Solve : get answers fast!!!?

1.	Solve : get answers fast!!!?
Answer» hi guys, i'm sure you guys know about this get-answers-fast.com thing, where after a few google searches it jumps to that horrible website. in my feeble attempt to defend myself, i ran f-secure... (which i'm never really sure if it does anything). nothing was detected. then i downloaded microsoft security essentials. when i ran a quick scan nothing was detected. when i ran a full scan, it got stuck, and now i can't even cancel it. (i don't know if that is relevant at all) i know you guys are geniuses... so please tell me what to do. thank you so much for your time... and your good electronic will. yinPlease visit this webpage for a tutorial on downloading and running ComboFix: http://www.bleepingcomputer.com/combofix/how-to-use-combofix See the area: Using ComboFix, and when done, post the log back here.log is as follows... thanks! and i want to share with you a screen shot of some error messages which came up after combofix rebooted (3 errors: 1- there is a problem starting C:\ProgramData\MousePolicyPolicy.dll 2- RECYCLE Bin on C:\ is corrupted Do you wan to empty the Recycle Bin for this drive? 3- There was a problem starting C:\UserszyinzAppData\Local\Installer4632\Installer4632Update\Installer4632updt32.DLL The specified module could not be found thanksthanksthanks! ComboFix 11-10-27.05 - yin 10/27/2011 11:08:23.1.4 - x64 Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3894.2171 [GMT -4:00] Running from: c:\users\yin\Desktop\ComboFix.exe AV: F-Secure Client Security 9.11 Disabled/Updated {15414183-282E-D62C-CA37-EF24860A2F17} AV: Microsoft Security Essentials Disabled/Updated {108DAC43-C256-20B7-BB05-914135DA5160} FW: F-Secure Client Security 9.11 Disabled {2D7AC0A6-6241-D774-E168-461178D9686C} SP: F-Secure Client Security 9.11 Disabled/Updated {AE20A067-0E14-D9A2-F087-D456FD8D65AA} SP: Microsoft Security Essentials Disabled/Updated {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD} SP: Windows Defender Disabled/Updated {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\program files\autorun.inf c:\program files\Setup.exe c:\programdata\MousePolicyPolicy.dll c:\users\yin\AppData\Local\Installer4632\Installer4632Update\Installer4632updt32.dll c:\windows\IsUn0804.exe . . ((((((((((((((((((((((((( Files Created from 2011-09-27 to 2011-10-27 ))))))))))))))))))))))))))))))) . . 2011-10-27 15:16 . 2011-10-27 15:16 -------- d-----w- c:\users\Default\AppData\Local\temp 2011-10-27 14:07 . 2011-10-27 14:07 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help 2011-10-27 00:10 . 2011-09-12 21:26 9049936 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2011-10-27 00:09 . 2011-10-27 15:17 69000 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F8A45CB0-27D8-4226-9B5A-36007A5A3634}\offreg.dll 2011-10-27 00:09 . 2011-10-07 01:16 8570192 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F8A45CB0-27D8-4226-9B5A-36007A5A3634}\mpengine.dll 2011-10-27 00:06 . 2011-10-27 00:05 917840 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{15389EEF-C043-40D1-A8A2-12443A420514}\gapaengine.dll 2011-10-26 23:44 . 2011-10-26 23:44 -------- d-----w- c:\program files (x86)\Microsoft Security Client 2011-10-26 23:43 . 2011-10-26 23:45 -------- d-----w- c:\program files\Microsoft Security Client 2011-10-26 23:43 . 2010-04-09 11:06 374664 ----a-w- c:\windows\system32\drivers\netio.sys 2011-10-26 23:04 . 2011-10-26 23:43 -------- d-----w- c:\users\yin\AppData\Roaming\GetRightToGo 2011-10-25 21:12 . 2011-10-26 13:03 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{BBBDCD4C-2B17-440D-B994-940C02ED2A8A}\offreg.dll 2011-10-25 21:12 . 2011-10-07 04:16 8570192 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{BBBDCD4C-2B17-440D-B994-940C02ED2A8A}\mpengine.dll 2011-10-24 01:28 . 2011-10-26 04:00 -------- d-----w- c:\users\yin\AppData\Roaming\FileZilla 2011-10-24 01:28 . 2011-10-24 01:28 -------- d-----w- c:\program files (x86)\FileZilla FTP Client 2011-10-14 18:11 . 2011-10-14 18:11 -------- d--h--w- c:\programdata\CanonIJEPPEX2 2011-10-14 18:11 . 2011-10-14 18:11 -------- d--h--w- c:\programdata\CanonEPP 2011-10-14 18:09 . 2011-10-14 18:09 -------- d-----w- c:\programdata\Canon IJ Network Tool 2011-10-14 18:09 . 2010-03-18 18:25 307200 ----a-w- c:\windows\SysWow64\CNC5200L.dll 2011-10-14 18:09 . 2010-03-18 16:11 106496 ----a-w- c:\windows\SysWow64\CNC5200U.dll 2011-10-14 18:09 . 2008-08-25 17:02 15872 ----a-w- c:\windows\SysWow64\CNHMCA.dll 2011-10-14 18:07 . 2011-10-14 18:07 -------- d-----w- c:\programdata\CanonIJMSetup 2011-10-14 18:01 . 2011-10-14 18:01 -------- d-----w- c:\program files\Common Files\CANON 2011-10-14 18:01 . 2011-10-14 18:01 -------- d-----w- c:\programdata\CanonIJWSpt 2011-10-14 17:59 . 