Need help

Dell Studio laptop with intel core 2 duo...
February 23, 2010 at 12:56:48
Specs: Windows 7
Turned on my computer tonight and I'm infected with constant pop-ups telling me to download Antivirus Pro 2010. It won't let me turn the Windows firewall back on. its not allowing me to open anysites.

Also, I once again have a problem I had earlier this year with search engines (Google
, Yahoo, and even Bing I think) getting redirected.

Help cleaning up & fixing this ASAP would be appreciated. Thanks.


See More: Need help

Report •


#1
February 23, 2010 at 14:46:34
Google

http://www.google.co.uk/search?
hl=en&q=Antivirus+Pro+2010&meta=&rlz=1I7GGLL_en-GB


Report •

#2
February 23, 2010 at 15:48:55
Not working. Can you please tell me someother way to do.

Thanks


Report •

#3
February 24, 2010 at 11:55:11
None of those suggestions worked?

I hvae no idea then.


Report •

Related Solutions

#4
February 26, 2010 at 16:22:05
You should definitely try to run Malwarebytes. You can download it here.

Install it on your computer and when you open it for the first time, go to update tab and click the update button just to ensure that everything is up to date. Then, click on the Scanner Tab and run a Full Scan. When the scan is complete, click the view log button and then click the removed selected button. The computer should reboot and things should be back in order.

Hope everything works out for you. If Malwarebytes doesn't rid you of your problem, then try SuperAntiSpyware.


Report •

#5
February 26, 2010 at 16:50:34
Hi

Thanks for your help. The thing is I can not open internet
Explorer or download anything. I am working on Safari right
now. My laptop is not allowing me to download anything. Can
you please help me first to access my internet explorer and
after that I will able to download antivirus in my systems.


Report •

#6
February 27, 2010 at 02:47:27
You will need to download Malwarebytes using another pc. The install on yours


Report •

#7
February 27, 2010 at 08:28:40
You have been infected by a particularly stubborn Trojan downloader that could be very hard to clean. As a worst-case scenario, you may have to format the hard drive and reload from scratch. You may also try this: remove the hard drive from the laptop, install it in a 2.5" external enclosure with USB cable, plug it into a different PC that has a good antivirus program, and run a virus scan on your drive (whatever drive letter has been assigned to it by the working PC. e.g., F: or G:). Make sure the working PC also has the program Malwarebytes running, and do a complete scan your hard drive with that as well. I have had some success removing your virus this way. Let us know how you do.

1 Corinthians 15:3-4


Report •

#8
February 27, 2010 at 09:13:10
Formatting sound a little extreme at this point. You do have a rootkit infection but we should be asle to remove it.

To get internet explorer working again first try this.

Go to start> control panel> internet options> connections> lan settings> uncheck the box beside " use a proxy server , etc> check the box beside "automatically detect settings>ok> ok.

That is one way that the internet explorer can be reconfigured by a virus, let us know if it worked please.


Report •

#9
February 27, 2010 at 09:44:12
Hi

When I try to click on internet option it says
C:\Windows\systems32\rundll32.exe Application not found..
Please tell me wht should I do now?


Report •

#10
February 27, 2010 at 10:44:50
Because of your infection this fix may not work but for s few minutes, if it works download and run MalwareBytes a s quick as possible and run it per the instruction below.

The following is a registry edit that should repair some .exe commands.

Open notepad (Start Menu > Run > Type notepad and press "ok".

Copy and paste everything into notepad between the x's making regedit4 the top line.
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
Windows Registry Editor Version 5.00

Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\exefile\shell\open\command]
@="\"%1\" %*"

XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

Go to File on the top bar and choose" Save As", Change the "Save As Type" to All Files, Name it Fix.reg then save it to your desktop.

Double click Fix.reg (or right click and choose Merge) and it will ask if you want to merge the contents into the registry, choose Yes.

Please download Malwarebytes' Anti-Malware from one of these sites:

MalwareBytes1

MalwareBytes2

Rename the setup file, mbam-setup.exe, before you download it. To do that once the "enter name of file to save to" box appears as the download begins in the filename box rename mbam-setup.exe to tool.exe> click save.

1. Double Click tool.exe to install the application.
2. Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
3. If an update is found, it will download and install the latest version.
4. Once the program has loaded, select "Perform Quick Scan", then click Scan. The scan may take some time to finish,so please be patient.
5. When the scan is complete, click OK, then Show Results to view the results.
6. Make sure that everything found is checked, and click Remove Selected.
7. When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.
8. The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
9. Copy&Paste the entire report in your next reply.



