InterviewSolution
Saved Bookmarks
InterviewSolution
| 1. |
Solve : "your system is infected" virus and also 'windows cannot access specified..'? |
|
Answer» I don't know if it would've actually affected Combofix or not, but I wasn't able to really disable AVG. I tried following the appropriate steps but it wouldn't let me disable anything. So I tried uninstalling it but that just failed multiple times. So I tried just deleting it which didn't quite work either (1 file wasn't able to be deleted). Just thought I'd add that incase it was important.You have Viewpoint installed.
Download Security Check by screen317 from one of the following links and save it to your desktop. Link 1 Link 2 * Unzip SecurityCheck.zip and a folder named Security Check should appear. * Open the Security Check folder and double-click Security Check.bat * Follow the on-screen instructions inside of the BLACK box. * A Notepad document should open automatically called checkup.txt * Post the contents of that document in your next reply. Note: If a security program requests permission from dig.exe to access the Internet, allow it to do so. ********************************** Please try running SuperAntiSpyware and MalwareBytes-Antimalware and post the logs if you're successful.Combo fix log: ComboFix 10-10-21.05 - Ryan 23/10/2010 12:33:02.4.2 - x86 Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.64.1033.18.1982.1082 [GMT 13:00] Running from: c:\users\Ryan\Desktop\commy.exe Command switches used :: c:\users\Ryan\Desktop\CFScript.txt AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF} SP: AVG Anti-Virus Free *enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF} SP: Spybot - Search and Destroy *disabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9} SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46} . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Service_DFBCFDBA ((((((((((((((((((((((((( Files Created from 2010-09-22 to 2010-10-22 ))))))))))))))))))))))))))))))) . 2010-10-22 23:47 . 2010-10-22 23:54 -------- d-----w- c:\users\Ryan\AppData\Local\temp 2010-10-22 23:47 . 2010-10-22 23:47 -------- d-----w- c:\users\Public\AppData\Local\temp 2010-10-22 23:47 . 2010-10-22 23:47 -------- d-----w- c:\users\Guest\AppData\Local\temp 2010-10-22 23:47 . 2010-10-22 23:47 -------- d-----w- c:\users\Guest(56)\AppData\Local\temp 2010-10-22 23:47 . 2010-10-22 23:47 -------- d-----w- c:\users\Default\AppData\Local\temp 2010-10-22 23:26 . 2010-10-22 23:29 -------- dc----r- C:\32788R22FWJFW 2010-10-22 08:08 . 2010-10-07 23:21 6146896 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{A15205D0-8851-4AAD-B675-A6BFC9825264}\mpengine.dll 2010-10-18 02:01 . 2010-04-29 02:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-10-18 02:01 . 2010-04-29 02:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-10-17 08:31 . 2010-10-17 08:41 11952 ----a-w- c:\windows\system32\avgrsstx.dll 2010-10-17 08:31 . 2010-10-17 08:41 335240 ----a-w- c:\windows\system32\drivers\avgldx86.sys 2010-10-17 08:30 . 2010-10-17 08:41 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys 2010-10-17 08:30 . 2010-10-17 08:43 -------- d-----w- c:\windows\system32\drivers\Avg 2010-10-15 09:47 . 2010-09-13 13:56 168960 ----a-w- c:\program files\Windows Media Player\wmplayer.exe 2010-10-15 09:47 . 2010-09-13 13:56 8147456 ----a-w- c:\windows\system32\wmploc.DLL 2010-10-15 09:47 . 2010-09-06 16:20 125952 ----a-w- c:\windows\system32\srvsvc.dll 2010-10-15 09:47 . 2010-09-06 13:45 304128 ----a-w- c:\windows\system32\drivers\srv.sys 2010-10-15 09:47 . 2010-09-06 13:45 145408 ----a-w- c:\windows\system32\drivers\srv2.sys 2010-10-15 09:47 . 2010-09-06 13:45 102400 ----a-w- c:\windows\system32\drivers\srvnet.sys 2010-10-15 09:47 . 2010-09-06 16:19 17920 ----a-w- c:\windows\system32\netevent.dll 2010-10-14 10:29 . 2010-10-14 10:29 -------- d-----w- c:\program files\Trend Micro 2010-10-10 02:38 . 2010-10-10 02:38 -------- d-----w- c:\program files\Giant Crocodile 2010-10-08 08:58 . 2010-10-08 08:58 -------- dc----w- C:\$AVG 2010-10-08 06:08 . 2010-10-08 06:08 -------- dc----w- C:\AVG10 2010-10-08 06:06 . 2010-10-08 06:06 -------- d--h--w- c:\programdata\Common Files 2010-10-08 06:03 . 2010-10-14 08:43 -------- d-----w- c:\programdata\AVG10 2010-10-08 05:51 . 2010-10-08 06:01 -------- d-----w- c:\programdata\MFAData 2010-10-08 05:39 . 2010-10-18 19:05 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-09-30 08:28 . 2010-09-30 08:28 -------- d-----w- c:\windows\Profiles 2010-09-29 07:54 . 2010-06-22 13:30 2048 ----a-w- c:\windows\system32\tzres.dll 2010-09-28 11:31 . 2010-09-28 11:31 -------- d-----w- c:\program files\iPod 2010-09-28 11:24 . 2010-09-28 11:24 -------- d-----w- c:\program files\Bonjour . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-10-18 22:41 . 2010-02-11 13:33 222080 ------w- c:\windows\system32\MpSigStub.exe 2010-09-13 03:27 . 2010-09-13 03:27 25680 ----a-w- c:\windows\system32\drivers\AVGIDSEH.sys 2010-09-07 22:17 . 2010-09-07 22:17 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx 2010-09-07 22:17 . 2010-09-07 22:17 69632 ----a-w- c:\windows\system32\QuickTime.qts 2010-08-17 14:11 . 2010-09-16 08:10 128000 ----a-w- c:\windows\system32\spoolsv.exe 2010-07-27 05:44 . 2010-07-27 05:44 91424 ----a-w- c:\windows\system32\dnssd.dll 2010-07-27 05:44 . 2010-07-27 05:44 107808 ----a-w- c:\windows\system32\dns-sd.exe 2009-01-27 01:34 . 2009-01-27 01:34 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll 2009-01-27 01:34 . 2009-01-27 01:34 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll 2007-08-25 01:52 . 2008-06-05 11:59 300400 ----a-w- c:\program files\mozilla firefox\components\coFFPlgn.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856] "SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Apoint"="c:\program files\Apoint2K\Apoint.exe" [2007-07-09 159744] "QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2007-10-01 181544] "QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-09-19 202032] "OnScreenDisplay"="c:\program files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe" [2007-09-04 554320] "UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2007-08-17 218408] "Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184] "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-12-10 49152] "hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-09-13 480560] "WAWifiMessage"="c:\program files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2007-01-08 311296] "IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2007-02-05 849280] "WinampAgent"="c:\program files\Winamp\winampa.exe" [2008-08-03 36352] "AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-03-16 47392] "VirtualCloneDrive"="c:\program files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2009-01-29 52392] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-06-23 13601312] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-06-23 92704] "Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-06 57344] "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-03-24 202256] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-17 248040] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-09-07 421888] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-09-23 421160] "Malwarebytes Anti-Malware (rootkit-scan)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-04-29 1090952] c:\users\Ryan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680] c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-1-2 210520] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=c:\windows\System32\avgrsstx.