Go Back   Tech Support Forum > Security Center > Virus/Trojan/Spyware Help > Resolved HJT Threads

User Tag List

w32/blaster.worm follow up

This is a discussion on w32/blaster.worm follow up within the Resolved HJT Threads forums, part of the Tech Support Forum category. My original post was closed due to inactivity. (I borrowed a computer while waiting for info and just procrastinated dealing


 
 
Thread Tools Search this Thread
Old 12-20-2011, 03:06 PM   #1
Registered Member
 
Join Date: Nov 2011
Posts: 29
OS: vista basic



My original post was closed due to inactivity. (I borrowed a computer while waiting for info and just procrastinated dealing with this issue)

Here is the link to the original post:

https://www.techsupportforum.com/foru...up-613982.html

I have downloaded the files listed with the exception of Rkill which says the "link appears to be broken"

I have followed the instructions (I hope!) and have attached the "attach" file and the Gmer file, and below is the TEXT of the DDS scan. I hope I have followed your instructions properly. Thank you so much for your help. I really appreciate you being there for people like me.


Contents of DDS:
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 7.0.6002.18005 BrowserJavaVersion: 1.6.0_15
Run by Danielle at 16:39:07 on 2011-12-20
Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.2.1033.18.2008.921 [GMT -5:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
C:\Program Files\LENOVO\HOTKEY\FNF5SVC.exe
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files\Lenovo\PMDriver\PMSveH.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Microsoft\BingBar\SeaPort.EXE
C:\Program Files\Bell\Internet Service Advisor\ServicepointService.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe -k imgsvc
c:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe
C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Lenovo\System Update\SUService.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\system32\svchost.exe -k HPService
C:\Program Files\Lenovo\PMDriver\PMHandler.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Lenovo\NPDIRECT\tpfnf7sp.exe
C:\Program Files\Lenovo\HOTKEY\TpWAudAp.exe
C:\Program Files\CONEXANT\SmartAudio\SmAudio.exe
C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
C:\Program Files\Lenovo\LenovoCare\LPMGR.EXE
C:\Program Files\Lenovo\Drag-to-Disc\DrgToDsc.exe
C:\Program Files\Lenovo\VeriFaceIII\PManage.exe
C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
C:\Program Files\Lenovo\Message Center Plus\MCPLaunch.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Bell\Internet Service Advisor\BISA.exe
C:\Windows\System32\wpcumi.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Bell\Internet Service Advisor\BISAComHandler.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\wuauclt.exe
c:\program files\windows defender\MpCmdRun.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
.
============== Pseudo HJT Report ===============
.
uSearch Page = hxxp://g.msn.ca/0SEENCA/SAOS01?FORM=TOOLBR
uStart Page = hxxp://www.google.ca/
uDefault_Page_URL = hxxp://lenovo.live.com
uSearch Bar = hxxp://g.msn.ca/0SEENCA/SAOS01?FORM=TOOLBR
mDefault_Page_URL = hxxp://lenovo.live.com
uSearchURL,(Default) = hxxp://g.msn.ca/0SEENCA/SAOS01?FORM=TOOLBR
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - c:\program files\windows live\companion\companioncore.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "c:\program files\microsoft\bingbar\BingExt.dll"
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "c:\program files\microsoft\bingbar\BingExt.dll"
TB: {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No File
TB: {10134636-E7AF-4AC5-A1DC-C7C44BB97D81} - No File
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [MsnMsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [Flileganow] rundll32.exe "c:\users\danielle\appdata\local\idukuvayad.dll",Startup
uRun: [Privacy Protection] c:\users\danielle\appdata\roaming\privacy.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [PMHandler] c:\progra~1\lenovo\pmdriver\PMHandler.exe
mRun: [Apoint] c:\program files\apoint2k\Apoint.exe
mRun: [TPFNF7] c:\program files\lenovo\npdirect\TPFNF7SP.exe /r
mRun: [TPWAUDAP] c:\program files\lenovo\hotkey\TpWAudAp.exe
mRun: [SmartAudio] c:\program files\conexant\smartaudio\SMAUDIO.EXE /c
mRun: [TVT Scheduler Proxy] c:\program files\common files\lenovo\scheduler\scheduler_proxy.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [LPManager] c:\progra~1\lenovo\lenovo~2\LPMGR.exe
mRun: [RoxWatchTray] "c:\program files\common files\roxio shared\10.0\sharedcom\RoxWatchTray10.exe"
mRun: [RoxioDragToDisc] "c:\program files\lenovo\drag-to-disc\DrgToDsc.exe"
mRun: [VeriFaceManager] c:\program files\lenovo\verifaceiii\PManage.exe
mRun: [ACTray] c:\program files\thinkpad\connectutilities\ACTray.exe
mRun: [ACWlIcon] c:\program files\thinkpad\connectutilities\ACWlIcon.exe
mRun: [Message Center Plus] c:\program files\lenovo\message center plus\MCPLaunch.exe /start
mRun: [CAPPActiveProtection] "c:\program files\ca\ca internet security suite\ca anti-spyware\CAPPActiveProtection.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [hpqSRMon]
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [BISA.exe] "c:\program files\bell\internet service advisor\BISA.exe" /AUTORUN
mRun: [WPCUMI] c:\windows\system32\WpcUmi.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - c:\program files\windows live\companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
LSP: c:\windows\system32\wpclsp.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{0F1B6EC7-6BB8-44D9-9060-B08F1DF8C40A} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{4E5AE8BE-9C83-4D81-9334-815B36EF8711} : DhcpNameServer = 192.168.0.1
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: igfxcui - igfxdev.dll
LSA: Notification Packages = scecli ACGina
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\danielle\appdata\roaming\mozilla\firefox\profiles\ih6llrxe.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.theweathernetwork.com/weather/caon0696?ref=homemap
FF - component: c:\program files\mozilla firefox\extensions\{82af8dca-6de9-405d-bd5e-43525bdad38a}\components\SkypeFfComponent.dll
FF - plugin: c:\program files\bell\internet service advisor\nprpspa.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - Ext: Skype Click to Call: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} - c:\program files\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF - Ext: XULRunner: {90F1A548-548D-4FA0-AA88-EFD48734B062} - c:\users\danielle\appdata\local\{90F1A548-548D-4FA0-AA88-EFD48734B062}
.
============= SERVICES / DRIVERS ===============
.
R1 funfrm;funfrm;c:\windows\system32\drivers\funfrm.sys [2009-3-26 44544]
R1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\drivers\smiif32.sys [2008-5-19 13480]
R2 FNF5SVC;Fn+F5 Service;c:\program files\lenovo\hotkey\FnF5svc.exe [2008-9-11 54560]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
R2 ServicepointService;ServicepointService;c:\program files\bell\internet service advisor\ServicepointService.exe [2011-3-31 689464]
R2 TPHKSVC;On Screen Display;c:\program files\lenovo\hotkey\TPHKSVC.exe [2008-9-11 53325]
R2 TVT Backup Protection Service;TVT Backup Protection Service;c:\program files\lenovo\rescue and recovery\rrpservice.exe [2008-5-24 520192]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2008-1-24 183808]
R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2009-3-26 112128]
R3 TVTI2C;Lenovo SM bus driver;c:\windows\system32\drivers\tvti2c.sys [2008-2-22 37312]
S1 tvtumon;tvtumon;c:\windows\system32\drivers\tvtumon.sys [2009-3-26 48192]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 Roxio Upnp Server 10;Roxio Upnp Server 10;c:\program files\roxio\digital home 10\RoxioUpnpService10.exe [2008-4-25 362992]
S2 RoxLiveShare10;LiveShare P2P Server 10;c:\program files\common files\roxio shared\10.0\sharedcom\RoxLiveShare10.exe [2008-4-25 309744]
S2 RoxWatch10;Roxio Hard Drive Watcher 10;c:\program files\common files\roxio shared\10.0\sharedcom\RoxWatch10.exe [2008-4-25 166384]
S2 SessionLauncher;SessionLauncher;c:\users\admini~1\appdata\local\temp\dx9\sessionlauncher.exe --> c:\users\admini~1\appdata\local\temp\dx9\SessionLauncher.exe [?]
S2 TVT_UpdateMonitor;TVT Windows Update Monitor;c:\program files\lenovo\rescue and recovery\UpdateMonitor.exe [2008-5-24 360448]
S3 BBSvc;Bing Bar Update Service;c:\program files\microsoft\bingbar\BBSvc.EXE [2011-2-28 183560]
S3 Roxio UPnP Renderer 10;Roxio UPnP Renderer 10;c:\program files\roxio\digital home 10\RoxioUPnPRenderer10.exe [2008-4-25 313840]
S3 RoxMediaDB10;RoxMediaDB10;c:\program files\common files\roxio shared\10.0\sharedcom\RoxMediaDB10.exe [2008-4-25 1120752]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\windows live\mesh\wlcrasvc.exe [2010-9-22 51040]
.
=============== Created Last 30 ================
.
2011-12-20 21:25:33 56200 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{cd795727-2baf-467a-ad68-d98dc1604834}\offreg.dll
2011-12-20 21:25:28 6823496 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{cd795727-2baf-467a-ad68-d98dc1604834}\mpengine.dll
2011-12-20 21:12:29 -------- d-----w- c:\users\danielle\appdata\local\{4909BCE4-9A3D-42FE-8F5A-17A23CE0297D}
2011-12-20 21:12:06 -------- d-----w- c:\users\danielle\appdata\local\{D2DCDFD2-60C3-4D5C-BE99-C28A0E325155}
2011-11-22 04:00:22 -------- d-----w- c:\programdata\NortonInstaller
2011-11-22 04:00:22 -------- d-----w- c:\program files\NortonInstaller
2011-11-22 03:52:02 821760 ----a-w- c:\users\danielle\appdata\roaming\EFFING VIRUS CALLED privacy.exe
.
==================== Find3M ====================
.
2011-11-15 19:29:56 222080 ------w- c:\windows\system32\MpSigStub.exe
.
============= FINISH: 16:40:16.24 ===============
Attached Files
File Type: txt Attach.txt (10.7 KB, 38 views)
File Type: txt Gmer.txt (201.7 KB, 38 views)
danib.3 is offline  
Sponsored Links
Advertisement
 
