1. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

Inactive check log for virus

Discussion in 'Malware and Virus Removal Archive' started by deester, 2010/07/11.

  1. 2010/07/11
    deester

    deester Inactive Alumni Thread Starter

    Joined:
    2008/07/08
    Messages:
    633
    Likes Received:
    0
    [Inactive] check log for virus

    I sent a friend an email and she emailed me that it contained a virus according to Norton that could not be removed. I scanned my laptop with Malwarebytes and Spybot and my computer is clean. Please check the DDS logs DS (Ver_10-03-17.01) - NTFSX64
    Run by Dee Stone at 17:59:37.37 on Sun 07/11/2010
    Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_20
    Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3933.2210 [GMT -4:00]

    SP: Spybot - Search and Destroy *enabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}

    ============== Running Processes ===============

    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    c:\Program Files\Microsoft Security Essentials\MsMpEng.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\STacSV64.exe
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Program Files\Dell\DellDock\DockLogin.exe
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files (x86)\Common Files\AOL\ACS\AOLAcsd.exe
    c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
    C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe
    C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe
    C:\Program Files (x86)\LogMeIn\x64\LMIGuardian.exe
    C:\Windows\system32\lxdqcoms.exe
    C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Windows\Explorer.EXE
    C:\Windows\system32\svchost.exe -k bthsvcs
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\IDT\WDM\sttray64.exe
    C:\Windows\System32\igfxtray.exe
    C:\Windows\System32\igfxpers.exe
    C:\Program Files\Microsoft Security Essentials\msseces.exe
    C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe
    C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe
    C:\Windows\system32\igfxsrvc.exe
    C:\Program Files (x86)\LogMeIn\x64\LMIGuardian.exe
    C:\Program Files (x86)\Gadwin Systems\PrintScreenPro\PrintScreenPro.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
    C:\Windows\splwow64.exe
    C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    C:\Program Files (x86)\SiteRanker\SiteRankTray.exe
    c:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
    C:\Windows\system32\SearchIndexer.exe
    c:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\System32\svchost.exe -k LocalServicePeerNet
    C:\Program Files (x86)\Common Files\aol\1266531263\ee\aolsoftware.exe
    C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe
    C:\Program Files (x86)\RealArcade\Installer\bin\gamewrapper.exe
    C:\Windows\system32\taskhost.exe
    C:\Program Files (x86)\AOL 9.1\waol.exe
    C:\Program Files (x86)\AOL 9.1\shellmon.exe
    C:\Program Files (x86)\Common Files\AOL\Topspeed\3.0\aoltpsd3.exe
    C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Users\Dee Stone\Downloads\dds(3).scr
    C:\Windows\system32\conhost.exe
    C:\Windows\system32\wbem\wmiprvse.exe