2011-10-14 17:59 -------- d-----w- c:\program files\Canon 2011-10-14 17:58 . 2011-10-14 17:58 -------- d--h--w- c:\programdata\CanonBJ 2011-10-14 17:58 . 2010-04-07 04:00 87040 ----a-w- c:\windows\system32\Spool\prtprocs\x64\CNMPPAE.DLL 2011-10-14 17:58 . 2010-04-07 04:00 28672 ----a-w- c:\windows\system32\Spool\prtprocs\x64\CNMPDAE.DLL 2011-10-14 17:58 . 2011-10-14 17:58 -------- d--h--w- c:\windows\system32\CanonIJ Uninstaller Information 2011-10-14 17:57 . 2010-04-07 04:00 361472 ----a-w- c:\windows\system32\CNMLMAE.DLL 2011-10-14 17:57 . 2010-03-11 07:57 248320 ----a-w- c:\windows\system32\CNMIUAE.DLL 2011-10-14 17:57 . 2011-10-14 17:57 -------- d-----w- c:\windows\system32\STRING 2011-10-14 17:57 . 2010-02-05 09:37 37376 ----a-w- c:\windows\system32\CNMN6UI.DLL 2011-10-14 17:57 . 2010-02-05 09:37 327680 ----a-w- c:\windows\system32\CNMN6PPM.DLL 2011-10-14 17:55 . 2011-10-14 18:11 -------- d-----w- c:\program files (x86)\Canon 2011-10-14 00:53 . 2011-08-20 05:40 1013248 ----a-w- c:\program files\Internet Explorer\iedvtool.dll 2011-10-14 00:53 . 2011-08-20 04:34 860672 ----a-w- c:\program files (x86)\Internet Explorer\iedvtool.dll 2011-10-14 00:53 . 2011-08-20 05:45 1197568 ----a-w- c:\windows\system32\wininet.dll 2011-10-14 00:51 . 2011-08-17 05:32 613888 ----a-w- c:\windows\system32\psisdecd.dll . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-08-17 10:22 . 2011-07-04 12:37 42672 ----a-w- c:\windows\SysWow64\drivers\fsbts.sys 2011-02-23 01:55 . 2011-02-23 01:54 4772720 ----a-w- c:\program files\BitTorrent-7.2.exe 2010-02-23 09:49 . 2011-06-26 23:03 549216 ----a-w- c:\program files\AecSetup.dll 2010-02-10 00:16 . 2011-06-26 23:03 1049312 ----a-w- c:\program files\PatchMgr.dll 2010-02-10 00:16 . 2011-06-26 23:03 47328 ----a-w- c:\program files\AcSetup.dll 2010-01-14 14:40 . 2011-06-26 23:03 704360 ----a-w- c:\program files\SetupAcadUi.dll 2010-01-14 14:40 . 2011-06-26 23:03 693096 ----a-w- c:\program files\SetupUi.dll 2010-01-14 14:40 . 2011-06-26 23:03 108392 ----a-w- c:\program files\LiteHtml.dll 2010-01-14 14:40 . 2011-06-26 23:03 544616 ----a-w- c:\program files\DeployUi.dll 2010-01-14 14:40 . 2011-06-26 23:03 85352 ----a-w- c:\program files\CIPUtil.dll 2010-01-14 14:40 . 2011-06-26 23:02 161640 ----a-w- c:\program files\AcDelTree.exe 2010-01-14 14:37 . 2011-06-26 23:03 319248 ----a-w- c:\program files\UPI.dll 2010-01-14 14:36 . 2011-06-26 23:03 375128 ----a-w- c:\program files\MC3Res.dll 2010-01-14 14:36 . 2011-06-26 23:03 1764696 ----a-w- c:\program files\MC3.dll 2010-01-14 14:36 . 2011-06-26 23:03 190688 ----a-w- c:\program files\senddmp.exe 2009-11-19 23:07 . 2011-06-26 23:03 189800 ----a-w- c:\program files\adlmutil.dll 2009-11-19 23:07 . 2011-06-26 23:03 1274728 ----a-w- c:\program files\adlmPIT.dll 2009-10-29 04:18 . 2011-06-26 23:03 653120 ----a-w- c:\program files\msvcr90.dll 2009-10-29 04:18 . 2011-06-26 23:03 569664 ----a-w- c:\program files\msvcp90.dll 2009-10-29 04:18 . 2011-06-26 23:03 225280 ----a-w- c:\program files\msvcm90.dll 2009-09-10 02:57 . 2009-09-10 02:57 289830672 ------w- c:\program files\Setup Prerequisites 08.11.07.03_en.exe 2009-06-08 01:37 . 2011-06-26 23:03 3783672 ----a-w- c:\program files\mfc90u.dll 2008-05-05 19:55 . 2011-06-26 23:03 319248 ----a-w- c:\program files\UPI32.dll 2008-04-10 11:31 . 2011-06-26 23:03 1835888 ----a-r- c:\program files\xerces-c_2_8_AEC.dll 2004-05-04 14:53 . 2011-06-26 23:03 1645320 ----a-w- c:\program files\gdiplus.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2011-06-15 15141768] "AdobeUpdater"="c:\program files (x86)\Common Files\Adobe\Updater5\AdobeUpdater.exe" [2011-02-16 2356088] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2010-04-13 284696] "HP Quick Launch"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2010-07-02 602680] "Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2007-05-10 624248] "GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072] "F-Secure Manager"="c:\program files (x86)\F-Secure\Common\FSM32.EXE" [2011-05-19 302832] "F-Secure TNB"="c:\program files (x86)\F-Secure\FSGUI\TNBUtil.exe" [2011-05-19 1654512] "CanonSolutionMenuEx"="c:\program files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE" [2010-04-02 1185112] "IJNetworkScanUtility"="c:\program files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe" [2010-03-02 140640] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 0 (0x0) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "EnableShellExecuteHooks"= 1 (0x1) . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] ="Service" . R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-02-10 136176] R2 HP Wireless Assistant Service;HP Wireless Assistant Service;c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-06-18 103992] R2 RtVOsdService;RtVOsdService Installer;c:\program files\Realtek\RtVOsd\RtVOsdService.exe [2010-06-17 315392] R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2011-06-27 1436424] R3 FSORSPClient;F-Secure ORSP Client;c:\program files (x86)\F-Secure\ORSP Client\fsorsp.exe [2011-07-06 61088] R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-02-10 136176] R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows VISTA 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 288272] R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2009-09-23 225280] R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys S1 F-Secure HIPS;F-Secure HIPS Driver;c:\program files (x86)\F-Secure\HIPS\drivers\fshs.sys [2011-05-19 61008] S1 FSES;F-Secure Email Scanning Driver;c:\windows\system32\drivers\fses.sys S1 FSFW;F-Secure Firewall Driver;c:\windows\system32\drivers\fsdfw.sys S1 fsvista;F-Secure Vista Support Driver;c:\program files (x86)\F-Secure\Anti-Virus\minifilter\fsvista.sys [2011-05-19 15856] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [2009-11-18 98208] S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 27136] S2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-07-02 27192] S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-04-13 13336] S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-03-18 2320920] S3 F-Secure Gatekeeper;F-Secure Gatekeeper;c:\program files (x86)\F-Secure\Anti-Virus\minifilter\fsgk.sys [2011-09-08 198808] S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys S3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys S3 WSDScan;WSD Scan Support via UMB;c:\windows\system32\DRIVERS\WSDScan.sys . . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost] Akamai REG_MULTI_SZ Akamai . Contents of the 'Scheduled Tasks' folder . 2011-10-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-02-10 01:37] . 2011-10-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-02-10 01:37] . 2011-10-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-71440679-69947657-1278906953-1000Core.job - c:\users\yin\AppData\Local\Google\Update\GoogleUpdate.exe [2011-02-08 01:06] . 2011-10-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-71440679-69947657-1278906953-1000UA.job - c:\users\yin\AppData\Local\Google\Update\GoogleUpdate.exe [2011-02-08 01:06] . . --------- x86-64 ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2010-03-13 6234144] "HPWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe" [2010-06-18 8192] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-25 161304] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-25 386584] "Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-25 415256] "CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2010-03-25 2726728] "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 1436736] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "LoadAppInit_DLLs"=0x0 . ------- Supplementary Scan ------- . uStart Page = https://login.live.com/login.srf?cbcxt=out&vv=900&wa=wsignin1.0&wtrealm=urn:federation:MicrosoftOnline&wctx=wa%3Dwsignin1.0%26rpsnv%3D2%26ct%3D1298333514%26rver%3D6.1.6206.0%26wp%3DMBI_KEY%26wreply%3Dhttps:%252F%252Fwww.outlook.com%252Fowa%252F%26id%3D260563%26CBCXT%3Dout uLocal Page = c:\windows\system32\blank.htm mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = .local IE: Append to existing PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert link target to Adobe PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert link target to existing PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert selected links to Adobe PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convert selected links to existing PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Convert selection to Adobe PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert selection to existing PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert to Adobe PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~3\Office12\EXCEL.EXE/3000 TCP: DhcpNameServer = 192.168.1.1 FF - ProfilePath - c:\users\yin\AppData\Roaming\Mozilla\Firefox\Profiles\k1t56s8f.default\ FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Browsing Protection: [email protected] - c:\program files (x86)\F-Secure\NRS\[email protected] FF - Ext: Ovi Maps 3D browser plugin: [email protected] - %profile%\extensions\[email protected] . - - - - ORPHANS REMOVED - - - - . Wow6432Node-HKCU-Run-MousePolicyPolicy - c:\programdata\MousePolicyPolicy.dll Wow6432Node-HKCU-Run-Mozilla Update - c:\users\yin\AppData\Local\Installer4632\Installer4632Update\Installer4632updt32.DLL HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] Denied: (A 