Solved Infected with all kinds of sirefef trojans

Status
Not open for further replies.
C

crossedoutt

Posts: 13   +0
Hi. Lately I noticed my google searches sometimes redirected me to ad websites. When I updated my anti-virus (ESET Nod32) I got flooded with notifications that I had win32/sirefef.** trojans, and when prompted for removal, it states that an error had occured. I don't know what to do right now, hopefully one of you kind sirs could help me clean my system.

The logs as per request:

Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Database version: v2012.07.16.08

Windows 7 x86 NTFS
Internet Explorer 8.0.7600.16385
David :: DAVID-PC [administrator]

7/16/2012 10:15:08 AM
mbam-log-2012-07-16 (10-15-08).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 214021
Time elapsed: 6 minute(s), 30 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 5
C:\Windows\assembly\GAC\Desktop.ini (Trojan.0access) -> Quarantined and deleted successfully.
C:\Windows\Installer\{feebb387-4515-ba1d-a3da-c4471b9a10e3}\U\00000004.@ (Rootkit.0Access) -> Quarantined and deleted successfully.
C:\Windows\Installer\{feebb387-4515-ba1d-a3da-c4471b9a10e3}\U\00000008.@ (Trojan.Dropper.BCMiner) -> Quarantined and deleted successfully.
C:\Windows\Installer\{feebb387-4515-ba1d-a3da-c4471b9a10e3}\U\000000cb.@ (Rootkit.0Access) -> Quarantined and deleted successfully.
C:\Windows\Installer\{feebb387-4515-ba1d-a3da-c4471b9a10e3}\U\80000000.@ (Trojan.Sirefef) -> Quarantined and deleted successfully.

(end)

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit quick scan 2012-07-16 10:42:30
Windows 6.1.7600 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 WDC_WD5000AAKS-00UU3A0 rev.01.03B01
Running: gjngkwls.exe; Driver: C:\Users\David\AppData\Local\Temp\pgloapod.sys


---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\tdx \Device\Ip cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO)
AttachedDevice \Driver\tdx \Device\Tcp cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO)
AttachedDevice \Driver\tdx \Device\Udp cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO)
AttachedDevice \Driver\tdx \Device\RawIp cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO)

---- EOF - GMER 1.0.15 ----

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_31
Run by David at 10:46:07 on 2012-07-16
Microsoft Windows 7 Professional 6.1.7600.0.1252.1.1033.18.3327.2238 [GMT -4:00]
.
AV: Norton Internet Security *Disabled/Outdated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton Internet Security *Disabled/Outdated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Windows\system32\libusbd-nt.exe
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\Windows\system32\PnkBstrA.exe
C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskhost.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Users\David\Local Settings\Apps\F.lux\flux.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\AIM\aim.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealNetworks Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\realnetworks\realdownloader\browserplugins\ie\rndlbrowserrecordplugin.dll
BHO: SteadyVideoBHO Class: {6c680bae-655c-4e3d-8fc4-e6a520c3d928} - c:\program files\amd\steadyvideo\SteadyVideo.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~1\office14\GROOVEEX.DLL
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~1\office14\URLREDIR.DLL
BHO: ooVoo toolbar, powered by Ask.com: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: ooVoo toolbar, powered by Ask.com: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
uRun: [Aim] "c:\program files\aim\aim.exe" /d locale=en-US
uRun: [F.lux] "c:\users\david\local settings\apps\f.lux\flux.exe" /noshow
mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe -s
mRun: [PWRISOVM.EXE] c:\program files\poweriso\PWRISOVM.EXE
mRun: [<NO NAME>]
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "c:\program files\amd avt\bin\kdbsync.exe" aml
mRun: [egui] "c:\program files\eset\eset nod32 antivirus\egui.exe" /hide /waitservice
mRun: [COMODO] c:\program files\comodo\comodo geekbuddy\CLPSLA.exe
mRun: [CPA] c:\program files\comodo\comodo geekbuddy\VALA.exe
mRun: [COMODO Internet Security] "c:\program files\comodo\comodo internet security\cfp.exe" -h
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~1\office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\micros~1\office14\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
LSP: mswsock.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.15.1
TCP: Interfaces\{55899F26-B704-4E77-B246-F562415F3948} : DhcpNameServer = 192.168.15.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - c:\program files\amd\steadyvideo\VideoMIMEFilter.dll
Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - c:\program files\amd\steadyvideo\VideoMIMEFilter.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
AppInit_DLLs: c:\windows\system32\guard32.dll
STS: FencesShlExt Class: {1984dd45-52cf-49cd-ab77-18f378fea264} - c:\program files\stardock\fences\FencesMenu.dll
STS: ObjectDockShlExt Class: {1984d045-52cf-49cd-db77-08f378fea4db} - c:\program files\stardock\objectdockfree\ODMenu.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~1\office14\GROOVEEX.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\david\appdata\roaming\mozilla\firefox\profiles\sjb45upr.default\
FF - plugin: c:\progra~1\micros~1\office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\micros~1\office14\NPSPWRAP.DLL
FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.3.21.115\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.99\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\5.0.61118.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnupdater2.dll
FF - plugin: c:\program files\nos\bin\np_gp.dll
FF - plugin: c:\program files\pando networks\media booster\npPandoWebPlugin.dll
FF - plugin: c:\program files\realnetworks\realdownloader\browserplugins\mozillaplugins\nprndlchromebrowserrecordext.dll
FF - plugin: c:\program files\realnetworks\realdownloader\browserplugins\mozillaplugins\nprndlhtml5videoshim.dll
FF - plugin: c:\programdata\nexonus\ngm\npNxGameUS.dll
FF - plugin: c:\users\david\appdata\local\google\update\1.3.21.115\npGoogleUpdate3.dll
.
---- FIREFOX POLICIES ----
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false
============= SERVICES / DRIVERS ===============
.
R1 BIOS;BIOS;c:\windows\system32\drivers\BIOS.sys [2009-6-10 13696]
R1 BS_I2cIo;BS_I2cIo;c:\windows\system32\drivers\BS_I2cIo.sys [2011-4-21 17024]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdGuard.sys [2012-3-11 491816]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [2012-3-11 39640]
R1 eamonm;eamonm;c:\windows\system32\drivers\eamonm.sys [2012-3-14 169080]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-4-5 217600]
R2 AMD FUEL Service;AMD FUEL Service;c:\program files\ati technologies\ati.ace\fuel\Fuel.Service.exe [2012-4-5 291840]
R2 AODDriver4.01;AODDriver4.01;c:\program files\ati technologies\ati.ace\fuel\i386\aoddriver2.sys [2012-3-5 45184]
R2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x32.sys [2011-4-22 21992]
R2 ekrn;ESET Service;c:\program files\eset\eset nod32 antivirus\ekrn.exe [2012-3-7 913144]
R2 epfwwfpr;epfwwfpr;c:\windows\system32\drivers\epfwwfpr.sys [2012-3-14 103112]
R2 libusbd;LibUsb-Win32 - Daemon, Version 0.1.10.1;system32\libusbd-nt.exe --> system32\libusbd-nt.exe [?]
R2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files\realnetworks\realdownloader\rndlresolversvc.exe [2011-8-15 31408]
R3 amdiox86;AMD IO Driver;c:\windows\system32\drivers\amdiox86.sys [2011-6-30 37944]
R3 amdkmdag;amdkmdag;c:\windows\system32\drivers\atikmdag.sys [2012-4-6 9334784]
R3 amdkmdap;amdkmdap;c:\windows\system32\drivers\atikmpag.sys [2012-4-5 275968]
R3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\drivers\asmthub3.sys [2010-12-8 95720]
R3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\drivers\asmtxhci.sys [2010-12-8 292840]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW73.sys [2012-2-23 86544]
R3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.10.1;c:\windows\system32\drivers\libusb0.sys [2011-6-27 33792]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2011-4-21 327784]
S2 AODDriver4.1;AODDriver4.1;c:\program files\ati technologies\ati.ace\fuel\i386\aoddriver2.sys [2012-3-5 45184]
S2 CLPSLS;COMODO livePCsupport Service;c:\program files\comodo\comodo geekbuddy\CLPSLS.exe [2011-11-23 1052472]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-4-27 136176]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-2-29 158856]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;c:\program files\futuremark\futuremark systeminfo\FMSISvc.exe [2011-5-8 130976]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-4-27 136176]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\microsoft office\office14\GROOVE.EXE [2010-1-21 30963576]
S3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;c:\windows\system32\drivers\MijXfilt.sys [2011-6-27 97552]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-6-21 113120]
S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
S3 SwitchBoard;Adobe SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]
.
=============== Created Last 30 ================
.
2012-07-16 14:08:43 -------- d-----w- c:\programdata\CPA_VA
2012-07-16 04:21:32 -------- d-----w- c:\programdata\Comodo
2012-07-16 04:21:31 -------- d-----w- c:\program files\COMODO
2012-07-16 04:21:30 1700352 ----a-w- c:\windows\system32\gdiplus.dll
2012-07-16 04:21:30 1060864 ----a-w- c:\windows\system32\mfc71.dll
2012-07-16 04:00:44 -------- d-----w- c:\program files\ESET
2012-07-08 03:14:11 -------- d-sh--w- c:\windows\system32\%APPDATA%
2012-06-30 04:47:37 -------- d-----w- c:\program files\Diablo III
2012-06-30 04:46:01 -------- d-----w- c:\programdata\Battle.net
2012-06-29 20:57:34 -------- d-----w- c:\users\david\SC2-WingsOfLiberty-enUS-Installer
2012-06-22 16:20:25 770384 ----a-w- c:\program files\mozilla firefox\msvcr100.dll
2012-06-22 16:20:25 421200 ----a-w- c:\program files\mozilla firefox\msvcp100.dll
2012-06-21 16:12:29 -------- d-----w- c:\program files\common files\Software Update Utility
2012-06-21 15:24:15 -------- d-----w- c:\program files\Mozilla Maintenance Service
2012-06-21 15:24:03 624608 ----a-w- c:\program files\mozilla firefox\gkmedias.dll
2012-06-21 15:24:03 43488 ----a-w- c:\program files\mozilla firefox\mozglue.dll
2012-06-21 15:24:03 157608 ----a-w- c:\program files\mozilla firefox\maintenanceservice_installer.exe
2012-06-21 15:24:03 113120 ----a-w- c:\program files\mozilla firefox\maintenanceservice.exe
.
==================== Find3M ====================
.
2012-07-03 17:46:44 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-02 22:12:32 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:12:13 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 19:19:42 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 19:12:20 33792 ----a-w- c:\windows\system32\wuapp.exe
2011-04-18 20:55:42 792380763 ----a-w- c:\program files\Pristontale2_EN_v219-2.bin
2011-04-18 20:55:42 416571 ----a-w- c:\program files\Pristontale2_EN_v219.exe
2011-04-18 20:51:02 1999583232 ----a-w- c:\program files\Pristontale2_EN_v219-1.bin
.
============= FINISH: 10:46:37.54 ===============

