf796fbb0
PacketIndicateHandler -> NDIS.sys @ 0xf795ea0d
SendHandler -> NDIS.sys @ 0xf7972b40
user & kernel MBR OK
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-515967899-920026266-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{7B34F7DB-804A-A781-D5FF-011235A2876A}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
[HKEY_USERS\S-1-5-21-515967899-920026266-725345543-1004\Software\pdfforge.org\P*D*F*C*r*e*a*t*o*r*ト0・・ミ0・\History]
"termite bait station"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(928)
c:\windows\system32\WININET.dll
c:\windows\system32\Ati2evxx.dll
- - - - - - - > 'lsass.exe'(988)
c:\windows\system32\WININET.dll
- - - - - - - > 'explorer.exe'(1488)
c:\windows\system32\WININET.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll
c:\windows\system32\hnetcfg.dll
.
Completion time: 2010-04-17 12:14:23
ComboFix-quarantined-files.txt 2010-04-17 02:44
ComboFix2.txt 2010-04-16 12:20
Pre-Run: 62,671,921,152 bytes free
Post-Run: 62,653,280,256 bytes free
- - End Of File - - B1A26688AC7F17E4931A9F3C56A7947D
 
#4 ·
I have fixed adaware problem and i can get windows updates via the auto updates but if i go to website then cant access
Same with windows defender cant access update page unless i install manually
Also system restore keeps getting switched on after i set to OFF
and i get the IE opens in another window and goes to various websites
Hope that helps
 
#5 ·
Is there a reason you ran ComboFix in Safe Mode instead of Normal Mode? You can savely ignore the warning about AVG.

Please do the following:

Please do the following:

1. Close any open open programs before running the fix.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open Notepad (Start > Programs > Accessories) and copy/paste the text in the codebox below into it:

Code:
TDL::
C:\WINDOWS\system32\drivers\ftdisk.sys
NOTE: Make sure WordWrap is unchecked in Notepad by clicking on the "Format" menu icon.

Save this as CFScript.txt, in the same location as ComboFix.exe



Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.
 
