Inactive IE 8 doesn't shut properly in Win 7 OS

jpaz · 2010/12/20

[Inactive] IE 8 doesn't shut properly in Win 7 OS

Dear people,
I am encountering a rather upsetting problem with my IE 8 running in Win 7 64 BIT Enviroment.
Whenever I try to close or download a file, i recieve error message -
When I clicked details it shows lot's of info but I think whats importent is -
Error location - BEX
Error Module - WINUTIL5.DLL

I have ran the entire Malware and Virus Removal steps:
MBAM results -
Malwarebytes' Anti-Malware 1.50
www.malwarebytes.org

גרסת מסד נתונים: 5360

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

20/12/2010 13:29:18
יומן סריקת MBAM, it's in Hebrew so I will try to translate

סוג הסריקה: סריקה מהירה
סריקת אובייקטים: 151441
הזמן שחלף: 2 דקות, 28 שניות

תהליכי זיכרון נגועים: 0
זכרונות מודלים נגועים: 0
מפתחות רישום נגועים Infected Registry Key: 12
ערכי רישום נגועים: 0
פריטי נתוני רישום נגועים: 0
תיקיות נגועות Infected Folders: 1
קבצים נגועים:Infected Files 4

תהליכי זיכרון נגועים:
(לא נמצאו פריטים זדוניים)

זכרונות מודלים נגועים:
(לא נמצאו פריטים זדוניים)

מפתחות רישום נגועים:Infected Registry Key
HKEY_CLASSES_ROOT\Smart-Shopper2.HbAx (Adware.SmartShopper) -> No action taken.
HKEY_CLASSES_ROOT\Smart-Shopper2.HbAx.1 (Adware.SmartShopper) -> No action taken.
HKEY_CLASSES_ROOT\Smart-Shopper2.HbInfoBand (Adware.SmartShopper) -> No action taken.
HKEY_CLASSES_ROOT\Smart-Shopper2.HbInfoBand.1 (Adware.SmartShopper) -> No action taken.
HKEY_CLASSES_ROOT\Smart-Shopper2.IEButton (Adware.SmartShopper) -> No action taken.
HKEY_CLASSES_ROOT\Smart-Shopper2.IEButton.1 (Adware.SmartShopper) -> No action taken.
HKEY_CLASSES_ROOT\Smart-Shopper2.IEButtonA (Adware.SmartShopper) -> No action taken.
HKEY_CLASSES_ROOT\Smart-Shopper2.IEButtonA.1 (Adware.SmartShopper) -> No action taken.
HKEY_CLASSES_ROOT\Smart-Shopper2.IEButtonB (Adware.SmartShopper) -> No action taken.
HKEY_CLASSES_ROOT\Smart-Shopper2.IEButtonB.1 (Adware.SmartShopper) -> No action taken.
HKEY_CLASSES_ROOT\Smart-Shopper2.Smrt-ShprCtrl (Adware.SmartShopper) -> No action taken.
HKEY_CLASSES_ROOT\Smart-Shopper2.Smrt-ShprCtrl.1 (Adware.SmartShopper) -> No action taken.

ערכי רישום נגועים:
(לא נמצאו פריטים זדוניים)

פריטי נתוני רישום נגועים:
(לא נמצאו פריטים זדוניים)

תיקיות נגועות:Infected Folders
c:\programdata\microsoft\Windows\start menu\Programs\smartshopper (Adware.SmartShopper) -> No action taken.

קבצים נגועים:Infected Files
c:\programdata\microsoft\Windows\start menu\Programs\smartshopper\smartshopper - compare product prices.lnk (Adware.SmartShopper) -> No action taken.
c:\programdata\microsoft\Windows\start menu\Programs\smartshopper\smartshopper - compare travel rate.lnk (Adware.SmartShopper) -> No action taken.
c:\programdata\microsoft\Windows\start menu\Programs\smartshopper\smartshopper help.lnk (Adware.SmartShopper) -> No action taken.
c:\programdata\microsoft\Windows\start menu\Programs\smartshopper\uninstall smartshopper.lnk (Adware.SmartShopper) -> No action taken.

GMER Results:
GMER 1.0.15.15530 - http://www.gmer.net
Rootkit scan 2010-12-20 13:46:01
Windows 6.1.7600
Running: GMAR.exe

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\5cac4ceca2fd
Reg HKLM\SYSTEM\CurrentControlSet\services\LanmanServer\Shares@\x5c0\5\x5c1\5\xf88d\5א\5ױ\5ג\5\xf891\5 CSCFlags=0?MaxUses=4294967295?Path=C:\Users\167375?Permissions=9?ShareName=????????Type=0?
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\5cac4ceca2fd (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\LanmanServer\Shares@\x5c0\5\x5c1\5\xf88d\5א\5ױ\5ג\5\xf891\5 CSCFlags=0?MaxUses=4294967295?Path=C:\Users\167375?Permissions=9?ShareName=????????Type=0?

---- EOF - GMER 1.0.15 ----

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows 7 Home Premium Edition
Windows Information: (build 7600), 64-bit
Base Board Manufacturer: Dell Inc.
BIOS Manufacturer: Dell Inc.
System Manufacturer: Dell Inc.
System Product Name: Inspiron N5010
Logical Drives Mask: 0x0000001c