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 4/21/2011 10:52:05 AM
System Uptime: 7/16/2012 10:33:00 AM (0 hours ago)
.
Motherboard: BIOSTAR Group | | A870U3
Processor: AMD Phenom(tm) II X4 965 Processor | CPU 1 | 3400/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 466 GiB total, 42.275 GiB free.
D: is CDROM ()
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP127: 6/24/2012 6:31:07 PM - Scheduled Checkpoint
RP128: 6/30/2012 8:12:55 PM - Installed RuneScape Launcher 1.2
RP129: 7/8/2012 8:33:14 PM - Scheduled Checkpoint
RP130: 7/16/2012 12:22:59 AM - Device Driver Package Install: COMODO Network Service
.
==== Installed Programs ======================
.
µTorrent
3DMark Vantage
AC3Filter (remove only)
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Media Player
Adobe Photoshop CS5
Adobe Reader X (10.0.1)
Age of Empires III
AIM 7
Aiseesoft Total Video Converter 6.2.16
AMD Accelerated Video Transcoding
AMD APP SDK Runtime
AMD Catalyst Install Manager
AMD Drag and Drop Transcoding
AMD Fuel
AMD Media Foundation Decoders
AMD Steady Video Plug-In
AMD VISION Engine Control Center
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Ask Toolbar
Asmedia ASM104x USB 3.0 Host Controller Driver
Assassin's Creed Brotherhood
ASUS VGA Driver
ATI AVIVO Codecs
Audacity 1.3.14 (Unicode)
Bonjour
calibre
Call of Duty: Black Ops
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-utility
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
Combat Arms
COMODO GeekBuddy
COMODO Internet Security
CPUID CPU-Z 1.57.1
Diablo III
DivX Setup
Dota 2
Download Updater (AOL LLC)
Dropbox
EPUB to MOBI
ESET NOD32 Antivirus
Eudemons Online
F.lux
Fences
Fraps (remove only)
Futuremark SystemInfo
Google Chrome
Google Earth
Google Update Helper
iTunes
Java Auto Updater
Java(TM) 6 Update 31
Kingdoms of Amalur Reckoning
League of Legends
LibUSB-Win32-0.1.10.1
Malwarebytes Anti-Malware version 1.62.0.1300
MapleStory
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Corporation
Microsoft Games for Windows - LIVE
Microsoft Games for Windows - LIVE Redistributable
Microsoft LifeCam
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Groove MUI (English) 2010
Microsoft Office InfoPath MUI (English) 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Professional Plus 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Word MUI (English) 2010
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft WSE 3.0 Runtime
Microsoft_VC80_ATL_x86
Microsoft_VC80_CRT_x86
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFCLOC_x86
Microsoft_VC90_ATL_x86
Microsoft_VC90_CRT_x86
Microsoft_VC90_MFC_x86
Might & Magic Heroes VI
MotioninJoy ds3 driver version 0.6.0004
Mozilla Firefox 13.0.1 (x86 en-US)
Mozilla Maintenance Service
MP3 Wav Editor 5.20
Nexon Game Manager
NVIDIA PhysX
ObjectDock Free
Oblivion
ooVoo
ooVoo toolbar, powered by Ask.com Updater
Pando Media Booster
PCSX2 - Playstation 2 Emulator
PDF Settings CS5
Portal 2
PowerISO
Priston Tale 2 (English)
Prototype(TM)
PunkBuster Services
QuickTime
RealDownloader
Realtek Ethernet Controller Driver
Realtek High Definition Audio Driver
Recuva
RuneScape Launcher 1.2
Skype™ 5.8
SpeedFan (remove only)
Spotify
StarCraft
StarCraft II
Steam
STREET FIGHTER IV
Team Fortress 2
The Sims™ 3
Total War: SHOGUN 2
Ubisoft Game Launcher
Utility
VC80CRTRedist - 8.0.50727.4053
Warcraft III
WinRAR archiver
World of Warcraft
XviD MPEG-4 Video Codec
YAMB
YouTube Downloader 3.3
.
==== Event Viewer Messages From Past Week ========
.
7/16/2012 12:22:48 AM, Error: Service Control Manager [7030] - The COMODO Internet Security Helper Service service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
7/16/2012 12:01:09 AM, Error: Service Control Manager [7030] - The ESET Service service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
7/16/2012 10:45:00 AM, Error: Service Control Manager [7023] - The Function Discovery Resource Publication service terminated with the following error: %%-2147024891
7/16/2012 10:45:00 AM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error: %%-2147024891
7/16/2012 10:41:01 AM, Error: Service Control Manager [7034] - The COMODO livePCsupport Service service terminated unexpectedly. It has done this 1 time(s).
7/16/2012 10:33:31 AM, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service.
7/16/2012 10:33:30 AM, Error: Service Control Manager [7000] - The AODDriver4.1 service failed to start due to the following error: The system cannot find the file specified.
7/15/2012 9:45:16 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service VSS with arguments "" in order to run the server: {0B5A2C52-3EB9-470A-96E2-6C6D4570E40F}
7/15/2012 9:29:35 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
7/15/2012 9:29:34 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
7/15/2012 9:29:34 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
7/15/2012 9:28:48 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD BHDrvx86 BIOS BS_I2cIo ccSet_NIS CSC DfsC discache eeCtrl IDSVix86 NetBIOS NetBT nsiproxy Psched rdbss SCDEmu spldr SRTSPX SymIRON SymNetS tdx Wanarpv6 WfpLwf
7/15/2012 9:28:44 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
7/15/2012 9:28:44 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
7/15/2012 9:28:44 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
7/15/2012 9:28:44 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
7/15/2012 9:28:44 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
7/15/2012 9:28:44 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.
7/15/2012 9:28:44 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
7/15/2012 9:28:44 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
7/15/2012 9:28:44 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
7/15/2012 11:52:23 PM, Error: Service Control Manager [7034] - The AMD FUEL Service service terminated unexpectedly. It has done this 1 time(s).
7/15/2012 11:11:22 PM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.
7/15/2012 11:11:21 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
7/15/2012 11:11:21 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
7/15/2012 11:11:20 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
7/15/2012 11:11:14 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
7/15/2012 11:11:06 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: BHDrvx86 BIOS BS_I2cIo ccSet_NIS discache eeCtrl IDSVix86 SCDEmu spldr SRTSPX SymIRON SymNetS Wanarpv6
7/14/2012 8:43:00 PM, Error: Microsoft-Windows-Directory-Services-SAM [12291] - SAM failed to start the TCP/IP or SPX/IPX listening thread
7/14/2012 8:42:56 PM, Error: Service Control Manager [7038] - The WSearch service was unable to log on as NT AUTHORITY\SYSTEM with the currently configured password due to the following error: The security account manager (SAM) or local security authority (LSA) server was in the wrong state to perform the security operation. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
7/14/2012 8:42:56 PM, Error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not start due to a logon failure.
7/14/2012 8:42:56 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1069" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
7/13/2012 2:53:13 AM, Error: Service Control Manager [7043] - The Windows Update service did not shut down properly after receiving a preshutdown control.
.
==== End Of File ===========================
 
