Go Back   Tech Support Forum > Security Center > Virus/Trojan/Spyware Help > Resolved HJT Threads

Please help! atieclxx.exe; csrss.exe; winlogon.exe; rundll32; and ARCGIS.EXE

This is a discussion on Please help! atieclxx.exe; csrss.exe; winlogon.exe; rundll32; and ARCGIS.EXE within the Resolved HJT Threads forums, part of the Tech Support Forum category.


 
 
Thread Tools Search this Thread
Old 04-06-2011, 12:12 AM   #1
Registered Member
 
Join Date: Apr 2011
Posts: 6
OS: Windows 7



Hi. It's my first time using the forum and I hope you can help. My OS is Windows 7. My problem is this: I attempted to download a program that I shouldn't have from a site that I should have stayed far far away from and now I'm paying the price. I will never do that again and a lesson has been learned! *hanging head in shame*

The following show up as processes in the Windows Task Manager: ARCGIS.EXE, atieclexx.exe, csrss.exe and winlogon.exe. They have no users nor descriptions. Rundll32 has been an on going issue for me for quite a while. I get a message about 10 minutes after booting my computer that is along the lines of "Cannot Find WINDOWS System32/rundll32" or something like that.

I'm confident I followed all of your pre-post instructions. DDS.txt is pasted below, Attach.zip is attached to the post, and according to my laptop's manual I have an "all-in-one application disk, containing the full version of user’s manual, drivers, utilities, and optional recovery function, etc…"

Again, lesson learned, and I would really appreciate your help.

.
DDS (Ver_11-03-05.01) - NTFSx86
Run by Matt at 21:52:39.40 on 05/04/2011
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_24
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.2.1033.18.3071.1849 [GMT -6:00]
.
AV: TELUS security services Anti-Virus *Enabled/Updated* {A61154FD-4365-E00F-9A33-13A09AD54B56}
SP: TELUS security services Anti-Spyware *Enabled/Updated* {1D70B519-655F-EF81-A083-28D2E15201EB}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: TELUS security services Firewall *Enabled* {9E2AD5D8-090A-E157-B16C-BA9564060C2D}
.
============== Running Processes ===============
.
C:\windows\system32\wininit.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\system32\atiesrxx.exe
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\atieclxx.exe
C:\Program Files\TELUS\TELUS security services\Fws.exe
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\System32\spoolsv.exe
C:\Program Files\TELUS\TELUS security services\AVG\Identity Protection\agent\Bin\AVGIDSAgent.exe
C:\windows\system32\Dwm.exe
C:\windows\system32\taskhost.exe
C:\windows\Explorer.EXE
C:\Program Files\TELUS\TELUS security services\rps.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\System Control Manager\MGSysCtrl.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Seagate\SeagateManager\FreeAgent Status\stxmenumgr.exe
C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
C:\Program Files\TELUS\TELUS security advisor\Tsa.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\windows\system32\conhost.exe
C:\Cracked License Manager 10\lmgrd.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\windows\System32\svchost.exe -k Akamai
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Autodesk\Content Service\Connect.Service.ContentService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
C:\Program Files\System Control Manager\MSIService.exe
C:\Program Files\TELUS\TELUS security services\RpsSecurityAwareR.exe
C:\Program Files\Microsoft\BingBar\SeaPort.EXE
C:\Program Files\TELUS\TELUS security advisor\ServicepointService.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\TELUS\TELUS security advisor\TsaComHandler.exe
C:\windows\system32\SearchIndexer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosHdpProc.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\windows\system32\wbem\unsecapp.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
C:\windows\System32\svchost.exe -k secsvcs
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Cracked License Manager 10\ARCGIS.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\windows\system32\msiexec.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\system32\SearchProtocolHost.exe
C:\windows\system32\SearchFilterHost.exe
C:\windows\system32\DllHost.exe
C:\windows\system32\DllHost.exe
C:\Users\Matt\Desktop\dds.com
C:\windows\system32\conhost.exe
C:\windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.msi.com
uDefault_Page_URL = hxxp://www.msi.com
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - c:\program files\windows live\companion\companioncore.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "c:\program files\microsoft\bingbar\BingExt.dll"
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "c:\program files\microsoft\bingbar\BingExt.dll"
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [AdobeBridge]
mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [ITSecMng] %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START
mRun: [MGSysCtrl] c:\program files\system control manager\MGSysCtrl.exe
mRun: [ArcSoft Connection Service] c:\program files\common files\arcsoft\connection service\bin\ACDaemon.exe
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [MaxMenuMgr] "c:\program files\seagate\seagatemanager\freeagent status\StxMenuMgr.exe"
mRun: [AdobeCS4ServiceManager] "c:\program files\common files\adobe\cs4servicemanager\CS4ServiceManager.exe" -launchedbylogin
mRun: [Adobe Acrobat Speed Launcher] "c:\program files\adobe\acrobat 9.0\acrobat\Acrobat_sl.exe"
mRun: [<NO NAME>]
mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 9.0\acrobat\Acrotray.exe"
mRun: [Adobe_ID0ENQBO] c:\progra~1\common~1\adobe\adobev~1\server\bin\VERSIO~2.EXE
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [Tsa.exe] "c:\program files\telus\telus security advisor\Tsa.exe" /AUTORUN
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRunOnce: [AutoCAD Map REGMAP] regsvr32 /s "c:\program files\autodesk\autocad map 3d 2011\RegMap.dll"
StartupFolder: c:\users\matt\appdata\roaming\micros~1\windows\startm~1\programs\startup\arcgis~1.lnk - c:\cracked license manager 10\start_lic_mgr_invisible.vbs
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\toshiba\bluetooth toshiba stack\TosBtMng.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - c:\program files\windows live\companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\matt\appdata\roaming\mozilla\firefox\profiles\pe1y9aer.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.ca/
FF - component: c:\users\matt\appdata\roaming\mozilla\firefox\profiles\pe1y9aer.default\extensions\zoterowinwordintegration@zotero.org\components\zoteroWinWordIntegration.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60129.0\npctrlui.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\telus\telus security advisor\nprpspa.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
.
============= SERVICES / DRIVERS ===============
.
R0 RadialpointIDSEH;RadialpointIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2010-9-6 25608]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128]
R2 Akamai;Akamai NetSession Interface;c:\windows\system32\svchost.exe -k Akamai [2009-7-13 20992]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-9-18 176128]
R2 Autodesk Content Service;Autodesk Content Service;c:\program files\autodesk\content service\Connect.Service.ContentService.exe [2011-2-2 18656]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
R3 netr28;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\drivers\netr28.sys [2009-8-19 616960]
R3 RadialpointIDSDriver;RadialpointIDSDriver;c:\program files\telus\telus security services\avg\identity protection\agent\drivers\AVGIDSDriver.sys [2010-9-6 122376]
R3 RadialpointIDSFilter;RadialpointIDSFilter;c:\program files\telus\telus security services\avg\identity protection\agent\drivers\AVGIDSfilter.sys [2010-9-6 30216]
R3 RadialpointIDSShim;RadialpointIDSShim;c:\program files\telus\telus security services\avg\identity protection\agent\drivers\AVGIDSShim.sys [2010-9-6 21208]
R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\drivers\SiSGB6.sys [2009-6-10 48128]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\drivers\vwifimp.sys [2009-7-13 14336]
S3 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files\common files\adobe\adobe version cue cs4\server\bin\VersionCueCS4.exe [2008-8-15 284016]
S3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;c:\windows\system32\drivers\ArcSoftKsUFilter.sys [2009-9-18 17920]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 BBSvc;Bing Bar Update Service;c:\program files\microsoft\bingbar\BBSvc.EXE [2011-2-28 183560]
S3 fssfltr;fssfltr;c:\windows\system32\drivers\fssfltr.sys [2011-1-12 39272]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RtsUStor.sys [2009-9-18 166912]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2009-6-10 139776]
.
=============== File Associations ===============
.
.scr=AutoCADScriptFile
.
=============== Created Last 30 ================
.
2011-04-05 21:33:38 -------- d-----w- c:\users\matt\appdata\roaming\Malwarebytes
2011-04-05 21:33:31 -------- d-----w- c:\progra~2\Malwarebytes
2011-04-05 21:33:28 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-04-05 19:31:04 -------- d-----w- c:\windows\64665955E1A14A8BBFFA673A95318909.TMP
2011-04-05 16:07:23 6792528 ----a-w- c:\progra~2\microsoft\windows defender\definition updates\{d7db7fe6-82cc-409e-87c6-6b10b04fa63f}\mpengine.dll
2011-04-05 0942 -------- d-----w- C:\Cracked License Manager 10
2011-04-05 07:24:17 -------- d-----w- c:\program files\ArcGIS
2011-04-05 07:18:38 -------- d-----w- c:\windows\system32\1033
2011-04-05 07:18:37 -------- d-----w- c:\program files\Microsoft SQL Server
2011-04-05 00:09:31 -------- d-----w- c:\program files\common files\Alias Shared
2011-04-04 23:54:29 -------- d-----w- c:\program files\common files\en-US
2011-04-04 23:54:28 -------- d-----w- c:\program files\common files\ja-JP
2011-04-04 23:43:59 25608 ----a-w- c:\windows\system32\X3DAudio1_4.dll
2011-04-04 23:42:54 2297552 ----a-w- c:\windows\system32\d3dx9_26.dll
2011-04-04 21:12:47 4178264 ----a-w- c:\windows\system32\D3DX9_41.dll
2011-04-04 20:09:19 -------- d-----w- c:\users\matt\appdata\local\cache
2011-04-04 19:43:26 -------- d-----w- c:\users\matt\appdata\local\Autodesk
2011-04-04 19:42:25 -------- d-----w- c:\program files\Autodesk
2011-04-04 19:40:01 -------- d-----w- c:\program files\common files\Autodesk Shared
2011-04-04 19:39:21 1974616 ----a-w- c:\windows\system32\D3DCompiler_42.dll
2011-04-04 19:39:20 235344 ----a-w- c:\windows\system32\d3dx11_42.dll
2011-04-04 19:39:19 1892184 ----a-w- c:\windows\system32\D3DX9_42.dll
2011-04-04 19:30:27 -------- d-----w- c:\users\matt\appdata\roaming\Autodesk
2011-04-04 19:20:43 -------- d-----w- C:\Autodesk
2011-04-04 19:07:32 -------- d-----w- c:\program files\common files\Akamai
2011-03-28 18:48:44 781272 ----a-w- c:\program files\mozilla firefox\mozsqlite3.dll
2011-03-28 18:48:44 728024 ----a-w- c:\program files\mozilla firefox\libGLESv2.dll
2011-03-28 18:48:44 1874904 ----a-w- c:\program files\mozilla firefox\mozjs.dll
2011-03-28 18:48:44 15832 ----a-w- c:\program files\mozilla firefox\mozalloc.dll
2011-03-28 18:48:44 142296 ----a-w- c:\program files\mozilla firefox\libEGL.dll
2011-03-28 18:48:43 1975768 ----a-w- c:\program files\mozilla firefox\D3DCompiler_42.dll
2011-03-28 18:48:43 1893336 ----a-w- c:\program files\mozilla firefox\d3dx9_42.dll
2011-03-28 18:48:43 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2011-03-25 0715 22872 ----a-r- c:\windows\system32\AdobePDFUI.dll
2011-03-12 18:28:40 103864 ----a-w- c:\program files\mozilla firefox\plugins\nppdf32.dll
2011-03-12 18:28:40 103864 ----a-w- c:\program files\internet explorer\plugins\nppdf32.dll
2011-03-10 17:50:44 -------- d-----w- c:\program files\iPod
2011-03-10 17:50:42 -------- d-----w- c:\program files\iTunes
2011-03-10 17:46:53 -------- d-----w- c:\program files\Bonjour
2011-03-09 21:21:12 802304 ----a-w- c:\windows\system32\FntCache.dll
2011-03-09 21:21:12 739840 ----a-w- c:\windows\system32\d2d1.dll
2011-03-09 21:21:12 1074176 ----a-w- c:\windows\system32\DWrite.dll
2011-03-09 21:21:10 850432 ----a-w- c:\windows\system32\sbe.dll
2011-03-09 21:21:10 642048 ----a-w- c:\windows\system32\CPFilters.dll
2011-03-09 21:21:10 534528 ----a-w- c:\windows\system32\EncDec.dll
2011-03-09 21:21:10 199680 ----a-w- c:\windows\system32\mpg2splt.ax
2011-03-09 21:21:08 2690560 ----a-w- c:\windows\system32\mstscax.dll
2011-03-09 21:21:07 1034240 ----a-w- c:\windows\system32\mstsc.exe
2011-03-09 05:58:16 -------- d-----w- c:\users\matt\appdata\local\{C5EE24B8-08C9-4DDE-A9AF-4D231BD4833D}
2011-03-09 05:58:16 -------- d-----w- c:\users\matt\appdata\local\{0E1C91C2-E20F-4074-9B34-16F533E1D4CD}
.
==================== Find3M ====================
.
2011-02-04 01:53:14 14560 ----a-w- c:\windows\system32\AcSignExtRes.dll
2011-02-04 01:53:13 289504 ----a-w- c:\windows\system32\styleman.cpl
2011-02-04 01:53:13 289504 ----a-w- c:\windows\system32\plotman.cpl
2011-02-04 01:53:04 43232 ----a-w- c:\windows\system32\AcSignIcon.dll
2011-02-04 01:53:04 429792 ----a-w- c:\windows\system32\AcSignOpt.exe
2011-02-04 01:53:04 29920 ----a-w- c:\windows\system32\AcSignExt.dll
2011-02-03 04:40:23 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-02-03 00:11:20 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-01-07 07:31:10 442880 ----a-w- c:\windows\system32\XpsPrint.dll
2011-01-07 07:31:10 288256 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-01-07 07:27:11 34304 ----a-w- c:\windows\system32\atmlib.dll
2011-01-07 05:33:11 294400 ----a-w- c:\windows\system32\atmfd.dll
2009-11-20 03:08:02 3749224 ----a-w- c:\program files\common files\adlmint_libFNP.dll
2009-11-20 03:08:02 2941288 ----a-w- c:\program files\common files\adlmint.dll
1997-07-22 02:30:54 1045776 --sha-w- c:\windows\system32\Msjet35.dll
1997-06-23 10:00:00 123664 --sha-w- c:\windows\system32\Msjint35.dll
1997-06-23 1950 24848 --sha-w- c:\windows\system32\Msjter35.dll
1997-06-23 1950 252176 --sha-w- c:\windows\system32\Msrd2x35.dll
1997-06-23 1950 287504 --sha-w- c:\windows\system32\Msxbse35.dll
.
============= FINISH: 21:54:07.09 ===============



