Solved MSN virus?

[dayslayer8]

Hi broni, thnx for everything and all your time and effort. Well, the thing is, im not sure if i should start another thread or not, is that i havent actually told you everything im sorry.Well when i got my msn virus, i uninstalled msn with revouninstaller immediately. Revouninstaller detected all related registry and files and deleted them all.

AT that time I was pretty stupid and was quite annoyed for falling for the virus. So i weren't thinking properly. However, today, i tried reinstalling msn and there was an error, it said i should try again and it kept failing.
So i concluded that revouninstaller must have corrupted certain registries and luckily, it had made backups. So i just recovered the backup registry and then WOLAH!

All my symptoms are gone! iexplorer and media player working again, sound, internet icon and all the other stuff.
However, i am not sure if i have revived the virus and i was really really stupid to just recover the files without thinking.

So should i start another thread with the 8-steps or continue using this thread?
I am so sorry to waste your time like this.
Thanks

 

[Broni]

That's OK, but we'll have to re-run some scans....

STEP 1. Download Malwarebytes' Anti-Malware (aka MBAM): http://www.malwarebytes.org/mbam.php to your desktop.
(Malwarebytes is free to use as a manual scanner. Payment is only required if you wish to have it run and update automatically which is not necessary for our purposes)

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform Quick Scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad.
* Post the log back here.

The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt


STEP 2. Download GMER: http://www.gmer.net/files.php, by clicking on Download EXE button.
Alternative downloads:
- http://majorgeeks.com/GMER_d5198.html
- http://www.softpedia.com/get/Interne...ers/GMER.shtml
Double click on downloaded .exe file, select Rootkit tab and click the Scan button.
Do NOT use the computer while GMER is running!
When scan is completed, click Save button, and save the results as gmer.log
Warning ! Please, do not select the "Show all" checkbox during the scan.
Post the log to your next reply.

IMPORTANT! If for some reason GMER refuses to run, try again.
If it still fails, try to UN-check "Devices" in right pane.
If still no joy, try to run it from Safe Mode.


STEP 3. Download MBRCheck to your desktop

Double click MBRCheck.exe to run (Vista and Windows 7 users, right click and select Run as Administrator).
It will show a black screen with some data on it.
A report called MBRcheckxxxx.txt will be on your desktop
Open this report and post its content in your next reply.

===================================================================

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

1. Please, never rename Combofix unless instructed.
2. Close any open browsers.
3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
   • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
   • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
   NOTE1. If Combofix asks you to install Recovery Console, please allow it.
   NOTE 2. If Combofix asks you to update the program, always do so.
   • Close any open browsers.
   • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
   • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
   • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
4. Double click on combofix.exe & follow the prompts.
5. When finished, it will produce a report for you.
6. Please post the "C:\ComboFix.txt"

**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

Make sure, you re-enable your security programs, when you're done with Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!

 

[dayslayer8]

Here are my logs =] combofix log is attached as it is too long.

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4373

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18928

13/08/2010 4:51:41 PM
mbam-log-2010-08-13 (16-51-41).txt

Scan type: Quick scan
Objects scanned: 153662
Time elapsed: 4 minute(s), 52 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)




GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-08-13 19:09:30
Windows 6.0.6002 Service Pack 2
Running: y80eq5ej.exe; Driver: C:\Users\zihao\AppData\Local\Temp\kxldapob.sys


---- System - GMER 1.0.15 ----

SSDT \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS ZwTerminateProcess [0x8FB8B620]

Code 87F04C4C ZwTraceEvent
Code 87F04C4B NtTraceEvent

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!NtTraceEvent 82630376 5 Bytes JMP 87F04C50
.text ntkrnlpa.exe!KeSetEvent + 621 826B1D84 4 Bytes [20, B6, B8, 8F]
PAGE ntkrnlpa.exe!NtRequestPort + 2 82810F08 5 Bytes JMP 87F04CF0
PAGE ntkrnlpa.exe!ZwAlpcSendWaitReceivePort + 2 8284249B 5 Bytes JMP 87F04E30
PAGE ntkrnlpa.exe!NtRequestWaitReplyPort + 2 82848A70 5 Bytes JMP 87F04D90

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[376] kernel32.dll!SetUnhandledExceptionFilter 7597A84F 4 Bytes [C2, 04, 00, 00]

