Welcome guest. Before posting on our computer help forum, you must register. Click here it's easy and free.

« previous next »
Pages: 1 [2]  All   Go Down

Author Topic: Need help with an unknown infection.  (Read 21172 times)

0 Members and 1 Guest are viewing this topic.

SuperDave

  • Malware Removal Specialist


    • Genius
    • Thanked: 1020
  • Certifications: List
  • Experience: Expert
  • OS: Windows 10
Re: Need help with an unknown infection.
« Reply #15 on: April 03, 2012, 12:57:32 PM »
Re-run MBAM:

Code:
Please re-open Malwarebytes, click the Update tab, and click Check for Updates. Then, click the Scanner tab, select Perform Quick Scan, and press Scan. Remove selected, and post the log in your next reply..
********************************************************
Please try running ComboFix again and post the log, if successful.
Logged
Windows 8 and Windows 10 dual boot with two SSD's

brc3404

    Topic Starter


    Rookie

    • Experience: Beginner
    • OS: Unknown
    Re: Need help with an unknown infection.
    « Reply #16 on: April 03, 2012, 08:10:30 PM »
    Malwarebytes Anti-Malware (Trial) 1.60.1.1000
    www.malwarebytes.org

    Database version: v2012.04.04.01

    Windows XP Service Pack 3 x86 NTFS
    Internet Explorer 8.0.6001.18702
    donnakeller :: DONNA [administrator]

    Protection: Disabled

    4/3/2012 9:40:06 PM
    mbam-log-2012-04-03 (21-40-06).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra |

    Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 227258
    Time elapsed: 26 minute(s), 9 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    (end)
    Logged

    brc3404

      Topic Starter


      Rookie

      • Experience: Beginner
      • OS: Unknown
      Re: Need help with an unknown infection.
      « Reply #17 on: April 03, 2012, 09:16:50 PM »
      Finally, a log from Combofix  ;D