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "aux"=wdmaud.drv [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] ="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend] ="Service" [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 R0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys R0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2009-08-10 133104] R2 Nakido;Nakido;c:\program files\Nakido\nakido.exe R3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\System32\DRIVERS\ASPI32.sys [2002-07-17 84832] R3 cxru92a1;Virtual Bus for Microsoft ACPI-Compliant System; R3 iscFlash;iscFlash;c:\swsetup\sp42533\iscflash.sys [2008-08-05 11520] R3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys R3 WPFFontCache_v0400;Windows Presentation FOUNDATION Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504] R4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys [2008-04-29 717296] S0 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\AVGIDSEH.Sys [2010-09-13 25680] S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\Drivers\avgldx86.sys [2010-10-17 335240] S2 Application Updater;Application Updater;c:\program files\Application Updater\ApplicationUpdater.exe [2009-12-16 375296] S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 HPService REG_MULTI_SZ HPSLPSVC hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache . Contents of the 'Scheduled Tasks' folder 2010-10-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-08-10 23:39] 2010-10-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-08-10 23:39] 2010-10-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-753018427-1233051673-1299658189-1003Core.job - c:\users\Ryan\AppData\Local\Google\Update\GoogleUpdate.exe [2010-04-10 04:59] 2010-10-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-753018427-1233051673-1299658189-1003UA.job - c:\users\Ryan\AppData\Local\Google\Update\GoogleUpdate.exe [2010-04-10 04:59] . . ------- Supplementary Scan ------- . uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_nz&c=81&bd=Presario&pf=laptop mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_nz&c=81&bd=Presario&pf=laptop uInternet Settings,ProxyServer = proxy.student.otago.ac.nz:3128 uInternet Settings,ProxyOverride = IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 DPF: {32C3FEAE-0877-4767-8C20-62A5829A0945} - hxxp://static.ak.facebook.com/fbplugin/win32/axfbootloader.cab FF - ProfilePath - c:\users\Ryan\AppData\Roaming\Mozilla\Firefox\Profiles\5isep8bi.default\ FF - component: c:\programdata\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\components\nprpffbrowserrecordext.dll FF - component: c:\users\Ryan\AppData\Roaming\Mozilla\Firefox\Profiles\5isep8bi.default\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}\components\IBitCometExtension.dll FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll FF - plugin: c:\program files\Google\Update\1.2.183.39\npGoogleOneClick8.dll FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll FF - plugin: c:\programdata\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ . . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'Explorer.exe'(6024) c:\program files\Nokia\Nokia PC Suite 6\phonebrowser.dll c:\program files\Nokia\Nokia PC Suite 6\PCSCM.dll c:\program files\Nokia\Nokia PC Suite 6\Lang\PhoneBrowser_eng-us.nlr c:\program files\Nokia\Nokia PC Suite 6\Resource\PhoneBrowser_Nokia.ngr . ------------------------ Other Running Processes ------------------------ . c:\windows\system32\nvvsvc.exe c:\windows\system32\WLANExt.exe c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\program files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe c:\program files\Bonjour\mDNSResponder.exe c:\program files\CyberLink\Shared Files\RichVideo.exe c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE c:\windows\system32\DRIVERS\xaudio.exe c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe c:\windows\system32\rundll32.exe c:\windows\System32\rundll32.exe c:\program files\Windows Media Player\wmpnscfg.exe c:\program files\Hewlett-Packard\HP Health Check\hphc_service.exe c:\program files\Apoint2K\ApMsgFwd.exe c:\program files\Apoint2K\Apntex.exe c:\program files\Windows Media Player\wmpnetwk.exe c:\program files\Hewlett-Packard\Shared\HpqToaster.exe c:\program files\iPod\bin\iPodService.exe . ************************************************************************** . Completion time: 2010-10-23 13:02:20 - machine was rebooted ComboFix-quarantined-files.txt 2010-10-23 00:02 ComboFix2.txt 2010-10-22 11:35 Pre-Run: 2,451,070,976 bytes free Post-Run: 2,405,908,480 bytes free - - End Of File - - 07875887ABC7EAB551A8CE336F04D7D3 security check log: Results of screen317's Security Check version 0.99.5 Windows Vista Service Pack 2 (UAC is disabled!) Internet Explorer 7 Out of date! `````````````````````````````` Antivirus/Firewall Check: Windows Firewall Disabled! Antivirus 2010 Antivirus up to date! ``````````````````````````````` Anti-malware/Other Utilities Check: Malwarebytes' Anti-Malware HijackThis 2.0.2 CCleaner Java(TM) 6 Update 19 Out of date Java installed! Adobe Flash Player 10.0.45.2 Adobe Reader 9.3.4 ```````````````````````````````` Process Check: objlist.exe by Laurent Windows Defender MSASCui.exe Spybot Teatimer.exe is disabled! Microsoft Small Business Business Contact Manager BcmSqlStartupSvc.exe ```````````````````````````````` DNS Vulnerability Check: ``````````End of Log```````````` Update Your Java (JRE) Old versions of Java have vulnerabilities that malware can use to infect your system. First Verify your Java Version If there are any other version(s) installed then update now. Get the new version (if needed) If your version is out of date install the newest version of the Sun Java Runtime Environment. Note: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update. Be sure to close ALL open web browsers before starting the installation. Remove any old versions 1. Download JavaRa and unzip the file to your Desktop. 