Kernel Drivers (total 208):
0x02C57000 \SystemRoot\system32\ntoskrnl.exe
0x02C0E000 \SystemRoot\system32\hal.dll
0x00BBD000 \SystemRoot\system32\kdcom.dll
0x00C4B000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x00C8F000 \SystemRoot\system32\PSHED.dll
0x00CA3000 \SystemRoot\system32\CLFS.SYS
0x00D01000 \SystemRoot\system32\CI.dll
0x00E60000 \SystemRoot\system32\drivers\Wdf01000.sys
0x00F04000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x00F13000 \SystemRoot\system32\DRIVERS\ACPI.sys
0x00F6A000 \SystemRoot\system32\DRIVERS\WMILIB.SYS
0x00F73000 \SystemRoot\system32\DRIVERS\msisadrv.sys
0x00F7D000 \SystemRoot\system32\DRIVERS\pci.sys
0x00FB0000 \SystemRoot\system32\DRIVERS\vdrvroot.sys
0x00FBD000 \SystemRoot\System32\drivers\partmgr.sys
0x00FD2000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x00FDB000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x00FE7000 \SystemRoot\system32\DRIVERS\volmgr.sys
0x00E00000 \SystemRoot\System32\drivers\volmgrx.sys
0x00DC1000 \SystemRoot\System32\drivers\mountmgr.sys
0x01073000 \SystemRoot\system32\DRIVERS\iaStor.sys
0x0127D000 \SystemRoot\system32\DRIVERS\atapi.sys
0x01286000 \SystemRoot\system32\DRIVERS\ataport.SYS
0x012B0000 \SystemRoot\system32\DRIVERS\msahci.sys
0x012BB000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS
0x012CB000 \SystemRoot\system32\DRIVERS\amdxata.sys
0x012D6000 \SystemRoot\system32\drivers\fltmgr.sys
0x01322000 \SystemRoot\system32\drivers\fileinfo.sys
0x01336000 \SystemRoot\System32\Drivers\PxHlpa64.sys
0x01434000 \SystemRoot\System32\Drivers\Ntfs.sys
0x01342000 \SystemRoot\System32\Drivers\msrpc.sys
0x015D6000 \SystemRoot\System32\Drivers\ksecdd.sys
0x01000000 \SystemRoot\System32\Drivers\cng.sys
0x01400000 \SystemRoot\System32\drivers\pcw.sys
0x01411000 \SystemRoot\System32\Drivers\Fs_Rec.sys
0x01675000 \SystemRoot\system32\drivers\ndis.sys
0x01767000 \SystemRoot\system32\drivers\NETIO.SYS
0x017C7000 \SystemRoot\System32\Drivers\ksecpkg.sys
0x01803000 \SystemRoot\System32\drivers\tcpip.sys
0x01600000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x01A7F000 \SystemRoot\system32\DRIVERS\timntr.sys
0x01B68000 \SystemRoot\system32\DRIVERS\volsnap.sys
0x01C54000 \SystemRoot\system32\DRIVERS\tdrpm258.sys
0x01DC0000 \SystemRoot\System32\Drivers\spldr.sys
0x01C00000 \SystemRoot\system32\DRIVERS\snapman.sys
0x01BB4000 \SystemRoot\System32\drivers\rdyboost.sys
0x01C40000 \SystemRoot\System32\Drivers\mup.sys
0x01DC8000 \SystemRoot\System32\drivers\hwpolicy.sys
0x01A00000 \SystemRoot\System32\DRIVERS\fvevol.sys
0x01DD1000 \SystemRoot\system32\DRIVERS\disk.sys
0x01A3A000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
0x04473000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x0449D000 \SystemRoot\system32\DRIVERS\MpFilter.sys
0x044CA000 \SystemRoot\System32\Drivers\Null.SYS
0x044D3000 \SystemRoot\System32\Drivers\Beep.SYS
0x044DA000 \SystemRoot\System32\drivers\vga.sys
0x044E8000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x0450D000 \SystemRoot\System32\drivers\watchdog.sys
0x0451D000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x04526000 \SystemRoot\system32\drivers\rdpencdd.sys
0x0452F000 \SystemRoot\system32\drivers\rdprefmp.sys
0x04538000 \SystemRoot\System32\Drivers\Msfs.SYS
0x04543000 \SystemRoot\System32\Drivers\Npfs.SYS
0x04554000 \SystemRoot\system32\DRIVERS\tdx.sys
0x04572000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x0457F000 \SystemRoot\System32\DRIVERS\netbt.sys
0x0308D000 \SystemRoot\system32\drivers\afd.sys
0x03117000 \SystemRoot\system32\DRIVERS\wfplwf.sys
0x03120000 \SystemRoot\system32\DRIVERS\pacer.sys
0x03146000 \SystemRoot\system32\DRIVERS\vwififlt.sys
0x0315C000 \SystemRoot\system32\DRIVERS\netbios.sys
0x0316B000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x03186000 \SystemRoot\system32\DRIVERS\termdd.sys
0x0319A000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x031EB000 \SystemRoot\system32\drivers\nsiproxy.sys
0x03000000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x0300B000 \SystemRoot\System32\drivers\discache.sys
0x0301A000 \SystemRoot\System32\Drivers\dfsc.sys
0x03038000 \SystemRoot\system32\DRIVERS\blbdrive.sys
0x03049000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x04C1F000 \SystemRoot\system32\DRIVERS\igdkmd64.sys
0x046F9000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x04600000 \SystemRoot\System32\drivers\dxgmms1.sys
0x04646000 \SystemRoot\system32\DRIVERS\HECIx64.sys
0x04657000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x04668000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x046BE000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x05A00000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x05A1E000 \SystemRoot\system32\DRIVERS\SynTP.sys
0x05A6D000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x05A6F000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x05A7E000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x045C4000 \SystemRoot\system32\DRIVERS\Impcd.sys
0x05A8D000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0x05DE7000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x046E2000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x05DEC000 \SystemRoot\system32\DRIVERS\CompositeBus.sys
0x04C00000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
0x04200000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x047ED000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x04224000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x0306F000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x0164A000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x013A0000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x04C16000 \SystemRoot\system32\DRIVERS\bcmvwl64.sys
0x05DFC000 \SystemRoot\system32\DRIVERS\swenum.sys
0x013BA000 \SystemRoot\system32\DRIVERS\ks.sys
0x045EB000 \SystemRoot\system32\DRIVERS\umbus.sys
0x05EFB000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x05F55000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x05F6A000 \SystemRoot\system32\DRIVERS\stwrt64.sys
0x05E00000 \SystemRoot\system32\DRIVERS\portcls.sys
0x05E3D000 \SystemRoot\system32\DRIVERS\drmk.sys
0x05E5F000 \SystemRoot\system32\drivers\ksthunk.sys
0x05E65000 \SystemRoot\system32\DRIVERS\IntcDAud.sys
0x00080000 \SystemRoot\System32\win32k.sys
0x05EAC000 \SystemRoot\System32\drivers\Dxapi.sys
0x05EB8000 \SystemRoot\System32\Drivers\crashdmp.sys
0x04253000 \SystemRoot\System32\Drivers\dump_iaStor.sys
0x05EC6000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
0x05ED9000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x00C00000 \SystemRoot\System32\Drivers\usbvideo.sys
0x062B0000 \SystemRoot\system32\DRIVERS\CtClsFlt.sys
0x062DB000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x062E9000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x06302000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x0630B000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x06318000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0x06333000 \SystemRoot\system32\DRIVERS\monitor.sys
0x06341000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0x004E0000 \SystemRoot\System32\TSDDD.dll
0x00780000 \SystemRoot\System32\cdd.dll
0x0634F000 \SystemRoot\system32\drivers\luafv.sys
0x06372000 \SystemRoot\system32\drivers\WudfPf.sys
0x06393000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x063A8000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x06200000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x06213000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x06235000 \SystemRoot\System32\Drivers\fastfat.SYS
0x02CCD000 \SystemRoot\system32\drivers\HTTP.sys
0x02D95000 \SystemRoot\system32\DRIVERS\bowser.sys
0x02DB3000 \SystemRoot\System32\drivers\mpsdrv.sys
0x02DCB000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x02C00000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x02C4E000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x02C71000 \SystemRoot\system32\DRIVERS\afcdp.sys
0x04A7C000 \SystemRoot\system32\drivers\peauth.sys
0x04B22000 \SystemRoot\system32\drivers\btusbflt.sys
0x04B32000 \SystemRoot\System32\Drivers\BTHUSB.sys
0x04B4A000 \SystemRoot\System32\Drivers\bthport.sys
0x04A00000 \SystemRoot\system32\DRIVERS\rfcomm.sys
0x04A2C000 \SystemRoot\system32\DRIVERS\BthEnum.sys
0x04A3C000 \SystemRoot\system32\DRIVERS\bthpan.sys
0x0583C000 \SystemRoot\system32\DRIVERS\btwavdt.sys
0x058B7000 \SystemRoot\system32\drivers\btwaudio.sys
0x0593D000 \SystemRoot\system32\DRIVERS\btwl2cap.sys
0x05949000 \SystemRoot\system32\DRIVERS\btwrchid.sys
0x0594D000 \SystemRoot\System32\Drivers\secdrv.SYS
0x05958000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x05985000 \SystemRoot\System32\drivers\tcpipreg.sys
0x05997000 \SystemRoot\System32\DRIVERS\srv2.sys
0x072A4000 \SystemRoot\System32\DRIVERS\srv.sys
0x0733A000 \SystemRoot\system32\drivers\BCM42RLY.sys
0x07343000 \SystemRoot\system32\DRIVERS\WUDFRd.sys
0x073E5000 \SystemRoot\system32\DRIVERS\MpNWMon.sys
0x05A96000 \SystemRoot\system32\DRIVERS\bcmwl664.sys
0x07200000 \SystemRoot\system32\DRIVERS\vwifibus.sys
0x0720D000 \SystemRoot\system32\DRIVERS\vwifimp.sys
0x77790000 \Windows\System32\ntdll.dll
0x47690000 \Windows\System32\smss.exe
0xFFAB0000 \Windows\System32\apisetschema.dll
0xFFCD0000 \Windows\System32\autochk.exe
0xFF9D0000 \Windows\System32\usp10.dll
0xFF960000 \Windows\System32\gdi32.dll
0xFF940000 \Windows\System32\imagehlp.dll
0xFF8C0000 \Windows\System32\difxapi.dll
0xFF660000 \Windows\System32\iertutil.dll
0xFF5C0000 \Windows\System32\msvcrt.dll
0xFF4B0000 \Windows\System32\msctf.dll
0xFF4A0000 \Windows\System32\lpk.dll
0xFF470000 \Windows\System32\imm32.dll
0xFF340000 \Windows\System32\rpcrt4.dll
0xFF160000 \Windows\System32\setupapi.dll
0xFEFE0000 \Windows\System32\urlmon.dll
0x77690000 \Windows\System32\user32.dll
0xFEFD0000 \Windows\System32\nsi.dll
0xFEF80000 \Windows\System32\ws2_32.dll
0xFEEA0000 \Windows\System32\advapi32.dll
0xFEE50000 \Windows\System32\Wldap32.dll
0xFEE30000 \Windows\System32\sechost.dll
0x77570000 \Windows\System32\kernel32.dll
0xFED90000 \Windows\System32\clbcatq.dll
0xFED10000 \Windows\System32\shlwapi.dll
0xFEC30000 \Windows\System32\oleaut32.dll
0xFEB90000 \Windows\System32\comdlg32.dll
0xFEA60000 \Windows\System32\wininet.dll
0x77960000 \Windows\System32\normaliz.dll
0xFDCD0000 \Windows\System32\shell32.dll
0xFDAC0000 \Windows\System32\ole32.dll
0x77950000 \Windows\System32\psapi.dll
0xFDA20000 \Windows\System32\comctl32.dll
0xFD9E0000 \Windows\System32\cfgmgr32.dll
0xFD9C0000 \Windows\System32\devobj.dll
0xFD980000 \Windows\System32\wintrust.dll
0xFD810000 \Windows\System32\crypt32.dll
0xFD7A0000 \Windows\System32\KernelBase.dll
0xFD790000 \Windows\System32\msasn1.dll
0x756F0000 \Windows\SysWOW64\normaliz.dll