#6 ·
Here is copy of log.txt
regards Lee

ComboFix 10-04-17.07 - lee 4/2010 Mon 16:09:10.3.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.932.81.1033.18.3455.2880 [GMT 9.5:30]
Running from: c:\documents and settings\lee\Desktop\virus fix\ComboFix.exe
Command switches used :: c:\documents and settings\lee\Desktop\virus fix\CFScript.txt
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
Infected copy of c:\windows\system32\drivers\ftdisk.sys was found and disinfected
Restored copy from - Kitty had a snack :p
.
((((((((((((((((((((((((( Files Created from 2010-03-19 to 2010-04-19 )))))))))))))))))))))))))))))))
.
2010-04-18 02:43 . 2010-04-18 02:43 -------- d-----w- c:\documents and settings\lee\Application Data\AVG9
2010-04-18 01:17 . 2010-04-12 07:59 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-04-16 14:55 . 2010-04-16 14:55 3584 ----a-r- c:\documents and settings\lee\Application Data\Microsoft\Installer\{121634B0-2F4B-11D3-ADA3-00C04F52DD52}\Icon386ED4E3.exe
2010-04-16 14:55 . 2010-04-16 14:55 -------- d-----w- c:\program files\Windows Installer Clean Up
2010-04-16 14:55 . 2010-04-16 14:55 -------- d-----w- c:\program files\MSECACHE
2010-04-16 08:01 . 2010-04-16 08:01 -------- d-----w- c:\documents and settings\Administrator.ATSUKO\Application Data\Malwarebytes
2010-04-16 06:44 . 2010-04-16 06:44 -------- d-----w- c:\documents and settings\lee\Application Data\Malwarebytes
2010-04-16 06:43 . 2010-03-29 15:16 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-16 06:43 . 2010-04-16 06:43 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-04-16 06:43 . 2010-03-29 15:15 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-14 16:14 . 2010-04-14 16:14 1685784 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgupd.dll
2010-04-14 16:14 . 2010-04-14 16:14 1035032 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgupd.exe
2010-04-14 02:04 . 2010-04-14 02:04 -------- d-----w- C:\$AVG
2010-04-13 11:04 . 2010-04-13 11:04 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2010-04-13 11:04 . 2010-04-13 11:04 242696 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-04-13 11:04 . 2010-04-13 11:04 216200 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-04-13 11:04 . 2010-04-13 11:04 29512 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-04-13 11:04 . 2010-04-18 23:42 -------- d-----w- c:\windows\system32\drivers\Avg
2010-04-13 11:04 . 2010-04-13 11:04 -------- d-----w- c:\program files\AVG
2010-04-13 11:04 . 2010-04-13 11:04 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9
2010-04-13 01:50 . 2010-04-13 12:33 -------- d-----w- c:\documents and settings\lee\Application Data\GetRight
2010-04-05 08:21 . 2010-04-05 08:21 -------- d-----w- c:\documents and settings\atsuko m\Application Data\Samsung
2010-04-05 08:08 . 2010-04-05 08:08 -------- d-----w- c:\program files\Samsung
2010-04-05 07:57 . 2010-04-05 07:57 -------- d-----w- c:\documents and settings\lee\Application Data\Samsung
2010-04-02 01:53 . 2010-04-02 01:53 -------- d-----w- c:\program files\iPod
2010-04-02 01:52 . 2010-04-02 01:53 -------- d-----w- c:\program files\iTunes
2010-04-02 01:52 . 2010-04-02 01:53 -------- d-----w- c:\documents and settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-04-02 01:45 . 2010-04-02 01:45 -------- d-----w- c:\program files\Bonjour
2010-04-02 01:23 . 2010-04-02 01:23 73000 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.1.0.79\SetupAdmin.exe
2010-04-01 16:37 . 2010-04-01 16:37 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files
2010-04-01 13:59 . 2010-04-01 13:59 -------- d-sh--w- c:\documents and settings\Administrator.ATSUKO\PrivacIE
2010-04-01 06:34 . 2010-04-01 06:34 -------- d-----w- c:\documents and settings\Administrator.ATSUKO\Application Data\Windows Search
2010-04-01 06:10 . 2010-04-16 02:04 -------- d-----w- c:\program files\Windows Live Safety Center
2010-04-01 05:44 . 2010-04-01 16:33 1100 ----a-w- c:\windows\system32\d3d8caps.dat
2010-04-01 05:44 . 2010-04-06 04:20 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
2010-03-31 10:09 . 2010-03-31 10:09 130240 ----a-w- c:\documents and settings\Administrator.ATSUKO\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-03-31 06:12 . 2010-03-31 06:12 -------- d-sh--w- c:\documents and settings\Administrator.ATSUKO\IETldCache
2010-03-31 06:05 . 2010-03-31 06:05 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2010-03-31 06:02 . 2010-03-31 06:02 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2010-03-29 02:31 . 2007-05-08 01:02 61440 ----a-w- c:\windows\system32\PWContextMenu.dll
2010-03-24 08:04 . 2010-03-24 18:17 952768 ----a-w- c:\documents and settings\All Users\Application Data\Adobe\Reader\9.3\ARM\26302\AdobeARM.exe
2010-03-24 08:04 . 2010-03-24 18:17 70584 ----a-w- c:\documents and settings\All Users\Application Data\Adobe\Reader\9.3\ARM\26302\AdobeExtractFiles.dll
2010-03-24 08:04 . 2010-03-24 18:17 326056 ----a-w- c:\documents and settings\All Users\Application Data\Adobe\Reader\9.3\ARM\26302\ReaderUpdater.exe
2010-03-24 08:04 . 2010-03-24 18:17 326056 ----a-w- c:\documents and settings\All Users\Application Data\Adobe\Reader\9.3\ARM\26302\AcrobatUpdater.exe
2010-03-23 10:10 . 2010-03-23 10:10 -------- d-----w- c:\program files\Common Files\Skype
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-19 06:38 . 2009-02-17 13:33 36928 ----a-w- c:\windows\system32\drivers\pssdk41.sys
2010-04-19 06:38 . 2009-02-17 13:32 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-04-19 06:35 . 2008-10-18 01:58 -------- d-----w- c:\documents and settings\lee\Application Data\DNA
2010-04-19 05:11 . 2008-01-02 23:49 -------- d-----w- c:\documents and settings\lee\Application Data\Skype
2010-04-18 09:59 . 2004-08-04 12:00 125056 ----a-w- c:\windows\system32\drivers\ftdisk.sys
2010-04-18 07:04 . 2008-09-23 02:44 -------- d-----w- c:\documents and settings\lee\Application Data\skypePM
