Jump to content
IObit Forum
Top Free Driver Updater Tools Best 25 PC Optimization Software Best 22 Antimalware Best 22 Uninstaller Software IObit Coupons & Discount Offers PC Optimizer Mac Boost Advice IObit Coupons A Good Utility Program From IObit IObit Promo Codes IObit Coupon Codes IObit Coupons and Deals FAQs Driver Booster Pro Review

IObit Malware Fighter log/Both DDS logs

glen979

By glen979
in Spyware-Malware Removal Help!

Recommended Posts

glen979 Newbie

glen979

Posted
Posted

Hello everyone,

For the past few days I have been noticing my computer to be acting a little funny. Not only has it started to act slower but I have been crashing alot lately too. I seem to be redirected from time to time, mostly from using google and have been unable to login to my google e-mail accounts as well. Alot of these problems seem to be happening at certain times of the day and when I do certain tasks, such as some of the features of Advanced system care. Just today I have noticed that I am unable to access the "safe mode" feature on my computer. Along with that system restore dosen't seem to be working anymore as it says that my restore points has either been deleted or corrupted. I also have problems shutting down my computer as from time to time, it gets unresponsive.

I'm down to the point where I have no clue what to do anymore, scanning just dosen't seem to do the trick.

Thank you for any support anyone would be able to offer me.

 

IObit Malware Fighter

 

OS: Windows Vista

Version: 1.3.0.3

Define Version: 1117

Time Elapsed: 00:46:10

Objects Scanned: 72688

Threats Found: 1

Save Time: 3/30/2012 12:04:40 AM

 

|Name|Type|Description|ID|

Adware.Toolbar - Failed, REG, HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\MenuExt\&Search&, 2001623

 

 

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 8.0.6001.18999

Run by Bascara at 0:06:04 on 2012-03-30

Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.1.1033.18.2012.148 [GMT -4:00]

.

AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}

SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: IObit Malware Fighter *Disabled/Outdated* {A751AC20-3B48-5237-898A-78C4436BB78D}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe

C:\Windows\system32\svchost.exe -k rpcss

c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k GPSvcGroup

C:\Windows\system32\SLsvc.exe

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe

C:\Windows\system32\AERTSrv.exe

C:\Program Files\comcasttb\ComcastSpywareScan\ComcastAntiSpyService.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Application Updater\ApplicationUpdater.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe

C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe

C:\Windows\system32\mqsvc.exe

C:\Program Files\Common Files\Motive\pcCMService.exe

C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\Program Files\StartNow Toolbar\ToolbarUpdaterService.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Windows\system32\mqtgsvc.exe

c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\RtHDVCpl.exe

C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe

C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\Verizon\McciTrayApp.exe

C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe

C:\Windows\PixArt\PAC207\Monitor.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Microsoft Security Client\msseces.exe

C:\Program Files\Comcast\pcTrayApp.exe

C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe

C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe

C:\Program Files\comcasttb\ComcastSpywareScan\ComcastAntiSpy.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Program Files\IObit\Advanced SystemCare 5\ASCTray.exe

C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe

C:\Program Files\IObit\IObit Malware Fighter\IMF.exe

C:\Windows\System32\svchost.exe -k netsvcs

C:\Windows\system32\taskeng.exe

C:\Windows\system32\taskeng.exe

C:\Program Files\IObit\Advanced SystemCare 5\ASC.exe

C:\Program Files\IObit\Advanced SystemCare 5\Sus12_ProcessManager.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Windows\system32\Macromed\Flash\FlashUtil11f_ActiveX.exe

C:\Windows\system32\Taskmgr.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Windows\system32\DllHost.exe

C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.xfinity.com/customer/start/?cid=xfstart_tech_main/

uSearch Bar = Preserve

uWindow Title = Internet Explorer provided by Dell

mStart Page = hxxp://www.yahoo.com

mDefault_Page_URL = hxxp://www.yahoo.com

uInternet Settings,ProxyOverride = *.local

uURLSearchHooks: IObit Toolbar: {0bda0769-fd72-49f4-9266-e1fb004f4d8f} - c:\program files\iobit toolbar\ie\5.1\iobitToolbarIE.dll

mURLSearchHooks: H - No File

mURLSearchHooks: H - No File

BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File

BHO: IObit Toolbar: {0bda0769-fd72-49f4-9266-e1fb004f4d8f} - c:\program files\iobit toolbar\ie\5.1\iobitToolbarIE.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll

BHO: StartNow Toolbar Helper: {6e13d095-45c3-4271-9475-f3b48227dd9f} - c:\program files\startnow toolbar\Toolbar32.dll

BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: MyIdentityDefender: {a26503fe-b3b8-4910-a9dc-9cbd25c6b8d6} - c:\users\bascara\appdata\locallow\cyberdefender\cdmyidd.dll

BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\dell\bae\BAE.dll

BHO: FDMIECookiesBHO Class: {cc59e0f9-7e43-44fa-9faa-8377850bf205} - c:\program files\free download manager\iefdm2.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: Xfinity.com Toolbar: {dcc70a83-e184-40a3-906b-779af5e941c4} - c:\program files\xfinitytb\xfinitydx.dll

BHO: Updater For Xfinity.com Toolbar 3.1: {e6d0b79e-ecac-411b-8bf6-7a574981af30} - c:\program files\xfinitytb\auxi\xfinityAu.dll

TB: MyIdentityDefender: {a26503fe-b3b8-4910-a9dc-9cbd25c6b8d6} - c:\users\bascara\appdata\locallow\cyberdefender\cdmyidd.dll

TB: {07B18EA9-A523-4961-B6BB-170DE4475CCA} - No File

TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File

TB: Xfinity.com Toolbar: {dcc70a83-e184-40a3-906b-779af5e941c4} - c:\program files\xfinitytb\xfinitydx.dll

TB: {a0729639-d831-46c9-811b-9b0aa79fb45a} - No File

TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File

TB: StartNow Toolbar: {5911488e-9d1e-40ec-8cbb-06b231cc153f} - c:\program files\startnow toolbar\Toolbar32.dll

TB: {8dcb7100-df86-4384-8842-8fa844297b3f} - No File

TB: IObit Toolbar: {0bda0769-fd72-49f4-9266-e1fb004f4d8f} - c:\program files\iobit toolbar\ie\5.1\iobitToolbarIE.dll

TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File

TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File

TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File

TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File

EB: {8BCB5337-EC01-4E38-840C-A964F174255B} - No File

uRun: [MsnMsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background

uRun: [iSUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler

uRun: [Free Download Manager] "c:\program files\free download manager\fdm.exe" -autorun

uRun: [Desktop Software] "c:\program files\common files\supportsoft\bin\bcont.exe" /ini "c:\program files\comcastui\desktop software\uinstaller.ini" /fromrun /starthidden

uRun: [ComcastAntispyClient] "c:\program files\comcasttb\comcastspywarescan\ComcastAntispy.exe" /hide

uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe

uRun: [Advanced SystemCare 5] "c:\program files\iobit\advanced systemcare 5\ASCTray.exe" /AutoStart

uRunOnce: [shockwave Updater] "c:\windows\system32\adobe\shockw~1\SWHELP~1.EXE" -Update -1103471 -"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0; Trident/4.0; FunWebProducts; SLCC1; .NET CLR 2.0.50727; InfoPath.2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; OfficeLiveConnector.1.5; OfficeLivePatch.1.3; .NET4.0C; FDM; BRI/1; XF_mmhpset)" -"http://coursewareobjects.elsevier.com/objects/elr/Huether4e/testpage.html"

mRun: [RtHDVCpl] "RtHDVCpl.exe"

mRun: [iAAnotif] "c:\program files\intel\intel matrix storage manager\iaanotif.exe"

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"

mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe"

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [Verizon_McciTrayApp] "c:\program files\verizon\McciTrayApp.exe"

mRun: [AppleSyncNotifier] "c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe"

mRun: [ArcSoft Connection Service] "c:\program files\common files\arcsoft\connection service\bin\ACDaemon.exe"

mRun: [PAC207_Monitor] "c:\windows\pixart\pac207\Monitor.exe"

mRun: [igfxTray] "c:\windows\system32\igfxtray.exe"

mRun: [HotKeysCmds] "c:\windows\system32\hkcmd.exe"

mRun: [Persistence] "c:\windows\system32\igfxpers.exe"

mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey

mRun: [Comcast_McciTrayApp] "c:\program files\comcast\pcTrayApp.exe"

mRun: [<NO NAME>]

mRun: [searchSettings] "c:\program files\common files\spigot\search settings\SearchSettings.exe"

dRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background

mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: {53F6FCCD-9E22-4d71-86EA-6E43136192AB}

IE: {925DAB62-F9AC-4221-806A-057BFB1014AA}

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll

IE: {5067A26B-1337-4436-8AFE-EE169C2DA79F} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll

IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL

LSP: mswsock.dll

Trusted Zone: imgfast.net\r23

DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} - file:///C:/Program%20Files/SCRABBLE/Images/armhelper.ocx

TCP: DhcpNameServer = 192.168.2.1

TCP: Interfaces\{AEE9D797-73F6-4387-88FD-24F558E716DA} : DhcpNameServer = 192.168.2.1

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll

Notify: igfxcui - igfxdev.dll

.

============= SERVICES / DRIVERS ===============

.

R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2010-9-13 25680]

R0 SmartDefragDriver;SmartDefragDriver;c:\windows\system32\drivers\SmartDefragDriver.sys [2012-2-3 15672]

R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2011-4-18 165648]

R2 acedrv11;acedrv11;c:\windows\system32\drivers\acedrv11.sys [2008-7-30 277736]

R2 AdvancedSystemCareService5;Advanced SystemCare Service 5;c:\program files\iobit\advanced systemcare 5\ASCService.exe [2012-2-3 913752]

R2 AERTFilters;Andrea RT Filters Service;c:\windows\system32\AERTSrv.exe [2008-12-7 81920]

R2 AntiSpywareService;Comcast AntiSpyware;c:\program files\comcasttb\comcastspywarescan\ComcastAntiSpyService.exe [2009-6-17 616408]

R2 Application Updater;Application Updater;c:\program files\application updater\ApplicationUpdater.exe [2012-3-4 748440]

R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]

R2 IHA_MessageCenter;IHA_MessageCenter;c:\program files\verizon\iha_messagecenter\bin\Verizon_IHAMessageCenter.exe [2011-12-12 290832]

R2 pcCMService;pcCMService;c:\program files\common files\motive\pcCMService.exe [2012-1-28 361472]

R2 RtNdPt60;Realtek NDIS Protocol Driver;c:\windows\system32\drivers\RtNdPt60.sys [2008-12-7 27648]

R3 FileMonitor;FileMonitor;c:\program files\iobit\iobit malware fighter\drivers\wlh_x86\FileMonitor.sys [2012-2-3 20336]

R3 IntcHdmiAddService;Intel® High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2008-12-7 112128]

R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2011-4-27 65024]

R3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\antimalware\NisSrv.exe [2011-4-27 208944]

R3 RegFilter;RegFilter;c:\program files\iobit\iobit malware fighter\drivers\wlh_x86\RegFilter.sys [2012-2-3 30600]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2012-1-30 136176]

S2 MyWebSearchService;My Web Search Service; [x]

S3 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr.sys [2010-12-13 39272]

S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2011-5-13 1492840]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2012-1-30 136176]

S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\drivers\MpNWMon.sys [2011-4-18 43392]

S3 PAC207;PC Camer@;c:\windows\system32\drivers\PFC027.SYS [2010-8-26 618112]

S3 UrlFilter;UrlFilter;c:\program files\iobit\iobit malware fighter\drivers\wlh_x86\UrlFilter.sys [2012-2-3 19792]

.

=============== Created Last 30 ================

.

2012-03-30 03:13:57 56200 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{c2dbb662-16c6-4276-b61e-b42820a817a0}\offreg.dll

2012-03-29 05:56:17 6582328 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{c2dbb662-16c6-4276-b61e-b42820a817a0}\mpengine.dll

2012-03-29 03:05:01 0 --sha-w- c:\windows\system32\dds_trash_log.cmd

2012-03-15 17:07:07 2409784 ----a-w- c:\program files\windows mail\OESpamFilter.dat

2012-03-15 17:05:51 680448 ----a-w- c:\windows\system32\msvcrt.dll

2012-03-15 16:40:12 -------- d-----w- c:\program files\Application Updater

2012-03-15 16:39:59 -------- d-----w- c:\program files\IObit Toolbar

2012-03-15 16:39:14 -------- d-----w- c:\users\bascara\appdata\roaming\Free Download Manager

2012-03-11 23:13:04 -------- d-----w- C:\Nexon(0)

2012-03-11 20:32:23 -------- d-----w- c:\users\bascara\appdata\roaming\PCPro

2012-03-11 20:32:23 -------- d-----w- c:\users\bascara\appdata\roaming\PC Cleaners

2012-03-11 20:32:11 -------- d-----w- c:\programdata\PC1Data

2012-03-02 23:03:13 -------- d-----w- c:\program files\common files\Spigot

2012-03-02 22:58:48 -------- d-----w- c:\users\bascara\appdata\local\{6F898F81-48A3-4005-B3E7-FC694AC04058}

2012-03-02 22:58:18 -------- d-----w- c:\users\bascara\appdata\local\{CEA1A540-9301-4B1E-A74F-9413C46D7F2D}

2012-03-01 22:21:48 -------- d-----w- c:\users\bascara\appdata\local\{68BC87AA-9636-4E51-A140-C13F8FA31FA6}

2012-03-01 22:21:38 -------- d-----w- c:\users\bascara\appdata\local\{D5A8B5AA-476E-40DA-856B-9057C6F7DC54}

2012-03-01 03:43:59 -------- d-----w- c:\users\bascara\appdata\local\{B1217C2D-E609-4978-A9C8-5743922419C2}

2012-03-01 03:43:49 -------- d-----w- c:\users\bascara\appdata\local\{C1157B71-224D-4993-9595-6A0D454FB8E1}

2012-02-29 10:57:58 -------- d-----w- c:\users\bascara\appdata\local\{91B765E9-05E9-4100-ABF0-FD1505AA51B2}

.