Processes (total 69):
0 System Idle Process
4 System
452 C:\Windows\System32\smss.exe
620 csrss.exe
728 C:\Windows\System32\wininit.exe
744 csrss.exe
792 C:\Windows\System32\services.exe
820 C:\Windows\System32\lsass.exe
828 C:\Windows\System32\lsm.exe
908 C:\Windows\System32\winlogon.exe
980 C:\Windows\System32\svchost.exe
524 C:\Windows\System32\svchost.exe
576 C:\Program Files\Microsoft Security Essentials\MsMpEng.exe
516 C:\Windows\System32\svchost.exe
1036 C:\Windows\System32\svchost.exe
1068 C:\Windows\System32\svchost.exe
1112 C:\Program Files\IDT\WDM\stacsv64.exe
1272 C:\Windows\System32\svchost.exe
1384 C:\Windows\System32\svchost.exe
1500 C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE
1540 C:\Program Files\Dell\DW WLAN Card\BCMWLTRY.EXE
1968 C:\Windows\System32\taskhost.exe
2004 C:\Windows\System32\dwm.exe
2044 C:\Windows\System32\spoolsv.exe
1316 C:\Windows\System32\svchost.exe
1644 C:\Windows\explorer.exe
2088 C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
2108 C:\Program Files\IDT\WDM\AESTSr64.exe
2224 C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
2232 C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
2264 C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
2332 C:\Windows\System32\svchost.exe
2368 C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
2420 C:\Program Files (x86)\Common Files\microsoft shared\VS7DEBUG\mdm.exe
2468 C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
2716 C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
3064 C:\Windows\System32\svchost.exe
3148 WUDFHost.exe
3312 WmiPrvSE.exe
3416 C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
3468 C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
3484 C:\Windows\System32\conhost.exe
3576 C:\Windows\System32\rundll32.exe
3828 C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe
3940 C:\Program Files\Dell\QuickSet\quickset.exe
3964 C:\Program Files\IDT\WDM\sttray64.exe
3476 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
3656 C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
3760 C:\Program Files\Dell\DW WLAN Card\WLTRAY.EXE
3748 C:\Windows\System32\igfxtray.exe
3524 C:\Windows\System32\hkcmd.exe
3708 C:\Windows\System32\igfxpers.exe
3772 C:\Program Files\Microsoft Security Essentials\msseces.exe
1812 C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
3956 C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
3104 C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
4228 C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
4416 C:\Windows\System32\SearchIndexer.exe
4808 C:\Program Files\Windows Media Player\wmpnetwk.exe
2796 C:\Windows\System32\svchost.exe
976 C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
3996 C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
3320 C:\Windows\System32\wuauclt.exe
1608 C:\Users\167375\Desktop\GMAR.exe
3340 C:\Windows\System32\audiodg.exe
4600 C:\Windows\System32\wlanext.exe
1020 C:\Windows\System32\conhost.exe
4848 \\Sagivavi\
2696 C:\Windows\System32\conhost.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000003`afd00000 (NTFS)

