We're aware that some users are experiencing technical issues which the team are working to resolve. See the Community Noticeboard for more info. Thank you for your patience.
📨 Have you signed up to the Forum's new Email Digest yet? Get a selection of trending threads sent straight to your inbox daily, weekly or monthly!

Supposed to be doing my BSL homework!!!

Options
1457910

Comments

  • RussJK
    RussJK Posts: 2,359 Forumite
    edited 9 May 2011 at 8:18PM
    Okay, try uninstalling AVG, and after you reboot then use a removal tool to make sure it's gone - http://www.avg.com/us-en/download-tools (also can try www.appremover.com with the 'check for failed uninstall' option).

    Then download this file to the desktop and run it (it will try to temporarily shut down any malware processes):
    http://www.users.on.net/~russ/iExplore.exe

    Then run this one and post the logs as previously described: (this is the malware cleaner, just renamed to trick malware)
    http://www.users.on.net/~russ/qwertles.exe

    Only after you've run the malware cleaner, then try installing Avast (or reinstall AVG, but I don't recommend it):
    http://majorgeeks.com/Avast_Home_Edition_d1968.html
  • top_drawer_2
    top_drawer_2 Posts: 2,469 Forumite
    RussJK wrote: »
    Okay, try uninstalling AVG, and after you reboot then use a removal tool to make sure it's gone - http://www.avg.com/us-en/download-tools (also can try www.appremover.com with the 'check for failed uninstall' option).

    Then download this file to the desktop and run it (it will try to temporarily shut down any malware processes):
    http://www.users.on.net/~russ/iExplore.exe

    Then run this one and post the logs as previously described: (this is the malware cleaner, just renamed to trick malware)
    http://www.users.on.net/~russ/qwertles.exe

    Only after you've run the malware cleaner, then try installing Avast (or reinstall AVG, but I don't recommend it):
    http://majorgeeks.com/Avast_Home_Edition_d1968.html

    Everything worked fine then tried to run the malware cleaner; it goes through the various security checks, briefly shows something like a dos screen and then stops. Not sure what I have done wrong.

    Jen
  • RussJK
    RussJK Posts: 2,359 Forumite
    top_drawer wrote: »
    Everything worked fine then tried to run the malware cleaner; it goes through the various security checks, briefly shows something like a dos screen and then stops. Not sure what I have done wrong.

    Jen

    What stage does it get to from this guide?
    http://www.bleepingcomputer.com/combofix/how-to-use-combofix

    Check if there's a combofix log (My computer > Drive C > combofix.txt)
  • top_drawer_2
    top_drawer_2 Posts: 2,469 Forumite
    Not a clue what I did right, here it is.....