2. Open JavaRA.exe and choose Remove Older Versions 3. Once complete exit JavaRA. 4. Run CCleaner. Additional Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. To disable the JQS service if you don't want to use it, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and reboot your computer. Were you able to run SAS and MBAM?Ok so I updated Java, and I was indeed able to run SAS and MBAM. Here are the logs: MBAM: Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Database version: 4052 Windows 6.0.6002 Service Pack 2 Internet Explorer 7.0.6002.18005 24/10/2010 5:37:04 p.m. mbam-log-2010-10-24 (17-37-04).txt Scan type: Full scan (C:\|D:\|) Objects scanned: 388506 Time elapsed: 2 hour(s), 3 minute(s), 7 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 1 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: C:\Users\Ryan\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Antivirus.lnk (Rogue.AntiVirus) -> Quarantined and deleted successfully. SAS: SUPERAntiSpyware Scan Log http://www.superantispyware.com Generated 10/25/2010 at 03:32 AM Application Version : 4.44.1000 Core Rules Database Version : 5610 Trace Rules Database Version: 3422 Scan type : Complete Scan Total Scan Time : 04:20:54 Memory items scanned : 694 Memory threats detected : 0 Registry items scanned : 10461 Registry threats detected : 0 File items scanned : 246934 File threats detected : 165 Adware.Tracking Cookie C:\Users\Ryan\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt C:\Users\Ryan\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt C:\Users\Ryan\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt C:\Users\Ryan\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt C:\Users\Ryan\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt C:\Users\Ryan\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt C:\Users\Ryan\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt C:\Users\Ryan\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt C:\Users\Ryan\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt C:\Users\Ryan\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt C:\Users\Ryan\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt C:\Users\Ryan\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt C:\Users\Ryan\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt C:\Users\Ryan\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt C:\Users\Ryan\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt C:\Users\Ryan\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt C:\Users\Ryan\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt C:\Users\Ryan\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt C:\Users\Ryan\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt C:\Users\Ryan\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt C:\Users\Ryan\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt C:\Users\Ryan\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt C:\Users\Ryan\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt C:\Users\Ryan\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt C:\Users\Ryan\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt C:\Users\Ryan\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt C:\Users\Ryan\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][3].txt C:\Users\Ryan\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt C:\Users\Ryan\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt C:\Users\Ryan\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt C:\Users\Ryan\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt C:\Users\Ryan\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt C:\Users\Ryan\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt C:\Users\Ryan\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt C:\Users\Ryan\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt C:\Users\Ryan\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt C:\Users\Ryan\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt C:\Users\Ryan\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt C:\Users\Ryan\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt C:\Users\Ryan\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt C:\Users\Ryan\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt C:\Users\Ryan\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt C:\Users\Ryan\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt C:\Users\Ryan\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt C:\Users\Ryan\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt C:\Users\Ryan\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt C:\Users\Ryan\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt C:\Users\Ryan\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt C:\Users\Ryan\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt C:\Users\Ryan\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt C:\Users\Ryan\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt C:\Users\Ryan\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt C:\Users\Ryan\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt C:\Users\Ryan\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt acvs.mediaonenetwork.net [ C:\Users\Guest(56)\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\4JC7KVSW ] C:\Users\Guest(56)\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt C:\Users\Guest(56)\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt C:\Users\Guest(56)\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt C:\Users\Guest(56)\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt .peertracking.com [ C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Cookies ] .peertracking.com [ C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Cookies ] .peertracking.com [ C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Cookies ] .*adult URL* [ C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Cookies ] .*adult URL* [ C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Cookies ] .*adult URL* [ C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Cookies ] .*adult URL* [ C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Cookies ] .*adult URL* [ C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Cookies ] .*adult URL* [ C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Cookies ] .*adult URL* [ C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Cookies ] .