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x3F 0x23 0x0A 0xA7 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xDD 0x86 0x08 0x12 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xE2 0x06 0xBB 0xE1 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x3F 0x23 0x0A 0xA7 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xDD 0x86 0x08 0x12 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xE8 0xD4 0x4D 0xEB ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x3F 0x23 0x0A 0xA7 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xDD 0x86 0x08 0x12 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xE8 0xD4 0x4D 0xEB ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.쯳\OpenWithProgids@ì\x2580\xb3_auto_file
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.-k¦\OpenWithProgids@I%k\0\xa0%_\0a\0u\0t\0o\0_\0f\0i\0l\0e

---- EOF - GMER 1.0.15 ----



MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows Vista Home Premium Edition
Windows Information: Service Pack 2 (build 6002), 32-bit
Base Board Manufacturer: Gigabyte Technology Co., Ltd.
BIOS Manufacturer: Award Software International, Inc.
System Manufacturer: Gigabyte Technology Co., Ltd.
System Product Name: EP43-US3L
Logical Drives Mask: 0x000002fd

Kernel Drivers (total 148):
0x82605000 \SystemRoot\system32\ntkrnlpa.exe
0x829BE000 \SystemRoot\system32\hal.dll
0x80409000 \SystemRoot\system32\kdcom.dll
0x80410000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x80480000 \SystemRoot\system32\PSHED.dll
0x80491000 \SystemRoot\system32\BOOTVID.dll
0x80499000 \SystemRoot\system32\CLFS.SYS
0x804DA000 \SystemRoot\system32\CI.dll
0x80605000 \SystemRoot\system32\drivers\Wdf01000.sys
0x80681000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x8068E000 \SystemRoot\system32\drivers\acpi.sys
0x806D4000 \SystemRoot\system32\drivers\WMILIB.SYS
0x806DD000 \SystemRoot\system32\drivers\msisadrv.sys
0x806E5000 \SystemRoot\system32\drivers\pci.sys
0x8070C000 \SystemRoot\System32\drivers\partmgr.sys
0x8071B000 \SystemRoot\system32\drivers\volmgr.sys
0x8072A000 \SystemRoot\System32\drivers\volmgrx.sys
0x80774000 \SystemRoot\system32\drivers\pciide.sys
0x8077B000 \SystemRoot\system32\drivers\PCIIDEX.SYS
0x80789000 \SystemRoot\System32\drivers\mountmgr.sys
0x80799000 \SystemRoot\system32\drivers\atapi.sys
0x807A1000 \SystemRoot\system32\drivers\ataport.SYS
0x807BF000 \SystemRoot\system32\drivers\fltmgr.sys
0x805BA000 \SystemRoot\system32\drivers\fileinfo.sys
0x8AE0C000 \SystemRoot\System32\Drivers\ksecdd.sys
0x8AE7D000 \SystemRoot\system32\drivers\ndis.sys
0x8AF88000 \SystemRoot\system32\drivers\msrpc.sys
0x8AFB3000 \SystemRoot\system32\drivers\NETIO.SYS
0x8B00E000 \SystemRoot\System32\drivers\tcpip.sys
0x8B0F8000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x8B20B000 \SystemRoot\System32\Drivers\Ntfs.sys
0x8B31B000 \SystemRoot\system32\drivers\volsnap.sys
0x8B354000 \SystemRoot\System32\Drivers\spldr.sys
0x8B35C000 \SystemRoot\System32\Drivers\mup.sys
0x8B36B000 \SystemRoot\System32\drivers\ecache.sys
0x8B392000 \SystemRoot\system32\drivers\disk.sys
0x8B3A3000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x8B3C4000 \SystemRoot\system32\drivers\crcdisk.sys
0x8B3ED000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x8B200000 \SystemRoot\system32\DRIVERS\tunmp.sys
0x8B113000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x8EC0C000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
0x8F66D000 \SystemRoot\system32\DRIVERS\nvBridge.kmd
0x8F66F000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x8F710000 \SystemRoot\System32\drivers\watchdog.sys
0x8F71C000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x8F727000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x8F765000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x8B122000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x8F774000 \SystemRoot\system32\DRIVERS\Rtlh86.sys
0x8F78C000 \SystemRoot\system32\DRIVERS\fdc.sys
0x8F797000 \SystemRoot\system32\DRIVERS\serial.sys
0x8F7B1000 \SystemRoot\system32\DRIVERS\serenum.sys
0x8F7BB000 \SystemRoot\system32\DRIVERS\parport.sys
0x8F7D3000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x8F7E6000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x8F7F1000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x8B1AF000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x8EC00000 \SystemRoot\system32\drivers\InCDPass.sys
0x8B1C7000 \SystemRoot\system32\drivers\InCDRm.sys
0x8B3F8000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0x8B1D0000 \SystemRoot\system32\DRIVERS\msiscsi.sys
0x8FA02000 \SystemRoot\system32\DRIVERS\storport.sys