2010-04-18 02:32 . 2008-10-18 01:58 -------- d-----w- c:\program files\DNA
2010-04-18 01:16 . 2007-10-01 03:49 -------- d-----w- c:\program files\Java
2010-04-18 01:08 . 2007-10-01 11:15 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-04-18 01:04 . 2007-12-21 02:19 -------- d-----w- c:\documents and settings\atsuko m\Application Data\Skype
2010-04-17 23:09 . 2008-11-12 11:10 -------- d-----w- c:\documents and settings\atsuko m\Application Data\skypePM
2010-04-17 17:55 . 2009-11-10 05:23 -------- d-----w- c:\documents and settings\lee\Application Data\vlc
2010-04-14 08:04 . 2008-01-02 23:21 -------- d-----w- c:\documents and settings\lee\Application Data\LimeWire
2010-04-13 10:15 . 2008-12-08 11:29 1324 ----a-w- c:\windows\system32\d3d9caps.dat
2010-04-13 01:50 . 2009-06-09 12:25 -------- d-----w- c:\program files\GetRight
2010-04-12 14:07 . 2007-12-05 06:35 -------- d-----w- c:\documents and settings\lee\Application Data\BitTorrent
2010-04-07 13:25 . 2007-12-20 07:45 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2010-04-05 08:36 . 2008-08-30 07:30 -------- d-----w- c:\documents and settings\atsuko m\Application Data\Sony
2010-04-05 08:20 . 2009-12-30 10:49 5632 ----a-w- c:\windows\system32\drivers\StarOpen.sys
2010-04-05 08:08 . 2007-10-01 03:49 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-04-04 05:42 . 2009-03-14 01:13 -------- d-----w- c:\program files\graphics
2010-04-03 08:28 . 2007-10-04 23:36 -------- d-----w- c:\program files\multimedia
2010-04-02 01:52 . 2009-01-07 07:13 -------- d-----w- c:\program files\Common Files\Apple
2010-03-31 15:38 . 2007-10-01 03:49 -------- d-----w- c:\program files\Common Files\Java
2010-03-31 05:20 . 2009-11-03 06:34 -------- d-----w- c:\documents and settings\lee\Application Data\SmartDraw
2010-03-30 13:07 . 2007-10-02 01:28 -------- d-----w- c:\program files\Common Files\Adobe
2010-03-28 14:22 . 2007-10-01 03:54 130240 ----a-w- c:\documents and settings\lee\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-03-25 02:38 . 2007-10-01 04:22 -------- d-----w- c:\program files\MSI
2010-03-21 13:18 . 2007-10-09 04:05 -------- d-----w- c:\program files\Google
2010-03-20 03:15 . 2010-03-20 03:14 -------- d-----w- c:\documents and settings\lee\Application Data\Photo! Web Album
2010-03-20 03:14 . 2010-03-20 03:14 -------- d-----w- c:\program files\Photo!
2010-03-20 02:58 . 2009-03-14 01:43 -------- d-----w- c:\program files\Web Photo Album
2010-03-10 06:15 . 2004-08-04 12:00 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-03-02 17:52 . 2010-03-02 17:52 59952 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files\Kaspersky PURE 9.0.0.192\Australian\setup.exe
2010-03-01 16:58 . 2009-11-10 05:27 -------- d-----w- c:\documents and settings\lee\Application Data\dvdcss
2010-03-01 09:47 . 2010-03-01 09:47 -------- d-----w- c:\documents and settings\All Users\Application Data\Fax program
2010-03-01 09:47 . 2010-03-01 09:46 -------- d-----w- c:\program files\Fax program
2010-03-01 08:43 . 2009-09-21 09:37 3803208 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AutoLaunch.exe
2010-02-25 06:24 . 2004-08-04 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-25 03:36 . 2007-12-20 07:54 -------- d-----w- c:\program files\Common Files\Real
2010-02-24 13:11 . 2004-08-04 12:00 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-02-24 11:36 . 2008-05-28 08:43 -------- d-----w- c:\documents and settings\lee\Application Data\Apple Computer
2010-02-24 00:46 . 2009-10-02 22:20 181632 ------w- c:\windows\system32\MpSigStub.exe
2010-02-16 23:40 . 2004-08-04 12:00 2189952 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-02-16 13:25 . 2004-08-03 22:59 2066816 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-02-12 04:33 . 2004-08-04 12:00 100864 ----a-w- c:\windows\system32\6to4svc.dll
2010-02-12 01:16 . 2010-02-12 01:16 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-02-12 01:16 . 2010-02-12 01:16 107808 ----a-w- c:\windows\system32\dns-sd.exe
2010-02-11 12:02 . 2004-08-04 12:00 226880 ----a-w- c:\windows\system32\drivers\tcpip6.sys
2010-02-05 02:43 . 2009-06-20 09:38 389784 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\UpdateManager.dll
2010-02-05 02:43 . 2009-06-20 09:37 823928 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-AwareAdmin.exe
2010-02-05 02:43 . 2009-06-20 09:37 1181328 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWService.exe
2010-02-04 01:01 . 2010-03-01 09:47 39240 ----a-w- c:\documents and settings\All Users\Application Data\Fax program\VentraFax6\Plugins\vfnotifier.dll
2010-01-31 04:19 . 2010-01-31 04:19 348160 ----a-w- c:\documents and settings\atsuko m\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-6d38ebb4-n\msvcr71.dll
2010-01-31 04:19 . 2010-01-31 04:19 503808 ----a-w- c:\documents and settings\atsuko m\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-6d38ebb4-n\msvcp71.dll
2010-01-31 04:19 . 2010-01-31 04:19 499712 ----a-w- c:\documents and settings\atsuko m\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-6d38ebb4-n\jmc.dll
2010-01-31 04:19 . 2010-01-31 04:19 61440 ----a-w- c:\documents and settings\atsuko m\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-1b53c93b-n\decora-sse.dll
2010-01-31 04:19 . 2010-01-31 04:19 12800 ----a-w- c:\documents and settings\atsuko m\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-1b53c93b-n\decora-d3d.dll
2010-01-27 14:44 . 2009-06-20 09:38 862040 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\threatwork.exe
2010-01-27 14:43 . 2009-06-01 09:39 163728 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\ShellExt.dll
2010-01-27 14:43 . 2009-06-01 09:38 327000 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\RPAPI.dll
2010-01-27 14:43 . 2009-06-20 09:37 1643272 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-Aware.exe
2010-01-27 08:45 . 2009-06-01 09:39 15880 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lsdelete.exe