PhysicalDrive0 Model Number: SAMSUNGHM321HI, Rev: 2AJ10001

Size Device Name MBR Status
--------------------------------------------
298 GB \\.\PhysicalDrive0 Unknown MBR code
SHA1: FDDCA5E0C8B6CE20A905CF4F023347B822E0808A

Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:

DDS Results:

DDS (Ver_10-12-12.02) - NTFS_AMD64
Run by 167375 at 13:55:58.37 on Mon 12/20/2010
Internet Explorer: 8.0.7600.16385
Microsoft Windows 7 Home Premium 6.1.7600.0.1255.972.1037.18.3895.2530 [GMT 2:00]

AV: Microsoft Security Essentials *Enabled/Updated* {BF5CEBDC-F2D3-7540-343C-F0CE11FD6E66}
SP: Microsoft Security Essentials *Enabled/Updated* {043D0A38-D4E9-7ACE-0E8C-CBBC6A7A24DB}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files\Microsoft Security Essentials\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\IDT\WDM\STacSV64.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE
C:\Program Files\Dell\DW WLAN Card\bcmwltry.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\IDT\WDM\AESTSr64.exe
C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\rundll32.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Dell\DW WLAN Card\WLTRAY.EXE
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Microsoft Security Essentials\msseces.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Windows\system32\wuauclt.exe
C:\Users\167375\Desktop\GMAR.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
\\Sagivavi\שולחן העבודה\ליוני\dds.scr
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uSearch Page = hxxp://www.google.com
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT1425416
uSearch Bar = hxxp://www.google.com/ie
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uURLSearchHooks: Radio G Toolbar: {f228c6a4-a593-4017-944c-4e7958fb3177} - C:\Program Files (x86)\Radio_G\tbRadi.dll
mURLSearchHooks: Radio G Toolbar: {f228c6a4-a593-4017-944c-4e7958fb3177} - C:\Program Files (x86)\Radio_G\tbRadi.dll
mWinlogon: Userinit=userinit.exe,
BHO: PCCBHO.CPCCBHO: {22fc6ce8-7d47-479f-b74a-bfbb04adb9af} - C:\Program Files (x86)\Winferno\PC Confidential\PCCBHO.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
BHO: Radio G Toolbar: {f228c6a4-a593-4017-944c-4e7958fb3177} - C:\Program Files (x86)\Radio_G\tbRadi.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
TB: Radio G Toolbar: {f228c6a4-a593-4017-944c-4e7958fb3177} - C:\Program Files (x86)\Radio_G\tbRadi.dll
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
mRun: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
mRun: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe "
mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe "
mRun: [TrueImageMonitor.exe] C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
mRunOnce: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe
mRunOnce: [DSUpdateLauncher] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe" /NOCONSOLE /D= "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate" /RUNAS "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe "
mRunOnce: [STToasterLauncher] C:\Program Files (x86)\Dell DataSafe Local Backup\toasterLauncher.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: &ייצוא אל Microsoft Excel - C:\PROGRA~2\MIF5BA~1\Office12\EXCEL.EXE/3000
IE: Add to Google Photos Screensa&ver - C:\Windows\system32\GPhotos.scr/200
IE: שלח עמוד ל&התקן Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: שלח תמונה ל&התקן Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: {53F6FCCD-9E22-4d71-86EA-6E43136192AB} - C:\Program Files (x86)\Winferno\PC Confidential\PCConfidential.exe
IE: {925DAB62-F9AC-4221-806A-057BFB1014AA} - C:\Program Files (x86)\Winferno\PC Confidential\PCConfidential.exe
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MIF5BA~1\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MIF5BA~1\Office12\REFIEBAR.DLL
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
TB-X64: {F228C6A4-A593-4017-944C-4E7958FB3177} - No File
mRun-x64: [QuickSet] C:\Program Files\Dell\QuickSet\QuickSet.exe
mRun-x64: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe
mRun-x64: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
mRun-x64: [Broadcom Wireless Manager UI] C:\Program Files\Dell\DW WLAN Card\WLTRAY.exe
mRun-x64: [IgfxTray] C:\Windows\system32\igfxtray.exe
mRun-x64: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
mRun-x64: [Persistence] C:\Windows\system32\igfxpers.exe
mRun-x64: [Acronis Scheduler2 Service] "C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe "
mRun-x64: [MSSE] "C:\Program Files\Microsoft Security Essentials\msseces.exe" -hide -runkey
IE-X64: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