      ComboFix 12-03-30.06 - donnakeller 04/03/2012  22:31:57.1.1 - x86
      Microsoft Windows XP Home Edition  5.1.2600.3.1252.1.1033.18.991.687 [GMT -4:00]
      Running from: c:\documents and settings\donnakeller\Desktop\ComboFix.exe
      AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
      .
      .
      (((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
      .
      .
      c:\documents and settings\All Users\Application Data\TEMP
      c:\documents and settings\All Users\Application Data\TEMP\AVG\avgmfapx.exe
      c:\documents and settings\All Users\Application Data\TEMP\AVG\avgmfarx.dll
      c:\documents and settings\All Users\Application Data\TEMP\AVG\avgntdumpx.exe
      c:\documents and settings\All Users\Application Data\TEMP\AVG\avgrunasx.exe
      c:\documents and settings\All Users\Application Data\TEMP\AVG\avi7.avg
      c:\documents and settings\All Users\Application Data\TEMP\AVG\compat.ini
      c:\documents and settings\All Users\Application Data\TEMP\AVG\crt_x64.msi
      c:\documents and settings\All Users\Application Data\TEMP\AVG\files.dat
      c:\documents and settings\All Users\Application Data\TEMP\AVG\htmlayout.dll
      c:\documents and settings\All Users\Application Data\TEMP\AVG\incavi.avm
      c:\documents and settings\All Users\Application Data\TEMP\AVG\license_cz.htm
      c:\documents and settings\All Users\Application Data\TEMP\AVG\license_da.htm
      c:\documents and settings\All Users\Application Data\TEMP\AVG\license_es.htm
      c:\documents and settings\All Users\Application Data\TEMP\AVG\license_fr.htm
      c:\documents and settings\All Users\Application Data\TEMP\AVG\license_ge.htm
      c:\documents and settings\All Users\Application Data\TEMP\AVG\license_hu.htm
      c:\documents and settings\All Users\Application Data\TEMP\AVG\license_id.htm
      c:\documents and settings\All Users\Application Data\TEMP\AVG\license_in.htm
      c:\documents and settings\All Users\Application Data\TEMP\AVG\license_it.htm
      c:\documents and settings\All Users\Application Data\TEMP\AVG\license_jp.htm
      c:\documents and settings\All Users\Application Data\TEMP\AVG\license_ko.htm
      c:\documents and settings\All Users\Application Data\TEMP\AVG\license_ms.htm
      c:\documents and settings\All Users\Application Data\TEMP\AVG\license_nl.htm
      c:\documents and settings\All Users\Application Data\TEMP\AVG\license_pb.htm
      c:\documents and settings\All Users\Application Data\TEMP\AVG\license_pl.htm
      c:\documents and settings\All Users\Application Data\TEMP\AVG\license_pt.htm
      c:\documents and settings\All Users\Application Data\TEMP\AVG\license_ru.htm
      c:\documents and settings\All Users\Application Data\TEMP\AVG\license_sc.htm
      c:\documents and settings\All Users\Application Data\TEMP\AVG\license_sk.htm
      c:\documents and settings\All Users\Application Data\TEMP\AVG\license_sp.htm
      c:\documents and settings\All Users\Application Data\TEMP\AVG\license_tr.htm
      c:\documents and settings\All Users\Application Data\TEMP\AVG\license_us.htm
      c:\documents and settings\All Users\Application Data\TEMP\AVG\license_zh.htm
      c:\documents and settings\All Users\Application Data\TEMP\AVG\license_zt.htm
      c:\documents and settings\All Users\Application Data\TEMP\AVG\mfaconf.txt
      c:\documents and settings\All Users\Application Data\TEMP\AVG\mfacz.lns
      c:\documents and settings\All Users\Application Data\TEMP\AVG\mfada.lns
      c:\documents and settings\All Users\Application Data\TEMP\AVG\mfaes.lns
      c:\documents and settings\All Users\Application Data\TEMP\AVG\mfafr.lns
      c:\documents and settings\All Users\Application Data\TEMP\AVG\mfage.lns
      c:\documents and settings\All Users\Application Data\TEMP\AVG\mfahu.lns
      c:\documents and settings\All Users\Application Data\TEMP\AVG\mfaid.lns
      c:\documents and settings\All Users\Application Data\TEMP\AVG\mfain.lns
      c:\documents and settings\All Users\Application Data\TEMP\AVG\mfait.lns
      c:\documents and settings\All Users\Application Data\TEMP\AVG\mfajp.lns
      c:\documents and settings\All Users\Application Data\TEMP\AVG\mfako.lns
      c:\documents and settings\All Users\Application Data\TEMP\AVG\mfams.lns
      c:\documents and settings\All Users\Application Data\TEMP\AVG\mfanl.lns
      c:\documents and settings\All Users\Application Data\TEMP\AVG\mfapb.lns
      c:\documents and settings\All Users\Application Data\TEMP\AVG\mfapl.lns
      c:\documents and settings\All Users\Application Data\TEMP\AVG\mfapt.lns
      c:\documents and settings\All Users\Application Data\TEMP\AVG\mfaru.lns
      c:\documents and settings\All Users\Application Data\TEMP\AVG\mfasc.lns
      c:\documents and settings\All Users\Application Data\TEMP\AVG\mfask.lns
      c:\documents and settings\All Users\Application Data\TEMP\AVG\mfasp.lns
      c:\documents and settings\All Users\Application Data\TEMP\AVG\mfatr.lns
      c:\documents and settings\All Users\Application Data\TEMP\AVG\mfaus.lns
      c:\documents and settings\All Users\Application Data\TEMP\AVG\mfavera.txt
      c:\documents and settings\All Users\Application Data\TEMP\AVG\mfaverx.txt
      c:\documents and settings\All Users\Application Data\TEMP\AVG\mfazh.lns
      c:\documents and settings\All Users\Application Data\TEMP\AVG\mfazt.lns
      c:\documents and settings\All Users\Application Data\TEMP\AVG\microavi.avg
      c:\documents and settings\All Users\Application Data\TEMP\AVG\miniavi.avg
      c:\documents and settings\All Users\Application Data\TEMP\AVG\setup.dat