    omboFix 11-05-09.01 - Jennifer 09/05/2011 22:12:00.1.2 - x86
    Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.1917.1132 [GMT 1:00]
    Running from: c:\users\Jennifer\Downloads\ComboFix.exe
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\progra~1\KINGKO~1\Capture\KKBRow~1.dll
    c:\users\Jennifer\OOo_3.1.0_Win32Intel_install_wJRE_en-US.exe
    .
    .
    ((((((((((((((((((((((((( Files Created from 2011-04-09 to 2011-05-09 )))))))))))))))))))))))))))))))
    .
    .
    2011-05-09 21:21 . 2011-05-09 21:22
    d
    w- c:\users\Jennifer\AppData\Local\temp
    2011-05-09 21:21 . 2011-05-09 21:21
    d
    w- c:\users\Default\AppData\Local\temp
    2011-05-08 17:02 . 2011-05-08 17:02
    d
    w- c:\windows\system32\Adobe
    2011-05-07 21:37 . 2011-05-07 21:37
    d
    w- c:\programdata\McAfee
    2011-04-30 10:38 . 2011-05-05 21:59 17480 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
    2011-04-30 10:38 . 2011-04-30 10:38
    d
    w- c:\program files\Hitman Pro 3.5
    2011-04-30 10:38 . 2011-05-05 21:55
    d
    w- c:\programdata\Hitman Pro
    2011-04-29 21:45 . 2011-04-29 21:45 388096 ----a-r- c:\users\Jennifer\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
    2011-04-29 20:15 . 2011-04-29 20:15
    d
    w- c:\program files\Trend Micro
    2011-04-29 17:19 . 2011-04-29 17:19
    d
    w- c:\users\Jennifer\AppData\Roaming\Malwarebytes
    2011-04-29 17:19 . 2010-12-20 17:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2011-04-29 17:19 . 2011-04-29 17:19
    d
    w- c:\programdata\Malwarebytes
    2011-04-29 17:19 . 2011-04-29 17:19
    d
    w- c:\program files\Malwarebytes' Anti-Malware
    2011-04-29 17:19 . 2010-12-20 17:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-04-28 16:38 . 2011-04-28 16:38
    d
    w- c:\users\Jennifer\AppData\Local\Opera
    2011-04-28 16:37 . 2011-04-28 16:37
    d
    w- c:\program files\Opera
    2011-04-28 14:20 . 2011-04-28 14:20 784136 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
    2011-04-28 14:19 . 2011-03-03 15:40 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
    2011-04-28 14:19 . 2011-03-03 13:35 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
    2011-04-28 14:19 . 2011-03-12 21:55 876032 ----a-w- c:\windows\system32\XpsPrint.dll
    2011-04-25 20:16 . 2011-04-25 20:16
    d
    w- c:\users\Jennifer\AppData\Local\Mozilla
    2011-04-24 22:54 . 2011-04-24 22:54
    d
    w- c:\users\Jennifer\AppData\Roaming\Apple Computer
    2011-04-24 22:54 . 2011-04-24 22:54
    d
    w- c:\users\Jennifer\AppData\Local\Apple Computer
    2011-04-24 22:51 . 2009-05-18 12:17 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
    2011-04-24 22:51 . 2008-04-17 11:12 107368 ----a-w- c:\windows\system32\GEARAspi.dll
    2011-04-24 22:49 . 2011-04-24 22:49
    d
    w- c:\program files\iPod
    2011-04-24 22:49 . 2011-04-24 22:51
    d
    w- c:\programdata\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
    2011-04-24 22:49 . 2011-04-24 22:51
    d
    w- c:\program files\iTunes
    2011-04-24 22:43 . 2011-04-24 22:43
    d
    w- c:\program files\Apple Software Update
    2011-04-24 22:35 . 2011-04-28 15:52
    d
    w- c:\program files\Common Files\Apple
    2011-04-24 22:00 . 1999-11-10 11:05 86016 ----a-w- c:\windows\unvise32qt.exe
    2011-04-24 21:59 . 2011-04-24 22:29
    d
    w- c:\windows\system32\QuickTime
    2011-04-24 21:59 . 2011-04-24 21:59
    d
    w- c:\programdata\QuickTime
    2011-04-21 17:28 . 2011-04-21 17:28
    d
    w- c:\users\Jennifer\AppData\Roaming\AVG10
    2011-04-21 17:22 . 2011-05-09 19:05
    d
    w- c:\programdata\AVG Security Toolbar
    2011-04-21 17:15 . 2011-04-18 08:15 7071056 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{A0D0F2FC-6A06-46BF-8AA2-F83B7C10770F}\mpengine.dll
    2011-04-21 16:33 . 2011-05-09 18:29
    d
    w- c:\programdata\MFAData
    2011-04-21 14:02 . 2011-04-21 14:02
    d
    w- c:\users\Jennifer\AppData\Local\Yahoo
    2011-04-21 13:31 . 2011-04-24 17:24
    d
    w- c:\programdata\Yahoo!
    2011-04-21 13:31 . 2011-04-21 13:31
    d
    w- c:\users\Jennifer\AppData\Roaming\Yahoo!
    2011-04-21 13:30 . 2011-04-25 15:09
    d
    w- c:\program files\Yahoo!
    2011-04-15 20:33 . 2011-04-15 20:35
    d
    w- C:\07bb69d92e1143295b2042681a64dcd1
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-03-10 03:24 . 2010-06-24 10:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
    2011-03-03 15:40 . 2011-04-28 14:19 173056 ----a-w- c:\windows\apppatch\AcXtrnal.dll
    2011-03-03 15:40 . 2011-04-28 14:19 542720 ----a-w- c:\windows\apppatch\AcLayers.dll
    2011-03-03 15:40 . 2011-04-28 14:19 458752 ----a-w- c:\windows\apppatch\AcSpecfc.dll
    2011-03-03 15:40 . 2011-04-28 14:19 2159616 ----a-w- c:\windows\apppatch\AcGenral.dll
    2011-02-22 14:13 . 2011-03-23 14:04 288768 ----a-w- c:\windows\system32\XpsGdiConverter.dll
