My Anti Spyware

by **lchapman** » Sat Apr 09, 2011 7:00 pm

Hi,
I've been following some of the advice given to other poster who are trying to get rid of the Vista Internet Security 2011 virus/malware.

I've DL malwarebytes, and Hijack this but they both stop scanning after 3 seconds. I've tried dl RKill but the virus won't let me even though I've tried using different names and extensions.

I don't know what else to do?

Please help!
Thanks,
Linda

by **12056** » Sat Apr 09, 2011 7:06 pm

Try running the Registry Fix Tool:

Download FixNCR.reg to your desktop.
Then double-click it to run it, when prompted, Click "YES".

Then,

Please download TFC to your desktop,
Save any unsaved work. TFC will close all open application windows.
Double-click TFC.exe to run the program.
If prompted, click "Yes" to reboot.

Please download ComboFix from here.
Close your browser, and Double-Click on the tiger icon.
Let ComboFix run unhindered, mouse clicks may cause it to stall.
Your computer may restart, after the scan, this is normal.

Please post the ComboFix log, it will appear after the restart.

by **lchapman** » Sun Apr 10, 2011 12:37 am

Wow, I wasn't sure I could do that!

Thanks SO MUCH for helping me...I've literally been at this for 10 hours!
Linda
Here's the logfile from Combofix:

ComboFix 11-04-09.01 - Linda 04/09/2011 20:14:25.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2045.1156 [GMT -4:00]
Running from: c:\users\Linda\Desktop\ComboFix.exe
AV: AVG Internet Security 2011 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
FW: AVG Firewall *Enabled* {621CC794-9486-F902-D092-0484E8EA828B}
SP: AVG Internet Security 2011 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Best Spyware Scanner
c:\program files\Best Spyware Scanner\AutoUpdate.exe
c:\program files\Best Spyware Scanner\BestSpywareScanner.exe
c:\program files\Best Spyware Scanner\BestSpywareScanner.url
c:\program files\Best Spyware Scanner\BSSHelper.exe
c:\program files\Best Spyware Scanner\hrdb.hrl
c:\program files\Best Spyware Scanner\md5.dll
c:\program files\Best Spyware Scanner\mtools.dll
c:\program files\Best Spyware Scanner\networkdll.dll
c:\program files\Best Spyware Scanner\opfile.dll
c:\program files\Best Spyware Scanner\QAreaDLL.dll
c:\program files\Best Spyware Scanner\RkHitApi.dll
c:\program files\Best Spyware Scanner\sctdll.dll
c:\program files\Best Spyware Scanner\spkdll.dll
c:\program files\Best Spyware Scanner\udefend.dll
c:\program files\Best Spyware Scanner\unins000.dat
c:\program files\Best Spyware Scanner\unins000.exe
c:\program files\Best Spyware Scanner\update\Update_BSS.ini
c:\program files\Best Spyware Scanner\ussafe.dll
c:\program files\Best Spyware Scanner\zlib1.dll
c:\programdata\.wtav
c:\programdata\Microsoft\Windows\Start Menu\Programs\Best Spyware Scanner
c:\programdata\Microsoft\Windows\Start Menu\Programs\Best Spyware Scanner\Best Spyware Scanner on the Web.lnk
c:\programdata\Microsoft\Windows\Start Menu\Programs\Best Spyware Scanner\Best Spyware Scanner.lnk
c:\programdata\Microsoft\Windows\Start Menu\Programs\Best Spyware Scanner\Uninstall Best Spyware Scanner.lnk
c:\users\Linda Second acct\Desktop\Best Spyware Scanner.lnk
c:\users\Linda\AppData\Roaming\Internet Security Suite
c:\users\Linda\AppData\Roaming\Internet Security Suite\cookies.sqlite
c:\users\Linda\AppData\Roaming\Internet Security Suite\desktop.ini
c:\users\Linda\AppData\Roaming\Internet Security Suite\Instructions.ini
c:\users\Linda\Desktop\Best Spyware Scanner.lnk
c:\webupdater\WebUpdater.exe
c:\windows\assembly\GAC\__AssemblyInfo__.ini
c:\windows\system32\drivers\RKHit.sys
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_RKHIT
-------\Service_RkHit
.
.
((((((((((((((((((((((((( Files Created from 2011-03-10 to 2011-04-10 )))))))))))))))))))))))))))))))
.
.
2011-04-10 00:23 . 2011-04-10 00:23 -------- d-----w- c:\users\IUSR_NMPR\AppData\Local\temp
2011-04-10 00:23 . 2011-04-10 00:23 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-04-09 23:14 . 2011-04-09 23:14 135032 ----a-w- c:\windows\system32\drivers\dwprot.sys
2011-04-09 21:49 . 2011-04-09 21:49 -------- d-----w- c:\program files\ESET
2011-04-09 20:23 . 2011-04-09 20:24 -------- d-----w- c:\users\Linda Second acct
2011-04-09 19:55 . 2011-04-09 19:55 71880 ----a-w- c:\windows\system32\PxSecure.dll
2011-04-09 19:55 . 2011-04-09 19:55 76696 ----a-w- c:\windows\system32\drivers\pxrts.sys
2011-04-09 19:55 . 2011-04-09 19:55 32008 ----a-w- c:\windows\system32\drivers\pxscan.sys
2011-04-09 19:55 . 2011-04-09 19:55 26096 ----a-w- c:\windows\system32\drivers\pxkbf.sys
2011-04-09 19:55 . 2011-04-09 19:55 -------- d-----w- c:\program files\Prevx
2011-04-09 19:55 . 2011-04-09 19:55 -------- d-----w- c:\programdata\PrevxCSI
2011-04-09 17:32 . 2011-04-09 20:54 -------- d-----w- C:\TDSSKiller_Quarantine
2011-04-09 16:59 . 2011-04-09 16:59 -------- d-----w- c:\programdata\Norton
2011-04-09 16:59 . 2011-04-09 16:59 -------- d-----w- c:\windows\system32\drivers\NSS
2011-04-09 16:59 . 2011-04-09 16:59 -------- d-----w- c:\program files\NortonInstaller
2011-04-09 15:00 . 2011-04-09 15:00 -------- d-----w- c:\program files\STOPzilla!
2011-04-09 15:00 . 2011-04-09 15:00 -------- d-----w- c:\program files\Common Files\iS3
2011-04-09 14:59 . 2011-04-09 15:01 -------- d-----w- c:\programdata\STOPzilla!
2011-04-06 18:47 . 2011-04-06 18:47 546256 ----a-r- c:\windows\system32\SZComp5.dll
2011-04-06 18:47 . 2011-04-06 18:47 22992 ----a-r- c:\windows\system32\SZIO5.dll
2011-04-06 18:47 . 2011-04-06 18:47 132560 ----a-r- c:\windows\system32\IS3HTUI5.dll
2011-04-06 18:47 . 2011-04-06 18:47 452048 ----a-r- c:\windows\system32\SZBase5.dll
2011-04-06 18:47 . 2011-04-06 18:47 398800 ----a-r- c:\windows\system32\IS3DBA5.dll
2011-04-06 18:47 . 2011-04-06 18:47 28624 ----a-r- c:\windows\system32\IS3XDat5.dll
2011-04-06 18:47 . 2011-04-06 18:47 99792 ----a-r- c:\windows\system32\IS3Svc5.dll
2011-04-06 18:47 . 2011-04-06 18:47 99792 ----a-r- c:\windows\system32\IS3Inet5.dll
2011-04-06 18:47 . 2011-04-06 18:47 67024 ----a-r- c:\windows\system32\IS3Hks5.dll
2011-04-06 18:47 . 2011-04-06 18:47 390608 ----a-r- c:\windows\system32\IS3UI5.dll
2011-04-06 18:47 . 2011-04-06 18:47 230864 ----a-r- c:\windows\system32\IS3Win325.dll
2011-04-06 18:47 . 2011-04-06 18:47 738768 ----a-r- c:\windows\system32\IS3Base5.dll
2011-03-29 18:34 . 2011-03-29 18:34 -------- d-----w- c:\program files\Audible
2011-03-29 16:49 . 2011-03-29 16:50 -------- d-----w- c:\program files\GridinSoft Trojan Killer
2011-03-29 16:33 . 2010-12-20 22:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-03-29 16:33 . 2011-04-09 17:30 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-03-29 16:33 . 2010-12-20 22:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-03-29 16:16 . 2011-03-29 16:18 -------- d-----w- c:\program files\Unlocker
2011-03-29 15:32 . 2011-03-29 15:32 -------- d-----w- c:\program files\iPod
2011-03-29 15:27 . 2011-03-29 15:27 -------- d-----w- c:\program files\Bonjour
2011-03-26 20:22 . 2011-03-26 20:23 -------- d-----w- c:\program files\Unit Conversion Tool
2011-03-26 02:23 . 2011-03-26 02:23 -------- d-----w- c:\program files\InstantEyedropper
2011-03-23 13:01 . 2011-03-23 13:01 -------- d-----w- c:\users\Linda\AppData\Roaming\Malwarebytes
2011-03-23 13:01 . 2011-03-23 13:01 -------- d-----w- c:\programdata\Malwarebytes
2011-03-23 08:14 . 2011-02-22 14:13 288768 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-03-23 08:14 . 2011-02-22 13:33 1068544 ----a-w- c:\windows\system32\DWrite.dll
2011-03-23 08:14 . 2011-02-22 13:33 797696 ----a-w- c:\windows\system32\FntCache.dll
2011-03-21 16:34 . 2011-03-21 16:35 -------- d-----w- c:\users\Linda\SureCutsAlot
2011-03-21 16:32 . 2011-03-21 16:32 -------- d-----w- c:\users\Linda\New Folder (3)
2011-03-21 16:32 . 2011-03-21 16:35 -------- d-----w- c:\users\Linda\New Folder (2)
2011-03-21 16:26 . 2011-03-21 16:37 -------- d-----w- c:\users\Linda\Tutorials Cricut SCAL Inkscape
2011-03-21 16:22 . 2011-03-21 16:23 -------- d-----w- c:\users\Linda\Photoshop Templates
2011-03-21 16:22 . 2011-03-21 16:22 -------- d-----w- c:\users\Linda\Photoshop Tutorials
2011-03-21 16:10 . 2011-03-21 16:49 -------- d-----w- c:\users\Linda\Color Matching
2011-03-18 19:47 . 2011-03-21 16:34 -------- d-----w- c:\users\Linda\Clip Art Collection
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-01-20 16:37 . 2011-02-09 20:52 638336 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2011-01-20 16:08 . 2011-02-09 20:52 478720 ----a-w- c:\windows\system32\dxgi.dll
2011-01-20 16:08 . 2011-02-09 20:52 219648 ----a-w- c:\windows\system32\d3d10_1core.dll
2011-01-20 16:08 . 2011-02-09 20:52 160768 ----a-w- c:\windows\system32\d3d10_1.dll
2011-01-20 16:08 . 2011-02-09 20:52 1029120 ----a-w- c:\windows\system32\d3d10.dll
2011-01-20 16:08 . 2011-02-09 20:52 189952 ----a-w- c:\windows\system32\d3d10core.dll
2011-01-20 16:07 . 2011-02-09 20:52 37376 ----a-w- c:\windows\system32\cdd.dll
2011-01-20 16:07 . 2011-02-09 20:52 258048 ----a-w- c:\windows\system32\winspool.drv
2011-01-20 16:07 . 2011-02-09 20:52 586240 ----a-w- c:\windows\system32\stobject.dll
2011-01-20 16:06 . 2011-02-09 20:52 2873344 ----a-w- c:\windows\system32\mf.dll
2011-01-20 16:06 . 2011-02-09 20:52 26112 ----a-w- c:\windows\system32\printfilterpipelineprxy.dll
2011-01-20 16:04 . 2011-02-09 20:52 209920 ----a-w- c:\windows\system32\mfplat.dll
2011-01-20 16:04 . 2011-02-09 20:52 98816 ----a-w- c:\windows\system32\mfps.dll
2011-01-20 14:28 . 2011-02-09 20:52 1554432 ----a-w- c:\windows\system32\xpsservices.dll
2011-01-20 14:27 . 2011-02-09 20:52 876032 ----a-w- c:\windows\system32\XpsPrint.dll
2011-01-20 14:26 . 2011-02-09 20:52 667648 ----a-w- c:\windows\system32\printfilterpipelinesvc.exe
2011-01-20 14:25 . 2011-02-09 20:52 847360 ----a-w- c:\windows\system32\OpcServices.dll
2011-01-20 14:24 . 2011-02-09 20:52 135680 ----a-w- c:\windows\system32\XpsRasterService.dll
2011-01-20 14:15 . 2011-02-09 20:52 979456 ----a-w- c:\windows\system32\MFH264Dec.dll
2011-01-20 14:14 . 2011-02-09 20:52 357376 ----a-w- c:\windows\system32\MFHEAACdec.dll
2011-01-20 14:14 . 2011-02-09 20:52 261632 ----a-w- c:\windows\system32\mfreadwrite.dll
2011-01-20 14:14 . 2011-02-09 20:52 302592 ----a-w- c:\windows\system32\mfmp4src.dll
2011-01-20 14:12 . 2011-02-09 20:52 1172480 ----a-w- c:\windows\system32\d3d10warp.dll
2011-01-20 14:11 . 2011-02-09 20:52 486400 ----a-w- c:\windows\system32\d3d10level9.dll
2011-01-20 13:47 . 2011-02-09 20:52 683008 ----a-w- c:\windows\system32\d2d1.dll
2006-08-04 16:00 . 2007-08-29 19:13 55296 ----a-w- c:\program files\CoreMultimediaRC.dll
2006-08-04 16:00 . 2007-08-29 19:10 178688 ----a-w- c:\program files\CoreMultimedia.dll