    ============== Pseudo HJT Report ===============

    uSearch Page = hxxp://www.google.com
    uStart Page = hxxp://www.inbox.com/homepage.aspx?tbid=80091&lng=en
    uSearch Bar = hxxp://inboxtoolbar.com/search/dispatcher.aspx?tp=aus&qkw=%s&tbid=%tb_id&%language
    mLocal Page = c:\windows\syswow64\blank.htm
    uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
    mSearchAssistant = hxxp://inboxtoolbar.com/search/ie.aspx?tbid=80091
    mCustomizeSearch = hxxp://inboxtoolbar.com/help/sa_customize.aspx?tbid=80091
    uURLSearchHooks: H - No File
    BHO: : {11bf46c6-b3de-48bd-bf70-3ad85cab80b5} - c:\progra~2\sitera~1\SiteRank.dll
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files (x86)\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: {27B4851A-3207-45A2-B947-BE8AFE6163AB} - No File
    BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files (x86)\spybot - search & destroy\SDHelper.dll
    BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
    BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files (x86)\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
    BHO: RoboForm: {724d43a9-0d85-11d4-9908-00400523e39a} - c:\program files (x86)\siber systems\ai roboform\roboform.dll
    BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files (x86)\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files (x86)\google\googletoolbarnotifier\5.2.4204.1700\swg.dll
    BHO: WOT Helper: {c920e44a-7f78-4e64-bdd7-a57026e7feb7} - c:\program files (x86)\wot\WOT.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files (x86)\java\jre6\bin\jp2ssv.dll
    BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files (x86)\windows live\toolbar\wltcore.dll
    TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files (x86)\windows live\toolbar\wltcore.dll
    TB: WOT: {71576546-354d-41c9-aae8-31f2ec22bf0d} - c:\program files (x86)\wot\WOT.dll
    TB: &RoboForm: {724d43a0-0d85-11d4-9908-00400523e39a} - c:\program files (x86)\siber systems\ai roboform\roboform.dll
    TB: {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - No File
    uRun: [AOL Fast Start] "c:\program files (x86)\aol 9.1\AOL.EXE" -b
    uRun: [RoboForm] "c:\program files (x86)\siber systems\ai roboform\RoboTaskBarIcon.exe "
    uRun: [Gadwin PrintScreen Pro] c:\program files (x86)\gadwin systems\printscreenpro\PrintScreenPro.exe /nosplash
    uRun: [SpybotSD TeaTimer] c:\program files (x86)\spybot - search & destroy\TeaTimer.exe
    mRun: [DellSupportCenter] "c:\program files (x86)\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
    mRun: [SunJavaUpdateSched] "c:\program files (x86)\common files\java\java update\jusched.exe "
    mRun: [SiteRanker] "c:\program files (x86)\siteranker\SiteRankTray.exe "
    StartupFolder: c:\progra~3\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
    mPolicies-explorer: NoActiveDesktop = 1 (0x1)
    mPolicies-explorer: ForceActiveDesktopOn = 0 (0x0)
    mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: Customize Menu - file://c:\program files (x86)\siber systems\ai roboform\RoboFormComCustomizeIEMenu.html
    IE: Fill Forms - file://c:\program files (x86)\siber systems\ai roboform\RoboFormComFillForms.html
    IE: RoboForm Toolbar - file://c:\program files (x86)\siber systems\ai roboform\RoboFormComShowToolbar.html
    IE: Save Forms - file://c:\program files (x86)\siber systems\ai roboform\RoboFormComSavePass.html
    IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - c:\program files (x86)\siber systems\ai roboform\RoboFormComFillForms.html
    IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - c:\program files (x86)\siber systems\ai roboform\RoboFormComSavePass.html
    IE: {724d43aa-0d85-11d4-9908-00400523e39a} - c:\program files (x86)\siber systems\ai roboform\RoboFormComShowToolbar.html
    IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files (x86)\windows live\writer\WriterBrowserExtension.dll
    IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files (x86)\spybot - search & destroy\SDHelper.dll
    DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} - file:///C:/Program%20Files%20(x86)/Jigsaw%20Puzzle%20Platinum%202/Images/stg_drm.ocx
    DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/en-us/wlscctrl2.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
    DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} - file:///C:/Program%20Files%20(x86)/Jigsaw%20Puzzle%20Platinum%202/Images/armhelper.ocx
    Handler: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - c:\program files (x86)\cozi express\CoziProtocolHandler.dll
    Handler: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - c:\program files (x86)\wot\WOT.dll
    AppInit_DLLs: c:\progra~2\google\google~2\go36f4~1.dll c:\progra~2\google\google~1\GO36F4~1.DLL
    BHO-X64: {27B4851A-3207-45A2-B947-BE8AFE6163AB} - No File
    BHO-X64: McAfee Phishing Filter - No File
    BHO-X64: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - c:\program files\google\googletoolbarnotifier\5.2.4204.1700\swg64.dll
    BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll
    TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
    TB-X64: {71576546-354D-41C9-AAE8-31F2EC22BF0D} - No File
    TB-X64: {724D43A0-0D85-11D4-9908-00400523E39A} - No File
    TB-X64: {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - No File
    mRun-x64: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
    mRun-x64: [SysTrayApp] c:\program files\idt\wdm\sttray64.exe
    mRun-x64: [IgfxTray] c:\windows\system32\igfxtray.exe
    mRun-x64: [HotKeysCmds] c:\windows\system32\hkcmd.exe
    mRun-x64: [Persistence] c:\windows\system32\igfxpers.exe
    mRun-x64: [MSSE] "c:\program files\microsoft security essentials\msseces.exe" -hide -runkey
    mRun-x64: [LogMeIn GUI] "c:\program files (x86)\logmein\x64\LogMeInSystray.exe "
    IE-X64: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
    Hosts: 127.0.0.1 www.spywareinfo.com

    ================= FIREFOX ===================

    FF - ProfilePath - c:\users\deesto~1\appdata\roaming\mozilla\firefox\profiles\7isqs9l7.default\
    FF - prefs.js: browser.search.selectedEngine -
    FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT2024616&SearchSource=13
    FF - prefs.js: keyword.URL - hxxp://www.crawler.com/search/dispatcher.aspx?tp=aus&tbid=60471&qkw=
    FF - component: c:\program files (x86)\siber systems\ai roboform\firefox\components\rfproxy_31.dll
    FF - component: c:\program files (x86)\siteranker\firefox\components\siterank.dll
    FF - plugin: c:\program files (x86)\google\google updater\2.4.1851.5542\npCIDetect14.dll
    FF - plugin: c:\program files (x86)\google\update\1.2.183.29\npGoogleOneClick8.dll
    FF - plugin: c:\program files (x86)\mozilla firefox\plugins\npdeployJava1.dll
    FF - plugin: c:\program files (x86)\mozilla firefox\plugins\npunagi2.dll
    FF - plugin: c:\program files (x86)\viewpoint\viewpoint experience technology\npViewpoint.dll
    FF - plugin: c:\program files (x86)\windows live\photo gallery\NPWLPG.dll
    FF - plugin: c:\programdata\zylom\zylomgamesplayer\npzylomgamesplayer.dll
    FF - HiddenExtension: Java Console: No Registry Reference - c:\program files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}
    FF - HiddenExtension: Java Console: No Registry Reference - c:\program files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