Hello, and welcome to TechSpot.


rulesx.png
Please see here for the board rules and other FAQ.

Please feel free to introduce yourself, after you follow the steps below to get started.

Information
  • From this point on, please do not make any more changes to your computer; such as install/uninstall programs, use special fix tools, delete files, edit the registry, etc. - unless advised by a malware removal helper.
  • Please do not ask for help elsewhere (in this site or other sites). Doing so can result in system changes, which may not show up in the logs you post.
  • If you have already asked for help somewhere, please post the link to the topic you were helped.
  • We try our best to reply quickly, but for any reason we do not reply in two days, please reply to this topic with the word BUMP!
  • Lastly, keep in mind that we are volunteers, so you do not have to pay for malware removal. Persist in this topic until its close, and your computer is declared clean.

Download Farbar Recovery Scan Tool and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Choose your language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.
To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Choose your language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.
On the System Recovery Options menu you will get the following options:
    • Startup Repair
      System Restore
      Windows Complete PC Restore
      Windows Memory Diagnostic Tool
      Command Prompt
  • Select Command Prompt
  • In the command window type in notepad and press Enter.
  • The notepad opens. Under File menu select Open.
  • Select "Computer" and find your flash drive letter and close the notepad.
  • In the command window type e:\frst.exe and press Enter
    Note: Replace letter e with the drive letter of your flash drive.
  • The tool will start to run.
  • When the tool opens click Yes to the disclaimer.
  • Place a check next to List Drivers MD5 as well as the default check marks that are already there
  • Press Scan button.
  • type exit and reboot the computer normally
  • FRST will make a log (FRST.txt) on the flash drive, please copy and paste the log in your reply.
 
  • Like
Reactions: crossedoutt
What do I do if I don't have the installation disk anymore?
How will I know what my drive letter of my flash drive is?

EDIT: nvm I didn't read the blue parts thanks.
 
Nevermind! I'll take more care into reading everything more thoroughly!

The log you requested:

Scan result of Farbar Recovery Scan Tool (FRST written by Farbar) Version: 16-07-2012
Ran by SYSTEM at 16-07-2012 12:01:56
Running from D:\
Windows 7 Professional (X86) OS Language: English(US)
The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s [9742952 2010-10-05] (Realtek Semiconductor)
HKLM\...\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE [180224 2010-04-12] (PowerISO Computing, Inc.)
HKLM\...\Run: [] [x]
HKLM\...\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [641664 2012-04-05] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files\AMD AVT\bin\kdbsync.exe" aml [10752 2012-02-20] ()
HKLM\...\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice [3117344 2012-03-07] (ESET)
HKLM\...\Run: [COMODO] C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLA.exe [208184 2011-11-23] (COMODO)
HKLM\...\Run: [CPA] C:\Program Files\COMODO\COMODO GeekBuddy\VALA.exe [182584 2011-11-23] (COMODO)
HKLM\...\Run: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h [6749512 2012-03-11] (COMODO)
HKU\David\...\Run: [Aim] "C:\Program Files\AIM\aim.exe" /d locale=en-US [4331392 2012-05-30] (AOL Inc.)
HKU\David\...\Run: [F.lux] "C:\Users\David\Local Settings\Apps\F.lux\flux.exe" /noshow [966656 2009-08-28] ()
Tcpip\Parameters: [DhcpNameServer] 192.168.15.1
AppInit_DLLs: C:\Windows\system32\guard32.dll

================================ Services (Whitelisted) ==================

2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe /launchService [291840 2012-04-05] (Advanced Micro Devices, Inc.)
2 CLPSLS; C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLS.exe [1052472 2011-11-23] (COMODO)
2 cmdAgent; "C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe" [1983232 2012-03-11] (COMODO)
2 ekrn; "C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe" [913144 2012-03-07] (ESET)
2 eventlog; C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted [20992 2009-07-13] (Microsoft Corporation)
2 FastUserSwitchingCompatibility; C:\Windows\installer\AMDEx.msi [5121 2011-06-17] ()
3 Futuremark SystemInfo Service; "C:\Program Files\Futuremark\Futuremark SystemInfo\FMSISvc.exe" [130976 2011-03-01] (Futuremark Corporation)
2 libusbd; C:\Windows\System32\libusbd-nt.exe [18944 2005-03-09] (http://libusb-win32.sourceforge.net)
2 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [75136 2011-07-17] ()
2 RealNetworks Downloader Resolver Service; "C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe" [31408 2011-08-15] ()
2 SkypeUpdate; "C:\Program Files\Skype\Updater\Updater.exe" [158856 2012-02-29] (Skype Technologies)