==================== Find3M ====================

.

2012-03-15 17:06:55 683008 ----a-w- c:\windows\system32\d2d1.dll

2012-03-15 17:06:54 219648 ----a-w- c:\windows\system32\d3d10_1core.dll

2012-03-15 17:06:54 160768 ----a-w- c:\windows\system32\d3d10_1.dll

2012-03-15 17:06:54 1172480 ----a-w- c:\windows\system32\d3d10warp.dll

2012-03-15 17:06:54 1068544 ----a-w- c:\windows\system32\DWrite.dll

2012-03-15 17:06:42 2044416 ----a-w- c:\windows\system32\win32k.sys

2012-03-15 17:06:31 613376 ----a-w- c:\windows\system32\rdpencom.dll

2012-03-15 17:06:31 180736 ----a-w- c:\windows\system32\drivers\rdpwd.sys

2012-03-15 17:06:05 2382848 ----a-w- c:\windows\system32\mshtml.tlb

2012-03-15 17:06:05 1127424 ----a-w- c:\windows\system32\wininet.dll

2012-03-15 17:06:04 1798656 ----a-w- c:\windows\system32\jscript9.dll

2012-03-15 17:06:04 1427456 ----a-w- c:\windows\system32\inetcpl.cpl

2012-03-01 22:21:21 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-01-31 12:44:05 237072 ------w- c:\windows\system32\MpSigStub.exe

2012-01-01 07:50:20 260 ----a-w- c:\windows\system32\cmdVBS.vbs

2012-01-01 07:50:20 256 ----a-w- c:\windows\system32\MSIevent.bat

.

============= FINISH: 0:10:44.26 ===============

Link to comment
Share on other sites
Superdave Newbie

Superdave

Posted
Posted

Hello and welcome to IOBit Forums. My name is Dave. I will be helping you out with your particular problem on your computer.

 

1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.

2. The fixes are specific to your problem and should only be used for this issue on this machine.

3. If you don't know or understand something, please don't hesitate to ask.

4. Please DO NOT run any other tools or scans while I am helping you.

5. It is important that you reply to this thread. Do not start a new topic.

6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.

7. Absence of symptoms does not mean that everything is clear.

 

If you can't access the internet with your infected computer you will have to download and transfer any programs to the computer you're using now and transfer them to the infected computer with a CD-RW or a USB storage device. I prefer a CD because a storage device can get infected. If you use a storage device hold the shift key down while inserting the USB storage device for about 10 secs. You will also have to transfer the logs you receive back to the good computer using the same method until we can get the computer back on-line.

*************************************************************

SUPERAntiSpyware

 

If you already have SUPERAntiSpyware be sure to check for updates before scanning!

 

Download SuperAntispyware Free Edition (SAS)

* Double-click the icon on your desktop to run the installer.

* When asked to Update the program definitions, click Yes

* If you encounter any problems while downloading the updates, manually download and unzip them from here

* Next click the Preferences button.

 

•Under Start-Up Options uncheck Start SUPERAntiSpyware when Windows starts

* Click the Scanning Control tab.

* Under Scanner Options make sure only the following are checked:

 

•Close browsers before scanning

•Scan for tracking cookies

•Terminate memory threats before quarantining

Please leave the others unchecked

 

•Click the Close button to leave the control center screen.

 

* On the main screen click Scan your computer

* On the left check the box for the drive you are scanning.

* On the right choose Perform Complete Scan

* Click Next to start the scan. Please be patient while it scans your computer.

* After the scan is complete a summary box will appear. Click OK

* Make sure everything in the white box has a check next to it, then click Next

* It will quarantine what it found and if it asks if you want to reboot, click Yes

 

•To retrieve the removal information please do the following:

•After reboot, double-click the SUPERAntiSpyware icon on your desktop.

•Click Preferences. Click the Statistics/Logs tab.

 

•Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.

 

•It will open in your default text editor (preferably Notepad).

•Save the notepad file to your desktop by clicking (in notepad) File > Save As...

 

* Save the log somewhere you can easily find it. (normally the desktop)

* Click close and close again to exit the program.

*Copy and Paste the log in your post.

*********************************************

 

 

Please download Malwarebytes Anti-Malware from here.

Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Full Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • Please save the log to a location you will remember.
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the entire report in your next reply.

Extra Note:

 

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

*******************************************************

Download Combofix from any of the links below, and save it to your desktop.

 

Link 1

Link 2

Link 3

 

To prevent your anti-virus application interfering with ComboFix we need to disable it. See here for a tutorial regarding how to do so if you are unsure.

  • Close any open windows and double click ComboFix.exe to run it.
     
    You will see the following image:

http://i424.photobucket.com/albums/pp322/digistar/NSIS_disclaimer_ENG.png

 

Click I Agree to start the program.

 

ComboFix will then extract the necessary files and you will see this:

 

http://i424.photobucket.com/albums/pp322/digistar/NSIS_extraction.png

 

As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. This will not occur in Windows Vista and 7

 

It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

 

If you did not have it installed, you will see the prompt below. Choose YES.

 

http://i424.photobucket.com/albums/pp322/digistar/RcAuto1.gif

 

Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

 

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

 

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

 

http://i424.photobucket.com/albums/pp322/digistar/whatnext.png

 

Click on Yes, to continue scanning for malware.

 

When finished, it will produce a report for you. Please post the contents of the log (C:\ComboFix.txt).

 

Leave your computer alone while ComboFix is running. ComboFix will restart your computer if malware is found; allow it to do so.

 

Note: Please Do NOT mouseclick combofix's window while its running because it may cause it to stall.

Link to comment
Share on other sites
glen979 Newbie

glen979

Posted
  • Author
Posted

I started the scan using Malwarebytes Anti-Malware and got a blue screen around halfway through. Although I finished up the scan for SUPERAntiSpyware. Heres the log:

 

 

 

SUPERAntiSpyware Scan Log

http://www.superantispyware.com

 

Generated 03/30/2012 at 10:44 PM

 

Application Version : 5.0.1146

 

Core Rules Database Version : 8402

Trace Rules Database Version: 6214

 

Scan type : Complete Scan

Total Scan Time : 01:59:23

 

Operating System Information

Windows Vista Home Basic 32-bit, Service Pack 2 (Build 6.00.6002)

UAC On - Limited User (Administrator User)

 

Memory items scanned : 639

Memory threats detected : 2

Registry items scanned : 37279

Registry threats detected : 54

File items scanned : 146383

File threats detected : 133

 

PUP.StartNow Toolbar

HKCR\CLSID\{6E13D095-45C3-4271-9475-F3B48227DD9F}

HKCR\CLSID\{6E13D095-45C3-4271-9475-F3B48227DD9F}#ProgID

HKCR\CLSID\{6E13D095-45C3-4271-9475-F3B48227DD9F}#VersionIndependentProgID

HKCR\CLSID\{6E13D095-45C3-4271-9475-F3B48227DD9F}#TypeLib

HKCR\CLSID\{6E13D095-45C3-4271-9475-F3B48227DD9F}\InprocServer32

HKCR\CLSID\{6E13D095-45C3-4271-9475-F3B48227DD9F}\InprocServer32#ThreadingModel

HKCR\CLSID\{6E13D095-45C3-4271-9475-F3B48227DD9F}\Programmable

C:\Program Files\StartNow Toolbar\Resources\images\engine_images.png

C:\Program Files\StartNow Toolbar\Resources\images\engine_maps.png

C:\Program Files\StartNow Toolbar\Resources\images\engine_news.png

C:\Program Files\StartNow Toolbar\Resources\images\engine_videos.png

C:\Program Files\StartNow Toolbar\Resources\images\engine_web.png

C:\Program Files\StartNow Toolbar\Resources\images\icon_amazon.png

C:\Program Files\StartNow Toolbar\Resources\images\icon_ebay.png

C:\Program Files\StartNow Toolbar\Resources\images\icon_facebook.png

C:\Program Files\StartNow Toolbar\Resources\images\icon_games.png

C:\Program Files\StartNow Toolbar\Resources\images\icon_msn.png

C:\Program Files\StartNow Toolbar\Resources\images\icon_shopping.png

C:\Program Files\StartNow Toolbar\Resources\images\icon_travel.png

C:\Program Files\StartNow Toolbar\Resources\images\icon_twitter.png

C:\Program Files\StartNow Toolbar\Resources\images\startnow_logo.png

C:\Program Files\StartNow Toolbar\Resources\images

C:\Program Files\StartNow Toolbar\Resources\installer.xml

C:\Program Files\StartNow Toolbar\Resources\protect\index.html

C:\Program Files\StartNow Toolbar\Resources\protect\NotIE6.css

C:\Program Files\StartNow Toolbar\Resources\protect\OnlyIE6.css

C:\Program Files\StartNow Toolbar\Resources\protect\SearchProtectIcon.png

C:\Program Files\StartNow Toolbar\Resources\protect\window.css

C:\Program Files\StartNow Toolbar\Resources\protect\window.js

C:\Program Files\StartNow Toolbar\Resources\protect

C:\Program Files\StartNow Toolbar\Resources\reactivate\index.html

C:\Program Files\StartNow Toolbar\Resources\reactivate\LeftImage.png

C:\Program Files\StartNow Toolbar\Resources\reactivate\NotIE6.css

C:\Program Files\StartNow Toolbar\Resources\reactivate\OnlyIE6.css

C:\Program Files\StartNow Toolbar\Resources\reactivate\window.css

C:\Program Files\StartNow Toolbar\Resources\reactivate\window.js

C:\Program Files\StartNow Toolbar\Resources\reactivate

C:\Program Files\StartNow Toolbar\Resources\skin\chevron_button.png

C:\Program Files\StartNow Toolbar\Resources\skin\searchbox_button_hover.png

C:\Program Files\StartNow Toolbar\Resources\skin\searchbox_button_normal.png

C:\Program Files\StartNow Toolbar\Resources\skin\searchbox_dropdown_button_normal.png

C:\Program Files\StartNow Toolbar\Resources\skin\searchbox_input_background.png

C:\Program Files\StartNow Toolbar\Resources\skin\searchbox_input_left.png

C:\Program Files\StartNow Toolbar\Resources\skin\searchbox_input_middle.png

C:\Program Files\StartNow Toolbar\Resources\skin\separator.png

C:\Program Files\StartNow Toolbar\Resources\skin\splitter.png

C:\Program Files\StartNow Toolbar\Resources\skin\toolbarbutton_ff_hover_c.png

C:\Program Files\StartNow Toolbar\Resources\skin\toolbarbutton_ie_hover_c.png

C:\Program Files\StartNow Toolbar\Resources\skin\toolbarbutton_ie_hover_l.png

C:\Program Files\StartNow Toolbar\Resources\skin\toolbarbutton_ie_hover_r.png

C:\Program Files\StartNow Toolbar\Resources\skin\toolbarbutton_ie_normal_c.png

C:\Program Files\StartNow Toolbar\Resources\skin\toolbarbutton_ie_normal_l.png

C:\Program Files\StartNow Toolbar\Resources\skin\toolbarbutton_ie_normal_r.png

C:\Program Files\StartNow Toolbar\Resources\skin

C:\Program Files\StartNow Toolbar\Resources\toolbar.xml

C:\Program Files\StartNow Toolbar\Resources\update.xml

C:\Program Files\StartNow Toolbar\Resources

C:\Program Files\StartNow Toolbar\StartNowToolbarUninstall.exe

C:\Program Files\StartNow Toolbar\Toolbar32.dll

C:\Program Files\StartNow Toolbar\ToolbarUpdaterService.exe

C:\Program Files\StartNow Toolbar\uninstall.dat

C:\Program Files\StartNow Toolbar

HKLM\Software\Classes\CLSID\{5911488E-9D1E-40ec-8CBB-06B231CC153F}

HKCR\CLSID\{5911488E-9D1E-40ec-8CBB-06B231CC153F}

HKCR\CLSID\{5911488E-9D1E-40ec-8CBB-06B231CC153F}

HKCR\CLSID\{5911488E-9D1E-40ec-8CBB-06B231CC153F}#ProgID

HKCR\CLSID\{5911488E-9D1E-40ec-8CBB-06B231CC153F}#VersionIndependentProgID

HKCR\CLSID\{5911488E-9D1E-40ec-8CBB-06B231CC153F}#TypeLib

HKCR\CLSID\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\InprocServer32

HKCR\CLSID\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\InprocServer32#ThreadingModel

HKCR\CLSID\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\Programmable

HKLM\Software\Classes\CLSID\{6E13D095-45C3-4271-9475-F3B48227DD9F}

HKCR\CLSID\{6E13D095-45C3-4271-9475-F3B48227DD9F}

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6E13D095-45C3-4271-9475-F3B48227DD9F}

HKU\S-1-5-21-465180092-4245211546-2343113550-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5911488E-9D1E-40EC-8CBB-06B231CC153F}

HKU\S-1-5-21-465180092-4245211546-2343113550-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6E13D095-45C3-4271-9475-F3B48227DD9F}

HKLM\Software\Microsoft\Internet Explorer\Toolbar#{5911488E-9D1E-40ec-8CBB-06B231CC153F}

 