2010-01-27 08:45 . 2009-04-27 02:49 15880 ----a-w- c:\windows\system32\lsdelete.exe
2010-01-27 08:45 . 2009-06-20 09:38 206944 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lavamessage.dll
2010-01-27 08:45 . 2009-06-20 09:38 390288 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lavalicense.dll
2010-01-27 08:45 . 2009-11-22 08:43 537576 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\aawapi.dll
2010-01-27 08:44 . 2009-06-20 09:38 8 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Savapibridge.dll
2010-01-27 08:44 . 2009-06-20 09:38 6296864 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Resources.dll
2010-01-27 08:44 . 2009-06-01 09:38 87496 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\PrivacyClean.dll
2010-01-27 08:44 . 2009-06-20 09:37 933120 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\CEAPI.dll
2010-01-27 08:44 . 2009-06-20 09:37 816784 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-AwareCommand.exe
2010-01-27 08:44 . 2009-06-20 09:37 788880 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWTray.exe
2010-01-27 06:35 . 2010-01-27 06:35 503808 ----a-w- c:\documents and settings\lee\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-3d635c3a-n\msvcp71.dll
2010-01-27 06:35 . 2010-01-27 06:35 499712 ----a-w- c:\documents and settings\lee\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-3d635c3a-n\jmc.dll
2010-01-27 06:35 . 2010-01-27 06:35 348160 ----a-w- c:\documents and settings\lee\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-3d635c3a-n\msvcr71.dll
2010-01-27 06:35 . 2010-01-27 06:35 61440 ----a-w- c:\documents and settings\lee\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-416df5d3-n\decora-sse.dll
2010-01-27 06:35 . 2010-01-27 06:35 12800 ----a-w- c:\documents and settings\lee\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-416df5d3-n\decora-d3d.dll
2010-01-22 02:41 . 2010-03-01 09:47 24904 ----a-w- c:\windows\system32\ventmon.dll
2009-02-18 10:38 . 2009-02-18 10:38 14356 ----a-w- c:\program files\settings.dat
2004-03-11 03:57 . 2007-10-13 10:22 40960 ----a-w- c:\program files\Uninstall_CDS.exe
.
((((((((((((((((((((((((((((( SnapShot@2010-04-17_02.40.57 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-04-19 06:38 . 2010-04-19 06:38 16384 c:\windows\temp\Perflib_Perfdata_808.dat
+ 2010-01-13 14:01 . 2010-01-13 14:01 86016 c:\windows\system32\dllcache\cabview.dll
+ 2004-08-04 12:00 . 2010-01-13 14:01 86016 c:\windows\system32\cabview.dll
+ 2007-10-01 11:20 . 2010-04-18 01:09 35088 c:\windows\Installer\{91120000-002E-0000-0000-0000000FF1CE}\oisicon.exe
- 2007-10-01 11:20 . 2010-03-25 03:21 35088 c:\windows\Installer\{91120000-002E-0000-0000-0000000FF1CE}\oisicon.exe
+ 2007-10-01 11:20 . 2010-04-18 01:09 18704 c:\windows\Installer\{91120000-002E-0000-0000-0000000FF1CE}\mspicons.exe
- 2007-10-01 11:20 . 2010-03-25 03:21 18704 c:\windows\Installer\{91120000-002E-0000-0000-0000000FF1CE}\mspicons.exe
+ 2007-10-01 11:20 . 2010-04-18 01:09 20240 c:\windows\Installer\{91120000-002E-0000-0000-0000000FF1CE}\cagicon.exe
- 2007-10-01 11:20 . 2010-03-25 03:21 20240 c:\windows\Installer\{91120000-002E-0000-0000-0000000FF1CE}\cagicon.exe
+ 2008-10-24 21:48 . 2008-10-24 21:48 72568 c:\windows\Installer\$PatchCache$\Managed\00002119E20000000000000000F01FEC\12.0.6425\ONFILTER.DLL
+ 2008-10-24 21:48 . 2008-10-24 21:48 98696 c:\windows\Installer\$PatchCache$\Managed\00002119E20000000000000000F01FEC\12.0.6425\ONENOTEM.EXE
+ 2004-08-04 12:00 . 2009-12-24 06:59 177664 c:\windows\system32\wintrust.dll
+ 2010-04-18 01:17 . 2010-04-12 07:59 153376 c:\windows\system32\javaws.exe
- 2010-03-31 15:37 . 2010-03-31 15:37 153376 c:\windows\system32\javaws.exe
+ 2010-04-18 01:17 . 2010-04-12 07:59 145184 c:\windows\system32\javaw.exe
- 2010-03-31 15:37 . 2010-03-31 15:37 145184 c:\windows\system32\javaw.exe
- 2010-03-31 15:37 . 2010-03-31 15:37 145184 c:\windows\system32\java.exe
+ 2010-04-18 01:17 . 2010-04-12 07:59 145184 c:\windows\system32\java.exe
+ 2009-12-24 06:59 . 2009-12-24 06:59 177664 c:\windows\system32\dllcache\wintrust.dll
- 2008-05-09 10:53 . 2009-03-07 18:03 420352 c:\windows\system32\dllcache\vbscript.dll
+ 2008-05-09 10:53 . 2010-03-10 06:15 420352 c:\windows\system32\dllcache\vbscript.dll
+ 2008-06-20 11:08 . 2010-02-11 12:02 226880 c:\windows\system32\dllcache\tcpip6.sys
+ 2008-11-12 01:17 . 2010-02-24 13:11 455680 c:\windows\system32\dllcache\mrxsmb.sys
+ 2004-08-04 12:00 . 2010-04-18 09:59 125056 c:\windows\system32\dllcache\ftdisk.sys
- 2004-08-04 12:00 . 2010-04-12 16:18 125056 c:\windows\system32\dllcache\ftdisk.sys
+ 2010-02-12 04:33 . 2010-02-12 04:33 100864 c:\windows\system32\dllcache\6to4svc.dll
+ 2007-10-01 11:20 . 2010-04-18 01:09 888080 c:\windows\Installer\{91120000-002E-0000-0000-0000000FF1CE}\wordicon.exe
- 2007-10-01 11:20 . 2010-03-25 03:21 888080 c:\windows\Installer\{91120000-002E-0000-0000-0000000FF1CE}\wordicon.exe
+ 2007-10-01 11:20 . 2010-04-18 01:09 272648 c:\windows\Installer\{91120000-002E-0000-0000-0000000FF1CE}\pubs.exe
- 2007-10-01 11:20 . 2010-03-25 03:21 272648 c:\windows\Installer\{91120000-002E-0000-0000-0000000FF1CE}\pubs.exe
+ 2007-10-01 11:20 . 2010-04-18 01:09 922384 c:\windows\Installer\{91120000-002E-0000-0000-0000000FF1CE}\pptico.exe
- 2007-10-01 11:20 . 2010-03-25 03:21 922384 c:\windows\Installer\{91120000-002E-0000-0000-0000000FF1CE}\pptico.exe
- 2007-10-01 11:20 . 2010-03-25 03:21 845584 c:\windows\Installer\{91120000-002E-0000-0000-0000000FF1CE}\outicon.exe
+ 2007-10-01 11:20 . 2010-04-18 01:09 845584 c:\windows\Installer\{91120000-002E-0000-0000-0000000FF1CE}\outicon.exe
+ 2007-10-01 11:20 . 2010-04-18 01:09 217864 c:\windows\Installer\{91120000-002E-0000-0000-0000000FF1CE}\misc.exe
- 2007-10-01 11:20 . 2010-03-25 03:21 217864 c:\windows\Installer\{91120000-002E-0000-0000-0000000FF1CE}\misc.exe