      c:\documents and settings\All Users\Application Data\TEMP\AVG\setup.exe
      c:\documents and settings\All Users\Application Data\TEMP\AVG\setup.ini
      c:\documents and settings\All Users\Application Data\TEMP\AVG\trialkey.dat
      c:\documents and settings\All Users\Application Data\TEMP\AVG\vcredis1.cab
      c:\documents and settings\All Users\Application Data\TEMP\AVG\vcredist.msi
      c:\documents and settings\donnakeller\Application Data\Mozilla\Firefox\Profiles\cy3whktf.default\searchplugins\bing-zugo.xml
      c:\documents and settings\donnakeller\Application Data\PriceGong
      c:\documents and settings\donnakeller\Application Data\PriceGong\Data\1.txt
      c:\documents and settings\donnakeller\Application Data\PriceGong\Data\2229.txt
      c:\documents and settings\donnakeller\Application Data\PriceGong\Data\4489.txt
      c:\documents and settings\donnakeller\Application Data\PriceGong\Data\83.txt
      c:\documents and settings\donnakeller\Application Data\PriceGong\Data\a.txt
      c:\documents and settings\donnakeller\Application Data\PriceGong\Data\b.txt
      c:\documents and settings\donnakeller\Application Data\PriceGong\Data\c.txt
      c:\documents and settings\donnakeller\Application Data\PriceGong\Data\d.txt
      c:\documents and settings\donnakeller\Application Data\PriceGong\Data\e.txt
      c:\documents and settings\donnakeller\Application Data\PriceGong\Data\f.txt
      c:\documents and settings\donnakeller\Application Data\PriceGong\Data\g.txt
      c:\documents and settings\donnakeller\Application Data\PriceGong\Data\h.txt
      c:\documents and settings\donnakeller\Application Data\PriceGong\Data\i.txt
      c:\documents and settings\donnakeller\Application Data\PriceGong\Data\j.txt
      c:\documents and settings\donnakeller\Application Data\PriceGong\Data\k.txt
      c:\documents and settings\donnakeller\Application Data\PriceGong\Data\l.txt
      c:\documents and settings\donnakeller\Application Data\PriceGong\Data\m.txt
      c:\documents and settings\donnakeller\Application Data\PriceGong\Data\mru.xml
      c:\documents and settings\donnakeller\Application Data\PriceGong\Data\n.txt
      c:\documents and settings\donnakeller\Application Data\PriceGong\Data\o.txt
      c:\documents and settings\donnakeller\Application Data\PriceGong\Data\p.txt
      c:\documents and settings\donnakeller\Application Data\PriceGong\Data\q.txt
      c:\documents and settings\donnakeller\Application Data\PriceGong\Data\r.txt
      c:\documents and settings\donnakeller\Application Data\PriceGong\Data\s.txt
      c:\documents and settings\donnakeller\Application Data\PriceGong\Data\t.txt
      c:\documents and settings\donnakeller\Application Data\PriceGong\Data\u.txt
      c:\documents and settings\donnakeller\Application Data\PriceGong\Data\v.txt
      c:\documents and settings\donnakeller\Application Data\PriceGong\Data\w.txt
      c:\documents and settings\donnakeller\Application Data\PriceGong\Data\wlu.txt
      c:\documents and settings\donnakeller\Application Data\PriceGong\Data\x.txt
      c:\documents and settings\donnakeller\Application Data\PriceGong\Data\y.txt
      c:\documents and settings\donnakeller\Application Data\PriceGong\Data\z.txt
      c:\documents and settings\donnakeller\Application Data\Toolbar4
      c:\documents and settings\donnakeller\WINDOWS
      c:\windows\system32\BSTIEPrintCtl1.dll
      c:\windows\system32\Cache
      c:\windows\system32\Cache\272512937d9e61a4.fb
      c:\windows\system32\Cache\287204568329e189.fb
      c:\windows\system32\Cache\28bc8f716fd76a47.fb
      c:\windows\system32\Cache\2c53092c95605355.fb
      c:\windows\system32\Cache\37841a1008243a4c.fb
      c:\windows\system32\Cache\3917078cb68ec657.fb
      c:\windows\system32\Cache\435a26ecf9452ea5.fb
      c:\windows\system32\Cache\590ba23ce359fd0c.fb
      c:\windows\system32\Cache\610289e025a3ee9a.fb
      c:\windows\system32\Cache\651c5d3cdbfb8bd1.fb
      c:\windows\system32\Cache\6c59ac5e7e7a3ad0.fb
      c:\windows\system32\Cache\8e95f788b664f88b.fb
      c:\windows\system32\Cache\a8556537add6dfc5.fb
      c:\windows\system32\Cache\ad10a52aff5e038d.fb
      c:\windows\system32\Cache\bba3e843c2b7b474.fb
      c:\windows\system32\Cache\c4d28dca2e7648be.fb
      c:\windows\system32\Cache\d201ef9910cd39de.fb
      c:\windows\system32\Cache\d2e94710a5708128.fb
      c:\windows\system32\Cache\d79b9dfe81484ec4.fb
      c:\windows\system32\Cache\dd8cff256a1cdad8.fb
      c:\windows\system32\Cache\e0de16f883bea794.fb
      c:\windows\system32\dds_log_ad13.cmd
      c:\windows\system32\dds_log_trash.cmd
      c:\windows\system32\dllcache\dlimport.exe
      c:\windows\system32\  . . . . Failed to delete
      .
      .
      (((((((((((((((((((((((((   Files Created from 2012-03-04 to 2012-04-04  )))))))))))))))))))))))))))))))
      .
      .
      2012-04-04 01:40 . 2012-03-13 23:15   6582328   ----a-w-   c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{CDE759DC-3945-4FF0-8086-499178D5213E}\mpengine.dll
      2012-04-03 00:32 . 2012-04-03 00:32   --------   d-----w-   C:\TDSSKiller_Quarantine
      2012-04-03 00:20 . 2012-03-13 23:15   6582328   ----a-w-   c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
      2012-04-01 23:54 . 2012-04-01 23:54   --------   d-----w-   c:\program files\Microsoft Security Client
      2012-03-30 04:09 . 2012-03-30 04:09   --------   d-----w-   c:\documents and settings\donnakeller\Application Data\SUPERAntiSpyware.com
      2012-03-30 04:08 . 2012-03-30 04:09   --------   d-----w-   c:\program files\SUPERAntiSpyware