*adult URL* [ C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Cookies ] .*adult URL* [ C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Cookies ] .*adult URL* [ C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Cookies ] .doubleclick.net [ C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Cookies ] .atdmt.com [ C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Cookies ] .atdmt.com [ C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Cookies ] .imrworldwide.com [ C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Cookies ] .msnportal.112.2o7.net [ C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Cookies ] .imrworldwide.com [ C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Cookies ] .bs.serving-sys.com [ C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Cookies ] .serving-sys.com [ C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Cookies ] .serving-sys.com [ C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Cookies ] .serving-sys.com [ C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Cookies ] .serving-sys.com [ C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Cookies ] .serving-sys.com [ C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Cookies ] .serving-sys.com [ C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Cookies ] .serving-sys.com [ C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Cookies ] acvs.mediaonenetwork.net [ C:\Users\Ryan\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\ZAKAE62E ] api.firestormmedia.tv [ C:\Users\Ryan\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\ZAKAE62E ] banners.securedataimages.com [ C:\Users\Ryan\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\ZAKAE62E ] cdn2.themis-media.com [ C:\Users\Ryan\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\ZAKAE62E ] cdn4.specificclick.net [ C:\Users\Ryan\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\ZAKAE62E ] content.oddcast.com [ C:\Users\Ryan\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\ZAKAE62E ] core.insightexpressai.com [ C:\Users\Ryan\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\ZAKAE62E ] i.*adult URL* [ C:\Users\Ryan\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\ZAKAE62E ] ia.media-imdb.com [ C:\Users\Ryan\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\ZAKAE62E ] ictv-ic-ec.indieclicktv.com [ C:\Users\Ryan\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\ZAKAE62E ] indieclick.3janecdn.com [ C:\Users\Ryan\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\ZAKAE62E ] media.kyte.tv [ C:\Users\Ryan\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\ZAKAE62E ] media.mtvnservices.com [ C:\Users\Ryan\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\ZAKAE62E ] media.scanscout.com [ C:\Users\Ryan\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\ZAKAE62E ] media.socialvibe.com [ C:\Users\Ryan\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\ZAKAE62E ] media1.break.com [ C:\Users\Ryan\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\ZAKAE62E ] movies.hdteenmovs.com [ C:\Users\Ryan\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\ZAKAE62E ] msnbcmedia.msn.com [ C:\Users\Ryan\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\ZAKAE62E ] naiadsystems.com [ C:\Users\Ryan\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\ZAKAE62E ] objects.tremormedia.com [ C:\Users\Ryan\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\ZAKAE62E ] rmd.atdmt.com [ C:\Users\Ryan\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\ZAKAE62E ] s0.2mdn.net [ C:\Users\Ryan\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\ZAKAE62E ] secure-us.imrworldwide.com [ C:\Users\Ryan\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\ZAKAE62E ] www.naiadsystems.com [ C:\Users\Ryan\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\ZAKAE62E ] C:\Users\Ryan\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt C:\Users\Ryan\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt C:\Users\Ryan\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt C:\Users\Ryan\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt C:\Users\Ryan\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt C:\Users\Ryan\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt C:\Users\Ryan\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt C:\Users\Ryan\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt C:\Users\Ryan\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt C:\Users\Ryan\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt .warez-bb.org [ C:\Users\Ryan\AppData\Roaming\Mozilla\Firefox\Profiles\5isep8bi.default\cookies.sqlite ] .warez-bb.org [ C:\Users\Ryan\AppData\Roaming\Mozilla\Firefox\Profiles\5isep8bi.default\cookies.sqlite ] www.warez-bb.org [ C:\Users\Ryan\AppData\Roaming\Mozilla\Firefox\Profiles\5isep8bi.default\cookies.sqlite ] .kontera.com [ C:\Users\Ryan\AppData\Roaming\Mozilla\Firefox\Profiles\5isep8bi.default\cookies.sqlite ] .kontera.com [ C:\Users\Ryan\AppData\Roaming\Mozilla\Firefox\Profiles\5isep8bi.default\cookies.sqlite ] .kontera.com [ C:\Users\Ryan\AppData\Roaming\Mozilla\Firefox\Profiles\5isep8bi.default\cookies.sqlite ] .kontera.com [ C:\Users\Ryan\AppData\Roaming\Mozilla\Firefox\Profiles\5isep8bi.default\cookies.sqlite ] .mediaonenetwork.net [ C:\Users\Ryan\AppData\Roaming\Mozilla\Firefox\Profiles\5isep8bi.default\cookies.sqlite ] .collective-media.net [ C:\Users\Ryan\AppData\Roaming\Mozilla\Firefox\Profiles\5isep8bi.default\cookies.sqlite ] d.mediadakine.com [ C:\Users\Ryan\AppData\Roaming\Mozilla\Firefox\Profiles\5isep8bi.default\cookies.sqlite ] .mediadakine.com [ C:\Users\Ryan\AppData\Roaming\Mozilla\Firefox\Profiles\5isep8bi.default\cookies.sqlite ] .clicksor.com [ C:\Users\Ryan\AppData\Roaming\Mozilla\Firefox\Profiles\5isep8bi.default\cookies.sqlite ] .clicksor.com [ C:\Users\Ryan\AppData\Roaming\Mozilla\Firefox\Profiles\5isep8bi.default\cookies.sqlite ] .clicksor.com [ C:\Users\Ryan\AppData\Roaming\Mozilla\Firefox\Profiles\5isep8bi.default\cookies.sqlite ] .clicksor.com [ C:\Users\Ryan\AppData\Roaming\Mozilla\Firefox\Profiles\5isep8bi.default\cookies.sqlite ] .clicksor.com [ C:\Users\Ryan\AppData\Roaming\Mozilla\Firefox\Profiles\5isep8bi.default\cookies.sqlite ] d.mediadakine.com [ C:\Users\Ryan\AppData\Roaming\Mozilla\Firefox\Profiles\5isep8bi.default\cookies.sqlite ] imagevenue.advertserve.com [ C:\Users\Ryan\AppData\Roaming\Mozilla\Firefox\Profiles\5isep8bi.default\cookies.sqlite ] imagevenue.advertserve.com [ C:\Users\Ryan\AppData\Roaming\Mozilla\Firefox\Profiles\5isep8bi.default\cookies.sqlite ] .ero-advertising.com [ C:\Users\Ryan\AppData\Roaming\Mozilla\Firefox\Profiles\5isep8bi.default\cookies.sqlite ] d.mediadakine.com [ C:\Users\Ryan\AppData\Roaming\Mozilla\Firefox\Profiles\5isep8bi.default\cookies.sqlite ] .microsoftsto.112.2o7.net [ C:\Users\Ryan\AppData\Roaming\Mozilla\Firefox\Profiles\5isep8bi.default\cookies.sqlite ] .invitemedia.com [ C:\Users\Ryan\AppData\Roaming\Mozilla\Firefox\Profiles\5isep8bi.default\cookies.sqlite ] .invitemedia.com [ C:\Users\Ryan\AppData\Roaming\Mozilla\Firefox\Profiles\5isep8bi.default\cookies.sqlite ] .interclick.com [ C:\Users\Ryan\AppData\Roaming\Mozilla\Firefox\Profiles\5isep8bi.default\cookies.sqlite ] .interclick.com [ C:\Users\Ryan\AppData\Roaming\Mozilla\Firefox\Profiles\5isep8bi.default\cookies.sqlite ] .interclick.com [ C:\Users\Ryan\AppData\Roaming\Mozilla\Firefox\Profiles\5isep8bi.default\cookies.sqlite ] .invitemedia.com [ C:\Users\Ryan\AppData\Roaming\Mozilla\Firefox\Profiles\5isep8bi.default\cookies.sqlite ] .