PUP.MyWebSearch/FunWebProducts

HKU\S-1-5-21-465180092-4245211546-2343113550-1001\SOFTWARE\FunWebProducts

HKU\S-1-5-21-465180092-4245211546-2343113550-1001\SOFTWARE\MyWebSearch

HKLM\SYSTEM\CurrentControlSet\Services\MyWebSearchService

HKLM\SYSTEM\CurrentControlSet\Services\MyWebSearchService#Type

HKLM\SYSTEM\CurrentControlSet\Services\MyWebSearchService#Start

HKLM\SYSTEM\CurrentControlSet\Services\MyWebSearchService#ErrorControl

HKLM\SYSTEM\CurrentControlSet\Services\MyWebSearchService#DisplayName

HKLM\SYSTEM\CurrentControlSet\Services\MyWebSearchService#ObjectName

C:\PROGRAM FILES\INTERNET EXPLORER\MSIMG32.DLL

C:\PROGRAM FILES\MSN MESSENGER\MSIMG32.DLL

C:\PROGRAM FILES\MSN MESSENGER\RICHED20.DLL

 

Adware.Tracking Cookie

C:\Users\Bascara\AppData\Roaming\Microsoft\Windows\Cookies\X9HDK5AZ.txt [ /network.realmedia.com ]

C:\Users\Bascara\AppData\Roaming\Microsoft\Windows\Cookies\SPFB4G6N.txt [ /realmedia.com ]

C:\USERS\BASCARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\GSUEHK9N.txt [ Cookie:bascara@ad.yieldmanager.com/ ]

C:\USERS\BASCARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\YPZXBO2R.txt [ Cookie:bascara@invitemedia.com/ ]

C:\USERS\BASCARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\QGI1M63W.txt [ Cookie:bascara@yieldmanager.net/ ]

C:\USERS\BASCARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\MVLEV9CY.txt [ Cookie:bascara@legolas-media.com/ ]

C:\USERS\BASCARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\7908DFBW.txt [ Cookie:bascara@kanoodle.com/ ]

C:\USERS\BASCARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\1L981S5L.txt [ Cookie:bascara@adserver.zonemedia.com/ ]

C:\USERS\BASCARA\Cookies\X9HDK5AZ.txt [ Cookie:bascara@network.realmedia.com/ ]

C:\USERS\BASCARA\Cookies\SPFB4G6N.txt [ Cookie:bascara@realmedia.com/ ]

C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\ANYUSER@2O7[2].TXT [ /2O7 ]

C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\ANYUSER@ADS.POINTROLL[1].TXT [ /ADS.POINTROLL ]

C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\ANYUSER@CDN.JEMAMEDIA[1].TXT [ /CDN.JEMAMEDIA ]

C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\ANYUSER@DOUBLECLICK[1].TXT [ /DOUBLECLICK ]

C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\ANYUSER@POINTROLL[2].TXT [ /POINTROLL ]

C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\HOME-PC$@2O7[2].TXT [ /2O7 ]

C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\HOME-PC$@A1.INTERCLICK[2].TXT [ /A1.INTERCLICK ]

C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\HOME-PC$@AD.YIELDMANAGER[1].TXT [ /AD.YIELDMANAGER ]

C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\HOME-PC$@AD.YIELDMANAGER[2].TXT [ /AD.YIELDMANAGER ]

C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\HOME-PC$@ADBRITE[2].TXT [ /ADBRITE ]

C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\HOME-PC$@ADS.POINTROLL[2].TXT [ /ADS.POINTROLL ]

C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\HOME-PC$@ADS.POINTROLL[3].TXT [ /ADS.POINTROLL ]

C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\HOME-PC$@ADS.UNDERTONE[1].TXT [ /ADS.UNDERTONE ]

C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\HOME-PC$@ADVERTISE[1].TXT [ /ADVERTISE ]

C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\HOME-PC$@ADVERTISING[2].TXT [ /ADVERTISING ]

C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\HOME-PC$@APARTMENTFINDER[1].TXT [ /APARTMENTFINDER ]

C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\HOME-PC$@BURSTBEACON[1].TXT [ /BURSTBEACON ]

C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\HOME-PC$@CDN.JEMAMEDIA[1].TXT [ /CDN.JEMAMEDIA ]

C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\HOME-PC$@CDN.JEMAMEDIA[3].TXT [ /CDN.JEMAMEDIA ]

C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\HOME-PC$@COLLECTIVE-MEDIA[2].TXT [ /COLLECTIVE-MEDIA ]

C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\HOME-PC$@DOUBLECLICK[2].TXT [ /DOUBLECLICK ]

C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\HOME-PC$@E1.CDN.QNSR[2].TXT [ /E1.CDN.QNSR ]

C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\HOME-PC$@FASTCLICK[1].TXT [ /FASTCLICK ]

C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\HOME-PC$@INDIECLICK[2].TXT [ /INDIECLICK ]

C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\HOME-PC$@INTERCHANGECORPORATION.122.2O7[1].TXT [ /INTERCHANGECORPORATION.122.2O7 ]

C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\HOME-PC$@INVITEMEDIA[2].TXT [ /INVITEMEDIA ]

C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\HOME-PC$@LUCIDMEDIA[1].TXT [ /LUCIDMEDIA ]

C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\HOME-PC$@LUCIDMEDIA[2].TXT [ /LUCIDMEDIA ]

C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\HOME-PC$@MEDIA6DEGREES[2].TXT [ /MEDIA6DEGREES ]

C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\HOME-PC$@MEDIA6DEGREES[3].TXT [ /MEDIA6DEGREES ]

C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\HOME-PC$@MEDIAPLEX[2].TXT [ /MEDIAPLEX ]

C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\HOME-PC$@NETWORK.REALMEDIA[1].TXT [ /NETWORK.REALMEDIA ]

C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\HOME-PC$@O1.QNSR[1].TXT [ /O1.QNSR ]

C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\HOME-PC$@OPTIMIZE.INDIECLICK[1].TXT [ /OPTIMIZE.INDIECLICK ]

C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\HOME-PC$@POINTROLL[1].TXT [ /POINTROLL ]

C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\HOME-PC$@PRO-MARKET[1].TXT [ /PRO-MARKET ]

C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\HOME-PC$@PRO-MARKET[2].TXT [ /PRO-MARKET ]

C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\HOME-PC$@QNSR[1].TXT [ /QNSR ]

C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\HOME-PC$@QUESTIONMARKET[2].TXT [ /QUESTIONMARKET ]

C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\HOME-PC$@QUESTIONMARKET[3].TXT [ /QUESTIONMARKET ]

C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\HOME-PC$@REALMEDIA[1].TXT [ /REALMEDIA ]

C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\HOME-PC$@REDIRECT.TRAFFICZ[1].TXT [ /REDIRECT.TRAFFICZ ]

C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\HOME-PC$@SEARCH.AMAZECLICK[1].TXT [ /SEARCH.AMAZECLICK ]

C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\HOME-PC$@SEARCH.CLICKCHEER[1].TXT [ /SEARCH.CLICKCHEER ]

C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\HOME-PC$@SEARCH.CLICKSFIND[1].TXT [ /SEARCH.CLICKSFIND ]

C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\HOME-PC$@SEARCH.FINDSMY[1].TXT [ /SEARCH.FINDSMY ]

C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\HOME-PC$@SERVER.CPMSTAR[1].TXT [ /SERVER.CPMSTAR ]

C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\HOME-PC$@STATCOUNTER[1].TXT [ /STATCOUNTER ]

C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\HOME-PC$@STATCOUNTER[3].TXT [ /STATCOUNTER ]

C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\HOME-PC$@TACODA.AT.ATWOLA[2].TXT [ /TACODA.AT.ATWOLA ]

C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\HOME-PC$@TRAFFICMP[2].TXT [ /TRAFFICMP ]

C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\HOME-PC$@TRIBALFUSION[2].TXT [ /TRIBALFUSION ]

C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\HOME-PC$@UIADSERVER[1].TXT [ /UIADSERVER ]

C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\HOME-PC$@WWW.APARTMENTFINDER[2].TXT [ /WWW.APARTMENTFINDER ]

C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\HOME-PC$@WWW.BURSTBEACON[1].TXT [ /WWW.BURSTBEACON ]

C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\HOME-PC$@WWW.BURSTNET[1].TXT [ /WWW.BURSTNET ]

C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\HOME-PC$@WWW.IBTRACK[1].TXT [ /WWW.IBTRACK ]

 

Adware.Toolbar-Dealio

HKLM\System\ControlSet001\Services\APPLICATION UPDATER

C:\PROGRAM FILES\APPLICATION UPDATER\APPLICATIONUPDATER.EXE

HKLM\System\ControlSet001\Enum\Root\LEGACY_APPLICATION UPDATER

[searchSettings] C:\PROGRAM FILES\COMMON FILES\SPIGOT\SEARCH SETTINGS\SEARCHSETTINGS.EXE

C:\PROGRAM FILES\COMMON FILES\SPIGOT\SEARCH SETTINGS\SEARCHSETTINGS.EXE

HKLM\System\ControlSet002\Services\APPLICATION UPDATER

HKLM\System\ControlSet002\Enum\Root\LEGACY_APPLICATION UPDATER

HKLM\System\ControlSet003\Services\APPLICATION UPDATER

HKLM\System\ControlSet003\Enum\Root\LEGACY_APPLICATION UPDATER

HKLM\System\ControlSet004\Services\APPLICATION UPDATER

HKLM\System\ControlSet004\Enum\Root\LEGACY_APPLICATION UPDATER

HKLM\System\ControlSet005\Services\APPLICATION UPDATER

HKLM\System\ControlSet005\Enum\Root\LEGACY_APPLICATION UPDATER

HKLM\System\ControlSet006\Services\APPLICATION UPDATER

HKLM\System\ControlSet006\Enum\Root\LEGACY_APPLICATION UPDATER

HKLM\System\CurrentControlSet\Services\APPLICATION UPDATER

HKLM\System\CurrentControlSet\Enum\Root\LEGACY_APPLICATION UPDATER

C:\PROGRAM FILES\COMMON FILES\SPIGOT\SEARCH SETTINGS\SEARCHSETTINGS.EXE

C:\PROGRAM FILES\APPLICATION UPDATER\APPLICATIONUPDATER.EXE

C:\Windows\Prefetch\APPLICATIONUPDATER.EXE-77808505.pf

 

PUP.MyWebSearch

HKU\S-1-5-21-465180092-4245211546-2343113550-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00A6FAF6-072E-44CF-8957-5838F569A31D}

HKLM\Software\Microsoft\Internet Explorer\Toolbar#{07B18EA9-A523-4961-B6BB-170DE4475CCA}

HKCR\CLSID\{07B18EA9-A523-4961-B6BB-170DE4475CCA}

HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser#{07B18EA9-A523-4961-B6BB-170DE4475CCA}

HKU\S-1-5-21-465180092-4245211546-2343113550-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser#{07B18EA9-A523-4961-B6BB-170DE4475CCA}

HKU\S-1-5-18\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser#{07B18EA9-A523-4961-B6BB-170DE4475CCA}

HKU\.DEFAULT\Software\Microsoft\Internet Explorer\URLSearchHooks#{00A6FAF6-072E-44cf-8957-5838F569A31D}

HKCR\CLSID\{00A6FAF6-072E-44CF-8957-5838F569A31D}

HKU\S-1-5-18\Software\Microsoft\Internet Explorer\URLSearchHooks#{00A6FAF6-072E-44cf-8957-5838F569A31D}

 

Trojan.Agent/Gen-DownloadAdmin

C:\DOWNLOADS\OPENOFFICEWRITER-SETUP.EXE

 

Heur.Agent/Gen-WhiteBox

C:\DOWNLOADS\SOFTWARE\AULAUNCHER.EXE

 

Adware.Zango

C:\PROGRAM FILES\SMART-SHOPPER\UNINST.EXE

 

Trojan.Agent/Gen-Partsen

C:\USERS\BASCARA\APPDATA\ROAMING\MOZILLA\EXTENSIONS\{EC8030F7-C20A-464F-9B0E-13A3A9E97384}\TEXTLINKS@LPLAY.COM\COMPONENTS\LPTLF2.DLL

C:\USERS\BASCARA\APPDATA\ROAMING\MOZILLA\EXTENSIONS\{EC8030F7-C20A-464F-9B0E-13A3A9E97384}\TEXTLINKS@LPLAY.COM\COMPONENTS\LPTLF3.DLL

 

 

 

I'll give the scan another try and post back as soon as it's done.

Link to comment
Share on other sites
glen979 Newbie

glen979

Posted
  • Author
Posted

I finished the second scan but it caused my computer to be a little more unresponsive along with losing internet access. I can't seem to open many of my documents along with the logs that im suppose to be posting on this form. Is this normal?

Link to comment
Share on other sites
Superdave Newbie

Superdave

Posted
Posted
I can't seem to open many of my documents along with the logs that im suppose to be posting on this form. Is this normal?

 

No, that's not normal. Let's try something else.

 

Save these instructions so you can have access to them while in Safe Mode.

 

Please click here to download AVP Tool by Kaspersky.

  • Save it to your desktop.
  • Reboot your computer into SafeMode. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight SafeMode then hit enter.
  • Double click the setup file to run it.
  • Click Next to continue.
  • Accept the License agreement and click on next.
  • It will, by default, install it to your desktop folder. Click Next.
  • It will then open a box There will be a tab that says Automatic scan.
  • Under Automatic scan make sure these are checked.
     
  • Hidden Startup Objects
  • System Memory
  • Disk Boot Sectors.
  • My Computer.
  • Also any other drives (Removable that you may have)

Leave the rest of the settings as they appear as default.

•Then click on Scan at the to right hand Corner.

•It will automatically Neutralize any objects found.

•If some objects are left un-neutralized then click the button that says Neutralize all

•If it says it cannot be neutralized then choose the delete option when prompted.

•After that is done click on the reports button at the bottom and save it to file name it Kas.

•Save it somewhere convenient like your desktop and just post only the detected Virus\malware in the report it will be at the very top under Detected post those results in your next reply.