Thanks for the assistance.
Attached Files
File Type: zip Attach.zip (6.4 KB, 23 views)

__________________
my_brain is offline  
Old 04-08-2011, 08:26 AM   #2
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
CatByte's Avatar

Microsoft Most Valuable Professional
 
Join Date: Jan 2009
Location: Canada
Posts: 8,704
OS: XP, Vista, Win7



Hi,

Please do the following

Refer to the ComboFix User's Guide
  1. Download ComboFix from one of these locations:

    Link 1
    Link 2

    * IMPORTANT !!! Place ComboFix.exe on your Desktop
  2. Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.


    You can get help on disabling your protection programs here
  3. Double click on ComboFix.exe & follow the prompts.
  4. Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.
  5. When finished, it shall produce a log for you. Post that log in your next reply

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.


    ---------------------------------------------------------------------------------------------
  6. Ensure your AntiVirus and AntiSpyware applications are re-enabled.

    ---------------------------------------------------------------------------------------------

__________________


Microsoft MVP 2010, 2011, 2012, 2013
CatByte is offline  
Old 04-08-2011, 09:54 PM   #3
Registered Member
 
Join Date: Apr 2011
Posts: 6
OS: Windows 7



Thanks so much for your help. I appreciate it.

I didn't realize Windows Defender was enabled during the ComboFix scan so I did another one after disabling it.

Here is the first log:

ComboFix 11-04-08.01 - Matt 08/04/2011 21:27:06.1.2 - x86
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.2.1033.18.3071.1871 [GMT -6:00]
Running from: c:\users\Matt\Desktop\ComboFix.exe
AV: TELUS security services Anti-Virus *Disabled/Updated* {A61154FD-4365-E00F-9A33-13A09AD54B56}
FW: TELUS security services Firewall *Disabled* {9E2AD5D8-090A-E157-B16C-BA9564060C2D}
SP: TELUS security services Anti-Spyware *Disabled/Updated* {1D70B519-655F-EF81-A083-28D2E15201EB}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\.dll
.
.
((((((((((((((((((((((((( Files Created from 2011-03-09 to 2011-04-09 )))))))))))))))))))))))))))))))
.
.
2011-04-09 03:44 . 2011-04-09 03:45 -------- d-----w- c:\users\Matt\AppData\Local\temp
2011-04-09 03:44 . 2011-04-09 03:44 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-04-08 19:40 . 2011-03-15 04:05 6792528 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{DF420676-5B84-46F5-BA55-6A3B5573D0D0}\mpengine.dll
2011-04-06 06:01 . 2011-04-06 06:28 -------- d-----w- c:\program files\7-Zip
2011-04-06 05:47 . 2011-04-06 05:47 -------- d-----w- c:\users\Matt\AppData\Local\backburner
2011-04-05 21:33 . 2011-04-05 21:33 -------- d-----w- c:\users\Matt\AppData\Roaming\Malwarebytes
2011-04-05 21:33 . 2011-04-05 21:33 -------- d-----w- c:\programdata\Malwarebytes
2011-04-05 21:33 . 2011-04-06 03:35 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-04-05 19:31 . 2011-04-06 03:35 -------- d-----w- c:\windows\64665955E1A14A8BBFFA673A95318909.TMP
2011-04-05 09:06 . 2011-04-06 03:35 -------- d-----w- C:\Cracked License Manager 10
2011-04-05 07:51 . 2011-04-05 07:51 -------- d-----w- c:\programdata\Macrovision
2011-04-05 07:24 . 2011-04-05 07:50 -------- d-----w- c:\program files\ArcGIS
2011-04-05 07:18 . 2011-04-05 07:18 -------- d-----w- c:\windows\system32\1033
2011-04-05 07:18 . 2011-04-05 08:09 -------- d-----w- c:\program files\Microsoft SQL Server
2011-04-05 01:01 . 2011-04-05 01:01 -------- d-----w- c:\program files\Microsoft SDKs
2011-04-05 01:00 . 2011-04-05 01:01 -------- d-----w- c:\program files\Microsoft Visual Studio 9.0
2011-04-05 00:09 . 2011-04-05 00:10 -------- d-----w- c:\program files\Common Files\Alias Shared
2011-04-04 23:54 . 2011-04-04 23:54 -------- d-----w- c:\program files\Common Files\en-US
2011-04-04 23:54 . 2011-04-04 23:54 -------- d-----w- c:\program files\Common Files\ja-JP
2011-04-04 23:43 . 2008-05-30 20:17 25608 ----a-w- c:\windows\system32\X3DAudio1_4.dll
2011-04-04 23:42 . 2005-05-26 21:34 2297552 ----a-w- c:\windows\system32\d3dx9_26.dll
2011-04-04 21:12 . 2009-03-09 21:27 4178264 ----a-w- c:\windows\system32\D3DX9_41.dll
2011-04-04 20:09 . 2011-04-05 03:17 -------- d-----w- c:\users\Matt\AppData\Local\cache
2011-04-04 19:43 . 2011-04-05 01:44 -------- d-----w- c:\users\Matt\AppData\Local\Autodesk
2011-04-04 19:42 . 2011-04-05 01:06 -------- d-----w- c:\program files\Autodesk
2011-04-04 19:40 . 2011-04-06 03:35 -------- d-----w- c:\program files\Common Files\Autodesk Shared
2011-04-04 19:39 . 2009-09-04 23:29 1974616 ----a-w- c:\windows\system32\D3DCompiler_42.dll
2011-04-04 19:39 . 2009-09-04 23:29 235344 ----a-w- c:\windows\system32\d3dx11_42.dll
2011-04-04 19:39 . 2009-09-04 23:29 1892184 ----a-w- c:\windows\system32\D3DX9_42.dll
2011-04-04 19:30 . 2011-04-05 01:42 -------- d-----w- c:\users\Matt\AppData\Roaming\Autodesk
2011-04-04 19:30 . 2011-04-05 01:42 -------- d-----w- c:\programdata\Autodesk
2011-04-04 19:20 . 2011-04-05 00:29 -------- d-----w- C:\Autodesk
2011-04-04 19:07 . 2011-04-07 23:46 -------- d-----w- c:\program files\Common Files\Akamai
2011-03-28 18:48 . 2011-03-28 18:48 781272 ----a-w- c:\program files\Mozilla Firefox\mozsqlite3.dll
2011-03-28 18:48 . 2011-03-28 18:48 728024 ----a-w- c:\program files\Mozilla Firefox\libGLESv2.dll
2011-03-28 18:48 . 2011-03-28 18:48 1874904 ----a-w- c:\program files\Mozilla Firefox\mozjs.dll
2011-03-28 18:48 . 2011-03-28 18:48 15832 ----a-w- c:\program files\Mozilla Firefox\mozalloc.dll
2011-03-28 18:48 . 2011-03-28 18:48 142296 ----a-w- c:\program files\Mozilla Firefox\libEGL.dll
2011-03-28 18:48 . 2011-03-28 18:48 1975768 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_42.dll
2011-03-28 18:48 . 2011-03-28 18:48 1893336 ----a-w- c:\program files\Mozilla Firefox\d3dx9_42.dll
2011-03-28 18:48 . 2011-03-28 18:48 142296 ----a-w- c:\program files\Mozilla Firefox\components\browsercomps.dll
2011-03-25 07:06 . 2009-08-20 06:50 22872 ----a-r- c:\windows\system32\AdobePDFUI.dll
2011-03-12 18:28 . 2011-03-12 18:28 103864 ----a-w- c:\program files\Mozilla Firefox\plugins\nppdf32.dll
2011-03-12 18:28 . 2011-03-12 18:28 103864 ----a-w- c:\program files\Internet Explorer\Plugins\nppdf32.dll
2011-03-10 17:50 . 2011-03-10 17:50 -------- d-----w- c:\program files\iPod
2011-03-10 17:50 . 2011-04-06 03:35 -------- d-----w- c:\program files\iTunes
2011-03-10 17:46 . 2011-04-06 03:35 -------- d-----w- c:\program files\Bonjour
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-09 03:41 . 2010-06-24 18:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-02-19 05:33 . 2011-03-09 21:21 802304 ----a-w- c:\windows\system32\FntCache.dll
2011-02-19 05:32 . 2011-03-09 21:21 1074176 ----a-w- c:\windows\system32\DWrite.dll
2011-02-19 05:32 . 2011-03-09 21:21 739840 ----a-w- c:\windows\system32\d2d1.dll
2011-02-04 01:53 . 2011-02-04 01:53 14560 ----a-w- c:\windows\system32\AcSignExtRes.dll
2011-02-04 01:53 . 2011-02-04 01:53 289504 ----a-w- c:\windows\system32\styleman.cpl
2011-02-04 01:53 . 2011-02-04 01:53 289504 ----a-w- c:\windows\system32\plotman.cpl
2011-02-04 01:53 . 2011-02-04 01:53 43232 ----a-w- c:\windows\system32\AcSignIcon.dll
2011-02-04 01:53 . 2011-02-04 01:53 429792 ----a-w- c:\windows\system32\AcSignOpt.exe
2011-02-04 01:53 . 2011-02-04 01:53 29920 ----a-w- c:\windows\system32\AcSignExt.dll
2011-02-03 05:45 . 2011-02-08 22:50 219008 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
2011-02-03 04:40 . 2010-05-14 05:30 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-02-03 00:11 . 2010-01-11 22:36 222080 ------w- c:\windows\system32\MpSigStub.exe
2009-11-20 03:08 . 2009-11-20 03:08 3749224 ----a-w- c:\program files\Common Files\adlmint_libFNP.dll
2009-11-20 03:08 . 2009-11-20 03:08 2941288 ----a-w- c:\program files\Common Files\adlmint.dll
2011-03-28 18:48 . 2011-03-28 18:48 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
1997-07-22 02:30 1045776 --sha-w- c:\windows\System32\Msjet35.dll
1997-06-23 10:00 123664 --sha-w- c:\windows\System32\Msjint35.dll
1997-06-23 19:06 24848 --sha-w- c:\windows\System32\Msjter35.dll
1997-06-23 19:06 252176 --sha-w- c:\windows\System32\Msrd2x35.dll
1997-06-23 19:06 287504 --sha-w- c:\windows\System32\Msxbse35.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-07-14 7617056]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-06-26 98304]
"MGSysCtrl"="c:\program files\System Control Manager\MGSysCtrl.exe" [2009-08-05 2072576]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-28 207424]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"MaxMenuMgr"="c:\program files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe" [2009-05-01 185640]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2011-01-31 38840]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2010-09-23 640440]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-30 421888]
"Tsa.exe"="c:\program files\TELUS\TELUS security advisor\Tsa.exe" [2010-12-16 4318520]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-03-07 421160]
.
c:\users\Matt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
ArcGIS License Manager 10 CRACKED.lnk - c:\cracked license manager 10\start_lic_mgr_invisible.vbs [2011-4-5 174]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2009-7-31 2680160]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ PDBoot.exe\0autocheck autochk *
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Radialpoint Security Services]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ServicepointService]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2010-11-10 09:54 4240760 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-01-11 135664]
R2 Radialpoint Security Services;TELUS security services;c:\program files\TELUS\TELUS security services\RpsSecurityAwareR.exe [2010-06-03 166944]
R3 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [2008-08-15 284016]
R3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;c:\windows\system32\DRIVERS\ArcSoftKsUFilter.sys [2008-04-25 17920]
R3 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [2011-03-01 183560]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2009-06-04 166912]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-07-13 139776]
R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-04-14 1343400]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]
S0 RadialpointIDSEH;RadialpointIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2009-11-02 25608]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 20992]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-07-13 176128]
S2 Autodesk Content Service;Autodesk Content Service;c:\program files\Autodesk\Content Service\Connect.Service.ContentService.exe [2011-02-02 18656]
S2 FreeAgentGoNext Service;Seagate Service;c:\program files\Seagate\SeagateManager\Sync\FreeAgentService.exe [2009-05-01 181544]
S2 Micro Star SCM;Micro Star SCM;c:\program files\System Control Manager\MSIService.exe [2009-07-09 160768]
S2 RadialpointIDSAgent;RadialpointIDSAgent;c:\program files\TELUS\TELUS security services\AVG\Identity Protection\agent\Bin\AVGIDSAgent.exe RadialpointIDSAgent [x]
S2 ServicepointService;ServicepointService;c:\program files\TELUS\TELUS security advisor\ServicepointService.exe [2010-12-16 689464]
S3 netr28;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28.sys [2009-08-04 616960]
S3 RadialpointIDSDriver;RadialpointIDSDriver;c:\program files\TELUS\TELUS security services\AVG\Identity Protection\agent\drivers\AVGIDSDriver.sys [2009-11-02 122376]
S3 RadialpointIDSFilter;RadialpointIDSFilter;c:\program files\TELUS\TELUS security services\AVG\Identity Protection\agent\drivers\AVGIDSFilter.sys [2009-11-02 30216]
S3 RadialpointIDSShim;RadialpointIDSShim;c:\program files\TELUS\TELUS security services\AVG\Identity Protection\agent\drivers\AVGIDSShim.sys [2009-11-02 21208]
S3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSGB6.sys [2009-07-13 48128]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 11FCFAEC
*Deregistered* - 11fcfaec
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bdx REG_MULTI_SZ scan sysagent
Akamai REG_MULTI_SZ Akamai
.
Contents of the 'Scheduled Tasks' folder
.
2011-04-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-11 23:17]
.
2011-04-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-11 23:17]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.msi.com
uInternet Settings,ProxyOverride = *.local
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\pe1y9aer.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.ca/
.
.
------- File Associations -------
.
.scr=AutoCADScriptFile
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
HKCU-Run-AdobeBridge - (no file)
HKLM-Run-ITSecMng - %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe
HKLM-Run-DivXUpdate - c:\program files\DivX\DivX Update\DivXUpdate.exe
AddRemove-NSS - c:\program files\Norton Security Scan\Engine\2.7.3.34\InstWrap.exe
AddRemove-{7B63B2922B174135AFC0E1377DD81EC2} - c:\program files\DivX\DivXCodecUninstall.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\services\Akamai]
"ServiceDll"="C:/Program Files/Common Files/Akamai/netsession_win_a35e6b9.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\services\Akamai]
"ServiceDll"="C:/Program Files/Common Files/Akamai/netsession_win_a35e6b9.dll"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2011-04-08 22:00:09
ComboFix-quarantined-files.txt 2011-04-09 04:00
.
Pre-Run: 170,275,332,096 bytes free
Post-Run: 170,777,120,768 bytes free
.
- - End Of File - - FE6C49192F4C461F6CDA2232E37421E1




Here is the second one:



ComboFix 11-04-08.02 - Matt 08/04/2011 22:16:52.2.2 - x86
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.2.1033.18.3071.1832 [GMT -6:00]
Running from: c:\users\Matt\Desktop\ComboFix.exe
AV: TELUS security services Anti-Virus *Disabled/Updated* {A61154FD-4365-E00F-9A33-13A09AD54B56}
FW: TELUS security services Firewall *Disabled* {9E2AD5D8-090A-E157-B16C-BA9564060C2D}
SP: TELUS security services Anti-Spyware *Disabled/Updated* {1D70B519-655F-EF81-A083-28D2E15201EB}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2011-03-09 to 2011-04-09 )))))))))))))))))))))))))))))))
.
.
2011-04-09 04:32 . 2011-04-09 04:32 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-04-09 04:00 . 2011-04-09 04:33 -------- d-----w- c:\users\Matt\AppData\Local\temp
2011-04-08 19:40 . 2011-03-15 04:05 6792528 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{DF420676-5B84-46F5-BA55-6A3B5573D0D0}\mpengine.dll
2011-04-06 06:01 . 2011-04-06 06:28 -------- d-----w- c:\program files\7-Zip
2011-04-06 05:47 . 2011-04-06 05:47 -------- d-----w- c:\users\Matt\AppData\Local\backburner
2011-04-05 21:33 . 2011-04-05 21:33 -------- d-----w- c:\users\Matt\AppData\Roaming\Malwarebytes
2011-04-05 21:33 . 2011-04-05 21:33 -------- d-----w- c:\programdata\Malwarebytes
2011-04-05 21:33 . 2011-04-06 03:35 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-04-05 19:31 . 2011-04-06 03:35 -------- d-----w- c:\windows\64665955E1A14A8BBFFA673A95318909.TMP
2011-04-05 09:06 . 2011-04-06 03:35 -------- d-----w- C:\Cracked License Manager 10
2011-04-05 07:51 . 2011-04-05 07:51 -------- d-----w- c:\programdata\Macrovision
2011-04-05 07:24 . 2011-04-05 07:50 -------- d-----w- c:\program files\ArcGIS
2011-04-05 07:18 . 2011-04-05 07:18 -------- d-----w- c:\windows\system32\1033
2011-04-05 07:18 . 2011-04-05 08:09 -------- d-----w- c:\program files\Microsoft SQL Server
2011-04-05 01:01 . 2011-04-05 01:01 -------- d-----w- c:\program files\Microsoft SDKs
2011-04-05 01:00 . 2011-04-05 01:01 -------- d-----w- c:\program files\Microsoft Visual Studio 9.0
2011-04-05 00:09 . 2011-04-05 00:10 -------- d-----w- c:\program files\Common Files\Alias Shared
2011-04-04 23:54 . 2011-04-04 23:54 -------- d-----w- c:\program files\Common Files\en-US
2011-04-04 23:54 . 2011-04-04 23:54 -------- d-----w- c:\program files\Common Files\ja-JP
2011-04-04 23:43 . 2008-05-30 20:17 25608 ----a-w- c:\windows\system32\X3DAudio1_4.dll
2011-04-04 23:42 . 2005-05-26 21:34 2297552 ----a-w- c:\windows\system32\d3dx9_26.dll
2011-04-04 21:12 . 2009-03-09 21:27 4178264 ----a-w- c:\windows\system32\D3DX9_41.dll
2011-04-04 20:09 . 2011-04-05 03:17 -------- d-----w- c:\users\Matt\AppData\Local\cache
2011-04-04 19:43 . 2011-04-05 01:44 -------- d-----w- c:\users\Matt\AppData\Local\Autodesk
2011-04-04 19:42 . 2011-04-05 01:06 -------- d-----w- c:\program files\Autodesk
2011-04-04 19:40 . 2011-04-06 03:35 -------- d-----w- c:\program files\Common Files\Autodesk Shared
2011-04-04 19:39 . 2009-09-04 23:29 1974616 ----a-w- c:\windows\system32\D3DCompiler_42.dll
2011-04-04 19:39 . 2009-09-04 23:29 235344 ----a-w- c:\windows\system32\d3dx11_42.dll
2011-04-04 19:39 . 2009-09-04 23:29 1892184 ----a-w- c:\windows\system32\D3DX9_42.dll
2011-04-04 19:30 . 2011-04-05 01:42 -------- d-----w- c:\users\Matt\AppData\Roaming\Autodesk
2011-04-04 19:30 . 2011-04-05 01:42 -------- d-----w- c:\programdata\Autodesk
2011-04-04 19:20 . 2011-04-05 00:29 -------- d-----w- C:\Autodesk
2011-04-04 19:07 . 2011-04-07 23:46 -------- d-----w- c:\program files\Common Files\Akamai
2011-03-28 18:48 . 2011-03-28 18:48 781272 ----a-w- c:\program files\Mozilla Firefox\mozsqlite3.dll
2011-03-28 18:48 . 2011-03-28 18:48 728024 ----a-w- c:\program files\Mozilla Firefox\libGLESv2.dll
2011-03-28 18:48 . 2011-03-28 18:48 1874904 ----a-w- c:\program files\Mozilla Firefox\mozjs.dll
2011-03-28 18:48 . 2011-03-28 18:48 15832 ----a-w- c:\program files\Mozilla Firefox\mozalloc.dll
2011-03-28 18:48 . 2011-03-28 18:48 142296 ----a-w- c:\program files\Mozilla Firefox\libEGL.dll
2011-03-28 18:48 . 2011-03-28 18:48 1975768 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_42.dll
2011-03-28 18:48 . 2011-03-28 18:48 1893336 ----a-w- c:\program files\Mozilla Firefox\d3dx9_42.dll
2011-03-28 18:48 . 2011-03-28 18:48 142296 ----a-w- c:\program files\Mozilla Firefox\components\browsercomps.dll
2011-03-25 07:06 . 2009-08-20 06:50 22872 ----a-r- c:\windows\system32\AdobePDFUI.dll
2011-03-12 18:28 . 2011-03-12 18:28 103864 ----a-w- c:\program files\Mozilla Firefox\plugins\nppdf32.dll
2011-03-12 18:28 . 2011-03-12 18:28 103864 ----a-w- c:\program files\Internet Explorer\Plugins\nppdf32.dll
2011-03-10 17:50 . 2011-03-10 17:50 -------- d-----w- c:\program files\iPod
2011-03-10 17:50 . 2011-04-06 03:35 -------- d-----w- c:\program files\iTunes
2011-03-10 17:46 . 2011-04-06 03:35 -------- d-----w- c:\program files\Bonjour
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-09 03:41 . 2010-06-24 18:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-02-19 05:33 . 2011-03-09 21:21 802304 ----a-w- c:\windows\system32\FntCache.dll
2011-02-19 05:32 . 2011-03-09 21:21 1074176 ----a-w- c:\windows\system32\DWrite.dll
2011-02-19 05:32 . 2011-03-09 21:21 739840 ----a-w- c:\windows\system32\d2d1.dll
2011-02-04 01:53 . 2011-02-04 01:53 14560 ----a-w- c:\windows\system32\AcSignExtRes.dll
2011-02-04 01:53 . 2011-02-04 01:53 289504 ----a-w- c:\windows\system32\styleman.cpl
2011-02-04 01:53 . 2011-02-04 01:53 289504 ----a-w- c:\windows\system32\plotman.cpl
2011-02-04 01:53 . 2011-02-04 01:53 43232 ----a-w- c:\windows\system32\AcSignIcon.dll
2011-02-04 01:53 . 2011-02-04 01:53 429792 ----a-w- c:\windows\system32\AcSignOpt.exe
2011-02-04 01:53 . 2011-02-04 01:53 29920 ----a-w- c:\windows\system32\AcSignExt.dll
2011-02-03 05:45 . 2011-02-08 22:50 219008 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
2011-02-03 04:40 . 2010-05-14 05:30 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-02-03 00:11 . 2010-01-11 22:36 222080 ------w- c:\windows\system32\MpSigStub.exe
2009-11-20 03:08 . 2009-11-20 03:08 3749224 ----a-w- c:\program files\Common Files\adlmint_libFNP.dll
2009-11-20 03:08 . 2009-11-20 03:08 2941288 ----a-w- c:\program files\Common Files\adlmint.dll
2011-03-28 18:48 . 2011-03-28 18:48 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
1997-07-22 02:30 1045776 --sha-w- c:\windows\System32\Msjet35.dll
1997-06-23 10:00 123664 --sha-w- c:\windows\System32\Msjint35.dll
1997-06-23 19:06 24848 --sha-w- c:\windows\System32\Msjter35.dll
1997-06-23 19:06 252176 --sha-w- c:\windows\System32\Msrd2x35.dll
1997-06-23 19:06 287504 --sha-w- c:\windows\System32\Msxbse35.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2011-04-09_03.45.41 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-01-11 22:03 . 2011-04-09 04:05 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-01-11 22:03 . 2011-04-09 03:12 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-01-11 22:03 . 2011-04-09 04:05 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-01-11 22:03 . 2011-04-09 03:12 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-07-14 7617056]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-06-26 98304]
"MGSysCtrl"="c:\program files\System Control Manager\MGSysCtrl.exe" [2009-08-05 2072576]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-28 207424]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"MaxMenuMgr"="c:\program files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe" [2009-05-01 185640]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2011-01-31 38840]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2010-09-23 640440]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-30 421888]
"Tsa.exe"="c:\program files\TELUS\TELUS security advisor\Tsa.exe" [2010-12-16 4318520]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-03-07 421160]
.
c:\users\Matt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
ArcGIS License Manager 10 CRACKED.lnk - c:\cracked license manager 10\start_lic_mgr_invisible.vbs [2011-4-5 174]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2009-7-31 2680160]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ PDBoot.exe\0autocheck autochk *
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Radialpoint Security Services]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ServicepointService]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2010-11-10 09:54 4240760 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-01-11 135664]
R2 Radialpoint Security Services;TELUS security services;c:\program files\TELUS\TELUS security services\RpsSecurityAwareR.exe [2010-06-03 166944]
R3 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [2008-08-15 284016]
R3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;c:\windows\system32\DRIVERS\ArcSoftKsUFilter.sys [2008-04-25 17920]
R3 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [2011-03-01 183560]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2009-06-04 166912]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-07-13 139776]
R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-04-14 1343400]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]
S0 RadialpointIDSEH;RadialpointIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2009-11-02 25608]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 20992]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-07-13 176128]
S2 Autodesk Content Service;Autodesk Content Service;c:\program files\Autodesk\Content Service\Connect.Service.ContentService.exe [2011-02-02 18656]
S2 FreeAgentGoNext Service;Seagate Service;c:\program files\Seagate\SeagateManager\Sync\FreeAgentService.exe [2009-05-01 181544]
S2 Micro Star SCM;Micro Star SCM;c:\program files\System Control Manager\MSIService.exe [2009-07-09 160768]
S2 RadialpointIDSAgent;RadialpointIDSAgent;c:\program files\TELUS\TELUS security services\AVG\Identity Protection\agent\Bin\AVGIDSAgent.exe RadialpointIDSAgent [x]
S2 ServicepointService;ServicepointService;c:\program files\TELUS\TELUS security advisor\ServicepointService.exe [2010-12-16 689464]
S3 netr28;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28.sys [2009-08-04 616960]
S3 RadialpointIDSDriver;RadialpointIDSDriver;c:\program files\TELUS\TELUS security services\AVG\Identity Protection\agent\drivers\AVGIDSDriver.sys [2009-11-02 122376]
S3 RadialpointIDSFilter;RadialpointIDSFilter;c:\program files\TELUS\TELUS security services\AVG\Identity Protection\agent\drivers\AVGIDSFilter.sys [2009-11-02 30216]
S3 RadialpointIDSShim;RadialpointIDSShim;c:\program files\TELUS\TELUS security services\AVG\Identity Protection\agent\drivers\AVGIDSShim.sys [2009-11-02 21208]
S3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSGB6.sys [2009-07-13 48128]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 11FCFAEC
*Deregistered* - 11fcfaec
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bdx REG_MULTI_SZ scan sysagent
Akamai REG_MULTI_SZ Akamai
.
Contents of the 'Scheduled Tasks' folder
.
2011-04-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-11 23:17]
.
2011-04-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-11 23:17]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.msi.com
uInternet Settings,ProxyOverride = *.local
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\pe1y9aer.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.ca/
.
.
------- File Associations -------
.
.scr=AutoCADScriptFile
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\services\Akamai]
"ServiceDll"="C:/Program Files/Common Files/Akamai/netsession_win_a35e6b9.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\services\Akamai]
"ServiceDll"="C:/Program Files/Common Files/Akamai/netsession_win_a35e6b9.dll"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2011-04-08 22:46:57
ComboFix-quarantined-files.txt 2011-04-09 04:46
ComboFix2.txt 2011-04-09 04:00
.
Pre-Run: 170,860,957,696 bytes free
Post-Run: 170,538,119,168 bytes free
.
- - End Of File - - C2C7EA6A7EAED2C71328A50E19FF86F1
__________________
my_brain is offline  
Old 04-09-2011, 05:19 AM   #4
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
CatByte's Avatar

