Inactive PC Performance and Stability analysis report

K

keeth7

Posts: 23   +0
Hi,

All the icons on my desktop have been lost and the data in the folders is showing empty. There was a pop up window saying "pc performance & stability analysis report" and indicated several errors.

I had run the malware scan, GMER and DDS.... i don't know these scans would help me to restore the data, but it was just a try.


Could you please help me to get back my system in good condition.
 
Welcome to TechSpot! I'll help with the malware, but I need information:

If you would like us to check the system for malware, please follow the steps in the Preliminary Virus and Malware Removal thread HERE.

NOTE: If you already have any of the scanning programs on the computer, please remove them and download the versions in these links.

When you have finished, leave the logs for review in your next reply .
NOTE: Logs must be pasted in the replies. Attached logs will not be reviewed.

You can also run the following. Please note: although this may restore some of your missing data, it does not remove the malware. So running it now is a convenience only:

Download Unhide.exe and save to the desktop.
  • Double-click on Unhide.exe icon to run the program.
  • This program will remove the +H, or hidden, attribute from all the files on your hard drives.
=====================================
My Guidelines: please read and follow:
  • Be patient. Malware cleaning takes time and I am also working with other members while I am helping you.
  • Read my instructions carefully. If you don't understand or have a problem, ask me.
  • If you have questions, or if a program doesn't work, stop and tell me about it. Don't try to get around it yourself.
  • Follow the order of the tasks I give you. Order is crucial in cleaning process.
  • File sharing programs should be uninstalled or disabled during the cleaning process..
  • Observe these:
    [o] Don't use any other cleaning programs or scans while I'm helping you.
    [o] Don't use a Registry cleaner or make any changes in the Registry.
    [o] Don't download and install new programs- except those I give you.
  • Please let me know if there is any change in the system.

If I don't get a reply from you in 5 days, the thread will be closed. If your problem persist, you can send a PM to reopen it.
=====================================
 
Thanks Bobbye for your reply. I have followed your steps and completed the scans. But I still find the hidden recyclebin and no programs are found in start button , missing desktop wallpaper etc etc.

Here are the logs for Malware:


Malwarebytes' Anti-Malware 1.51.1.1800


Database version: 7450

Windows 6.0.6002 Service Pack 2
Internet Explorer 9.0.8112.16421

8/12/2011 3:50:14 PM
mbam-log-2011-08-12 (15-50-14).txt

Scan type: Quick scan
Objects scanned: 176876
Time elapsed: 28 minute(s), 41 second(s)

Memory Processes Infected: 1
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 3

Memory Processes Infected:
c:\programdata\qulyhhruog.exe (Trojan.FakeAlert) -> 4104 -> Unloaded process successfully.

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\qulYhhRuoG (Trojan.FakeAlert) -> Value: qulYhhRuoG -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\programdata\qulyhhruog.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\programdata\p1kalmig2kb7fz.exe (Rogue.FakeHDD) -> Quarantined and deleted successfully.
c:\Users\Sreenath\AppData\Local\Temp\tmpDCDE.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
 
Log for GMER:


GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2011-08-16 23:00:59
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\00000069 ST916082 rev.3.BH
Running: ubz74szt.exe; Driver: C:\Users\Sreenath\AppData\Local\Temp\kxldipow.sys


---- System - GMER 1.0.15 ----

INT 0x83 ? 951A2CD0

---- Kernel code sections - GMER 1.0.15 ----

.text C:\Windows\system32\DRIVERS\nvlddmkm.sys section is writeable [0x8C40E340, 0x3ED9C7, 0xE8000020]

---- User code sections - GMER 1.0.15 ----

Edit: Excess GMER entries deleted by Bobbye
 
Last part of GMER Log:

Edit: Excess GMER entries deleted by Bobbye

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001a6b818a32
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001a6b818a32@1886acdb0387 0xF2 0x46 0x78 0xFD ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001a6b818a32@2ca8352ab3fe 0xD8 0x94 0x0D 0x9F ...
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\001a6b818a32 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\001a6b818a32@1886acdb0387 0xF2 0x46 0x78 0xFD ...
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\001a6b818a32@2ca8352ab3fe 0xD8 0x94 0x0D 0x9F ...