    2011-02-22 13:33 . 2011-03-23 14:04 1068544 ----a-w- c:\windows\system32\DWrite.dll
    2011-02-22 13:33 . 2011-03-23 14:04 797696 ----a-w- c:\windows\system32\FntCache.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
    "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
    "RoboForm"="c:\program files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2010-11-09 160328]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-11-20 815104]
    "ATICCC"="c:\program files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-07-11 90112]
    "Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2006-11-18 1540096]
    "ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2006-10-03 81920]
    "RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2006-11-05 221184]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    QuickSet.lnk - c:\windows\Installer\{7F0C4457-8E64-491B-8D7B-991504365D1E}\NewShortcut2_53A01CC614B04512A2E710D39BF83DC4.exe [2007-6-6 45056]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
    @="Service"
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaMServer]
    c:\program files\Common Files\Nokia\MPlatform\NokiaMServer [X]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
    2010-11-10 12:49 932288 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
    2011-01-30 15:45 35736 ----a-w- c:\program files\Adobe\Reader 10.0\Reader\reader_sl.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ConnectionCenter]
    2009-09-12 22:09 103768 ----a-w- c:\program files\Citrix\ICA Client\concentr.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
    2007-03-15 10:09 460784 ----a-w- c:\program files\DellSupport\DSAgnt.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
    2011-04-24 22:07 136176 ----atw- c:\users\Jennifer\AppData\Local\Google\Update\GoogleUpdate.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
    2008-10-25 11:44 31072 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
    2011-04-14 10:32 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaMusic FastStart]
    2010-10-20 15:32 2192752 ----a-w- c:\program files\Nokia\Ovi Player\NokiaOviPlayer.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmatelSysTrayApp]
    2007-02-08 05:11 303104 ----a-w- c:\windows\sttray.exe
    .
    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
    R2 CSHelper;CopySafe Helper Service;c:\windows\system32\CSHelper.exe [2009-08-24 266240]
    R2 RapportMgmtService;Rapport Management Service;c:\program files\Trusteer\Rapport\bin\RapportMgmtService.exe [2010-06-07 840936]
    R3 hitmanpro35;Hitman Pro 3.5 Support Driver;c:\windows\system32\drivers\hitmanpro35.sys [2011-05-05 17480]
    R3 S2usbser;S2 USB Device for Legacy Serial Communication;c:\windows\system32\DRIVERS\S2usbser.sys [2008-07-23 103680]
    R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
    S1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\DRIVERS\ctxusbm.sys [2009-09-08 65584]
    S1 RapportBuka;RapportBuka;c:\windows\system32\drivers\RapportBuka.sys [2010-02-27 390528]
    S1 RapportKELL;RapportKELL;c:\program files\Trusteer\Rapport\bin\RapportKELL.sys [2010-06-07 59240]
    S1 RapportPG;RapportPG;c:\program files\Trusteer\Rapport\bin\RapportPG.sys [2010-06-07 166632]
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2011-05-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1530635545-1869025753-2870467505-1000Core.job
    - c:\users\Jennifer\AppData\Local\Google\Update\GoogleUpdate.exe [2011-04-25 22:07]
    .
    2011-05-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1530635545-1869025753-2870467505-1000UA.job
    - c:\users\Jennifer\AppData\Local\Google\Update\GoogleUpdate.exe [2011-04-25 22:07]
    .
    .
    Supplementary Scan
    .
    uStart Page = hxxp://www.aol.co.uk/
    IE: Customize Menu - [URL]file://c:\program[/URL] files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
    IE: Fill Forms - [URL]file://c:\program[/URL] files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
    IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
    IE: RoboForm Toolbar - [URL]file://c:\program[/URL] files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
    IE: Save Forms - [URL]file://c:\program[/URL] files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
    Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} -
    .
    - - - - ORPHANS REMOVED - - - -
    .
    SafeBoot-WudfPf
    SafeBoot-WudfRd
    SafeBoot-MCODS
    .
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2011-05-09 22:22
    Windows 6.0.6002 Service Pack 2 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    LOCKED REGISTRY KEYS
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    Completion time: 2011-05-09 22:26:20
    ComboFix-quarantined-files.txt 2011-05-09 21:26
    .
    Pre-Run: 58,982,682,624 bytes free
    Post-Run: 58,954,473,472 bytes free
    .
    - - End Of File - - D6E27E3D0DF5AA8E4B3540C8B51BB784