Microsoft Most Valuable Professional
 
Join Date: Jan 2009
Location: Canada
Posts: 8,704
OS: XP, Vista, Win7



Hi,

Please do the following:
  • Please open your MalwareBytes AntiMalware Program
  • Click the Update Tab and search for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected. <-- very important
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note:If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.



NEXT


Go here to run an online scanner from ESET.
  • Note: You will need to use Internet explorer for this scan
  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activeX control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • When the scan completes, press the LIST OF THREATS FOUND button
  • Press EXPORT TO TEXT FILE , name the file ESETSCAN and save it to your desktop
  • Include the contents of this report in your next reply.
  • Press the BACK button.
  • Press Finish
__________________


Microsoft MVP 2010, 2011, 2012, 2013
CatByte is offline  
Old 04-09-2011, 06:33 PM   #5
Registered Member
 
Join Date: Apr 2011
Posts: 6
OS: Windows 7



Here is the MalwareBytes scan. It found no infections and it produced a log right away. There was no option to disinfect.

Malwarebytes' Anti-Malware 1.50.1.1100
Malwarebytes

Database version: 6320

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

09/04/2011 11:25:11 AM
mbam-log-2011-04-09 (11-25-11).txt

Scan type: Quick scan
Objects scanned: 202401
Time elapsed: 6 minute(s), 54 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

I did the ESET scan as instructed (With I.E.). I happened to glance at my PC when it passed by <<Cracked License Manager 10>> and it found nothing. I know this is related to my original atieclxx.exe; csrss.exe; winlogon.exe; ARCGIS.EXE problem. I'm a little discouraged.

Here is my ESET log:

C:\Qoobox\Quarantine\C\Windows\System32\.dll.vir Win32/Adware.CashTitan application

I hope I'm doing everything as instructed. If I have to do something over again please tell me.
__________________
my_brain is offline  
Old 04-09-2011, 06:53 PM   #6
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
CatByte's Avatar

Microsoft Most Valuable Professional
 
Join Date: Jan 2009
Location: Canada
Posts: 8,704
OS: XP, Vista, Win7



Hi,

Please do the following:

submit a file to virustotal for analysis
  • Use the browse button on that page to navigate to the location of the file to be scanned.
  • In the right hand panel,
  • click on the file C:\windows\system32\atieclxx.exe
  • then click the open button.
  • The file will now be displayed in the submit box.
  • Scroll down a bit and click "send file", wait for the results
  • If you get a message saying File has already been analyzed: click Reanalyze file now
  • Once scanned, copy and paste the link to the results page in your next reply.

NEXT

Please advise how the computer is running and if there are any outstanding issues
__________________


Microsoft MVP 2010, 2011, 2012, 2013
CatByte is offline  
Old 04-11-2011, 07:53 AM   #7
Registered Member
 
Join Date: Apr 2011
Posts: 6
OS: Windows 7



The link to the VirusTotal scan is here:

VirusTotal - Free Online Virus, Malware and URL Scanner


My laptop appears to be running fine. However if I try to delete the folder "C:\Cracked License Manager 10" I get a message that says there is a file in use and so it can't be deleted. I'm guessing it's ARCGIS.EXE; I can't delete it from the processes tab in the task manager.

Thanks again for your help.
__________________
my_brain is offline  
Old 04-11-2011, 09:29 AM   #8
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
CatByte's Avatar

Microsoft Most Valuable Professional
 
Join Date: Jan 2009
Location: Canada
Posts: 8,704
OS: XP, Vista, Win7



we'll use ComboFix

Please do the following:
  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below.
  • They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
Copy/paste the text inside the Codebox below into notepad:

Here's how to do that:
Click Start > Run type Notepad click OK.
This will open an empty notepad file:

Copy all the text inside of the code box - Press Ctrl+C (or right click on the highlighted section and choose 'copy')

Code:
KillAll::

File::
c:\cracked license manager 10\start_lic_mgr_invisible.vbs
c:\users\Matt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ArcGIS License Manager 10 CRACKED.lnk 
C:\Cracked License Manager 10\ARCGIS.exe
C:\Cracked License Manager 10\lmgrd.exe

Folder::
C:\Cracked License Manager 10
c:\program files\ArcGIS
Now paste the copied text into the open notepad - press CTRL+V (or right click and choose 'paste')

Save this file to your desktop, Save this as "CFScript"


Here's how to do that:

1.Click File;
2.Click Save As... Change the directory to your desktop;
3.Change the Save as type to "All Files";
4.Type in the file name: CFScript
5.Click Save ...

  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you.
  • Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.
__________________


Microsoft MVP 2010, 2011, 2012, 2013
CatByte is offline  
Old 04-11-2011, 03:12 PM   #9
Registered Member
 
Join Date: Apr 2011
Posts: 6
OS: Windows 7



Thanks for your help again.

The ComboFix log is pasted below but here are a couple of things I'd like to point out. The number of processes running on my computer have drastically decreased but the ones I'm concerned about are still there (without a user name or description). They are:

atieclxx.exe
csrss.exe
winlogon.exe

Maybe that's normal. I don't know.

ARCGIS.EXE is gone.

The system reboot was a little sketchy. I think it's a hardware issue with my notebook (the fan, I think, is bunk). So I waited for everything to cool down and everything started as normal. My computer asked me to start my anti-virus and I cancelled that. I got the "Preparing Log Report" on restart.

Here is the ComboFix log:

ComboFix 11-04-11.01 - Matt 11/04/2011 15:16:19.3.2 - x86
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.2.1033.18.3071.2201 [GMT -6:00]
Running from: c:\users\Matt\Desktop\ComboFix.exe
Command switches used :: c:\users\Matt\Desktop\CFScript.txt
AV: TELUS security services Anti-Virus *Disabled/Updated* {A61154FD-4365-E00F-9A33-13A09AD54B56}
FW: TELUS security services Firewall *Disabled* {9E2AD5D8-090A-E157-B16C-BA9564060C2D}
SP: TELUS security services Anti-Spyware *Disabled/Updated* {1D70B519-655F-EF81-A083-28D2E15201EB}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
FILE ::
"c:\cracked license manager 10\ARCGIS.exe"
"c:\cracked license manager 10\lmgrd.exe"
"c:\cracked license manager 10\start_lic_mgr_invisible.vbs"
"c:\users\Matt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ArcGIS License Manager 10 CRACKED.lnk"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Cracked License Manager 10
c:\cracked license manager 10\37102011.dat
c:\cracked license manager 10\afcore_v5.exe
c:\cracked license manager 10\ARCGIS.EXE
c:\cracked license manager 10\ARCGIS.exe.bac
c:\cracked license manager 10\ARCGIS_libFNP.dll
c:\cracked license manager 10\de\resLSAdmin.dll
c:\cracked license manager 10\de\resSoftwareAuthorizationLS.dll
c:\cracked license manager 10\es\resLSAdmin.dll
c:\cracked license manager 10\es\resSoftwareAuthorizationLS.dll
c:\cracked license manager 10\ESRIAudit.log
c:\cracked license manager 10\fr\resLSAdmin.dll
c:\cracked license manager 10\fr\resSoftwareAuthorizationLS.dll
c:\cracked license manager 10\icon.ico
c:\cracked license manager 10\installs.exe
c:\cracked license manager 10\ja\resLSAdmin.dll
c:\cracked license manager 10\ja\resSoftwareAuthorizationLS.dll
c:\cracked license manager 10\lmgrd.exe
c:\cracked license manager 10\lmgrd9.log
c:\cracked license manager 10\lmutil.exe
c:\cracked license manager 10\LSAdmin.exe
c:\cracked license manager 10\LSAdmin_libFNP.dll
c:\cracked license manager 10\Microsoft.VC90.CRT\Microsoft.VC90.CRT.manifest
c:\cracked license manager 10\Microsoft.VC90.CRT\msvcm90.dll
c:\cracked license manager 10\Microsoft.VC90.CRT\msvcp90.dll
c:\cracked license manager 10\Microsoft.VC90.CRT\msvcr90.dll
c:\cracked license manager 10\service.txt
c:\cracked license manager 10\SoftwareAuthorizationLS.exe
c:\cracked license manager 10\SoftwareAuthorizationLS_libFNP.dll
c:\cracked license manager 10\start_lic_mgr_invisible.vbs
c:\cracked license manager 10\start_server_license.cmd
c:\cracked license manager 10\zh-CN\resLSAdmin.dll
c:\cracked license manager 10\zh-CN\resSoftwareAuthorizationLS.dll
c:\program files\ArcGIS
c:\program files\ArcGIS\Desktop10.0\Bin\start_lic_mgr_invisible.vbs
c:\program files\ArcGIS\License10.0\bin\ESRIAudit.log
c:\program files\ArcGIS\License10.0\bin\lmgrd9.log
c:\program files\ArcGIS\License10.0\overwrites\9.xLic.lic
c:\program files\ArcGIS\License10.0\overwrites\ARCGIS.exe
c:\program files\ArcGIS\License10.0\overwrites\ESRI.EXE
c:\program files\ArcGIS\License10.0\overwrites\lmgrd.exe
c:\program files\ArcGIS\License10.0\overwrites\lmtools.exe
c:\users\Matt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ArcGIS License Manager 10 CRACKED.lnk
.
.
((((((((((((((((((((((((( Files Created from 2011-03-11 to 2011-04-11 )))))))))))))))))))))))))))))))
.
.
2011-04-11 21:32 . 2011-04-11 21:32 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-04-09 17:32 . 2011-04-09 17:32 -------- d-----w- c:\program files\ESET
2011-04-09 17:15 . 2010-12-21 00:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-04-09 17:15 . 2010-12-21 00:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-04-09 04:00 . 2011-04-11 21:50 -------- d-----w- c:\users\Matt\AppData\Local\temp
2011-04-08 19:40 . 2011-03-15 04:05 6792528 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{DF420676-5B84-46F5-BA55-6A3B5573D0D0}\mpengine.dll
2011-04-06 06:01 . 2011-04-06 06:28 -------- d-----w- c:\program files\7-Zip
2011-04-06 05:47 . 2011-04-06 05:47 -------- d-----w- c:\users\Matt\AppData\Local\backburner
2011-04-05 21:33 . 2011-04-05 21:33 -------- d-----w- c:\users\Matt\AppData\Roaming\Malwarebytes
2011-04-05 21:33 . 2011-04-05 21:33 -------- d-----w- c:\programdata\Malwarebytes
2011-04-05 21:33 . 2011-04-09 17:15 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-04-05 19:31 . 2011-04-06 03:35 -------- d-----w- c:\windows\64665955E1A14A8BBFFA673A95318909.TMP
2011-04-05 07:51 . 2011-04-05 07:51 -------- d-----w- c:\programdata\Macrovision
2011-04-05 07:18 . 2011-04-05 07:18 -------- d-----w- c:\windows\system32\1033
2011-04-05 07:18 . 2011-04-05 08:09 -------- d-----w- c:\program files\Microsoft SQL Server
2011-04-05 01:01 . 2011-04-05 01:01 -------- d-----w- c:\program files\Microsoft SDKs
2011-04-05 01:00 . 2011-04-05 01:01 -------- d-----w- c:\program files\Microsoft Visual Studio 9.0
2011-04-05 00:09 . 2011-04-05 00:10 -------- d-----w- c:\program files\Common Files\Alias Shared
2011-04-04 23:54 . 2011-04-04 23:54 -------- d-----w- c:\program files\Common Files\en-US
2011-04-04 23:54 . 2011-04-04 23:54 -------- d-----w- c:\program files\Common Files\ja-JP
2011-04-04 23:43 . 2008-05-30 20:17 25608 ----a-w- c:\windows\system32\X3DAudio1_4.dll
2011-04-04 23:42 . 2005-05-26 21:34 2297552 ----a-w- c:\windows\system32\d3dx9_26.dll
2011-04-04 21:12 . 2009-03-09 21:27 4178264 ----a-w- c:\windows\system32\D3DX9_41.dll
2011-04-04 20:09 . 2011-04-05 03:17 -------- d-----w- c:\users\Matt\AppData\Local\cache
2011-04-04 19:43 . 2011-04-05 01:44 -------- d-----w- c:\users\Matt\AppData\Local\Autodesk
2011-04-04 19:42 . 2011-04-05 01:06 -------- d-----w- c:\program files\Autodesk
2011-04-04 19:40 . 2011-04-06 03:35 -------- d-----w- c:\program files\Common Files\Autodesk Shared
2011-04-04 19:39 . 2009-09-04 23:29 1974616 ----a-w- c:\windows\system32\D3DCompiler_42.dll
2011-04-04 19:39 . 2009-09-04 23:29 235344 ----a-w- c:\windows\system32\d3dx11_42.dll
2011-04-04 19:39 . 2009-09-04 23:29 1892184 ----a-w- c:\windows\system32\D3DX9_42.dll
2011-04-04 19:30 . 2011-04-05 01:42 -------- d-----w- c:\users\Matt\AppData\Roaming\Autodesk
2011-04-04 19:30 . 2011-04-05 01:42 -------- d-----w- c:\programdata\Autodesk
2011-04-04 19:20 . 2011-04-05 00:29 -------- d-----w- C:\Autodesk
2011-04-04 19:07 . 2011-04-11 21:47 -------- d-----w- c:\program files\Common Files\Akamai
2011-03-28 18:48 . 2011-03-28 18:48 781272 ----a-w- c:\program files\Mozilla Firefox\mozsqlite3.dll
2011-03-28 18:48 . 2011-03-28 18:48 728024 ----a-w- c:\program files\Mozilla Firefox\libGLESv2.dll
2011-03-28 18:48 . 2011-03-28 18:48 1874904 ----a-w- c:\program files\Mozilla Firefox\mozjs.dll
2011-03-28 18:48 . 2011-03-28 18:48 15832 ----a-w- c:\program files\Mozilla Firefox\mozalloc.dll
2011-03-28 18:48 . 2011-03-28 18:48 142296 ----a-w- c:\program files\Mozilla Firefox\libEGL.dll
2011-03-28 18:48 . 2011-03-28 18:48 1975768 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_42.dll
2011-03-28 18:48 . 2011-03-28 18:48 1893336 ----a-w- c:\program files\Mozilla Firefox\d3dx9_42.dll
2011-03-28 18:48 . 2011-03-28 18:48 142296 ----a-w- c:\program files\Mozilla Firefox\components\browsercomps.dll
2011-03-25 07:06 . 2009-08-20 06:50 22872 ----a-r- c:\windows\system32\AdobePDFUI.dll
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-09 03:41 . 2010-06-24 18:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-02-19 05:33 . 2011-03-09 21:21 802304 ----a-w- c:\windows\system32\FntCache.dll
2011-02-19 05:32 . 2011-03-09 21:21 1074176 ----a-w- c:\windows\system32\DWrite.dll
2011-02-19 05:32 . 2011-03-09 21:21 739840 ----a-w- c:\windows\system32\d2d1.dll
2011-02-04 01:53 . 2011-02-04 01:53 14560 ----a-w- c:\windows\system32\AcSignExtRes.dll
2011-02-04 01:53 . 2011-02-04 01:53 289504 ----a-w- c:\windows\system32\styleman.cpl
2011-02-04 01:53 . 2011-02-04 01:53 289504 ----a-w- c:\windows\system32\plotman.cpl
2011-02-04 01:53 . 2011-02-04 01:53 43232 ----a-w- c:\windows\system32\AcSignIcon.dll
2011-02-04 01:53 . 2011-02-04 01:53 429792 ----a-w- c:\windows\system32\AcSignOpt.exe
2011-02-04 01:53 . 2011-02-04 01:53 29920 ----a-w- c:\windows\system32\AcSignExt.dll
2011-02-03 05:45 . 2011-02-08 22:50 219008 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
2011-02-03 04:40 . 2010-05-14 05:30 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-02-03 00:11 . 2010-01-11 22:36 222080 ------w- c:\windows\system32\MpSigStub.exe
2009-11-20 03:08 . 2009-11-20 03:08 3749224 ----a-w- c:\program files\Common Files\adlmint_libFNP.dll
2009-11-20 03:08 . 2009-11-20 03:08 2941288 ----a-w- c:\program files\Common Files\adlmint.dll
2011-03-28 18:48 . 2011-03-28 18:48 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
1997-07-22 02:30 1045776 --sha-w- c:\windows\System32\Msjet35.dll
1997-06-23 10:00 123664 --sha-w- c:\windows\System32\Msjint35.dll
1997-06-23 19:06 24848 --sha-w- c:\windows\System32\Msjter35.dll
1997-06-23 19:06 252176 --sha-w- c:\windows\System32\Msrd2x35.dll
1997-06-23 19:06 287504 --sha-w- c:\windows\System32\Msxbse35.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-07-14 7617056]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-06-26 98304]
"MGSysCtrl"="c:\program files\System Control Manager\MGSysCtrl.exe" [2009-08-05 2072576]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-28 207424]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"MaxMenuMgr"="c:\program files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe" [2009-05-01 185640]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2011-01-31 38840]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2010-09-23 640440]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-30 421888]
"Tsa.exe"="c:\program files\TELUS\TELUS security advisor\Tsa.exe" [2010-12-16 4318520]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-03-07 421160]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2009-7-31 2680160]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ PDBoot.exe\0autocheck autochk *
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Radialpoint Security Services]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ServicepointService]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2010-11-10 09:54 4240760 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-01-11 135664]
R3 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [2008-08-15 284016]
R3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;c:\windows\system32\DRIVERS\ArcSoftKsUFilter.sys [2008-04-25 17920]
R3 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [2011-03-01 183560]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2009-06-04 166912]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-07-13 139776]
R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-04-14 1343400]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]
S0 RadialpointIDSEH;RadialpointIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2009-11-02 25608]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 20992]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-07-13 176128]
S2 Autodesk Content Service;Autodesk Content Service;c:\program files\Autodesk\Content Service\Connect.Service.ContentService.exe [2011-02-02 18656]
S2 FreeAgentGoNext Service;Seagate Service;c:\program files\Seagate\SeagateManager\Sync\FreeAgentService.exe [2009-05-01 181544]
S2 Micro Star SCM;Micro Star SCM;c:\program files\System Control Manager\MSIService.exe [2009-07-09 160768]
S2 Radialpoint Security Services;TELUS security services;c:\program files\TELUS\TELUS security services\RpsSecurityAwareR.exe [2010-06-03 166944]
S2 RadialpointIDSAgent;RadialpointIDSAgent;c:\program files\TELUS\TELUS security services\AVG\Identity Protection\agent\Bin\AVGIDSAgent.exe RadialpointIDSAgent [x]
S2 ServicepointService;ServicepointService;c:\program files\TELUS\TELUS security advisor\ServicepointService.exe [2010-12-16 689464]
S3 netr28;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28.sys [2009-08-04 616960]
S3 RadialpointIDSDriver;RadialpointIDSDriver;c:\program files\TELUS\TELUS security services\AVG\Identity Protection\agent\drivers\AVGIDSDriver.sys [2009-11-02 122376]
S3 RadialpointIDSFilter;RadialpointIDSFilter;c:\program files\TELUS\TELUS security services\AVG\Identity Protection\agent\drivers\AVGIDSFilter.sys [2009-11-02 30216]
S3 RadialpointIDSShim;RadialpointIDSShim;c:\program files\TELUS\TELUS security services\AVG\Identity Protection\agent\drivers\AVGIDSShim.sys [2009-11-02 21208]
S3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSGB6.sys [2009-07-13 48128]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - B925DF12
*Deregistered* - b925df12
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bdx REG_MULTI_SZ scan sysagent
Akamai REG_MULTI_SZ Akamai
.
Contents of the 'Scheduled Tasks' folder
.
2011-04-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-11 23:17]
.
2011-04-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-11 23:17]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.msi.com
uInternet Settings,ProxyOverride = *.local
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\pe1y9aer.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.ca/
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\services\Akamai]
"ServiceDll"="C:/Program Files/Common Files/Akamai/netsession_win_a35e6b9.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\services\Akamai]
"ServiceDll"="C:/Program Files/Common Files/Akamai/netsession_win_a35e6b9.dll"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\atieclxx.exe
c:\program files\TELUS\TELUS security services\Fws.exe
c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Microsoft\BingBar\SeaPort.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\taskhost.exe
c:\windows\system32\conhost.exe
c:\program files\Windows Media Player\wmpnetwk.exe
.
**************************************************************************
.
Completion time: 2011-04-11 16:02:56 - machine was rebooted
ComboFix-quarantined-files.txt 2011-04-11 22:02
ComboFix2.txt 2011-04-09 04:47
ComboFix3.txt 2011-04-09 04:00
.
Pre-Run: 179,415,015,424 bytes free
Post-Run: 179,331,788,800 bytes free
.
- - End Of File - - 1C0861CA5889CB354AD1EFF17235770E
__________________
my_brain is offline  
Old 04-11-2011, 03:42 PM   #10
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
CatByte's Avatar