2007-07-25 02:26 . 2007-07-25 02:26 135680 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2007-03-15 460784]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-08-17 68856]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2006-09-29 151552]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-07-11 90112]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-07-25 1836544]
"ECenter"="c:\dell\E-Center\EULALauncher.exe" [2006-11-17 17920]
"VolPanel"="c:\program files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" [2006-07-28 122880]
"P17Helper"="SPIRun.dll" [2006-07-03 10752]
"MagicTuneEngine"="c:\program files\MagicTune Premium\MagicTuneEngine.exe" [2007-04-18 69632]
"MagicRotation"="c:\program files\MagicRotation\MagicPvt.exe" [2007-02-13 2543738]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-10-09 16384]
"CCUTRAYICON"="c:\program files\Intel\IntelDH\CCU\CCU_TrayIcon.exe" [2006-11-18 182744]
"NMSSupport"="c:\program files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe" [2006-09-26 423424]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2008-08-14 565008]
"LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam\Quickcam.exe" [2008-08-14 2407184]
"SigmatelSysTrayApp"="sttray.exe" [2007-02-08 303104]
"P17RunE"="P17RunE.dll" [2008-03-28 14848]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"TkBellExe"="c:\program files\Real\RealPlayer\Update\realsched.exe" [2011-01-07 274608]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-03-07 421160]
"UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2010-07-04 17408]
.
c:\users\Linda\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Evernote Clipper.lnk - c:\users\Linda\AppData\Local\Apps\Evernote\Evernote\EvernoteClipper.exe [2011-1-25 964096]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2008-1-26 113664]
Audible Download Manager.lnk - c:\program files\Audible\Bin\AudibleDownloadHelper.exe [2011-3-14 2125472]
Conversion to PDF with ScanSnap Organizer.lnk - c:\program files\PFU\ScanSnap\Organizer\PfuSsOrgOcrChk.exe [2010-12-25 15360]
GammaTray.lnk - c:\program files\MagicTune Premium\GammaTray.exe [2007-5-3 36864]
NCProTray.lnk - c:\program files\SEC\Natural Color Pro\NCProTray.exe [2007-5-4 49220]
ScanSnap Manager.lnk - c:\program files\PFU\ScanSnap\Driver\PfuSsMon.exe [2010-12-25 1146880]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"DisableStartupSound"= 1 (0x1)
"DisableStatusMessages"= 1 (0x1)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"HideSCANetwork"= 1 (0x1)
"HideSCABattery"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ c:\progra~1\AVG\AVG10\avgchsvx.exe /sync\0c:\progra~1\AVG\AVG10\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-29 22:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000001
"AntiVirusOverride"=dword:00000001
"AntiSpywareOverride"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
"AntiSpywareOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
R0 is3srv;is3srv;c:\windows\system32\drivers\is3srv.sys [2009-12-07 61328]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 CSIScanner;CSIScanner;c:\program files\Prevx\prevx.exe [2011-04-09 6416120]
R2 gupdate1c98677e192bc10;Google Update Service (gupdate1c98677e192bc10);c:\program files\Google\Update\GoogleUpdate.exe [2009-02-04 133104]
R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2009-12-09 79360]
R3 PCPitstop Scheduling;PCPitstop Scheduling;c:\program files\PCPitstop\PCPitstopScheduleService.exe [2008-10-21 77312]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S0 DwProt;DrWeb Protection;c:\windows\system32\drivers\dwprot.sys [2011-04-09 135032]
S0 pxscan;pxscan;c:\windows\System32\drivers\pxscan.sys [2011-04-09 32008]
S0 szkg5;szkg5;c:\windows\system32\DRIVERS\szkg.sys [2009-12-07 61328]
S0 szkgfs;szkgfs;c:\windows\system32\drivers\szkgfs.sys [2010-05-12 59280]
S1 magicpvt;magicpvt;c:\windows\system32\drivers\magicpvt.sys [2006-12-04 26240]
S1 pxrts;pxrts;c:\windows\system32\drivers\pxrts.sys [2011-04-09 76696]
S2 DQLWinService;DQLWinService;c:\program files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe [2006-10-29 208896]
S2 nmsgopro;GoProto Protocol Driver for NMS;c:\windows\system32\DRIVERS\nmsgopro.sys [2006-09-27 28672]
S2 nmsunidr;UniDriver for NMS;c:\windows\system32\DRIVERS\nmsunidr.sys [2006-10-19 7424]
S3 IntelDH;IntelDH Driver;c:\windows\system32\Drivers\IntelDH.sys [2007-11-04 5504]
S3 pxkbf;pxkbf;c:\windows\system32\drivers\pxkbf.sys [2011-04-09 26096]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder
.
2011-04-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-04 03:22]
.
2011-04-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-04 03:22]
.
2011-04-09 c:\windows\Tasks\Norton Security Scan for Linda.job
- c:\program files\Norton Security Scan\Norton Security Scan\Engine\2.3.0.44\Nss.exe [2011-04-09 16:59]
.
2011-04-10 c:\windows\Tasks\User_Feed_Synchronization-{4C29CA7D-8553-4DCE-9858-CDE90F1731CA}.job
- c:\windows\system32\msfeedssync.exe [2008-09-19 07:33]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.wwlp.com/
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Evernote 4.0 - c:\users\Linda\AppData\Local\Apps\Evernote\Evernote\EvernoteIE.dll/204
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
Trusted Zone: pcpitstop.com\www
DPF: {26B2A5DA-BFD6-422F-A89A-28A54C74B12B} - hxxp://www.costcophotocenter.com/upload ... ontrol.cab
FF - ProfilePath - c:\users\Linda\AppData\Roaming\Mozilla\Firefox\Profiles\xnbvhim8.default\
FF - prefs.js: browser.startup.homepage - hxxp://mail.google.com/mail/?auth=DQAAA ... gle.com/ig
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Ext: StumbleUpon: {AE93811A-5C9A-4d34-8462-F7B864FC4696} - %profile%\extensions\{AE93811A-5C9A-4d34-8462-F7B864FC4696}
FF - Ext: Google Toolbar for Firefox: {3112ca9c-de6d-4884-a869-9855de68056c} - %profile%\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
FF - Ext: Move Media Player: moveplayer@movenetworks.com - %profile%\extensions\moveplayer@movenetworks.com
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Amazon Toolbar: amznUWL@amazon.com - %profile%\extensions\amznUWL@amazon.com
FF - Ext: InvisibleHand: canitbecheaper@trafficbroker.co.uk - %profile%\extensions\canitbecheaper@trafficbroker.co.uk
FF - Ext: Amazon Button: AmazonHotStuff@wangtom.com - %profile%\extensions\AmazonHotStuff@wangtom.com
FF - Ext: Dynamite Deals: ddfirefox@dynamitedata - %profile%\extensions\ddfirefox@dynamitedata
FF - Ext: BetterPrivacy: {d40f5e7b-d2cf-4856-b441-cc613eeffbe3} - %profile%\extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}
FF - Ext: deskCut: {9125C9CB-BE2B-4389-A0C7-46A4BDD46AEA} - %profile%\extensions\{9125C9CB-BE2B-4389-A0C7-46A4BDD46AEA}
FF - Ext: Email This! Bookmarklet Extension: gmailthis@lazyrussian.com - %profile%\extensions\gmailthis@lazyrussian.com
FF - Ext: SortPlaces: sortplaces@andyhalford.com - %profile%\extensions\sortplaces@andyhalford.com
FF - Ext: Add to Amazon Wish List Button: amznUWL2@amazon.com - %profile%\extensions\amznUWL2@amazon.com
FF - Ext: RetailMeNot: enquiries@retailmenot.com - %profile%\extensions\enquiries@retailmenot.com
FF - Ext: ColorZilla: {6AC85730-7D0F-4de0-B3FA-21142DD85326} - %profile%\extensions\{6AC85730-7D0F-4de0-B3FA-21142DD85326}
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-Malwarebytes' Anti-Malware (reboot) - f:\malwarebytes' anti-malware\iexplorer.exe
SafeBoot-klmdb.sys
MSConfigStartUp-AppleSyncNotifier - c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
MSConfigStartUp-BestSpywareScanner - c:\program files\Best Spyware Scanner\BestSpywareScanner.exe
MSConfigStartUp-BSSHelper - c:\program files\Best Spyware Scanner\BSSHelper.exe
AddRemove-Best Spyware Scanner_is1 - c:\program files\Best Spyware Scanner\unins000.exe
.
.
.
**************************************************************************
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
P17Helper = Rundll32 SPIRun.dll,RunDLLEntry?
.
scanning hidden files ...
.
scan completed successfully
hidden files:
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(1152)
c:\program files\Unlocker\UnlockerHook.dll
c:\program files\Roxio\Drag-to-Disc\Shellex.dll
c:\windows\system32\DLAAPI_W.DLL
c:\program files\Roxio\Drag-to-Disc\ShellRes.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\program files\Creative\Shared Files\CTAudSvc.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Intel\IntelDH\CCU\AlertService.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
c:\program files\Dell Support Center\bin\sprtsvc.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe
c:\program files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe
c:\program files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe
c:\program files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\System32\rundll32.exe
c:\program files\ATI Technologies\ATI.ACE\CLI.EXE
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\sttray.exe
c:\windows\System32\rundll32.exe
c:\windows\ehome\ehmsas.exe
c:\program files\Common Files\Logishrd\LQCVFX\COCIManager.exe
c:\program files\Intel\IntelDH\CCU\CCU_Engine.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\MagicTune Premium\MagicTune.exe
c:\program files\ATI Technologies\ATI.ACE\CLI.exe
c:\program files\ATI Technologies\ATI.ACE\CLI.exe
.
**************************************************************************
.
Completion time: 2011-04-09 20:32:52 - machine was rebooted
ComboFix-quarantined-files.txt 2011-04-10 00:32
.
Pre-Run: 142,718,431,232 bytes free
Post-Run: 142,232,174,592 bytes free
.
- - End Of File - - 9047CEFE0B1CE0845E0581F143098682