========================== Drivers (Whitelisted) =============

2 AODDriver4.01; \??\C:\Program Files\ATI Technologies\ATI.ACE\Fuel\i386\AODDriver2.sys [45184 2012-03-05] (Advanced Micro Devices)
2 AODDriver4.1; \??\C:\Program Files\ATI Technologies\ATI.ACE\Fuel\i386\AODDriver2.sys [45184 2012-03-05] (Advanced Micro Devices)
3 asmthub3; C:\Windows\System32\DRIVERS\asmthub3.sys [95720 2010-12-08] (ASMedia Technology Inc)
3 asmtxhci; C:\Windows\System32\DRIVERS\asmtxhci.sys [292840 2010-12-08] (ASMedia Technology Inc)
3 asusgsb; C:\Windows\System32\drivers\asusgsb.sys [15232 2009-02-17] (ASUSTeK Computer Inc.)
3 atkdisplf; C:\Windows\System32\drivers\ATKDispLowFilter.sys [30976 2009-02-17] (ASUSTeK Computer Inc.)
1 BIOS; \??\C:\Windows\system32\drivers\BIOS.sys [13696 2009-06-10] (BIOSTAR Group)
1 BS_I2cIo; \??\C:\Windows\system32\drivers\BS_I2cIo.sys [17024 2008-06-16] (BIOSTAR Group)
1 cmdGuard; C:\Windows\System32\DRIVERS\cmdguard.sys [491816 2012-03-11] (COMODO)
1 cmdHlp; C:\Windows\System32\DRIVERS\cmdhlp.sys [39640 2012-03-11] (COMODO)
2 cpuz135; \??\C:\Windows\system32\drivers\cpuz135_x32.sys [21992 2010-11-09] (CPUID)
1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [169080 2012-03-14] (ESET)
1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [120152 2012-03-14] (ESET)
2 epfwwfpr; C:\Windows\System32\DRIVERS\epfwwfpr.sys [103112 2012-03-14] (ESET)
0 giveio; C:\Windows\System32\giveio.sys [5248 1996-04-03] ()
1 inspect; C:\Windows\System32\DRIVERS\inspect.sys [82400 2012-02-03] (COMODO)
3 libusb0; C:\Windows\System32\drivers\libusb0.sys [33792 2005-03-09] ()
3 MotioninJoyXFilter; C:\Windows\System32\DRIVERS\MijXfilt.sys [97552 2011-08-29] (MotioninJoy)
0 speedfan; C:\Windows\System32\speedfan.sys [21696 2010-12-18] (Almico Software)
3 VX1000; C:\Windows\System32\DRIVERS\VX1000.sys [1961072 2010-05-20] (Microsoft Corporation)
3 xusb21; C:\Windows\System32\DRIVERS\xusb21.sys [61984 2010-08-19] (Microsoft Corporation)
3 EagleXNt; \??\C:\Windows\system32\drivers\EagleXNt.sys [x]
1 EIO; C:\Windows\System32\DRIVERS\EIO.sys [x]
3 XDva383; \??\C:\Windows\system32\XDva383.sys [x]

========================== NetSvcs (Whitelisted) ===========


============ One Month Created Files and Folders ==============

2012-07-16 12:01 - 2012-07-16 12:01 - 00000000 ____D C:\FRST
2012-07-16 07:51 - 2012-07-16 07:52 - 00891548 ____A (Farbar) C:\Users\David\Desktop\FRST.exe
2012-07-16 07:19 - 2012-07-16 07:20 - 00000031 ____A C:\Users\David\Desktop\pin.txt
2012-07-16 06:45 - 2012-07-16 06:45 - 00607260 ____R (Swearware) C:\Users\David\Desktop\dds.scr
2012-07-16 06:42 - 2012-07-16 06:42 - 00000744 ____A C:\Users\David\Desktop\gmer.log
2012-07-16 06:16 - 2012-07-16 06:16 - 00302592 ____A C:\Users\David\Desktop\gjngkwls.exe
2012-07-16 06:08 - 2012-07-16 06:34 - 00000000 ____D C:\Users\All Users\CPA_VA
2012-07-16 06:07 - 2012-07-16 06:07 - 00000000 ____D C:\Users\Public\Documents\COMODO
2012-07-15 20:21 - 2012-07-15 20:24 - 00000000 ____D C:\Users\All Users\Comodo
2012-07-15 20:21 - 2012-07-15 20:21 - 01700352 ____A (Microsoft Corporation) C:\Windows\System32\gdiplus.dll
2012-07-15 20:21 - 2012-07-15 20:21 - 01060864 ____A (Microsoft Corporation) C:\Windows\System32\mfc71.dll
2012-07-15 20:21 - 2012-07-15 20:21 - 00001846 ____A C:\Users\Public\Desktop\COMODO Firewall.lnk
2012-07-15 20:21 - 2012-07-15 20:21 - 00000000 ____D C:\Program Files\COMODO
2012-07-15 20:16 - 2012-07-15 20:20 - 62855008 ____A (COMODO) C:\Users\David\Downloads\cfw_installer.exe
2012-07-15 20:00 - 2012-07-15 20:00 - 02144160 ____A (Check Point Software Technologies LTD) C:\Users\David\Downloads\zafwSetupWeb_102_064_000.exe
2012-07-15 20:00 - 2012-07-15 20:00 - 00000000 ____D C:\Program Files\ESET
2012-07-15 19:54 - 2012-07-15 19:54 - 01378744 ____A (ESET) C:\Users\David\Downloads\eset_nod32_antivirus_live_installer(1).exe
2012-07-15 19:44 - 2012-07-15 19:45 - 01378744 ____A (ESET) C:\Users\David\Downloads\eset_nod32_antivirus_live_installer.exe
2012-07-14 18:46 - 2012-07-14 18:46 - 00000000 ____A C:\Users\David\Desktop\HEX.exe.txt
2012-07-07 19:14 - 2012-07-07 19:14 - 00000000 __SHD C:\Windows\System32\%APPDATA%
2012-07-06 12:17 - 2012-07-06 12:19 - 00000000 ____D C:\Users\David\Desktop\Clues
2012-06-30 16:13 - 2012-06-30 16:13 - 00002052 ____A C:\Users\David\Desktop\RuneScape.lnk
2012-06-30 16:10 - 2012-06-30 16:11 - 23642112 ____A C:\Users\David\Downloads\RuneScape(2).msi
2012-06-30 09:46 - 2012-07-03 20:50 - 00000000 ____D C:\Users\David\Documents\Diablo III
2012-06-29 20:47 - 2012-07-11 07:17 - 00000000 ____D C:\Program Files\Diablo III
2012-06-29 20:47 - 2012-06-29 20:48 - 00001147 ____A C:\Users\Public\Desktop\Diablo III.lnk
2012-06-29 20:46 - 2012-06-29 20:46 - 00000000 ____D C:\Users\All Users\Battle.net
2012-06-29 20:44 - 2012-06-29 20:45 - 40048208 ____A (Blizzard Entertainment) C:\Users\David\Downloads\Diablo-III-Setup-enUS.exe
2012-06-29 20:34 - 2012-07-15 19:22 - 00001067 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-06-29 20:32 - 2012-06-29 20:33 - 00000361 ____A C:\rkill.log
2012-06-29 20:32 - 2012-06-29 20:32 - 01012656 ____A C:\Users\David\Downloads\iExplore.exe
2012-06-29 12:56 - 2012-06-29 12:57 - 03216374 ____A (Blizzard Entertainment) C:\Users\David\Downloads\StarCraft_2_NA_en-US.exe
2012-06-28 10:24 - 2012-06-28 10:28 - 90671224 ____A C:\Users\David\Documents\Triple H King of Kings 2012 Titantron (custom) [HD].mp4
2012-06-27 16:04 - 2012-06-27 16:07 - 09104163 ____A C:\Users\David\Documents\John O'Callaghan Ft. Sarah Howells - Find yourself (Cosmic gate remix cut).flv
2012-06-21 08:12 - 2012-06-21 08:12 - 00000000 ____D C:\Program Files\Common Files\Software Update Utility
2012-06-21 07:24 - 2012-06-23 08:22 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2012-06-21 07:24 - 2012-06-21 07:24 - 00000000 ____D C:\Users\All Users\Mozilla
2012-06-20 20:39 - 2012-07-06 18:00 - 00000000 ____D C:\Users\David\Desktop\misc