Report •

#11
February 27, 2010 at 15:15:16
Malwarebytes' Anti-Malware 1.44
Database version: 3804
Windows 6.0.6001 Service Pack 1
Internet Explorer 8.0.6001.18882

2/27/2010 4:46:11 PM
mbam-log-2010-02-27 (16-46-11).txt

Scan type: Full Scan (C:\|E:\|)
Objects scanned: 301303
Time elapsed: 2 hour(s), 30 minute(s), 8 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 3
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\svchost.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\userinit (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\qronasevegu (Trojan.Agent.U) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_CLASSES_ROOT\.exe\(default) (Hijacked.exeFile) -> Bad: (secfile) Good: (exefile) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


Report •

#12
February 27, 2010 at 16:20:08
It is a rootkit and we only crippled it so do this as so as you can.

We need to see the results of the following scan before we run a tools called combofix.

Download DDS and save it to your desktop.
DDS.scr


Disable any script blocker if your Anti-Virus/Anti-Malware has it.
Once downloaded you can disconnect from the Internet and disable your Ant-Virus temporarily if needed.
Then double click dds.scr to run the tool.
When done, the DDS.txt will open.
Click Yes at the next prompt for Optional Scan.

When done, DDS will open two (2) logs:
1. DDS.txt
2. Attach.txt

Save both reports to your desktop then post them please.


Report •

#13
February 27, 2010 at 17:35:48

DDS (Ver_09-12-01.01) - NTFSx86
Run by Pranali at 19:30:52.17 on Sat 02/27/2010
Internet Explorer: 8.0.6001.18882
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.3034.1281 [GMT -6:00]

SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_ae0b52e0\STacSV.exe
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Dell\DellDock\DockLogin.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\WLTRYSVC.EXE
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\bcmwltry.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_ae0b52e0\aestsrv.exe
C:\Program Files\Common Files\Dell\apache\bin\httpd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Dell\MySQL\bin\mysqld.exe
C:\Program Files\Common Files\Dell\Remote Access File Sync Service\dsl_fs_sync.exe
C:\Program Files\Common Files\Dell\apache\bin\httpd.exe
c:\Program Files\Common Files\Dell\Advanced Networking Service\hnm_svc.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Dell\DellDock\DellDock.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Dell Remote Access\ezi_ra.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Windows\sminst\sftservice.EXE
C:\Windows\system32\svchost.exe -k imgsvc
C:\ProgramData\UltraVNC\winvnc.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\RUNDLL32.EXE
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\ProgramData\UltraVNC\winvnc.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\McAfee\MSC\mcshell.exe
C:\Program Files\Common Files\McAfee\Core\mchost.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
c:\PROGRA~1\mcafee\VIRUSS~1\mcvsshld.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Live\Toolbar\wltuser.exe
C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10d.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Pranali\dds.scr

============== Pseudo HJT Report ===============

uSearch Page =
uStart Page = about:blank
uWindow Title = Internet Explorer provided by Dell
uSearch Bar =
uDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = hxxp://www.yahoo.com/
mDefault_Page_URL = hxxp://www.yahoo.com/
mDefault_Search_URL = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
mSearch Page = hxxp://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant =
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan\scriptsn.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.5.4723.1820\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: {D0523BB4-21E7-11DD-9AB7-415B56D89593} - No File
TB: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [Messenger (Yahoo!)] "c:\program files\yahoo!\messenger\YahooMessenger.exe" -quiet
uRun: [googletalk] "c:\program files\google\google talk\googletalk.exe" /autostart
uRun: [Weather] c:\program files\aws\weatherbug\Weather.exe 1
uRun: [VibeFireAlerts]
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
mRun: [dellsupportcenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P dellsupportcenter
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [mcagent_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
StartupFolder: c:\users\pranali\appdata\roaming\micros~1\windows\startm~1\programs\startup\delldo~1.lnk - c:\program files\dell\delldock\DellDock.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\dellre~1.lnk - c:\windows\installer\{f66a31d9-7831-4fba-ba02-c411c0047cc5}\NewShortcut4_F66A31D978314FBABA02C411C0047CC5.exe
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
IE: {53F6FCCD-9E22-4d71-86EA-6E43136192AB}
IE: {925DAB62-F9AC-4221-806A-057BFB1014AA}
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL
DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} -
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Notify: GoToAssist - c:\program files\citrix\gotoassist\514\G2AWinLogon.dll
Notify: igfxcui - igfxdev.dll