0x8FA43000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x8FA4E000 \SystemRoot\system32\DRIVERS\ManyCam.sys
0x8FA54000 \SystemRoot\system32\DRIVERS\STREAM.SYS
0x8FA61000 \SystemRoot\system32\DRIVERS\ks.sys
0x8FA8B000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x8FAA2000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x8FAAD000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x8FAD0000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x8FADF000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x8FAF3000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x8FB08000 \SystemRoot\system32\DRIVERS\termdd.sys
0x8FB18000 \SystemRoot\system32\DRIVERS\swenum.sys
0x8FB1A000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x8FB24000 \SystemRoot\system32\DRIVERS\umbus.sys
0x8FB31000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x8FB66000 \SystemRoot\system32\DRIVERS\flpydisk.sys
0x8FB70000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x8FE07000 \SystemRoot\system32\drivers\RTKVHDA.sys
0x90015000 \SystemRoot\system32\drivers\portcls.sys
0x90042000 \SystemRoot\system32\drivers\drmk.sys
0x90067000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0x90070000 \SystemRoot\System32\Drivers\Null.SYS
0x90077000 \SystemRoot\System32\Drivers\Beep.SYS
0x9007E000 \SystemRoot\system32\DRIVERS\ehdrv.sys
0x9009B000 \SystemRoot\System32\drivers\vga.sys
0x900A7000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x900C8000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x900D0000 \SystemRoot\system32\drivers\rdpencdd.sys
0x900D8000 \SystemRoot\System32\Drivers\InCDrec.SYS
0x900DB000 \SystemRoot\system32\drivers\InCDFs.sys
0x900F7000 \SystemRoot\System32\Drivers\Msfs.SYS
0x90102000 \SystemRoot\System32\Drivers\Npfs.SYS
0x90110000 \SystemRoot\System32\DRIVERS\rasacd.sys
0x90119000 \SystemRoot\system32\DRIVERS\tdx.sys
0x9012F000 \SystemRoot\system32\DRIVERS\smb.sys
0x90143000 \SystemRoot\system32\drivers\afd.sys
0x9018B000 \SystemRoot\System32\DRIVERS\netbt.sys
0x901BD000 \SystemRoot\system32\DRIVERS\pacer.sys
0x901D3000 \SystemRoot\system32\DRIVERS\netbios.sys
0x901E1000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x8FB81000 \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
0x901F4000 \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
0x8FBA3000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x8FBDF000 \SystemRoot\system32\drivers\nsiproxy.sys
0x8FBE9000 \??\C:\Program Files\UltraISO\drivers\ISODrive.sys
0x805CA000 \SystemRoot\System32\Drivers\dfsc.sys
0x8B3CD000 \SystemRoot\System32\Drivers\crashdmp.sys
0x8B3DA000 \SystemRoot\System32\Drivers\dump_dumpata.sys
0x8B3E5000 \SystemRoot\System32\Drivers\dump_atapi.sys
0x805E1000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0x901FA000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x986B0000 \SystemRoot\System32\win32k.sys
0x8B000000 \SystemRoot\System32\drivers\Dxapi.sys
0x8AFEE000 \SystemRoot\system32\DRIVERS\monitor.sys
0x988D0000 \SystemRoot\System32\TSDDD.dll
0x988F0000 \SystemRoot\System32\cdd.dll
0x98900000 \SystemRoot\System32\ATMFD.DLL
0x9E204000 \SystemRoot\system32\drivers\luafv.sys
0x9E21F000 \SystemRoot\system32\DRIVERS\eamon.sys
0x9E2DB000 \SystemRoot\system32\drivers\spsys.sys
0x9E38B000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x9E39B000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x8100A000 \SystemRoot\system32\drivers\HTTP.sys
0x81077000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x81094000 \SystemRoot\system32\DRIVERS\bowser.sys
0x810AD000 \SystemRoot\System32\drivers\mpsdrv.sys
0x810C2000 \SystemRoot\system32\drivers\mrxdav.sys
0x810E3000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x81102000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x8113B000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x81153000 \SystemRoot\System32\DRIVERS\srv2.sys
0x8117A000 \SystemRoot\System32\DRIVERS\srv.sys
0x811C8000 \SystemRoot\system32\DRIVERS\asyncmac.sys
0x811D1000 \SystemRoot\system32\DRIVERS\parvdm.sys
0x811D8000 \SystemRoot\System32\Drivers\adfs.SYS
0x811E9000 \SystemRoot\system32\DRIVERS\cdfs.sys
0x9E3AE000 \SystemRoot\system32\DRIVERS\epfwwfpr.sys
0x9FE0F000 \SystemRoot\system32\drivers\peauth.sys
0x9FEED000 \SystemRoot\System32\Drivers\secdrv.SYS
0x9FEF7000 \??\C:\Program Files\Sandboxie\SbieDrv.sys
0x9FF15000 \SystemRoot\System32\drivers\tcpipreg.sys
0x9FF21000 \SystemRoot\system32\DRIVERS\WUDFRd.sys
0x9FF36000 \SystemRoot\system32\DRIVERS\WUDFPf.sys
0x9FF48000 \??\C:\Users\zihao\AppData\Local\Temp\kxldapob.sys
0x76E40000 \Windows\System32\ntdll.dll