2) (Everyone) ="FlashBroker" "LocalizedString"="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] ="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] ="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] Denied: (A 2) (Everyone) ="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] ="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] ="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] ="ShockwaveFlash.ShockwaveFlash.10" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] ="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] ="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] ="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] ="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] Denied: (A 2) (Everyone) ="Macromedia Flash FACTORY Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] ="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] ="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] ="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] ="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] ="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] ="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] Denied: (A 2) (Everyone) ="IFlashBroker4" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] ="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] ="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] Denied: (Full) (Everyone) . ------------------------ Other Running Processes ------------------------ . c:\program files (x86)\Bonjour\mDNSResponder.exe c:\windows\SysWOW64\ezSharedSvcHost.exe c:\program files (x86)\F-Secure\Anti-Virus\fsgk32st.exe c:\program files (x86)\F-Secure\Common\FSMA32.EXE c:\program files (x86)\F-Secure\Anti-Virus\FSGK32.EXE c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe c:\program files (x86)\F-Secure\Anti-Virus\fssm32.exe c:\program files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe c:\program files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe c:\program files (x86)\F-Secure\common\FSLAUNCH.EXE . *********************************************************************** . Completion time: 2011-10-27 11:24:36 - machine was rebooted ComboFix-quarantined-files.txt 2011-10-27 15:24 . Pre-Run: 388,781,756,416 bytes free Post-Run: 388,530,745,344 bytes free . - - End Of File - - 6D9C5D0ADBFFC11BACC6D5776E871A56 Scan for malware Please download Malwarebytes Anti-Malware from Download.CNET.com. Alternate link: BleepingComputer.com. (Note: if you already have the program installed, just follow the directions. No need to re-download or re-install!) Double Click mbam-setup.exe to install the application. (Note: if you already have the program installed, open Malwarebytes from the Start Menu or Desktop shortcut, click the Update tab, and click Check for Updates, before doing the scan as instructed below!) Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish. If an update is found, it will download and install the latest version. Once the program has loaded, select "Perform Quick Scan", then click Scan. The scan may take some time to finish,so please be patient. When the scan is complete, click OK, then Show Results to view the results. Make sure that everything is checked, and click Remove Selected. When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. If you are prompted to restart, please allow it to restart your computer. Failure to do this, will cause the infection to still be active on the computer. Please save the log to a location you will remember. The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM. The log can also be found at C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt Copy and paste the entire report in your next reply. heres my log from malwarebytes: am i ok now??? thanks again Malwarebytes' Anti-Malware 1.51.2.1300 www.malwarebytes.org Database version: 8030 Windows 6.1.7600 Internet Explorer 8.0.7600.16385 10/27/2011 2:20:21 PM mbam-log-2011-10-27 (14-20-21).txt Scan type: Quick scan Objects scanned: 181827 Time elapsed: 2 minute(s), 23 second(s) Memory Processes Infected: 0 Memory MODULES Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) One more scan and I think you'll be good... ESET Online Scan Please run a free online scan with the ESET Online Scanner Tick the box next to YES, I accept the Terms of Use Click Start When asked, allow the ActiveX control to install Click Start Make sure that the options Remove found threats and the option Scan unwanted applications is checked Click Scan (This scan can take several hours, so please be patient) Once the scan is completed, you may close the window Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt** Copy and paste that log as a reply to this topic

