1. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

Active cant copy/cut/delete and clean rec. bin

Discussion in 'Malware and Virus Removal Archive' started by chrysis1995, 2009/12/08.

  1. 2009/12/08
    chrysis1995

    chrysis1995 Inactive Thread Starter

    Joined:
    2009/12/08
    Messages:
    1
    Likes Received:
    0
    [Active] cant copy/cut/delete and clean rec. bin

    when i go to copy a file an error message pops up "windows explorer" is not responding and then windows explorer is restarting" why does this happens
    and here is the DDS

    ATTACH

    Microsoft® Windows Vistaâ„¢ Home Premium
    Boot Device: \Device\HarddiskVolume2
    Install Date: 04/02/2009 16:44:50
    System Uptime: 12/08/2009 15:39:08 (2833 hours ago)

    Motherboard: Intel Corp. | | Base Board Product Name
    Processor: Intel(R) Core(TM)2 Duo CPU T5850 @ 2.16GHz | CPU | 1000/667mhz

    ==== Disk Partitions =========================

    C: is FIXED (NTFS) - 116 GiB total, 43.981 GiB free.
    E: is FIXED (NTFS) - 115 GiB total, 110.126 GiB free.
    F: is CDROM ()

    ==== Disabled Device Manager Items =============

    ==== System Restore Points ===================


    ==== Installed Programs ======================

    Activation Assistant for the 2007 Microsoft Office suites
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 10 Plugin
    Adobe Reader 8.1.5
    Adobe Shockwave Player
    Advanced SystemCare 3
    µTorrent
    AviSynth 2.5
    Bluetooth Stack for Windows by Toshiba
    Camera Assistant Software for Toshiba
    CCleaner
    CD/DVD Drive Acoustic Silencer
    Combat Arms EU
    Compatibility Pack for the 2007 Office system
    DVD MovieFactory for TOSHIBA
    Fast Browser Search (My Tattoons)
    Fraps
    Game Booster
    Google Chrome
    Google Desktop
    Google Earth
    Google Toolbar for Internet Explorer
    Google Update Helper
    Google Updater
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    iMesh
    Intel(R) Graphics Media Accelerator Driver
    Intel® Matrix Storage Manager
    Internet Saving Optimizer
    IObit Security 360
    IObitCom Toolbar
    Java(TM) 6 Update 17
    Junk Mail filter update
    KB408682
    LimeWire 5.3.6
    Media Access Startup
    Messenger Plus! Live
    Microsoft .NET Framework 3.5 SP1
    Microsoft Application Error Reporting
    Microsoft Choice Guard
    Microsoft Office 2007 Service Pack 2 (SP2)
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office Home and Student 2007
    Microsoft Office OneNote MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office PowerPoint Viewer 2007 (English)
    Microsoft Office Professional Edition 2003
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Word MUI (English) 2007
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Works
    Microsoft XML Parser
    MSVCRT
    MSXML 4.0 SP2 (KB941833)
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    My Web Search (Smiley Central)
    Norton AntiVirus
    OGA Notifier 2.0.0048.0
    PC Connectivity Solution
    PokerStars
    PowerDVD
    Realtek 8169, 8168, 8101E and 8102E Ethernet Network Card Driver for Windows Vista
    Realtek High Definition Audio Driver
    RICOH R5C83x/84x Flash Media Controller Driver Ver.3.54.02
    Search Guard Plus (My Tattoons)
    Search Guard Plus Updater (My Tattoons)
    Security Update for 2007 Microsoft Office System (KB969559)
    Security Update for 2007 Microsoft Office System (KB973704)
    Security Update for CAPICOM (KB931906)
    Security Update for Microsoft Office Excel 2007 (KB973593)
    Security Update for Microsoft Office PowerPoint 2007 (KB957789)
    Security Update for Microsoft Office system 2007 (972581)
    Security Update for Microsoft Office system 2007 (KB969613)
    Security Update for Microsoft Office system 2007 (KB974234)
    Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
    Security Update for Windows Media Encoder (KB954156)
    Skypeâ„¢ 4.1
    Smart Defrag 1.20
    Synaptics Pointing Device Driver
    System Requirements Lab
    System Search Dispatcher
    TOSHIBA Assist
    TOSHIBA ConfigFree
    TOSHIBA Disc Creator
    TOSHIBA DVD PLAYER
    TOSHIBA Extended Tiles for Windows Mobility Center
    TOSHIBA Face Recognition
    TOSHIBA Hardware Setup
    TOSHIBA Manuals
    Toshiba Online Product Information
    TOSHIBA Recovery Disc Creator
    TOSHIBA SD Memory Utilities
    TOSHIBA Software Modem
    TOSHIBA Supervisor Password
    TOSHIBA Value Added Package
    TRDCReminder
    TRORDCLauncher
    TuneUp Utilities
    TuneUp Utilities Language Pack (en-GB)
    Update for 2007 Microsoft Office System (KB967642)
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Microsoft Office 2007 Help for Common Features (KB963673)
    Update for Microsoft Office Excel 2007 Help (KB963678)
    Update for Microsoft Office OneNote 2007 Help (KB963670)
    Update for Microsoft Office Powerpoint 2007 Help (KB963669)
    Update for Microsoft Office Script Editor Help (KB963671)
    Update for Microsoft Office Word 2007 (KB974561)
    Update for Microsoft Office Word 2007 Help (KB963665)
    Windows Driver Package - MobileTop (sshpmdm) Modem (01/26/2008 2.6.0.0)
    Windows Driver Package - Nokia pccsmcfd (10/12/2007 6.85.4.0)
    Windows Driver Package - Sony Ericsson Mobile Communications (ggsemc) USB (03/20/2008 2.1.0.0)
    Windows Live Call
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Mail
    Windows Live Messenger
    Windows Live Photo Gallery
    Windows Live Sign-in Assistant
    Windows Live Sync
    Windows Live Upload Tool
    Windows Live Writer
    Windows Media Encoder 9 Series
    WinRAR archiver
    Yahoo! Messenger
    Yahoo! Toolbar