Processes (total 70):
0 System Idle Process
4 System
448 C:\Windows\System32\smss.exe
588 csrss.exe
640 C:\Windows\System32\wininit.exe
652 csrss.exe
684 C:\Windows\System32\services.exe
712 C:\Windows\System32\lsass.exe
720 C:\Windows\System32\lsm.exe
824 C:\Windows\System32\winlogon.exe
904 C:\Windows\System32\svchost.exe
948 C:\Windows\System32\nvvsvc.exe
976 C:\Windows\System32\svchost.exe
1012 C:\Windows\System32\svchost.exe
1140 C:\Windows\System32\svchost.exe
1180 C:\Windows\System32\svchost.exe
1192 C:\Windows\System32\svchost.exe
1256 C:\Windows\System32\audiodg.exe
1280 C:\Windows\System32\svchost.exe
1300 C:\Windows\System32\SLsvc.exe
1360 C:\Windows\System32\svchost.exe
1488 C:\Windows\System32\nvvsvc.exe
1528 C:\Windows\System32\svchost.exe
1760 C:\Windows\System32\spoolsv.exe
1784 C:\Windows\System32\svchost.exe
248 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
296 C:\Program Files\Bonjour\mDNSResponder.exe
316 C:\Windows\System32\CISVC.EXE
376 C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
912 C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
1416 C:\Windows\System32\svchost.exe
1544 C:\Program Files\CyberLink\Shared files\RichVideo.exe
1456 C:\Program Files\Sandboxie\SbieSvc.exe
1676 C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
1616 C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
756 C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
2060 C:\Windows\System32\svchost.exe
2084 C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
2128 C:\Windows\System32\svchost.exe
2180 C:\Windows\System32\SearchIndexer.exe
2372 WUDFHost.exe
3212 C:\Windows\System32\dwm.exe
3224 C:\Windows\System32\taskeng.exe
3272 C:\Windows\explorer.exe
3356 C:\Windows\System32\taskeng.exe
3648 C:\Program Files\Windows Defender\MSASCui.exe
3656 C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
3776 C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe
3800 C:\Program Files\Nero\Nero 7\InCD\InCD.exe
3808 C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
3816 C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
3856 C:\Program Files\iTunes\iTunesHelper.exe
3908 C:\Windows\RtHDVCpl.exe
3916 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
3928 C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe
3936 C:\Windows\ehome\ehtray.exe
3952 C:\Program Files\Sandboxie\SbieCtrl.exe
3960 C:\Program Files\RocketDock\RocketDock.exe
3972 C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
4076 C:\Windows\ehome\ehmsas.exe
2956 C:\Windows\System32\wbem\unsecapp.exe
3376 WmiPrvSE.exe
3832 C:\Program Files\iPod\bin\iPodService.exe
680 C:\Windows\System32\wuauclt.exe
4300 C:\Program Files\Mozilla Firefox\firefox.exe
4500 C:\Program Files\Mozilla Firefox\plugin-container.exe
4948 C:\Windows\System32\SearchProtocolHost.exe
4864 C:\Windows\System32\SearchFilterHost.exe
4756 C:\Windows\System32\SearchProtocolHost.exe
5340 C:\Users\zihao\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00100000 (NTFS)

PhysicalDrive0 Model Number: ST3500418AS, Rev: CC34

Size Device Name MBR Status
--------------------------------------------
465 GB \\.\PhysicalDrive0 Windows 2008 MBR code detected
SHA1: 8DF43F2BDE2D9451948FA14B5279969C777A7979


Done!