Answer»

hi guys,
i'm sure you guys know about this get-answers-fast.com thing, where after a few google searches it jumps to that horrible website.

in my feeble attempt to defend myself, i ran f-secure... (which i'm never really sure if it does anything). nothing was detected.
then i downloaded microsoft security essentials. when i ran a quick scan nothing was detected. when i ran a full scan, it got stuck, and now i can't even cancel it. (i don't know if that is relevant at all)

i know you guys are geniuses... so please tell me what to do.

thank you so much for your time... and your good electronic will.

yinPlease visit this webpage for a tutorial on downloading and running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

See the area: Using ComboFix, and when done, post the log back here.log is as follows... thanks! and i want to share with you a screen shot of some error messages which came up after combofix rebooted (3 errors: 1- there is a problem starting C:\ProgramData\MousePolicyPolicy.dll 2- RECYCLE Bin on C:\ is corrupted Do you wan to empty the Recycle Bin for this drive? 3- There was a problem starting C:\UserszyinzAppData\Local\Installer4632\Installer4632Update\Installer4632updt32.DLL The specified module could not be found

thanksthanksthanks!

ComboFix 11-10-27.05 - yin 10/27/2011 11:08:23.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3894.2171 [GMT -4:00]
Running from: c:\users\yin\Desktop\ComboFix.exe
AV: F-Secure Client Security 9.11 *Disabled/Updated* {15414183-282E-D62C-CA37-EF24860A2F17}
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
FW: F-Secure Client Security 9.11 *Disabled* {2D7AC0A6-6241-D774-E168-461178D9686C}
SP: F-Secure Client Security 9.11 *Disabled/Updated* {AE20A067-0E14-D9A2-F087-D456FD8D65AA}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\autorun.inf
c:\program files\Setup.exe
c:\programdata\MousePolicyPolicy.dll
c:\users\yin\AppData\Local\Installer4632\Installer4632Update\Installer4632updt32.dll
c:\windows\IsUn0804.exe
.
.
((((((((((((((((((((((((( Files Created from 2011-09-27 to 2011-10-27 )))))))))))))))))))))))))))))))
.
.
2011-10-27 15:16 . 2011-10-27 15:16   --------   d-----w-   c:\users\Default\AppData\Local\temp
2011-10-27 14:07 . 2011-10-27 14:07   --------   d-----w-   c:\users\Default\AppData\Local\Microsoft Help
2011-10-27 00:10 . 2011-09-12 21:26   9049936   ----a-w-   c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-10-27 00:09 . 2011-10-27 15:17   69000   ----a-w-   c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F8A45CB0-27D8-4226-9B5A-36007A5A3634}\offreg.dll
2011-10-27 00:09 . 2011-10-07 01:16   8570192   ----a-w-   c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F8A45CB0-27D8-4226-9B5A-36007A5A3634}\mpengine.dll
2011-10-27 00:06 . 2011-10-27 00:05   917840   ------w-   c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{15389EEF-C043-40D1-A8A2-12443A420514}\gapaengine.dll
2011-10-26 23:44 . 2011-10-26 23:44   --------   d-----w-   c:\program files (x86)\Microsoft Security Client
2011-10-26 23:43 . 2011-10-26 23:45   --------   d-----w-   c:\program files\Microsoft Security Client
2011-10-26 23:43 . 2010-04-09 11:06   374664   ----a-w-   c:\windows\system32\drivers\netio.sys
2011-10-26 23:04 . 2011-10-26 23:43   --------   d-----w-   c:\users\yin\AppData\Roaming\GetRightToGo