============= SERVICES / DRIVERS ===============

R1 ElRawDisk;ElRawDisk;c:\windows\system32\drivers\dddsk.sys [2009-5-28 22312]
R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2009-5-4 214664]
R2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\driverstore\filerepository\stwrt.inf_ae0b52e0\AEstSrv.exe [2009-5-4 81920]
R2 Apache2.2;Remote Access Media Server;c:\program files\common files\dell\apache\bin\httpd.exe [2007-9-21 15872]
R2 DockLoginService;Dock Login Service;c:\program files\dell\delldock\DockLogin.exe [2008-12-18 155648]
R2 dsl-db;Remote Access DB;c:\program files\common files\dell\mysql\bin\mysqld.exe [2007-9-14 5730304]
R2 dsl-fs-sync;Remote Access File Sync Service;c:\program files\common files\dell\remote access file sync service\dsl_fs_sync.exe [2009-1-5 173296]
R2 McProxy;McAfee Proxy Service;c:\progra~1\common~1\mcafee\mcproxy\mcproxy.exe [2009-5-4 359952]
R2 McShield;McAfee Real-time Scanner;c:\progra~1\mcafee\viruss~1\mcshield.exe [2009-5-4 144704]
R2 SftService;SoftThinks Agent Service;c:\windows\sminst\SftService.exe [2009-5-4 632048]
R2 uvnc_service;UltraVNC Server;c:\programdata\ultravnc\winvnc.exe -service --> c:\programdata\ultravnc\winvnc.exe -service [?]
R2 yksvc;Marvell Yukon Service;RUNDLL32.EXE ykx32coinst,serviceStartProc --> RUNDLL32.EXE ykx32coinst,serviceStartProc [?]
R3 McSysmon;McAfee SystemGuards;c:\progra~1\mcafee\viruss~1\mcsysmon.exe [2009-5-4 606736]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2009-5-4 79816]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2009-5-4 35272]
R3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2009-5-4 40552]
R3 OA009Ufd;Creative Camera OA009 Upper Filter Driver;c:\windows\system32\drivers\OA009Ufd.sys [2009-5-4 144672]
R3 OA009Vid;Creative Camera OA009 Function Driver;c:\windows\system32\drivers\OA009Vid.sys [2009-5-4 269216]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-2-23 135664]
S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2009-5-4 34248]
S3 PCD5SRVC{3F6A8B78-EC003E00-05040104};PCD5SRVC{3F6A8B78-EC003E00-05040104} - PCDR Kernel Mode Service Helper Driver;c:\progra~1\dellsu~1\hwdiag\bin\PCD5SRVC.pkms [2008-11-4 22904]

=============== Created Last 30 ================

2010-02-28 01:30:03 524288 ----a-w- c:\users\pranali\dds.scr
2010-02-27 20:14:15 0 d-----w- c:\users\pranali\appdata\roaming\Malwarebytes
2010-02-27 20:14:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-02-27 20:14:05 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-02-27 20:14:05 0 d-----w- c:\programdata\Malwarebytes
2010-02-27 20:14:05 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-02-27 20:10:07 5115824 ----a-w- c:\users\pranali\mbam-setup.exe.exe
2010-02-27 17:03:57 0 d-----w- C:\My Music
2010-02-25 00:26:35 2048 ----a-w- c:\windows\system32\tzres.dll
2010-02-25 00:25:40 523776 ----a-w- c:\windows\system32\RMActivate_isv.exe
2010-02-25 00:25:40 511488 ----a-w- c:\windows\system32\RMActivate.exe
2010-02-25 00:25:40 472576 ----a-w- c:\windows\system32\secproc_isv.dll
2010-02-25 00:25:40 472064 ----a-w- c:\windows\system32\secproc.dll
2010-02-25 00:25:40 347136 ----a-w- c:\windows\system32\RMActivate_ssp.exe
2010-02-25 00:25:40 346624 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe
2010-02-25 00:25:39 151040 ----a-w- c:\windows\system32\secproc_ssp_isv.dll
2010-02-25 00:25:39 151040 ----a-w- c:\windows\system32\secproc_ssp.dll
2010-02-25 00:25:38 329216 ----a-w- c:\windows\system32\msdrm.dll
2010-02-23 23:04:29 322366531 ----a-w- c:\windows\MEMORY.DMP
2010-02-23 22:24:19 767952 ----a-w- c:\windows\BDTSupport.dll.old
2010-02-23 22:24:18 1640400 ----a-w- c:\windows\PCTBDCore.dll.old
2010-02-23 22:14:22 0 d-----w- c:\program files\Spyware Doctor
2010-02-23 22:14:22 0 d-----w- c:\program files\common files\PC Tools
2010-02-23 21:50:52 0 d-----w- c:\programdata\Google Updater
2010-02-23 15:51:47 0 d-----w- c:\program files\common files\Symantec Shared
2010-02-22 03:49:03 0 d-----w- c:\programdata\Google
2010-02-10 00:02:27 1314816 ----a-w- c:\windows\system32\quartz.dll
2010-02-05 04:39:04 18499623 ----a-w- c:\programdata\vlc-1.0.5-win32.exe
2010-02-02 02:19:29 0 d-----w- c:\program files\iPod
2010-02-02 02:19:23 0 d-----w- c:\program files\iTunes
2010-01-31 05:37:11 0 d-----w- c:\windows\system32\drivers\NSS
2010-01-31 05:37:11 0 d-----w- c:\programdata\Symantec
2010-01-31 05:37:11 0 d-----w- c:\programdata\Norton
2010-01-31 05:37:11 0 d-----w- c:\program files\Norton Security Scan
2010-01-31 05:37:08 0 d-----w- c:\programdata\NortonInstaller
2010-01-31 05:37:08 0 d-----w- c:\program files\NortonInstaller
2010-01-31 02:37:07 0 d-----w- c:\windows\system32\Adobe
2010-01-31 02:36:51 4384320 ----a-w- c:\users\pranali\Shockwave_Installer_Slim.exe