by **12056** » Sun Apr 10, 2011 1:04 am

Good, It looks like ComboFix was able to take care of the rouge Best Spyware Scanner, and the below script will remove StopZilla!.

Please open notepad and copy and paste the below code into it:

Code: Select all: KillAll:: Registry:: [HKEY_LOCAL_MACHINE\software\microsoft\security center] "FirewallOverride"=- "AntiVirusOverride"=- "AntiSpywareOverride"=- [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware] "DisableMonitoring"=- [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc] "AntiVirusOverride"=- "AntiSpywareOverride"=- "FirewallOverride"=- Driver:: szkg5 szkgfs is3srv File:: c:\windows\system32\SZIO5.dll c:\windows\system32\IS3Base5.dll c:\windows\system32\SZComp5.dll c:\windows\system32\IS3HTUI5.dll c:\windows\system32\SZBase5.dll c:\windows\system32\IS3DBA5.dll c:\windows\system32\IS3XDat5.dll c:\windows\system32\IS3Svc5.dll c:\windows\system32\IS3Inet5.dll c:\windows\system32\IS3Hks5.dll c:\windows\system32\IS3UI5.dll c:\windows\system32\IS3Win325.dll Folder:: c:\program files\STOPzilla! c:\program files\Common Files\iS3 c:\programdata\STOPzilla! Reboot::

Save the file as CFScript.
Then, Drag and Drop the file onto the Combofix.exe Icon to launch the removal script.

Post back with the new Combofix log.

by **lchapman** » Sun Apr 10, 2011 7:14 pm

Hi,

Here's the latest log file from Combofix...THANKS AGAIN for your help! Are things improving?