Old 12-24-2011, 09:23 AM   #2
Registered Member
 
Join Date: Nov 2011
Posts: 29
OS: vista basic



Bump and Merry Christmas!
danib.3 is offline  
Old 12-24-2011, 07:33 PM   #3
TSF Security Manager
Emeritus
 
tetonbob's Avatar
 
Join Date: Jan 2005
Location: Transylvania County, North Carolina, USA
Posts: 52,197
OS: XP Pro; XP Home; Win7 x86 & x64



Hello.

Please subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe.

Before beginning the fix, read this post completely. If there's anything that you do not understand, kindly ask your questions before proceeding. Ensure that there aren't any opened browsers when you are carrying out the procedures below. Save the following instructions in Notepad as this webpage would not be available when you're carrying out the fix.

It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence.

---------------------------------------------------------------------------------------------

Please note that these fixes are not instantaneous. Most infections require more than one round to properly eradicate.

Stay with me until given the 'all clear' even if symptoms diminish. Lack of symptoms does not always mean the job is complete.

Kindly follow my instructions and please do no fixing on your own or running of scanners unless requested by me or another helper at this forum.

Please also note:
This forum is very busy. Topics with no activity of three days will be considered abandoned and closed.
Naturally, tomorrow is Christmas, so that won't count. I won't be around much tomorrow either.

Quote:
c:\users\danielle\appdata\roaming\EFFING VIRUS CALLED privacy.exe
You renamed this, but could not delete it, I take it? Or just edited the log? Please don't edit the logs, if that's the case. Thanks.

---------------------------------------------------------------------------------------------

  1. Download ComboFix from here


    * IMPORTANT !!! Place ComboFix.exe on your Desktop
  2. Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.


    You can get help on disabling your protection programs here
  3. Double click on ComboFix.exe & follow the prompts.

  4. Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.
  5. When finished, it shall produce a log for you. Post that log in your next reply

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.


    ---------------------------------------------------------------------------------------------
  6. Ensure your AntiVirus and AntiSpyware applications are re-enabled.

    ---------------------------------------------------------------------------------------------

NOTE: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.
__________________
Practice Safe Surfing
Because what you don't know, CAN hurt you.
Proud Member of UNITE since 2006

Microsoft MVP Consumer Security 2009 - 2015
tetonbob is offline  
Sponsored Links
Advertisement
 
Old 12-25-2011, 05:09 PM   #4
Registered Member
 
Join Date: Nov 2011
Posts: 29
OS: vista basic



Hi there and thanks for your reply. I'm away for Christmas so am not even able to finish thoroughly reading the instructions but I just wanted to be sure I understand the editing versus deleting thing. I'm fairly useless in terms of all of this, and when I read that it had been closed and I should begin another thread, I did nothing to the old one. I don't think I edited it or anything, but if I should delete it, I will if you say so. I'll wait to hear your answer to make sure I even understand what you are asking me about the other thread.

Thank you again for your help and your availability to those not gifted with your experience and knowledge.
danib.3 is offline  
Old 12-25-2011, 07:34 PM   #5
TSF Security Manager
Emeritus
 
tetonbob's Avatar
 
Join Date: Jan 2005
Location: Transylvania County, North Carolina, USA
Posts: 52,197
OS: XP Pro; XP Home; Win7 x86 & x64



Hi. I'm not asking you anything about the other thread. I'm asking you if you changed the file name, or edited the DDS log.
__________________
Practice Safe Surfing
Because what you don't know, CAN hurt you.
Proud Member of UNITE since 2006

Microsoft MVP Consumer Security 2009 - 2015
tetonbob is offline  
Old 12-26-2011, 01:11 PM   #6
Registered Member
 
Join Date: Nov 2011
Posts: 29
OS: vista basic



Ha ha! Oh, yes when it first happened I wanted to make sure I recognized it if I tried to fine it later so I renamed it "EFFING VIRUS" when I was attempting to delete it. ha ha! I had forgotten about that. Oops. But no, I did not touch the logs in any way except to add "Gmer" to the file that was saved with a random name, I think. But no, I assure I did not touch anything in that log above.
danib.3 is offline  
Old 12-26-2011, 01:40 PM   #7
TSF Security Manager
Emeritus
 
tetonbob's Avatar
 
Join Date: Jan 2005
Location: Transylvania County, North Carolina, USA
Posts: 52,197
OS: XP Pro; XP Home; Win7 x86 & x64



OK thanks. Please rename it back to privacy.exe if you can, then run ComboFix. If not, just go ahead and run ComboFix.
__________________
Practice Safe Surfing
Because what you don't know, CAN hurt you.
Proud Member of UNITE since 2006

Microsoft MVP Consumer Security 2009 - 2015
tetonbob is offline  
Old 12-27-2011, 08:25 AM   #8
Registered Member
 
Join Date: Nov 2011
Posts: 29
OS: vista basic



Attached you will find the results from the Combofix.