 

Note: This tool will self uninstall when you close it so please save the log before closing it.

Link to comment
Share on other sites
glen979 Newbie

glen979

Posted
  • Author
Posted

It seems that it took just a little longer for my computer to get set up. I left it alone for about an hour and everything seems to be working just fine again. Here are the remaining log files:

 

ComboFix 12-03-31.03 - Bascara 04/01/2012 1:40.1.2 - x86

Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.1.1033.18.2012.853 [GMT -4:00]

Running from: c:\users\Bascara\Downloads\ComboFix.exe

AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}

SP: IObit Malware Fighter *Disabled/Outdated* {A751AC20-3B48-5237-898A-78C4436BB78D}

SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\program files\RadioRage_4jEI

c:\windows\$NtUninstallKB15950$\1915505762\@

c:\windows\$NtUninstallKB15950$\1915505762\cfg.ini

c:\windows\$NtUninstallKB15950$\1915505762\Desktop.ini

c:\windows\$NtUninstallKB15950$\1915505762\L\ogejidap

c:\windows\$NtUninstallKB15950$\1915505762\oemid

c:\windows\$NtUninstallKB15950$\1915505762\U\00000001.@

c:\windows\$NtUninstallKB15950$\1915505762\U\00000002.@

c:\windows\$NtUninstallKB15950$\1915505762\U\00000004.@

c:\windows\$NtUninstallKB15950$\1915505762\U\80000000.@

c:\windows\$NtUninstallKB15950$\1915505762\U\80000004.@

c:\windows\$NtUninstallKB15950$\1915505762\U\80000032.@

c:\windows\$NtUninstallKB15950$\1915505762\version

c:\windows\$NtUninstallKB15950$\4179648440

c:\windows\Downloaded Program Files\f3initialsetup1.0.1.1.inf

c:\windows\security\Database\tmp.edb

c:\windows\SwSys1.bmp

c:\windows\SwSys2.bmp

c:\windows\system32\atinevxx.dll

c:\windows\system32\dds_trash_log.cmd

c:\windows\system32\dladresn.dll

c:\windows\system32\nvedavt.dll

c:\windows\system32\sndtdriverv32.dll

c:\windows\system32\system

c:\windows\system32\USBCamera.dll

.

c:\windows\system32\drivers\cdrom.sys was missing

Restored copy from - c:\windows\System32\DriverStore\FileRepository\cdrom.inf_c949a5b6\cdrom.sys

.

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

-------\Service_.cdrom

-------\Service_nimcdldu

-------\Service_UMPass

-------\Service_wacomvhid

-------\Service_Updater Service for StartNow Toolbar

.

.

((((((((((((((((((((((((( Files Created from 2012-03-01 to 2012-04-01 )))))))))))))))))))))))))))))))

.

.

2012-04-01 03:37 . 2012-04-01 03:40 -------- d-----w- C:\rei

2012-04-01 03:37 . 2012-04-01 03:37 -------- d-----w- c:\program files\Reimage

2012-04-01 03:37 . 2012-04-01 03:37 -------- d-----w- c:\program files\ReImageCompanion

2012-03-31 02:57 . 2012-03-31 02:57 -------- d-----w- c:\users\Bascara\AppData\Roaming\Malwarebytes

2012-03-31 02:56 . 2012-03-31 02:56 -------- d-----w- c:\programdata\Malwarebytes

2012-03-31 02:56 . 2012-03-31 02:57 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2012-03-31 02:56 . 2011-12-10 19:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-03-31 01:53 . 2012-03-31 01:53 -------- d-----w- c:\program files\Ask.com

2012-03-31 00:37 . 2012-03-31 00:37 -------- d-----w- c:\users\Bascara\AppData\Roaming\SUPERAntiSpyware.com

2012-03-31 00:35 . 2012-03-31 00:37 -------- d-----w- c:\program files\SUPERAntiSpyware

2012-03-31 00:35 . 2012-03-31 00:35 -------- d-----w- c:\programdata\SUPERAntiSpyware.com

2012-03-15 17:07 . 2012-03-15 17:07 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat

2012-03-15 17:05 . 2012-03-15 17:05 680448 ----a-w- c:\windows\system32\msvcrt.dll

2012-03-15 16:40 . 2012-03-31 02:50 -------- d-----w- c:\program files\Application Updater

2012-03-15 16:39 . 2012-03-15 16:40 -------- d-----w- c:\program files\IObit Toolbar

2012-03-15 16:39 . 2012-03-29 17:15 -------- d-----w- c:\users\Bascara\AppData\Roaming\Free Download Manager

2012-03-11 23:13 . 2012-03-11 23:13 -------- d-----w- C:\Nexon(0)

2012-03-11 20:32 . 2012-03-11 20:41 -------- d-----w- c:\users\Bascara\AppData\Roaming\PCPro

2012-03-11 20:32 . 2012-03-11 20:32 -------- d-----w- c:\users\Bascara\AppData\Roaming\PC Cleaners

2012-03-11 20:32 . 2012-03-11 20:32 -------- d-----w- c:\programdata\PC1Data

2012-03-02 23:03 . 2012-03-02 23:03 -------- d-----w- c:\program files\Common Files\Spigot

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-03-01 22:21 . 2012-01-30 06:54 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-01-31 12:44 . 2009-10-03 11:04 237072 ------w- c:\windows\system32\MpSigStub.exe

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2012-01-03 1514152]

.

[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]

.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{963B125B-8B21-49A2-A3A8-E37092276531}]

2012-02-09 09:45 141176 ----a-w- c:\program files\ReImageCompanion\updatebhoWin32.dll

.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{a0e8bc7d-6959-40b6-8e05-204d9768ad6e}]

2012-02-09 09:44 225656 ----a-w- c:\program files\ReImageCompanion\jsloader.dll

.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A26503FE-B3B8-4910-A9DC-9CBD25C6B8D6}]

2009-05-15 19:46 3962184 ----a-w- c:\users\Bascara\AppData\LocalLow\CyberDefender\cdmyidd.dll

.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]

2012-01-03 20:31 1514152 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll

.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{dcc70a83-e184-40a3-906b-779af5e941c4}]

2010-07-30 17:33 87512 ----a-w- c:\program files\xfinitytb\xfinitydx.dll

.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e6d0b79e-ecac-411b-8bf6-7a574981af30}]

2010-07-30 17:34 259584 ----a-w- c:\program files\xfinitytb\auxi\xfinityAu.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{A26503FE-B3B8-4910-A9DC-9CBD25C6B8D6}"= "c:\users\Bascara\AppData\LocalLow\CyberDefender\cdmyidd.dll" [2009-05-15 3962184]

"{dcc70a83-e184-40a3-906b-779af5e941c4}"= "c:\program files\xfinitytb\xfinitydx.dll" [2010-07-30 87512]

"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2012-01-03 1514152]

.

[HKEY_CLASSES_ROOT\clsid\{a26503fe-b3b8-4910-a9dc-9cbd25c6b8d6}]

[HKEY_CLASSES_ROOT\Cdmyidd.SecurityToolbar.1]

[HKEY_CLASSES_ROOT\TypeLib\{CD24EB02-9831-4838-99D0-726D411B1328}]

[HKEY_CLASSES_ROOT\Cdmyidd.SecurityToolbar]

.

[HKEY_CLASSES_ROOT\clsid\{dcc70a83-e184-40a3-906b-779af5e941c4}]

.

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]

[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]

[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]

[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

.

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]

"{A26503FE-B3B8-4910-A9DC-9CBD25C6B8D6}"= "c:\users\Bascara\AppData\LocalLow\CyberDefender\cdmyidd.dll" [2009-05-15 3962184]

"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2012-01-03 1514152]

.

[HKEY_CLASSES_ROOT\clsid\{a26503fe-b3b8-4910-a9dc-9cbd25c6b8d6}]

[HKEY_CLASSES_ROOT\Cdmyidd.SecurityToolbar.1]

[HKEY_CLASSES_ROOT\TypeLib\{CD24EB02-9831-4838-99D0-726D411B1328}]

[HKEY_CLASSES_ROOT\Cdmyidd.SecurityToolbar]

.

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]

[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]

[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]

[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 218032]

"Free Download Manager"="c:\program files\Free Download Manager\fdm.exe" [2010-04-29 3727411]

"Desktop Software"="c:\program files\Common Files\SupportSoft\bin\bcont.exe" [2009-04-24 1025320]

"ComcastAntispyClient"="c:\program files\comcasttb\ComcastSpywareScan\ComcastAntispy.exe" [2009-08-19 1589208]

"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]

"Advanced SystemCare 5"="c:\program files\IObit\Advanced SystemCare 5\ASCTray.exe" [2012-03-06 574296]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RtHDVCpl"="RtHDVCpl.exe" [2008-08-19 6265376]

"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-07-20 182808]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]

"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2008-05-23 128296]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

"Verizon_McciTrayApp"="c:\program files\Verizon\McciTrayApp.exe" [2010-03-17 1565696]

"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656]

"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-28 207424]

"PAC207_Monitor"="c:\windows\PixArt\PAC207\Monitor.exe" [2007-12-10 323584]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-26 136216]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-26 171032]

"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-26 170520]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-04-27 421160]

"Comcast_McciTrayApp"="c:\program files\Comcast\pcTrayApp.exe" [2012-01-18 1939968]

"ApnUpdater"="c:\program files\Ask.com\Updater\Updater.exe" [2012-01-03 1391272]

"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-31 460872]

"IObit Malware Fighter"="c:\program files\IObit\IObit Malware Fighter\IMF.exe" [2012-01-12 4453208]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2011-05-13 4283256]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

.

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"aux1"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\IMFservice]

@="Service"

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupportCenter

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Blubster]

2009-11-27 11:23 2866176 ----a-w- c:\program files\Blubster\Blubster.exe

.

S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [2011-08-11 116608]

S2 acedrv11;acedrv11;c:\windows\system32\drivers\acedrv11.sys [2008-07-30 277736]

S2 AdvancedSystemCareService5;Advanced SystemCare Service 5;c:\program files\IObit\Advanced SystemCare 5\ASCService.exe [2012-03-14 913752]

S2 AERTFilters;Andrea RT Filters Service;c:\windows\system32\AERTSrv.exe [2008-08-19 81920]

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc

LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache

.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs

vusbbus

RapiMgr

NeroMediaHomeService.4

hpzipr12

lvpr2mon

BVRPMPR5

tones

filterservice

s125mdm

mssql$soshome22

emitray

nimcdldu

3combootp

UMPass

fips

wacomvhid

eaps2kbd

sit_mdm

USBModem

ha20x2k

monfilt

TICalc

NEOFLTR_600_13319

rasirda

pclepci

gpc

smtpd32

wlsetupsvc

.

Contents of the 'Scheduled Tasks' folder

.

2012-04-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2012-01-30 06:54]

.

2012-04-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2012-01-30 06:54]

.

2012-03-29 c:\windows\Tasks\IOBit_AutoShutdown20120329020201.job

- c:\windows\system32\shutdown.exe [2008-01-21 02:34]

.

2012-04-01 c:\windows\Tasks\RtlNICDiagVistaStart.job

- c:\program files\Realtek\RTNICDiag\RTNICDiag.exe [2008-12-07 07:02]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.xfinity.com/customer/start/?cid=xfstart_tech_main/

mStart Page = hxxp://www.yahoo.com

uInternet Settings,ProxyOverride = *.local

Trusted Zone: imgfast.net\r23

TCP: DhcpNameServer = 192.168.2.1

Handler: base64 - {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - c:\program files\ReImageCompanion\tdataprotocol.dll

Handler: chrome - {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - c:\program files\ReImageCompanion\tdataprotocol.dll

Handler: prox - {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - c:\program files\ReImageCompanion\tdataprotocol.dll

.

- - - - ORPHANS REMOVED - - - -

.

Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)

Toolbar-{a0729639-d831-46c9-811b-9b0aa79fb45a} - (no file)

WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)

WebBrowser-{A0729639-D831-46C9-811B-9B0AA79FB45A} - (no file)

HKLM-Run-Browser companion helper - c:\program files\BrowserCompanion\BCHelper.exe

AddRemove-StartNow Toolbar - c:\program files\StartNow Toolbar\StartNowToolbarUninstall.exe

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2012-04-01 01:52

Windows 6.0.6002 Service Pack 2 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]

@Denied: (2) (LocalSystem)

"{A26503FE-B3B8-4910-A9DC-9CBD25C6B8D6}"=hex:51,66,7a,6c,4c,1d,38,12,90,00,76,

a6,8a,fd,7e,0c,d6,ca,df,fd,20,98,fc,c2

"{07B18EA9-A523-4961-B6BB-170DE4475CCA}"=hex:51,66,7a,6c,4c,1d,38,12,c7,8d,a2,

03,11,eb,0f,0c,c9,ad,54,4d,e1,19,18,de

"{8DCB7100-DF86-4384-8842-8FA844297B3F}"=hex:51,66,7a,6c,4c,1d,38,12,6e,72,d8,

89,b4,91,ea,06,f7,54,cc,e8,41,77,3f,2b

"{DCC70A83-E184-40A3-906B-779AF5E941C4}"=hex:51,66,7a,6c,4c,1d,38,12,ed,09,d4,

d8,b6,af,cd,05,ef,7d,34,da,f0,b7,05,d0

"{1E0DE227-5CE4-4EA3-AB0C-8B03E1AA76BC}"=hex:51,66,7a,6c,4c,1d,38,12,49,e1,1e,

1a,d6,12,cd,0b,d4,1a,c8,43,e4,f4,32,a8

"{FF059E31-CC5A-4E2E-BF3B-96E929D65503}"=hex:51,66,7a,6c,4c,1d,38,12,5f,9d,16,

fb,68,82,40,0b,c0,2d,d5,a9,2c,88,11,17

"{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}"=hex:51,66,7a,6c,4c,1d,38,12,11,dd,f9,

b9,57,8c,be,54,c3,fb,43,e0,cc,54,f1,1b

"{00A6FAF1-072E-44CF-8957-5838F569A31D}"=hex:51,66,7a,6c,4c,1d,38,12,9f,f9,b5,

04,1c,49,a1,01,f6,41,1b,78,f0,37,e7,09

"{07B18EA1-A523-4961-B6BB-170DE4475CCA}"=hex:51,66,7a,6c,4c,1d,38,12,cf,8d,a2,

03,11,eb,0f,0c,c9,ad,54,4d,e1,19,18,de

"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,

1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7

"{22BF413B-C6D2-4D91-82A9-A0F997BA588C}"=hex:51,66,7a,6c,4c,1d,38,12,55,42,ac,

26,e0,88,ff,08,fd,bf,e3,b9,92,e4,1c,98

"{6EBF7485-159F-4BFF-A14F-B9E3AAC4465B}"=hex:51,66,7a,6c,4c,1d,38,12,eb,77,ac,

6a,ad,5b,91,0e,de,59,fa,a3,af,9a,02,4f

"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,

94,30,02,d1,0f,f1,da,12,24,73,56,27,d2

"{CA6319C0-31B7-401E-A518-A07C3DB8F777}"=hex:51,66,7a,6c,4c,1d,38,12,ae,1a,70,

ce,85,7f,70,05,da,0e,e3,3c,38,e6,b3,63

"{CC59E0F9-7E43-44FA-9FAA-8377850BF205}"=hex:51,66,7a,6c,4c,1d,38,12,97,e3,4a,

c8,71,30,94,01,e0,bc,c0,37,80,55,b6,11

"{D2CE3E00-F94A-4740-988E-03DC2F38C34F}"=hex:51,66,7a,6c,4c,1d,38,12,6e,3d,dd,

d6,78,b7,2e,02,e7,98,40,9c,2a,66,87,5b

"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,

df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd

"{E6D0B79E-ECAC-411B-8BF6-7A574981AF30}"=hex:51,66,7a,6c,4c,1d,38,12,f0,b4,c3,

e2,9e,a2,75,04,f4,e0,39,17,4c,df,eb,24

.

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]

@Denied: (2) (LocalSystem)

"Timestamp"=hex:20,11,2f,a6,26,4a,cc,01

.

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]

@Denied: (2) (LocalSystem)

"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,8a,e8,67,8a,07,cc,f0,4c,93,29,5c,\

"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,8a,e8,67,8a,07,cc,f0,4c,93,29,5c,\

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'winlogon.exe'(684)

c:\program files\CA\PPRT\bin\CACheck.dll

c:\program files\CA\PPRT\bin\CAHook.dll

c:\program files\CA\PPRT\bin\CAServer.dll

.

- - - - - - - > 'Explorer.exe'(3900)

c:\program files\CA\PPRT\bin\CACheck.dll

c:\program files\CA\PPRT\bin\CAHook.dll

c:\program files\CA\PPRT\bin\CAServer.dll

.

------------------------ Other Running Processes ------------------------

.

c:\program files\IObit\IObit Malware Fighter\IMFsrv.exe

c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe

c:\program files\comcasttb\ComcastSpywareScan\ComcastAntiSpyService.exe

c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\program files\Bonjour\mDNSResponder.exe

c:\program files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe

c:\program files\CA\PPRT\bin\ITMRTSVC.exe

c:\windows\system32\mqsvc.exe

c:\program files\Common Files\Motive\pcCMService.exe

c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe

c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

c:\windows\system32\mqtgsvc.exe

c:\windows\RtHDVCpl.exe

c:\program files\Windows Media Player\wmpnetwk.exe

c:\program files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac

c:\program files\iPod\bin\iPodService.exe

c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe

.

**************************************************************************

.

Completion time: 2012-04-01 02:00:13 - machine was rebooted

ComboFix-quarantined-files.txt 2012-04-01 06:00

.

Pre-Run: 169,523,073,024 bytes free

Post-Run: 169,613,955,072 bytes free

.

- - End Of File - - 949243CDBE06B4E22EE5DD546D64E220

 

 

 

Malwarebytes Anti-Malware (Trial) 1.60.1.1000

http://www.malwarebytes.org

 

Database version: v2012.03.31.02

 

Windows Vista Service Pack 2 x86 NTFS

Internet Explorer 8.0.6001.18999

Bascara :: HOME-PC [administrator]

 

Protection: Enabled

 

3/31/2012 2:08:31 AM

mbam-log-2012-03-31 (02-08-31).txt

 

Scan type: Full scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 334656

Time elapsed: 1 hour(s), 32 minute(s), 25 second(s)

 

Memory Processes Detected: 0

(No malicious items detected)

 

Memory Modules Detected: 0

(No malicious items detected)

 

Registry Keys Detected: 8

HKCU\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{8BCB5337-EC01-4E38-840C-A964F174255B} (Adware.SmartShopper) -> Quarantined and deleted successfully.

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{8BCB5337-EC01-4E38-840C-A964F174255B} (Adware.SmartShopper) -> Quarantined and deleted successfully.

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{8BCB5337-EC01-4E38-840C-A964F174255B} (Adware.SmartShopper) -> Quarantined and deleted successfully.

HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0} (Trojan.Vundo) -> Quarantined and deleted successfully.

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{00A6FAF6-072E-44CF-8957-5838F569A31D} (PUP.MyWebSearch) -> Quarantined and deleted successfully.

HKCU\SOFTWARE\Smart-Shopper (Adware.SmartShopper) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Smart-Shopper (Adware.SmartShopper) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Smart-Shopper (Adware.SmartShopper) -> Quarantined and deleted successfully.

 

Registry Values Detected: 0

(No malicious items detected)

 

Registry Data Items Detected: 0

(No malicious items detected)

 

Folders Detected: 3

C:\Program Files\Smart-Shopper (Adware.SmartShopper) -> Quarantined and deleted successfully.

C:\Program Files\Smart-Shopper\Bin (Adware.SmartShopper) -> Quarantined and deleted successfully.

C:\Program Files\Smart-Shopper\Bin\2.5.1 (Adware.SmartShopper) -> Quarantined and deleted successfully.

 

Files Detected: 3

C:\Downloads\Software\RadioRage.exe (PUP.FunWebProducts) -> Quarantined and deleted successfully.

C:\Downloads\Software\MusicConverterSetup.exe (Adware.Agent) -> Quarantined and deleted successfully.

C:\Users\Bascara\AppData\LocalLow\RadioRage_4jEI\Installr\Cache\0238464E.exe (PUP.MyWebSearch) -> Quarantined and deleted successfully.

 

(end)

Link to comment
Share on other sites
Superdave Newbie

Superdave

Posted
Posted

Please download aswMBR.exe ( 511KB ) to your desktop.

 

Double click the aswMBR.exe to run it

 

http://i424.photobucket.com/albums/pp322/digistar/aswMBR_Scan.jpg

 

Click the "Scan" button to start scan

 

Note: Do not take action against any **Rootkit** entries until I have reviewed the log. Often there are false positives

 

http://i424.photobucket.com/albums/pp322/digistar/aswMBR_SaveLog.png

 

On completion of the scan click save log, save it to your desktop and post in your next reply

Link to comment
Share on other sites
glen979 Newbie

glen979

Posted
  • Author
Posted

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software

Run date: 2012-04-01 14:49:38

-----------------------------

14:49:38.324 OS Version: Windows 6.0.6002 Service Pack 2

14:49:38.324 Number of processors: 2 586 0x1706

14:49:38.326 ComputerName: HOME-PC UserName: Bascara

14:49:43.518 Initialize success

14:51:46.831 AVAST engine defs: 12040101

14:52:31.252 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1

14:52:31.253 Disk 0 Vendor: ST325031 4.AD Size: 238418MB BusType: 3

14:52:31.275 Disk 0 MBR read successfully

14:52:31.276 Disk 0 MBR scan

14:52:31.278 Disk 0 MBR:Alureon-M [Rtk]

14:52:31.279 Disk 0 TDL4@MBR code has been found

14:52:31.280 Disk 0 Windows VISTA default MBR code found via API

14:52:31.282 Disk 0 MBR hidden

14:52:31.283 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 54 MB offset 63

14:52:31.290 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 10240 MB offset 112640

14:52:31.309 Disk 0 Partition 3 80 (A) 07 HPFS/NTFS NTFS 228122 MB offset 21084160

14:52:31.314 Disk 0 MBR [TDL4] **ROOTKIT**

14:52:31.346 Disk 0 trace - called modules:

14:52:31.349 ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x87d4149f]<<

14:52:31.352 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x872fcac8]

14:52:31.354 3 CLASSPNP.SYS[893a78b3] -> nt!IofCallDriver -> [0x87c80ca8]

14:52:31.357 \Driver\iaStor[0x87c0b030] -> IRP_MJ_CREATE -> 0x87d4149f

14:52:32.066 AVAST engine scan C:\Windows

14:52:34.714 AVAST engine scan C:\Windows\system32

14:55:15.078 AVAST engine scan C:\Windows\system32\drivers

14:55:22.746 File: C:\Windows\system32\drivers\serial.sys **INFECTED** Win32:Alureon-ASC [Rtk]

14:55:25.831 AVAST engine scan C:\Users\Bascara

14:58:49.982 AVAST engine scan C:\ProgramData

15:01:01.876 Scan finished successfully

15:03:10.817 Disk 0 MBR has been saved successfully to "C:\Users\Bascara\Desktop\MBR.dat"

15:03:10.821 The log file has been saved successfully to "C:\Users\Bascara\Desktop\aswMBR.txt"

Link to comment
Share on other sites
Superdave Newbie

Superdave

Posted
Posted

  • Download TDSSKiller and save it to your Desktop.
  • Extract its contents to your desktop.
  • Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
     
    http://img.photobucket.com/albums/v420/kdiamondkenny/Computer/TDSSKillernumber1.png
     
  • If an infected file is detected, the default action will be Cure, click on Continue.
     
    http://img.photobucket.com/albums/v420/kdiamondkenny/Computer/TDSSKillernumber2.png
     
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
     
    http://img.photobucket.com/albums/v420/kdiamondkenny/Computer/TDSSKillernumber3.png
     
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
     
    http://img.photobucket.com/albums/v420/kdiamondkenny/Computer/TDSSKillerlastone3.png
     
  • Click the Report button and copy/paste the contents of it into your next reply

Note:It will also create a log in the C:\ directory..

Link to comment
Share on other sites
glen979 Newbie

glen979

Posted
  • Author
Posted

23:33:25.0760 3288 TDSS rootkit removing tool 2.7.23.0 Mar 26 2012 13:40:18

23:33:26.0025 3288 ============================================================

23:33:26.0025 3288 Current date / time: 2012/04/01 23:33:26.0025

23:33:26.0025 3288 SystemInfo:

23:33:26.0025 3288

23:33:26.0025 3288 OS Version: 6.0.6002 ServicePack: 2.0

23:33:26.0025 3288 Product type: Workstation

23:33:26.0025 3288 ComputerName: HOME-PC

23:33:26.0025 3288 UserName: Bascara

23:33:26.0025 3288 Windows directory: C:\Windows

23:33:26.0025 3288 System windows directory: C:\Windows

23:33:26.0025 3288 Processor architecture: Intel x86

23:33:26.0025 3288 Number of processors: 2

23:33:26.0025 3288 Page size: 0x1000

23:33:26.0025 3288 Boot type: Normal boot

23:33:26.0025 3288 ============================================================

23:33:26.0368 3288 Drive \Device\Harddisk0\DR0 - Size: 0x3A35294400 (232.83 Gb), SectorSize: 0x200, Cylinders: 0x76BA, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050

23:33:26.0368 3288 \Device\Harddisk0\DR0:

23:33:26.0368 3288 MBR used

23:33:26.0368 3288 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1B800, BlocksNum 0x1400000

23:33:26.0368 3288 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x141B800, BlocksNum 0x1BD8D000

23:33:26.0415 3288 Initialize success

23:33:26.0415 3288 ============================================================

Link to comment
Share on other sites
glen979 Newbie

glen979

Posted
  • Author
Posted

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software

Run date: 2012-04-02 15:26:47

-----------------------------

15:26:47.642 OS Version: Windows 6.0.6002 Service Pack 2

15:26:47.642 Number of processors: 2 586 0x1706

15:26:47.644 ComputerName: HOME-PC UserName: Bascara

15:26:58.900 Initialize success

15:27:06.871 AVAST engine defs: 12040101

15:27:14.621 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1

15:27:14.622 Disk 0 Vendor: ST325031 4.AD Size: 238418MB BusType: 3

15:27:14.648 Disk 0 MBR read successfully

15:27:14.649 Disk 0 MBR scan

15:27:14.652 Disk 0 Windows VISTA default MBR code

15:27:14.654 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 54 MB offset 63

15:27:14.663 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 10240 MB offset 112640

15:27:14.680 Disk 0 Partition 3 80 (A) 07 HPFS/NTFS NTFS 228122 MB offset 21084160

15:27:14.698 Disk 0 scanning sectors +488278016

15:27:14.769 Disk 0 scanning C:\Windows\system32\drivers

15:27:24.923 File: C:\Windows\system32\drivers\serial.sys **INFECTED** Win32:Alureon-ASC [Rtk]

15:27:30.813 Disk 0 trace - called modules:

15:27:30.856 ntkrnlpa.exe CLASSPNP.SYS disk.sys iastor.sys hal.dll

15:27:30.859 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8691a158]

15:27:30.861 3 CLASSPNP.SYS[893a58b3] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x85413028]

15:27:32.238 AVAST engine scan C:\Windows

15:27:41.163 AVAST engine scan C:\Windows\system32

15:30:06.522 AVAST engine scan C:\Windows\system32\drivers

15:30:14.035 File: C:\Windows\system32\drivers\serial.sys **INFECTED** Win32:Alureon-ASC [Rtk]

15:30:17.308 AVAST engine scan C:\Users\Bascara

15:36:13.217 AVAST engine scan C:\ProgramData

15:39:22.557 Scan finished successfully

16:15:49.676 Disk 0 MBR has been saved successfully to "C:\Users\Bascara\Desktop\MBR.dat"

16:15:49.701 The log file has been saved successfully to "C:\Users\Bascara\Desktop\aswMBR2.txt"

 

 

should I run TDSS again too?