Linda

ComboFix 11-04-09.01 - Linda 04/10/2011 14:11:46.2.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2045.1453 [GMT -4:00]
Running from: c:\users\Linda\Desktop\ComboFix.exe
Command switches used :: c:\users\Linda\Desktop\CFScript.txt
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\windows\system32\IS3Base5.dll"
"c:\windows\system32\IS3DBA5.dll"
"c:\windows\system32\IS3Hks5.dll"
"c:\windows\system32\IS3HTUI5.dll"
"c:\windows\system32\IS3Inet5.dll"
"c:\windows\system32\IS3Svc5.dll"
"c:\windows\system32\IS3UI5.dll"
"c:\windows\system32\IS3Win325.dll"
"c:\windows\system32\IS3XDat5.dll"
"c:\windows\system32\SZBase5.dll"
"c:\windows\system32\SZComp5.dll"
"c:\windows\system32\SZIO5.dll"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Common Files\iS3
c:\program files\Common Files\iS3\Anti-Spyware\detoured.dll
c:\program files\Common Files\iS3\Anti-Spyware\fullupd.rsf
c:\program files\Common Files\iS3\Anti-Spyware\iS3lsp.dll
c:\program files\Common Files\iS3\Anti-Spyware\iS3SiteBlocker.dll
c:\program files\Common Files\iS3\Anti-Spyware\iS3SploitChecker.dll
c:\program files\Common Files\iS3\Anti-Spyware\IS3Updater.exe
c:\program files\Common Files\iS3\Anti-Spyware\SZBrCom.dll
c:\program files\Common Files\iS3\Anti-Spyware\SZCfgSvc.dll
c:\program files\Common Files\iS3\Anti-Spyware\SZClientCom.dll
c:\program files\Common Files\iS3\Anti-Spyware\SZClLic.dll
c:\program files\Common Files\iS3\Anti-Spyware\SZEXIT.dll
c:\program files\Common Files\iS3\Anti-Spyware\SZExtrSS.dll
c:\program files\Common Files\iS3\Anti-Spyware\SZHistory.dll
c:\program files\Common Files\iS3\Anti-Spyware\SZJustice.dll
c:\program files\Common Files\iS3\Anti-Spyware\SZPAHost.dll
c:\program files\Common Files\iS3\Anti-Spyware\SZQrntn.dll
c:\program files\Common Files\iS3\Anti-Spyware\SZScanner.exe
c:\program files\Common Files\iS3\Anti-Spyware\SZSchSvc.dll
c:\program files\Common Files\iS3\Anti-Spyware\SZScnSvc.dll
c:\program files\Common Files\iS3\Anti-Spyware\SZServer.exe
c:\program files\Common Files\iS3\Anti-Spyware\SZSnsrSv.dll
c:\program files\Common Files\iS3\Anti-Spyware\SZSvcHost.dll
c:\program files\Common Files\iS3\Anti-Spyware\SZTargetUpdate.Exe
c:\program files\Common Files\iS3\Anti-Spyware\SZTrgSS.dll
c:\program files\Common Files\iS3\Anti-Spyware\SZUniTrg.dll
c:\program files\Common Files\iS3\Anti-Spyware\vbengnt.dll
c:\program files\STOPzilla!
c:\program files\STOPzilla!\Diagnostics\DiagScan.exe
c:\program files\STOPzilla!\Diagnostics\SZDxScanCore5.dll
c:\program files\STOPzilla!\f_in_box.dll
c:\program files\STOPzilla!\roar.wav
c:\program files\STOPzilla!\snore.wav
c:\program files\STOPzilla!\STOPzilla.exe
c:\program files\STOPzilla!\STOPzillaHelp.chm
c:\program files\STOPzilla!\SZBlkLst.exe
c:\program files\STOPzilla!\SZHistUI.dll
c:\program files\STOPzilla!\SZIEBHO.dll
c:\program files\STOPzilla!\SZInit.Exe
c:\program files\STOPzilla!\SZLMScn.dll
c:\program files\STOPzilla!\SZOptions.exe
c:\program files\STOPzilla!\SZPixelDrop.exe
c:\program files\STOPzilla!\SZRegister.exe
c:\program files\STOPzilla!\SZRes5En.dll
c:\program files\STOPzilla!\SZRollup.dll
c:\program files\STOPzilla!\SZSplash.dll
c:\program files\STOPzilla!\SZTrayIcon.dll
c:\program files\STOPzilla!\SZUndelete.exe
c:\program files\STOPzilla!\wscControlSZ.exe
c:\programdata\STOPzilla!
c:\programdata\STOPzilla!\modules_scanned.db
c:\programdata\STOPzilla!\sb.dat
c:\programdata\STOPzilla!\sc.dat
c:\programdata\STOPzilla!\sztrgwc.db
c:\programdata\STOPzilla!\Target.Log
c:\programdata\STOPzilla!\targets.db
c:\programdata\STOPzilla!\userdata.db-journal
c:\programdata\STOPzilla!\userdata.db
c:\programdata\STOPzilla!\vdb\vb-000.vdb
c:\programdata\STOPzilla!\vdb\vb-001.vdb
c:\programdata\STOPzilla!\vdb\vb-002.vdb
c:\programdata\STOPzilla!\vdb\vb-003.vdb
c:\programdata\STOPzilla!\vdb\vb-004.vdb
c:\programdata\STOPzilla!\vdb\vb-005.vdb
c:\programdata\STOPzilla!\vdb\vb-006.vdb
c:\programdata\STOPzilla!\vdb\vb-007.vdb
c:\programdata\STOPzilla!\vdb\vb-008.vdb
c:\programdata\STOPzilla!\vdb\vb-009.vdb
c:\programdata\STOPzilla!\vdb\vb-010.vdb
c:\programdata\STOPzilla!\vdb\vb-011.vdb
c:\programdata\STOPzilla!\vdb\vb-012.vdb
c:\programdata\STOPzilla!\vdb\vb-013.vdb
c:\programdata\STOPzilla!\vdb\vb-014.vdb
c:\programdata\STOPzilla!\vdb\vb-015.vdb
c:\programdata\STOPzilla!\vdb\vb-016.vdb
c:\programdata\STOPzilla!\vdb\vb-017.vdb
c:\programdata\STOPzilla!\vdb\vb-018.vdb
c:\programdata\STOPzilla!\vdb\vb-019.vdb
c:\programdata\STOPzilla!\vdb\vb-020.vdb
c:\programdata\STOPzilla!\vdb\vb-021.vdb
c:\programdata\STOPzilla!\vdb\vb-022.vdb
c:\programdata\STOPzilla!\vdb\vb-023.vdb
c:\programdata\STOPzilla!\vdb\vb-024.vdb
c:\programdata\STOPzilla!\vdb\vb-025.vdb
c:\programdata\STOPzilla!\vdb\vb-026.vdb
c:\programdata\STOPzilla!\vdb\vb-027.vdb
c:\programdata\STOPzilla!\vdb\vb-028.vdb
c:\programdata\STOPzilla!\vdb\vb-029.vdb
c:\programdata\STOPzilla!\vdb\vb-030.vdb
c:\programdata\STOPzilla!\vdb\vb-031.vdb
c:\programdata\STOPzilla!\vdb\vb-032.vdb
c:\programdata\STOPzilla!\vdb\vb-033.vdb
c:\programdata\STOPzilla!\vdb\vb-034.vdb
c:\programdata\STOPzilla!\vdb\vb-035.vdb
c:\programdata\STOPzilla!\vdb\vb-036.vdb
c:\programdata\STOPzilla!\vdb\vb-037.vdb
c:\programdata\STOPzilla!\vdb\vb-038.vdb
c:\programdata\STOPzilla!\vdb\vb-039.vdb
c:\programdata\STOPzilla!\vdb\vb-040.vdb
c:\programdata\STOPzilla!\vdb\vb-041.vdb
c:\programdata\STOPzilla!\vdb\vb-042.vdb
c:\programdata\STOPzilla!\vdb\vb-043.vdb
c:\programdata\STOPzilla!\vdb\vb-044.vdb
c:\programdata\STOPzilla!\vdb\vb-045.vdb
c:\programdata\STOPzilla!\vdb\vb-046.vdb
c:\programdata\STOPzilla!\vdb\vb-047.vdb
c:\programdata\STOPzilla!\vdb\vb-048.vdb
c:\programdata\STOPzilla!\vdb\vb-049.vdb
c:\programdata\STOPzilla!\vdb\vb-050.vdb
c:\programdata\STOPzilla!\vdb\vb-051.vdb
c:\programdata\STOPzilla!\vdb\vb-052.vdb
c:\programdata\STOPzilla!\vdb\vb-053.vdb
c:\programdata\STOPzilla!\vdb\vb-054.vdb
c:\programdata\STOPzilla!\vdb\vb-055.vdb
c:\programdata\STOPzilla!\vdb\vb-056.vdb
c:\programdata\STOPzilla!\vdb\vb-057.vdb
c:\programdata\STOPzilla!\vdb\vb-058.vdb
c:\programdata\STOPzilla!\vdb\vb-059.vdb
c:\programdata\STOPzilla!\vdb\vb-060.vdb
c:\programdata\STOPzilla!\vdb\vb-061.vdb
c:\programdata\STOPzilla!\vdb\vb-062.vdb
c:\programdata\STOPzilla!\vdb\vb-063.vdb
c:\programdata\STOPzilla!\vdb\vb-064.vdb
c:\programdata\STOPzilla!\vdb\vb-065.vdb
c:\programdata\STOPzilla!\vdb\vb-066.vdb
c:\programdata\STOPzilla!\vdb\vb-067.vdb
c:\programdata\STOPzilla!\vdb\vb-068.vdb
c:\programdata\STOPzilla!\vdb\vb-069.vdb
c:\programdata\STOPzilla!\vdb\vb-070.vdb
c:\programdata\STOPzilla!\vdb\vb-071.vdb
c:\programdata\STOPzilla!\vdb\vb-072.vdb
c:\programdata\STOPzilla!\vdb\vb-073.vdb
c:\programdata\STOPzilla!\vdb\vb-074.vdb
c:\programdata\STOPzilla!\vdb\vb-075.vdb
c:\programdata\STOPzilla!\vdb\vb-076.vdb
c:\programdata\STOPzilla!\vdb\vb-077.vdb
c:\programdata\STOPzilla!\vdb\vb-078.vdb
c:\programdata\STOPzilla!\vdb\vb-079.vdb
c:\programdata\STOPzilla!\vdb\vb-080.vdb
c:\programdata\STOPzilla!\vdb\vb-081.vdb
c:\programdata\STOPzilla!\vdb\vb-082.vdb
c:\programdata\STOPzilla!\vdb\vb-083.vdb
c:\programdata\STOPzilla!\vdb\vb-084.vdb
c:\programdata\STOPzilla!\vdb\vb-085.vdb
c:\programdata\STOPzilla!\vdb\vbcorent.dll
c:\programdata\STOPzilla!\vdb\vdb.xml
c:\programdata\STOPzilla!\zilla5.log
c:\windows\system32\IS3Base5.dll
c:\windows\system32\IS3DBA5.dll
c:\windows\system32\IS3Hks5.dll