ComboFix 11-12-26.02 - Danielle 27/12/2011 10:57:52.1.2 - x86
Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.2.1033.18.2008.1044 [GMT -5:00]
Running from: D:\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Danielle\AppData\Local\{90F1A548-548D-4FA0-AA88-EFD48734B062}
c:\users\Danielle\AppData\Local\{90F1A548-548D-4FA0-AA88-EFD48734B062}\chrome.manifest
c:\users\Danielle\AppData\Local\{90F1A548-548D-4FA0-AA88-EFD48734B062}\chrome\content\_cfg.js
c:\users\Danielle\AppData\Local\{90F1A548-548D-4FA0-AA88-EFD48734B062}\chrome\content\overlay.xul
c:\users\Danielle\AppData\Local\{90F1A548-548D-4FA0-AA88-EFD48734B062}\install.rdf
c:\users\Danielle\AppData\Local\idukuvayad.dll
c:\users\Danielle\AppData\Roaming\EFFING VIRUS CALLED privacy.exe
c:\users\Danielle\Desktop\Privacy Protection.lnk
c:\windows\iun6002.exe
c:\windows\system32\Thumbs.db
Q:\Autorun.inf
S:\AUTORUN.INF
.
.
((((((((((((((((((((((((( Files Created from 2011-11-27 to 2011-12-27 )))))))))))))))))))))))))))))))
.
.
2011-12-20 21:25 . 2011-11-21 10:47 6823496 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{CD795727-2BAF-467A-AD68-D98DC1604834}\mpengine.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-15 19:29 . 2009-10-03 06:28 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-09-29 16:55 . 2011-02-25 21:28 0 ----a-w- c:\users\Danielle\AppData\Local\Tjuyey.bin
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\VeriFace Enc]
@="{771C7324-DA80-49D3-8017-753B0AF60951}"
[HKEY_CLASSES_ROOT\CLSID\{771C7324-DA80-49D3-8017-753B0AF60951}]
2009-03-26 09:20 241752 ------w- c:\windows\System32\IcnOvrly.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PMHandler"="c:\progra~1\Lenovo\PMDriver\PMHandler.exe" [2008-09-23 83240]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2008-03-26 163840]
"TPFNF7"="c:\program files\Lenovo\NPDIRECT\TPFNF7SP.exe" [2008-07-30 60192]
"TPWAUDAP"="c:\program files\Lenovo\HOTKEY\TpWAudAp.exe" [2008-03-11 54560]
"SmartAudio"="c:\program files\CONEXANT\SMARTAUDIO\SMAUDIO.EXE" [2008-07-21 2701880]
"TVT Scheduler Proxy"="c:\program files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe" [2008-05-24 487424]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"LPManager"="c:\progra~1\Lenovo\LENOVO~2\LPMGR.exe" [2007-04-26 120368]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe" [2008-04-25 244208]
"RoxioDragToDisc"="c:\program files\Lenovo\Drag-to-Disc\DrgToDsc.exe" [2007-03-13 1116920]
"VeriFaceManager"="c:\program files\Lenovo\VeriFaceIII\PManage.exe" [2009-03-26 323584]
"ACTray"="c:\program files\ThinkPad\ConnectUtilities\ACTray.exe" [2008-08-07 431392]
"ACWlIcon"="c:\program files\ThinkPad\ConnectUtilities\ACWlIcon.exe" [2008-08-07 148768]
"Message Center Plus"="c:\program files\LENOVO\Message Center Plus\MCPLaunch.exe" [2009-05-28 49976]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-10-15 49152]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-09-01 1164584]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2006-02-23 278528]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-09-21 155648]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-26 136216]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-26 171032]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-26 170520]
"BISA.exe"="c:\program files\Bell\Internet Service Advisor\BISA.exe" [2011-01-06 4318520]
"WPCUMI"="c:\windows\system32\WpcUmi.exe" [2006-11-02 176128]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2008-3-25 214360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ServicepointService]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R1 tvtumon;tvtumon;c:\windows\system32\DRIVERS\tvtumon.sys [2008-07-11 48192]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 Roxio Upnp Server 10;Roxio Upnp Server 10;c:\program files\Roxio\Digital Home 10\RoxioUpnpService10.exe [2008-04-25 362992]
R2 RoxLiveShare10;LiveShare P2P Server 10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe [2008-04-25 309744]
R2 RoxWatch10;Roxio Hard Drive Watcher 10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe [2008-04-25 166384]
R2 SessionLauncher;SessionLauncher;c:\users\ADMINI~1\AppData\Local\Temp\DX9\SessionLauncher.exe [x]
R2 TVT_UpdateMonitor;TVT Windows Update Monitor;c:\program files\Lenovo\Rescue and Recovery\UpdateMonitor.exe [2008-10-09 360448]
R3 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [2011-02-28 183560]
R3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [x]
R3 Roxio UPnP Renderer 10;Roxio UPnP Renderer 10;c:\program files\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe [2008-04-25 313840]
R3 RoxMediaDB10;RoxMediaDB10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [2008-04-25 1120752]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]
S1 funfrm;funfrm; [x]
S1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\DRIVERS\smiif32.sys [2008-05-12 13480]
S2 FNF5SVC;Fn+F5 Service;c:\program files\LENOVO\HOTKEY\FNF5SVC.exe [2008-03-14 54560]
S2 ServicepointService;ServicepointService;c:\program files\Bell\Internet Service Advisor\ServicepointService.exe [2011-01-06 689464]
S2 TPHKSVC;On Screen Display;c:\program files\LENOVO\HOTKEY\TPHKSVC.exe [2008-08-08 53325]
S2 TVT Backup Protection Service;TVT Backup Protection Service;c:\program files\Lenovo\Rescue and Recovery\rrpservice.exe [2008-05-24 520192]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60x.sys [2008-01-25 183808]
S3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2008-06-29 112128]
S3 TVTI2C;Lenovo SM bus driver;c:\windows\system32\DRIVERS\Tvti2c.sys [2008-02-22 37312]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
HPService REG_MULTI_SZ HPSLPSVC
getPlusHelper REG_MULTI_SZ getPlusHelper
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder
.
2011-08-03 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\PCDR5\pcdr5cuiw32.exe [2008-12-12 23:32]
.
2011-12-27 c:\windows\Tasks\User_Feed_Synchronization-{3AAF1EA2-97F4-4D88-B7F5-4FA3C00E0AD4}.job
- c:\windows\system32\msfeedssync.exe [2008-01-21 02:34]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.ca/
uSearchURL,(Default) = hxxp://g.msn.ca/0SEENCA/SAOS01?FORM=TOOLBR
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
LSP: c:\windows\system32\wpclsp.dll
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\Danielle\AppData\Roaming\Mozilla\Firefox\Profiles\ih6llrxe.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.theweathernetwork.com/weather/caon0696?ref=homemap
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - Ext: Skype Click to Call: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} - c:\program files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
.
- - - - ORPHANS REMOVED - - - -
.
HKCU-Run-Flileganow - c:\users\Danielle\AppData\Local\idukuvayad.dll
HKCU-Run-Privacy Protection - c:\users\Danielle\AppData\Roaming\privacy.exe
HKLM-Run-CAPPActiveProtection - c:\program files\CA\CA Internet Security Suite\CA Anti-Spyware\CAPPActiveProtection.exe
HKLM-Run-hpqSRMon - (no file)
AddRemove-Musculoskeletal_Imaging_2ed - c:\windows\iun6002.exe
AddRemove-PHASES_Rehab_3.0 - c:\windows\iun6002.exe
.
.
.
**************************************************************************
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files:
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(3692)
c:\windows\system32\IcnOvrly.dll
c:\program files\Lenovo\Drag-to-Disc\Shellex.dll
c:\windows\system32\DLAAPI_W.DLL
c:\program files\Lenovo\Drag-to-Disc\ShellRes.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\WLANExt.exe
c:\program files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
c:\program files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
c:\program files\Lenovo\PMDriver\PMSveH.exe
c:\program files\Microsoft\BingBar\SeaPort.EXE
c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\program files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
c:\program files\Lenovo\Rescue and Recovery\rrservice.exe
c:\program files\Common Files\Lenovo\Scheduler\tvtsched.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\ThinkPad\ConnectUtilities\AcSvc.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\program files\Lenovo\System Update\SUService.exe
c:\windows\system32\WUDFHost.exe
c:\program files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
c:\windows\system32\conime.exe
c:\windows\system32\igfxsrvc.exe
.
**************************************************************************
.
Completion time: 2011-12-27 11:15:25 - machine was rebooted
ComboFix-quarantined-files.txt 2011-12-27 16:14
.
Pre-Run: 37,116,133,376 bytes free
Post-Run: 38,078,636,032 bytes free
.
- - End Of File - - 26A5F16C913C5B27A9B34D34A79D05DA
Attached Files
File Type: txt combofixlog.txt (11.4 KB, 40 views)
danib.3 is offline  
Old 12-27-2011, 08:51 AM   #9
TSF Security Manager
Emeritus
 