Microsoft Most Valuable Professional
 
Join Date: Jan 2009
Location: Canada
Posts: 8,704
OS: XP, Vista, Win7



Hi,

atieclxx.exe
csrss.exe
winlogon.exe


those processes should be there, that is normal


Check for dust and debris around your fan openings, "canned air" may be beneficial to clean out any debris which should help.


Please do the following:

Visit ADOBE and download the latest version of Acrobat Reader (version X)
Having the latest updates ensures there are no security vulnerabilities in your system.


NEXT

Please post a fresh DDS Log and advise how your computer is running now and if there are any outstanding issues
__________________


Microsoft MVP 2010, 2011, 2012, 2013
CatByte is offline  
Old 04-12-2011, 02:21 PM   #11
Registered Member
 
Join Date: Apr 2011
Posts: 6
OS: Windows 7



OK, so I updated Adobe Reader and here is the DDS log:

.
DDS (Ver_11-03-05.01) - NTFSx86
Run by Matt at 15:07:42.60 on 12/04/2011
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_24
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.2.1033.18.3071.1602 [GMT -6:00]
.
AV: TELUS security services Anti-Virus *Enabled/Updated* {A61154FD-4365-E00F-9A33-13A09AD54B56}
SP: TELUS security services Anti-Spyware *Enabled/Updated* {1D70B519-655F-EF81-A083-28D2E15201EB}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: TELUS security services Firewall *Enabled* {9E2AD5D8-090A-E157-B16C-BA9564060C2D}
.
============== Running Processes ===============
.
C:\windows\system32\wininit.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\system32\atiesrxx.exe
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\atieclxx.exe
C:\Program Files\TELUS\TELUS security services\Fws.exe
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\System32\spoolsv.exe
C:\Program Files\TELUS\TELUS security services\AVG\Identity Protection\agent\Bin\AVGIDSAgent.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\windows\system32\taskhost.exe
C:\Program Files\TELUS\TELUS security services\rps.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\System Control Manager\MGSysCtrl.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Seagate\SeagateManager\FreeAgent Status\stxmenumgr.exe
C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
C:\Program Files\TELUS\TELUS security advisor\Tsa.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\windows\System32\svchost.exe -k Akamai
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Autodesk\Content Service\Connect.Service.ContentService.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
C:\Program Files\System Control Manager\MSIService.exe
C:\Program Files\TELUS\TELUS security services\RpsSecurityAwareR.exe
C:\Program Files\Microsoft\BingBar\SeaPort.EXE
C:\Program Files\TELUS\TELUS security advisor\ServicepointService.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\TELUS\TELUS security advisor\TsaComHandler.exe
C:\windows\system32\wbem\unsecapp.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosHdpProc.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\windows\system32\msiexec.exe
C:\windows\System32\svchost.exe -k swprv
C:\windows\system32\SearchIndexer.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\system32\SearchProtocolHost.exe
C:\windows\system32\SearchFilterHost.exe
C:\windows\system32\DllHost.exe
C:\windows\system32\DllHost.exe
C:\Users\Matt\Desktop\dds.com
C:\windows\system32\conhost.exe
C:\windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.msi.com
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - c:\program files\windows live\companion\companioncore.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "c:\program files\microsoft\bingbar\BingExt.dll"
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "c:\program files\microsoft\bingbar\BingExt.dll"
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [MGSysCtrl] c:\program files\system control manager\MGSysCtrl.exe
mRun: [ArcSoft Connection Service] c:\program files\common files\arcsoft\connection service\bin\ACDaemon.exe
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [MaxMenuMgr] "c:\program files\seagate\seagatemanager\freeagent status\StxMenuMgr.exe"
mRun: [AdobeCS4ServiceManager] "c:\program files\common files\adobe\cs4servicemanager\CS4ServiceManager.exe" -launchedbylogin
mRun: [Adobe Acrobat Speed Launcher] "c:\program files\adobe\acrobat 9.0\acrobat\Acrobat_sl.exe"
mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 9.0\acrobat\Acrotray.exe"
mRun: [Adobe_ID0ENQBO] c:\progra~1\common~1\adobe\adobev~1\server\bin\VERSIO~2.EXE
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [Tsa.exe] "c:\program files\telus\telus security advisor\Tsa.exe" /AUTORUN
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 10.0\reader\Reader_sl.exe"
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\toshiba\bluetooth toshiba stack\TosBtMng.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - c:\program files\windows live\companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\matt\appdata\roaming\mozilla\firefox\profiles\pe1y9aer.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.ca/
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60129.0\npctrlui.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\telus\telus security advisor\nprpspa.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
.
============= SERVICES / DRIVERS ===============
.
R0 RadialpointIDSEH;RadialpointIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2010-9-6 25608]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128]
R2 Akamai;Akamai NetSession Interface;c:\windows\system32\svchost.exe -k Akamai [2009-7-13 20992]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-9-18 176128]
R2 Autodesk Content Service;Autodesk Content Service;c:\program files\autodesk\content service\Connect.Service.ContentService.exe [2011-2-2 18656]
R2 FreeAgentGoNext Service;Seagate Service;c:\program files\seagate\seagatemanager\sync\FreeAgentService.exe [2009-5-1 181544]
R2 Micro Star SCM;Micro Star SCM;c:\program files\system control manager\MSIService.exe [2009-9-18 160768]
R2 Radialpoint Security Services;TELUS security services;c:\program files\telus\telus security services\RpsSecurityAwareR.exe [2010-6-2 166944]
R2 RadialpointIDSAgent;RadialpointIDSAgent;c:\program files\telus\telus security services\avg\identity protection\agent\bin\AVGIDSAgent.exe [2010-9-6 5832712]
R2 ServicepointService;ServicepointService;c:\program files\telus\telus security advisor\ServicepointService.exe [2011-1-21 689464]
R3 netr28;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\drivers\netr28.sys [2009-8-19 616960]
R3 RadialpointIDSDriver;RadialpointIDSDriver;c:\program files\telus\telus security services\avg\identity protection\agent\drivers\AVGIDSDriver.sys [2010-9-6 122376]
R3 RadialpointIDSFilter;RadialpointIDSFilter;c:\program files\telus\telus security services\avg\identity protection\agent\drivers\AVGIDSfilter.sys [2010-9-6 30216]
R3 RadialpointIDSShim;RadialpointIDSShim;c:\program files\telus\telus security services\avg\identity protection\agent\drivers\AVGIDSShim.sys [2010-9-6 21208]
R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\drivers\SiSGB6.sys [2009-6-10 48128]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\drivers\vwifimp.sys [2009-7-13 14336]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-1-11 135664]
S3 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files\common files\adobe\adobe version cue cs4\server\bin\VersionCueCS4.exe [2008-8-15 284016]
S3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;c:\windows\system32\drivers\ArcSoftKsUFilter.sys [2009-9-18 17920]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 BBSvc;Bing Bar Update Service;c:\program files\microsoft\bingbar\BBSvc.EXE [2011-2-28 183560]
S3 fssfltr;fssfltr;c:\windows\system32\drivers\fssfltr.sys [2011-1-12 39272]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-9-23 1493352]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RtsUStor.sys [2009-9-18 166912]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2009-6-10 139776]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-4-14 1343400]
S4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\windows live\mesh\wlcrasvc.exe [2010-9-22 51040]
.
=============== File Associations ===============
.
.scr=AutoCADScriptFile
.
=============== Created Last 30 ================
.
2011-04-11 21:59:51 -------- d-sh--w- C:\$RECYCLE.BIN
2011-04-09 17:32:19 -------- d-----w- c:\program files\ESET
2011-04-09 17:15:16 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-04-09 17:15:11 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-04-09 04:00:29 -------- d-----w- c:\users\matt\appdata\local\temp
2011-04-09 03:24:25 98816 ----a-w- c:\windows\sed.exe
2011-04-09 03:24:25 89088 ----a-w- c:\windows\MBR.exe
2011-04-09 03:24:25 256512 ----a-w- c:\windows\PEV.exe
2011-04-09 03:24:25 161792 ----a-w- c:\windows\SWREG.exe
2011-04-08 19:40:31 6792528 ----a-w- c:\progra~2\microsoft\windows defender\definition updates\{df420676-5b84-46f5-ba55-6a3b5573d0d0}\mpengine.dll
2011-04-06 05:47:24 -------- d-----w- c:\users\matt\appdata\local\backburner
2011-04-05 21:33:38 -------- d-----w- c:\users\matt\appdata\roaming\Malwarebytes
2011-04-05 21:33:31 -------- d-----w- c:\progra~2\Malwarebytes
2011-04-05 21:33:28 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-04-05 19:31:04 -------- d-----w- c:\windows\64665955E1A14A8BBFFA673A95318909.TMP
2011-04-05 07:18:38 -------- d-----w- c:\windows\system32\1033
2011-04-05 07:18:37 -------- d-----w- c:\program files\Microsoft SQL Server
2011-04-05 00:09:31 -------- d-----w- c:\program files\common files\Alias Shared
2011-04-04 23:54:29 -------- d-----w- c:\program files\common files\en-US
2011-04-04 23:54:28 -------- d-----w- c:\program files\common files\ja-JP
2011-04-04 23:43:59 25608 ----a-w- c:\windows\system32\X3DAudio1_4.dll
2011-04-04 23:42:54 2297552 ----a-w- c:\windows\system32\d3dx9_26.dll
2011-04-04 21:12:47 4178264 ----a-w- c:\windows\system32\D3DX9_41.dll
2011-04-04 20:09:19 -------- d-----w- c:\users\matt\appdata\local\cache
2011-04-04 19:43:26 -------- d-----w- c:\users\matt\appdata\local\Autodesk
2011-04-04 19:42:25 -------- d-----w- c:\program files\Autodesk
2011-04-04 19:40:01 -------- d-----w- c:\program files\common files\Autodesk Shared
2011-04-04 19:39:21 1974616 ----a-w- c:\windows\system32\D3DCompiler_42.dll
2011-04-04 19:39:20 235344 ----a-w- c:\windows\system32\d3dx11_42.dll
2011-04-04 19:39:19 1892184 ----a-w- c:\windows\system32\D3DX9_42.dll
2011-04-04 19:30:27 -------- d-----w- c:\users\matt\appdata\roaming\Autodesk
2011-04-04 19:20:43 -------- d-----w- C:\Autodesk
2011-04-04 19:07:32 -------- d-----w- c:\program files\common files\Akamai
2011-03-28 18:48:44 781272 ----a-w- c:\program files\mozilla firefox\mozsqlite3.dll
2011-03-28 18:48:44 728024 ----a-w- c:\program files\mozilla firefox\libGLESv2.dll
2011-03-28 18:48:44 1874904 ----a-w- c:\program files\mozilla firefox\mozjs.dll
2011-03-28 18:48:44 15832 ----a-w- c:\program files\mozilla firefox\mozalloc.dll
2011-03-28 18:48:44 142296 ----a-w- c:\program files\mozilla firefox\libEGL.dll
2011-03-28 18:48:43 1975768 ----a-w- c:\program files\mozilla firefox\D3DCompiler_42.dll
2011-03-28 18:48:43 1893336 ----a-w- c:\program files\mozilla firefox\d3dx9_42.dll
2011-03-28 18:48:43 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2011-03-25 0715 22872 ----a-r- c:\windows\system32\AdobePDFUI.dll
.
==================== Find3M ====================
.
2011-02-19 05:33:11 802304 ----a-w- c:\windows\system32\FntCache.dll
2011-02-19 05:32:48 1074176 ----a-w- c:\windows\system32\DWrite.dll
2011-02-19 05:32:35 739840 ----a-w- c:\windows\system32\d2d1.dll
2011-02-04 01:53:14 14560 ----a-w- c:\windows\system32\AcSignExtRes.dll
2011-02-04 01:53:13 289504 ----a-w- c:\windows\system32\styleman.cpl
2011-02-04 01:53:13 289504 ----a-w- c:\windows\system32\plotman.cpl
2011-02-04 01:53:04 43232 ----a-w- c:\windows\system32\AcSignIcon.dll
2011-02-04 01:53:04 429792 ----a-w- c:\windows\system32\AcSignOpt.exe
2011-02-04 01:53:04 29920 ----a-w- c:\windows\system32\AcSignExt.dll
2011-02-03 04:40:23 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-02-03 00:11:20 222080 ------w- c:\windows\system32\MpSigStub.exe
2009-11-20 03:08:02 3749224 ----a-w- c:\program files\common files\adlmint_libFNP.dll
2009-11-20 03:08:02 2941288 ----a-w- c:\program files\common files\adlmint.dll
1997-07-22 02:30:54 1045776 --sha-w- c:\windows\system32\Msjet35.dll
1997-06-23 10:00:00 123664 --sha-w- c:\windows\system32\Msjint35.dll
1997-06-23 1950 24848 --sha-w- c:\windows\system32\Msjter35.dll
1997-06-23 1950 252176 --sha-w- c:\windows\system32\Msrd2x35.dll
1997-06-23 1950 287504 --sha-w- c:\windows\system32\Msxbse35.dll
.
============= FINISH: 15:08:59.99 ===============