============= SERVICES / DRIVERS ===============

R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2010-10-15 55280]
R0 tdrpman258;Acronis Try&Decide and Restore Points filter (build 258);C:\Windows\System32\drivers\tdrpm258.sys [2010-11-14 1477728]
R1 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2010-3-25 173984]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\System32\drivers\vwififlt.sys [2009-7-14 59904]
R2 AESTFilters;Andrea ST Filters Service;C:\Program Files\IDT\WDM\AESTSr64.exe [2010-10-15 89600]
R2 afcdpsrv;Acronis Nonstop Backup service;C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [2010-11-14 2480048]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-10-15 13336]
R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2010-10-15 689472]
R2 UNS;Intel(R) Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-10-15 2320920]
R3 afcdp;afcdp;C:\Windows\System32\drivers\afcdp.sys [2010-11-14 251488]
R3 BcmVWL;Broadcom Virtual Wireless;C:\Windows\System32\drivers\bcmvwl64.sys [2010-10-15 20984]
R3 btusbflt;Bluetooth USB Filter;C:\Windows\System32\drivers\btusbflt.sys [2010-10-15 53800]
R3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\System32\drivers\btwl2cap.sys [2010-10-15 35104]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\System32\drivers\CtClsFlt.sys [2010-10-15 172704]
R3 HECIx64;Intel(R) Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2010-10-15 56344]
R3 Impcd;Impcd;C:\Windows\System32\drivers\Impcd.sys [2010-10-15 158976]
R3 IntcDAud;Intel(R) Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2010-10-15 271872]
R3 MpNWMon;Microsoft Malware Protection Network Driver;C:\Windows\System32\drivers\MpNWMon.sys [2010-3-25 40832]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\System32\drivers\vwifimp.sys [2009-7-14 17920]
S3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2010-10-15 325152]
S3 WatAdminSvc;השירות 'טכנולוגיות הפעלה של Windows;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-11-22 1255736]
S3 WSDPrintDevice;תמיכה בהדפסה של WSD דרך UMB;C:\Windows\System32\drivers\WSDPrint.sys [2009-7-14 23040]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\System32\drivers\yk62x64.sys [2009-6-10 389120]