    DDS

    DDS (Ver_09-12-01.01) - NTFSx86
    Run by user at 16:31:22.42 on 08/12/2009
    Internet Explorer: 7.0.6002.18005
    Microsoft® Windows Vistaâ„¢ Home Premium 6.0.6002.2.1252.44.1033.18.2037.802 [GMT 2:00]

    SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

    ============== Running Processes ===============

    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
    C:\Windows\system32\svchost.exe -k rpcss
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\SLsvc.exe
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\RtHDVCpl.exe
    C:\Program Files\Toshiba\Power Saver\TPwrMain.exe
    C:\Program Files\Toshiba\FlashCards\TCrdMain.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files\MyWebSearch\bar\1.bin\M3SRCHMN.EXE
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE
    C:\Windows\system32\taskeng.exe
    C:\Program Files\Search Guard Plus\SearchGuardPlus.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Windows\system32\agrsmsvc.exe
    C:\Windows\system32\svchost.exe -k bthsvcs
    C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwssvc.exe
    C:\Program Files\Norton AntiVirus\Engine\17.1.0.19\ccSvcHst.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
    C:\Windows\system32\TODDSrv.exe
    C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
    c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
    C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
    C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
    C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
    C:\Windows\System32\svchost.exe -k WerSvcGroup
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe
    C:\Program Files\Norton AntiVirus\Engine\17.1.0.19\ccSvcHst.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\system32\DllHost.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Users\user\Desktop\dds.scr
    C:\Windows\system32\conime.exe
    C:\Windows\system32\wbem\wmiprvse.exe