Computer appears to be running fine. What should I do with ComboFix, GMER, and Malwarebytes?

Again, thank you so much!
__________________
my_brain is offline  
Old 04-12-2011, 03:12 PM   #12
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
CatByte's Avatar

Microsoft Most Valuable Professional
 
Join Date: Jan 2009
Location: Canada
Posts: 8,704
OS: XP, Vista, Win7



Hi

Just some housekeeping to do now, keep MalwareBytes, it's a good program to have, run it occasionally.


You can delete the DDS and GMER logs and programs from your desktop.


NEXT


Follow these steps to uninstall Combofix
  • Make sure your security programs are totally disabled.
  • Click START then RUN
  • Now copy/paste Combofix /uninstall into the runbox and click OK. Note the space between the ..X and the /U, it needs to be there.




If there are any logs/tools remaining on your desktop > right click and delete them.


NEXT


Below I have included a number of recommendations for how to protect your computer against malware infections.
  • It is good security practice to change your passwords to all your online accounts on a fairly regular basis, this is especially true after an infection. Refer to this Microsoft article
    Strong passwords: How to create and use them
    Then consider a password keeper, to keep all your passwords safe.

  • Keep Windows updated by regularly checking their website at :
    Microsoft Windows Update
    This will ensure your computer has always the latest security updates available installed on your computer.

  • Make Internet Explorer more secure
    • Click Start > Run
    • Type Inetcpl.cpl & click OK
    • Click on the Security tab
    • Click Reset all zones to default level
    • Make sure the Internet Zone is selected & Click Custom level
    • In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".
    • Next Click OK, then Apply button and then OK to exit the Internet Properties page.

  • Download TFC to your desktop
    • Close any open windows.
    • Double click the TFC icon to run the program
    • TFC will close all open programs itself in order to run,
    • Click the Start button to begin the process.
    • Allow TFC to run uninterrupted.
    • The program should not take long to finish it's job
    • Once its finished it should automatically reboot your machine,
    • if it doesn't, manually reboot to ensure a complete clean
    It's normal after running TFC cleaner that the PC will be slower to boot the first time.

  • WOT, Web of Trust, warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:
    • Green to go
    • Yellow for caution
    • Red to stop
    WOT has an addon available for both Firefox and IE

  • Keep a backup of your important files - Now, more than ever, it's especially important to protect your digital files and memories. This article is full of good information on alternatives for home backup solutions.

  • ERUNT (Emergency Recovery Utility NT) allows you to keep a complete backup of your registry and restore it when needed. The standard registry backup options that come with Windows back up most of the registry but not all of it. ERUNT however creates a complete backup set, including the Security hive and user related sections. ERUNT is easy to use and since it creates a full backup, there are no options or choices other than to select the location of the backup files. The backup set includes a small executable that will launch the registry restore if needed.

  • In light of your recent issue, I'm sure you'd like to avoid any future infections. Please take a look at this well written article:
    PC Safety and Security--What Do I Need?.


**Be very wary with any security software that is advertised in popups or in other ways. They are not only usually of no use, but often have malware in them.


Thank you for your patience, and performing all of the procedures requested.

Please respond one last time so we can consider the thread resolved and close it, thank-you.
__________________


Microsoft MVP 2010, 2011, 2012, 2013
CatByte is offline  
Old 04-23-2011, 05:50 AM   #13
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
amateur's Avatar
 
Join Date: Jun 2006
Location: here & there and everywhere
Posts: 14,591
OS: XP Win7 Ubuntu 10.10



Since this issue appears resolved, this topic will now be archived. If you need continued support, please begin a new thread, and provide a link to this topic. This applies only to the original topic starter. Everyone else please begin a New Topic, after following the steps outlined here:

NEW INSTRUCTIONS - Read This Before Posting For Malware Removal Help - Tech Support Forum

__________________

amateur is offline  
 

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is on
Smilies are on
[IMG] code is on
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Post a Question


» Site Navigation
 > FAQ
  > 10.0.0.2


All times are GMT -7. The time now is 12:18 AM.


Copyright 2001 - 2014, Tech Support Forum

Windows 7 - Windows XP - Windows Vista - Trojan Removal - Spyware Removal - Virus Removal - Networking - Security - Top Web Hosts