=============== Created Last 30 ================

2010-12-20 11:48:45 8199504 ----a-w- C:\PROGRA~3\Microsoft\Microsoft Antimalware\Definition Updates\{9CB66349-566E-42AB-A38B-8C760682A290}\mpengine.dll
2010-12-20 11:24:04 -------- d-----w- C:\Users\167375\AppData\Roaming\Malwarebytes
2010-12-20 11:24:00 38224 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
2010-12-20 11:23:59 -------- d-----w- C:\PROGRA~3\Malwarebytes
2010-12-20 11:23:56 24152 ----a-w- C:\Windows\System32\drivers\mbam.sys
2010-12-20 11:23:55 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2010-12-20 10:08:30 -------- d-----w- C:\Program Files\CCleaner
2010-12-19 16:42:50 -------- d-----w- C:\Program Files (x86)\Radio_G
2010-12-19 16:19:57 3124224 ----a-w- C:\Windows\System32\win32k.sys
2010-12-11 15:09:09 -------- d-----w- C:\Users\167375\AppData\Roaming\FreeFileViewer
2010-12-11 11:14:05 -------- d-----w- C:\Program Files (x86)\FreeFileViewer
2010-12-11 11:10:46 -------- d-----w- C:\Users\167375\AppData\Roaming\Uniblue
2010-12-11 11:10:36 -------- d-----w- C:\Program Files (x86)\Free Offers from Freeze.com
2010-12-11 11:10:33 -------- d-----w- C:\Users\167375\AppData\Local\PackageAware
2010-12-11 11:07:37 835584 ----a-w- C:\Windows\SysWow64\WINCTL4.OCX
2010-12-11 11:07:37 495616 ----a-w- C:\Windows\SysWow64\WINUTIL5.DLL
2010-12-11 11:07:37 393216 ----a-w- C:\Windows\SysWow64\WINLCTL5.DLL
2010-12-11 11:07:37 -------- d-----w- C:\Program Files (x86)\Common Files\Winferno
2010-12-11 11:07:36 212240 ----a-w- C:\Windows\SysWow64\Richtx32.ocx
2010-12-11 11:07:35 -------- d-----w- C:\Program Files (x86)\Winferno
2010-12-11 11:05:46 -------- d-----w- C:\Program Files (x86)\Smart-Shopper2
2010-12-02 20:37:05 -------- d-----w- C:\Users\167375\AppData\Local\ElevatedDiagnostics
2010-11-28 09:38:17 -------- d-----w- C:\Users\167375\קובצי הגיבוי שלי
2010-11-26 17:07:29 -------- d-----w- C:\Users\167375\AppData\Roaming\Reallusion
2010-11-25 20:12:48 7680 ----a-w- C:\Program Files\Internet Explorer\iecompat.dll
2010-11-25 20:12:48 7680 ----a-w- C:\Program Files (x86)\Internet Explorer\iecompat.dll
2010-11-25 19:33:42 99176 ----a-w- C:\Windows\SysWow64\PresentationHostProxy.dll
2010-11-25 19:33:42 49472 ----a-w- C:\Windows\SysWow64\netfxperf.dll
2010-11-25 19:33:42 48960 ----a-w- C:\Windows\System32\netfxperf.dll
2010-11-25 19:33:42 444752 ----a-w- C:\Windows\System32\mscoree.dll
2010-11-25 19:33:42 320352 ----a-w- C:\Windows\System32\PresentationHost.exe
2010-11-25 19:33:42 297808 ----a-w- C:\Windows\SysWow64\mscoree.dll
2010-11-25 19:33:42 295264 ----a-w- C:\Windows\SysWow64\PresentationHost.exe
2010-11-25 19:33:42 1942856 ----a-w- C:\Windows\System32\dfshim.dll
2010-11-25 19:33:42 1130824 ----a-w- C:\Windows\SysWow64\dfshim.dll
2010-11-25 19:33:42 109912 ----a-w- C:\Windows\System32\PresentationHostProxy.dll
2010-11-23 13:06:37 4582912 ----a-w- C:\Program Files\Windows NT\Accessories\wordpad.exe
2010-11-23 13:06:37 4247040 ----a-w- C:\Program Files (x86)\Windows NT\Accessories\wordpad.exe
2010-11-23 13:06:37 2085376 ----a-w- C:\Windows\System32\ole32.dll
2010-11-23 13:06:36 1413632 ----a-w- C:\Windows\SysWow64\ole32.dll
2010-11-23 13:06:03 961024 ----a-w- C:\Windows\System32\CPFilters.dll
2010-11-23 13:06:03 641536 ----a-w- C:\Windows\SysWow64\CPFilters.dll
2010-11-23 13:06:03 552960 ----a-w- C:\Windows\System32\msdri.dll
2010-11-23 13:06:02 288256 ----a-w- C:\Windows\System32\MSNP.ax
2010-11-23 13:06:02 258560 ----a-w- C:\Windows\System32\mpg2splt.ax
2010-11-23 13:06:02 204288 ----a-w- C:\Windows\SysWow64\MSNP.ax
2010-11-23 13:06:01 199680 ----a-w- C:\Windows\SysWow64\mpg2splt.ax
2010-11-23 13:05:07 1896832 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2010-11-23 13:02:26 5474184 ----a-w- C:\Windows\System32\ntoskrnl.exe
2010-11-23 13:02:25 3964800 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2010-11-23 13:02:25 3909512 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2010-11-23 13:00:19 340992 ----a-w- C:\Windows\System32\schannel.dll
2010-11-23 13:00:18 224256 ----a-w- C:\Windows\SysWow64\schannel.dll
2010-11-23 13:00:14 633856 ----a-w- C:\Windows\System32\comctl32.dll
2010-11-23 13:00:13 530432 ----a-w- C:\Windows\SysWow64\comctl32.dll
2010-11-23 12:57:43 558592 ----a-w- C:\Windows\System32\spoolsv.exe
2010-11-23 12:36:48 1877504 ----a-w- C:\Windows\System32\msxml3.dll
2010-11-23 12:36:48 1233920 ----a-w- C:\Windows\SysWow64\msxml3.dll
2010-11-23 12:36:47 27008 ----a-w- C:\Windows\System32\drivers\Diskdump.sys
2010-11-22 08:14:33 167424 ----a-w- C:\Program Files\Windows Media Player\wmplayer.exe
2010-11-22 08:14:33 164864 ----a-w- C:\Program Files (x86)\Windows Media Player\wmplayer.exe
2010-11-22 08:14:32 12625408 ----a-w- C:\Windows\SysWow64\wmploc.DLL
2010-11-22 08:14:31 12625920 ----a-w- C:\Windows\System32\wmploc.DLL
2010-11-22 08:14:24 463360 ----a-w- C:\Windows\System32\drivers\srv.sys
2010-11-22 08:14:23 9728 ----a-w- C:\Windows\SysWow64\sscore.dll
2010-11-22 08:14:23 402944 ----a-w- C:\Windows\System32\drivers\srv2.sys
2010-11-22 08:14:23 236032 ----a-w- C:\Windows\System32\srvsvc.dll
2010-11-22 08:14:23 161792 ----a-w- C:\Windows\System32\drivers\srvnet.sys
2010-11-22 08:10:07 -------- d-----w- C:\Windows\SysWow64\Wat
2010-11-22 08:10:07 -------- d-----w- C:\Windows\System32\Wat
2010-11-20 17:04:36 148992 ----a-w- C:\Windows\System32\t2embed.dll
2010-11-20 17:04:36 109056 ----a-w- C:\Windows\SysWow64\t2embed.dll
2010-11-20 17:04:17 483840 ----a-w- C:\Windows\System32\StructuredQuery.dll
2010-11-20 17:04:17 363520 ----a-w- C:\Windows\SysWow64\StructuredQuery.dll
2010-11-20 16:51:41 861184 ----a-w- C:\Windows\System32\oleaut32.dll
2010-11-20 16:51:41 571904 ----a-w- C:\Windows\SysWow64\oleaut32.dll
2010-11-20 16:11:56 52224 ----a-w- C:\Windows\System32\rtutils.dll
2010-11-20 16:11:56 37376 ----a-w- C:\Windows\SysWow64\rtutils.dll
2010-11-20 16:08:52 82944 ----a-w- C:\Windows\SysWow64\iccvid.dll
2010-11-20 16:08:52 223448 ----a-w- C:\Windows\System32\drivers\fvevol.sys
2010-11-20 16:06:49 738816 ----a-w- C:\Windows\SysWow64\wmpmde.dll
2010-11-20 16:06:49 1024512 ----a-w- C:\Windows\System32\wmpmde.dll
2010-11-20 16:02:51 954752 ----a-w- C:\Windows\SysWow64\mfc40.dll
2010-11-20 16:02:51 954288 ----a-w- C:\Windows\SysWow64\mfc40u.dll
2010-11-20 15:43:52 8199504 ----a-w- C:\PROGRA~3\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