c:\windows\system32\IS3HTUI5.dll
c:\windows\system32\IS3Inet5.dll
c:\windows\system32\IS3Svc5.dll
c:\windows\system32\IS3UI5.dll
c:\windows\system32\IS3Win325.dll
c:\windows\system32\IS3XDat5.dll
c:\windows\system32\SZBase5.dll
c:\windows\system32\SZComp5.dll
c:\windows\system32\SZIO5.dll
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_SZKG5
-------\Legacy_SZKGFS
-------\Service_is3srv
-------\Service_szkg5
-------\Service_szkgfs
-------\Service_szserver
-------\Service_szserver
.
.
((((((((((((((((((((((((( Files Created from 2011-03-10 to 2011-04-10 )))))))))))))))))))))))))))))))
.
.
2011-04-10 18:21 . 2011-04-10 19:06 -------- d-----w- c:\users\Linda\AppData\Local\temp
2011-04-10 18:21 . 2011-04-10 18:21 -------- d-----w- c:\users\IUSR_NMPR\AppData\Local\temp
2011-04-09 23:14 . 2011-04-09 23:14 135032 ----a-w- c:\windows\system32\drivers\dwprot.sys
2011-04-09 21:49 . 2011-04-09 21:49 -------- d-----w- c:\program files\ESET
2011-04-09 20:23 . 2011-04-09 20:24 -------- d-----w- c:\users\Linda Second acct
2011-04-09 19:55 . 2011-04-09 19:55 71880 ----a-w- c:\windows\system32\PxSecure.dll
2011-04-09 19:55 . 2011-04-09 19:55 76696 ----a-w- c:\windows\system32\drivers\pxrts.sys
2011-04-09 19:55 . 2011-04-09 19:55 32008 ----a-w- c:\windows\system32\drivers\pxscan.sys
2011-04-09 19:55 . 2011-04-09 19:55 26096 ----a-w- c:\windows\system32\drivers\pxkbf.sys
2011-04-09 19:55 . 2011-04-09 19:55 -------- d-----w- c:\program files\Prevx
2011-04-09 19:55 . 2011-04-09 19:55 -------- d-----w- c:\programdata\PrevxCSI
2011-04-09 17:32 . 2011-04-09 20:54 -------- d-----w- C:\TDSSKiller_Quarantine
2011-04-09 16:59 . 2011-04-09 16:59 -------- d-----w- c:\programdata\Norton
2011-04-09 16:59 . 2011-04-09 16:59 -------- d-----w- c:\windows\system32\drivers\NSS
2011-04-09 16:59 . 2011-04-09 16:59 -------- d-----w- c:\program files\NortonInstaller
2011-03-29 18:34 . 2011-03-29 18:34 -------- d-----w- c:\program files\Audible
2011-03-29 16:49 . 2011-03-29 16:50 -------- d-----w- c:\program files\GridinSoft Trojan Killer
2011-03-29 16:33 . 2010-12-20 22:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-03-29 16:33 . 2011-04-09 17:30 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-03-29 16:33 . 2010-12-20 22:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-03-29 16:16 . 2011-03-29 16:18 -------- d-----w- c:\program files\Unlocker
2011-03-29 15:32 . 2011-03-29 15:32 -------- d-----w- c:\program files\iPod
2011-03-29 15:27 . 2011-03-29 15:27 -------- d-----w- c:\program files\Bonjour
2011-03-26 20:22 . 2011-03-26 20:23 -------- d-----w- c:\program files\Unit Conversion Tool
2011-03-26 02:23 . 2011-03-26 02:23 -------- d-----w- c:\program files\InstantEyedropper
2011-03-25 23:48 . 2011-03-25 23:48 4284416 ----a-w- c:\windows\system32\GPhotos.scr
2011-03-23 13:01 . 2011-03-23 13:01 -------- d-----w- c:\users\Linda\AppData\Roaming\Malwarebytes
2011-03-23 13:01 . 2011-03-23 13:01 -------- d-----w- c:\programdata\Malwarebytes
2011-03-23 08:14 . 2011-02-22 14:13 288768 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-03-23 08:14 . 2011-02-22 13:33 1068544 ----a-w- c:\windows\system32\DWrite.dll
2011-03-23 08:14 . 2011-02-22 13:33 797696 ----a-w- c:\windows\system32\FntCache.dll
2011-03-21 16:34 . 2011-03-21 16:35 -------- d-----w- c:\users\Linda\SureCutsAlot
2011-03-21 16:32 . 2011-03-21 16:32 -------- d-----w- c:\users\Linda\New Folder (3)
2011-03-21 16:32 . 2011-03-21 16:35 -------- d-----w- c:\users\Linda\New Folder (2)
2011-03-21 16:26 . 2011-03-21 16:37 -------- d-----w- c:\users\Linda\Tutorials Cricut SCAL Inkscape
2011-03-21 16:22 . 2011-03-21 16:23 -------- d-----w- c:\users\Linda\Photoshop Templates
2011-03-21 16:22 . 2011-03-21 16:22 -------- d-----w- c:\users\Linda\Photoshop Tutorials
2011-03-21 16:10 . 2011-03-21 16:49 -------- d-----w- c:\users\Linda\Color Matching
2011-03-18 19:47 . 2011-03-21 16:34 -------- d-----w- c:\users\Linda\Clip Art Collection
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-01-20 16:37 . 2011-02-09 20:52 638336 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2011-01-20 16:08 . 2011-02-09 20:52 478720 ----a-w- c:\windows\system32\dxgi.dll
2011-01-20 16:08 . 2011-02-09 20:52 219648 ----a-w- c:\windows\system32\d3d10_1core.dll
2011-01-20 16:08 . 2011-02-09 20:52 160768 ----a-w- c:\windows\system32\d3d10_1.dll
2011-01-20 16:08 . 2011-02-09 20:52 1029120 ----a-w- c:\windows\system32\d3d10.dll
2011-01-20 16:08 . 2011-02-09 20:52 189952 ----a-w- c:\windows\system32\d3d10core.dll
2011-01-20 16:07 . 2011-02-09 20:52 37376 ----a-w- c:\windows\system32\cdd.dll
2011-01-20 16:07 . 2011-02-09 20:52 258048 ----a-w- c:\windows\system32\winspool.drv
2011-01-20 16:07 . 2011-02-09 20:52 586240 ----a-w- c:\windows\system32\stobject.dll
2011-01-20 16:06 . 2011-02-09 20:52 2873344 ----a-w- c:\windows\system32\mf.dll
2011-01-20 16:06 . 2011-02-09 20:52 26112 ----a-w- c:\windows\system32\printfilterpipelineprxy.dll
2011-01-20 16:04 . 2011-02-09 20:52 209920 ----a-w- c:\windows\system32\mfplat.dll
2011-01-20 16:04 . 2011-02-09 20:52 98816 ----a-w- c:\windows\system32\mfps.dll
2011-01-20 14:28 . 2011-02-09 20:52 1554432 ----a-w- c:\windows\system32\xpsservices.dll
2011-01-20 14:27 . 2011-02-09 20:52 876032 ----a-w- c:\windows\system32\XpsPrint.dll
2011-01-20 14:26 . 2011-02-09 20:52 667648 ----a-w- c:\windows\system32\printfilterpipelinesvc.exe
2011-01-20 14:25 . 2011-02-09 20:52 847360 ----a-w- c:\windows\system32\OpcServices.dll
2011-01-20 14:24 . 2011-02-09 20:52 135680 ----a-w- c:\windows\system32\XpsRasterService.dll
2011-01-20 14:15 . 2011-02-09 20:52 979456 ----a-w- c:\windows\system32\MFH264Dec.dll
2011-01-20 14:14 . 2011-02-09 20:52 357376 ----a-w- c:\windows\system32\MFHEAACdec.dll
2011-01-20 14:14 . 2011-02-09 20:52 261632 ----a-w- c:\windows\system32\mfreadwrite.dll
2011-01-20 14:14 . 2011-02-09 20:52 302592 ----a-w- c:\windows\system32\mfmp4src.dll
2011-01-20 14:12 . 2011-02-09 20:52 1172480 ----a-w- c:\windows\system32\d3d10warp.dll
2011-01-20 14:11 . 2011-02-09 20:52 486400 ----a-w- c:\windows\system32\d3d10level9.dll
2011-01-20 13:47 . 2011-02-09 20:52 683008 ----a-w- c:\windows\system32\d2d1.dll
2006-08-04 16:00 . 2007-08-29 19:13 55296 ----a-w- c:\program files\CoreMultimediaRC.dll
2006-08-04 16:00 . 2007-08-29 19:10 178688 ----a-w- c:\program files\CoreMultimedia.dll
2007-07-25 02:26 . 2007-07-25 02:26 135680 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2007-03-15 460784]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-08-17 68856]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2006-09-29 151552]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-07-11 90112]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-07-25 1836544]
"ECenter"="c:\dell\E-Center\EULALauncher.exe" [2006-11-17 17920]
"VolPanel"="c:\program files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" [2006-07-28 122880]
"P17Helper"="SPIRun.dll" [2006-07-03 10752]
"MagicTuneEngine"="c:\program files\MagicTune Premium\MagicTuneEngine.exe" [2007-04-18 69632]
"MagicRotation"="c:\program files\MagicRotation\MagicPvt.exe" [2007-02-13 2543738]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-10-09 16384]
"CCUTRAYICON"="c:\program files\Intel\IntelDH\CCU\CCU_TrayIcon.exe" [2006-11-18 182744]