    ---- FIREFOX POLICIES ----
    FF - user.js: yahoo.homepage.dontask - true

    FF - user.js: security.enable_ssl3 - true
    FF - user.js: security.enable_tls - truec:\program files (x86)\mozilla firefox\greprefs\all.js - pref( "ui.use_native_colors ", true);
    c:\program files (x86)\mozilla firefox\greprefs\all.js - pref( "ui.use_native_popup_windows ", false);
    c:\program files (x86)\mozilla firefox\greprefs\all.js - pref( "browser.enable_click_image_resizing ", true);
    c:\program files (x86)\mozilla firefox\greprefs\all.js - pref( "accessibility.browsewithcaret_shortcut.enabled ", true);
    c:\program files (x86)\mozilla firefox\greprefs\all.js - pref( "javascript.options.mem.high_water_mark ", 32);
    c:\program files (x86)\mozilla firefox\greprefs\all.js - pref( "javascript.options.mem.gc_frequency ", 1600);
    c:\program files (x86)\mozilla firefox\greprefs\all.js - pref( "network.auth.force-generic-ntlm ", false);
    c:\program files (x86)\mozilla firefox\greprefs\all.js - pref( "svg.smil.enabled ", false);
    c:\program files (x86)\mozilla firefox\greprefs\all.js - pref( "ui.trackpoint_hack.enabled ", -1);
    c:\program files (x86)\mozilla firefox\greprefs\all.js - pref( "browser.formfill.debug ", false);
    c:\program files (x86)\mozilla firefox\greprefs\all.js - pref( "browser.formfill.agedWeight ", 2);
    c:\program files (x86)\mozilla firefox\greprefs\all.js - pref( "browser.formfill.bucketSize ", 1);
    c:\program files (x86)\mozilla firefox\greprefs\all.js - pref( "browser.formfill.maxTimeGroupings ", 25);
    c:\program files (x86)\mozilla firefox\greprefs\all.js - pref( "browser.formfill.timeGroupingSize ", 604800);
    c:\program files (x86)\mozilla firefox\greprefs\all.js - pref( "browser.formfill.boundaryWeight ", 25);
    c:\program files (x86)\mozilla firefox\greprefs\all.js - pref( "browser.formfill.prefixWeight ", 5);
    c:\program files (x86)\mozilla firefox\greprefs\all.js - pref( "html5.enable ", false);
    c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref( "security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref ", true);
    c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref( "security.ssl.renego_unrestricted_hosts ", " ");
    c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref( "security.ssl.treat_unsafe_negotiation_as_broken ", false);
    c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref( "security.ssl.require_safe_negotiation ", false);
    c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref( "security.ssl3.rsa_seed_sha ", true);
    c:\program files (x86)\mozilla firefox\defaults\pref\firefox-branding.js - pref( "app.update.download.backgroundInterval ", 600);
    c:\program files (x86)\mozilla firefox\defaults\pref\firefox-branding.js - pref( "app.update.url.manual ", "http://www.firefox.com ");
    c:\program files (x86)\mozilla firefox\defaults\pref\firefox-branding.js - pref( "browser.search.param.yahoo-fr-ja ", "mozff ");
    c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref( "extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name ", "chrome://browser/locale/browser.properties ");
    c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref( "extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description ", "chrome://browser/locale/browser.properties ");
    c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref( "xpinstall.whitelist.add ", "addons.mozilla.org ");
    c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref( "xpinstall.whitelist.add.36 ", "getpersonas.com ");
    c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref( "lightweightThemes.update.enabled ", true);
    c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref( "browser.allTabs.previews ", false);
    c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref( "plugins.hide_infobar_for_outdated_plugin ", false);
    c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref( "plugins.update.notifyUser ", false);
    c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref( "toolbar.customization.usesheet ", false);
    c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref( "browser.taskbar.previews.enable ", false);
    c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref( "browser.taskbar.previews.max ", 20);
    c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref( "browser.taskbar.previews.cachetime ", 20);

    ============= SERVICES / DRIVERS ===============

    R0 PxHlpa64;PxHlpa64;c:\windows\system32\drivers\PxHlpa64.sys [2010-2-12 55280]
    R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2009-12-2 173984]
    R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 59904]
    R2 DockLoginService;Dock Login Service;c:\program files\dell\delldock\DockLogin.exe [2009-6-9 155648]
    R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files (x86)\logmein\x64\rainfo.sys [2008-8-11 15928]
    R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2010-5-18 72216]
    R2 lxdq_device;lxdq_device;c:\windows\system32\lxdqcoms.exe -service --> c:\windows\system32\lxdqcoms.exe -service [?]
    R2 SftService;SoftThinks Agent Service;c:\program files (x86)\dell datasafe local backup\SftService.exe [2010-2-12 656624]
    R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\drivers\btwl2cap.sys [2010-2-12 35104]
    R3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\drivers\CtClsFlt.sys [2010-2-12 172704]
    R3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\k57nd60a.sys [2009-6-10 270848]
    R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\drivers\MpNWMon.sys [2009-12-2 40832]
    R3 NETw5s64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\drivers\NETw5s64.sys [2010-1-25 7675392]
    R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\drivers\vwifimp.sys [2009-7-13 17920]
    S2 gupdate;Google Update Service (gupdate);c:\program files (x86)\google\update\GoogleUpdate.exe [2010-6-7 136176]
    S2 lxdqCATSCustConnectService;lxdqCATSCustConnectService;c:\windows\system32\spool\drivers\x64\3\lxdqserv.exe [2009-4-28 29184]
    S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\spybot - search & destroy\SDWinSec.exe [2010-7-11 1153368]
    S3 GoogleDesktopManager-110309-193829;Google Desktop Manager 5.9.911.3589;c:\program files (x86)\google\google desktop search\GoogleDesktop.exe [2010-2-21 30192]
    S3 WatAdminSvc;Windows Activation Technologies Service; [x]