==================== Find3M ====================

2010-01-02 06:38:20 916480 ----a-w- c:\windows\system32\wininet.dll
2010-01-02 06:32:33 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-01-02 06:32:33 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-01-02 04:57:00 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-12-28 12:35:50 11776 ----a-w- c:\windows\system32\tsbyuv.dll
2009-12-28 12:32:34 22528 ----a-w- c:\windows\system32\msyuv.dll
2009-12-28 12:32:32 31744 ----a-w- c:\windows\system32\msvidc32.dll
2009-12-28 12:32:32 123904 ----a-w- c:\windows\system32\msvfw32.dll
2009-12-28 12:32:25 13312 ----a-w- c:\windows\system32\msrle32.dll
2009-12-28 12:31:22 82944 ----a-w- c:\windows\system32\mciavi32.dll
2009-12-28 12:31:01 50176 ----a-w- c:\windows\system32\iyuv_32.dll
2009-12-28 12:28:43 91136 ----a-w- c:\windows\system32\avifil32.dll
2009-12-28 12:28:43 65024 ----a-w- c:\windows\system32\avicap32.dll
2009-12-26 06:16:00 18030130 ----a-w- c:\programdata\vlc-1.0.3-win32.exe
2009-12-14 19:15:14 2146304 ----a-w- c:\windows\system32\GPhotos.scr
2009-12-08 20:36:58 3600472 ----a-w- c:\windows\system32\ntkrnlpa.exe
2009-12-08 20:36:58 3548760 ----a-w- c:\windows\system32\ntoskrnl.exe
2009-09-15 01:26:02 86016 ----a-w- c:\windows\inf\infstor.dat
2009-09-15 01:26:02 51200 ----a-w- c:\windows\inf\infpub.dat
2009-09-15 01:26:02 143360 ----a-w- c:\windows\inf\infstrng.dat
2009-05-05 03:16:19 665600 ----a-w- c:\windows\inf\drvindex.dat
2008-01-21 02:43:21 174 --sha-w- c:\program files\desktop.ini
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2009-05-05 00:55:03 75 --sh--r- c:\windows\CT4CET.bin
2009-07-24 01:40:23 32768 --sha-w- c:\windows\temp\cookies\index.dat
2009-07-24 01:40:23 32768 --sha-w- c:\windows\temp\history\history.ie5\index.dat
2009-07-24 01:40:23 49152 --sha-w- c:\windows\temp\temporary internet files\content.ie5\index.dat
2009-05-05 02:52:23 8192 --sha-w- c:\windows\users\default\NTUSER.DAT

============= FINISH: 19:33:53.94 ===============


Report •

#14
February 27, 2010 at 17:38:22

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-12-01.01)

Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume3
Install Date: 5/4/2009 2:26:55 PM
System Uptime: 2/27/2010 5:43:59 PM (2 hours ago)

Motherboard: Dell Inc. | | 0G848F
Processor: Pentium(R) Dual-Core CPU T4200 @ 2.00GHz | Microprocessor | 2000/200mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 218 GiB total, 109.959 GiB free.
E: is FIXED (NTFS) - 15 GiB total, 7.368 GiB free.
F: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================


==== Installed Programs ======================

Acrobat.com
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.1
Adobe Shockwave Player 11.5
Advanced Audio FX Engine
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Banctec Service Agreement
Bonjour
Cisco EAP-FAST Module
Cisco LEAP Module
Cisco PEAP Module
Compatibility Pack for the 2007 Office system
Dell-eBay
Dell DataSafe Local Backup
Dell DataSafe Local Backup - Support Software
Dell DataSafe Online
Dell Dock
Dell Edoc Viewer
Dell Getting Started Guide
Dell Remote Access
Dell Support Center (Support Software)
Dell Touchpad
Dell Video Chat
Dell Webcam Central
Dell Wireless WLAN Card Utility
DELL0703
Google Talk (remove only)
Google Toolbar for Internet Explorer
Google Update Helper
GoToAssist 8.0.0.514
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Integrated Webcam Driver (1.00.02.0825)
Intel® Matrix Storage Manager
iPhone Configuration Utility
iTunes
Java(TM) 6 Update 13
Junk Mail filter update
Live! Cam Avatar Creator
Malwarebytes' Anti-Malware
McAfee SecurityCenter
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Office Professional Edition 2003
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Works
MobileMe Control Panel
MSVCRT
Norton Security Scan
OGA Notifier 2.0.0048.0
Picasa 3
PowerDVD
QuickSet
QuickTime
RealPlayer
Safari
Security Update for CAPICOM (KB931906)
Spelling Dictionaries Support For Adobe Reader 9
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
VLC media player 0.9.2
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Mail
Windows Live Messenger
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Toolbar
Windows Live Upload Tool
Windows Live Writer
Windows Media Player Firefox Plugin
Yahoo! Messenger

==== End Of File ===========================


Report •

#15
February 27, 2010 at 18:29:45
Go to start> control panel> click the java icon> update> update now. The newest java update is version 6 update 18.