    ============== Pseudo HJT Report ===============

    uSearch Page =
    uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT1750559
    uDefault_Page_URL = hxxp://www.google.co.uk
    uSearch Bar =
    mStart Page = hxxp://uk.yahoo.com
    mDefault_Page_URL = hxxp://uk.yahoo.com
    mDefault_Search_URL = hxxp://uk.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://uk.search.yahoo.com
    mSearch Page = hxxp://uk.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://uk.search.yahoo.com
    uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
    uURLSearchHooks: SearchHelper Class: {91c18ed5-5e1c-4ae5-a148-a861de8c8e16} - c:\program files\sgpsa\mtwb3sh.dll
    uURLSearchHooks: IObitCom Toolbar: {31c7d459-9cc3-44f2-9dca-fc11795309b4} - c:\program files\iobitcom\tbIObi.dll
    uURLSearchHooks: H - No File
    uURLSearchHooks: H - No File
    uURLSearchHooks: H - No File
    mURLSearchHooks: IObitCom Toolbar: {31c7d459-9cc3-44f2-9dca-fc11795309b4} - c:\program files\iobitcom\tbIObi.dll
    mURLSearchHooks: H - No File
    BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\progra~1\yahoo!\companion\installs\cpn0\yt.dll
    BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
    BHO: mwsBar BHO: {07b18ea1-a523-4961-b6bb-170de4475cca} - c:\program files\mywebsearch\bar\1.bin\MWSBAR.DLL
    BHO: Media Access Startup: {25b8d58c-b0cb-46b0-ba64-05b3804e4e86} - Media Access Startup
    BHO: IObitCom Toolbar: {31c7d459-9cc3-44f2-9dca-fc11795309b4} - c:\program files\iobitcom\tbIObi.dll
    BHO: NP Helper Class: {35b8d58c-b0cb-46b0-ba64-05b3804e4e86} - NP Helper Class
    BHO: UrlHelper Class: {474597c5-ab09-49d6-a4d5-2e8d7341384e} - c:\program files\imesh applications\imesh\iMeshIEHelper.dll
    BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
    BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton antivirus\engine\17.1.0.19\IPSBHO.DLL
    BHO: BrowserHelper Class: {8a9d74f9-560b-4fe7-abeb-3b2e638e5cd6} - c:\program files\sgpsa\SearchAssistant.dll
    BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.2.4204.1700\swg.dll
    BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_B7C5AC242193BB3E.dll
    BHO: System Search Dispatcher: {cdbfb47b-58a8-4111-bf95-06178dce326d} - System Search Dispatcher
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: Search Assistant: {f0626a63-410b-45e2-99a1-3f2475b2d695} - c:\program files\sgpsa\BHO.dll
    BHO: Fast Browser Search Toolbar Helper: {fcbccb87-9224-4b8d-b117-f56d924beb18} - c:\program files\fast browser search\ie\FBStoolbar.dll
    BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\progra~1\yahoo!\companion\installs\cpn0\YTSingleInstance.dll
    TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
    TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    TB: Fast Browser Search Toolbar: {1bb22d38-a411-4b13-a746-c2a4f4ec7344} - c:\program files\fast browser search\ie\FBStoolbar.dll
    TB: IObitCom Toolbar: {31c7d459-9cc3-44f2-9dca-fc11795309b4} - c:\program files\iobitcom\tbIObi.dll
    TB: My Web Search: {07b18ea9-a523-4961-b6bb-170de4475cca} - c:\program files\mywebsearch\bar\1.bin\MWSBAR.DLL
    TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
    TB: {EEE6C35B-6118-11DC-9C72-001320C79847} - No File
    TB: {A057A204-BACC-4D26-C39E-35F1D2A32EC8} - No File
    TB: {5617ECA9-488D-4BA2-8562-9710B9AB78D2} - No File
    uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe
    uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
    uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
    uRun: [MyWebSearch Email Plugin] c:\progra~1\mywebs~1\bar\1.bin\mwsoemon.exe
    mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    mRun: [RtHDVCpl] RtHDVCpl.exe
    mRun: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
    mRun: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe
    mRun: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
    mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe "
    mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe "
    mRun: [IObit Security 360] "c:\program files\iobit\iobit security 360\IS360tray.exe" /autostart
    mRun: [MyWebSearch Plugin] rundll32 c:\progra~1\mywebs~1\bar\1.bin\M3PLUGIN.DLL,UPF
    mRun: [My Web Search Bar Search Scope Monitor] "c:\progra~1\mywebs~1\bar\1.bin\m3SrchMn.exe" /m=2 /w /h
    mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
    IE: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - c:\program files\pokerstars\PokerStarsUpdate.exe
    IE: {53F6FCCD-9E22-4d71-86EA-6E43136192AB}
    IE: {76577871-04EC-495E-A12B-91F7C3600AFA} - http://rover.ebay.com/rover/1/710-44557-9400-3/4
    IE: {8A918C1D-E123-4E36-B562-5C1519E434CE} - http://www.amazon.co.uk/exec/obidos/redirect-home?tag=Toshibaukbholink-21&site=home
    IE: {925DAB62-F9AC-4221-806A-057BFB1014AA}
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL
    DPF: {40F576AD-8680-4F9E-9490-99D069CD665F} - hxxp://srtest-cdn.systemrequirementslab.com.s3.amazonaws.com/bin/sysreqlabdetect.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
    DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
    DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
    DPF: {D1548A26-B8F6-4E86-AE74-E7062CCC2E2A} - hxxp://www.miniclip.com/igloader/igloader.CAB
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    TCP: {F46CC878-71E4-4BD6-9D21-AA967C85DF51} = 208.67.222.222,208.67.220.220
    Notify: igfxcui - igfxdev.dll
    AppInit_DLLs: c:\progra~1\google\google~3\goec62~1.dll