    =============== Created Last 30 ================

    2010-07-11 14:47:06 0 d-----w- c:\users\deesto~1\appdata\roaming\TikisLab
    2010-07-11 11:34:32 0 d-----w- c:\users\deesto~1\appdata\roaming\KranX Productions
    2010-07-08 18:51:45 65536 --sha-w- c:\users\dee stone\ntuser.dat{c8f0f029-8abf-11df-a048-00038a000015}.TM.blf
    2010-07-08 18:51:45 524288 --sha-w- c:\users\dee stone\ntuser.dat{c8f0f029-8abf-11df-a048-00038a000015}.TMContainer00000000000000000002.regtrans-ms
    2010-07-08 18:51:45 524288 --sha-w- c:\users\dee stone\ntuser.dat{c8f0f029-8abf-11df-a048-00038a000015}.TMContainer00000000000000000001.regtrans-ms
    2010-07-08 03:02:16 0 d-----w- c:\program files (x86)\Gadwin Systems
    2010-07-08 00:36:06 0 d-----w- c:\programdata\GamePlastic
    2010-07-07 11:13:00 0 d-----w- c:\programdata\ESTsoft
    2010-07-07 11:12:54 0 d-----w- c:\users\deesto~1\appdata\roaming\ESTsoft
    2010-07-07 11:12:54 0 d-----w- c:\program files (x86)\ESTsoft
    2010-07-06 12:16:25 0 d-----w- c:\users\deesto~1\appdata\roaming\PoBros
    2010-07-06 12:16:25 0 d-----w- c:\programdata\PoBros
    2010-07-06 09:18:46 10 ----a-w- c:\windows\popcinfo.dat
    2010-07-05 15:04:50 0 d-----w- c:\programdata\BC Soft Games
    2010-07-04 20:35:58 0 d-----w- c:\users\deesto~1\appdata\roaming\Mutant Arcade
    2010-07-04 20:35:56 466456 ----a-w- c:\windows\system32\wrap_oal.dll
    2010-07-04 20:35:55 444952 ----a-w- c:\windows\syswow64\wrap_oal.dll
    2010-07-04 20:35:55 122904 ----a-w- c:\windows\system32\OpenAL32.dll
    2010-07-04 20:35:55 109080 ----a-w- c:\windows\syswow64\OpenAL32.dll
    2010-07-04 20:35:55 0 d-----w- c:\program files (x86)\OpenAL
    2010-07-02 23:13:34 65536 --sha-w- c:\users\dee stone\ntuser.dat{d9204fb2-8627-11df-a3ed-00038a000015}.TM.blf
    2010-07-02 23:13:34 524288 --sha-w- c:\users\dee stone\ntuser.dat{d9204fb2-8627-11df-a3ed-00038a000015}.TMContainer00000000000000000002.regtrans-ms
    2010-07-02 23:13:34 524288 --sha-w- c:\users\dee stone\ntuser.dat{d9204fb2-8627-11df-a3ed-00038a000015}.TMContainer00000000000000000001.regtrans-ms
    2010-07-02 02:32:23 0 d-----w- c:\program files (x86)\LeeGT-Games
    2010-07-02 02:31:40 0 d-----w- c:\users\deesto~1\appdata\roaming\LeeGT-Games
    2010-06-30 22:22:31 65536 --sha-w- c:\users\dee stone\ntuser.dat{ce34b646-8493-11df-a8c4-00038a000015}.TM.blf
    2010-06-30 22:22:31 524288 --sha-w- c:\users\dee stone\ntuser.dat{ce34b646-8493-11df-a8c4-00038a000015}.TMContainer00000000000000000002.regtrans-ms
    2010-06-30 22:22:31 524288 --sha-w- c:\users\dee stone\ntuser.dat{ce34b646-8493-11df-a8c4-00038a000015}.TMContainer00000000000000000001.regtrans-ms
    2010-06-29 10:58:31 0 d-----w- c:\users\deesto~1\appdata\roaming\TeleportGamesLtd
    2010-06-29 10:58:31 0 d-----w- c:\programdata\TeleportGamesLtd
    2010-06-29 07:01:02 0 d-----w- c:\program files (x86)\Microsoft Antimalware
    2010-06-27 15:26:02 0 d-----w- c:\users\deesto~1\appdata\roaming\Mariaglorum
    2010-06-27 03:17:09 0 d-----w- c:\users\deesto~1\appdata\roaming\A Gypsy's Tale - The Tower of Secrets
    2010-06-26 20:47:11 0 d-----w- c:\programdata\MumboJumbo
    2010-06-25 21:36:39 99176 ----a-w- c:\windows\syswow64\PresentationHostProxy.dll
    2010-06-25 21:36:39 49472 ----a-w- c:\windows\syswow64\netfxperf.dll
    2010-06-25 21:36:39 297808 ----a-w- c:\windows\syswow64\mscoree.dll
    2010-06-25 21:36:39 295264 ----a-w- c:\windows\syswow64\PresentationHost.exe
    2010-06-25 21:36:39 1130824 ----a-w- c:\windows\syswow64\dfshim.dll
    2010-06-25 21:36:38 48960 ----a-w- c:\windows\system32\netfxperf.dll
    2010-06-25 21:36:38 444752 ----a-w- c:\windows\system32\mscoree.dll
    2010-06-25 21:36:38 320352 ----a-w- c:\windows\system32\PresentationHost.exe
    2010-06-25 21:36:38 1942856 ----a-w- c:\windows\system32\dfshim.dll
    2010-06-25 21:36:38 109912 ----a-w- c:\windows\system32\PresentationHostProxy.dll
    2010-06-25 17:23:46 1736608 ----a-w- c:\windows\system32\ntdll.dll
    2010-06-25 17:23:45 1289528 ----a-w- c:\windows\syswow64\ntdll.dll
    2010-06-25 17:21:31 961024 ----a-w- c:\windows\system32\CPFilters.dll
    2010-06-25 17:21:30 641536 ----a-w- c:\windows\syswow64\CPFilters.dll
    2010-06-25 17:21:30 258560 ----a-w- c:\windows\system32\mpg2splt.ax
    2010-06-25 17:21:29 552960 ----a-w- c:\windows\system32\msdri.dll
    2010-06-25 17:21:29 288256 ----a-w- c:\windows\system32\MSNP.ax
    2010-06-25 17:21:29 199680 ----a-w- c:\windows\syswow64\mpg2splt.ax
    2010-06-25 17:21:28 204288 ----a-w- c:\windows\syswow64\MSNP.ax
    2010-06-17 14:38:57 65536 --sha-w- c:\users\dee stone\ntuser.dat{ebd938a6-7a1a-11df-ae66-00038a000015}.TM.blf
    2010-06-17 14:38:57 524288 --sha-w- c:\users\dee stone\ntuser.dat{ebd938a6-7a1a-11df-ae66-00038a000015}.TMContainer00000000000000000002.regtrans-ms
    2010-06-17 14:38:57 524288 --sha-w- c:\users\dee stone\ntuser.dat{ebd938a6-7a1a-11df-ae66-00038a000015}.TMContainer00000000000000000001.regtrans-ms
    2010-06-14 18:17:06 0 d-----w- c:\users\deesto~1\appdata\roaming\MastersOfMystery2
    2010-06-13 04:18:55 65536 --sha-w- c:\users\dee stone\ntuser.dat{adeab5c9-76a2-11df-8c06-904ce5fccf3a}.TM.blf
    2010-06-13 04:18:55 524288 --sha-w- c:\users\dee stone\ntuser.dat{adeab5c9-76a2-11df-8c06-904ce5fccf3a}.TMContainer00000000000000000002.regtrans-ms
    2010-06-13 04:18:55 524288 --sha-w- c:\users\dee stone\ntuser.dat{adeab5c9-76a2-11df-8c06-904ce5fccf3a}.TMContainer00000000000000000001.regtrans-ms
    2010-06-13 00:17:31 0 d-----w- c:\programdata\CyberLink
    2010-06-12 20:26:41 65536 --sha-w- c:\users\dee stone\ntuser.dat{b661ab7e-7655-11df-b76d-00038a000015}.TM.blf
    2010-06-12 20:26:41 524288 --sha-w- c:\users\dee stone\ntuser.dat{b661ab7e-7655-11df-b76d-00038a000015}.TMContainer00000000000000000002.regtrans-ms
    2010-06-12 20:26:41 524288 --sha-w- c:\users\dee stone\ntuser.dat{b661ab7e-7655-11df-b76d-00038a000015}.TMContainer00000000000000000001.regtrans-ms
    2010-06-12 15:26:17 0 d-----w- c:\users\deesto~1\appdata\roaming\Aisle 5 Games, Inc