============ 3 Months Modified Files ========================

2012-07-16 07:57 - 2011-04-21 06:53 - 01703747 ____A C:\Windows\WindowsUpdate.log
2012-07-16 07:56 - 2011-04-21 06:55 - 00778150 ____A C:\Windows\System32\PerfStringBackup.INI
2012-07-16 07:52 - 2012-07-16 07:51 - 00891548 ____A (Farbar) C:\Users\David\Desktop\FRST.exe
2012-07-16 07:50 - 2011-12-06 18:30 - 00000908 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-938184452-2368911859-4160528829-1000UA.job
2012-07-16 07:50 - 2011-12-06 18:30 - 00000856 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-938184452-2368911859-4160528829-1000Core.job
2012-07-16 07:50 - 2011-04-26 21:05 - 00000884 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-07-16 07:20 - 2012-07-16 07:19 - 00000031 ____A C:\Users\David\Desktop\pin.txt
2012-07-16 07:03 - 2009-07-13 20:34 - 00014224 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-07-16 07:03 - 2009-07-13 20:34 - 00014224 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-07-16 06:56 - 2011-04-26 21:05 - 00000880 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-07-16 06:56 - 2009-07-13 20:53 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-07-16 06:56 - 2009-07-13 20:39 - 00072410 ____A C:\Windows\setupact.log
2012-07-16 06:45 - 2012-07-16 06:45 - 00607260 ____R (Swearware) C:\Users\David\Desktop\dds.scr
2012-07-16 06:42 - 2012-07-16 06:42 - 00000744 ____A C:\Users\David\Desktop\gmer.log
2012-07-16 06:33 - 2011-04-24 05:49 - 00358940 ____A C:\Windows\PFRO.log
2012-07-16 06:16 - 2012-07-16 06:16 - 00302592 ____A C:\Users\David\Desktop\gjngkwls.exe
2012-07-15 20:21 - 2012-07-15 20:21 - 01700352 ____A (Microsoft Corporation) C:\Windows\System32\gdiplus.dll
2012-07-15 20:21 - 2012-07-15 20:21 - 01060864 ____A (Microsoft Corporation) C:\Windows\System32\mfc71.dll
2012-07-15 20:21 - 2012-07-15 20:21 - 00001846 ____A C:\Users\Public\Desktop\COMODO Firewall.lnk
2012-07-15 20:20 - 2012-07-15 20:16 - 62855008 ____A (COMODO) C:\Users\David\Downloads\cfw_installer.exe
2012-07-15 20:00 - 2012-07-15 20:00 - 02144160 ____A (Check Point Software Technologies LTD) C:\Users\David\Downloads\zafwSetupWeb_102_064_000.exe
2012-07-15 19:54 - 2012-07-15 19:54 - 01378744 ____A (ESET) C:\Users\David\Downloads\eset_nod32_antivirus_live_installer(1).exe
2012-07-15 19:45 - 2012-07-15 19:44 - 01378744 ____A (ESET) C:\Users\David\Downloads\eset_nod32_antivirus_live_installer.exe
2012-07-15 19:22 - 2012-06-29 20:34 - 00001067 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-07-15 14:58 - 2011-04-22 03:20 - 00000024 ____A C:\Users\David\jagexappletviewer.preferences
2012-07-15 14:18 - 2011-10-29 07:18 - 00000032 ____A C:\Users\David\jagex_cl_runescape_LIVE.dat
2012-07-14 18:46 - 2012-07-14 18:46 - 00000000 ____A C:\Users\David\Desktop\HEX.exe.txt
2012-07-03 09:46 - 2011-05-14 11:02 - 00022344 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-06-30 16:13 - 2012-06-30 16:13 - 00002052 ____A C:\Users\David\Desktop\RuneScape.lnk
2012-06-30 16:11 - 2012-06-30 16:10 - 23642112 ____A C:\Users\David\Downloads\RuneScape(2).msi
2012-06-30 16:06 - 2011-04-29 21:03 - 00007590 ____A C:\Users\David\AppData\Local\Resmon.ResmonCfg
2012-06-29 20:48 - 2012-06-29 20:47 - 00001147 ____A C:\Users\Public\Desktop\Diablo III.lnk
2012-06-29 20:45 - 2012-06-29 20:44 - 40048208 ____A (Blizzard Entertainment) C:\Users\David\Downloads\Diablo-III-Setup-enUS.exe
2012-06-29 20:33 - 2012-06-29 20:32 - 00000361 ____A C:\rkill.log
2012-06-29 20:32 - 2012-06-29 20:32 - 01012656 ____A C:\Users\David\Downloads\iExplore.exe
2012-06-29 12:57 - 2012-06-29 12:56 - 03216374 ____A (Blizzard Entertainment) C:\Users\David\Downloads\StarCraft_2_NA_en-US.exe
2012-06-28 10:28 - 2012-06-28 10:24 - 90671224 ____A C:\Users\David\Documents\Triple H King of Kings 2012 Titantron (custom) [HD].mp4
2012-06-27 16:07 - 2012-06-27 16:04 - 09104163 ____A C:\Users\David\Documents\John O'Callaghan Ft. Sarah Howells - Find yourself (Cosmic gate remix cut).flv
2012-06-21 08:12 - 2011-04-21 21:08 - 00001081 ___AH C:\IPH.PH
2012-06-02 14:19 - 2012-06-08 15:27 - 01933848 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2012-06-02 14:19 - 2012-06-08 15:27 - 00053784 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2012-06-02 14:19 - 2012-06-08 15:27 - 00045080 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
2012-06-02 14:19 - 2012-06-08 15:26 - 00577048 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2012-06-02 14:19 - 2012-06-08 15:26 - 00035864 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
2012-06-02 14:12 - 2012-06-08 15:27 - 02422272 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2012-06-02 14:12 - 2012-06-08 15:26 - 00088576 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2012-06-02 11:19 - 2012-06-08 15:26 - 00171904 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2012-06-02 11:12 - 2012-06-08 15:26 - 00033792 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
2012-05-19 20:44 - 2012-05-19 20:42 - 22801197 ____A ( ) C:\Users\David\Downloads\trial-aiseesoft-total-video-converter-6216.exe
2012-05-13 17:06 - 2012-05-13 17:06 - 00008746 ____A C:\Users\David\Downloads\Tx9sK.htm
2012-04-19 14:21 - 2009-07-13 20:53 - 00032630 ____A C:\Windows\Tasks\SCHEDLGU.TXT

ZeroAccess:
C:\Windows\Installer\{feebb387-4515-ba1d-a3da-c4471b9a10e3}
C:\Windows\Installer\{feebb387-4515-ba1d-a3da-c4471b9a10e3}\@
C:\Windows\Installer\{feebb387-4515-ba1d-a3da-c4471b9a10e3}\L
C:\Windows\Installer\{feebb387-4515-ba1d-a3da-c4471b9a10e3}\U
C:\Windows\Installer\{feebb387-4515-ba1d-a3da-c4471b9a10e3}\L\00000004.@
C:\Windows\Installer\{feebb387-4515-ba1d-a3da-c4471b9a10e3}\L\1afb2d56
C:\Windows\Installer\{feebb387-4515-ba1d-a3da-c4471b9a10e3}\L\201d3dde
C:\Windows\Installer\{feebb387-4515-ba1d-a3da-c4471b9a10e3}\U\00000004.@
C:\Windows\Installer\{feebb387-4515-ba1d-a3da-c4471b9a10e3}\U\00000008.@
C:\Windows\Installer\{feebb387-4515-ba1d-a3da-c4471b9a10e3}\U\000000cb.@
C:\Windows\Installer\{feebb387-4515-ba1d-a3da-c4471b9a10e3}\U\80000000.@
C:\Windows\Installer\{feebb387-4515-ba1d-a3da-c4471b9a10e3}\U\80000032.@

ZeroAccess:
C:\Users\David\AppData\Local\{feebb387-4515-ba1d-a3da-c4471b9a10e3}
C:\Users\David\AppData\Local\{feebb387-4515-ba1d-a3da-c4471b9a10e3}\@
C:\Users\David\AppData\Local\{feebb387-4515-ba1d-a3da-c4471b9a10e3}\L
C:\Users\David\AppData\Local\{feebb387-4515-ba1d-a3da-c4471b9a10e3}\n
C:\Users\David\AppData\Local\{feebb387-4515-ba1d-a3da-c4471b9a10e3}\U

ZeroAccess:
C:\Windows\assembly\GAC\Desktop.ini

========================= Known DLLs (Whitelisted) ============


========================= Bamital & volsnap Check ============

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe A302BBFF2A7278C0E239EE5D471D86A9 ZeroAccess <==== ATTENTION!.
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

========================= Memory info ======================

Percentage of memory in use: 12%
Total physical RAM: 4095.3 MB
Available physical RAM: 3589.82 MB
Total Pagefile: 4093.58 MB
Available Pagefile: 3586.67 MB
Total Virtual: 2047.88 MB
Available Virtual: 1970.3 MB

======================= Partitions =========================

1 Drive c: () (Fixed) (Total:465.66 GB) (Free:41.97 GB) NTFS
2 Drive d: () (Removable) (Total:7.45 GB) (Free:7.45 GB) FAT32
5 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
6 Drive y: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 465 GB 0 B
Disk 1 Online 7629 MB 0 B
Disk 2 No Media 0 B 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 100 MB 1024 KB
Partition 2 Primary 465 GB 101 MB

==================================================================================

Disk: 0
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 Y System Rese NTFS Partition 100 MB Healthy

==================================================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C NTFS Partition 465 GB Healthy

==================================================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 7629 MB 16 KB

==================================================================================

Disk: 1
Partition 1
Type : 0B
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 D FAT32 Removable 7629 MB Healthy

==================================================================================

==========================================================

Last Boot: 2012-07-08 16:25

======================= End Of Log ==========================
 
Additional FRST Scan

Before we can continue with the fixes, a system file is infected, and will need to be replaced. We need to know which one to replace, so please run the following scan...