    ============= SERVICES / DRIVERS ===============

    R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\nav\1101000.013\SymDS.sys [2009-11-30 328752]
    R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\nav\1101000.013\SymEFA.sys [2009-11-30 171056]
    R1 BHDrvx86;BHDrvx86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nav_17.0.0.136\definitions\bashdefs\20091104.001\BHDrvx86.sys [2009-11-5 524848]
    R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\nav\1101000.013\cchpx86.sys [2009-11-30 501888]
    R1 IDSVix86;IDSVix86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nav_17.0.0.136\definitions\ipsdefs\20091111.001\IDSvix86.sys [2009-11-29 343088]
    R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\nav\1101000.013\Ironx86.sys [2009-11-30 114736]
    R1 SYMTDIv;Symantec Vista Network Dispatch Driver;c:\windows\system32\drivers\nav\1101000.013\symtdiv.sys [2009-11-30 339504]
    R2 ConfigFree Service;ConfigFree Service;c:\program files\toshiba\configfree\CFSvcs.exe [2007-12-25 40960]
    R2 MyWebSearchService;My Web Search Service;c:\progra~1\mywebs~1\bar\1.bin\mwssvc.exe [2009-12-8 28762]
    R2 NAV;Norton AntiVirus;c:\program files\norton antivirus\engine\17.1.0.19\ccSvcHst.exe [2009-11-30 126392]
    R2 TOSHIBA SMART Log Service;TOSHIBA SMART Log Service;c:\program files\toshiba\smartlogservice\TosIPCSrv.exe [2007-12-3 126976]
    R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\tuneup utilities 2010\TuneUpUtilitiesService32.exe [2009-11-17 1021256]
    R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2009-11-29 102448]
    R3 FwLnk;FwLnk Driver;c:\windows\system32\drivers\FwLnk.sys [2008-4-22 7168]
    R3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\NETw5v32.sys [2008-11-17 3668480]
    R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\tuneup utilities 2010\TuneUpUtilitiesDriver32.sys [2009-10-14 10064]
    S2 gupdate1c98b93e3531c90;Google Update Service (gupdate1c98b93e3531c90);c:\program files\google\update\GoogleUpdate.exe [2009-2-10 133104]
    S2 IS360service;IS360service;c:\program files\iobit\iobit security 360\is360srv.exe [2009-11-20 312592]
    S2 StarWindServiceAE;StarWind AE Service;c:\program files\alcohol soft\alcohol 120\starwind\starwindserviceae.exe --> c:\program files\alcohol soft\alcohol 120\starwind\StarWindServiceAE.exe [?]
    S2 Wyyo Service;Wyyo Service; "c:\programdata\wyyo\wyyo135.exe" "c:\program files\wyyo\wyyo.dll" service --> c:\programdata\wyyo\wyyo135.exe [?]
    S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-21 21504]
    S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [2009-8-24 36608]
    S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [2009-6-21 13224]
    S3 s0016bus;Sony Ericsson Device 0016 driver (WDM);c:\windows\system32\drivers\s0016bus.sys [2009-7-3 89256]
    S3 s0016mdfl;Sony Ericsson Device 0016 USB WMC Modem Filter;c:\windows\system32\drivers\s0016mdfl.sys [2009-7-3 15016]
    S3 s0016mdm;Sony Ericsson Device 0016 USB WMC Modem Driver;c:\windows\system32\drivers\s0016mdm.sys [2009-7-3 120744]
    S3 s0016mgmt;Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s0016mgmt.sys [2009-7-3 114216]
    S3 s0016nd5;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS);c:\windows\system32\drivers\s0016nd5.sys [2009-7-3 25512]
    S3 s0016obex;Sony Ericsson Device 0016 USB WMC OBEX Interface;c:\windows\system32\drivers\s0016obex.sys [2009-7-3 110632]
    S3 s0016unic;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM);c:\windows\system32\drivers\s0016unic.sys [2009-7-3 115752]
    S3 s0017bus;Sony Ericsson Device 0017 driver (WDM);c:\windows\system32\drivers\s0017bus.sys [2009-7-3 86824]
    S3 s0017mdfl;Sony Ericsson Device 0017 USB WMC Modem Filter;c:\windows\system32\drivers\s0017mdfl.sys [2009-7-3 15016]
    S3 s0017mdm;Sony Ericsson Device 0017 USB WMC Modem Driver;c:\windows\system32\drivers\s0017mdm.sys [2009-7-3 114600]
    S3 s0017mgmt;Sony Ericsson Device 0017 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s0017mgmt.sys [2009-7-3 108328]
    S3 s0017nd5;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (NDIS);c:\windows\system32\drivers\s0017nd5.sys [2009-7-3 26024]
    S3 s0017obex;Sony Ericsson Device 0017 USB WMC OBEX Interface;c:\windows\system32\drivers\s0017obex.sys [2009-7-3 104616]
    S3 s0017unic;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (WDM);c:\windows\system32\drivers\s0017unic.sys [2009-7-3 109736]