*adult URL* [ C:\Users\Ryan\AppData\Roaming\Mozilla\Firefox\Profiles\5isep8bi.default\cookies.sqlite ] .server.cpmstar.com [ C:\Users\Ryan\AppData\Roaming\Mozilla\Firefox\Profiles\5isep8bi.default\cookies.sqlite ] .server.cpmstar.com [ C:\Users\Ryan\AppData\Roaming\Mozilla\Firefox\Profiles\5isep8bi.default\cookies.sqlite ] .server.cpmstar.com [ C:\Users\Ryan\AppData\Roaming\Mozilla\Firefox\Profiles\5isep8bi.default\cookies.sqlite ] .server.cpmstar.com [ C:\Users\Ryan\AppData\Roaming\Mozilla\Firefox\Profiles\5isep8bi.default\cookies.sqlite ] .content.yieldmanager.com [ C:\Users\Ryan\AppData\Roaming\Mozilla\Firefox\Profiles\5isep8bi.default\cookies.sqlite ] *Blocked Russian URL* [ C:\Users\Ryan\AppData\Roaming\Mozilla\Firefox\Profiles\5isep8bi.default\cookies.sqlite ] dc.tremormedia.com [ C:\Users\Ryan\AppData\Roaming\Mozilla\Firefox\Profiles\5isep8bi.default\cookies.sqlite ] .adserver.adtechus.com [ C:\Users\Ryan\AppData\Roaming\Mozilla\Firefox\Profiles\5isep8bi.default\cookies.sqlite ] rts.pgmediaserve.com [ C:\Users\Ryan\AppData\Roaming\Mozilla\Firefox\Profiles\5isep8bi.default\cookies.sqlite ] rts.pgmediaserve.com [ C:\Users\Ryan\AppData\Roaming\Mozilla\Firefox\Profiles\5isep8bi.default\cookies.sqlite ] rts.pgmediaserve.com [ C:\Users\Ryan\AppData\Roaming\Mozilla\Firefox\Profiles\5isep8bi.default\cookies.sqlite ] .partypoker.com [ C:\Users\Ryan\AppData\Roaming\Mozilla\Firefox\Profiles\5isep8bi.default\cookies.sqlite ] .partypoker.com [ C:\Users\Ryan\AppData\Roaming\Mozilla\Firefox\Profiles\5isep8bi.default\cookies.sqlite ] .partypoker.com [ C:\Users\Ryan\AppData\Roaming\Mozilla\Firefox\Profiles\5isep8bi.default\cookies.sqlite ] .content.yieldmanager.com [ C:\Users\Ryan\AppData\Roaming\Mozilla\Firefox\Profiles\5isep8bi.default\cookies.sqlite ] .partypoker.com [ C:\Users\Ryan\AppData\Roaming\Mozilla\Firefox\Profiles\5isep8bi.default\cookies.sqlite ] Please download ComboFix from BleepingComputer.com Alternate link: GeeksToGo.com Rename ComboFix.exe to commy.exe before you save it to your Desktop Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools A guide to do this can be found here Click Start then copy paste the following command into the search box & hit enter: "%userprofile%\desktop\commy.exe" /stepdel As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. This will not install in Vista. Just continue scanning, and skip the console install. When finished, it shall produce a log for you. Please include the contents of C:\ComboFix.txt in your next reply. If you have problems with ComboFix usage, see How to use ComboFixHi, sorry for taking so long to reply, been a bit busy with exams. Heres the new combofix log: ComboFix 10-10-31.04 - Ryan 01/11/2010 23:23:59.5.2 - x86 Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.64.1033.18.1982.1020 [GMT 13:00] Running from: c:\users\Ryan\Desktop\commy.exe Command switches used :: /stepdel AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF} SP: AVG Anti-Virus Free *enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF} SP: Spybot - Search and Destroy *disabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9} SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7} SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46} . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\system32\arp.exe . ((((((((((((((((((((((((( Files Created from 2010-10-01 to 2010-11-01 ))))))))))))))))))))))))))))))) . 2010-11-01 10:33 . 2010-11-01 10:34 -------- d-----w- c:\users\Ryan\AppData\Local\temp 2010-11-01 10:33 . 2010-11-01 10:33 -------- d-----w- c:\users\Public\AppData\Local\temp 2010-11-01 10:33 . 2010-11-01 10:33 -------- d-----w- c:\users\Guest\AppData\Local\temp 2010-11-01 10:33 . 2010-11-01 10:33 -------- d-----w- c:\users\Guest(56)\AppData\Local\temp 2010-11-01 10:33 . 2010-11-01 10:33 -------- d-----w- c:\users\Default\AppData\Local\temp 2010-10-31 08:11 . 2010-08-26 16:34 1696256 ----a-w- c:\windows\system32\gameux.dll 2010-10-31 08:11 . 2010-08-26 16:33 28672 ----a-w- c:\windows\system32\Apphlpdm.dll 2010-10-31 08:11 . 2010-08-26 14:23 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll 2010-10-31 08:11 . 2010-10-07 23:21 6146896 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{A68C4A42-4035-43FD-A738-1CF0B1EDD3D0}\mpengine.dll 2010-10-28 05:38 . 2010-10-28 05:38 -------- d-----w- c:\windows\en 2010-10-28 05:38 . 2010-09-22 11:21 39272 ----a-w- c:\windows\system32\drivers\fssfltr.sys 2010-10-28 05:28 . 2009-09-04 04:44 69464 ----a-w- c:\windows\system32\XAPOFX1_3.dll 2010-10-28 05:28 . 2009-09-04 04:44 515416 ----a-w- c:\windows\system32\XAudio2_5.dll 2010-10-28 05:28 . 2009-09-04 04:29 453456 ----a-w- c:\windows\system32\d3dx10_42.dll 2010-10-28 01:18 . 2010-10-28 01:18 469256 ----a-w- c:\program files\Common Files\Windows Live\.cache\e31dd701cb763e2b\InstallManager_WLE_WLE.exe 2010-10-28 01:17 . 2010-10-28 01:17 15712 ----a-w- c:\program files\Common Files\Windows Live\.cache\e6008ef01cb763d1f\MeshBetaRemover.exe 2010-10-28 01:16 . 2010-10-28 01:16 525656 ----a-w- c:\program files\Common Files\Windows Live\.cache\c9252b101cb763d18\DXSETUP.exe 2010-10-28 01:16 . 2010-10-28 01:16 94040 ----a-w- c:\program files\Common Files\Windows Live\.cache\c9252b101cb763d18\DSETUP.dll 2010-10-28 01:16 . 2010-10-28 01:16 1691480 ----a-w- c:\program files\Common Files\Windows Live\.cache\c9252b101cb763d18\dsetup32.dll 2010-10-28 01:16 . 2010-10-28 01:16 94040 ----a-w- c:\program files\Common Files\Windows Live\.cache\c62001601cb763d17\DSETUP.dll 2010-10-28 01:16 . 2010-10-28 01:16 525656 ----a-w- c:\program files\Common Files\Windows Live\.cache\c62001601cb763d17\DXSETUP.exe 2010-10-28 01:16 . 