    ==================== Find3M ====================

    2010-06-11 15:04:00 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_09_00.Wdf
    2010-06-09 22:38:51 87456 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
    2010-06-09 22:38:50 80768 ----a-w- c:\windows\system32\LMIinit.dll
    2010-06-09 22:38:50 33152 ----a-w- c:\windows\system32\LMIport.dll
    2010-06-01 17:37:48 270208 ------w- c:\windows\system32\MpSigStub.exe
    2010-05-27 07:24:13 34304 ----a-w- c:\windows\syswow64\atmlib.dll
    2010-05-27 06:34:09 46080 ----a-w- c:\windows\system32\atmlib.dll
    2010-05-27 04:11:32 366080 ----a-w- c:\windows\system32\atmfd.dll
    2010-05-27 03:49:37 293888 ----a-w- c:\windows\syswow64\atmfd.dll
    2010-05-21 05:52:30 1192960 ----a-w- c:\windows\system32\wininet.dll
    2010-05-21 05:18:06 977920 ----a-w- c:\windows\syswow64\wininet.dll
    2010-05-21 05:14:50 48128 ----a-w- c:\windows\syswow64\jsproxy.dll
    2010-05-06 23:38:58 61224 ----a-w- c:\users\dee stone\GoToAssistDownloadHelper.exe
    2010-05-06 12:42:05 1225216 ----a-w- c:\windows\syswow64\urlmon.dll
    2010-05-06 12:41:55 606208 ----a-w- c:\windows\syswow64\mstime.dll
    2010-05-06 12:41:53 64512 ----a-w- c:\windows\syswow64\msfeedsbs.dll
    2010-05-06 12:41:53 5970944 ----a-w- c:\windows\syswow64\mshtml.dll
    2010-05-06 12:41:49 381440 ----a-w- c:\windows\syswow64\iedkcs32.dll
    2010-05-06 12:41:49 10984448 ----a-w- c:\windows\syswow64\ieframe.dll
    2010-05-01 15:07:05 3122176 ----a-w- c:\windows\system32\win32k.sys
    2010-04-23 07:13:36 2048 ----a-w- c:\windows\syswow64\tzres.dll
    2010-04-23 07:11:58 2048 ----a-w- c:\windows\system32\tzres.dll
    2010-04-19 18:27:45 2420 ----a-w- c:\users\deesto~1\appdata\roaming\wklnhst.dat
    2009-07-14 05:37:38 31548 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
    2009-07-14 05:37:38 31548 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
    2009-07-14 05:37:38 291294 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
    2009-07-14 05:37:38 291294 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
    2009-07-14 04:54:24 174 --sha-w- c:\program files\desktop.ini
    2009-07-14 04:54:24 174 --sha-w- c:\program files (x86)\desktop.ini
    2009-07-14 01:00:34 291294 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
    2009-07-14 01:00:34 291294 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
    2009-07-14 01:00:32 31548 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
    2009-07-14 01:00:32 31548 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
    2010-02-13 02:26:08 75 --sh--r- c:\windows\CT4CET.bin
    2009-06-10 20:44:08 9633792 --sha-r- c:\windows\fonts\StaticCache.dat
    2010-02-23 01:39:36 245760 --sha-w- c:\windows\serviceprofiles\localservice\appdata\roaming\microsoft\windows\ietldcache\index.dat
    2010-02-21 00:58:45 245760 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\ietldcache\index.dat
    2009-07-14 05:12:52 245760 --sha-w- c:\windows\system32\config\systemprofile\appdata\roaming\microsoft\windows\ietldcache\index.dat
    2010-02-21 00:57:53 245760 --sha-w- c:\windows\syswow64\config\systemprofile\appdata\roaming\microsoft\windows\ietldcache\index.dat
    2009-07-14 01:39:53 398848 --sha-w- c:\windows\winsxs\amd64_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_4d4d1f2f696639a2\WinMail.exe
    2009-07-14 01:14:45 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe

    ============= FINISH: 18:00:01.00 ===============
    and let me know if you see any thing. Thank you, Dee
     
    deester,
    #1
  2. 2010/07/11
    deester

    deester Inactive Alumni Thread Starter

    Joined:
    2008/07/08
    Messages:
    633
    Likes Received:
    0
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT

    DDS (Ver_10-03-17.01)

    Microsoft Windows 7 Home Premium
    Boot Device: \Device\HarddiskVolume2
    Install Date: 2/18/2010 2:48:50 PM
    System Uptime: 7/9/2010 6:54:52 PM (48 hours ago)

    Motherboard: Dell Inc. | |
    Processor: Intel(R) Core(TM)2 Duo CPU T6600 @ 2.20GHz | U2E1 | 2200/533mhz

    ==== Disk Partitions =========================

    C: is FIXED (NTFS) - 283 GiB total, 223.167 GiB free.
    D: is CDROM ()

    ==== Disabled Device Manager Items =============

    ==== System Restore Points ===================

    No restore point in system.

    ==== Installed Programs ======================

    10 Days To Save The World
    20,000 Leagues Under the Sea 1.00
    A Fairy Tale
    Abundante!
    Acrobat.com
    Adobe AIR
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 10 Plugin
    Adobe Reader 9.3.2
    Advanced Audio FX Engine
    Affair Bureau
    Age of Oracles - Tara's Journey
    AI RoboForm (All Users)
    Amazing Adventures Around the World(TM)
    AOL Uninstaller (Choose which Products to Remove)
    Apple Application Support
    Apple Software Update
    Around the World in 80 Days
    Atlantis Bundle
    Big City Adventure(TM) - Vancouver
    Born Into Darkness
    Campfire Legends - The Hookman
    Cate West - The Velvet Keys(TM)
    CCleaner
    COLLAPSE!
    Compatibility Pack for the 2007 Office system
    Cozi
    Dell DataSafe Local Backup
    Dell DataSafe Local Backup - Support Software
    Dell Getting Started Guide
    Dell Support Center (Support Software)
    Dell Webcam Central
    Diamond Detective
    Dominic Cranes Dreamscape Mystery
    Enchanted Cavern
    Family Farm Fresh Start 1.00
    Family Mystery - The Story of Amy
    FRANKENSTEIN - The Dismembered Bride
    Gadwin PrintScreen Professional
    GameHouse Games Manager
    Google Chrome
    Google Desktop
    Google Update Helper
    Google Updater
    GoToAssist 8.0.0.514
    Hidden Identity 1.00
    Hidden Relics
    HiJackThis
    Inca Quest
    Island The Lost Medallion 1.00
    Java Auto Updater
    Java(TM) 6 Update 20
    Jewel Match 2
    Jewel Quest
    Jewel Quest Mysteries
    Jigsaw Kittens
    Journey of Hope
    Junk Mail filter update
    Laby
    Legend of Aladdin
    Legends of the Wild West - Golden Hill
    Little Shop of Treasures 2
    Live! Cam Avatar Creator
    LogMeIn
    Lost in Reefs
    Magicville Art of Magic 1.00
    Malwarebytes' Anti-Malware
    Marooned
    Masters of Mystery - Blood of Betrayal
    McAfee Virtual Technician
    Microsoft Choice Guard
    Microsoft Office PowerPoint Viewer 2007 (English)
    Microsoft Office Suite Activation Assistant
    Microsoft Search Enhancement Pack
    Microsoft Silverlight
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft Sync Framework Runtime Native v1.0 (x86)
    Microsoft Sync Framework Services Native v1.0 (x86)
    Microsoft VC9 runtime libraries
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Works
    Monarch - The Butterfly King
    Mozilla Firefox (3.6.3)
    MSVCRT
    Nat Geo Games - Mystery of Cleopatra
    OpenAL
    OpenOffice.org 3.1
    PC Fixer
    Pharaohs Mystery
    Pipsoh!
    Power Puzzle Pack - 3 in 1
    PowerDVD DX
    QualXServ Service Agreement
    QuickTime
    Rainbow Web 2
    Rainbow Web Bundle
    Rainforest Adventure
    Revo Uninstaller 1.85
    Roxio Burn
    Samantha Swift and the Mystery from Atlantis
    Saqqarah
    Scrapbook Paige
    Secrets of the Dragon Wheel
    SiteRanker
    Snapshot Adventures - Secret of Bird Island
    SpeedFan (remove only)
    Spybot - Search & Destroy
    Sunset Studio Deluxe
    Super Collapse! 3
    Super Jigsaw Adorable Animals 2
    Super Jigsaw Lighthouses
    The Enchanting Islands
    The Legend of El Dorado
    The Lost Cases of 221B Baker St 1.00
    The Magician's Handbook II - BlackLore
    The Mystery of the Mary Celeste
    The Tudors
    Travels With Gulliver 1.0
    Treasure Pyramid
    Trial of the Gods Ariadnes Journey 1.00
    Uninstall AOL Emergency Connect Utility 1.0
    Viewpoint Media Player
    Web Games Player Plugin
    Windows Live Call
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Mail
    Windows Live Messenger
    Windows Live Movie Maker
    Windows Live OneCare safety scanner
    Windows Live Photo Gallery
    Windows Live Sign-in Assistant
    Windows Live Sync
    Windows Live Toolbar
    Windows Live Upload Tool
    Windows Live Writer
    Windows Media Player Firefox Plugin
    World Adventure
    WOT for Internet Explorer
    Zuma Deluxe