Once again, please boot to the System Recovery Options and run FRST, as done previously.

Type the following text in the blank box after Search:

services.exe

Click: Search file(s)

FRST2.gif


When done searching, FRST makes a log, Search.txt, on the C:\ drive.

Please provide the Search.txt in your reply.
 
Farbar Recovery Scan Tool Version: 16-07-2012
Ran by SYSTEM at 2012-07-17 08:56:54
Running from F:\

================== Search: "services.exe" ===================

C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\services.exe
[2009-07-13 15:11] - [2009-07-13 17:14] - 0259072 ____A (Microsoft Corporation) 5F1B6A9C35D3D5CA72D6D6FDEF9747D6

C:\Windows\System32\services.exe
[2009-07-13 15:11] - [2009-07-13 17:14] - 0259072 ____A (Microsoft Corporation) A302BBFF2A7278C0E239EE5D471D86A9

=== End Of Search ===
 
FRST Fixlist

Please run the following:

Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy. Right-click in the open notepad and select Paste). Save it on the flashdrive as fixlist.txt

start
C:\Windows\Installer\{feebb387-4515-ba1d-a3da-c4471b9a10e3}
C:\Users\David\AppData\Local\{feebb387-4515-ba1d-a3da-c4471b9a10e3}
C:\Windows\assembly\GAC\Desktop.ini
end
Click to expand...

NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system

Now, please enter System Recovery Options then select Command Prompt.

Run FRST and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

Now restart, let it boot normally and tell me how it went.
 
Fix result of Farbar Recovery Tool (FRST written by Farbar) Version: 16-07-2012
Ran by SYSTEM at 2012-07-17 16:22:57 Run:1
Running from F:\

==============================================

C:\Windows\Installer\{feebb387-4515-ba1d-a3da-c4471b9a10e3} moved successfully.
C:\Users\David\AppData\Local\{feebb387-4515-ba1d-a3da-c4471b9a10e3} moved successfully.
C:\Windows\assembly\GAC\Desktop.ini moved successfully.

==== End of Fixlog ====
 
Hi again! Please run the following tool:

ComboFix

Please download ComboFix
combofix.gif
by sUBs
From BleepingComputer.com

Please save the file to your Desktop, but rename it first to svchost.exe

Important information about ComboFix

Before the download:
  • Please copy and paste these instructions to Notepad and save to your Desktop, or print them - for easier access.
  • It is important to rename ComboFix before the download.
  • Please do not rename ComboFix to other names, but only the one indicated.
After the download:
  • Close any open browsers.
  • Very Important: Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results". Please visit here if you don't know how.
  • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
  • Please do not attempt to re-connect your machine back to the Internet until ComboFix has completely finished.
  • If there is no Internet connection after running ComboFix, then restart your computer to restore back your connection.
Running ComboFix:
  • Double click on svchost.exe & follow the prompts.
  • It will attempt to install the Recovery Console:
  • When ComboFix finishes, it will produce a report for you.
  • Please post the "C:\Combo-Fix.txt" in your next reply.
Troubleshooting ComboFix

Safe Mode:

If you still cannot get ComboFix to run, try booting into Safe Mode, and run it there.

(To boot into Safe Mode, tap F8 after BIOS, and just before the Windows
logo appears. A list of options will appear, select "Safe Mode.")

Re-downloading:

If this doesn't work either, try the same method (above method), but try to download it again, except name
ComboFix.exe to iexplore.exe, explorer.exe, or winlogon.exe.

Malware is known for blocking all "user" processes, except for its whitelist of system important processes such as iexplore.exe, explorer.exe, winlogon.exe.
 