tetonbob's Avatar
 
Join Date: Jan 2005
Location: Transylvania County, North Carolina, USA
Posts: 52,197
OS: XP Pro; XP Home; Win7 x86 & x64



Please download Malwarebytes' Anti-Malware to your desktop.

  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to the following:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. Save it to your desktop. Malwarebytes' Anti-Malware may require a reboot to complete removals. After a reboot, if required, post that saved log in your next reply.

---------------------------------------------------------------------------------------------

I see no evidence of an AntiVirus program on your system. This must be resolved. Connecting to the Internet without antivirus protection is a "Welcome" doormat for malware. It can take as little as eight seconds to infect an unprotected computer.

Here are a few very good free Antivirus products which are available:
Select one of these, or another of your choice. Do not install more than one antivirus program because they will conflict with each other. It is imperative that you update your antivirus software at least once a week (even more if you wish). If you do not update your antivirus software then it will not be able to catch new malware that may have come out.

Install, update definitions, and run a full system scan. If possible, save a log from the scan, and attach that in reply.

Please run DDS once again, and send it's new logs.

Link if you need it

https://download.bleepingcomputer.com/sUBs/dds.com
__________________
Practice Safe Surfing
Because what you don't know, CAN hurt you.
Proud Member of UNITE since 2006

Microsoft MVP Consumer Security 2009 - 2015
tetonbob is offline  
Old 12-27-2011, 12:47 PM   #10
Registered Member
 
Join Date: Nov 2011
Posts: 29
OS: vista basic



I'm installing the malware and antivirus from an uninfected computer and saving it onto disk and putting it onto the infected computer. (I'm not able to get on line with my computer at the moment) I'm not sure they are the latest versions though because I save it and when it starts to run it looks for newer versions but I'm not on line. Do I have to run it from the uninfected computer to get the latest version to save, or is it even possible to run it if I'm not on line?

I've run the malware once and it showed nothing infected so I'm thinking it is an outdated version that ran.
danib.3 is offline  
Old 12-27-2011, 12:50 PM   #11
Registered Member
 
Join Date: Nov 2011
Posts: 29
OS: vista basic



Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org
Database version: 7622
Windows 6.0.6002 Service Pack 2
Internet Explorer 7.0.6002.18005
27/12/2011 3:36:20 PM
mbam-log-2011-12-27 (15-36-20).txt
Scan type: Quick scan
Objects scanned: 192642
Time elapsed: 4 minute(s), 13 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
danib.3 is offline  
Old 12-27-2011, 12:56 PM   #12
Registered Member
 
Join Date: Nov 2011
Posts: 29
OS: vista basic



As I view this log above I don't think the version is the same one that ran when I downloaded and updated it on the uninfected computer so I assume it saved the older version and ran it on the infected computer? I don't know how to get the older version saved then UPDATED on the disk I'm transfering all this date to and from the uninfected to the infected computer.
danib.3 is offline  
Old 12-27-2011, 12:58 PM   #13
TSF Security Manager
Emeritus
 
tetonbob's Avatar
 
Join Date: Jan 2005
Location: Transylvania County, North Carolina, USA
Posts: 52,197
OS: XP Pro; XP Home; Win7 x86 & x64



Why can you not connect the computer to the internet?
__________________
Practice Safe Surfing
Because what you don't know, CAN hurt you.
Proud Member of UNITE since 2006

Microsoft MVP Consumer Security 2009 - 2015
tetonbob is offline  
Old 12-27-2011, 01:38 PM   #14
Registered Member
 
Join Date: Nov 2011
Posts: 29
OS: vista basic



I am visiting my parents' house for the holidays and they don't have a wireless modem so I was "taking turns". I'm now downloading the antivirus directly onto the infected computer after updating and re-running malware. I can repost the log but it did not find anything the second time either.
danib.3 is offline  
Old 12-27-2011, 02:10 PM   #15
Registered Member
 
Join Date: Nov 2011
Posts: 29
OS: vista basic



OK, have run the malware software as well as the avira scan and neither found anything. Attached are both reports.

Avira Scan:


Avira Free Antivirus
Report file date: December-27-11 17:04

Scanning for 2981825 virus strains and unwanted programs.