    =============== Created Last 30 ================

    2009-12-08 12:36:08 28672 ----a-w- c:\windows\system32\f3PSSavr.scr
    2009-12-08 12:36:08 0 d-----w- c:\program files\FunWebProducts
    2009-12-08 12:36:06 0 d-----w- c:\program files\MyWebSearch
    2009-12-07 12:03:44 0 d-----r- c:\program files\Skype
    2009-12-07 12:03:43 0 d-----w- c:\programdata\Skype
    2009-12-05 12:03:30 0 d-----w- C:\ConverterOutput
    2009-12-05 12:03:12 1060864 ----a-w- c:\windows\system32\MFC71.DLL
    2009-12-05 12:03:10 6144 ----a-w- c:\windows\system32\ff_acm.acm
    2009-12-05 12:03:10 60273 ----a-w- c:\windows\system32\pthreadGC2.dll
    2009-12-05 12:03:10 57344 ----a-w- c:\windows\system32\ff_vfw.dll
    2009-12-05 12:03:10 547 ----a-w- c:\windows\system32\ff_vfw.dll.manifest
    2009-12-05 12:03:10 258352 ----a-w- c:\windows\system32\unicows.dll
    2009-12-05 12:03:07 98304 ----a-w- c:\windows\system32\L3CODECX.AX
    2009-12-05 12:03:07 372736 ----a-w- c:\windows\system32\xvid.ax
    2009-12-05 12:03:05 0 d-----w- c:\program files\Cucusoft
    2009-12-02 19:01:14 0 d-----w- c:\programdata\Blizzard
    2009-11-30 13:41:13 29512 ----a-w- c:\windows\system32\TURegOpt.exe
    2009-11-30 13:41:11 30024 ----a-w- c:\windows\system32\uxtuneup.dll
    2009-11-30 13:41:11 21320 ----a-w- c:\windows\system32\authuitu.dll
    2009-11-30 13:40:28 0 d-----w- c:\users\user\appdata\roaming\TuneUp Software
    2009-11-30 13:40:15 0 d-----w- c:\program files\TuneUp Utilities 2010
    2009-11-30 13:39:27 0 d-----w- c:\programdata\TuneUp Software
    2009-11-30 13:38:49 0 d-sh--w- c:\programdata\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}
    2009-11-29 12:56:08 0 d-----w- c:\users\user\appdata\roaming\Tific
    2009-11-29 12:51:26 805 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF
    2009-11-29 12:51:26 7443 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT
    2009-11-29 12:51:26 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
    2009-11-29 12:51:25 0 d-----w- c:\program files\Symantec
    2009-11-29 12:51:25 0 d-----w- c:\program files\common files\Symantec Shared
    2009-11-29 12:50:53 0 d-----w- c:\windows\system32\drivers\NAV
    2009-11-29 12:50:47 0 d-----w- c:\program files\Norton AntiVirus
    2009-11-26 12:44:46 1401856 ----a-w- c:\windows\system32\msxml6.dll
    2009-11-26 12:44:44 1248768 ----a-w- c:\windows\system32\msxml3.dll
    2009-11-26 12:42:05 714240 ----a-w- c:\windows\system32\timedate.cpl
    2009-11-26 12:40:30 2048 ----a-w- c:\windows\system32\tzres.dll