2011-10-25 21:12 . 2011-10-26 13:03   69000   ----a-w-   c:\programdata\Microsoft\Windows Defender\Definition Updates\{BBBDCD4C-2B17-440D-B994-940C02ED2A8A}\offreg.dll
2011-10-25 21:12 . 2011-10-07 04:16   8570192   ----a-w-   c:\programdata\Microsoft\Windows Defender\Definition Updates\{BBBDCD4C-2B17-440D-B994-940C02ED2A8A}\mpengine.dll
2011-10-24 01:28 . 2011-10-26 04:00   --------   d-----w-   c:\users\yin\AppData\Roaming\FileZilla
2011-10-24 01:28 . 2011-10-24 01:28   --------   d-----w-   c:\program files (x86)\FileZilla FTP Client
2011-10-14 18:11 . 2011-10-14 18:11   --------   d--h--w-   c:\programdata\CanonIJEPPEX2
2011-10-14 18:11 . 2011-10-14 18:11   --------   d--h--w-   c:\programdata\CanonEPP
2011-10-14 18:09 . 2011-10-14 18:09   --------   d-----w-   c:\programdata\Canon IJ Network Tool
2011-10-14 18:09 . 2010-03-18 18:25   307200   ----a-w-   c:\windows\SysWow64\CNC5200L.dll
2011-10-14 18:09 . 2010-03-18 16:11   106496   ----a-w-   c:\windows\SysWow64\CNC5200U.dll
2011-10-14 18:09 . 2008-08-25 17:02   15872   ----a-w-   c:\windows\SysWow64\CNHMCA.dll
2011-10-14 18:07 . 2011-10-14 18:07   --------   d-----w-   c:\programdata\CanonIJMSetup
2011-10-14 18:01 . 2011-10-14 18:01   --------   d-----w-   c:\program files\Common Files\CANON
2011-10-14 18:01 . 2011-10-14 18:01   --------   d-----w-   c:\programdata\CanonIJWSpt
2011-10-14 17:59 . 2011-10-14 17:59   --------   d-----w-   c:\program files\Canon
2011-10-14 17:58 . 2011-10-14 17:58   --------   d--h--w-   c:\programdata\CanonBJ
2011-10-14 17:58 . 2010-04-07 04:00   87040   ----a-w-   c:\windows\system32\Spool\prtprocs\x64\CNMPPAE.DLL
2011-10-14 17:58 . 2010-04-07 04:00   28672   ----a-w-   c:\windows\system32\Spool\prtprocs\x64\CNMPDAE.DLL
2011-10-14 17:58 . 2011-10-14 17:58   --------   d--h--w-   c:\windows\system32\CanonIJ Uninstaller Information
2011-10-14 17:57 . 2010-04-07 04:00   361472   ----a-w-   c:\windows\system32\CNMLMAE.DLL
2011-10-14 17:57 . 2010-03-11 07:57   248320   ----a-w-   c:\windows\system32\CNMIUAE.DLL
2011-10-14 17:57 . 2011-10-14 17:57   --------   d-----w-   c:\windows\system32\STRING
2011-10-14 17:57 . 2010-02-05 09:37   37376   ----a-w-   c:\windows\system32\CNMN6UI.DLL
2011-10-14 17:57 . 2010-02-05 09:37   327680   ----a-w-   c:\windows\system32\CNMN6PPM.DLL
2011-10-14 17:55 . 2011-10-14 18:11   --------   d-----w-   c:\program files (x86)\Canon
2011-10-14 00:53 . 2011-08-20 05:40   1013248   ----a-w-   c:\program files\Internet Explorer\iedvtool.dll
2011-10-14 00:53 . 2011-08-20 04:34   860672   ----a-w-   c:\program files (x86)\Internet Explorer\iedvtool.dll
2011-10-14 00:53 . 2011-08-20 05:45   1197568   ----a-w-   c:\windows\system32\wininet.dll
2011-10-14 00:51 . 2011-08-17 05:32   613888   ----a-w-   c:\windows\system32\psisdecd.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-08-17 10:22 . 2011-07-04 12:37   42672   ----a-w-   c:\windows\SysWow64\drivers\fsbts.sys
2011-02-23 01:55 . 2011-02-23 01:54   4772720   ----a-w-   c:\program files\BitTorrent-7.2.exe
2010-02-23 09:49 . 2011-06-26 23:03   549216   ----a-w-   c:\program files\AecSetup.dll
2010-02-10 00:16 . 2011-06-26 23:03   1049312   ----a-w-   c:\program files\PatchMgr.dll
2010-02-10 00:16 . 2011-06-26 23:03   47328   ----a-w-   c:\program files\AcSetup.dll
2010-01-14 14:40 . 2011-06-26 23:03   704360   ----a-w-   c:\program files\SetupAcadUi.dll