- 2007-10-01 11:20 . 2010-03-25 03:21 184080 c:\windows\Installer\{91120000-002E-0000-0000-0000000FF1CE}\joticon.exe
+ 2007-10-01 11:20 . 2010-04-18 01:09 184080 c:\windows\Installer\{91120000-002E-0000-0000-0000000FF1CE}\joticon.exe
+ 2007-10-01 11:20 . 2010-04-18 01:09 159504 c:\windows\Installer\{91120000-002E-0000-0000-0000000FF1CE}\inficon.exe
- 2007-10-01 11:20 . 2010-03-25 03:21 159504 c:\windows\Installer\{91120000-002E-0000-0000-0000000FF1CE}\inficon.exe
+ 2008-10-24 21:22 . 2008-10-24 21:22 664968 c:\windows\Installer\$PatchCache$\Managed\00002119E20000000000000000F01FEC\12.0.6425\ONBTTNOL.DLL
+ 2008-10-24 21:22 . 2008-10-24 21:22 604056 c:\windows\Installer\$PatchCache$\Managed\00002119E20000000000000000F01FEC\12.0.6425\ONBTTNIE.DLL
+ 2010-04-17 18:04 . 2009-03-07 18:03 420352 c:\windows\ie8updates\KB981332-IE8\vbscript.dll
+ 2010-04-17 18:04 . 2009-05-26 11:40 382840 c:\windows\ie8updates\KB981332-IE8\spuninst\updspapi.dll
+ 2010-04-17 18:04 . 2009-05-26 11:40 231288 c:\windows\ie8updates\KB981332-IE8\spuninst\spuninst.exe
+ 2008-11-12 01:17 . 2010-02-24 13:11 455680 c:\windows\Driver Cache\i386\mrxsmb.sys
+ 2008-10-17 15:18 . 2010-02-16 23:40 2189952 c:\windows\system32\dllcache\ntoskrnl.exe
+ 2008-10-17 15:18 . 2010-02-16 13:25 2024448 c:\windows\system32\dllcache\ntkrpamp.exe
+ 2008-10-17 15:18 . 2010-02-16 13:25 2066816 c:\windows\system32\dllcache\ntkrnlpa.exe
+ 2008-10-17 15:18 . 2010-02-16 14:08 2146304 c:\windows\system32\dllcache\ntkrnlmp.exe
+ 2010-02-20 15:33 . 2010-02-20 15:33 4472832 c:\windows\Installer\2a0f0b8.msp
+ 2010-02-20 15:32 . 2010-02-20 15:32 4195840 c:\windows\Installer\2a0f098.msp
+ 2010-03-11 14:29 . 2010-03-11 14:29 5031424 c:\windows\Installer\2a0f07e.msp
- 2007-10-01 11:20 . 2010-03-25 03:21 1172240 c:\windows\Installer\{91120000-002E-0000-0000-0000000FF1CE}\xlicons.exe
+ 2007-10-01 11:20 . 2010-04-18 01:09 1172240 c:\windows\Installer\{91120000-002E-0000-0000-0000000FF1CE}\xlicons.exe
+ 2007-10-01 11:20 . 2010-04-18 01:09 1165584 c:\windows\Installer\{91120000-002E-0000-0000-0000000FF1CE}\accicons.exe
- 2007-10-01 11:20 . 2010-03-25 03:21 1165584 c:\windows\Installer\{91120000-002E-0000-0000-0000000FF1CE}\accicons.exe
+ 2009-03-05 17:30 . 2009-03-05 17:30 6596472 c:\windows\Installer\$PatchCache$\Managed\00002119E20000000000000000F01FEC\12.0.6425\ONMAIN.DLL
+ 2008-11-10 00:19 . 2008-11-10 00:19 1165680 c:\windows\Installer\$PatchCache$\Managed\00002119E20000000000000000F01FEC\12.0.6425\ONLIBS.DLL
+ 2008-11-24 11:46 . 2008-11-24 11:46 1020776 c:\windows\Installer\$PatchCache$\Managed\00002119E20000000000000000F01FEC\12.0.6425\ONENOTE.EXE
+ 2008-10-17 15:18 . 2010-02-16 23:40 2189952 c:\windows\Driver Cache\i386\ntoskrnl.exe
+ 2008-10-17 15:18 . 2010-02-16 13:25 2024448 c:\windows\Driver Cache\i386\ntkrpamp.exe
+ 2008-10-17 15:18 . 2010-02-16 13:25 2066816 c:\windows\Driver Cache\i386\ntkrnlpa.exe
+ 2008-10-17 15:18 . 2010-02-16 14:08 2146304 c:\windows\Driver Cache\i386\ntkrnlmp.exe
+ 2007-10-01 04:58 . 2010-04-06 17:52 31971272 c:\windows\system32\MRT.exe
+ 2010-03-22 06:33 . 2010-03-22 06:33 11732992 c:\windows\Installer\6fb5a0.msp
+ 2009-04-03 08:16 . 2009-04-03 08:16 17314688 c:\windows\Installer\$PatchCache$\Managed\00002119E20000000000000000F01FEC\12.0.6425\MSO.DLL
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-10-09 139264]
"BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2009-11-13 323392]
"Messenger (Yahoo!)"="c:\progra~1\Yahoo!\MESSEN~1\YahooMessenger.exe" [2009-11-10 5244216]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-03-09 26100520]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2005-08-12 45056]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"Acrobat Assistant 7.0"="c:\program files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2008-04-22 483328]
"Windows Defender"="c:\program files\system\protect\Windows Defender\MSASCui.exe" [2010-04-17 866584]
"RemoteControl"="c:\program files\multimedia\Cyberlink DVD Solution\PowerDVD\PDVDServ.exe" [2003-12-08 32768]
"Easy-PrintToolBox"="c:\program files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE" [2006-10-17 398944]
"Omnipage"="c:\program files\multimedia\omnipage\opware32.exe" [2001-05-25 49152]
"FixCamera"="c:\windows\FixCamera.exe" [2007-02-12 20480]
"snp325"="c:\windows\vsnp325.exe" [2007-05-10 835584]
"SoundMan"="SOUNDMAN.EXE" [2006-11-16 577536]
"WD Drive Manager"="c:\program files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe" [2008-01-29 438272]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2010-01-27 788880]
"EEventManager"="c:\program files\EPSON\Creativity Suite\Event Manager\EEventManager.exe" [2006-10-12 102400]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-21 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"QuickTime Task"="c:\program files\multimedia\QuickTime\qttask.exe" [2010-03-17 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-03-25 142120]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2008-11-03 435096]
c:\documents and settings\lee\Start Menu\Programs\Startup\
PRTG System Tray Notifier.lnk - c:\program files\system\network\PRTG Network Monitor\PRTG System Tray Notifier.exe [2009-2-17 1505064]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Acrobat Speed Launcher.lnk - c:\windows\Installer\{AC76BA86-1033-F400-7760-000000000002}\SC_Acrobat.exe [2007-10-3 25214]
DigiCell.lnk - c:\program files\MSI\DigiCell\DigiCell.exe [2007-1-2 1376256]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-04-13 11:04 12464 ----a-w- c:\windows\system32\avgrsstx.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\internet\\downloading\\bittorrent\\bittorrent.exe"=
"c:\\Program Files\\internet\\downloading\\eMule\\emule.exe"=
"c:\\Program Files\\multimedia\\omnipage\\EregEng\\NAVBrowser.exe"=
"c:\\Program Files\\internet\\downloading\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Common Files\\Ahead\\Nero Web\\SetupX.exe"=