---- EOF - GMER 1.0.15 ----
 
Please let me know if i need to paste even the logs obtained from DDS.
I ran the unhide.exe and got back most of my icons on desktop.

There are other missing programs like recycle bin,desktop wallpaper and programs in start button.

Please let me know if I need to do anything from my end. Thanks!
 
The reason you had such a large GMER log is because you didn't follow this at the end of the GMER imstructions:

Warning ! Please, do not select the "Show all" checkbox during the scan.
Post the log.

Please post the 2 DDS logs now.

Do not redo GMER.
=============================================
I gave you unhide to run because psychologically it helps to see some of the missing items. We should recover the rest as the malware is removed and if needed, I'll have you run Unhide again.
============================================
 
(DDS.txt) log obtained from DDS:

.
DDS (Ver_2011-06-23.01) - NTFSx86 MINIMAL
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_24
Run by Sreenath at 23:18:17 on 2011-08-16
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.1982.1468 [GMT -7:00]
.
AV: CA Anti-Virus Plus *Enabled/Updated* {3EED0195-0A4B-4EF3-CC4F-4F401BDC245F}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: CA Anti-Virus Plus *Enabled/Updated* {858CE071-2C71-417D-F6FF-7432605B6EE2}
FW: CA Personal Firewall *Enabled* {6F8E4568-E0DA-DA91-5F44-FD1E1B727591}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Windows\Explorer.EXE
C:\Program Files\CA\CA Internet Security Suite\casc.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uSearch Page = hxxp://www.google.com
uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=73&bd=Pavilion&pf=laptop
uSearch Bar = hxxp://www.google.com/ie
uDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=73&bd=Pavilion&pf=laptop
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=73&bd=Pavilion&pf=laptop
uInternet Settings,ProxyOverride = cdn
uInternet Settings,ProxyServer = actsvr.comcastonline.com:8100
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - c:\program files\divx\divx plus web player\npdivx32.dll
BHO: CA Anti-Phishing Toolbar Helper: {45011cf5-e4a9-4f13-9093-f30a784eb9b2} - c:\program files\ca\ca internet security suite\rrr anti-phishing\toolbar\caIEToolbar.dll
BHO: DivX HiQ: {593ddec6-7468-4cdd-90e1-42dadaa222e9} - c:\program files\divx\divx plus web player\npdivx32.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: VeriSoft Access Manager: {df21f1db-80c6-11d3-9483-b03d0ec10000} - c:\program files\bioscrypt\verisoft\bin\ItIEAddIn.dll
BHO: Cooliris Plug-In for Internet Explorer: {eaee5c74-6d0d-4aca-9232-0da4a7b866ba} - c:\program files\piclensie\cooliris.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn0\YTSingleInstance.dll
TB: CA Anti-Phishing Toolbar: {0123b506-0ad9-43aa-b0cf-916c122ad4c5} - c:\program files\ca\ca internet security suite\rrr anti-phishing\toolbar\caIEToolbar.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
TB: {10134636-E7AF-4AC5-A1DC-C7C44BB97D81} - No File
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [Google Update] "c:\users\sreenath\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [PC Suite Tray] "c:\program files\nokia\nokia pc suite 7\PCSuite.exe" -onlytray
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [SMSERIAL] c:\program files\motorola\smserial\sm56hlpr.exe
mRun: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
mRun: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
mRun: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [cctray] "c:\program files\ca\ca internet security suite\casc.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
StartupFolder: c:\users\sreenath\appdata\roaming\micros~1\windows\startm~1\programs\startup\findan~1.lnk - c:\program files\findandrunrobot\FindAndRunRobot.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {3437D640-C91A-458f-89F5-B9095EA4C28B} - {04F93351-81D2-4484-9982-0D55DEFFFAE6} - c:\program files\piclensie\cooliris.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL
LSP: c:\windows\system32\winsflt.dll
LSP: c:\windows\system32\VetRedir.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{2DB76237-7B18-4BF6-920E-021AD8D9623B} : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{7E3AB91C-8095-47E6-92CF-FC1F04695B6D} : DhcpNameServer = 68.87.76.182 68.87.78.134
Notify: PFW - UmxWnp.Dll
AppInit_DLLs: APSHook.dll UmxSbxExw.dll
LSA: Notification Packages = scecli ASWLNPkg
Hosts: 0.0.0.0 fr.a2dfp.net
Hosts: 0.0.0.0 m.fr.a2dfp.net
Hosts: 0.0.0.0 ad.a8.net
Hosts: 0.0.0.0 asy.a8ww.net
Hosts: 0.0.0.0 abcstats.com
.
Note: multiple HOSTS entries found. Please refer to Attach.txt
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\sreenath\appdata\roaming\mozilla\firefox\profiles\rqkvcrpq.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.ytdstart.com/?src=startpage&provider=bing&provider_name=bing&provider_code=Z109&partner_id=687&product_id=659&affiliate_id=&channel=&toolbar_id=203&toolbar_version=2.1.0&install_country=US&install_date=20110608&user_guid=62A17ED5BBE24EFFAE90339532CE71AA&machine_id=7fd351f2ee143b31adb85dea388e9139&browser=FF&os=win&os_version=6.0-x86-SP2
FF - prefs.js: keyword.URL - hxxp://www.ytdstart.com/s/?src=addrbar&provider=bing&provider_name=bing&provider_code=Z109&partner_id=687&product_id=659&affiliate_id=&channel=&toolbar_id=203&toolbar_version=2.1.0&install_country=US&install_date=20110608&user_guid=62A17ED5BBE24EFFAE90339532CE71AA&machine_id=7fd351f2ee143b31adb85dea388e9139&browser=FF&os=win&os_version=6.0-x86-SP2&q=
FF - prefs.js: network.proxy.type - 0
FF - component: c:\program files\ca\ca internet security suite\rrr anti-phishing\toolbar\firefox\components\CAFxToolBar.dll
FF - component: c:\users\sreenath\appdata\roaming\mozilla\firefox\profiles\rqkvcrpq.default\extensions\[email protected]\components\cooliris.dll
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.3.21.65\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\users\sreenath\appdata\local\google\update\1.3.21.65\npGoogleUpdate3.dll
FF - plugin: c:\users\sreenath\appdata\roaming\mozilla\firefox\profiles\rqkvcrpq.default\extensions\[email protected]\plugins\npcoolirisplugin.dll
FF - plugin: c:\users\sreenath\appdata\roaming\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\users\sreenath\appdata\roaming\mozilla\plugins\npgtpo3dautoplugin.dll
.
============= SERVICES / DRIVERS ===============
.
R0 KmxAMRT;KmxAMRT;c:\windows\system32\drivers\KmxAMRT.sys [2010-9-17 135248]
S0 KmxFw;KmxFw;c:\windows\system32\drivers\KmxFw.sys [2010-9-24 107600]
S1 KmxAgent;KmxAgent;c:\windows\system32\drivers\KmxAgent.sys [2010-3-22 79864]
S1 KmxFile;KmxFile;c:\windows\system32\drivers\KmxFile.sys [2010-9-24 61008]
S1 KmxFilter;HIPS Core Filter Driver;c:\windows\system32\drivers\KmxFilter.sys [2010-9-24 58448]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2011-6-6 64952]
S2 ASBroker;Logon Session Broker;c:\windows\system32\svchost.exe -k Cognizance [2009-5-23 21504]
S2 ASChannel;Local Communication Channel;c:\windows\system32\svchost.exe -k Cognizance [2009-5-23 21504]
S2 CAAMSvc;CAAMSvc;c:\program files\ca\ca internet security suite\ca anti-virus plus\CAAMSvc.exe [2010-10-28 206152]
S2 CAISafe;CAISafe;c:\program files\ca\ca internet security suite\ca anti-virus plus\isafe.exe [2010-7-21 212992]
S2 ccSchedulerSVC;CA Common Scheduler Service;c:\program files\ca\ca internet security suite\ccschedulersvc.exe [2010-7-21 206160]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2009-5-23 21504]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-3-11 136176]
S2 KmxCF;KmxCF;c:\windows\system32\drivers\KmxCF.sys [2010-9-24 150608]
S2 KmxSbx;KmxSbx;c:\windows\system32\drivers\KmxSbx.sys [2010-9-24 61008]
S2 TeamViewer6;TeamViewer 6;c:\program files\teamviewer\version6\TeamViewer_Service.exe [2011-2-19 2253688]