      2012-03-30 04:08 . 2012-03-30 04:08   --------   d-----w-   c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
      2012-03-26 04:40 . 2008-04-13 17:40   57600   -c--a-w-   c:\windows\system32\dllcache\redbook.sys
      2012-03-26 04:40 . 2008-04-13 17:40   57600   ----a-w-   c:\windows\system32\drivers\redbook.sys
      2012-03-25 06:53 . 2012-03-25 06:53   --------   d-----w-   c:\documents and settings\donnakeller\Application Data\AVG Secure Search
      2012-03-25 06:07 . 2012-03-25 06:07   --------   d-----w-   C:\AVGTemp
      2012-03-20 04:40 . 2012-03-20 04:40   --------   d-----w-   c:\program files\Malwarebytes' Anti-Malware
      2012-03-20 03:54 . 2012-03-20 03:54   --------   d-----w-   c:\program files\VS Revo Group
      2012-03-20 03:49 . 2010-02-19 03:45   1079272   ----a-w-   c:\program files\revosetup.exe
      2012-03-19 03:02 . 2012-01-11 19:06   3072   -c----w-   c:\windows\system32\dllcache\iacenc.dll
      2012-03-19 03:02 . 2012-01-11 19:06   3072   ------w-   c:\windows\system32\iacenc.dll
      2012-03-19 02:57 . 2012-03-19 02:57   --------   d-----w-   c:\windows\system32\config\systemprofile\Application Data\IObit
      2012-03-19 02:49 . 2012-03-19 02:52   --------   d-----w-   c:\program files\TCPOptimizer
      2012-03-18 20:50 . 2011-12-30 21:03   21336   ----a-w-   c:\windows\system32\RegistryDefragBootTime.exe
      2012-03-18 20:15 . 2012-03-18 20:15   --------   d-----w-   c:\documents and settings\All Users\Application Data\IObit
      2012-03-18 20:14 . 2012-03-18 20:14   --------   d-----w-   c:\documents and settings\donnakeller\Application Data\IObit
      2012-03-18 20:14 . 2012-03-18 20:14   --------   d-----w-   c:\program files\IObit
      2012-03-18 20:03 . 2012-04-01 23:46   --------   d-----w-   c:\documents and settings\donnakeller\Application Data\TeamViewer
      2012-03-12 04:32 . 2012-03-12 04:32   414368   ----a-w-   c:\windows\system32\FlashPlayerCPLApp.cpl
      2012-03-12 03:38 . 2012-03-12 03:38   356556   ----a-w-   c:\windows\system32\PerfStringBackup.TMP
      2012-03-05 03:59 . 2012-03-05 03:59   --------   d-----w-   c:\documents and settings\donnakeller\Application Data\Malwarebytes
      2012-03-05 03:59 . 2012-03-05 03:59   --------   d-----w-   c:\documents and settings\All Users\Application Data\Malwarebytes
      2012-03-05 03:22 . 2012-03-25 07:53   --------   d-----w-   c:\documents and settings\Administrator
      2012-03-05 03:20 . 2012-03-13 03:53   --------   d-----w-   c:\documents and settings\All Users\Application Data\AVG Secure Search
      .
      .
      .
      ((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
      .
      2012-02-03 09:22 . 2004-08-04 12:00   1860096   ---ha-w-   c:\windows\system32\win32k.sys
      2012-01-31 12:44 . 2009-10-03 07:48   237072   ------w-   c:\windows\system32\MpSigStub.exe
      2012-01-09 16:20 . 2007-12-24 14:00   139784   ---ha-w-   c:\windows\system32\drivers\rdpwd.sys
      2010-08-06 16:31 . 2009-11-15 20:28   119808   ---ha-w-   c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
      .
      .
      (((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
      .
      .
      *Note* empty entries & legit default entries are not shown
      REGEDIT4
      .
      [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "Nero PhotoShow Media Manager"="c:\progra~1\Nero\NEROPH~1\data\Xtras\mssysmgr.exe" [2006-05-10 249856]
      "Advanced SystemCare 5"="c:\program files\IObit\Advanced SystemCare 5\ASCTray.exe" [2011-12-29 620376]
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "VTTimer"="VTTimer.exe" [2004-01-16 49152]
      "SoundMan"="SOUNDMAN.EXE" [2006-11-17 577536]
      "NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
      "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]
      "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-01-04 37296]
      "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
      "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
      "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]
      .
      c:\documents and settings\donnakeller\Start Menu\Programs\Startup\
      Picture Motion Browser Media Check Tool.lnk - c:\program files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe [2010-2-14 390432]
      .
      c:\documents and settings\All Users\Start Menu\Programs\Startup\
      HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-10-14 214360]
      KODAK Software Updater.lnk - c:\program files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe [2004-2-13 16423]
      .
      [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
      "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
      2011-05-04 17:54   551296   ----a-w-   c:\program files\SUPERAntiSpyware\SASWINLO.DLL
      .
      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
      @=""
      .
      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
      @="Service"
      .
      [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
      path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk
      backup=c:\windows\pss\Kodak EasyShare software.lnkCommon Startup
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
      2010-08-06 16:31   30192   ---ha-w-   c:\program files\Google\Google Desktop Search\GoogleDesktop.exe
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
      2012-03-12 04:38   136176   ----atw-   c:\documents and settings\donnakeller\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
      2008-04-14 00:12   1695232   ------w-   c:\program files\Messenger\msmsgs.exe
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