    2009-11-23 19:49:10 0 d-----w- c:\programdata\Norton
    2009-11-23 19:49:10 0 d-----w- c:\program files\Norton Security Scan
    2009-11-23 19:49:09 0 d-----w- c:\programdata\Symantec
    2009-11-23 19:49:00 0 d-----w- c:\programdata\NortonInstaller
    2009-11-23 19:49:00 0 d-----w- c:\program files\NortonInstaller
    2009-11-20 20:48:09 0 d-----w- c:\users\user\Tracing
    2009-11-20 15:12:01 0 d-----w- c:\programdata\IObit
    2009-11-20 12:52:06 0 d-----w- c:\program files\IObitCom
    2009-11-19 20:08:05 0 d-----w- c:\users\user\appdata\roaming\BSplayer Pro
    2009-11-19 20:08:05 0 d-----w- c:\users\user\appdata\roaming\BSplayer
    2009-11-19 12:31:38 0 d-----w- c:\program files\AviSynth 2.5
    2009-11-19 12:11:13 0 d-----w- c:\users\user\appdata\roaming\GetRightToGo
    2009-11-19 05:11:46 0 d-----w- c:\program files\VideoLAN
    2009-11-18 13:42:05 0 d-----w- c:\program files\Microsoft SQL Server Compact Edition
    2009-11-18 13:40:34 0 d-----w- c:\program files\Microsoft
    2009-11-18 13:40:10 0 d-----w- c:\program files\Windows Live SkyDrive
    2009-11-17 22:32:32 0 d-----w- c:\program files\Windows Portable Devices
    2009-11-17 22:32:10 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
    2009-11-17 22:31:43 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_07_00.Wdf
    2009-11-17 20:07:28 92672 ----a-w- c:\windows\system32\UIAnimation.dll
    2009-11-17 20:07:27 3023360 ----a-w- c:\windows\system32\UIRibbon.dll
    2009-11-17 20:07:27 1164800 ----a-w- c:\windows\system32\UIRibbonRes.dll
    2009-11-17 20:05:49 30208 ----a-w- c:\windows\system32\WPDShextAutoplay.exe
    2009-11-17 20:03:57 4096 ----a-w- c:\windows\system32\oleaccrc.dll
    2009-11-17 20:03:56 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll
    2009-11-17 20:03:56 234496 ----a-w- c:\windows\system32\oleacc.dll
    2009-11-12 12:26:52 0 d-----w- c:\users\user\appdata\roaming\WinBatch
    2009-11-12 12:23:17 2036736 ----a-w- c:\windows\system32\win32k.sys
    2009-11-12 12:14:24 355328 ----a-w- c:\windows\system32\WSDApi.dll
    2009-11-09 14:05:10 65536 --sha-w- c:\users\user\ntuser.dat{08fd8db5-c3c7-11de-a6e7-001f3caf1044}.TxR.blf
    2009-11-09 14:05:10 1048576 --sha-w- c:\users\user\ntuser.dat{08fd8db5-c3c7-11de-a6e7-001f3caf1044}.TxR.2.regtrans-ms
    2009-11-09 14:05:10 1048576 --sha-w- c:\users\user\ntuser.dat{08fd8db5-c3c7-11de-a6e7-001f3caf1044}.TxR.1.regtrans-ms
    2009-11-09 14:05:10 1048576 --sha-w- c:\users\user\ntuser.dat{08fd8db5-c3c7-11de-a6e7-001f3caf1044}.TxR.0.regtrans-ms