S2 UmxAgent;HIPS Event Manager;c:\program files\ca\sharedcomponents\hipsengine\UmxAgent.exe [2009-8-4 887288]
S2 UmxCfg;HIPS Configuration Interpreter;c:\program files\ca\sharedcomponents\hipsengine\UmxCfg.exe [2010-8-24 740160]
S2 UmxPol;HIPS Policy Manager;c:\program files\ca\sharedcomponents\hipsengine\UmxPol.exe [2010-9-17 301648]
S2 WinExtManager;WinSock Extention Manager;c:\windows\system32\mdmcls32.exe [2010-7-21 2347760]
S2 WinSvchostManager;WinSock Svchost Manager;c:\windows\system32\svcprs32.exe [2010-7-21 1377008]
S3 10464;10464;c:\windows\system32\drivers\10464 [2011-7-16 9072]
S3 10600;10600;c:\windows\system32\drivers\10600 [2011-8-11 9072]
S3 16330;16330;c:\windows\system32\drivers\16330 [2011-3-18 9072]
S3 28552;28552;c:\windows\system32\drivers\28552 [2011-8-11 9072]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-3-11 136176]
S3 KmxAMVet;KmxAMVet;c:\windows\system32\drivers\KmxAMVet.sys [2009-3-27 598656]
S3 KmxCfg;KmxCfg;c:\windows\system32\drivers\KmxCfg.sys [2010-6-9 244304]
S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2009-6-22 34248]
S3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2009-6-22 40552]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2008-5-6 11520]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S4 FreeAgentGoNext Service;Seagate Service;c:\program files\seagate\seagatemanager\sync\FreeAgentService.exe [2009-9-25 189736]
S4 lxdd_device;lxdd_device;c:\windows\system32\lxddcoms.exe -service --> c:\windows\system32\lxddcoms.exe -service [?]
S4 lxddCATSCustConnectService;lxddCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxddserv.exe [2007-4-25 99248]
.
=============== Created Last 30 ================
.
2011-08-16 08:19:49 6881616 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{88cdb783-dcbd-475a-823c-bac396e6bdc1}\mpengine.dll
2011-08-13 01:09:38 100864 ----a-w- C:\kxldipow.sys
2011-08-12 06:27:24 -------- d--h--w- c:\users\sreenath\appdata\roaming\Malwarebytes
2011-08-12 06:26:38 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-08-12 06:26:34 -------- d--h--w- c:\programdata\Malwarebytes
2011-08-12 06:26:27 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-08-12 06:26:27 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-08-11 00:08:44 214016 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-08-11 00:08:42 3602832 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-08-11 00:08:41 3550096 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-08-11 00:08:40 905104 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-08-11 00:08:38 375808 ----a-w- c:\windows\system32\winsrv.dll
2011-08-11 00:08:37 2409784 ----a-w- c:\program files\windows mail\OESpamFilter.dat
2011-08-10 04:23:41 -------- d-----w- c:\program files\common files\PCSuite
2011-08-10 04:23:22 -------- d-----w- c:\program files\common files\Nokia
2011-08-10 04:16:00 -------- d-----w- c:\program files\Nokia
2011-07-30 03:19:28 -------- d-----w- c:\program files\Garmin
.
==================== Find3M ====================
.
2011-08-12 06:16:09 9072 ----a-w- c:\windows\system32\drivers\28552
2011-08-12 03:01:17 9072 ----a-w- c:\windows\system32\drivers\10600
2011-07-22 02:54:43 1797632 ----a-w- c:\windows\system32\jscript9.dll
2011-07-22 02:48:26 1126912 ----a-w- c:\windows\system32\wininet.dll
2011-07-22 02:44:36 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2011-07-17 06:52:23 9072 ----a-w- c:\windows\system32\drivers\10464
2011-06-24 07:13:16 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-06-22 07:55:31 60 ---ha-w- c:\windows\wpd99.drv
2011-06-22 01:56:44 17712 ----a-w- c:\windows\system32\nitrolocalui2.dll
2011-06-22 01:56:42 26416 ----a-w- c:\windows\system32\nitrolocalmon2.dll
2011-06-02 13:34:49 2043392 ----a-w- c:\windows\system32\win32k.sys
2011-05-25 02:14:10 222080 ------w- c:\windows\system32\MpSigStub.exe
.
============= FINISH: 23:18:31.68 ===============
 