      2008-06-22 04:33   68856   ---ha-w-   c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\security center]
      "AntiVirusOverride"=dword:00000001
      .
      [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
      "EnableFirewall"= 0 (0x0)
      .
      [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
      "%windir%\\system32\\sessmgr.exe"=
      "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
      "c:\\Program Files\\LimeWire\\LimeWire.exe"=
      "c:\\Program Files\\Nero\\Nero 7\\Nero Home\\NeroHome.exe"=
      "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
      "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
      "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
      "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
      "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
      "c:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe"=
      "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
      "c:\\WINDOWS\\system32\\dpvsetup.exe"=
      "c:\\WINDOWS\\system32\\GPhotos.scr"=
      "c:\\Program Files\\Google\\GoogleToolbarNotifier\\GoogleToolbarNotifier.exe"=
      "c:\\Program Files\\Google\\Google Desktop Search\\GoogleDesktop.exe"=
      "c:\\WINDOWS\\system32\\msfeedssync.exe"=
      "c:\\Program Files\\Common Files\\Adobe\\ARM\\1.0\\AdobeARM.exe"=
      "c:\\Program Files\\Google\\Update\\GoogleUpdate.exe"=
      "c:\\Program Files\\HP\\HP Software Update\\hpwucli.exe"=
      "c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
      "c:\\Program Files\\Malwarebytes' Anti-Malware\\mbam.exe"=
      "c:\\Program Files\\Google\\Picasa3\\PicasaUpdater.exe"=
      "c:\\Program Files\\Google\\Picasa3\\Picasa3.exe"=
      "c:\\WINDOWS\\system32\\wscript.exe"=
      "c:\\Documents and Settings\\donnakeller\\Local Settings\\Application Data\\Google\\Update\\GoogleUpdate.exe"=
      "c:\\Documents and Settings\\donnakeller\\Local Settings\\Application Data\\Google\\Chrome\\Application\\chrome.exe"=
      "c:\\WINDOWS\\system32\\mshta.exe"=
      "c:\\Program Files\\IObit\\Advanced SystemCare 5\\ASC.exe"=
      "c:\\Program Files\\IObit\\Advanced SystemCare 5\\AutoUpdate.exe"=
      "c:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpHost.exe"=
      "c:\\WINDOWS\\pchealth\\helpctr\\binaries\\helpctr.exe"=
      "c:\\Program Files\\VS Revo Group\\Revo Uninstaller\\revouninstaller.exe"=
      .
      R1 mchInjDrv;madCodeHook DLL injection driver;c:\windows\system32\drivers\mchInjDrv.sys [1/28/2009 3:28 PM 2560]
      R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [7/22/2011 12:27 PM 12880]
      R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [7/12/2011 5:55 PM 67664]
      R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCore.exe [8/11/2011 7:38 PM 116608]
      R2 AdvancedSystemCareService5;Advanced SystemCare Service 5;c:\program files\IObit\Advanced SystemCare 5\ASCService.exe [3/18/2012 4:14 PM 497496]
      S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2/2/2010 7:15 PM 135664]
      S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [3/20/2012 12:40 AM 652360]
      S2 vToolbarUpdater10.2.0;vToolbarUpdater10.2.0;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe --> c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe [?]
      S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [6/22/2008 12:34 AM 30192]
      S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2/2/2010 7:15 PM 135664]
      S3 MBAMProtector;MBAMProtector;\??\c:\windows\system32\drivers\mbam.sys --> c:\windows\system32\drivers\mbam.sys [?]
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
      HPZ12   REG_MULTI_SZ      Pml Driver HPZ12 Net Driver HPZ12
      hpdevmgmt   REG_MULTI_SZ      hpqcxs08 hpqddsvc
      .
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
      dladresn
      nimcdfxk
      isamsmt
      mr2kserv
      CVPND
      E1000
      atalk
      screadspool
      rt73
      s716bus
      opcenum
      rpcnet
      FVXSCSI
      websensecommunicationagent
      mi-raysat_3dsmax9_32
      houdiniserver
      HPSLPSVC
      iksysflt
      61883
      bvrp_pci
      CrystalSysInfo
      iaimfp2
      w550mdm
      wampmysqld
      irsir
      MxlW2k
      TPPWRIF
      DfwWebAgent
      hwdatacard
      CAM1210
      bthport
      TryAndDecideService
      SunkFilt
      cis1284
      AmeLanPc
      PGPdisk
      prosync1
      sfrem01
      RR2Mjpeg
      winmtsrv
      w800bus
      uclauncherservice
      ipsraidn
      apphostsvc
      SNC
      TPM
      fsbwsys
      magictuneengine
      HFACSVC
      enethusb
      areschatserver
      asp.net
      .
      Contents of the 'Scheduled Tasks' folder
      .
      2012-04-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
      - c:\program files\Google\Update\GoogleUpdate.exe [2010-02-02 04:39]
      .
      2012-04-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
      - c:\program files\Google\Update\GoogleUpdate.exe [2010-02-02 04:39]
      .
      2012-04-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1482476501-573735546-682003330-1004Core.job
      - c:\documents and settings\donnakeller\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-03-12 04:38]
      .
      2012-04-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1482476501-573735546-682003330-1004UA.job
      - c:\documents and settings\donnakeller\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-03-12 04:38]
      .
      2012-04-04 c:\windows\Tasks\MP Scheduled Scan.job
      - c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2011-04-27 19:39]