==================== Find3M ====================

2010-11-14 09:20:53 251488 ----a-w- C:\Windows\System32\drivers\afcdp.sys
2010-11-14 09:20:52 1477728 ----a-w- C:\Windows\System32\drivers\tdrpm258.sys
2010-11-14 09:20:46 943712 ----a-w- C:\Windows\System32\drivers\timntr.sys
2010-11-14 09:20:44 257120 ----a-w- C:\Windows\System32\drivers\snapman.sys
2010-11-04 06:35:53 1194496 ----a-w- C:\Windows\System32\wininet.dll
2010-11-04 06:31:34 57856 ----a-w- C:\Windows\System32\licmgr10.dll
2010-11-04 05:52:17 978944 ----a-w- C:\Windows\SysWow64\wininet.dll
2010-11-04 05:48:36 44544 ----a-w- C:\Windows\SysWow64\licmgr10.dll
2010-11-04 05:16:14 482816 ----a-w- C:\Windows\System32\html.iec
2010-11-04 04:41:26 386048 ----a-w- C:\Windows\SysWow64\html.iec
2010-11-04 04:35:37 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
2010-11-04 04:08:54 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2010-11-02 05:18:17 524288 ----a-w- C:\Windows\System32\wmicmiplugin.dll
2010-11-02 05:17:38 473600 ----a-w- C:\Windows\System32\taskcomp.dll
2010-11-02 05:17:38 1169408 ----a-w- C:\Windows\System32\taskschd.dll
2010-11-02 05:16:53 1114624 ----a-w- C:\Windows\System32\schedsvc.dll
2010-11-02 05:10:47 464384 ----a-w- C:\Windows\System32\taskeng.exe
2010-11-02 05:10:32 285696 ----a-w- C:\Windows\System32\schtasks.exe
2010-11-02 04:40:36 496128 ----a-w- C:\Windows\SysWow64\taskschd.dll
2010-11-02 04:40:36 305152 ----a-w- C:\Windows\SysWow64\taskcomp.dll
2010-11-02 04:34:44 192000 ----a-w- C:\Windows\SysWow64\taskeng.exe
2010-11-02 04:34:33 179712 ----a-w- C:\Windows\SysWow64\schtasks.exe
2010-10-27 05:06:22 2048 ----a-w- C:\Windows\System32\tzres.dll
2010-10-27 04:32:36 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2010-10-20 05:20:01 46080 ----a-w- C:\Windows\System32\atmlib.dll
2010-10-20 04:54:18 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
2010-10-20 03:05:46 367104 ----a-w- C:\Windows\System32\atmfd.dll
2010-10-20 02:58:41 294400 ----a-w- C:\Windows\SysWow64\atmfd.dll
2010-10-19 20:51:33 270720 ------w- C:\Windows\System32\MpSigStub.exe
2010-10-16 05:23:13 112000 ----a-w- C:\Windows\System32\consent.exe
2010-10-16 05:19:41 395776 ----a-w- C:\Windows\System32\webio.dll
2010-10-16 04:36:10 314368 ----a-w- C:\Windows\SysWow64\webio.dll
2010-10-15 16:59:46 74 --sh--r- C:\Windows\CT4CET.bin
2010-10-15 16:34:52 455680 ----a-w- C:\Windows\System32\deployJava1.dll
2010-10-15 16:24:40 51712 ----a-w- C:\Windows\System32\drivers\usbehci.sys
2010-10-15 16:24:40 343040 ----a-w- C:\Windows\System32\drivers\usbhub.sys
2010-10-15 16:23:52 30296 ----a-w- C:\Windows\System32\drivers\msahci.sys
2010-10-15 16:23:38 630272 ----a-w- C:\Windows\System32\evr.dll
2010-10-15 16:23:38 488448 ----a-w- C:\Windows\SysWow64\evr.dll
2010-10-15 16:23:23 327680 ----a-w- C:\Windows\System32\drivers\udfs.sys
2010-10-15 16:23:08 70656 ----a-w- C:\Windows\SysWow64\fontsub.dll
2010-10-15 16:23:08 100864 ----a-w- C:\Windows\System32\fontsub.dll
2010-10-15 16:22:46 91648 ----a-w- C:\Windows\System32\isoburn.exe
2010-10-15 16:22:46 86528 ----a-w- C:\Windows\SysWow64\isoburn.exe
2010-10-15 16:19:22 311808 ----a-w- C:\Windows\System32\msv1_0.dll
2010-10-15 16:19:22 257024 ----a-w- C:\Windows\SysWow64\msv1_0.dll
2010-10-15 16:19:15 46592 ----a-w- C:\Windows\System32\msasn1.dll
2010-10-15 16:19:15 34816 ----a-w- C:\Windows\SysWow64\msasn1.dll
2010-10-15 16:18:41 982600 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys
2010-10-15 16:18:41 1975296 ----a-w- C:\Windows\System32\CertEnroll.dll
2010-10-15 16:18:41 1320960 ----a-w- C:\Windows\SysWow64\CertEnroll.dll

============= FINISH: 13:56:25.16 ===============

Attach results (also DDS):

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-12-12.02)

Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 11/11/2010 13:59:27
System Uptime: 20/12/2010 13:30:09 (0 hours ago)

Motherboard: Dell Inc. | | 0WXY9J
Processor: Intel(R) Core(TM) i3 CPU M 350 @ 2.27GHz | CPU 1 | 2261/533mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 283 GiB total, 248.236 GiB free.
D: is CDROM ()
E: is Removable

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP19: 25/11/2010 21:47:29 - Windows Update
RP20: 25/11/2010 23:44:30 - Windows Update
RP21: 26/11/2010 19:04:53 - Windows Update
RP22: 26/11/2010 19:51:50 - Windows Update
RP23: 26/11/2010 22:23:21 - Windows Update
RP24: 26/11/2010 22:39:38 - Windows Update
RP25: 28/11/2010 09:01:46 - Windows Update
RP26: 28/11/2010 09:08:58 - Windows Update
RP27: 28/11/2010 12:28:40 - Configured Microsoft Office Enterprise 2007
RP28: 28/11/2010 23:17:34 - Windows Update
RP29: 29/11/2010 14:25:10 - Windows Update
RP30: 29/11/2010 14:31:52 - Windows Update
RP31: 30/11/2010 03:00:14 - Windows Update
RP32: 02/12/2010 15:39:19 - Windows Update
RP33: 03/12/2010 00:33:13 - Windows Update
RP34: 11/12/2010 12:26:03 - Windows Update
RP35: 11/12/2010 13:25:49 - Windows Update
RP36: 11/12/2010 20:06:53 - Configured Microsoft Office Enterprise 2007
RP37: 11/12/2010 20:30:52 - Windows Update
RP38: 12/12/2010 13:48:09 - Windows Update
RP39: 12/12/2010 14:54:44 - Windows Update
RP40: 12/12/2010 19:33:18 - Windows Update
RP41: 12/12/2010 23:03:46 - Windows Update
RP42: 12/12/2010 23:11:47 - Windows Update
RP43: 13/12/2010 17:14:02 - Windows Update
RP44: 13/12/2010 19:59:24 - Windows Update
RP45: 13/12/2010 23:56:54 - Windows Update
RP46: 19/12/2010 18:13:56 - Windows Update
RP47: 19/12/2010 18:20:17 - Windows Update
RP48: 19/12/2010 22:35:44 - Windows Update
RP49: 20/12/2010 11:49:42 - Windows Update