2010-10-28 01:16 1691480 ----a-w- c:\program files\Common Files\Windows Live\.cache\c62001601cb763d17\dsetup32.dll 2010-10-28 01:14 . 2010-11-01 09:57 -------- d-----w- c:\users\Ryan\AppData\Local\Windows Live 2010-10-28 01:12 . 2009-08-04 08:02 754688 ----a-w- c:\windows\system32\webservices.dll 2010-10-25 05:24 . 2010-10-25 05:24 -------- d-----w- c:\program files\Common Files\Java 2010-10-25 05:23 . 2010-09-14 15:50 472808 ----a-w- c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll 2010-10-25 05:23 . 2010-09-14 15:50 472808 ----a-w- c:\windows\system32\deployJava1.dll 2010-10-24 10:09 . 2010-10-24 10:09 -------- d-----w- c:\users\Ryan\AppData\Roaming\SUPERAntiSpyware.com 2010-10-18 02:01 . 2010-04-29 02:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-10-18 02:01 . 2010-04-29 02:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-10-17 08:31 . 2010-10-17 08:41 11952 ----a-w- c:\windows\system32\avgrsstx.dll 2010-10-17 08:31 . 2010-10-17 08:41 335240 ----a-w- c:\windows\system32\drivers\avgldx86.sys 2010-10-17 08:30 . 2010-10-17 08:41 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys 2010-10-17 08:30 . 2010-10-17 08:43 -------- d-----w- c:\windows\system32\drivers\Avg 2010-10-15 09:47 . 2010-09-13 13:56 168960 ----a-w- c:\program files\Windows Media Player\wmplayer.exe 2010-10-15 09:47 . 2010-09-13 13:56 8147456 ----a-w- c:\windows\system32\wmploc.DLL 2010-10-15 09:47 . 2010-09-06 16:20 125952 ----a-w- c:\windows\system32\srvsvc.dll 2010-10-15 09:47 . 2010-09-06 13:45 304128 ----a-w- c:\windows\system32\drivers\srv.sys 2010-10-15 09:47 . 2010-09-06 13:45 145408 ----a-w- c:\windows\system32\drivers\srv2.sys 2010-10-15 09:47 . 2010-09-06 13:45 102400 ----a-w- c:\windows\system32\drivers\srvnet.sys 2010-10-15 09:47 . 2010-09-06 16:19 17920 ----a-w- c:\windows\system32\netevent.dll 2010-10-14 10:29 . 2010-10-14 10:29 -------- d-----w- c:\program files\Trend Micro 2010-10-10 02:38 . 2010-10-10 02:38 -------- d-----w- c:\program files\Giant Crocodile 2010-10-08 08:58 . 2010-10-08 08:58 -------- dc----w- C:\$AVG 2010-10-08 06:06 . 2010-10-08 06:06 -------- d--h--w- c:\programdata\Common Files 2010-10-08 06:03 . 2010-10-14 08:43 -------- d-----w- c:\programdata\AVG10 2010-10-08 05:51 . 2010-10-08 06:01 -------- d-----w- c:\programdata\MFAData 2010-10-08 05:39 . 2010-10-18 19:05 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-10-18 22:41 . 2010-02-11 13:33 222080 ------w- c:\windows\system32\MpSigStub.exe 2010-09-22 11:47 . 2010-09-22 11:47 49016 ----a-w- c:\windows\system32\sirenacm.dll 2010-09-22 11:32 . 2010-09-22 11:32 301936 ----a-w- c:\windows\WLXPGSS.SCR 2010-09-13 03:27 . 2010-09-13 03:27 25680 ----a-w- c:\windows\system32\drivers\AVGIDSEH.sys 2010-09-07 22:17 . 2010-09-07 22:17 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx 2010-09-07 22:17 . 2010-09-07 22:17 69632 ----a-w- c:\windows\system32\QuickTime.qts 2010-08-26 16:33 . 2010-10-31 08:11 173056 ----a-w- c:\windows\apppatch\AcXtrnal.dll 2010-08-26 16:33 . 2010-10-31 08:11 2159616 ----a-w- c:\windows\apppatch\AcGenral.dll 2010-08-26 16:33 . 2010-10-31 08:11 458752 ----a-w- c:\windows\apppatch\AcSpecfc.dll 2010-08-26 16:33 . 2010-10-31 08:11 542720 ----a-w- c:\windows\apppatch\AcLayers.dll 2010-08-17 14:11 . 2010-09-16 08:10 128000 ----a-w- c:\windows\system32\spoolsv.exe 2009-01-27 01:34 . 2009-01-27 01:34 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll 2009-01-27 01:34 . 2009-01-27 01:34 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll 2007-08-25 01:52 . 2008-06-05 11:59 300400 ----a-w- c:\program files\mozilla firefox\components\coFFPlgn.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-09-22 4240760] "SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480] "SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-09-28 2424560] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Apoint"="c:\program files\Apoint2K\Apoint.exe" [2007-07-09 159744] "QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2007-10-01 181544] "QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-09-19 202032] "OnScreenDisplay"="c:\program files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe" [2007-09-04 554320] "UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2007-08-17 218408] "Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184] "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-12-10 49152] "hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-09-13 480560] "WAWifiMessage"="c:\program files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2007-01-08 311296] "IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2007-02-05 849280] "WinampAgent"="c:\program files\Winamp\winampa.exe" [2008-08-03 36352] "AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-03-16 47392] "VirtualCloneDrive"="c:\program files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2009-01-29 52392] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-06-23 13601312] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-06-23 92704] "Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-06 57344] "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-03-24 202256] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-09-07 421888] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-09-23 421160] "Malwarebytes Anti-Malware (rootkit-scan)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-04-29 1090952] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-13 248552] c:\users\Ryan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680] c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-1-2 210520] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=c:\windows\System32\avgrsstx.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "aux"=wdmaud.drv [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] ="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend] ="Service" [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 R0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys R0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2009-08-10 133104] R2 Nakido;Nakido;c:\program files\Nakido\nakido.exe R3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\System32\DRIVERS\ASPI32.sys [2002-07-17 84832] R3 cxru92a1;Virtual Bus for Microsoft ACPI-Compliant System; R3 iscFlash;iscFlash;c:\swsetup\sp42533\iscflash.sys [2008-08-05 11520] R3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504] R4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys [2008-04-29 717296] S0 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\AVGIDSEH.Sys [2010-09-13 25680] S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\Drivers\avgldx86.sys [2010-10-17 335240] S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-17 