      .
      2012-04-04 c:\windows\Tasks\MpIdleTask.job
      - c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2011-04-27 19:39]
      .
      2012-04-04 c:\windows\Tasks\User_Feed_Synchronization-{1E05FE6E-10DE-4035-830E-8D851BC6B289}.job
      - c:\windows\system32\msfeedssync.exe [2007-08-13 08:31]
      .
      .
      ------- Supplementary Scan -------
      .
      uStart Page = hxxp://www.google.com/
      uDefault_Search_URL = hxxp://www.google.com/ie
      mStart Page = hxxp://home.joobers.com/
      uSearchAssistant = hxxp://search.joobers.com/toolbar/SearchAssistant
      uCustomizeSearch = hxxp://search.joobers.com/toolbar/CustomizeSearch
      uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
      IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
      IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
      Trusted Zone: cnet.com\download
      Trusted Zone: com.tw\asia.msi
      Trusted Zone: com.tw\global.msi
      Trusted Zone: com.tw\www.msi
      TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
      Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\10.2.0\ViProtocol.dll
      FF - ProfilePath - c:\documents and settings\donnakeller\Application Data\Mozilla\Firefox\Profiles\cy3whktf.default\
      FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3007394&SearchSource=3&q={searchTerms}
      FF - prefs.js: browser.search.selectedEngine - AVG Secure Search
      FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT3007394&SearchSource=13
      FF - prefs.js: keyword.URL - hxxp://www.basicscan.com/?tmp=nemo_results_removelink&prt=BscscnPB&keywords=
      FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
      FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
      FF - Ext: ShopAtHome.com Intelligent Shopping Toolbar: [email protected] - %profile%\extensions\[email protected]
      FF - Ext: vShare: vshareus@toolbar - %profile%\extensions\vshareus@toolbar
      FF - Ext: Google Toolbar for Firefox: {3112ca9c-de6d-4884-a869-9855de68056c} - %profile%\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
      FF - Ext: Yahoo! Toolbar: {635abd67-4fe9-1b23-4f01-e679fa7484c1} - %profile%\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
      FF - Ext: PHPNukeEN Community Toolbar: {dd02a4eb-4afd-4d60-99d8-e67f964ca813} - %profile%\extensions\{dd02a4eb-4afd-4d60-99d8-e67f964ca813}
      FF - Ext: WhiteSmoke Bar Community Toolbar: {167d9323-f7cc-48f5-948a-6f012831a69f} - %profile%\extensions\{167d9323-f7cc-48f5-948a-6f012831a69f}
      FF - Ext: Java Quick Starter: [email protected] - c:\program files\Java\jre6\lib\deploy\jqs\ff
      FF - Ext: AVG Security Toolbar: avg@toolbar - c:\documents and settings\All Users\Application Data\AVG Secure Search\10.0.0.7
      FF - user.js: yahoo.homepage.dontask - true
      .
      - - - - ORPHANS REMOVED - - - -
      .
      BHO-{95B7759C-8C7F-4BF1-B163-73684A933233} - c:\program files\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll
      Toolbar-{95B7759C-8C7F-4BF1-B163-73684A933233} - c:\program files\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll
      WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
      WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
      HKLM-Run-NWEReboot - (no file)
      HKLM-Run-hpqSRMon - (no file)
      HKLM-Run-SelectRebates - c:\program files\SelectRebates\SelectRebates.exe
      HKLM-Run-ROC_roc_dec12 - c:\program files\AVG Secure Search\ROC_roc_dec12.exe
      HKLM-Run-vProt - c:\program files\AVG Secure Search\vprot.exe
      MSConfigStartUp-AVG_TRAY - c:\program files\AVG\AVG2012\avgtray.exe
      AddRemove-648f1ec7 - c:\windows\system32\648f1ec7.exe
      .
      .
      .
      **************************************************************************
      .
      catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
      Rootkit scan 2012-04-03 22:45
      Windows 5.1.2600 Service Pack 3 NTFS
      .
      scanning hidden processes ... 
      .
      scanning hidden autostart entries ...
      .
      scanning hidden files ... 
      .
      scan completed successfully
      hidden files: 0
      .
      **************************************************************************
      .
      --------------------- DLLs Loaded Under Running Processes ---------------------
      .
      - - - - - - - > 'winlogon.exe'(704)
      c:\program files\SUPERAntiSpyware\SASWINLO.DLL
      c:\windows\system32\WININET.dll
      .
      - - - - - - - > 'explorer.exe'(2756)
      c:\windows\system32\WININET.dll
      c:\windows\system32\ieframe.dll
      c:\windows\system32\webcheck.dll
      .
      ------------------------ Other Running Processes ------------------------
      .
      c:\program files\Microsoft Security Client\Antimalware\MsMpEng.exe
      c:\program files\Java\jre6\bin\jqs.exe
      c:\windows\system32\wdfmgr.exe
      c:\windows\system32\VTTimer.exe
      c:\windows\SOUNDMAN.EXE
      c:\windows\system32\wscntfy.exe
      c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
      c:\program files\HP\Digital Imaging\bin\hpqbam08.exe
      c:\program files\HP\Digital Imaging\bin\hpqgpc01.exe
      c:\windows\system32\GPhotos.scr
      .
      **************************************************************************
      .
      Completion time: 2012-04-03  22:52:45 - machine was rebooted
      ComboFix-quarantined-files.txt  2012-04-04 02:52
      .
      Pre-Run: 6,865,932,288 bytes free
      Post-Run: 6,980,030,464 bytes free
      .
      - - End Of File - - BE106CED2EAA598FC57971758C7ACBAB
      Logged