    Jen
  • RussJK
    RussJK Posts: 2,359 Forumite
    Hey Jenny, thanks for that - looks like it didn't like the King Kong capture either! I'll ask AlienRik to take a look at the log.

    I noticed the AVG toolbar is still there, so see if you can uninstall that from the control panel > programs and features

    Make sure you install an antivirus.

    Afterwards, run an Eset Online On-Demand scan (just the bit that says "Part 1", ignore the "Part 2" which is just an ad for the paid version):
    http://www.eset.com/us/online-scanner
  • top_drawer_2
    top_drawer_2 Posts: 2,469 Forumite
    edited 10 May 2011 at 3:00PM
    RussJK wrote: »
    Hey Jenny, thanks for that - looks like it didn't like the King Kong capture either! I'll ask AlienRik to take a look at the log.

    I noticed the AVG toolbar is still there, so see if you can uninstall that from the control panel > programs and features

    Make sure you install an antivirus.

    Afterwards, run an Eset Online On-Demand scan (just the bit that says "Part 1", ignore the "Part 2" which is just an ad for the paid version):
    http://www.eset.com/us/online-scanner

    AVG isnt showing up in the control panal>programs and features

    Downloaded AVAST and IObit Malware Fighter and both are currently scanning.

    Jen
  • closed
    closed Posts: 10,886 Forumite
    sometimes it's much simpler to backup your data and restore to factory settings using factory restore partition
    !!
    > . !!!! ----> .
  • aliEnRIK
    aliEnRIK Posts: 17,741 Forumite
    Part of the Furniture Combo Breaker
    Open notepad and copy/paste the text in RED below

    File::
    c:\windows\unvise32qt.exe


    Save this as "CFScript" (FULL file will be 'CFScript.txt' EXACTLY as shown)

    Then drag the CFScript into ComboFix.exe as you see in the screenshot below.

    CFScript.gif


    This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply
    (If SNAPSHOT is stupidly large, leave that part out)

    Combofix should never take more that 30 minutes including the reboot if malware is detected.
    If it does, open Task Manager then Processes tab (press ctrl, alt and del at the same time) and end any processes of findstr, find, sed or swreg, then combofix should continue.
    :idea:
  • top_drawer_2
    top_drawer_2 Posts: 2,469 Forumite
    Well second/third time lucky! Not sure what SNAPSHOT is.