Next go to control panel> add/remove programs and uninstall "Norton's Security Scan".

Please download Combofix with internet explorer instead of other browsers if possible.Remember..your McAfee antivirus and Spyware Doctor must be turned off or disabled before running ComboFix. The clickable link "This Link" in the ComboFix tutorial will help you get them disabled.

Please download ComboFix to the desktop from one of the following links:

ComboFix

Rename the setup file, combofix.exe, before you download it. To do that once the "enter name of file to save to" box appears as the download begins in the filename box rename combofix.exe to to Combo-Fix> click save.
Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved and renamed following this process directly to your desktop.
If you are using Firefox, make sure that your download settings are as follows:
Tools->Options->Main tab
Set to "Always ask me where to Save the files".

Please do not rename Combofix to other names, but only to the one indicated.
Close any open browsers.
Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
-----------------------------------------------------------
Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
Click on This Link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
-----------------------------------------------------------
Close any open browsers.
WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
-----------------------------------------------------------
Double click on Combo-Fix.exe & follow the prompts.
Install the recovery console when asked.
When finished, it will produce a report for you.
Please post the "C:\Combo-Fix.txt" .
Note: Do not mouseclick combo-fix's window while it's running. That may cause it to hang.


Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.
Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security.

Please do not install any new programs or update anything unless told to do so while we are fixing your problem.


Report •

#16
February 27, 2010 at 19:22:05
Do you want me to post Combofix log?

Report •

#17
February 27, 2010 at 19:33:20
Yes, please post the Combofix log.

Report •

#18
February 27, 2010 at 19:40:01
thanks

Report •

#19
February 27, 2010 at 19:41:07
ComboFix 10-02-27.04 - Pranali 02/27/2010 21:00:52.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.3034.1387 [GMT -6:00]
Running from: c:\users\Pranali\ComboFix.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\$recycle.bin\S-1-5-21-2773397201-2855733099-4214572315-500
c:\$recycle.bin\S-1-5-21-711552644-1511835535-2139544425-500
c:\programdata\vlc-1.0.3-win32.exe
c:\programdata\vlc-1.0.5-win32.exe
c:\users\Pranali\AppData\Local\{669827C7-B0C4-4C71-8934-6DE1327757B9}
c:\users\Pranali\AppData\Local\{669827C7-B0C4-4C71-8934-6DE1327757B9}\chrome.manifest
c:\users\Pranali\AppData\Local\{669827C7-B0C4-4C71-8934-6DE1327757B9}\chrome\content\_cfg.js
c:\users\Pranali\AppData\Local\{669827C7-B0C4-4C71-8934-6DE1327757B9}\chrome\content\overlay.xul
c:\users\Pranali\AppData\Local\{669827C7-B0C4-4C71-8934-6DE1327757B9}\install.rdf
c:\users\Pranali\AppData\Local\Microsoft\Windows\Temporary Internet Files\5B3L17OXb.jpg
c:\users\Pranali\AppData\Local\Microsoft\Windows\Temporary Internet Files\61007mAOp.jpg
c:\users\Pranali\AppData\Local\Microsoft\Windows\Temporary Internet Files\M3PAmbb7.jpg
c:\users\Pranali\AppData\Local\Microsoft\Windows\Temporary Internet Files\n6MmOLBB.jpg
c:\windows\system32\oem7.inf
E:\Autorun.inf

.
((((((((((((((((((((((((( Files Created from 2010-01-28 to 2010-02-28 )))))))))))))))))))))))))))))))
.