      SuperDave

      • Malware Removal Specialist


        • Genius
        • Thanked: 1020
      • Certifications: List
      • Experience: Expert
      • OS: Windows 10
      Re: Need help with an unknown infection.
      « Reply #18 on: April 04, 2012, 12:10:16 PM »
      P2P - I see you have P2P software installed on your machine. (LimeWire)We are not here to pass judgment on file-sharing as a concept. However, we will warn you that engaging in this activity and having this kind of software installed on your machine will always make you more susceptible to re-infections. It is certainly contributing to your current situation.

      Please note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares.

      I would strongly recommend that you uninstall them, however that choice is up to you. If you choose to remove these programs, you can do so via Control Panel >> Add or Remove Programs.
      ***************************************************
      Update Your Java (JRE)

      Old versions of Java have vulnerabilities that malware can use to infect your system.

      First Verify your Java Version

      If there are any other version(s) installed then update now.

      Get the new version (if needed)

      If your version is out of date install the newest version of the Sun Java Runtime Environment.

      Note: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

      Be sure to close ALL open web browsers before starting the installation.

      Remove any old versions

      1. Download JavaRa and unzip the file to your Desktop.
      2. Open JavaRA.exe and choose Remove Older Versions
      3. Once complete exit JavaRA.

      Additional Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. To disable the JQS service if you don't want to use it, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and reboot your computer.
      ****************************************************
      SysProt Antirootkit

      Download
      SysProt Antirootkit from the link below (you will find it at the bottom
      of the page under attachments, or you can get it from one of the
      mirrors).

      http://sites.google.com/site/sysprotantirootkit/

      Unzip it into a folder on your desktop.
      • Double click Sysprot.exe to start the program.
      • Click on the Log tab.
      • In the Write to log box select the following items.
        • Process << Selected
        • Kernel Modules << Selected
        • SSDT << Selected
        • Kernel Hooks << Selected
        • IRP Hooks << NOT Selected
        • Ports << NOT Selected
        • Hidden Files << Selected
      • At the bottom of the page
        • Hidden Objects Only << Selected
      • Click on the Create Log button on the bottom right.
      • After a few seconds a new window should appear.
      • Select Scan Root Drive. Click on the Start button.
      • When it is complete a new window will appear to indicate that the scan is finished.
      • The log will be saved automatically in the same folder Sysprot.exe was extracted to. Open the text file and copy/paste the log here.
      Logged
      Windows 8 and Windows 10 dual boot with two SSD's

      brc3404

        Topic Starter


        Rookie

        • Experience: Beginner
        • OS: Unknown
        Re: Need help with an unknown infection.
        « Reply #19 on: April 04, 2012, 06:04:48 PM »
        SysProt AntiRootkit v1.0.1.0
        by swatkat

        ******************************************************************************************
        ******************************************************************************************

        No Hidden Processes found

        ******************************************************************************************
        ******************************************************************************************
        Kernel Modules:
        Module Name: \SystemRoot\System32\Drivers\dump_atapi.sys
        Service Name: ---
        Module Base: F563D000
        Module End: F5655000
        Hidden: Yes

        Module Name: \SystemRoot\System32\Drivers\dump_WMILIB.SYS
        Service Name: ---
        Module Base: F7C5D000
        Module End: F7C5F000
        Hidden: Yes

        ******************************************************************************************
        ******************************************************************************************
        No SSDT Hooks found

        ******************************************************************************************
        ******************************************************************************************
        No Kernel Hooks found

        ******************************************************************************************
        ******************************************************************************************
        Hidden files/folders:
        Object: C:\Documents and Settings\All Users\Application Data\Google\Google Toolbar\Update\
        Status: Hidden

        Object: C:\Program Files\AVG\AVG2012\
        Status: Hidden

        Object: C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\8.0.1\
        Status: Hidden