2010-01-14 14:40 . 2011-06-26 23:03   693096   ----a-w-   c:\program files\SetupUi.dll
2010-01-14 14:40 . 2011-06-26 23:03   108392   ----a-w-   c:\program files\LiteHtml.dll
2010-01-14 14:40 . 2011-06-26 23:03   544616   ----a-w-   c:\program files\DeployUi.dll
2010-01-14 14:40 . 2011-06-26 23:03   85352   ----a-w-   c:\program files\CIPUtil.dll
2010-01-14 14:40 . 2011-06-26 23:02   161640   ----a-w-   c:\program files\AcDelTree.exe
2010-01-14 14:37 . 2011-06-26 23:03   319248   ----a-w-   c:\program files\UPI.dll
2010-01-14 14:36 . 2011-06-26 23:03   375128   ----a-w-   c:\program files\MC3Res.dll
2010-01-14 14:36 . 2011-06-26 23:03   1764696   ----a-w-   c:\program files\MC3.dll
2010-01-14 14:36 . 2011-06-26 23:03   190688   ----a-w-   c:\program files\senddmp.exe
2009-11-19 23:07 . 2011-06-26 23:03   189800   ----a-w-   c:\program files\adlmutil.dll
2009-11-19 23:07 . 2011-06-26 23:03   1274728   ----a-w-   c:\program files\adlmPIT.dll
2009-10-29 04:18 . 2011-06-26 23:03   653120   ----a-w-   c:\program files\msvcr90.dll
2009-10-29 04:18 . 2011-06-26 23:03   569664   ----a-w-   c:\program files\msvcp90.dll
2009-10-29 04:18 . 2011-06-26 23:03   225280   ----a-w-   c:\program files\msvcm90.dll
2009-09-10 02:57 . 2009-09-10 02:57   289830672   ------w-   c:\program files\Setup Prerequisites 08.11.07.03_en.exe
2009-06-08 01:37 . 2011-06-26 23:03   3783672   ----a-w-   c:\program files\mfc90u.dll
2008-05-05 19:55 . 2011-06-26 23:03   319248   ----a-w-   c:\program files\UPI32.dll
2008-04-10 11:31 . 2011-06-26 23:03   1835888   ----a-r-   c:\program files\xerces-c_2_8_AEC.dll
2004-05-04 14:53 . 2011-06-26 23:03   1645320   ----a-w-   c:\program files\gdiplus.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2011-06-15 15141768]
"AdobeUpdater"="c:\program files (x86)\Common Files\Adobe\Updater5\AdobeUpdater.exe" [2011-02-16 2356088]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2010-04-13 284696]
"HP Quick Launch"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2010-07-02 602680]
"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2007-05-10 624248]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"F-Secure Manager"="c:\program files (x86)\F-Secure\Common\FSM32.EXE" [2011-05-19 302832]
"F-Secure TNB"="c:\program files (x86)\F-Secure\FSGUI\TNBUtil.exe" [2011-05-19 1654512]
"CanonSolutionMenuEx"="c:\program files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE" [2010-04-02 1185112]
"IJNetworkScanUtility"="c:\program files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe" [2010-03-02 140640]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"EnableShellExecuteHooks"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages   REG_MULTI_SZ     kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
="Service"
.
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-02-10 136176]
R2 HP Wireless Assistant Service;HP Wireless Assistant Service;c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-06-18 103992]
R2 RtVOsdService;RtVOsdService Installer;c:\program files\Realtek\RtVOsd\RtVOsdService.exe [2010-06-17 315392]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2011-06-27 1436424]
R3 FSORSPClient;F-Secure ORSP Client;c:\program files (x86)\F-Secure\ORSP Client\fsorsp.exe [2011-07-06 61088]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-02-10 136176]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys

R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows VISTA 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys

R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys

R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 288272]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2009-09-23 225280]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys

R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS

R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS

R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe

R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys

S1 F-Secure HIPS;F-Secure HIPS Driver;c:\program files (x86)\F-Secure\HIPS\drivers\fshs.sys [2011-05-19 61008]
S1 FSES;F-Secure Email Scanning Driver;c:\windows\system32\drivers\fses.sys

S1 FSFW;F-Secure Firewall Driver;c:\windows\system32\drivers\fsdfw.sys

S1 fsvista;F-Secure Vista Support Driver;c:\program files (x86)\F-Secure\Anti-Virus\minifilter\fsvista.sys [2011-05-19 15856]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys

S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [2009-11-18 98208]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 27136]
S2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-07-02 27192]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-04-13 13336]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-03-18 2320920]
S3 F-Secure Gatekeeper;F-Secure Gatekeeper;c:\program files (x86)\F-Secure\Anti-Virus\minifilter\fsgk.sys [2011-09-08 198808]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys

S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys

S3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys

S3 WSDScan;WSD Scan Support via UMB;c:\windows\system32\DRIVERS\WSDScan.sys

.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
Contents of the 'Scheduled Tasks' folder
.
2011-10-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-02-10 01:37]
.
2011-10-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-02-10 01:37]
.
2011-10-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-71440679-69947657-1278906953-1000Core.job
- c:\users\yin\AppData\Local\Google\Update\GoogleUpdate.exe [2011-02-08 01:06]
.
2011-10-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-71440679-69947657-1278906953-1000UA.job
- c:\users\yin\AppData\Local\Google\Update\GoogleUpdate.exe [2011-02-08 01:06]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2010-03-13 6234144]
"HPWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe" [2010-06-18 8192]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-25 161304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-25 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-25 415256]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2010-03-25 2726728]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 1436736]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uStart Page = https://login.live.com/login.srf?cbcxt=out&vv=900&wa=wsignin1.0&wtrealm=urn:federation:MicrosoftOnline&wctx=wa%3Dwsignin1.0%26rpsnv%3D2%26ct%3D1298333514%26rver%3D6.1.6206.0%26wp%3DMBI_KEY%26wreply%3Dhttps:%252F%252Fwww.outlook.com%252Fowa%252F%26id%3D260563%26CBCXT%3Dout
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Append to existing PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~3\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\yin\AppData\Roaming\Mozilla\Firefox\Profiles\k1t56s8f.default\
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Browsing Protection: [email protected] - c:\program files (x86)\F-Secure\NRS\[email protected]
FF - Ext: Ovi Maps 3D browser plugin: [email protected] - %profile%\extensions\[email protected]
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKCU-Run-MousePolicyPolicy - c:\programdata\MousePolicyPolicy.dll
Wow6432Node-HKCU-Run-Mozilla Update - c:\users\yin\AppData\Local\Installer4632\Installer4632Update\Installer4632updt32.DLL
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
Denied: (A 2) (Everyone)
="FlashBroker"
"LocalizedString"="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
Denied: (A 2) (Everyone)
="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
Denied: (A 2) (Everyone)
="Macromedia Flash FACTORY Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
Denied: (A 2) (Everyone)
="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Bonjour\mDNSResponder.exe
c:\windows\SysWOW64\ezSharedSvcHost.exe
c:\program files (x86)\F-Secure\Anti-Virus\fsgk32st.exe
c:\program files (x86)\F-Secure\Common\FSMA32.EXE
c:\program files (x86)\F-Secure\Anti-Virus\FSGK32.EXE
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
c:\program files (x86)\F-Secure\Anti-Virus\fssm32.exe
c:\program files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
c:\program files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
c:\program files (x86)\F-Secure\common\FSLAUNCH.EXE
.
**************************************************************************
.
Completion time: 2011-10-27 11:24:36 - machine was rebooted
ComboFix-quarantined-files.txt 2011-10-27 15:24
.
Pre-Run: 388,781,756,416 bytes free
Post-Run: 388,530,745,344 bytes free
.
- - End Of File - - 6D9C5D0ADBFFC11BACC6D5776E871A56
Scan for malware

Please download Malwarebytes Anti-Malware from Download.CNET.com.
Alternate link: BleepingComputer.com.
(Note: if you already have the program installed, just follow the directions. No need to re-download or re-install!)

Double Click mbam-setup.exe to install the application.

(Note: if you already have the program installed, open Malwarebytes from the Start Menu or Desktop shortcut, click the Update tab, and click Check for Updates, before doing the scan as instructed below!)

Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "Perform Quick Scan", then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. If you are prompted to restart, please allow it to restart your computer. Failure to do this, will cause the infection to still be active on the computer.
Please save the log to a location you will remember.
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
The log can also be found at C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt
Copy and paste the entire report in your next reply.

heres my log from malwarebytes: am i ok now???
thanks again

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 8030

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

10/27/2011 2:20:21 PM
mbam-log-2011-10-27 (14-20-21).txt

Scan type: Quick scan
Objects scanned: 181827
Time elapsed: 2 minute(s), 23 second(s)

Memory Processes Infected: 0
Memory MODULES Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
One more scan and I think you'll be good...

ESET Online Scan

Please run a free online scan with the ESET Online Scanner

Tick the box next to YES, I accept the Terms of Use
Click Start
When asked, allow the ActiveX control to install
Click Start
Make sure that the options Remove found threats and the option Scan unwanted applications is checked
Click Scan (This scan can take several hours, so please be patient)
Once the scan is completed, you may close the window
Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
Copy and paste that log as a reply to this topic

Solve : get answers fast!!!?

Discussion

No Comment Found

Related InterviewSolutions

Reply to Comment