The program is running as an unrestricted full version.
Online services are available:

Licensee : Avira AntiVir Personal - Free Antivirus
Serial number : 0000149996-ADJIE-0000001
Platform : Windows Vista
Windows version : (Service Pack 2) [6.0.6002]
Boot mode : Normally booted
Username : Danielle
Computer name : DANIELLE-PC

Version information:
BUILD.DAT : 12.0.0.849 41825 Bytes 23/09/2011 20:19:00
AVSCAN.EXE : 12.1.0.17 490448 Bytes 23/09/2011 23:04:46
AVSCAN.DLL : 12.1.0.17 54224 Bytes 23/09/2011 18:34:56
LUKE.DLL : 12.1.0.17 68304 Bytes 23/09/2011 17:55:16
AVSCPLR.DLL : 12.1.0.21 99536 Bytes 27/12/2011 22:03:16
AVREG.DLL : 12.1.0.27 227536 Bytes 27/12/2011 22:03:15
VBASE000.VDF : 7.10.0.0 19875328 Bytes 06/11/2009 01:18:34
VBASE001.VDF : 7.11.0.0 13342208 Bytes 14/12/2010 16:07:39
VBASE002.VDF : 7.11.19.170 14374912 Bytes 20/12/2011 22:02:11
VBASE003.VDF : 7.11.19.171 2048 Bytes 20/12/2011 22:02:11
VBASE004.VDF : 7.11.19.172 2048 Bytes 20/12/2011 22:02:11
VBASE005.VDF : 7.11.19.173 2048 Bytes 20/12/2011 22:02:11
VBASE006.VDF : 7.11.19.174 2048 Bytes 20/12/2011 22:02:11
VBASE007.VDF : 7.11.19.175 2048 Bytes 20/12/2011 22:02:12
VBASE008.VDF : 7.11.19.176 2048 Bytes 20/12/2011 22:02:12
VBASE009.VDF : 7.11.19.177 2048 Bytes 20/12/2011 22:02:12
VBASE010.VDF : 7.11.19.178 2048 Bytes 20/12/2011 22:02:12
VBASE011.VDF : 7.11.19.179 2048 Bytes 20/12/2011 22:02:12
VBASE012.VDF : 7.11.19.180 2048 Bytes 20/12/2011 22:02:12
VBASE013.VDF : 7.11.19.217 182784 Bytes 22/12/2011 22:02:14
VBASE014.VDF : 7.11.19.255 148480 Bytes 24/12/2011 22:02:16
VBASE015.VDF : 7.11.20.29 164352 Bytes 27/12/2011 22:02:18
VBASE016.VDF : 7.11.20.30 2048 Bytes 27/12/2011 22:02:18
VBASE017.VDF : 7.11.20.31 2048 Bytes 27/12/2011 22:02:18
VBASE018.VDF : 7.11.20.32 2048 Bytes 27/12/2011 22:02:18
VBASE019.VDF : 7.11.20.33 2048 Bytes 27/12/2011 22:02:18
VBASE020.VDF : 7.11.20.34 2048 Bytes 27/12/2011 22:02:18
VBASE021.VDF : 7.11.20.35 2048 Bytes 27/12/2011 22:02:18
VBASE022.VDF : 7.11.20.36 2048 Bytes 27/12/2011 22:02:19
VBASE023.VDF : 7.11.20.37 2048 Bytes 27/12/2011 22:02:19
VBASE024.VDF : 7.11.20.38 2048 Bytes 27/12/2011 22:02:19
VBASE025.VDF : 7.11.20.39 2048 Bytes 27/12/2011 22:02:19
VBASE026.VDF : 7.11.20.40 2048 Bytes 27/12/2011 22:02:19
VBASE027.VDF : 7.11.20.41 2048 Bytes 27/12/2011 22:02:19
VBASE028.VDF : 7.11.20.42 2048 Bytes 27/12/2011 22:02:19
VBASE029.VDF : 7.11.20.43 2048 Bytes 27/12/2011 22:02:20
VBASE030.VDF : 7.11.20.44 2048 Bytes 27/12/2011 22:02:20
VBASE031.VDF : 7.11.20.49 59392 Bytes 27/12/2011 22:02:21
Engineversion : 8.2.8.8
AEVDF.DLL : 8.1.2.2 106868 Bytes 27/12/2011 22:03:11
AESCRIPT.DLL : 8.1.3.92 495996 Bytes 27/12/2011 22:03:11
AESCN.DLL : 8.1.7.2 127349 Bytes 02/09/2011 04:46:02
AESBX.DLL : 8.2.4.5 434549 Bytes 27/12/2011 22:03:13
AERDL.DLL : 8.1.9.15 639348 Bytes 09/09/2011 04:16:06
AEPACK.DLL : 8.2.15.1 770423 Bytes 27/12/2011 22:03:07
AEOFFICE.DLL : 8.1.2.24 201084 Bytes 27/12/2011 22:03:00
AEHEUR.DLL : 8.1.3.8 4231543 Bytes 27/12/2011 22:02:59
AEHELP.DLL : 8.1.18.0 254327 Bytes 27/12/2011 22:02:31
AEGEN.DLL : 8.1.5.17 405877 Bytes 27/12/2011 22:02:29
AEEMU.DLL : 8.1.3.0 393589 Bytes 02/09/2011 04:46:01
AECORE.DLL : 8.1.24.2 201080 Bytes 27/12/2011 22:02:26
AEBB.DLL : 8.1.1.0 53618 Bytes 02/09/2011 04:46:01
AVWINLL.DLL : 12.1.0.17 27344 Bytes 23/09/2011 17:13:18
AVPREF.DLL : 12.1.0.17 51920 Bytes 23/09/2011 16:53:57
AVREP.DLL : 12.1.0.17 179408 Bytes 23/09/2011 16:55:01
AVARKT.DLL : 12.1.0.17 223184 Bytes 23/09/2011 16:25:26
AVEVTLOG.DLL : 12.1.0.17 169168 Bytes 23/09/2011 16:34:37
SQLITE3.DLL : 3.7.0.0 398288 Bytes 16/09/2011 07:05:58
AVSMTP.DLL : 12.1.0.17 62928 Bytes 23/09/2011 17:03:47
NETNT.DLL : 12.1.0.17 17104 Bytes 23/09/2011 17:58:06
RCIMAGE.DLL : 12.1.0.17 4450000 Bytes 23/09/2011 18:37:25
RCTEXT.DLL : 12.1.0.16 96208 Bytes 23/09/2011 18:37:24

Configuration settings for the scan:
Jobname.............................: Short system scan after installation
Configuration file..................: c:\program files\avira\antivir desktop\setupprf.dat
Logging.............................: default
Primary action......................: interactive
Secondary action....................: ignore
Scan master boot sector.............: on
Scan boot sector....................: on
Process scan........................: on
Scan registry.......................: on
Search for rootkits.................: off
Integrity checking of system files..: off
Scan all files......................: Intelligent file selection
Scan archives.......................: on
Recursion depth.....................: 20
Smart extensions....................: on
Macro heuristic.....................: on
File heuristic......................: extended

Start of the scan: December-27-11 17:04

Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!
Master boot sector HD1
[INFO] No virus was found!