"NMSSupport"="c:\program files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe" [2006-09-26 423424]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2008-08-14 565008]
"LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam\Quickcam.exe" [2008-08-14 2407184]
"SigmatelSysTrayApp"="sttray.exe" [2007-02-08 303104]
"P17RunE"="P17RunE.dll" [2008-03-28 14848]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"TkBellExe"="c:\program files\Real\RealPlayer\Update\realsched.exe" [2011-01-07 274608]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-03-07 421160]
"UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2010-07-04 17408]
.
c:\users\Linda\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Evernote Clipper.lnk - c:\users\Linda\AppData\Local\Apps\Evernote\Evernote\EvernoteClipper.exe [2011-1-25 964096]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2008-1-26 113664]
Audible Download Manager.lnk - c:\program files\Audible\Bin\AudibleDownloadHelper.exe [2011-3-14 2125472]
Conversion to PDF with ScanSnap Organizer.lnk - c:\program files\PFU\ScanSnap\Organizer\PfuSsOrgOcrChk.exe [2010-12-25 15360]
GammaTray.lnk - c:\program files\MagicTune Premium\GammaTray.exe [2007-5-3 36864]
NCProTray.lnk - c:\program files\SEC\Natural Color Pro\NCProTray.exe [2007-5-4 49220]
ScanSnap Manager.lnk - c:\program files\PFU\ScanSnap\Driver\PfuSsMon.exe [2010-12-25 1146880]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"DisableStartupSound"= 1 (0x1)
"DisableStatusMessages"= 1 (0x1)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"HideSCANetwork"= 1 (0x1)
"HideSCABattery"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ c:\progra~1\AVG\AVG10\avgchsvx.exe /sync\0c:\progra~1\AVG\AVG10\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-29 22:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 CSIScanner;CSIScanner;c:\program files\Prevx\prevx.exe [2011-04-09 6416120]
R2 gupdate1c98677e192bc10;Google Update Service (gupdate1c98677e192bc10);c:\program files\Google\Update\GoogleUpdate.exe [2009-02-04 133104]
R3 CFcatchme;CFcatchme;c:\users\Linda\AppData\Local\Temp\CFcatchme.sys [x]
R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2009-12-09 79360]
R3 PCPitstop Scheduling;PCPitstop Scheduling;c:\program files\PCPitstop\PCPitstopScheduleService.exe [2008-10-21 77312]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S0 DwProt;DrWeb Protection;c:\windows\system32\drivers\dwprot.sys [2011-04-09 135032]
S0 pxscan;pxscan;c:\windows\System32\drivers\pxscan.sys [2011-04-09 32008]
S1 magicpvt;magicpvt;c:\windows\system32\drivers\magicpvt.sys [2006-12-04 26240]
S1 pxrts;pxrts;c:\windows\system32\drivers\pxrts.sys [2011-04-09 76696]
S2 DQLWinService;DQLWinService;c:\program files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe [2006-10-29 208896]
S2 nmsgopro;GoProto Protocol Driver for NMS;c:\windows\system32\DRIVERS\nmsgopro.sys [2006-09-27 28672]
S2 nmsunidr;UniDriver for NMS;c:\windows\system32\DRIVERS\nmsunidr.sys [2006-10-19 7424]
S3 IntelDH;IntelDH Driver;c:\windows\system32\Drivers\IntelDH.sys [2007-11-04 5504]
S3 pxkbf;pxkbf;c:\windows\system32\drivers\pxkbf.sys [2011-04-09 26096]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder
.
2011-04-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-04 03:22]
.
2011-04-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-04 03:22]
.
2011-04-09 c:\windows\Tasks\Norton Security Scan for Linda.job
- c:\program files\Norton Security Scan\Norton Security Scan\Engine\2.3.0.44\Nss.exe [2011-04-09 16:59]
.
2011-04-10 c:\windows\Tasks\User_Feed_Synchronization-{4C29CA7D-8553-4DCE-9858-CDE90F1731CA}.job
- c:\windows\system32\msfeedssync.exe [2008-09-19 07:33]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.wwlp.com/
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Evernote 4.0 - c:\users\Linda\AppData\Local\Apps\Evernote\Evernote\EvernoteIE.dll/204
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
Trusted Zone: pcpitstop.com\www
DPF: {26B2A5DA-BFD6-422F-A89A-28A54C74B12B} - hxxp://www.costcophotocenter.com/upload ... ontrol.cab
FF - ProfilePath - c:\users\Linda\AppData\Roaming\Mozilla\Firefox\Profiles\xnbvhim8.default\
FF - prefs.js: browser.startup.homepage - hxxp://mail.google.com/mail/?auth=DQAAA ... gle.com/ig
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Ext: StumbleUpon: {AE93811A-5C9A-4d34-8462-F7B864FC4696} - %profile%\extensions\{AE93811A-5C9A-4d34-8462-F7B864FC4696}
FF - Ext: Google Toolbar for Firefox: {3112ca9c-de6d-4884-a869-9855de68056c} - %profile%\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
FF - Ext: Move Media Player: moveplayer@movenetworks.com - %profile%\extensions\moveplayer@movenetworks.com
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Amazon Toolbar: amznUWL@amazon.com - %profile%\extensions\amznUWL@amazon.com
FF - Ext: InvisibleHand: canitbecheaper@trafficbroker.co.uk - %profile%\extensions\canitbecheaper@trafficbroker.co.uk
FF - Ext: Amazon Button: AmazonHotStuff@wangtom.com - %profile%\extensions\AmazonHotStuff@wangtom.com
FF - Ext: Dynamite Deals: ddfirefox@dynamitedata - %profile%\extensions\ddfirefox@dynamitedata
FF - Ext: BetterPrivacy: {d40f5e7b-d2cf-4856-b441-cc613eeffbe3} - %profile%\extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}
FF - Ext: deskCut: {9125C9CB-BE2B-4389-A0C7-46A4BDD46AEA} - %profile%\extensions\{9125C9CB-BE2B-4389-A0C7-46A4BDD46AEA}
FF - Ext: Email This! Bookmarklet Extension: gmailthis@lazyrussian.com - %profile%\extensions\gmailthis@lazyrussian.com
FF - Ext: SortPlaces: sortplaces@andyhalford.com - %profile%\extensions\sortplaces@andyhalford.com
FF - Ext: Add to Amazon Wish List Button: amznUWL2@amazon.com - %profile%\extensions\amznUWL2@amazon.com
FF - Ext: RetailMeNot: enquiries@retailmenot.com - %profile%\extensions\enquiries@retailmenot.com
FF - Ext: ColorZilla: {6AC85730-7D0F-4de0-B3FA-21142DD85326} - %profile%\extensions\{6AC85730-7D0F-4de0-B3FA-21142DD85326}
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-04-10 15:06
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
P17Helper = Rundll32 SPIRun.dll,RunDLLEntry?
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(4872)
c:\program files\Roxio\Drag-to-Disc\Shellex.dll
c:\windows\system32\DLAAPI_W.DLL
c:\program files\Roxio\Drag-to-Disc\ShellRes.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\program files\Creative\Shared Files\CTAudSvc.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Intel\IntelDH\CCU\AlertService.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
c:\program files\Dell Support Center\bin\sprtsvc.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe
c:\program files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe
c:\program files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe
c:\program files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
c:\program files\ATI Technologies\ATI.ACE\CLI.EXE
c:\windows\System32\rundll32.exe
c:\windows\sttray.exe
c:\windows\System32\rundll32.exe
c:\program files\Intel\IntelDH\CCU\CCU_Engine.exe
c:\windows\ehome\ehmsas.exe
c:\program files\Common Files\Logishrd\LQCVFX\COCIManager.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2011-04-10 15:09:02 - machine was rebooted
ComboFix-quarantined-files.txt 2011-04-10 19:08
ComboFix2.txt 2011-04-10 00:32
.
Pre-Run: 143,581,425,664 bytes free
Post-Run: 143,400,693,760 bytes free
.
- - End Of File - - C98ECCA6AC16C3522E9DB802340EABD6