12872] S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2010-05-10 67656] S2 Application Updater;Application Updater;c:\program files\Application Updater\ApplicationUpdater.exe [2009-12-16 375296] S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 HPService REG_MULTI_SZ HPSLPSVC hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache . Contents of the 'Scheduled Tasks' folder 2010-11-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-08-10 23:39] 2010-11-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-08-10 23:39] 2010-10-31 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-753018427-1233051673-1299658189-1003Core.job - c:\users\Ryan\AppData\Local\Google\Update\GoogleUpdate.exe [2010-04-10 04:59] 2010-11-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-753018427-1233051673-1299658189-1003UA.job - c:\users\Ryan\AppData\Local\Google\Update\GoogleUpdate.exe [2010-04-10 04:59] . . ------- Supplementary Scan ------- . uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_nz&c=81&bd=Presario&pf=laptop mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_nz&c=81&bd=Presario&pf=laptop uInternet Settings,ProxyServer = proxy.student.otago.ac.nz:3128 uInternet Settings,ProxyOverride = IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 DPF: {32C3FEAE-0877-4767-8C20-62A5829A0945} - hxxp://static.ak.facebook.com/fbplugin/win32/axfbootloader.cab FF - ProfilePath - c:\users\Ryan\AppData\Roaming\Mozilla\Firefox\Profiles\5isep8bi.default\ FF - prefs.js: network.proxy.ftp - proxy.student.otago.ac.nz FF - prefs.js: network.proxy.ftp_port - 3128 FF - prefs.js: network.proxy.gopher - proxy.student.otago.ac.nz FF - prefs.js: network.proxy.gopher_port - 3128 FF - prefs.js: network.proxy.http - proxy.student.otago.ac.nz FF - prefs.js: network.proxy.http_port - 3128 FF - prefs.js: network.proxy.socks - proxy.student.otago.ac.nz FF - prefs.js: network.proxy.socks_port - 3128 FF - prefs.js: network.proxy.ssl - proxy.student.otago.ac.nz FF - prefs.js: network.proxy.ssl_port - 3128 FF - prefs.js: network.proxy.type - 1 FF - component: c:\programdata\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\components\nprpffbrowserrecordext.dll FF - component: c:\users\Ryan\AppData\Roaming\Mozilla\Firefox\Profiles\5isep8bi.default\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}\components\IBitCometExtension.dll FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll FF - plugin: c:\program files\Google\Update\1.2.183.39\npGoogleOneClick8.dll FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll FF - plugin: c:\programdata\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-11-01 23:34 Windows 6.0.6002 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2010-11-01 23:36:42 ComboFix-quarantined-files.txt 2010-11-01 10:36 ComboFix2.txt 2010-10-23 00:02 ComboFix3.txt 2010-10-22 11:35 Pre-Run: 1,443,819,520 bytes free Post-Run: 1,573,527,552 bytes free - - End Of File - - 7C743AE4BF11B6BBE5462453976BC3C7 Is your computer working any better? SysProt Antirootkit Download SysProt Antirootkit from the link below (you will find it at the bottom of the page under attachments, or you can get it from one of the mirrors). http://sites.google.com/site/sysprotantirootkit/ Unzip it into a folder on your desktop.
extracted to. Open the text file and copy/paste the log here. [/list] My computer is definitely working a lot better than it was before, although there a still a few things happening that never really HAPPENED before. Sometimes programs like Internet Explorer or iTunes randomly decide to crash. Also, if I click the button on my mouse that brings up the magnifying glass tool, everything pauses and the screen goes black for about a second before going back to normal. Those small issues are the only ones I'm noticing though. Here's the Sysprot Antirootkit log: SysProt AntiRootkit v1.0.1.0 by swatkat ****************************************************************************************** ****************************************************************************************** No Hidden Processes found ****************************************************************************************** ****************************************************************************************** Kernel Modules: Module Name: \SystemRoot\System32\Drivers\dump_dumpata.sys Service Name: --- Module Base: 8CFBD000 Module End: 8CFC8000 Hidden: Yes Module Name: \SystemRoot\System32\Drivers\dump_atapi.sys Service Name: --- Module Base: 8CFC8000 Module End: 8CFD0000 Hidden: Yes ****************************************************************************************** ****************************************************************************************** SSDT: Function Name: ZwTerminateProcess Address: 8CED9620 Driver Base: 8CECF000 Driver End: 8CEF1000 Driver Name: \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS ****************************************************************************************** ****************************************************************************************** No Kernel Hooks found ****************************************************************************************** ****************************************************************************************** Hidden files/folders: Object: C:\Qoobox\BackEnv\AppData.folder.dat Status: Access denied Object: C:\Qoobox\BackEnv\Cache.folder.dat Status: Access denied Object: C:\Qoobox\BackEnv\Cookies.folder.dat Status: Access denied Object: C:\Qoobox\BackEnv\Desktop.folder.dat Status: Access denied Object: C:\Qoobox\BackEnv\Favorites.folder.dat Status: Access denied Object: C:\Qoobox\BackEnv\History.folder.dat Status: Access denied Object: C:\Qoobox\BackEnv\LocalAppData.folder.dat Status: Access denied Object: C:\Qoobox\BackEnv\LocalSettings.folder.dat Status: Access denied Object: C:\Qoobox\BackEnv\Music.folder.dat Status: Access denied Object: C:\Qoobox\BackEnv\NetHood.folder.dat Status: Access denied Object: C:\Qoobox\BackEnv\Personal.folder.dat Status: Access denied Object: C:\Qoobox\BackEnv\Pictures.folder.dat Status: Access denied Object: C:\Qoobox\BackEnv\PrintHood.folder.dat Status: Access denied Object: C:\Qoobox\BackEnv\Profiles.Folder.dat Status: Access denied Object: C:\Qoobox\BackEnv\Profiles.Folder.folder.dat Status: Access denied Object: C:\Qoobox\BackEnv\Programs.folder.dat Status: Access denied Object: C:\Qoobox\BackEnv\Recent.folder.dat Status: Access denied Object: C:\Qoobox\BackEnv\SendTo.folder.dat Status: Access denied Object: C:\Qoobox\BackEnv\SetPath.bat Status: Access denied Object: C:\Qoobox\BackEnv\StartMenu.folder.dat Status: Access denied Object: C:\Qoobox\BackEnv\StartUp.folder.dat Status: Access denied Object: C:\Qoobox\BackEnv\SysPath.dat Status: Access denied Object: C:\Qoobox\BackEnv\Templates.folder.dat Status: Access denied Object: C:\Qoobox\BackEnv\VikPev00 Status: Access denied Object: C:\Users\Ryan\AppData\Local\Microsoft\Messenger\[email protected]\SharingMetadata\[email protected]\DFSR\Staging\CS{DAC71EAD-ED09-F966-DCD5-DFD0F8DB3CC1}\01\10-{DAC71EAD-ED09-F966-DCD5-DFD0F8DB3CC1}-v1-{DB34C54A-12AB-43EE-B476-02BEB35A910F Status: Hidden Object: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTDiagLog.etl Status: Access denied Object: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-Application.etl Status: Access denied Object: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventlog-Security.etl Status: Access denied Object: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-System.etl Status: Access denied Object: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTMsMpPsSession.etl Status: Access denied Quote Sometimes programs like Internet Explorer or iTunes randomly decide to crash. Also, if I click the button on my mouse that brings up the magnifying glass tool, everything pauses and the screen goes black for about a second before going back to normal. Those small issues are the only ones I'm noticing though.Those sound like hardware or software problems. Let's continue. I'd like to scan your machine with ESET OnlineScan •Hold down Control and click on the following link to open ESET OnlineScan in a new window. ESET OnlineScan •Click the button. •For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
•Click the button. •Accept any security warnings from your browser. •Check •Push the Start button. •ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time. •When the scan completes, push •Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply. •Push the button. •Push A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt Here is the log from the ESET online scan: C:\Qoobox\Quarantine\C\Windows\PRAGMAyrtxnwrcjt\PRAGMAc.dll.vir a variant of Win32/Kryptik.EXT trojan cleaned by deleting - quarantined C:\Qoobox\Quarantine\C\Windows\System32\drivers\agp440.sys.vir a variant of Win32/Rootkit.Kryptik.BS trojan cleaned by deleting - quarantined C:\SWSetup\AOLIMS\setup.exe probably a variant of Win32/Agent.HZHBURL trojan cleaned by deleting - quarantined C:\Users\Ryan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\19\30cd253-2667789e multiple threats deleted - quarantined C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3G8ZRRT0\INSTALL[1] Win32/Adware.Antivirus2010 application cleaned by deleting - quarantined C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3G8ZRRT0\script[1] Win32/Adware.Antivirus2010 application cleaned by deleting - quarantined C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\P4APQ21N\dialog_alert[1] Win32/Adware.Antivirus2010 application cleaned by deleting - quarantined That looks good. If there are no other issues, let's do some cleanup. * Click START then RUN - Vista users press the Windows Key and the R keys together for the Run box. * Now type commy /uninstall in the runbox * Make sure there's a space between commy and /Uninstall * Then hit Enter * The above procedure will: * Delete the following: * ComboFix and its associated files and folders. * Reset the clock settings. * Hide file extensions, if required. * Hide System/Hidden files, if required. * Set a new, clean Restore Point. ********************************* Clean out your temporary internet files and temp files. Download TFC by OldTimer to your desktop. Double-click TFC.exe to run it. Note: If you are running on Vista, right-click on the file and choose Run As Administrator TFC will close all programs when run, so make sure you have saved all your work before you begin. * Click the Start button to begin the cleaning process. * Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two. * Please let TFC run uninterrupted until it is finished. Once TFC is finished it should restart your computer. If it does not, please manually restart the computer yourself to ensure a complete cleaning. ************************************** Looking over your log it seems you don't have any evidence of a third party firewall. Firewalls protect against hackers and malicious intruders. You need to download a free firewall from one of these reliable vendors. Remember only install ONE firewall 1) Comodo Personal Firewall (Uncheck during installation "Install Comodo SafeSurf..", Make Comodo my default search provider" and "Make Comodo Search my homepage" and uncheck any HopSurf and/or Ask.com options if you choose this one) 2) Online Armor 3) Agnitum Outpost 4) PC Tools Firewall Plus If you are using the built-in Windows XP firewall, it is not recommended as it does not block outgoing connections. This means that any malware on your computer is free to "phone home" for more instructions. Simply put, Windows XP contains a mediocre firewall. This firewall is NO replacement for a dedicated software solution. Remember to use only one firewall at the same time. ************************************** Use the Secunia Software Inspector to check for out of date software. •Click Start Now •Check the box next to Enable thorough system inspection. •Click Start •Allow the scan to finish and scroll down to see if any updates are needed. •Update anything listed. . ---------- Go to Microsoft Windows Update and get all critical updates. ---------- I suggest using WOT - Web of Trust. WOT is a free Internet security addon for your browser. It will keep you safe from online scams, identity theft, spyware, spam, viruses and unreliable shopping sites. WOT warns you before you interact with a risky website. It's easy and it's free. SpywareBlaster- Secure your Internet Explorer to make it harder for ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox. * Using SpywareBlaster to protect your computer from Spyware and Malware * If you don't know what ActiveX controls are, see here Protect yourself against spyware using the Immunize feature in Spybot - Search & Destroy. Guide: Use Spybot's Immunize Feature to prevent spyware infection in real-time. Note: To ensure you have the latest Immunizations always update Spybot - Search & Destroy before Immunizing. Spybot - Search & Destroy FAQ Check out Keeping Yourself Safe On The Web for tips and free tools to help keep you safe in the future. Also see Slow Computer? It may not be Malware for free cleaning/maintenance tools to help keep your computer running smoothly. Safe Surfing! |
|