Start scanning boot sectors:

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avshadow.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'avconfig.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'setup.exe' - '1' Module(s) have been scanned
Scan process 'presetup.exe' - '1' Module(s) have been scanned
Scan process 'avira_free_antivirus_en.exe' - '1' Module(s) have been scanned
Scan process 'BISAComHandler.exe' - '1' Module(s) have been scanned
Scan process 'plugin-container.exe' - '1' Module(s) have been scanned
Scan process 'firefox.exe' - '1' Module(s) have been scanned
Scan process 'conime.exe' - '1' Module(s) have been scanned
Scan process 'Taskmgr.exe' - '1' Module(s) have been scanned
Scan process 'wmiprvse.exe' - '1' Module(s) have been scanned
Scan process 'wuauclt.exe' - '1' Module(s) have been scanned
Scan process 'WUDFHost.exe' - '1' Module(s) have been scanned
Scan process 'wmpnetwk.exe' - '1' Module(s) have been scanned
Scan process 'wmpnscfg.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'hpqgpc01.exe' - '1' Module(s) have been scanned
Scan process 'hpqbam08.exe' - '1' Module(s) have been scanned
Scan process 'hpqSTE08.exe' - '1' Module(s) have been scanned
Scan process 'Apntex.exe' - '1' Module(s) have been scanned
Scan process 'ApMsgFwd.exe' - '1' Module(s) have been scanned
Scan process 'iPodService.exe' - '1' Module(s) have been scanned
Scan process 'hpqtra08.exe' - '1' Module(s) have been scanned
Scan process 'sidebar.exe' - '1' Module(s) have been scanned
Scan process 'wpcumi.exe' - '1' Module(s) have been scanned
Scan process 'BISA.exe' - '1' Module(s) have been scanned
Scan process 'igfxpers.exe' - '1' Module(s) have been scanned
Scan process 'hkcmd.exe' - '1' Module(s) have been scanned
Scan process 'igfxtray.exe' - '1' Module(s) have been scanned
Scan process 'qttask.exe' - '1' Module(s) have been scanned
Scan process 'iTunesHelper.exe' - '1' Module(s) have been scanned
Scan process 'DivXUpdate.exe' - '1' Module(s) have been scanned
Scan process 'hpwuSchd2.exe' - '1' Module(s) have been scanned
Scan process 'jusched.exe' - '1' Module(s) have been scanned
Scan process 'MCPLaunch.exe' - '1' Module(s) have been scanned
Scan process 'ACWLIcon.exe' - '1' Module(s) have been scanned
Scan process 'ACTray.exe' - '1' Module(s) have been scanned
Scan process 'PManage.exe' - '1' Module(s) have been scanned
Scan process 'DrgToDsc.exe' - '1' Module(s) have been scanned
Scan process 'LPMGR.EXE' - '1' Module(s) have been scanned
Scan process 'scheduler_proxy.exe' - '1' Module(s) have been scanned
Scan process 'SmAudio.exe' - '1' Module(s) have been scanned
Scan process 'TpWAudAp.exe' - '1' Module(s) have been scanned
Scan process 'tpfnf7sp.exe' - '1' Module(s) have been scanned
Scan process 'Apoint.exe' - '1' Module(s) have been scanned
Scan process 'PMHandler.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'igfxsrvc.exe' - '1' Module(s) have been scanned
Scan process 'Explorer.EXE' - '1' Module(s) have been scanned
Scan process 'Dwm.exe' - '1' Module(s) have been scanned
Scan process 'taskeng.exe' - '1' Module(s) have been scanned
Scan process 'wmiprvse.exe' - '1' Module(s) have been scanned
Scan process 'SvcGuiHlpr.exe' - '1' Module(s) have been scanned
Scan process 'WLIDSvcM.exe' - '1' Module(s) have been scanned
Scan process 'SUService.exe' - '1' Module(s) have been scanned
Scan process 'AcSvc.exe' - '1' Module(s) have been scanned
Scan process 'SearchIndexer.exe' - '1' Module(s) have been scanned
Scan process 'WLIDSVC.EXE' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'tvtsched.exe' - '1' Module(s) have been scanned
Scan process 'rrservice.exe' - '1' Module(s) have been scanned
Scan process 'rrpservice.exe' - '1' Module(s) have been scanned
Scan process 'TPHKSVC.exe' - '1' Module(s) have been scanned
Scan process 'tvt_reg_monitor_svc.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'sqlwriter.exe' - '1' Module(s) have been scanned
Scan process 'sqlbrowser.exe' - '1' Module(s) have been scanned
Scan process 'ServicepointService.exe' - '1' Module(s) have been scanned
Scan process 'SeaPort.EXE' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'PMSveH.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'iviRegMgr.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'FNF5SVC.exe' - '1' Module(s) have been scanned
Scan process 'BcmSqlStartupSvc.exe' - '1' Module(s) have been scanned
Scan process 'AcPrfMgrSvc.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'WLANExt.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'SLsvc.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'lsm.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'wininit.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned

Starting to scan executable files (registry).
The registry was scanned ( '2787' files ).



End of the scan: December-27-11 17:05
Used time: 00:56 Minute(s)

The scan has been done completely.

0 Scanned directories
3543 Files were scanned
0 Viruses and/or unwanted programs were found
0 Files were classified as suspicious
0 Files were deleted
0 Viruses and unwanted programs were repaired
0 Files were moved to quarantine
0 Files were renamed
0 Files cannot be scanned
3543 Files not concerned
23 Archives were scanned
0 Warnings
0 Notes
Attached Files
File Type: txt mbam-log2-2011-12-27 (16-17-06).txt (907 Bytes, 36 views)
danib.3 is offline  
Old 12-27-2011, 02:57 PM   #16
TSF Security Manager
Emeritus
 
tetonbob's Avatar
 
Join Date: Jan 2005
Location: Transylvania County, North Carolina, USA
Posts: 52,197
OS: XP Pro; XP Home; Win7 x86 & x64



I see, thanks for the explanation. Recent infections have been wreaking havoc with networking connections. Your logs did not show signs of this type of infection. I'm glad that was not the case.

How is the machine behaving now?

Even though we've just run a scan with your new antivirus, since the machine has been infected, and without antivirus, it would be prudent to run an online scan with another vendor's definitions. One may find what another does not.

Go here to run an online scannner from ESET.
  • Note: You will need to use Internet explorer for this scan. Vista/Windows7 users will need to right click on their IE shortcut, run as Administrator.
  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • When the scan is done, if it shows a screen that says "Threats found!", then click "List of found threats", and then click "Export to text file..."
  • Save that text file on your desktop, and then attach it to a reply for me.
  • Close the ESET online scan.
__________________
Practice Safe Surfing
Because what you don't know, CAN hurt you.
Proud Member of UNITE since 2006

Microsoft MVP Consumer Security 2009 - 2015
tetonbob is offline  
Old 12-27-2011, 05:45 PM   #17
Registered Member
 
Join Date: Nov 2011
Posts: 29
OS: vista basic



It's been scanning for over an hour, has found 14 threats, is 30% finished but appears to be freezing up. Is this normal, and is there any way to deal with what it's found so far without it freezing up and having to start all over again?
danib.3 is offline  
Old 12-27-2011, 06:50 PM   #18
Registered Member
 
Join Date: Nov 2011
Posts: 29
OS: vista basic



Here is the report of ESET scan (attached)
Attached Files
File Type: txt ESET threats found.txt (1.7 KB, 41 views)
danib.3 is offline  
Old 12-27-2011, 09:13 PM   #19
TSF Security Manager
Emeritus
 
tetonbob's Avatar
 
Join Date: Jan 2005
Location: Transylvania County, North Carolina, USA
Posts: 52,197
OS: XP Pro; XP Home; Win7 x86 & x64



Good job...next steps...

Before beginning the fix, read this post completely. If there's anything that you do not understand, kindly ask your questions before proceeding. Ensure that there aren't any opened browsers when you are carrying out the procedures below. Save the following instructions in Notepad as this webpage would not be available when you're carrying out the fix.

It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence.

---------------------------------------------------------------------------------------------
  1. Outdated Java

    Java(TM) 6 Update 15 can be updated from the Java control panel Start > Control Panel (Classic View) > Java (looks like a coffee cup) > Update Tab > Update Now. An update should begin; follow the prompts. Let me know if it does not.