2010-03-05 00:12 . 2010-03-05 00:12 -------- d-----w- c:\users\Guest\AppData\Roaming\Apple Computer
2010-02-28 03:10 . 2010-02-28 03:10 -------- d-----w- c:\users\Pranali\AppData\Local\temp
2010-02-28 02:52 . 2010-02-28 02:52 3874477 ----a-r- c:\users\Pranali\ComboFix.exe
2010-02-28 02:48 . 2010-02-28 02:49 -------- d-----w- c:\program files\MSN Toolbar
2010-02-28 02:46 . 2010-02-28 02:49 -------- d-----w- c:\program files\MSN Toolbar Installer
2010-02-28 01:30 . 2010-02-28 01:30 524288 ----a-w- c:\users\Pranali\dds.scr
2010-02-27 20:14 . 2010-02-27 20:14 -------- d-----w- c:\users\Pranali\AppData\Roaming\Malwarebytes
2010-02-27 20:14 . 2010-01-07 22:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-02-27 20:14 . 2010-02-27 20:14 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-02-27 20:14 . 2010-02-27 20:14 -------- d-----w- c:\programdata\Malwarebytes
2010-02-27 20:14 . 2010-01-07 22:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-02-27 20:10 . 2010-02-27 20:10 5115824 ----a-w- c:\users\Pranali\mbam-setup.exe.exe
2010-02-27 17:03 . 2010-02-27 17:03 -------- d-----w- C:\My Music
2010-02-25 00:26 . 2010-01-23 09:44 2048 ----a-w- c:\windows\system32\tzres.dll
2010-02-25 00:25 . 2010-01-25 12:48 472576 ----a-w- c:\windows\system32\secproc_isv.dll
2010-02-25 00:25 . 2010-01-25 12:48 472064 ----a-w- c:\windows\system32\secproc.dll
2010-02-25 00:25 . 2010-01-25 08:35 346624 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe
2010-02-25 00:25 . 2010-01-25 08:35 523776 ----a-w- c:\windows\system32\RMActivate_isv.exe
2010-02-25 00:25 . 2010-01-25 08:34 511488 ----a-w- c:\windows\system32\RMActivate.exe
2010-02-25 00:25 . 2010-01-25 08:34 347136 ----a-w- c:\windows\system32\RMActivate_ssp.exe
2010-02-25 00:25 . 2010-01-25 12:48 151040 ----a-w- c:\windows\system32\secproc_ssp_isv.dll
2010-02-25 00:25 . 2010-01-25 12:48 151040 ----a-w- c:\windows\system32\secproc_ssp.dll
2010-02-25 00:25 . 2010-01-25 12:45 329216 ----a-w- c:\windows\system32\msdrm.dll
2010-02-25 00:05 . 2010-02-25 00:45 -------- d-----w- c:\users\Guest\AppData\Local\Google
2010-02-23 23:26 . 2010-02-23 23:26 -------- d-----w- c:\users\Pranali\AppData\Local\Stardock_Corporation
2010-02-23 23:19 . 2010-02-23 23:19 -------- d-----w- c:\users\Pranali\AppData\Local\Threat Expert
2010-02-23 22:14 . 2010-02-27 23:44 -------- d-----w- c:\program files\Spyware Doctor
2010-02-23 22:14 . 2010-02-27 23:44 -------- d-----w- c:\program files\Common Files\PC Tools
2010-02-23 21:50 . 2010-02-23 21:55 -------- d-----w- c:\programdata\Google Updater
2010-02-23 15:51 . 2010-02-27 23:48 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-02-23 03:06 . 2010-03-05 00:12 -------- d-----w- c:\users\Guest\AppData\Local\Apple Computer
2010-02-10 00:02 . 2009-12-28 12:35 1314816 ----a-w- c:\windows\system32\quartz.dll
2010-02-02 02:19 . 2010-02-02 02:19 -------- d-----w- c:\program files\iPod
2010-02-02 02:19 . 2010-02-02 02:20 -------- d-----w- c:\program files\iTunes
2010-02-02 02:15 . 2010-02-02 02:15 -------- d-----w- c:\program files\QuickTime
2010-02-02 02:10 . 2010-02-02 02:10 72488 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 9.0.3.15\SetupAdmin.exe
2010-01-31 05:37 . 2010-02-28 02:43 -------- d-----w- c:\programdata\Norton
2010-01-31 05:37 . 2010-02-28 02:43 -------- d-----w- c:\programdata\Symantec
2010-01-31 05:37 . 2010-02-28 02:43 -------- d-----w- c:\program files\NortonInstaller
2010-01-31 05:37 . 2010-01-31 05:37 -------- d-----w- c:\programdata\NortonInstaller
2010-01-31 02:37 . 2010-01-31 02:37 -------- d-----w- c:\windows\system32\Adobe
2010-01-31 02:36 . 2010-01-31 02:36 4384320 ----a-w- c:\users\Pranali\Shockwave_Installer_Slim.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-28 02:44 . 2009-05-05 00:41 -------- d-----w- c:\program files\Java
2010-02-27 23:41 . 2009-05-29 00:55 -------- d-----w- c:\users\Pranali\AppData\Roaming\uTorrent