by **12056** » Sun Apr 10, 2011 8:15 pm

Are things improving?

Yes, your new log confirms the removal of the rouges....
Have you noticed any improvements?

You should now be able to Update and Scan with MalwareBytes, Please do so!
Remove any infections it finds, and post the log file for review...

by **lchapman** » Mon Apr 11, 2011 12:54 am

MalwareBytes did a quick scan and no viruses were detected...should I run a full scan or just trust that all the cooties are gone?

by **12056** » Mon Apr 11, 2011 1:33 am

Your log look much better, and I do trust MalwareBytes (A lot!)

Let's Un-Install Combofix:
1. Click Start, Run
2. Type:

Code: Select all: Combofix.exe /Uninstall

3. Click OK
4. Wait for success confirmation pop-up and click OK.

Just as a final check...
Download Dr. Web's CureIT from here.
1. Run it
2. When prompted about entering "Emergency Mode" click "NO".
3. Allow it to run an "Express Scan".
4. If it finds anything, let it take care of it automatically (generally "Cure").
5. Post the log file for review (if infection(s) are found). Note: Log file location can be found in Preferences.

by **lchapman** » Mon Apr 11, 2011 11:23 am

I didn't see your last post sorry...I ran a full scan and it found 3 infections which I quarantined...here's the log file:

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6327

Windows 6.0.6002 Service Pack 2
Internet Explorer 7.0.6002.18005

4/11/2011 7:09:17 AM
mbam-log-2011-04-11 (07-09-17).txt

Scan type: Full scan (C:\|D:\|)
Objects scanned: 340000
Time elapsed: 59 minute(s), 50 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 3

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\Qoobox\quarantine\C\Windows\System32\drivers\rkhit.sys.vir (Trojan.Agent) -> Quarantined and deleted successfully.
c:\tdsskiller_quarantine\09.04.2011_13.31.20\susp0000\svc0000\tsk0000.dta (Trojan.Agent) -> Quarantined and deleted successfully.
c:\tdsskiller_quarantine\09.04.2011_16.53.43\susp0000\svc0000\tsk0000.dta (Trojan.Agent) -> Quarantined and deleted successfully.

Should i go ahead and follow your last post?
Whats Qoobox? And isn't tdsskiller what I used to get rid of an infection?

Linda

by **12056** » Mon Apr 11, 2011 3:08 pm

lchapman wrote:
Files Infected:
c:\Qoobox\quarantine\C\Windows\System32\drivers\rkhit.sys.vir (Trojan.Agent) -> Quarantined and deleted successfully.
c:\tdsskiller_quarantine\09.04.2011_13.31.20\susp0000\svc0000\tsk0000.dta (Trojan.Agent) -> Quarantined and deleted successfully.
c:\tdsskiller_quarantine\09.04.2011_16.53.43\susp0000\svc0000\tsk0000.dta (Trojan.Agent) -> Quarantined and deleted successfully.

Should i go ahead and follow your last post?
Whats Qoobox? And isn't tdsskiller what I used to get rid of an infection?

Linda

Yes, QooBox is Combofix's Quarantine, and MalwareBytes also detected the infected files quarantined by TDSSKiller, no new active infections!

How's your computer running?

by **lchapman** » Mon Apr 11, 2011 8:57 pm

The computer seems to be running fine...should I go ahead and do what you mentioned in your last post to me?

Just as a final check...
Download Dr. Web's CureIT from here.
1. Run it
2. When prompted about entering "Emergency Mode" click "NO".
3. Allow it to run an "Express Scan".
4. If it finds anything, let it take care of it automatically (generally "Cure").
5. Post the log file for review (if infection(s) are found). Note: Log file location can be found in Preferences.

Linda

by **12056** » Mon Apr 11, 2011 10:07 pm

I would, if I was you... especially if you use the computer for online banking, etc!

by **lchapman** » Tue Apr 12, 2011 10:34 am

No further infections came up with Dr WEB Cureit and I uninstalled ComboFix...should I uninstall Cureit?

Linda

by **12056** » Tue Apr 12, 2011 1:20 pm

CureIT doesn't install, but you can delete it, if you would like...

As it appears this problem has been resovled, I've unsubscribed and locked this topic.
If you need further assistance, PM me and I'll return!

My Anti Spyware

Malwarebytes, Hijack This stop scanning

Malwarebytes, Hijack This stop scanning

Re: Malwarebytes, Hijack This stop scanning

Re: Malwarebytes, Hijack This stop scanning

Re: Malwarebytes, Hijack This stop scanning

Re: Malwarebytes, Hijack This stop scanning

Re: Malwarebytes, Hijack This stop scanning

Re: Malwarebytes, Hijack This stop scanning

Re: Malwarebytes, Hijack This stop scanning

Re: Malwarebytes, Hijack This stop scanning

Re: Malwarebytes, Hijack This stop scanning

Re: Malwarebytes, Hijack This stop scanning

Re: Malwarebytes, Hijack This stop scanning

Re: Malwarebytes, Hijack This stop scanning

Re: Malwarebytes, Hijack This stop scanning

Who is online