    Make sure you untick the box next to whatever free program they prompt you to install, unless you want it.

    Going forward, Java will overwrite existing installs, so removing older versions should not be required after this.

    Once the install is complete...

    Go into the Control Panel (Classic View) and double-click the Java Icon. (looks like a coffee cup)
    • On the General tab, under Temporary Internet Files, click the Settings button.
    • Next, click on the Delete Files button
    • There are two options in the window to clear the cache - Leave BOTH Checked
      • Applications and Applets
        Trace and Log Files
    • Click OK on Delete Temporary Files Window
      Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.
    • Click OK to leave the Temporary Files Window
    • Click OK to leave the Java Control Panel.

    ---------------------------------------------------------------------------------------------
  2. Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.
  3. Open notepad and copy/paste the text in the quotebox below into it:

    Quote:
    File::
    C:\Users\Danielle\AppData\Local\VirtualStore\Windows\System32\net.net
    C:\Users\Danielle\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\20\7bb99554-6d3ef053
    C:\Users\Danielle\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\26\1271b9a-1bb4760b
    C:\Users\Danielle\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\29\7adbb65d-31dccde7
    C:\Users\Danielle\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\3\1b99f03-102cbd0a
    C:\Users\Danielle\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\3\1b99f03-26e66a82
    C:\Users\Danielle\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\3\1b99f03-2cfdca83
    C:\Users\Danielle\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\3\1b99f03-456b1360
    C:\Users\Danielle\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\3\1b99f03-5d470f1e
    C:\Users\Danielle\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\3\1b99f03-7c225d34
    C:\Users\Danielle\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\32\3992eaa0-1522a930
    C:\Users\Danielle\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\56\20653a38-2c3172aa
    ClearJavaCache::


    Save this as CFScript.txt




    Referring to the picture above, drag CFScript.txt into ComboFix.exe
  4. ComboFix may request an update; please allow it.
  5. Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.
  6. When finished, it shall produce a log for you. Post that log in your next reply

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.


    ---------------------------------------------------------------------------------------------
  7. Ensure your AntiVirus and AntiSpyware applications are re-enabled.


    ---------------------------------------------------------------------------------------------

NOTE: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.
__________________
Practice Safe Surfing
Because what you don't know, CAN hurt you.
Proud Member of UNITE since 2006

Microsoft MVP Consumer Security 2009 - 2015
tetonbob is offline  
Old 12-30-2011, 10:57 AM   #20
Registered Member
 
Join Date: Nov 2011
Posts: 29
OS: vista basic



OK, here is the log created after this last process:

ComboFix 11-12-30.01 - Danielle 30/12/2011 13:36:57.2.2 - x86
Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.2.1033.18.2008.892 [GMT -5:00]
Running from: D:\ComboFix.exe
Command switches used :: c:\users\Danielle\Desktop\CFScript.txt
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\users\Danielle\AppData\Local\VirtualStore\Windows\System32\net.net"
"c:\users\Danielle\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\20\7bb99554-6d3ef053"
"c:\users\Danielle\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\26\1271b9a-1bb4760b"
"c:\users\Danielle\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\29\7adbb65d-31dccde7"
"c:\users\Danielle\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\3\1b99f03-102cbd0a"
"c:\users\Danielle\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\3\1b99f03-26e66a82"
"c:\users\Danielle\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\3\1b99f03-2cfdca83"
"c:\users\Danielle\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\3\1b99f03-456b1360"
"c:\users\Danielle\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\3\1b99f03-5d470f1e"
"c:\users\Danielle\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\3\1b99f03-7c225d34"
"c:\users\Danielle\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\32\3992eaa0-1522a930"
"c:\users\Danielle\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\56\20653a38-2c3172aa"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Danielle\AppData\Local\VirtualStore\Windows\System32\net.net
c:\windows\isRS-000.tmp
.
.
((((((((((((((((((((((((( Files Created from 2011-11-28 to 2011-12-30 )))))))))))))))))))))))))))))))
.
.
2011-12-30 18:45 . 2011-12-30 18:45 -------- d-----w- c:\users\Guest\AppData\Local\temp
2011-12-30 18:45 . 2011-12-30 18:45 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-12-30 18:25 . 2011-12-30 18:25 -------- d-----w- c:\program files\Common Files\Java
2011-12-30 18:21 . 2011-11-10 10:54 476904 ----a-w- c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
2011-12-30 18:21 . 2011-11-10 10:54 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-12-30 18:04 . 2011-12-30 18:04 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{CFD51110-9459-4FA5-B149-A086F98F689D}\offreg.dll
2011-12-30 18:04 . 2011-11-21 10:47 6823496 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{CFD51110-9459-4FA5-B149-A086F98F689D}\mpengine.dll
2011-12-28 00:23 . 2011-12-28 00:23 -------- d-----w- c:\program files\ESET
2011-12-27 22:00 . 2011-12-27 22:00 -------- d-----w- c:\users\Danielle\AppData\Roaming\Avira
2011-12-27 21:59 . 2011-12-30 18:06 134856 ----a-w- c:\windows\system32\drivers\avipbb.sys
2011-12-27 21:59 . 2011-09-16 04:55 36000 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2011-12-27 21:59 . 2011-09-16 04:55 74640 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2011-12-27 21:59 . 2011-12-27 21:59 -------- d-----w- c:\programdata\Avira
2011-12-27 21:59 . 2011-12-27 21:59 -------- d-----w- c:\program files\Avira
2011-12-27 16:15 . 2011-12-30 18:45 -------- d-----w- c:\users\Danielle\AppData\Local\temp
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-15 19:29 . 2009-10-03 06:28 222080 ------w- c:\windows\system32\MpSigStub.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\VeriFace Enc]
@="{771C7324-DA80-49D3-8017-753B0AF60951}"
[HKEY_CLASSES_ROOT\CLSID\{771C7324-DA80-49D3-8017-753B0AF60951}]
2009-03-26 09:20 241752 ------w- c:\windows\System32\IcnOvrly.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PMHandler"="c:\progra~1\Lenovo\PMDriver\PMHandler.exe" [2008-09-23 83240]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2008-03-26 163840]
"TPFNF7"="c:\program files\Lenovo\NPDIRECT\TPFNF7SP.exe" [2008-07-30 60192]
"TPWAUDAP"="c:\program files\Lenovo\HOTKEY\TpWAudAp.exe" [2008-03-11 54560]
"SmartAudio"="c:\program files\CONEXANT\SMARTAUDIO\SMAUDIO.EXE" [2008-07-21 2701880]
"TVT Scheduler Proxy"="c:\program files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe" [2008-05-24 487424]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"LPManager"="c:\progra~1\Lenovo\LENOVO~2\LPMGR.exe" [2007-04-26 120368]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe" [2008-04-25 244208]
"RoxioDragToDisc"="c:\program files\Lenovo\Drag-to-Disc\DrgToDsc.exe" [2007-03-13 1116920]
"VeriFaceManager"="c:\program files\Lenovo\VeriFaceIII\PManage.exe" [2009-03-26 323584]
"ACTray"="c:\program files\ThinkPad\ConnectUtilities\ACTray.exe" [2008-08-07 431392]
"ACWlIcon"="c:\program files\ThinkPad\ConnectUtilities\ACWlIcon.exe" [2008-08-07 148768]
"Message Center Plus"="c:\program files\LENOVO\Message Center Plus\MCPLaunch.exe" [2009-05-28 49976]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-10-15 49152]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-09-01 1164584]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2006-02-23 278528]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-09-21 155648]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-26 136216]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-26 171032]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-26 170520]
"BISA.exe"="c:\program files\Bell\Internet Service Advisor\BISA.exe" [2011-01-06 4318520]
"WPCUMI"="c:\windows\system32\WpcUmi.exe" [2006-11-02 176128]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-09-23 258512]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2008-3-25 214360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ServicepointService]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R1 tvtumon;tvtumon;c:\windows\system32\DRIVERS\tvtumon.sys [2008-07-11 48192]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 Roxio Upnp Server 10;Roxio Upnp Server 10;c:\program files\Roxio\Digital Home 10\RoxioUpnpService10.exe [2008-04-25 362992]
R2 RoxLiveShare10;LiveShare P2P Server 10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe [2008-04-25 309744]
R2 RoxWatch10;Roxio Hard Drive Watcher 10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe [2008-04-25 166384]
R2 SessionLauncher;SessionLauncher;c:\users\ADMINI~1\AppData\Local\Temp\DX9\SessionLauncher.exe [x]
R2 TVT_UpdateMonitor;TVT Windows Update Monitor;c:\program files\Lenovo\Rescue and Recovery\UpdateMonitor.exe [2008-10-09 360448]
R3 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [2011-02-28 183560]
R3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [x]
R3 Roxio UPnP Renderer 10;Roxio UPnP Renderer 10;c:\program files\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe [2008-04-25 313840]
R3 RoxMediaDB10;RoxMediaDB10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [2008-04-25 1120752]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2011-09-16 36000]
S1 funfrm;funfrm; [x]
S1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\DRIVERS\smiif32.sys [2008-05-12 13480]
S2 AntiVirSchedulerService;Avira Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2011-09-23 86224]
S2 FNF5SVC;Fn+F5 Service;c:\program files\LENOVO\HOTKEY\FNF5SVC.exe [2008-03-14 54560]
S2 ServicepointService;ServicepointService;c:\program files\Bell\Internet Service Advisor\ServicepointService.exe [2011-01-06 689464]
S2 TPHKSVC;On Screen Display;c:\program files\LENOVO\HOTKEY\TPHKSVC.exe [2008-08-08 53325]
S2 TVT Backup Protection Service;TVT Backup Protection Service;c:\program files\Lenovo\Rescue and Recovery\rrpservice.exe [2008-05-24 520192]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60x.sys [2008-01-25 183808]
S3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2008-06-29 112128]
S3 TVTI2C;Lenovo SM bus driver;c:\windows\system32\DRIVERS\Tvti2c.sys [2008-02-22 37312]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - AVGNTFLT
*NewlyCreated* - AVIPBB
*NewlyCreated* - AVKMGR
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
HPService REG_MULTI_SZ HPSLPSVC
getPlusHelper REG_MULTI_SZ getPlusHelper
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder
.
2011-08-03 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\PCDR5\pcdr5cuiw32.exe [2008-12-12 23:32]
.
2011-12-30 c:\windows\Tasks\User_Feed_Synchronization-{3AAF1EA2-97F4-4D88-B7F5-4FA3C00E0AD4}.job
- c:\windows\system32\msfeedssync.exe [2008-01-21 02:34]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.ca/
uSearchURL,(Default) = hxxp://g.msn.ca/0SEENCA/SAOS01?FORM=TOOLBR
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
LSP: c:\windows\system32\wpclsp.dll
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Danielle\AppData\Roaming\Mozilla\Firefox\Profiles\ih6llrxe.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.theweathernetwork.com/weather/caon0696?ref=homemap
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - Ext: Skype Click to Call: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} - c:\program files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2011-12-30 13:45
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
Completion time: 2011-12-30 13:48:42
ComboFix-quarantined-files.txt 2011-12-30 18:48
ComboFix2.txt 2011-12-27 16:15
.
Pre-Run: 58,327,695,360 bytes free
Post-Run: 58,308,722,688 bytes free
.
- - End Of File - - DC6F8937ED0E25951F16C4015644A0CC