2010-02-27 00:09 . 2009-05-13 00:29 106600 ----a-w- c:\users\Pranali\AppData\Local\GDIPFONTCACHEV1.DAT
2010-02-23 22:25 . 2009-05-14 02:07 -------- d-----w- c:\program files\Google
2010-02-23 20:05 . 2010-01-20 01:06 0 ----a-w- c:\users\Pranali\AppData\Local\Rsehura.bin
2010-02-23 03:06 . 2009-11-20 03:17 106032 ----a-w- c:\users\Guest\AppData\Local\GDIPFONTCACHEV1.DAT
2010-02-22 00:52 . 2010-01-20 01:06 120 ----a-w- c:\users\Pranali\AppData\Local\Bkebe.dat
2010-02-19 00:43 . 2009-05-05 00:49 -------- d-----w- c:\program files\McAfee
2010-02-10 14:45 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-02-10 04:41 . 2010-01-20 01:02 -------- d-sh--w- c:\users\Pranali\AppData\Roaming\lowsec
2010-02-02 02:19 . 2009-05-18 23:53 -------- d-----w- c:\program files\Common Files\Apple
2010-01-21 14:54 . 2009-05-05 01:21 -------- d-----w- c:\program files\Microsoft Silverlight
2010-01-02 06:38 . 2010-02-20 16:42 916480 ----a-w- c:\windows\system32\wininet.dll
2010-01-02 06:32 . 2010-02-20 16:42 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-01-02 06:32 . 2010-02-20 16:42 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-01-02 04:57 . 2010-02-20 16:42 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-12-28 12:35 . 2010-02-10 00:02 11776 ----a-w- c:\windows\system32\tsbyuv.dll
2009-12-28 12:32 . 2010-02-10 00:02 22528 ----a-w- c:\windows\system32\msyuv.dll
2009-12-28 12:32 . 2010-02-10 00:02 31744 ----a-w- c:\windows\system32\msvidc32.dll
2009-12-28 12:32 . 2010-02-10 00:02 123904 ----a-w- c:\windows\system32\msvfw32.dll
2009-12-28 12:32 . 2010-02-10 00:02 13312 ----a-w- c:\windows\system32\msrle32.dll
2009-12-28 12:31 . 2010-02-10 00:02 82944 ----a-w- c:\windows\system32\mciavi32.dll
2009-12-28 12:31 . 2010-02-10 00:02 50176 ----a-w- c:\windows\system32\iyuv_32.dll
2009-12-28 12:28 . 2010-02-10 00:02 91136 ----a-w- c:\windows\system32\avifil32.dll
2009-12-28 12:28 . 2010-02-10 00:02 65024 ----a-w- c:\windows\system32\avicap32.dll
2009-12-14 19:15 . 2009-12-14 19:15 2146304 ----a-w- c:\windows\system32\GPhotos.scr
2009-12-11 12:07 . 2010-02-10 00:02 301568 ----a-w- c:\windows\system32\drivers\srv.sys
2009-12-11 12:07 . 2010-02-10 00:02 98304 ----a-w- c:\windows\system32\drivers\srvnet.sys
2009-12-08 20:52 . 2010-02-10 00:02 897624 ----a-w- c:\windows\system32\drivers\tcpip.sys
2009-12-08 20:36 . 2010-02-10 00:02 3600472 ----a-w- c:\windows\system32\ntkrnlpa.exe
2009-12-08 20:36 . 2010-02-10 00:02 3548760 ----a-w- c:\windows\system32\ntoskrnl.exe
2009-12-04 16:12 . 2010-02-10 00:02 212992 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2009-12-04 16:12 . 2010-02-10 00:02 105472 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2009-05-05 00:55 . 2009-05-05 00:55 75 --sh--r- c:\windows\CT4CET.bin
2009-05-05 02:52 . 2009-05-05 02:49 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-21 1233920]
"Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2009-03-18 4363504]
"googletalk"="c:\program files\Google\Google Talk\googletalk.exe" [2007-11-21 3289088]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-02-23 39408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"dellsupportcenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-06-03 206064]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-08-13 177440]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2009-10-29 1218008]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-11-21 198160]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-11 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-01-23 141608]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-01-07 1394000]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
"MSN Toolbar"="c:\program files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe" [2009-12-09 240992]
"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-07-17 288080]