    Jen


    ComboFix 11-05-09.04 - Jennifer 10/05/2011 23:15:31.3.2 - x86
    Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.1917.1002 [GMT 1:00]
    Running from: c:\users\Jennifer\Downloads\ComboFix.exe
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    ---- Previous Run
    .
    c:\windows\unvise32qt.exe
    .
    -- Previous Run --
    .
    Infected copy of c:\windows\system32\userinit.exe was found and disinfected
    Restored copy from - c:\windows\ERDNT\cache\userinit.exe
    .
    .
    .
    ((((((((((((((((((((((((( Files Created from 2011-04-10 to 2011-05-10 )))))))))))))))))))))))))))))))
    .
    .
    2011-05-10 22:29 . 2011-05-10 22:31
    d
    w- c:\users\Jennifer\AppData\Local\temp
    2011-05-10 22:29 . 2011-05-10 22:29
    d
    w- c:\users\Default\AppData\Local\temp
    2011-05-10 16:01 . 2011-05-10 16:01
    d
    w- c:\program files\ESET
    2011-05-10 13:57 . 2011-05-10 16:08
    d
    w- c:\program files\Application Updater
    2011-05-10 13:57 . 2011-05-10 13:57
    d
    w- c:\program files\IObit Toolbar
    2011-05-10 13:57 . 2011-05-10 13:57
    d
    w- c:\program files\Common Files\Spigot
    2011-05-10 13:51 . 2011-05-10 13:56
    d
    w- c:\users\Jennifer\AppData\Roaming\IObit
    2011-05-10 13:51 . 2011-05-10 13:56
    d
    w- c:\program files\IObit
    2011-05-08 17:02 . 2011-05-08 17:02
    d
    w- c:\windows\system32\Adobe
    2011-05-07 21:37 . 2011-05-07 21:37
    d
    w- c:\programdata\McAfee
    2011-04-30 10:38 . 2011-05-05 21:59 17480 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
    2011-04-30 10:38 . 2011-04-30 10:38
    d
    w- c:\program files\Hitman Pro 3.5
    2011-04-30 10:38 . 2011-05-05 21:55
    d
    w- c:\programdata\Hitman Pro
    2011-04-29 21:45 . 2011-04-29 21:45 388096 ----a-r- c:\users\Jennifer\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
    2011-04-29 20:15 . 2011-04-29 20:15
    d
    w- c:\program files\Trend Micro
    2011-04-29 17:19 . 2011-04-29 17:19
    d
    w- c:\users\Jennifer\AppData\Roaming\Malwarebytes
    2011-04-29 17:19 . 2010-12-20 17:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2011-04-29 17:19 . 2011-04-29 17:19
    d
    w- c:\programdata\Malwarebytes
    2011-04-29 17:19 . 2011-04-29 17:19
    d
    w- c:\program files\Malwarebytes' Anti-Malware
    2011-04-29 17:19 . 2010-12-20 17:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-04-28 16:38 . 2011-04-28 16:38
    d
    w- c:\users\Jennifer\AppData\Local\Opera
    2011-04-28 16:37 . 2011-04-28 16:37
    d
    w- c:\program files\Opera
    2011-04-28 14:20 . 2011-04-28 14:20 784136 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
    2011-04-28 14:19 . 2011-03-03 15:40 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
    2011-04-28 14:19 . 2011-03-03 13:35 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
    2011-04-28 14:19 . 2011-03-12 21:55 876032 ----a-w- c:\windows\system32\XpsPrint.dll
    2011-04-25 20:16 . 2011-04-25 20:16
    d
    w- c:\users\Jennifer\AppData\Local\Mozilla
    2011-04-24 22:54 . 2011-04-24 22:54
    d
    w- c:\users\Jennifer\AppData\Roaming\Apple Computer
    2011-04-24 22:54 . 2011-04-24 22:54
    d
    w- c:\users\Jennifer\AppData\Local\Apple Computer
    2011-04-24 22:51 . 2009-05-18 12:17 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
    2011-04-24 22:51 . 2008-04-17 11:12 107368 ----a-w- c:\windows\system32\GEARAspi.dll
    2011-04-24 22:49 . 2011-04-24 22:49
    d
    w- c:\program files\iPod
    2011-04-24 22:49 . 2011-04-24 22:51
    d
    w- c:\programdata\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
    2011-04-24 22:49 . 2011-04-24 22:51
    d
    w- c:\program files\iTunes
    2011-04-24 22:43 . 2011-04-24 22:43
    d
    w- c:\program files\Apple Software Update
    2011-04-24 22:35 . 2011-04-28 15:52
    d
    w- c:\program files\Common Files\Apple
    2011-04-24 21:59 . 2011-04-24 22:29
    d
    w- c:\windows\system32\QuickTime
    2011-04-24 21:59 . 2011-04-24 21:59
    d
    w- c:\programdata\QuickTime
    2011-04-21 17:28 . 2011-04-21 17:28