Since doing all this cleaning up, I have a new window I'm not familiar with that opens up when I start Mozilla and it is advising me of multiple add-ons and asking me what I want to do with them. 3 of them do not allow me to do anything with them (can't click on them to uninstall or update, and there is an exclamation point next to them). There are 2 add-ons waiting for me to do something and they are Java Console 6.0.15 and 6.0.30. Is that related to the recent Java update? (the others on there that I can't do anythign with are 2 from an old antivirus program, CA link advisor; there is one for my HP printer; one for Microsoft.NET framework assistant; and a "Skype to call" something or other)

What should I do with those??? Incidentally, I get script errors on one or both of the computers I'm using when I am on this tech support page.

Thanks again!
danib.3 is offline  
 

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Similar Threads
Thread Thread Starter Forum Replies Last Post
w32/blaster.worm follow up
Hi there. I'm posting after attempting to follow the instructions on your closed thread: https://www.techsupportforum.com/forums/f50/new-instructions-read-this-before-posting-for-malware-removal-help-305963.html I started up in safe mode and used another computer to try to download the dds...
danib.3 Inactive Malware Help Topics 7 12-09-2011 05:31 AM
Screen Magnifier (THAT DOES NOT FOLLOW MOUSE)
Hi, I didn't know where to post this -.- so im just posting it here. but I'm really looking for a program that magnifies an area of my screen and just stays there. The magnifier tool that comes with windows 7 is really good and all, but all the options on it...just makes it follow...
futures Windows 7 , Windows Vista Support 0 04-30-2011 01:33 AM
w32/blaster.worm
Hello! My work computer today randomly went crazy. I was using foxfire browser and had up a few publisher files when everything just x-ed out and a little balloon popped up saying "drgtodsc.exe cannot start File drgtodsc.exe is infected by w32/blaster.worm Please activate Spyware Protection to...
anjelita13 Inactive Malware Help Topics 4 03-19-2011 03:42 PM
Trying to follow recovering HDD sticky, but can't
I've got a 1TB external WB harddrive, which I tried to add a partition to the other day, but unfortunately my computer crashed in the middle of it :upset: so now my hard drive is not recognisable on any computer, using any cables. However it can be picked up in both disk management and device...
BecBennett Hard Drive Support 14 01-26-2011 09:47 PM
Is there a computer building guide that i can follow?
is there some kinda computer building guide in the forum that i can sort of follow through to make sure i have done everything correctly and not miss anything so it WILL boot up? I am currently following the intel $1200 build with the new i5 2500k sandy bridge processor from the build suggestion...
gavinwkc Building 2 01-17-2011 07:25 PM

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is on
Smilies are on
[IMG] code is on
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Post a Question


» Site Navigation
 > FAQ
  > 10.0.0.2
Powered by vBadvanced CMPS v3.2.3


All times are GMT -7. The time now is 02:31 PM.


Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2020, vBulletin Solutions, Inc.
vBulletin Security provided by vBSecurity v2.2.2 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
User Alert System provided by Advanced User Tagging v3.1.0 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
Copyright 2001 - 2018, Tech Support Forum

Windows 10 - Windows 7 - Windows XP - Windows Vista - Trojan Removal - Spyware Removal - Virus Removal - Networking - Security - Top Web Hosts