==== Installed Programs ======================

עדכון עבור מסנן דואר הזבל של Microsoft Office Powerpoint 2007 Help (KB963669)
2007 Microsoft Office Suite Service Pack 2 (SP2)
Acronis*True*Image*Home
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Advanced Audio FX Engine
AdvancedDefrag 4.2
Cisco EAP-FAST Module
Cisco LEAP Module
Cisco PEAP Module
Classic Menu 3.x for Office 2007
Dell DataSafe Local Backup
Dell DataSafe Local Backup - Support Software
Dell Webcam Central
DustBuster 2.9.5.1
Free File Viewer 2010
Glary Utilities 2.20.0.831
Intel(R) Control Center
Intel(R) Graphics Media Accelerator Driver
Intel(R) Management Engine Components
Intel(R) Rapid Storage Technology
Junk Mail filter update
Live! Cam Avatar Creator
Malwarebytes' Anti-Malware
Microsoft Choice Guard
Microsoft Office 2010
Microsoft Office Access MUI (Hebrew) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (Hebrew) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (Hebrew) 2007
Microsoft Office InfoPath MUI (Hebrew) 2007
Microsoft Office OneNote MUI (Hebrew) 2007
Microsoft Office Outlook MUI (Hebrew) 2007
Microsoft Office PowerPoint MUI (Hebrew) 2007
Microsoft Office Proof (Arabic) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Hebrew) 2007
Microsoft Office Proof (Russian) 2007
Microsoft Office Proofing (Hebrew) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (Hebrew) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared MUI (Hebrew) 2007
Microsoft Office Word MUI (Hebrew) 2007
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft XML Parser
MSVCRT
Nero 8 Micro 8.1.1.4
PC Confidential 2008
Picasa 3
Plus Pack for Acronis True Image Home 2010
Radio G Toolbar
Roxio Burn
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2289158)
Security Update for 2007 Microsoft Office System (KB2344875)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for Microsoft Office Access 2007 (KB979440)
Security Update for Microsoft Office Excel 2007 (KB2345035)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office Outlook 2007 (KB2288953)
Security Update for Microsoft Office PowerPoint 2007 (KB982158)
Security Update for Microsoft Office PowerPoint Viewer (KB2413381)
Security Update for Microsoft Office Publisher 2007 (KB982124)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
Skypeâ„¢ 5.0
SmartShopper
Update for 2007 Microsoft Office System (KB2284654)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Outlook 2007 Junk Email Filter (KB2443839)
WinASO Registry Optimizer 4.6.0
Windows 7 Codec Pack 2.6.1
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Mail
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Toolbar
Windows Live Upload Tool
Windows Live Writer
WinRAR archiver
WinUtilities 9.37 Professinal Edition
Your Uninstaller! 2010
Zoner Photo Studio 12

==== End Of File ===========================

I'm awaiting your reply, thanks a bunch in advance
Cheerio,
Joni

broni · 2010/12/20

Welcome aboard

Please, observe following rules:

Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.

If you're stuck, or you're not sure about certain step, always ask before doing anything else.

Please refrain from running tools or applying updates other than those I suggest.

Never run more than one scan at a time.

Keep updating me regarding your computer behavior, good, or bad.

The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.

If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.

I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

==============================================================

Your MBAM log says "No action taken" after each run.
Re-run MBAM, FIX all issues and post fresh log.

Download Bootkit Remover to your Desktop.

You then need to extract the remover.exe file from the RAR using a program capable of extracing RAR compressed files. If you don't have an extraction program, you can use 7-Zip: http://www.7-zip.org/

After extracing remover.exe to your Desktop, double-click on remover.exe to run the program (Vista/7 users,right click on remover.exe and click Run As Administrator.

It will show a Black screen with some data on it.

Right click on the screen and click Select All.

Press CTRL+C

Open a Notepad and press CTRL+V

Post the output back here.

broni · 2010/12/26

Reopened.

jpaz · 2010/12/26

Broni hi,
I haven't been around my machine in the past few days,
I'm still troubled by the IE 8 problem, which doesn't allow me to shut down the browser unless I force it using Start Task Manager..
I've tried to rerun MBAM, although now I keep on getting a clean log.. which says my machine isn't infected.
I have downloaded Bootkit Remover and ran it - these are the results:

Bootkit Remover
(c) 2009 eSage Lab
www.esagelab.com

Program version: 1.2.0.0
OS Version: Microsoft Windows 7 Home Premium Edition (build 7600), 64-bit

System volume is \\.\C:
\\.\C: -> \\.\PhysicalDrive0 at offset 0x00000003`afd00000
Boot sector MD5 is: 66e0c2c6ed219ab16964595c0eeffc8a

Size Device Name MBR Status
--------------------------------------------
298 GB \\.\PhysicalDrive0 Unknown boot code

Unknown boot code has been found on some of your physical disks.
To inspect the boot code manually, dump the master boot sector:
remover.exe dump <device_name> [output_file]
To disinfect the master boot sector, use the following command:
remover.exe fix <device_name>

Done;
Press any key to quit...

I hope it makes sense to you better then it dows to me.
Have a Merry Christmas and a happy new year,
Thanks in advance
Joni

broni · 2010/12/26

We just barely started....

It seems to be something wrong with your MBR, but since it's Dell, we have to be careful, because fixing the MBR may prevent access the the Dell Restore Utility, which allows you to press a key on startup and revert your computer to a factory delivered state.

So, first, I want you to try to access Dell Restore Utility and see, if you can do it.
Just see, if you can get there and do nothing else, because it'd wipe out all your data.

Log in or Sign up

Inactive IE 8 doesn't shut properly in Win 7 OS

jpaz Inactive Thread Starter

broni Moderator Malware Analyst

broni Moderator Malware Analyst

jpaz Inactive Thread Starter

broni Moderator Malware Analyst

Share This Page

Log in or Sign up

Inactive IE 8 doesn't shut properly in Win 7 OS

jpaz Inactive Thread Starter

broni Moderator Malware Analyst

broni Moderator Malware Analyst

jpaz Inactive Thread Starter

broni Moderator Malware Analyst

Share This Page

Useful Searches