c:\users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-2-27 1316192]

c:\users\Pranali\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-2-27 1316192]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Remote Access.lnk - c:\windows\Installer\{F66A31D9-7831-4FBA-BA02-C411C0047CC5}\NewShortcut4_F66A31D978314FBABA02C411C0047CC5.exe [2009-5-4 53248]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2009-05-05 01:02 10536 ----a-w- c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

R1 ElRawDisk;ElRawDisk;c:\windows\System32\drivers\dddsk.sys [5/28/2009 8:46 PM 22312]
R2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_ae0b52e0\AEstSrv.exe [5/4/2009 9:16 PM 81920]
R2 Apache2.2;Remote Access Media Server;c:\program files\Common Files\Dell\apache\bin\httpd.exe [9/21/2007 12:26 PM 15872]
R2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [12/18/2008 12:05 PM 155648]
R2 dsl-fs-sync;Remote Access File Sync Service;c:\program files\Common Files\Dell\Remote Access File Sync Service\dsl_fs_sync.exe [1/5/2009 4:19 PM 173296]
R2 SftService;SoftThinks Agent Service;c:\windows\sminst\SftService.exe [5/4/2009 7:12 PM 632048]
R2 uvnc_service;UltraVNC Server;c:\programdata\UltraVNC\winvnc.exe -service --> c:\programdata\UltraVNC\winvnc.exe -service [?]
R3 OA009Ufd;Creative Camera OA009 Upper Filter Driver;c:\windows\System32\drivers\OA009Ufd.sys [5/4/2009 9:16 PM 144672]
R3 OA009Vid;Creative Camera OA009 Function Driver;c:\windows\System32\drivers\OA009Vid.sys [5/4/2009 9:16 PM 269216]
S2 dsl-db;Remote Access DB;c:\program files\Common Files\Dell\MySQL\bin\mysqld.exe [9/14/2007 12:35 PM 5730304]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2/23/2010 4:25 PM 135664]
S2 yksvc;Marvell Yukon Service;RUNDLL32.EXE ykx32coinst,serviceStartProc --> RUNDLL32.EXE ykx32coinst,serviceStartProc [?]
S3 PCD5SRVC{3F6A8B78-EC003E00-05040104};PCD5SRVC{3F6A8B78-EC003E00-05040104} - PCDR Kernel Mode Service Helper Driver;c:\progra~1\DELLSU~1\HWDiag\bin\PCD5SRVC.pkms [11/4/2008 5:16 PM 22904]
.
Contents of the 'Scheduled Tasks' folder

2010-02-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-23 22:25]

2010-02-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-23 22:25]

2009-08-15 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-11-03 18:22]

2009-05-05 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-11-03 18:22]

2010-02-28 c:\windows\Tasks\User_Feed_Synchronization-{A3A63B02-9E00-42A3-94D4-0F77BB8D39AD}.job
- c:\windows\system32\msfeedssync.exe [2010-02-20 04:56]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = hxxp://www.yahoo.com/
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{D0523BB4-21E7-11DD-9AB7-415B56D89593} - (no file)
HKCU-Run-Weather - c:\program files\AWS\WeatherBug\Weather.exe
HKCU-Run-VibeFireAlerts - (no file)

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-27 21:10
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PCD5SRVC{3F6A8B78-EC003E00-05040104}]
"ImagePath"="\??\c:\progra~1\DELLSU~1\HWDiag\bin\PCD5SRVC.pkms"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'lsass.exe'(664)
c:\windows\System32\BCMLogon.dll
.
Completion time: 2010-02-27 21:13:11
ComboFix-quarantined-files.txt 2010-02-28 03:13

Pre-Run: 117,657,231,360 bytes free
Post-Run: 117,657,677,824 bytes free

- - End Of File - - 79BC9528587C3426FC7D82DDB78C42CB


Report •

#20
February 27, 2010 at 19:59:21
Is the computer operating better?

Delete DDS from your desktop

Go to start> run> type in ComboFix /Uninstall (note the space after ComboFix) then press enter> run. This will uninstall combofix so give the uninstaller a minute to run.

Download ATF Cleaner from this link:
http://www.majorgeeks.com/ATF_Cleaner_d4949.html
Run ATF-Cleaner
Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.

Empty the restore folder. Go to start>control panel>system>system restore tab>check the box beside "turn off system restore>apply (takes a minute)>ok. Go back and uncheck the box to turn system restore back on>apply>ok.

Next create a new restore point. Go to start> run> type in msconfig> ok> click launch system restore> check the circle beside "create a restore point> next> name it today's date> create > click home > exit the system configuration utility> restart the computer.


Report •

#21
February 27, 2010 at 20:26:49
Hi

I did what all you have suggested. Now what should I do? How will I know that my system doesn't have virus? is there anything esle i need to do? Please advice

Thanks for your help


Report •

#22
February 27, 2010 at 20:40:12
The computer looks to be clean, the following scanner is a very good double check..

Please run the BitDefender online scan this link:
Bitdefender Online Scanner

Click I Agree to agree to the EULA.
Allow the ActiveX control to install when prompted.
Click Click here to scan to begin the scan.
Please refrain from using the computer until the scan is finished. This might take a while to run, but it is important that nothing else is running while you scan.
When the scan is finished, click on Click here to export the scan results.
Save the report to your desktop so you can post it in your next reply.


Report •

#23
February 27, 2010 at 20:59:05
Hi

When I click on start scan .. its saying " Internet Explore is not running with administrative privileges so BitDefender online scanner will not work properly. Please run IE as administrator.

wht should i do now?


Report •

#24
February 27, 2010 at 21:21:41
Just Vista, look at this link.

Vista



Report •

#25
February 27, 2010 at 21:50:39
:-( I can not see option run as Admin... Is there any other way or site to double check ?

Thanks


Report •

#26
February 27, 2010 at 22:05:00
Yes, do a full scan with your Mcafee antivirus, make sure you update it.

Report •

#27
February 27, 2010 at 22:08:18
Thanks .. I will do..

Thanks once again for your help... Will let you know if I have any problem after scanning.

Good Night :-)


Report •


Ask Question