    d
    w- c:\users\Jennifer\AppData\Roaming\AVG10
    2011-04-21 17:22 . 2011-05-09 19:05
    d
    w- c:\programdata\AVG Security Toolbar
    2011-04-21 17:15 . 2011-04-18 08:15 7071056 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{A0D0F2FC-6A06-46BF-8AA2-F83B7C10770F}\mpengine.dll
    2011-04-21 16:33 . 2011-05-09 18:29
    d
    w- c:\programdata\MFAData
    2011-04-21 14:02 . 2011-04-21 14:02
    d
    w- c:\users\Jennifer\AppData\Local\Yahoo
    2011-04-21 13:31 . 2011-04-24 17:24
    d
    w- c:\programdata\Yahoo!
    2011-04-21 13:31 . 2011-04-21 13:31
    d
    w- c:\users\Jennifer\AppData\Roaming\Yahoo!
    2011-04-21 13:30 . 2011-04-25 15:09
    d
    w- c:\program files\Yahoo!
    2011-04-15 20:33 . 2011-04-15 20:35
    d
    w- C:\07bb69d92e1143295b2042681a64dcd1
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-03-10 03:24 . 2010-06-24 10:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
    2011-03-03 15:40 . 2011-04-28 14:19 173056 ----a-w- c:\windows\apppatch\AcXtrnal.dll
    2011-03-03 15:40 . 2011-04-28 14:19 542720 ----a-w- c:\windows\apppatch\AcLayers.dll
    2011-03-03 15:40 . 2011-04-28 14:19 458752 ----a-w- c:\windows\apppatch\AcSpecfc.dll
    2011-03-03 15:40 . 2011-04-28 14:19 2159616 ----a-w- c:\windows\apppatch\AcGenral.dll
    2011-02-22 14:13 . 2011-03-23 14:04 288768 ----a-w- c:\windows\system32\XpsGdiConverter.dll
    2011-02-22 13:33 . 2011-03-23 14:04 1068544 ----a-w- c:\windows\system32\DWrite.dll
    2011-02-22 13:33 . 2011-03-23 14:04 797696 ----a-w- c:\windows\system32\FntCache.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
    "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
    "RoboForm"="c:\program files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2010-11-09 160328]
    "Advanced SystemCare 4"="c:\program files\IObit\Advanced SystemCare 4\ASCTray.exe" [2011-04-29 402832]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-11-20 815104]
    "ATICCC"="c:\program files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-07-11 90112]
    "Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2006-11-18 1540096]
    "ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2006-10-03 81920]
    "RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2006-11-05 221184]
    "IObit Malware Fighter"="c:\program files\IObit\IObit Malware Fighter\IMF.exe" [2011-05-06 4378968]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    QuickSet.lnk - c:\windows\Installer\{7F0C4457-8E64-491B-8D7B-991504365D1E}\NewShortcut2_53A01CC614B04512A2E710D39BF83DC4.exe [2007-6-6 45056]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\IMFservice]
    @="Service"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
    @="Service"
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaMServer]
    c:\program files\Common Files\Nokia\MPlatform\NokiaMServer [X]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
    2010-11-10 12:49 932288 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
    2011-01-30 15:45 35736 ----a-w- c:\program files\Adobe\Reader 10.0\Reader\reader_sl.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ConnectionCenter]
    2009-09-12 22:09 103768 ----a-w- c:\program files\Citrix\ICA Client\concentr.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
    2007-03-15 10:09 460784 ----a-w- c:\program files\DellSupport\DSAgnt.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
    2011-04-24 22:07 136176 ----atw- c:\users\Jennifer\AppData\Local\Google\Update\GoogleUpdate.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
    2008-10-25 11:44 31072 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
    2011-04-14 10:32 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaMusic FastStart]
    2010-10-20 15:32 2192752 ----a-w- c:\program files\Nokia\Ovi Player\NokiaOviPlayer.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmatelSysTrayApp]
    2007-02-08 05:11 303104 ----a-w- c:\windows\sttray.exe
    .
    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
    R2 CSHelper;CopySafe Helper Service;c:\windows\system32\CSHelper.exe [2009-08-24 266240]