    ==================== Find3M ====================

    2009-11-27 20:15:01 86016 ----a-w- c:\windows\inf\infpub.dat
    2009-11-27 20:15:01 143360 ----a-w- c:\windows\inf\infstrng.dat
    2009-11-27 20:15:01 143360 ----a-w- c:\windows\inf\infstor.dat
    2009-11-17 22:32:27 665600 ----a-w- c:\windows\inf\drvindex.dat
    2009-11-02 18:42:06 195456 ------w- c:\windows\system32\MpSigStub.exe
    2009-10-16 12:19:50 86016 ----a-w- c:\windows\system32\frapsvid.dll
    2009-10-11 02:17:27 411368 ----a-w- c:\windows\system32\deploytk.dll
    2009-10-01 01:02:17 2537472 ----a-w- c:\windows\system32\wpdshext.dll
    2009-10-01 01:02:04 334848 ----a-w- c:\windows\system32\PortableDeviceApi.dll
    2009-10-01 01:02:02 87552 ----a-w- c:\windows\system32\WPDShServiceObj.dll
    2009-10-01 01:02:00 31232 ----a-w- c:\windows\system32\BthMtpContextHandler.dll
    2009-10-01 01:01:59 546816 ----a-w- c:\windows\system32\wpd_ci.dll
    2009-10-01 01:01:59 160256 ----a-w- c:\windows\system32\PortableDeviceTypes.dll
    2009-10-01 01:01:56 60928 ----a-w- c:\windows\system32\PortableDeviceConnectApi.dll
    2009-10-01 01:01:56 350208 ----a-w- c:\windows\system32\WPDSp.dll
    2009-10-01 01:01:56 196608 ----a-w- c:\windows\system32\PortableDeviceWMDRM.dll
    2009-10-01 01:01:56 100864 ----a-w- c:\windows\system32\PortableDeviceClassExtension.dll
    2009-10-01 01:01:54 81920 ----a-w- c:\windows\system32\wpdbusenum.dll
    2009-10-01 01:01:50 226816 ----a-w- c:\windows\system32\WpdMtp.dll
    2009-10-01 01:01:49 61952 ----a-w- c:\windows\system32\WpdMtpUS.dll
    2009-10-01 01:01:49 33280 ----a-w- c:\windows\system32\WpdConns.dll
    2009-09-25 02:10:10 974848 ----a-w- c:\windows\system32\WindowsCodecs.dll
    2009-09-25 02:07:08 189440 ----a-w- c:\windows\system32\WindowsCodecsExt.dll
    2009-09-25 02:04:32 321024 ----a-w- c:\windows\system32\PhotoMetadataHandler.dll
    2009-09-25 01:49:22 1554432 ----a-w- c:\windows\system32\xpsservices.dll
    2009-09-25 01:48:08 351232 ----a-w- c:\windows\system32\XpsPrint.dll
    2009-09-25 01:38:29 847360 ----a-w- c:\windows\system32\OpcServices.dll
    2009-09-25 01:36:13 280064 ----a-w- c:\windows\system32\XpsGdiConverter.dll
    2009-09-25 01:35:31 135680 ----a-w- c:\windows\system32\XpsRasterService.dll
    2009-09-25 01:33:25 195584 ----a-w- c:\windows\system32\dxdiagn.dll
    2009-09-25 01:33:15 829440 ----a-w- c:\windows\system32\d3d10warp.dll
    2009-09-25 01:33:01 369664 ----a-w- c:\windows\system32\WMPhoto.dll
    2009-09-25 01:32:59 252928 ----a-w- c:\windows\system32\dxdiag.exe
    2009-09-25 01:31:53 519680 ----a-w- c:\windows\system32\d3d11.dll
    2009-09-25 01:31:26 486912 ----a-w- c:\windows\system32\d3d10level9.dll
    2009-09-25 01:31:21 161280 ----a-w- c:\windows\system32\d3d10_1.dll
    2009-09-25 01:31:19 218112 ----a-w- c:\windows\system32\d3d10_1core.dll
    2009-09-25 01:31:16 1030144 ----a-w- c:\windows\system32\d3d10.dll
    2009-09-25 01:31:15 828928 ----a-w- c:\windows\system32\d2d1.dll
    2009-09-25 01:30:23 481792 ----a-w- c:\windows\system32\dxgi.dll
    2009-09-25 01:30:23 190464 ----a-w- c:\windows\system32\d3d10core.dll
    2009-09-25 01:27:04 793088 ----a-w- c:\windows\system32\FntCache.dll
    2009-09-25 01:27:04 37888 ----a-w- c:\windows\system32\cdd.dll
    2009-09-25 01:27:04 1064448 ----a-w- c:\windows\system32\DWrite.dll
    2009-09-24 22:54:55 258048 ----a-w- c:\windows\system32\winspool.drv
    2009-09-24 22:54:53 667648 ----a-w- c:\windows\system32\printfilterpipelinesvc.exe
    2009-09-24 22:54:52 26112 ----a-w- c:\windows\system32\printfilterpipelineprxy.dll
    2009-09-18 15:40:48 37665 ----a-w- c:\windows\fonts\GlobalUserInterface.CompositeFont
    2009-09-10 16:48:01 218624 ----a-w- c:\windows\system32\msv1_0.dll
    2009-09-10 14:59:26 8147456 ----a-w- c:\windows\system32\wmploc.DLL
    2009-09-10 14:58:28 310784 ----a-w- c:\windows\system32\unregmp2.exe
    2008-01-21 02:43:21 174 --sha-w- c:\program files\desktop.ini
    2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
    2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
    2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
    2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
    2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
    2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
    2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
    2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat

    ============= FINISH: 16:33:31.89 ===============
     
    chrysis1995,
    #1
  2. 2009/12/08
    Admin.

    Admin. Administrator Administrator Staff

    Joined:
    2001/12/30
    Messages:
    6,687
    Likes Received:
    107
    I see you have P2P software ( Limewire, BitTorrent, uTorrent etc… ) installed on your machine. We are not here to pass judgment on file-sharing as a concept. However, we will warn you that engaging in this activity and having this kind of software installed on your machine will always make you more susceptible to re-infections. It may be contributing to your current situation. This page will give you further information.

    Please note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares and their infections.

    References for the risk of these programs are here, and here.

    I would strongly recommend that you uninstall them,

    Note: Please be advised that continued use of these programs after being warned of the danger of infections from them, may result in the discontinued help of future cleaning of your system here at WindowsBBS Malware and Virus removal.