Yes, I so. Please don't zip it.
====================================================
Follow with Combofix:
Please note: If you have previously run Combofix and it's still on the system, please uninstall it. Then download the current version and do the scan: Uninstall directions, if needed
  • Click START> then RUN
  • Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.
--------------------------------------
Download Combofix from HERE or HEREhttp://www.forospyware.com/sUBs/ComboFix.exe and save to the desktop
  • Double click combofix.exe & follow the prompts.
  • ComboFix will check to see if the Microsoft Windows Recovery Console is installed. It is recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode if needed.
    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
  • Once installed, you should see a blue screen prompt that says:
    The Recovery Console was successfully installed.
  • .Click on Yes, to continue scanning for malware
  • .If Combofix asks you to update the program, allow
  • .Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • .Close any open browsers.
  • .Double click combofix.exe
    cf-icon.jpg
    & follow the prompts to run.
  • When the scan completes , a report will be generated-it will open a text window. Please paste the C:\ComboFix.txt in next reply..
Re-enable your Antivirus software.

Note 1:Do not mouse-click Combofix's window while it is running. That may cause it to stall.
Note 2: ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
Note 3: Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.
Note 4: CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
Note 5: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion", restart computer to fix the issue.
===========================================
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESETOnlineScan
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    [o] Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    [o] Double click on the
    esetSmartInstallDesktopIcon.png
    on your desktop.
  • Check 'Yes I accept terms of use.'
  • Click Start button
  • Accept any security warnings from your browser.
    esetonlinescannersettings_thumb.jpg
  • Uncheck 'Remove found threats'
  • Check 'Scan archives/
  • Leave remaining settings as is.
  • Press the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please wait for the scan to finish.
  • When the scan completes, press List of found threats
  • Push Export of text file and save the file to your desktop using a unique name, such as ESETScan. Paste this log in your next reply.
  • Push the Back button
  • Push Finish

NOTE: If no malware is found then no log will be produced. Let me know if this is the case.
 

Similar threads

S
Not so fast: Latest analysis suggests iPhone Air production remains steady
Replies
4
Views
115
Theinsanegamer
T
Daniel Sims
New report revives theory that cryptographer Adam Back could be Bitcoin creator Satoshi Nakamoto
Replies
5
Views
121
havok585
havok585
S
AMD targets TSMC's A14 node for Zen 7, pushing server chips into the angstrom era
Replies
6
Views
39
Endymio
Endymio

Latest posts

Back