"c:\\Program Files\\VoipDiscount.com\\VoipDiscount\\VoipDiscount.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\WINDOWS\\pchealth\\helpctr\\binaries\\helpctr.exe"=
"c:\\Program Files\\system\\network\\PRTG Network Monitor\\PRTG Probe.exe"=
"c:\\Program Files\\system\\network\\PRTG Network Monitor\\PRTG Server Administrator.exe"=
"c:\\Program Files\\system\\network\\PRTG Network Monitor\\PRTG Server.exe"=
"c:\\Program Files\\ATI Technologies\\ATI.ACE\\CLI.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"%windir%\\system32\\drivers\\svchost.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\WINDOWS\\system32\\spoolsv.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\system\\protect\\avg\\avgupd.exe"=
"c:\\Program Files\\system\\protect\\avg\\avgnsx.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:*:Disabled:mad:xpsp2res.dll,-22009
"1700:TCP"= 1700:TCP:MioNet Remote Drive Access 0
"1701:TCP"= 1701:TCP:MioNet Remote Drive Access 1
"1702:TCP"= 1702:TCP:MioNet Remote Drive Access 2
"1703:TCP"= 1703:TCP:MioNet Remote Drive Access 3
"1704:TCP"= 1704:TCP:MioNet Remote Drive Access 4
"1705:TCP"= 1705:TCP:MioNet Remote Drive Access 5
"1706:TCP"= 1706:TCP:MioNet Remote Drive Access 6
"1707:TCP"= 1707:TCP:MioNet Remote Drive Access 7
"1708:TCP"= 1708:TCP:MioNet Remote Drive Access 8
"1709:TCP"= 1709:TCP:MioNet Remote Drive Access 9
"1641:TCP"= 1641:TCP:MioNet Remote Drive Verification
"1647:TCP"= 1647:TCP:MioNet Storage Device Configuration
"5432:UDP"= 5432:UDP:MioNet Storage Device Discovery
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [18/04/2009 7:07 PM 64288]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [13/04/2010 8:34 PM 216200]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [13/04/2010 8:34 PM 242696]
R2 avg9wd;AVG Free WatchDog;c:\program files\system\protect\avg\avgwdsvc.exe [13/04/2010 8:34 PM 308064]
R2 MemeoBackgroundService;MemeoBackgroundService;c:\program files\WD\WD Anywhere Backup\MemeoBackgroundService.exe [10/07/2008 5:26 PM 25824]
R2 PRTG7CoreService;PRTG 7 Core Server Service;c:\program files\system\network\PRTG Network Monitor\PRTG Server.exe [17/02/2009 11:01 PM 2679592]
R2 PRTG7ProbeService;PRTG 7 Probe Service;c:\program files\system\network\PRTG Network Monitor\PRTG Probe.exe [17/02/2009 11:01 PM 2826536]
R2 WDBtnMgrSvc.exe;WD Drive Manager Service;c:\program files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe [30/01/2008 3:52 AM 106496]
R3 PsSdk41;PsSdk41;c:\windows\system32\drivers\pssdk41.sys [17/02/2009 11:03 PM 36928]
R3 rdsdrvdm;rdsdrvdm;c:\windows\system32\drivers\rdsdrvdm.sys [21/10/2008 2:20 PM 8128]
S2 AdobeActiveFileMonitor;Adobe Active File Monitor;c:\program files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe [20/10/2004 4:47 AM 98304]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [4/11/2009 5:30 PM 135664]
S2 PhotoshopElementsDeviceConnect;Photoshop Elements Device Connect;c:\program files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe [20/10/2004 3:40 AM 118784]
S2 WinDefend;Windows Defender;c:\program files\system\protect\Windows Defender\MsMpEng.exe [3/11/2006 7:19 PM 13592]
S3 FLASHSYS;FLASHSYS;c:\program files\MSI\Live Update 4\LU4\FlashSys.sys [25/03/2010 12:02 PM 9216]
S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [24/09/2009 8:47 PM 1181328]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [7/11/2007 5:52 AM 34064]
S3 PIXMCVA;JVC PIX-MCV Audio Capture;c:\windows\system32\drivers\pixmcva.sys [29/10/2008 8:37 PM 27961]
S3 SNP325;USB PC Camera (SNPSTD325);c:\windows\system32\drivers\snp325.sys [24/09/2008 4:02 PM 10343168]
.
Contents of the 'Scheduled Tasks' folder
2010-04-19 c:\windows\Tasks\Ad-Aware Update (Daily 1).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 02:43]
2010-04-19 c:\windows\Tasks\Ad-Aware Update (Daily 2).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 02:43]
2010-04-19 c:\windows\Tasks\Ad-Aware Update (Daily 3).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 02:43]
2010-04-19 c:\windows\Tasks\Ad-Aware Update (Daily 4).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 02:43]
2010-04-19 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 02:43]
2010-04-10 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 02:04]
2010-04-19 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-12-20 06:14]
2010-04-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-11-04 08:00]
2010-04-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-11-04 08:00]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.ninemsn.com.au/
uInternet Settings,ProxyOverride = *.local
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Easy-WebPrint Add To Print List - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
IE: Easy-WebPrint High Speed Print - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
IE: Easy-WebPrint Preview - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
IE: Easy-WebPrint Print - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
Trusted Zone: microsoft.com\www.update
DPF: {15A02B79-60BB-42B8-814E-BF8364106B9E} - hxxp://images.commsec.com.au/downloads/pco3/Pco3X_Commsec.cab
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-04-19 16:19
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-515967899-920026266-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{7B34F7DB-804A-A781-D5FF-011235A2876A}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
[HKEY_USERS\S-1-5-21-515967899-920026266-725345543-1004\Software\pdfforge.org\P*D*F*C*r*e*a*t*o*r*ト0・・ミ0・\History]
"termite bait station"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(1084)
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2010-04-19 16:22:14
ComboFix-quarantined-files.txt 2010-04-19 06:51
ComboFix2.txt 2010-04-17 02:44
ComboFix3.txt 2010-04-16 12:20
Pre-Run: 62,148,517,888 bytes free
Post-Run: 62,275,633,152 bytes free
- - End Of File - - 7D1777B19FFF39A6A6943A8484900C0D
 