    A Malware expert will have a look at your log in due course.
     
    Admin.,
    #2


  3. to hide this advert.

  4. 2009/12/08
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Print these instructions out.

    NOTE. If any of the programs listed below refuse to run, try renaming executive file to something else; for instance, rename hijackthis.exe to scanner.exe

    ***VERY IMPORTANT! Make sure, you update Superantispyware, and Malwarebytes before running the scans.***

    STEP 1. Download SUPERAntiSpyware Free for Home Users:
    http://www.superantispyware.com/

    * Double-click SUPERAntiSpyware.exe and use the default settings for installation.
    * An icon will be created on your desktop. Double-click that icon to launch the program.
    * If asked to update the program definitions, click "Yes ". If not, update the definitions before scanning by selecting "Check for Updates ". (If you encounter any problems while downloading the updates, manually download and unzip them from here: http://www.superantispyware.com/definitions.html.)
    * Close SUPERAntiSpyware.

    PHYSICALLY DISCONNECT FROM THE INTERNET

    Restart computer in Safe Mode.
    To enter Safe Mode, restart computer, and keep tapping F8 key, until menu appears; select Safe Mode; you'll see "Safe Mode" in all four corners of your screen

    * Open SUPERAntiSpyware.
    * Click Scan your Computer... button.
    * Click Scanning Preferences/Control Center... button.
    * Under General and Startup tab, make sure, Start SUPERAntiSpyware when Windows starts option is UN-checked.
    * Click the Scanning Control tab.
    * Under Scanner Options make sure the following are checked (leave all others unchecked):
    • Close browsers before scanning.
    • Terminate memory threats before quarantining.
    * Click the Close button to leave the control center screen.
    * On the left, make sure you check C:\Fixed Drive.
    * On the right, choose Perform Complete Scan.
    * Click Next to start the scan. Please be patient while it scans your computer.
    * After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click OK.
    * Make sure everything has a checkmark next to it and click Next.
    * A notification will appear that Quarantine and Removal is Complete. Click OK and then click the Finish button to return to the main menu.
    * If asked if you want to reboot, click Yes.
    * To retrieve the removal information after reboot, launch SUPERAntispyware again.
    • Click Preferences, then click the Statistics/Logs tab.
    • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
    • Please copy and paste the Scan Log results in your next reply.
    * Click Close to exit the program.
    Post SUPERAntiSpyware log.

    RECONNECT TO THE INTERNET

    RESTART COMPUTER!

    STEP 2. Download Malwarebytes' Anti-Malware: http://www.malwarebytes.org/mbam.php to your desktop.
    (Malwarebytes is free to use as a manual scanner. Payment is only required if you wish to have it run and update automatically which is not necessary for our purposes)

    ******************************************************************************************
    Due to a bug in Malwarebytes, you may see in MBAM's log following entries:
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\atapi (Rootkit)
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\atapi (Rootkit)
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\atapi (Rootkit)
    DO NOT remove those entries!
    If you do, your computer will become UN-bootable.
    The issue has been fixed in the latest MBAM update, so, it's EXTREMELY important, you update MBAM before you run it.
    ****************************************************************************************

    * Double-click mbam-setup.exe and follow the prompts to install the program.
    * At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
    * If an update is found, it will download and install the latest version.
    * Once the program has loaded, select Perform full scan, then click Scan.
    * When the scan is complete, click OK, then Show Results to view the results.
    * Be sure that everything is checked, and click Remove Selected.
    * When completed, a log will open in Notepad.
    * Post the log back here.

    The log can also be found here:
    C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
    Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

    RESTART COMPUTER!

    STEP 3. Download GMER: http://www.gmer.net/files.php, by clicking on Download EXE button.
    Alternative downloads:
    - http://majorgeeks.com/GMER_d5198.html
    - http://www.softpedia.com/get/Interne...ers/GMER.shtml
    Double click on downloaded .exe file, select Rootkit tab and click the Scan button.
    When scan is completed, click Save button, and save the results as gmer.log
    Warning ! Please, do not select the "Show all" checkbox during the scan.
    Post the log to your next reply.

    RESTART COMPUTER

    STEP 4. Download HijackThis:
    http://www.trendsecure.com/portal/en-US/tools/security_tools/hijackthis/download
    by clicking on Download HijackThis Installer
    Install, and run it.
    Post HijackThis log.
    NOTE. If you're using Vista, right click on HijackThis, and click Run as Administrator
    Do NOT attempt to "fix" anything!


    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
     
    broni,
    #3

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...