    ==== Event Viewer Messages From Past Week ========

    7/9/2010 4:25:59 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load:
    7/9/2010 4:25:42 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the lxdqCATSCustConnectService service to connect.
    7/9/2010 4:25:42 PM, Error: Service Control Manager [7000] - The lxdqCATSCustConnectService service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    7/9/2010 4:25:20 PM, Error: Application Popup [1060] - \SystemRoot\SysWow64\DRIVERS\1UnHooker.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
    7/9/2010 4:19:03 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.85.1714.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.5902.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
    7/8/2010 7:30:14 PM, Error: bowser [8003] - The master browser has received a server announcement from the computer TED-PC that believes that it is the master browser for the domain on transport NetBT_Tcpip_{1BB253F1-D087-4FC8-B7EA-BA94E1F99CDA}. The master browser is stopping or an election is being forced.
    7/8/2010 2:37:36 PM, Error: VDS Basic Provider [1] - Unexpected failure. Error code: D@01010004
    7/8/2010 2:14:09 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR1.
    7/5/2010 6:54:24 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Definition Update for Microsoft Security Essentials - KB972696 (Definition 1.85.1505.0).
    7/5/2010 6:54:20 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.85.1400.0 Update Source: Microsoft Update Server Update Stage: Install Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.5902.0 Error code: 0x80070643 Error description: Fatal error during installation.
    7/11/2010 5:54:01 PM, Error: Service Control Manager [7000] - The Volume Shadow Copy service failed to start due to the following error: The system cannot find the path specified.
    7/11/2010 5:54:01 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "3" attempting to start the service VSS with arguments " " in order to run the server: {E579AB5F-1CC4-44B4-BED9-DE0991FF0623}
    7/11/2010 2:02:38 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Definition Update for Microsoft Security Essentials - KB972696 (Definition 1.85.1855.0).
    7/11/2010 2:02:34 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.85.1840.0 Update Source: Microsoft Update Server Update Stage: Install Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.5902.0 Error code: 0x80070643 Error description: Fatal error during installation.
    7/11/2010 2:02:33 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "3" attempting to start the service VSS with arguments " " in order to run the server: {0B5A2C52-3EB9-470A-96E2-6C6D4570E40F}
    7/11/2010 10:45:28 AM, Error: BTHUSB [17] - The local Bluetooth adapter has failed in an undetermined manner and will not be used. The driver has been unloaded.
    7/10/2010 2:26:10 PM, Error: ACPI [13] - : The embedded controller (EC) did not respond within the specified timeout period. This may indicate that there is an error in the EC hardware or firmware or that the BIOS is accessing the EC incorrectly. You should check with your computer manufacturer for an upgraded BIOS. In some situations, this error may cause the computer to function incorrectly.
    1UnHooker
    1UnHooker
    1UnHooker
    1UnHooker
    1UnHooker
    1UnHooker

    ==== End Of File ===========================
     
    deester,
    #2


  3. to hide this advert.

  4. 2010/07/11
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Download Dr.Web CureIt to the desktop:
    ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe
    Alternative download: http://majorgeeks.com/Dr.Web_CureIT_d4783.html

    • Doubleclick the drweb-cureit.exe file and click Scan to run express scan. Click OK in pop-up window to allow scan.
    • This will scan the files currently running in memory and when something is found, click the Yes button when it asks you if you want to cure it. This is only a short scan.
    • Once the short scan has finished, select Complete scan.
    • Click the green arrow [​IMG] at the right, and the scan will start.
    • Click Yes to all if it asks if you want to cure/move the file.
    • When the scan has finished, in the menu, click File and choose Save report list
    • Save the report to your desktop. The report will be called DrWeb.csv
    • Close Dr.Web Cureit.
    • [color=5]Important![/color] Reboot your computer because it could be possible that files in use will be moved/deleted during reboot.
    • Copy and paste that log in the next reply. You can use Notepad to open the DrWeb.cvs report.

    NOTE. During the scan, pop-up window will open asking for full version purchase. Simply close the window by clicking on X in upper right corner.

    ============================================================

    Download OTL to your Desktop.

    * Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    * Under the Custom Scan box paste this in:



    netsvcs
    drivers32 /all
    %SYSTEMDRIVE%\*.*
    %systemroot%\system32\Spool\prtprocs\w32x86\*.dll
    %systemroot%\system32\*.wt
    %systemroot%\system32\*.ruy
    %systemroot%\Fonts\*.com
    %systemroot%\Fonts\*.dll
    %systemroot%\system32\spool\prtprocs\w32x86\*.tmp
    %systemroot%\*. /mp /s
    /md5start
    /md5stop
    CREATERESTOREPOINT
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\System32\config\*.sav
    %systemroot%\system32\user32.dll /md5
    %systemroot%\system32\ws2_32.dll /md5
    %systemroot%\system32\ws2help.dll /md5
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs



    * Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
     
    broni,
    #3
  5. 2010/07/12
    deester

    deester Inactive Alumni Thread Starter

    Joined:
    2008/07/08
    Messages:
    633
    Likes Received:
    0
    broni,
    j have trouble every time with program and I follow your directions exactly. I had problems with the express scan, it took foreverm. When I did the complete scan, it scanned 10 hrs and only about 1/4 inch on the green bar completed when I stopped it. I don't know what is going on but it ain't right.
    Dee
     
    deester,
    #4
  6. 2010/07/12
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Instead....

    1. Download Temp File Cleaner (TFC)
    Double click on TFC.exe to run the program.
    Click on Start button to begin cleaning process.
    TFC will close all running programs, and it may ask you to restart computer.


    2. Go to Kaspersky website and perform an online antivirus scan.

    1. Disable your active antivirus program.
    2. Read through the requirements and privacy statement and click on Accept button.
    3. It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
    4. When the downloads have finished, click on Settings.
    5. Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:

    • Spyware, Adware, Dialers, and other potentially dangerous programs
      [*] Archives
      [*] Mail databases
    6. Click on My Computer under Scan.
    7. Once the scan is complete, it will display the results. Click on View Scan Report.
    8. You will see a list of infected items there. Click on Save Report As....
    9. Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button. Then post it here.
     
    broni,
    #5
  7. 2010/07/12
    deester

    deester Inactive Alumni Thread Starter

    Joined:
    2008/07/08
    Messages:
    633
    Likes Received:
    0
    I am in trouble. Everything went fine with TEC and I rebooted. After the reboot I cannot get back into Windows, I tried safe mode ,can't get in there either, What do I do?
     
    deester,
    #6
  8. 2010/07/12
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    When you try safe mode, how far can you boot?
    Did you try "Last known good configuration "?
     
    broni,
    #7
  9. 2010/07/13
    deester

    deester Inactive Alumni Thread Starter

    Joined:
    2008/07/08
    Messages:
    633
    Likes Received:
    0
    broni, sorry so late getting back with you. I could get no where with my computer, I got as far as load files in safe mode, and returned to Windows logo when I went to last configuration. I removed the battery and power supply and held the on switch for 60 secs. and still nothing. I called Dell and they cannot find the problem, they think it is software rather hardware. I tried to send it back but because they think it is software, they would not take it back. They want to do a factory image of the hard drive but I have no way of backing up my hard drive. I don't know yet what I'm going to do. What do you think? It is stress city here, my husband crashed one of his planes 4 weeks ago, lucky to be alive, cast on a leg and hand, cracked ribs, teeth are not too pretty. We have extra people in the house 24hrs/day to take care of us. House gets smaller every day and I always stress when my computer is down. Shouldn't complain things could have been much worse, plane hit the ground nose first.
     
    deester,
    #8
  10. 2010/07/13
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    I'm sorry to hear about your husband accident :(
    He's lucky to be alive...

    Let's see, if we can look at your computer booting from an external source.

    Using good computer, please download OTLPE (filesize 120,9 MB)

    • When downloaded double click on OTLPENet.exe and make sure there is a blank CD in your CD drive. This will automatically create a bootable CD.
    • Reboot your bad computer using the boot CD you just created.
      • Note : If you do not know how to set your computer to boot from CD follow the steps here
    • Your system should now display a REATOGO-X-PE desktop.
    • Depending on your type of internet connection, you should be able to get online as well so you can access this topic more easily.
    • Double-click on the OTLPE icon.
    • Ensure the box "Automatically Load All Remaining Users" is checked and press OK
    • OTL should now start.
    • Press Run Scan to start the scan.
    • When finished, the file will be saved in drive C:\OTL.txt
    • Copy this file to your USB drive if you do not have internet connection on this system
    • Please post the contents of the OTL.txt file in your reply.
     
    broni,
    #9
  11. 2010/07/13
    deester

    deester Inactive Alumni Thread Starter

    Joined:
    2008/07/08
    Messages:
    633
    Likes Received:
    0
    This did not work for me:(
     
    deester,
    #10
  12. 2010/07/13
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    I need all details in order to establish what went wrong.
     
    broni,
    #11
  13. 2010/07/13
    deester

    deester Inactive Alumni Thread Starter

    Joined:
    2008/07/08
    Messages:
    633
    Likes Received:
    0
    I made a copy of your directions and followed them to the letter. When I put the burned disk into the broke computer, nothing happened, the disk ran but the display was completely black. I did it twice with 2 different disk with the same results. Tonight I called Microsoft and was able to boot with my Windows 7 disk so I'm back in business again. Took me a long time to reconnect to internet.
     
    deester,
    #12
  14. 2010/07/13
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    I'm glad to see you fixed up :)
    No other issues?
     
    broni,
    #13
  15. 2010/07/13
    deester

    deester Inactive Alumni Thread Starter

    Joined:
    2008/07/08
    Messages:
    633
    Likes Received:
    0
    Not unless my computer is infected I am afraid to do anything right now. Thanks my friend for all your heip and all you've taught me. Dee
     
    deester,
    #14
  16. 2010/07/13
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    You're very welcome :)
    Good luck.
     
    broni,
    #15

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...