ComboFix 12-07-18.04 - David 07/18/2012 13:28:16.1.4 - x86
Microsoft Windows 7 Professional 6.1.7600.0.1252.1.1033.18.3327.2198 [GMT -4:00]
Running from: c:\users\David\Desktop\ComboFix.exe
AV: Norton Internet Security *Disabled/Outdated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton Internet Security *Disabled/Outdated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\David\AppData\Local\Microsoft\Windows\Temporary Internet Files\{25599BF1-BB5E-43CB-9C3E-6C375AB4A74A}.xps
c:\users\David\AppData\Local\Microsoft\Windows\Temporary Internet Files\{31AF1E64-1430-4D8D-A2A0-62ABCC319F88}.xps
c:\users\David\AppData\Local\Microsoft\Windows\Temporary Internet Files\{6A0A9F3A-BF9E-415A-9F3F-CA13E1494E53}.xps
c:\users\David\AppData\Local\Microsoft\Windows\Temporary Internet Files\{E59A3BDF-161E-4A92-9563-BEA15FF267F7}.xps
c:\users\David\AppData\Local\Microsoft\Windows\Temporary Internet Files\{F85B827F-3AFD-4764-B260-62CDC8C00067}.xps
c:\users\David\AppData\Local\Microsoft\Windows\Temporary Internet Files\{FA590277-1A0D-495B-8005-C32F814417B7}.xps
c:\users\David\AppData\Local\Temp\sfamcc00001.dll
c:\users\David\AppData\Local\Temp\sfareca00001.dll
c:\users\David\Pristontale2_EN_v219-1.bin
c:\users\David\Pristontale2_EN_v219-2.bin
c:\windows\7Loader.TAG
c:\windows\assembly\GAC\Desktop.ini
c:\windows\system32\is-H3DOB.tmp
.
Infected copy of c:\windows\system32\Services.exe was found and disinfected
Restored copy from - c:\combofix\HarddiskVolumeShadowCopy5_!Windows!winsxs!x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b!services.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-06-18 to 2012-07-18 )))))))))))))))))))))))))))))))
.
.
2012-07-18 17:40 . 2012-07-18 17:43 -------- d-----w- c:\users\David\AppData\Local\temp
2012-07-18 17:40 . 2012-07-18 17:40 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-07-16 20:01 . 2012-07-16 20:01 -------- d-----w- C:\FRST
2012-07-16 14:08 . 2012-07-16 14:34 -------- d-----w- c:\programdata\CPA_VA
2012-07-16 04:21 . 2012-07-16 04:24 -------- d-----w- c:\programdata\Comodo
2012-07-16 04:21 . 2012-07-16 04:21 -------- d-----w- c:\program files\COMODO
2012-07-16 04:21 . 2012-07-16 04:21 1700352 ----a-w- c:\windows\system32\gdiplus.dll
2012-07-16 04:21 . 2012-07-16 04:21 1060864 ----a-w- c:\windows\system32\mfc71.dll
2012-07-16 04:00 . 2012-07-16 04:00 -------- d-----w- c:\program files\ESET
2012-07-08 03:14 . 2012-07-08 03:14 -------- d-sh--w- c:\windows\system32\%APPDATA%
2012-06-30 04:47 . 2012-07-11 15:17 -------- d-----w- c:\program files\Diablo III
2012-06-30 04:46 . 2012-06-30 04:46 -------- d-----w- c:\programdata\Battle.net
2012-06-29 20:57 . 2012-06-29 20:57 -------- d-----w- c:\users\David\SC2-WingsOfLiberty-enUS-Installer
2012-06-22 16:20 . 2012-06-22 16:20 770384 ----a-w- c:\program files\Mozilla Firefox\msvcr100.dll
2012-06-22 16:20 . 2012-06-22 16:20 421200 ----a-w- c:\program files\Mozilla Firefox\msvcp100.dll
2012-06-21 16:12 . 2012-06-21 16:12 -------- d-----w- c:\program files\Common Files\Software Update Utility
2012-06-21 15:24 . 2012-06-23 16:22 -------- d-----w- c:\program files\Mozilla Maintenance Service
2012-06-21 15:24 . 2012-06-22 16:20 624608 ----a-w- c:\program files\Mozilla Firefox\gkmedias.dll
2012-06-21 15:24 . 2012-06-22 16:20 43488 ----a-w- c:\program files\Mozilla Firefox\mozglue.dll
2012-06-21 15:24 . 2012-06-22 16:20 157608 ----a-w- c:\program files\Mozilla Firefox\maintenanceservice_installer.exe
2012-06-21 15:24 . 2012-06-22 16:20 113120 ----a-w- c:\program files\Mozilla Firefox\maintenanceservice.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-03 17:46 . 2011-05-14 19:02 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-02 22:19 . 2012-06-08 23:27 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-08 23:27 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-08 23:26 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-08 23:26 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:19 . 2012-06-08 23:27 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:12 . 2012-06-08 23:27 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:12 . 2012-06-08 23:26 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 19:19 . 2012-06-08 23:26 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 19:12 . 2012-06-08 23:26 33792 ----a-w- c:\windows\system32\wuapp.exe
2011-04-18 20:55 . 2011-05-14 16:02 416571 ----a-w- c:\program files\Pristontale2_EN_v219.exe
2011-04-18 20:55 . 2011-05-14 16:02 792380763 ----a-w- c:\program files\Pristontale2_EN_v219-2.bin
2011-04-18 20:51 . 2011-05-14 16:01 1999583232 ----a-w- c:\program files\Pristontale2_EN_v219-1.bin
2012-06-22 16:20 . 2011-04-22 04:51 85472 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2012-04-03 17:01 1519272 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2012-04-03 1519272]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2012-04-03 1519272]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\David\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\David\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\David\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Aim"="c:\program files\AIM\aim.exe" [2012-05-30 4331392]
"F.lux"="c:\users\David\Local Settings\Apps\F.lux\flux.exe" [2009-08-29 966656]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AMD AVT"="start AMD Accelerated Video Transcoding device initialization" [X]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2010-10-05 9742952]
"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2010-04-12 180224]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-04-06 641664]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2012-03-07 3117344]
"COMODO"="c:\program files\COMODO\COMODO GeekBuddy\CLPSLA.exe" [2011-11-23 208184]
"CPA"="c:\program files\COMODO\COMODO GeekBuddy\VALA.exe" [2011-11-23 182584]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2012-03-12 6749512]
.
c:\users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\David\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-24 27112840]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler]
"{1984DD45-52CF-49cd-AB77-18F378FEA264}"= "c:\program files\Stardock\Fences\FencesMenu.dll" [2010-06-22 202088]
"{1984D045-52CF-49cd-DB77-08F378FEA4DB}"= "c:\program files\Stardock\ObjectDockFree\ODMenu.dll" [2010-10-04 511344]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\guard32.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CLPSLS]
@="Service"
.
[HKLM\~\startupfolder\C:^Users^David^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk]
path=c:\users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
backup=c:\windows\pss\Dropbox.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-11-10 16:49 932288 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2011-01-30 15:45 35736 ----a-w- c:\program files\Adobe\Reader 10.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0]
2010-03-06 07:44 500208 ------w- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS5ServiceManager]
2010-02-22 08:57 406992 ----a-w- c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ApnUpdater]
2012-04-03 17:01 1557160 ----a-w- c:\program files\Ask.com\Updater\Updater.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCSSync]
2010-01-21 21:22 91520 ----a-w- c:\program files\Microsoft Office\Office14\BCSSync.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2011-03-21 18:56 1230704 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2011-12-07 02:30 136176 ----atw- c:\users\David\AppData\Local\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-04-14 15:32 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LifeCam]
2010-05-20 19:27 119152 ----a-w- c:\program files\Microsoft LifeCam\LifeExp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-29 21:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2012-02-29 12:55 17148552 ----a-r- c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
2012-04-06 05:24 641664 ----a-w- c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2011-08-04 22:26 1242448 ----a-w- c:\program files\Steam\Steam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2012-01-18 18:02 254696 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SwitchBoard]
2010-02-19 17:37 517096 ----a-w- c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VX1000]
2010-05-20 19:27 762736 ----a-w- c:\windows\vVX1000.exe
.
R2 AODDriver4.1;AODDriver4.1;c:\program files\ATI Technologies\ATI.ACE\Fuel\i386\AODDriver2.sys [x]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x]
R3 EagleXNt;EagleXNt;c:\windows\system32\drivers\EagleXNt.sys [x]
R3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;c:\program files\Futuremark\Futuremark SystemInfo\FMSISvc.exe [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [x]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [x]
R3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;c:\windows\system32\DRIVERS\MijXfilt.sys [x]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [x]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [x]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]
R3 XDva383;XDva383;c:\windows\system32\XDva383.sys [x]
S1 BIOS;BIOS;c:\windows\system32\drivers\BIOS.sys [x]
S1 BS_I2cIo;BS_I2cIo;c:\windows\system32\drivers\BS_I2cIo.sys [x]
S1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys [x]
S1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys [x]
S1 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [x]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [x]
S2 AODDriver4.01;AODDriver4.01;c:\program files\ATI Technologies\ATI.ACE\Fuel\i386\AODDriver2.sys [x]
S2 CLPSLS;COMODO livePCsupport Service;c:\program files\COMODO\COMODO GeekBuddy\CLPSLS.exe [x]
S2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x32.sys [x]
S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [x]
S2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys [x]
S2 libusbd;LibUsb-Win32 - Daemon, Version 0.1.10.1;c:\windows\system32\libusbd-nt.exe [x]
S2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files\RealNetworks\RealDownloader\rndlresolversvc.exe [x]
S3 amdiox86;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox86.sys [x]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\DRIVERS\asmthub3.sys [x]
S3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\DRIVERS\asmtxhci.sys [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW73.sys [x]
S3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.10.1;c:\windows\system32\drivers\libusb0.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-04-27 05:05]
.
2012-07-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-04-27 05:05]
.
2012-07-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-938184452-2368911859-4160528829-1000Core.job
- c:\users\David\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-07 02:30]
.
2012-07-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-938184452-2368911859-4160528829-1000UA.job
- c:\users\David\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-07 02:30]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~1\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.15.1
FF - ProfilePath - c:\users\David\AppData\Roaming\Mozilla\Firefox\Profiles\sjb45upr.default\
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false
.
- - - - ORPHANS REMOVED - - - -
.
MSConfigStartUp-ASUSGamerOSD - c:\program files\ASUS\GamerOSD\GamerOSD.exe
MSConfigStartUp-BiosNotice - c:\program files\BIOSTAR\BiosNotice\BiosNotice.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\FastUserSwitchingCompatibility]
"ServiceDll"="c:\windows\installer\AMDEx.msi"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'lsass.exe'(728)
c:\windows\system32\guard32.dll
.
- - - - - - - > 'Explorer.exe'(5676)
c:\windows\system32\guard32.dll
c:\users\David\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
c:\windows\System32\ieframe.dll
c:\program files\Stardock\Fences\FencesMenu.dll
c:\program files\Stardock\ObjectDockFree\ODMenu.dll
c:\program files\stardock\fences\DesktopDock.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\atieclxx.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Microsoft LifeCam\MSCamS32.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\WUDFHost.exe
c:\windows\system32\taskhost.exe
c:\windows\System32\rundll32.exe
c:\windows\system32\conhost.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\program files\COMODO\COMODO GeekBuddy\CLPS.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
c:\windows\system32\sppsvc.exe
.
**************************************************************************
.
Completion time: 2012-07-18 13:47:12 - machine was rebooted
ComboFix-quarantined-files.txt 2012-07-18 17:47
.
Pre-Run: 45,607,673,856 bytes free
Post-Run: 50,125,062,144 bytes free
.
- - End Of File - - C7C3793000F7DBE25F978AC50A8E8B5D
 
Nice!