Link to comment
Share on other sites
Superdave Newbie

Superdave

Posted
Posted

SysProt Antirootkit

 

Download

SysProt Antirootkit from the link below (you will find it at the bottom

of the page under attachments, or you can get it from one of the

mirrors).

 

http://sites.google.com/site/sysprotantirootkit/

 

Unzip it into a folder on your desktop.

  • Double click Sysprot.exe to start the program.
  • Click on the Log tab.
  • In the Write to log box select the following items.
    • Process << Selected
    • Kernel Modules << Selected
    • SSDT << Selected
    • Kernel Hooks << Selected
    • IRP Hooks << NOT Selected
    • Ports << NOT Selected
    • Hidden Files << Selected

    [*]At the bottom of the page

    • Hidden Objects Only << Selected

    [*]Click on the Create Log button on the bottom right.

    [*]After a few seconds a new window should appear.

    [*]Select Scan Root Drive. Click on the Start button.

    [*]When it is complete a new window will appear to indicate that the scan is finished.

    [*]The log will be saved automatically in the same folder Sysprot.exe was extracted to. Open the text file and copy/paste the log here.

Link to comment
Share on other sites
Superdave Newbie

Superdave

Posted
Posted

Ok. Let's try this one.

 

* Download the following tool: RootRepeal - Rootkit Detector

* Direct download link is here: RootRepeal.zip

 

* Close all programs and temporarily disable your anti-virus, Firewall and any anti-malware real-time protection before performing a scan.

* Click this link to see a list of such programs and how to disable them.

 

* Extract the program file to a new folder such as C:\RootRepeal

* Run the program RootRepeal.exe and go to the REPORT tab and click on the Scan button.

* Select ALL of the checkboxes and then click OK and it will start scanning your system.

* If you have multiple drives you only need to check the C: drive or the one Windows is installed on.

* When done, click on Save Report

* Save it to the same location where you ran it from, such as C:RootRepeal

* Save it as rootrepeal.txt

* Then open that log and select all and copy/paste it back on your next reply please.

* Close RootRepeal.

Link to comment
Share on other sites
glen979 Newbie

glen979

Posted
  • Author
Posted

ROOTREPEAL © AD, 2007-2009

==================================================

Scan Start Time: 2012/04/04 22:45

Program Version: Version 1.3.5.0

Windows Version: Windows Vista SP2

==================================================

 

Drivers

-------------------

Name: dump_iaStor.sys

Image Path: C:\Windows\System32\Drivers\dump_iaStor.sys

Address: 0x89113000 Size: 888832 File Visible: No Signed: -

Status: -

 

Name: rootrepeal.sys

Image Path: C:\Windows\system32\drivers\rootrepeal.sys

Address: 0xB2A66000 Size: 49152 File Visible: No Signed: -

Status: -

 

Hidden/Locked Files

-------------------

Path: C:\System Volume Information\{3808876b-c176-4e48-b7ae-04046e6cc752}

Status: Locked to the Windows API!

 

Path: C:\System Volume Information\{47a56c02-7963-11e1-bad0-00219b1633a6}{3808876b-c176-4e48-b7ae-04046e6cc752}

Status: Locked to the Windows API!

 

Path: C:\System Volume Information\{7b0b070f-7cf7-11e1-b8a8-00219b1633a6}{3808876b-c176-4e48-b7ae-04046e6cc752}

Status: Locked to the Windows API!

 

Path: C:\System Volume Information\{88b47046-7a12-11e1-beaf-00219b1633a6}{3808876b-c176-4e48-b7ae-04046e6cc752}

Status: Locked to the Windows API!

 

Path: C:\Windows\System32\GATHER~1.VBS

Status: Locked to the Windows API!

 

Path: C:\Windows\Temp\SEPAAA8.tmp

Status: Invisible to the Windows API!

 

Path: C:\Windows\Temp\SEPCFC6.tmp

Status: Visible to the Windows API, but not on disk.

 

Path: C:\Windows\System32\XPSViewer\XPSVIE~1.XML

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.6195_none_4de39e0d118f2d3f.cat

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.762_none_10b2f55f9bffb8f8.cat

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.21022.8_none_60a5df56e60dc5df.cat

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.atl_1fc8b3b9a1e18e3b_9.0.30729.6161_none_f0f2581af89e6e01.cat

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4148_none_5090ab56bcba71c2.cat

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.atl_1fc8b3b9a1e18e3b_9.0.30729.1_none_81c25f21d3d46d84.cat

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.mfcloc_1fc8b3b9a1e18e3b_9.0.30729.6161_none_49768ef57548175e.cat

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.mfc_1fc8b3b9a1e18e3b_9.0.30729.5570_none_ed02ee80fb22125b.cat

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.openmp_1fc8b3b9a1e18e3b_9.0.21022.8_none_ecdf8c290e547f39.cat

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.openmp_1fc8b3b9a1e18e3b_9.0.21022.8_none_7ab8cc63a6e4c2a3.cat

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.atl_1fc8b3b9a1e18e3b_9.0.30729.5570_none_51ce1f16bbe3e56e.cat

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4053_none_d08d7da0442a985d.cat

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a.cat

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30304.0_none_7db1e53ddcf5e248.cat

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.762_none_8a14c0566bec5b24.cat

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.atl_1fc8b3b9a1e18e3b_9.0.30729.5570_none_f0f36cb6f89d71d4.cat

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.openmp_1fc8b3b9a1e18e3b_9.0.30729.6161_none_0e93acbbb72b8e69.cat

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.762_none_9193a620671dde41.cat

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.atl_1fc8b3b9a1e18e3b_9.0.30729.1_none_e29d1181971ae11e.cat

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.openmp_1fc8b3b9a1e18e3b_9.0.30729.4148_none_80b7c8a91e9dd16a.cat

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.762_none_0c178a139ee2a7ed.cat

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.21022.8_none_bcb86ed6ac711f91.cat

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.6195_none_49f31fd71413cdc6.cat

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.42_none_db5f52fb98cb24ad.cat

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.openmp_1fc8b3b9a1e18e3b_8.0.50727.6195_none_3b1209fdc9ac7774.cat

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.5570_none_f481d44af6539578.cat

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.mfc_1fc8b3b9a1e18e3b_9.0.30729.1_none_dcc7eae99ad0d9cf.cat

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.atl_1fc8b3b9a1e18e3b_9.0.30729.6161_none_51cd0a7abbe4e19b.cat

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.mfc_1fc8b3b9a1e18e3b_9.0.30729.5570_none_4bf8f87ebf99de1f.cat

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.4053_none_4ddfc6cd11929a02.cat

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.6195_none_4db63e267dcf142c.cat

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4148_none_f47e1bd6f6571810.cat

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d1cb102c435421de.cat

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.mfcloc_1fc8b3b9a1e18e3b_9.0.30729.5570_none_f0c0675484e3abc5.cat

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.4053_none_d1c738ec43578ea1.cat

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.mfcloc_1fc8b3b9a1e18e3b_9.0.30729.1_none_818f59bf601aa775.cat

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.openmp_1fc8b3b9a1e18e3b_9.0.30729.4148_none_0e9108e3b72e14d4.cat

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.mfcloc_1fc8b3b9a1e18e3b_9.0.30729.1_none_da4695fc507e16e1.cat

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.6195_none_cbf5e994470a1a8f.cat

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4053_none_516e2e610f48bda6.cat

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.mfcloc_1fc8b3b9a1e18e3b_9.0.30729.6161_none_f0bf52b884e4a7f2.cat

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.mfc_1fc8b3b9a1e18e3b_9.0.30729.6161_none_ed01d9e4fb230e88.cat

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.762_none_8e053e8c6967ba9d.cat

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57.cat

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.mfcloc_1fc8b3b9a1e18e3b_9.0.30729.5570_none_4977a39175471b31.cat

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.762_none_8dd7dea5d5a7a18a.cat

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.openmp_1fc8b3b9a1e18e3b_9.0.30729.6161_none_80ba6c811e9b4aff.cat

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30304.0_none_d9c474bda3593bfa.cat

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.1_none_8550c6b5d18a9128.cat

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.mfc_1fc8b3b9a1e18e3b_9.0.30729.4148_none_ecff360cfb2594f3.cat

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_517205a10f4550e3.cat

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.mfcloc_1fc8b3b9a1e18e3b_9.0.30729.4148_none_4973eb1d754a9dc9.cat

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.mfc_1fc8b3b9a1e18e3b_9.0.30729.4148_none_4bf5400abf9d60b7.cat

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.openmp_1fc8b3b9a1e18e3b_9.0.30729.5570_none_0e94c157b72a923c.cat

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.762_none_11ecb0ab9b2caf3c.cat

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.atl_1fc8b3b9a1e18e3b_9.0.30729.4148_none_51ca66a2bbe76806.cat

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_f480bfaef65491a5.cat

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.mfc_1fc8b3b9a1e18e3b_9.0.30729.6161_none_4bf7e3e2bf9ada4c.cat

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.762_none_43efccf17831d131.cat

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.atl_1fc8b3b9a1e18e3b_9.0.30729.4148_none_f0efb442f8a0f46c.cat

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.mfcloc_1fc8b3b9a1e18e3b_9.0.30729.4148_none_f0bcaee084e72e5d.cat

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.6195_none_03ce2c72205943d3.cat

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.openmp_1fc8b3b9a1e18e3b_9.0.30729.5570_none_80bb811d1e9a4ed2.cat

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.5570_none_509463cabcb6ef2a.cat

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.openmp_1fc8b3b9a1e18e3b_8.0.50727.6195_none_6b8a9829b015faa3.cat

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.1_none_e163563597edeada.cat

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.42_none_5c4003bc63e949f6.cat

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.mfc_1fc8b3b9a1e18e3b_9.0.30729.1_none_7dd1e0ebd6590e0b.cat

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\x86_microsoft-windows-m..-downlevelmanifests_31bf3856ad364e35_6.0.6002.18005_none_04642e8a80bb8b27\MI2095~1.MAN

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\x86_microsoft-windows-m..-downlevelmanifests_31bf3856ad364e35_6.0.6002.18005_none_04642e8a80bb8b27\MIC237~1.MAN

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\x86_microsoft-windows-s..onent-sku-homebasic_31bf3856ad364e35_6.0.6002.18005_none_6fb05fed465ff4c8\SED8D0~1.XRM

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\x86_microsoft-windows-s..onent-sku-homebasic_31bf3856ad364e35_6.0.6002.18005_none_6fb05fed465ff4c8\SEC3C2~1.XRM

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\x86_microsoft-windows-s..onent-sku-homebasic_31bf3856ad364e35_6.0.6002.18005_none_6fb05fed465ff4c8\SED85F~1.XRM

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\x86_microsoft-windows-s..onent-sku-homebasic_31bf3856ad364e35_6.0.6002.18005_none_6fb05fed465ff4c8\SEC362~1.XRM

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\x86_microsoft-windows-s..onent-sku-homebasic_31bf3856ad364e35_6.0.6002.18005_none_6fb05fed465ff4c8\SEE61C~1.XRM

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\x86_microsoft-windows-wpd-portabledeviceapi_31bf3856ad364e35_6.0.6000.16767_none_48e0ac03ef0db56a\PORTAB~1.MOF

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\x86_microsoft-windows-wpd-portabledeviceapi_31bf3856ad364e35_6.0.6000.16767_none_48e0ac03ef0db56a\PORTAB~2.MOF

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\x86_microsoft-windows-wpd-portabledeviceapi_31bf3856ad364e35_6.0.6000.16767_none_48e0ac03ef0db56a\PORTAB~3.MOF

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\x86_microsoft-windows-wpd-portabledeviceapi_31bf3856ad364e35_6.0.6000.20941_none_4979e8d10820826f\PORTAB~1.MOF

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\x86_microsoft-windows-wpd-portabledeviceapi_31bf3856ad364e35_6.0.6000.20941_none_4979e8d10820826f\PORTAB~2.MOF

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\x86_microsoft-windows-wpd-portabledeviceapi_31bf3856ad364e35_6.0.6000.20941_none_4979e8d10820826f\PORTAB~3.MOF

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\x86_microsoft-windows-wpd-portabledeviceapi_31bf3856ad364e35_6.0.6001.18160_none_4abfe8a3ec3a94fa\PORTAB~1.MOF

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\x86_microsoft-windows-wpd-portabledeviceapi_31bf3856ad364e35_6.0.6001.18160_none_4abfe8a3ec3a94fa\PORTAB~2.MOF

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\x86_microsoft-windows-wpd-portabledeviceapi_31bf3856ad364e35_6.0.6001.18160_none_4abfe8a3ec3a94fa\PORTAB~3.MOF

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\x86_microsoft-windows-wpd-portabledeviceapi_31bf3856ad364e35_6.0.6001.22292_none_4b2b163f056ebb45\PORTAB~1.MOF

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\x86_microsoft-windows-wpd-portabledeviceapi_31bf3856ad364e35_6.0.6001.22292_none_4b2b163f056ebb45\PORTAB~2.MOF

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\x86_microsoft-windows-wpd-portabledeviceapi_31bf3856ad364e35_6.0.6001.22292_none_4b2b163f056ebb45\PORTAB~3.MOF