    R2 RapportMgmtService;Rapport Management Service;c:\program files\Trusteer\Rapport\bin\RapportMgmtService.exe [2010-06-07 840936]
    R3 hitmanpro35;Hitman Pro 3.5 Support Driver;c:\windows\system32\drivers\hitmanpro35.sys [2011-05-05 17480]
    R3 S2usbser;S2 USB Device for Legacy Serial Communication;c:\windows\system32\DRIVERS\S2usbser.sys [2008-07-23 103680]
    R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
    S1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\DRIVERS\ctxusbm.sys [2009-09-08 65584]
    S1 RapportBuka;RapportBuka;c:\windows\system32\drivers\RapportBuka.sys [2010-02-27 390528]
    S1 RapportKELL;RapportKELL;c:\program files\Trusteer\Rapport\bin\RapportKELL.sys [2010-06-07 59240]
    S1 RapportPG;RapportPG;c:\program files\Trusteer\Rapport\bin\RapportPG.sys [2010-06-07 166632]
    S2 AdvancedSystemCareService;Advanced SystemCare Service;c:\program files\IObit\Advanced SystemCare 4\ASCService.exe [2011-04-29 352656]
    S2 IMFservice;IMF Service;c:\program files\IObit\IObit Malware Fighter\IMFsrv.exe [2011-05-06 821592]
    S3 FileMonitor;FileMonitor;c:\program files\IObit\IObit Malware Fighter\Drivers\wlh_x86\FileMonitor.sys [2011-04-27 18768]
    S3 RegFilter;RegFilter;c:\program files\IObit\IObit Malware Fighter\drivers\wlh_x86\regfilter.sys [2011-03-22 30600]
    S3 UrlFilter;UrlFilter;c:\program files\IObit\IObit Malware Fighter\drivers\wlh_x86\UrlFilter.sys [2011-03-22 19280]
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2011-05-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1530635545-1869025753-2870467505-1000Core.job
    - c:\users\Jennifer\AppData\Local\Google\Update\GoogleUpdate.exe [2011-04-25 22:07]
    .
    2011-05-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1530635545-1869025753-2870467505-1000UA.job
    - c:\users\Jennifer\AppData\Local\Google\Update\GoogleUpdate.exe [2011-04-25 22:07]
    .
    .
    Supplementary Scan
    .
    uStart Page = hxxp://www.aol.co.uk/
    IE: Customize Menu - [URL]file://c:\program[/URL] files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
    IE: Fill Forms - [URL]file://c:\program[/URL] files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
    IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
    IE: RoboForm Toolbar - [URL]file://c:\program[/URL] files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
    IE: Save Forms - [URL]file://c:\program[/URL] files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
    .
    - - - - ORPHANS REMOVED - - - -
    .
    AddRemove-QuickTime - c:\windows\unvise32qt.exe
    .
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2011-05-10 23:30
    Windows 6.0.6002 Service Pack 2 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    LOCKED REGISTRY KEYS
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    Completion time: 2011-05-10 23:36:57
    ComboFix-quarantined-files.txt 2011-05-10 22:36
    ComboFix2.txt 2011-05-09 21:26
    .
    Pre-Run: 57,550,716,928 bytes free
    Post-Run: 57,464,164,352 bytes free
    .
    - - End Of File - - 5492DBD3710CD11C165724D03988CEF9
  • aliEnRIK
    aliEnRIK Posts: 17,741 Forumite
    Part of the Furniture Combo Breaker
    edited 11 May 2011 at 9:31AM
    Im not convinced its clean (Although the log looks ok now)

    Download and run the FREE version of DR WEB (DONT UPGRADE)
    http://www.freedrweb.com/download+cureit/?nc=t&lng=en
    :idea:
This discussion has been closed.
Meet your Ambassadors

🚀 Getting Started

Hi new member!

Our Getting Started Guide will help you get the most out of the Forum

Categories

  • All Categories
  • 350.8K Banking & Borrowing
  • 253K Reduce Debt & Boost Income
  • 453.5K Spending & Discounts
  • 243.8K Work, Benefits & Business
  • 598.6K Mortgages, Homes & Bills
  • 176.8K Life & Family
  • 257.1K Travel & Transport
  • 1.5M Hobbies & Leisure
  • 16.1K Discuss & Feedback
  • 37.6K Read-Only Boards

Is this how you want to be seen?

We see you are using a default avatar. It takes only a few seconds to pick a picture.