 

[Broni]

All looks good

Uninstall Combofix:
Go Start > Run [Vista users, go Start>"Start search"]
Type in:
Combofix /Uninstall
Note the space between the "Combofix" and the "/Uninstall"
Click OK (Vista users - press Enter).
Restart computer.

=====================================================================

Last scans....

1. Download Security Check from HERE, and save it to your Desktop.

• Double-click SecurityCheck.exe
• Follow the onscreen instructions inside of the black box.
• A Notepad document should open automatically called checkup.txt; please post the contents of that document.

2. Download Temp File Cleaner (TFC)

• Double click on TFC.exe to run the program.
• Click on Start button to begin cleaning process.
• TFC will close all running programs, and it may ask you to restart computer.

3. Go to Kaspersky website and perform an online antivirus scan.

• Disable your active antivirus program.
• Read through the requirements and privacy statement and click on Accept button.
• It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
• When the downloads have finished, click on Settings.
• Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
  
  • Spyware, Adware, Dialers, and other potentially dangerous programs
  • Archives
  • Mail databases
• Click on My Computer under Scan.
• Once the scan is complete, it will display the results. Click on View Scan Report.
• You will see a list of infected items there. Click on Save Report As....
• Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button. Then post it here.

 

[dayslayer8]

Here are my logs!

Results of screen317's Security Check version 0.99.5
Windows Vista Service Pack 2 (UAC is disabled!)
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Enabled!
ESET Online Scanner v3
[size=1]WMI entry may not exist for antivirus; attempting automatic update.[/size]
```````````````````````````````
Anti-malware/Other Utilities Check:
Malwarebytes' Anti-Malware
CCleaner
Mozilla Firefox (3.6.8)
````````````````````````````````
Process Check:
objlist.exe by Laurent
Windows Defender MSASCui.exe
Windows Defender MSASCui.exe
````````````````````````````````
DNS Vulnerability Check:
Request Timed Out (Wireless Internet connection/Disconnected Internet/Proxy?)

``````````End of Log````````````



--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Saturday, August 14, 2010
Operating system: Microsoft Windows Vista Home Premium Edition, 32-bit Service Pack 2 (build 6002)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Friday, August 13, 2010 20:03:58
Records in database: 4132666
--------------------------------------------------------------------------------

Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes

Scan area - My Computer:
A:\
C:\
D:\
E:\
F:\
G:\
H:\
J:\

Scan statistics:
Objects scanned: 199065
Threats found: 0
Infected objects found: 0
Suspicious objects found: 0
Scan duration: 03:06:44

No threats found. Scanned area is clean.

Selected area has been scanned.

 

[Broni]

All good

Your computer is clean


1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point.

Turn off System Restore:

- Windows XP:
1. Click Start.
2. Right-click the My Computer icon, and then click Properties.
3. Click the System Restore tab.
4. Check "Turn off System Restore".
5. Click Apply.
6. When turning off System Restore, the existing restore points will be deleted. Click Yes to do this.
7. Click OK.
- Windows Vista and 7:
1. Click Start.
2. Right-click the Computer icon, and then click Properties.
3. Click on System Protection under the Tasks column on the left side
4. Click on Continue on the "User Account Control" window that pops up
5. Under the System Protection tab, find Available Disks
6. Uncheck the box for any drive you wish to disable system restore on (in most cases, drive "C:")
7. When turning off System Restore, the existing restore points will be deleted. Click "Turn System Restore Off" on the popup window to do this.
8. Click OK

2. Restart computer.

3. Turn System Restore on.

4. Make sure, Windows Updates are current.

5. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

6. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

7. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

8. Run Temporary File Cleaner (TFC) weekly.

9. Download and install Secunia Personal Software Inspector (PSI): https://www.techspot.com/downloads/4898-secunia-personal-software-inspector-psi.html. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

10. Run defrag at your convenience.

11. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

12. Please, let me know, how is your computer doing.

 

[dayslayer8]

Thank you for all your work, effort and time Broni! My computer is running perfectly and thank you.

 

[Broni]

Yes!!

Good luck and stay safe