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\x86_microsoft-windows-wpd-portabledeviceapi_31bf3856ad364e35_6.0.6002.18005_none_4cec3f51e92bbb79\PORTAB~1.MOF

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\x86_microsoft-windows-wpd-portabledeviceapi_31bf3856ad364e35_6.0.6002.18005_none_4cec3f51e92bbb79\PORTAB~2.MOF

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\x86_microsoft-windows-wpd-portabledeviceapi_31bf3856ad364e35_6.0.6002.18005_none_4cec3f51e92bbb79\PORTAB~3.MOF

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\x86_netfx-installutil_exe_config_rtm_31bf3856ad364e35_6.0.6000.16720_none_c2e2272db9e7b99c\INSTAL~1.CON

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\x86_netfx-installutil_exe_config_rtm_31bf3856ad364e35_6.0.6000.20883_none_c32de54ed3334d11\INSTAL~1.CON

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\x86_netfx-installutil_exe_config_rtm_31bf3856ad364e35_6.0.6001.18111_none_c4d43609b70547f3\INSTAL~1.CON

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\x86_netfx-installutil_exe_config_rtm_31bf3856ad364e35_6.0.6001.22230_none_c54732b2d0340648\INSTAL~1.CON

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\x86_netfx-machine_config_ocm_b03f5f7f11d50a3a_6.0.6000.16720_none_f570e12815568682\MACHIN~1.COM

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\x86_netfx-machine_config_ocm_b03f5f7f11d50a3a_6.0.6000.20883_none_dea8f7cc2ef8cb75\MACHIN~1.COM

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\x86_netfx-vbc_exe_config_b03f5f7f11d50a3a_6.0.6000.16720_none_32a2a55c0f70152b\VBCEXE~1.CON

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\x86_netfx-vbc_exe_config_b03f5f7f11d50a3a_6.0.6000.20883_none_1bdabc0029125a1e\VBCEXE~1.CON

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\x86_netfx-webhightrust_config_b03f5f7f11d50a3a_6.0.6000.16720_none_a05f40e791345747\WEB_HI~1.CON

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\x86_netfx-webhightrust_config_b03f5f7f11d50a3a_6.0.6000.20883_none_8997578baad69c3a\WEB_HI~1.CON

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\x86_netfx-webhightrust_config_b03f5f7f11d50a3a_6.0.6001.18111_none_a03a259d918663e8\WEB_HI~1.CON

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\x86_netfx-webhightrust_config_b03f5f7f11d50a3a_6.0.6001.22230_none_896e9639ab2bdcfb\WEB_HI~1.CON

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\x86_policy.1.2.microsof..op.security.azroles_31bf3856ad364e35_6.0.6000.16386_none_ea83414c2e75b887\Microsoft.Interop.Security.AzRoles.config

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\x86_presentationcore_31bf3856ad364e35_6.0.6002.18005_none_ae1c8b4b8d1614c8\PRESEN~1.CON

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\x86_presentationcore_31bf3856ad364e35_6.0.6002.18236_none_adfd1f9d8d2d7c40\PRESEN~1.CON

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\x86_presentationcore_31bf3856ad364e35_6.0.6002.22377_none_ae5c7d02a66aa525\PRESEN~1.CON

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\x86_netfx-vbc_exe_config_b03f5f7f11d50a3a_6.0.6001.22230_none_1bb1faae29679adf\VBCEXE~1.CON

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\x86_netfx-msbuild_commontypes_schema_b03f5f7f11d50a3a_6.0.6000.16720_none_7081409dee51e2d7\MICROS~1.XSD

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\x86_netfx-msbuild_commontypes_schema_b03f5f7f11d50a3a_6.0.6000.20883_none_59b9574207f427ca\MICROS~1.XSD

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\x86_netfx-msbuild_commontypes_schema_b03f5f7f11d50a3a_6.0.6001.18111_none_705c2553eea3ef78\MICROS~1.XSD

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\x86_netfx-msbuild_commontypes_schema_b03f5f7f11d50a3a_6.0.6001.22230_none_599095f00849688b\MICROS~1.XSD

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\x86_netfx-msbuild_core_schema__b03f5f7f11d50a3a_6.0.6000.16720_none_b462fc0cbe880bcb\MICROS~1.XSD

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\x86_netfx-msbuild_core_schema__b03f5f7f11d50a3a_6.0.6000.20883_none_9d9b12b0d82a50be\MICROS~1.XSD

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\x86_netfx-msbuild_core_schema__b03f5f7f11d50a3a_6.0.6001.18111_none_b43de0c2beda186c\MICROS~1.XSD

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\x86_netfx-msbuild_core_schema__b03f5f7f11d50a3a_6.0.6001.22230_none_9d72515ed87f917f\MICROS~1.XSD

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\x86_netfx-vbc_exe_config_b03f5f7f11d50a3a_6.0.6001.18111_none_327d8a120fc221cc\VBCEXE~1.CON

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\x86_wcf-m_tx_bridge_perf_c_ini_31bf3856ad364e35_6.0.6001.18096_none_8023fb392e87c40a\_TRANS~1.INI

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\x86_wcf-m_tx_bridge_perf_c_ini_31bf3856ad364e35_6.0.6001.18096_none_8023fb392e87c40a\_TRANS~2.INI

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\x86_wcf-m_tx_bridge_perf_c_ini_31bf3856ad364e35_6.0.6001.22208_none_8110e9ca475a9830\_TRANS~1.INI

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\x86_wcf-m_tx_bridge_perf_c_ini_31bf3856ad364e35_6.0.6001.22208_none_8110e9ca475a9830\_TRANS~2.INI

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\x86_wcf-m_tx_bridge_perf_c_reg_31bf3856ad364e35_6.0.6000.16708_none_7ab8208b3397ed7d\_TRANS~1.REG

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\x86_wcf-m_tx_bridge_perf_c_reg_31bf3856ad364e35_6.0.6000.20864_none_7afcdca64ce9cf91\_TRANS~1.REG

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\x86_wcf-m_tx_bridge_perf_c_reg_31bf3856ad364e35_6.0.6001.18096_none_7c3b0d6b31094a12\_TRANS~1.REG

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\x86_wcf-m_tx_bridge_perf_c_reg_31bf3856ad364e35_6.0.6001.22208_none_7d27fbfc49dc1e38\_TRANS~1.REG

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\x86_wcf-m_tx_bridge_perf_c_vrg_31bf3856ad364e35_6.0.6000.16708_none_807ba2c12fe38edc\_TRANS~1.VRG

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\x86_wcf-m_tx_bridge_perf_c_vrg_31bf3856ad364e35_6.0.6000.20864_none_80c05edc493570f0\_TRANS~1.VRG

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\x86_wcf-m_tx_bridge_perf_c_vrg_31bf3856ad364e35_6.0.6001.18096_none_81fe8fa12d54eb71\_TRANS~1.VRG

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\x86_wcf-m_tx_bridge_perf_c_vrg_31bf3856ad364e35_6.0.6001.22208_none_82eb7e324627bf97\_TRANS~1.VRG

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\x86_wpf-globalserifcf_31bf3856ad364e35_6.0.6000.16708_none_319b7f14a2b4f78c\GLOBAL~1.COM

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\x86_wpf-globalserifcf_31bf3856ad364e35_6.0.6000.20864_none_31e03b2fbc06d9a0\GLOBAL~1.COM

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\x86_wpf-globalserifcf_31bf3856ad364e35_6.0.6001.18096_none_331e6bf4a0265421\GLOBAL~1.COM

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\x86_wpf-globalserifcf_31bf3856ad364e35_6.0.6001.22208_none_340b5a85b8f92847\GLOBAL~1.COM

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\x86_wpf-globalserifcf_31bf3856ad364e35_6.0.6002.18005_none_356532909d048bea\GLOBAL~1.COM

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\x86_wcf-m_tx_bridge_perf_c_ini_31bf3856ad364e35_6.0.6000.16708_none_7ea10e5931166775\_TRANS~1.INI

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\x86_wcf-m_tx_bridge_perf_c_ini_31bf3856ad364e35_6.0.6000.16708_none_7ea10e5931166775\_TRANS~2.INI

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\x86_wcf-m_tx_bridge_perf_c_ini_31bf3856ad364e35_6.0.6000.20864_none_7ee5ca744a684989\_TRANS~1.INI

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\x86_wcf-m_tx_bridge_perf_c_ini_31bf3856ad364e35_6.0.6000.20864_none_7ee5ca744a684989\_TRANS~2.INI

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\x86_wpf-system.speech_31bf3856ad364e35_6.0.6000.16708_none_7fdeb5cb1f6006f4\SYSTEM~1.DLL

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\x86_wpf-system.speech_31bf3856ad364e35_6.0.6000.20864_none_802371e638b1e908\SYSTEM~1.DLL

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\x86_wpf-system.speech_31bf3856ad364e35_6.0.6001.18096_none_8161a2ab1cd16389\SYSTEM~1.DLL

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\x86_wpf-system.speech_31bf3856ad364e35_6.0.6001.22208_none_824e913c35a437af\SYSTEM~1.DLL

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\x86_wpf-system.speech_31bf3856ad364e35_6.0.6002.18005_none_83a8694719af9b52\SYSTEM~1.DLL

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\x86_wpf-xpsviewermanifestxml_31bf3856ad364e35_6.0.6000.16708_none_ddb4cf58a13aa0ca\XPSVIE~1.XML

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\x86_wpf-xpsviewermanifestxml_31bf3856ad364e35_6.0.6000.20864_none_ddf98b73ba8c82de\XPSVIE~1.XML

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\x86_wpf-xpsviewermanifestxml_31bf3856ad364e35_6.0.6001.18096_none_df37bc389eabfd5f\XPSVIE~1.XML

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\x86_wpf-xpsviewermanifestxml_31bf3856ad364e35_6.0.6001.22208_none_e024aac9b77ed185\XPSVIE~1.XML

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\x86_wpf-xpsviewermanifestxml_31bf3856ad364e35_6.0.6002.18005_none_e17e82d49b8a3528\XPSVIE~1.XML

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\x86_netfx-machine_config_ocm_b03f5f7f11d50a3a_6.0.6001.18111_none_f54bc5de15a89323\MACHIN~1.COM

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\x86_netfx-machine_config_ocm_b03f5f7f11d50a3a_6.0.6001.22230_none_de80367a2f4e0c36\MACHIN~1.COM

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\x86_netfx-machine_config_ocm_b03f5f7f11d50a3a_6.0.6002.18005_none_f52661bc15faf3ee\MACHIN~1.COM

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6001.18288_none_9bf5c90f051fc5c6\GATHER~1.VBS

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6001.18288_none_9bf5c90f051fc5c6\RULESS~1.XML

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6001.18288_none_9bf5c90f051fc5c6\WIRELE~1.XML

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6001.22468_none_9c9507981e2d2ad5\GATHER~1.VBS

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6001.22468_none_9c9507981e2d2ad5\RULESS~1.XML

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6001.22468_none_9c9507981e2d2ad5\WIRELE~1.XML

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6002.18005_none_9e2fbb5f0207ec84\GATHER~1.VBS

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6002.18005_none_9e2fbb5f0207ec84\RULESS~1.XML

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6002.18005_none_9e2fbb5f0207ec84\WIRELE~1.XML

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6002.18064_none_9deddb8d02397ad3\GATHER~1.VBS

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6002.18064_none_9deddb8d02397ad3\RULESS~1.XML

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6002.18064_none_9deddb8d02397ad3\WIRELE~1.XML

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6002.22170_none_9e68a7441b62d132\GATHER~1.VBS

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6002.22170_none_9e68a7441b62d132\RULESS~1.XML

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6002.22170_none_9e68a7441b62d132\WIRELE~1.XML

Status: Locked to the Windows API!

 

Path: C:\Windows\PLA\Rules\RULESS~1.XML

Status: Locked to the Windows API!

 

Path: C:\Windows\PLA\System\WIRELE~1.XML

Status: Locked to the Windows API!

 

Path: c:\program files\ca\pprt\logs\2012-04-02.csv

Status: Allocation size mismatch (API: 408, Raw: 288)

 

Path: c:\program files\ca\pprt\logs\2012-04-03.csv

Status: Allocation size mismatch (API: 168, Raw: 0)

 

Path: c:\program files\ca\pprt\logs\2012-04-04.csv

Status: Allocation size mismatch (API: 168, Raw: 0)

 

Path: c:\program files\verizon\iha_messagecenter\log\mc-log

Status: Allocation size mismatch (API: 32768, Raw: 96)

 

Path: C:\System Volume Information\SystemRestore\FRStaging\Windows\$NtUninstallKB15950$:SummaryInformation

Status: Invisible to the Windows API!

 

Path: C:\Windows\System32\migwiz\dlmanifests\MIC237~1.MAN

Status: Locked to the Windows API!

 

Path: C:\Windows\System32\migwiz\dlmanifests\MI2095~1.MAN

Status: Locked to the Windows API!

 

Path: C:\Windows\System32\wbem\Logs\WMITracing.log

Status: Locked to the Windows API!

 

Path: c:\windows\system32\wdi\logfiles\wdicontextlog.etl.001

Status: Allocation size mismatch (API: 524288, Raw: 262144)

 

Path: C:\Windows\inf\MSDTC Bridge 3.0.0.0\0000\_TRANS~2.INI

Status: Locked to the Windows API!

 

Path: C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\SYSTEM~1.DLL

Status: Locked to the Windows API!

 

Path: c:\users\bascara\appdata\local\temp\~df4ef1.tmp

Status: Allocation size mismatch (API: 16384, Raw: 0)

 

Path: c:\users\bascara\appdata\local\temp\~df99be.tmp

Status: Allocation size mismatch (API: 16384, Raw: 0)

 

Path: c:\users\bascara\appdata\local\temp\~dff27a.tmp

Status: Allocation size mismatch (API: 16384, Raw: 0)

 

Path: C:\Windows\assembly\GAC_32\Policy.1.2.Microsoft.Interop.Security.AzRoles\6.0.6000.16386__31bf3856ad364e35\Microsoft.Interop.Security.AzRoles.config

StProcesses

-------------------

Path: System

PID: 4 Status: Locked to the Windows API!