Scan for malware

bf_new.gif
Please download Malwarebytes Anti-Malware from HERE.


Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. If you are prompted to restart, please allow it to restart your computer. Failure to do this, will cause the infection to still be active on the computer.
  • Please save the log to a location you will remember.
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • The log can also be found at C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt
  • Copy and paste the entire report in your next reply.
 
Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Database version: v2012.07.18.12

Windows 7 x86 NTFS
Internet Explorer 8.0.7600.16385
David :: DAVID-PC [administrator]

7/18/2012 6:13:31 PM
mbam-log-2012-07-18 (18-13-31).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 198833
Time elapsed: 7 minute(s), 22 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
 
One more hopeful scan, then you should be good.

ESET Online Scan

Please run a free online scan with the ESET Online Scanner
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  • Click Scan (This scan can take several hours, so please be patient)
  • Once the scan is completed, you may close the window
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic
 
ESETSmartInstaller@High as downloader log:
all ok
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=6e8d1b9123ac5f46babd1ed622bf5c0e
# end=stopped
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-07-20 04:54:20
# local_time=2012-07-20 12:54:20 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=6.1.7600 NT
# compatibility_mode=3073 16777213 80 71 0 18384878 0 0
# compatibility_mode=5893 16776573 100 94 38435574 94348051 0 0
# compatibility_mode=8204 39157117 100 90 0 10736052 0 0
# scanned=23
# found=0
# cleaned=0
# scan_time=0
# nod_component=V3 Build:0x30000000
ESETSmartInstaller@High as downloader log:
all ok
esets_scanner_update returned -1 esets_gle=53251
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=6e8d1b9123ac5f46babd1ed622bf5c0e
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-07-20 06:55:22
# local_time=2012-07-20 02:55:22 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=6.1.7600 NT
# compatibility_mode=3073 16777213 80 71 0 18384982 0 0
# compatibility_mode=5893 16776573 100 94 38435678 94348155 0 0
# compatibility_mode=8204 39157117 100 90 0 10736156 0 0
# scanned=374882
# found=2
# cleaned=2
# scan_time=7158
# nod_component=V3 Build:0x30000000
C:\Users\David\Downloads\YouTubeDownloaderSetup30.exe a variant of Win32/Toolbar.Widgi application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Users\David\Downloads\YouTubeDownloaderSetup33.exe a variant of Win32/Toolbar.Widgi application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
 
Okay, no biggie.

Your logs appear to be clean. If there are no more issues, then we shall clean up!

Clean up System Restore

Now, to get you off to a clean start, we will be creating a new Restore Point, then clearing the old ones to make sure you do not get reinfected, in case you need to "restore back."

To manually create a new Restore Point
  • Go to Control Panel and select System and Maintenance
  • Select System
  • On the left select Advance System Settings and accept the warning if you get one
  • Select System Protection Tab
  • Select Create at the bottom
  • Type in a name I.e. Clean
  • Select Create
Now we can purge the infected ones
  • Go back to the System and Maintenance page
  • Select Performance Information and Tools
  • On the left select Open Disk Cleanup
  • Select Files from all users and accept the warning if you get one
  • In the drop down box select your main drive I.e. C
  • For a few moments the system will make some calculations:
    diskcleanup1.png
  • Select the More Options tab
    moreoptions.png
  • In the System Restore and Shadow Backups select Clean up
    moreoptions2.png
  • Select Delete on the pop up
  • Select OK
  • Select Delete

Run OTC to remove our tools

To remove all of the tools we used and the files and folders they created, please do the following:
Please download OTC.exe by OldTimer:
  • Save it to your Desktop.
  • Double click OTC.exe.
  • Click the CleanUp! button.
  • If you are prompted to Reboot during the cleanup, select Yes.
  • The tool will delete itself once it finishes.
Note: If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.

Purge old temporary files

Please download TFC by OldTimer to your desktop
  • Please double-click TFC.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
  • It will close all programs when run, so make sure you have saved all your work before you begin.
  • Click the Start
    button to begin the process. Depending on how often you clean temp
    files, execution time should be anywhere from a few seconds to a minute
    or two. Let it run uninterrupted to completion.
  • Once it's finished it should reboot your machine. If it does not, please manually reboot the machine yourself to ensure a complete clean.

Security Check

Please download Security Check by screen317 from SpywareInfoforum.org or Changelog.fr.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Tell me in your next reply, if you have completed these tasks:
  • Cleaned System Restore
  • Ran OTC
  • Ran TFC
  • Ran Security Check
Also, let me know how your computer is running, and don't forget to post the contents of the Security Check log.
 
Results of screen317's Security Check version 0.99.43
Windows 7 x86 (UAC is enabled)
Out of date service pack!!
Internet Explorer 8 Out of date!
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
ESET NOD32 Antivirus 5.2
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.62.0.1300
Java(TM) 6 Update 31
Java version out of Date!
Adobe Flash Player 10 Flash Player out of Date!
Adobe Flash Player 10.3.181.14 Flash Player out of Date!
Adobe Reader X 10.0.1 Adobe Reader out of Date!
Mozilla Firefox (14.0.1)
Google Chrome 20.0.1132.47
Google Chrome 20.0.1132.57
````````Process Check: objlist.exe by Laurent````````
Comodo Firewall cmdagent.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````
 
MOST IMPORTANT: You Need to Update Windows and IE to get all the Latest Security Patches to protect your computer from the malware that is around on the internet. Please go to
Microsoft Windows and Internet Explorer Updates to get the critical updates.

If you are running Microsoft Office, or any portion thereof, go to the Microsoft's Office Update site and make sure you have at least all the cirtical updates installed (Free) Microsoft Office Update


Adobe Reader Update!

Please download the newest version of Adobe Acrobat Reader from Adobe.com

Before installing: it is important to remove older versions of Acrobat Reader since it does not do so automatically and old versions still leave you vulnerable.
Go to the Control Panel and enter Add or Remove Programs (Programs and Features in Vista/7).
Search in the list for all previous installed versions of Adobe Acrobat Reader. Uninstall/Remove each of them.

Once old versions are gone, please install the newest version.

Java Update!

Please download the newest version of Java from Java.com.

Before installing: it is important to remove older versions of Java since it does not do so automatically and old versions still leave you vulnerable.
Go to the Control Panel and enter Add or Remove Programs (Programs and Features in Vista/7).
Search in the list for all previous installed versions of Java. (J2SE Runtime Environment). Please uninstall/remove each of them.

Once old versions are gone, please install the newest version.

Adobe Flash Player Update!

Please download the newest version of Adobe Flash Player from Adobe.com

Before installing: it is important to remove older versions of Flash Player since it does not do so automatically and old versions still leave you vulnerable.
Go to the Control Panel and enter Add or Remove Programs (Programs and Features in Vista/7).
Search in the list for all previous installed versions of Adobe Flash Player. Uninstall/Remove each of them.

Once old versions are gone, please install the newest version.


Personal Tips on Preventing Malware

See this page for more info about malware and prevention.

Any other questions before I mark this topic solved?
 
nope. everything seems to be fine.

I would like to thank you :D. You've been a great help! Its so nice that you guys take this much time helping people, I'm impressed.

THANKS AGAIN!
 
Status
Not open for further replies.

Similar threads

uber_beetle
Infected with fake ad pop-ups - posting FRST and Addition
Replies
12
Views
797
uber_beetle
uber_beetle
A
Infected: Antivirus says it's Trojan:Script/Wacatac.H!ml
Replies
12
Views
2K
adidaman27
A
wshknwntlprtmn
  • Locked
Inactive Not sure what's going on here....
Replies
12
Views
2K
Broni
Broni

Latest posts

Back