#7 ·
Alright, let's do this now:

STEP 1

Download and run this program. Restart your computer when it's done.

STEP 2

Run Malwarebytes' Anti-Malware

  • Update it by clicking on the Update tab and then on the button.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Full Scan", then click Scan. Scan all of your harddrives.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediatly.

STEP 3

Using Internet Explorer or Firefox, visit Kaspersky Online Scanner

1. Click Accept, when prompted to download and install the program files and database of malware definitions.

2. To optimize scanning time and produce a more sensible report for review:
  • Close any open programs
  • Turn off the real time scanner of any existing antivirus program while performing the online scan. Click HERE to see how to disable the most common antivirus programs.
3. Click Run at the Security prompt.

The program will then begin downloading and installing and will also update the database.

Please be patient as this can take quite a long time to download.
  • Once the update is complete, click on Settings.
  • Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:

    • [*]Spyware, adware, dialers, and other riskware
      [*]Archives
      [*]E-mail databases
  • Click on My Computer under the green Scan bar to the left to start the scan.
  • Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
  • Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.
  • Click View report... at the bottom.
  • Click the Save report... button.

  • Change the Files of type dropdown box to Text file (.txt) and name the file KasReport.txt to save the file to your desktop so that you may post it in your next reply
 
#9 ·
As I expected :) I just want to make sure there isn't anything else there before I give you my cleanup instructions.
 
#10 ·
Okay here is the following requested info....
I noticed that i turned off system restore earlier but it was turned back on...
Any idea what did that?
thanks for your help
seems to be running ok
Lee

The log for malwarebytes:

Malwarebytes' Anti-Malware 1.45
www.malwarebytes.org
Database version: 3994
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
20/04/2010 6:36:57 PM
mbam-log-2010-04-20 (18-36-57).txt
Scan type: Full scan (C:\|D:\|E:\|H:\|K:\|)
Objects scanned: 348825
Time elapsed: 1 hour(s), 43 minute(s), 11 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 3
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
D:\Downloads\Full Applications\Sony\VEGAS 5.0 and 5 B + DVD Architekt 2.0 Keygen\Vegas5_Keygen.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
D:\Downloads\Full Applications\Sony\Vegas7 + DVD Architect4\DVD Architect 4.0.125\Sony DVD Architect v4.0 Keygen.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
D:\Downloads\Full Applications\Sony\Vegas7 + DVD Architect4\Vegas 7.0a\Sony Vegas v7.0a Keygen.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

Log for kaspersky:

Full Scan: completed 57 minutes ago (events: 18, objects: 1010295, time: 06:54:50)
21/04/2010 2:32:06 AM Task started
21/04/2010 2:36:13 AM Detected: Rootkit.Win32.TDSS.ap C:\System Volume Information\_restore{15985B40-9C0E-40D9-897B-330698E8CFDB}\RP6\A0000552.sys
21/04/2010 2:36:17 AM Disinfected: Rootkit.Win32.TDSS.ap C:\System Volume Information\_restore{15985B40-9C0E-40D9-897B-330698E8CFDB}\RP6\A0000552.sys
21/04/2010 2:36:17 AM Disinfected: Rootkit.Win32.TDSS.ap C:\System Volume Information\_restore{15985B40-9C0E-40D9-897B-330698E8CFDB}\RP6\A0000552.sys
21/04/2010 2:45:27 AM Detected: Trojan-Dropper.Win32.Joiner.bk C:\documents and settings\atsuko m\.housecall6.6\Quarantine\Setup_MagicISO.exe.bac_a02516/CryptFF.b/Petite
21/04/2010 2:45:29 AM Detected: Trojan-Dropper.Win32.Joiner.bk C:\documents and settings\atsuko m\.housecall6.6\Quarantine\Magic Iso 5.4 + Crack.rar.bac_a02516/CryptFF.b/Magic Iso 5.4 + Crack\Setup_MagicISO.exe/Petite
21/04/2010 2:47:13 AM Deleted: Trojan-Dropper.Win32.Joiner.bk C:\documents and settings\atsuko m\.housecall6.6\Quarantine\Setup_MagicISO.exe.bac_a02516
21/04/2010 2:47:17 AM Deleted: Trojan-Dropper.Win32.Joiner.bk C:\documents and settings\atsuko m\.housecall6.6\Quarantine\Magic Iso 5.4 + Crack.rar.bac_a02516
21/04/2010 3:03:19 AM Detected: Trojan.Win32.C4DLMedia.b C:\My Documents\Downloads\DomPlayer-2.1.0.0-setup.exe
21/04/2010 3:05:24 AM Deleted: Trojan.Win32.C4DLMedia.b C:\My Documents\Downloads\DomPlayer-2.1.0.0-setup.exe
21/04/2010 3:55:05 AM Detected: Rootkit.Win32.TDSS.ap C:\Qoobox\Quarantine\C\WINDOWS\system32\Drivers\ftdisk.sys.vir
21/04/2010 3:55:08 AM Disinfected: Rootkit.Win32.TDSS.ap C:\Qoobox\Quarantine\C\WINDOWS\system32\Drivers\ftdisk.sys.vir
21/04/2010 3:55:08 AM Disinfected: Rootkit.Win32.TDSS.ap C:\Qoobox\Quarantine\C\WINDOWS\system32\Drivers\ftdisk.sys.vir
21/04/2010 5:44:30 AM Detected: P2P-Worm.Win32.Kapucen.b E:\Lee's stuff\downloads\eMule\Incoming\BMW 3 E46 Manual 1999-2004_Eng.rar/setup.exe
21/04/2010 5:45:54 AM Deleted: P2P-Worm.Win32.Kapucen.b E:\Lee's stuff\downloads\eMule\Incoming\BMW 3 E46 Manual 1999-2004_Eng.rar/setup.exe
21/04/2010 6:24:57 AM Detected: Trojan.Win32.Genome.auxo E:\Lee's stuff\downloads\eMule\Incoming\Silver.pilot.1.12.full.incl.keygen-tsrh.zip/Keygen.exe
21/04/2010 6:25:20 AM Deleted: Trojan.Win32.Genome.auxo E:\Lee's stuff\downloads\eMule\Incoming\Silver.pilot.1.12.full.incl.keygen-tsrh.zip/Keygen.exe
21/04/2010 9:26:57 AM Task completed
Rootkit Scan: completed 41 minutes ago (events: 2, objects: 896, time: 00:07:02)
21/04/2010 9:43:12 AM Task completed
21/04/2010 9:36:10 AM Task started
 
#11 ·
ComboFix will turn system restore back on in case we need a backup to fall back on should something happen while we're removing the infection.


This is the first time I've seen the Kaspersky online scan deleting or disinfecting anything. Did you use the online scanner from the link I gave you? I want to know because if you did I might have to change my speech to reflect any changes to the scanner.
 
#13 ·
Alright. Well you want to avoid downloading cracks and keygens as they will come packaged with some sort of malware most of the time.

Let's cleanup.

STEP 1

The following will implement some cleanup procedures as well as reset System Restore points:

Click Start > Run and copy/paste the following bolded text into the Run box and click OK:

(If you use Vista or 7 just paste it into the text box that appears next to your start button)

ComboFix /Uninstall

Note: If you have trouble and it doesn't want to uninstall using the method described above, you can rename ComboFix.exe to Uninstall.exe and double click on it to uninstall it.

STEP 2

Remove any other tools or files we used by right-clicking on them or any folders they created, hold down the Shift key, and select "Delete" by clicking on it. This will delete the files without sending them to the RecycleBin.

You can also uninstall the other programs (HijackThis or MalwareBytes if we used them) by going to Start > Control Panel > Add/Remove programs (The Control Panel is different in different versions of Windows. It will be Programs and Features in Vista and Programs > Uninstall a Program in 7)

You might want to keep MalwareBytes AntiMalware though and that's fine :) Make sure you update it before you run the scans in the future.

All Clean

Congratulations!,
, your system is now clean. Now that your system is safe we would like you to keep it that way. Take the time to follow these instructions and it will greatly reduce the risk of further infections and greatly diminish the chances of you having to visit here again.

Microsoft Windows Update
Microsoft releases patches for Windows and Office products regularly to patch up Windows and Office products loopholes and fix any bugs found. Install the updates immediately if they are found.
To update Windows
Go to (Start) > (All) Programs > Windows Update
To update Office
Open up any Office program.
Go to Help > Check for Updates

Install WinPatrol
Download it HERE
You can find information about how WinPatrol works HERE and HERE

Note: This program will work alongside all other security programs without conflicts. It might ask you to allow certain actions that security programs perform often, but if you tell Scotty to remember the action by checking the option, the alerts will lessen.

Other Software Updates
It is very important to update the other software on your computer to patch up any security issues you may have. Go HERE to scan your computer for any out of date software. In particular make sure you download the updates for Java and Adobe as these are subject to many security vulnerabilities.

Setting up Automatic Updates
So that it is not necessary to have to remember to update your computer regularly (something very important to securing your system), automatic updates should be configured on your computer. Microsoft has guides for XP and Vista on how to do this. See HERE for Windows 7.

Read further information HERE, HERE, and HERE on how to prevent Malware infections and keep yourself clean.

Please mark this thread as Solved by clicking on the button at the top of this page. Let me know if you need anything else.
 
Status
Not open for further replies.
You have insufficient privileges to reply here.
Top