 

Path: C:\Windows\System32\audiodg.exe

PID: 1200 Status: Locked to the Windows API!

 

Stealth Objects

-------------------

Object: Hidden Code [Driver: 00000424, IRP_MJ_CREATE]

Process: System Address: 0x8786b880 Size: 1921

 

Object: Hidden Code [Driver: 00000424, IRP_MJ_CREATE_NAMED_PIPE]

Process: System Address: 0x8786b880 Size: 1921

 

Object: Hidden Code [Driver: 00000424, IRP_MJ_CLOSE]

Process: System Address: 0x8786b880 Size: 1921

 

Object: Hidden Code [Driver: 00000424, IRP_MJ_READ]

Process: System Address: 0x8786b880 Size: 1921

 

Object: Hidden Code [Driver: 00000424, IRP_MJ_WRITE]

Process: System Address: 0x8786b880 Size: 1921

 

Object: Hidden Code [Driver: 00000424, IRP_MJ_QUERY_INFORMATION]

Process: System Address: 0x8786b880 Size: 1921

 

Object: Hidden Code [Driver: 00000424, IRP_MJ_SET_INFORMATION]

Process: System Address: 0x8786b880 Size: 1921

 

Object: Hidden Code [Driver: 00000424, IRP_MJ_QUERY_EA]

Process: System Address: 0x8786b880 Size: 1921

 

Object: Hidden Code [Driver: 00000424, IRP_MJ_SET_EA]

Process: System Address: 0x8786b880 Size: 1921

 

Object: Hidden Code [Driver: 00000424, IRP_MJ_FLUSH_BUFFERS]

Process: System Address: 0x8786b880 Size: 1921

 

Object: Hidden Code [Driver: 00000424, IRP_MJ_QUERY_VOLUME_INFORMATION]

Process: System Address: 0x8786b880 Size: 1921

 

Object: Hidden Code [Driver: 00000424, IRP_MJ_SET_VOLUME_INFORMATION]

Process: System Address: 0x8786b880 Size: 1921

 

Object: Hidden Code [Driver: 00000424, IRP_MJ_DIRECTORY_CONTROL]

Process: System Address: 0x8786b880 Size: 1921

 

Object: Hidden Code [Driver: 00000424, IRP_MJ_FILE_SYSTEM_CONTROL]

Process: System Address: 0x8786b880 Size: 1921

 

Object: Hidden Code [Driver: 00000424, IRP_MJ_DEVICE_CONTROL]

Process: System Address: 0x8786b880 Size: 1921

 

Object: Hidden Code [Driver: 00000424, IRP_MJ_INTERNAL_DEVICE_CONTROL]

Process: System Address: 0x8786b880 Size: 1921

 

Object: Hidden Code [Driver: 00000424, IRP_MJ_SHUTDOWN]

Process: System Address: 0x8786b880 Size: 1921

 

Object: Hidden Code [Driver: 00000424, IRP_MJ_LOCK_CONTROL]

Process: System Address: 0x8786b880 Size: 1921

 

Object: Hidden Code [Driver: 00000424, IRP_MJ_CLEANUP]

Process: System Address: 0x8786b880 Size: 1921

 

Object: Hidden Code [Driver: 00000424, IRP_MJ_CREATE_MAILSLOT]

Process: System Address: 0x8786b880 Size: 1921

 

Object: Hidden Code [Driver: 00000424, IRP_MJ_QUERY_SECURITY]

Process: System Address: 0x8786b880 Size: 1921

 

Object: Hidden Code [Driver: 00000424, IRP_MJ_SET_SECURITY]

Process: System Address: 0x8786b880 Size: 1921

 

Object: Hidden Code [Driver: 00000424, IRP_MJ_POWER]

Process: System Address: 0x8786b880 Size: 1921

 

Object: Hidden Code [Driver: 00000424, IRP_MJ_SYSTEM_CONTROL]

Process: System Address: 0x8786b880 Size: 1921

 

Object: Hidden Code [Driver: 00000424, IRP_MJ_DEVICE_CHANGE]

Process: System Address: 0x8786b880 Size: 1921

 

Object: Hidden Code [Driver: 00000424, IRP_MJ_QUERY_QUOTA]

Process: System Address: 0x8786b880 Size: 1921

 

Object: Hidden Code [Driver: 00000424, IRP_MJ_SET_QUOTA]

Process: System Address: 0x8786b880 Size: 1921

 

Object: Hidden Code [Driver: 00000424, IRP_MJ_PNP]

Process: System Address: 0x8786b880 Size: 1921

 

==EOF==

Link to comment
Share on other sites
Superdave Newbie

Superdave

Posted
Posted

ESET Online Scan

 

Scan your computer with the ESET FREE Online Virus Scan

 

* Click the ESET Online Scanner button.

 

* For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

* Click on the esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop

* Double click on the esetsmartinstaller_enu.exe icon on your desktop.

* Place a check mark next to YES, I accept the Terms of Use.

 

* Click the Start button.

* Accept any security warnings from your browser.

* Leave the check mark next to Remove found threats and place a check next to Scan archives.

* Click the Start button.

* ESET will then download updates, install, and begin scanning your computer. Please be patient as this can take some time.

* When the scan completes, click List of found threats.

* Next click Export to text file and save the file to your desktop using a name such as ESETScan. Include the contents of this report in your next reply.

* Click the Back button then click Finish.

 

In your next reply please include the ESET Online Scan Log

Link to comment
Share on other sites
glen979 Newbie

glen979

Posted
  • Author
Posted

C:\Documents and Settings\All Users\Application Data\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setupx.dll a variant of Win32/Adware.Yontoo.B application cleaned by deleting - quarantined

C:\Documents and Settings\All Users\Application Data\Tarma Installer\{ED7702F7-093C-4968-8B84-3CF5D1A3F23D}\_Setupx.dll a variant of Win32/Adware.Yontoo.B application cleaned by deleting - quarantined

C:\Downloads\Software\BlubsterSetup.exe multiple threats deleted - quarantined

C:\Program Files\Veoh Networks\VeohWebPlayer\qlps-qlipso-sntb.exe Win32/Toolbar.Zugo application deleted - quarantined

C:\Program Files\Yontoo\YontooIEClient.dll a variant of Win32/Adware.Yontoo.A application cleaned by deleting - quarantined

C:\Qoobox\Quarantine\C\Windows\System32\atinevxx.dll.vir probably a variant of Win32/Sirefef.ER trojan cleaned by deleting - quarantined

C:\Qoobox\Quarantine\C\Windows\System32\dladresn.dll.vir probably a variant of Win32/Sirefef.ER trojan cleaned by deleting - quarantined

C:\Qoobox\Quarantine\C\Windows\System32\nvedavt.dll.vir probably a variant of Win32/Sirefef.ER trojan cleaned by deleting - quarantined

C:\Qoobox\Quarantine\C\Windows\System32\sndtdriverv32.dll.vir probably a variant of Win32/Sirefef.ER trojan cleaned by deleting - quarantined

C:\Qoobox\Quarantine\C\Windows\System32\USBCamera.dll.vir probably a variant of Win32/Sirefef.ER trojan cleaned by deleting - quarantined

C:\TDSSKiller_Quarantine\01.04.2012_23.29.04\mbr0000\tdlfs0000\tsk0001.dta Win32/Olmarik.AWO trojan cleaned by deleting - quarantined

C:\TDSSKiller_Quarantine\01.04.2012_23.29.04\mbr0000\tdlfs0000\tsk0002.dta Win64/Olmarik.AD trojan cleaned by deleting - quarantined

C:\TDSSKiller_Quarantine\01.04.2012_23.29.04\mbr0000\tdlfs0000\tsk0003.dta Win32/Olmarik.AYH trojan cleaned by deleting - quarantined

C:\TDSSKiller_Quarantine\01.04.2012_23.29.04\mbr0000\tdlfs0000\tsk0004.dta Win64/Olmarik.AG trojan cleaned by deleting - quarantined

C:\TDSSKiller_Quarantine\01.04.2012_23.29.04\mbr0000\tdlfs0000\tsk0005.dta a variant of Win32/Rootkit.Kryptik.KB trojan cleaned by deleting - quarantined

C:\TDSSKiller_Quarantine\01.04.2012_23.29.04\mbr0000\tdlfs0000\tsk0006.dta Win64/Olmarik.AF trojan cleaned by deleting - quarantined

C:\TDSSKiller_Quarantine\01.04.2012_23.29.04\mbr0000\tdlfs0000\tsk0010.dta Win32/Olmarik.AWO trojan cleaned by deleting - quarantined

C:\TDSSKiller_Quarantine\01.04.2012_23.29.04\mbr0000\tdlfs0000\tsk0011.dta Win64/Olmarik.X trojan cleaned by deleting - quarantined

C:\Windows\System32\drivers\serial.sys Win32/Sirefef.DA trojan unable to clean

Link to comment
Share on other sites
glen979 Newbie

glen979

Posted
  • Author
Posted

Its running a whole lot better now then it was when I first came to you, thank you for the support.

Although my web browser seems to crash from time to time. It's not that big of a deal but I can't help but wonder, was the virus was responsible for that?

 

Anyways I guess my computer is malware free now and its working great.

Thank you so much!

Link to comment
Share on other sites
glen979 Newbie

glen979

Posted
  • Author
Posted

Oh by the way, I am having some issues with my licence code from when I first bought the pro edition of IObit. Along the way while I was doing those scans I somehow got downgraded from the Pro edition to the free version. I've tried to reinput the code but its been giving me a message saying that the registration failed and that I should buy another licence code.

Any tips on this one?

Link to comment
Share on other sites
Superdave Newbie

Superdave

Posted
Posted
Anyways I guess my computer is malware free now and its working great.

Thank you so much!

You're welcome. Now we should do some cleanup.

 

Download this program and run it Uninstall ComboFix .It will remove ComboFix for you

 

**********************************************************

To set a new Restore Point.

 

Click Start button , click Control Panel, click System and Maintenance, and then clicking System. In the left pane, click System Protection. If you are prompted for an administrator password or confirmation, type the password or provide confirmation. To turn off System Protection for a hard disk, clear the check box next to the disk, and then click OK. Reboot to Normal Mode.

Click the Start button , click Control Panel, click System and Maintenance, and then click System.

In the left pane, click System Protection. If you are prompted for an administrator password or confirmation, type the password or provide confirmation.

To turn on System Protection for a hard disk, select the check box next to the disk, and then click OK.

This will give you a new, clean Restore Point.

******************************************************

Oh by the way, I am having some issues with my licence code from when I first bought the pro edition of IObit. Along the way while I was doing those scans I somehow got downgraded from the Pro edition to the free version. I've tried to reinput the code but its been giving me a message saying that the registration failed and that I should buy another licence code. Any tips on this one?

You will have to address this problem in one of the other forums. I really can't help with it.

 

Clean out your temporary internet files and temp files.

Download TFC by OldTimer to your desktop.

 

Double-click TFC.exe to run it.

 

Note: If you are running on Vista, right-click on the file and choose Run As Administrator

 

TFC will close all programs when run, so make sure you have saved all your work before you begin.

 

* Click the Start button to begin the cleaning process.

* Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two.

* Please let TFC run uninterrupted until it is finished.

 

Once TFC is finished it should restart your computer. If it does not, please manually restart the computer yourself to ensure a complete cleaning.

****************************************************

Looking over your log it seems you don't have any evidence of a third party firewall.

 

Firewalls protect against hackers and malicious intruders. You need to download a free firewall from one of these reliable vendors.

 

Remember only install ONE firewall

 

1) Comodo Personal Firewall (Uncheck during installation "Install Comodo SafeSurf..", Make Comodo my default search provider" and "Make Comodo Search my homepage" and uncheck any HopSurf and/or Ask.com options if you choose this one)

2) Online Armor

3) Agnitum Outpost

4) PC Tools Firewall Plus

 

If you are using the built-in Windows XP firewall, it is not recommended as it does not block outgoing connections. This means that any malware on your computer is free to "phone home" for more instructions. Simply put, Windows XP contains a mediocre firewall. This firewall is NO replacement for a dedicated software solution. Remember to use only one firewall at the same time.

**************************************************************

Use the Secunia Software Inspector to check for out of date software.

 

•Click Start Now

 

•Check the box next to Enable thorough system inspection.

 

•Click Start

 

•Allow the scan to finish and scroll down to see if any updates are needed.

•Update anything listed.

.

----------

 

Go to Microsoft Windows Update and get all critical updates.

 

----------

 

I suggest using WOT - Web of Trust. WOT is a free Internet security addon for your browser. It will keep you safe from online scams, identity theft, spyware, spam, viruses and unreliable shopping sites. WOT warns you before you interact with a risky website. It's easy and it's free.

 

SpywareBlaster- Secure your Internet Explorer to make it harder for ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox.

* Using SpywareBlaster to protect your computer from Spyware and Malware

* If you don't know what ActiveX controls are, see here

 

Protect yourself against spyware using the Immunize feature in Spybot - Search & Destroy. Guide: Use Spybot's Immunize Feature to prevent spyware infection in real-time. Note: To ensure you have the latest Immunizations always update Spybot - Search & Destroy before Immunizing. Spybot - Search & Destroy FAQ

 

Check out Keeping Yourself Safe On The Web for tips and free tools to help keep you safe in the future.

 

Also see Slow Computer? It may not be Malware for free cleaning/maintenance tools to help keep your computer running smoothly.

Safe Surfing!

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

Go to topic listing
×
×
  • Create New...