        Object: C:\Program Files\Google\Common\Google Updater\
        Status: Hidden

        Object: C:\Program Files\Google\Update\
        Status: Hidden

        Object: C:\Program Files\Java\jre6\bin\
        Status: Hidden

        Object: C:\Qoobox\BackEnv\AppData.folder.dat
        Status: Access denied

        Object: C:\Qoobox\BackEnv\Cache.folder.dat
        Status: Access denied

        Object: C:\Qoobox\BackEnv\Cookies.folder.dat
        Status: Access denied

        Object: C:\Qoobox\BackEnv\Desktop.folder.dat
        Status: Access denied

        Object: C:\Qoobox\BackEnv\Favorites.folder.dat
        Status: Access denied

        Object: C:\Qoobox\BackEnv\History.folder.dat
        Status: Access denied

        Object: C:\Qoobox\BackEnv\LocalAppData.folder.dat
        Status: Access denied

        Object: C:\Qoobox\BackEnv\LocalSettings.folder.dat
        Status: Access denied

        Object: C:\Qoobox\BackEnv\Music.folder.dat
        Status: Access denied

        Object: C:\Qoobox\BackEnv\NetHood.folder.dat
        Status: Access denied

        Object: C:\Qoobox\BackEnv\Personal.folder.dat
        Status: Access denied

        Object: C:\Qoobox\BackEnv\Pictures.folder.dat
        Status: Access denied

        Object: C:\Qoobox\BackEnv\PrintHood.folder.dat
        Status: Access denied

        Object: C:\Qoobox\BackEnv\Profiles.Folder.dat
        Status: Access denied

        Object: C:\Qoobox\BackEnv\Profiles.Folder.folder.dat
        Status: Access denied

        Object: C:\Qoobox\BackEnv\Programs.folder.dat
        Status: Access denied

        Object: C:\Qoobox\BackEnv\Recent.folder.dat
        Status: Access denied

        Object: C:\Qoobox\BackEnv\SendTo.folder.dat
        Status: Access denied

        Object: C:\Qoobox\BackEnv\SetPath.bat
        Status: Access denied

        Object: C:\Qoobox\BackEnv\StartMenu.folder.dat
        Status: Access denied

        Object: C:\Qoobox\BackEnv\StartUp.folder.dat
        Status: Access denied

        Object: C:\Qoobox\BackEnv\SysPath.dat
        Status: Access denied

        Object: C:\Qoobox\BackEnv\Templates.folder.dat
        Status: Access denied

        Object: C:\Qoobox\BackEnv\VikPev00
        Status: Access denied

        Logged

        SuperDave

        • Malware Removal Specialist


          • Genius
          • Thanked: 1020
        • Certifications: List
        • Experience: Expert
        • OS: Windows 10
        Re: Need help with an unknown infection.
        « Reply #20 on: April 05, 2012, 12:32:31 PM »
        How's your computer running now?

        I'd like to scan your machine with ESET OnlineScan

        •Hold down Control and click on the following link to open ESET OnlineScan in a new window.
        ESET OnlineScan
        •Click the button.
        •For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
        • Click on to download the ESET Smart Installer. Save it to your desktop.
        • Double click on the icon on your desktop.
        •Check
        •Click the button.
        •Accept any security warnings from your browser.
        •Check
        •Push the Start button.
        •ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
        •When the scan completes, push
        •Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
        •Push the button.
        •Push
        A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt
        Logged
        Windows 8 and Windows 10 dual boot with two SSD's

        brc3404

          Topic Starter


          Rookie

          • Experience: Beginner
          • OS: Unknown
          Re: Need help with an unknown infection.
          « Reply #21 on: April 05, 2012, 09:08:35 PM »
          Super Dave,
             After the online scan, it gave me 2 options (optional) if i desired before clicking finished. 1st was delete eset from your computer.
          The 2nd was delete threat files. Based on the log, it appears they were deleted, I didnt choose either of them options as your instructions didnt mention to. As ar as the computers performance goes, its defitnely running a bit better. Last night the start menu>accessories reappeared. Previsouly it was mia ubder the start menu. Before getting assistance with you on this site, I was informed to run msinfo32. At that time nothing happened when i typed it in run. So that led me to services > help and support. I tried to manually start the service and got an error. Ive just tried both of those options again with the exact same result. Nothing comes up when i type in run>msinfo32 and i get an error when trying to start help and support in services. Im not sure if the help and support was damaged by the infection, but thought this info might help. Also I have pending windows updates Ive yet to install because I didnt want to change anything while weve been working at this. Is it safe to do so now? A pop up to upgrade to internet explorer 8 keeps coming up, but according to i.e, im already running i.e 8? The contexual toolbar which was in add/remove programs previously alerted me with threat detections (from avg) everytime i attempted to uninstall it from there. That tool bar is now gone from the add/remove programs  :D which according to a google search, it was not a good file for my computer! Other than that, anything else I can take a look at to see if computer is indeed running better? Thanks A MILLION!


          C:\Documents and Settings\donnakeller\Desktop\music\boom boom boom (rare track).snd   a variant of WMA/TrojanDownloader.GetCodec.gen trojan   cleaned - quarantined
          C:\Documents and Settings\donnakeller\Desktop\music\boom boom came out in 2009 greatest hit 2009.wma   probably a variant of Win32/Agent.CFDFCZI trojan   cleaned by deleting - quarantined
          C:\Documents and Settings\donnakeller\Desktop\music\prom queen lil wanye 2009.mp3   a variant of WMA/TrojanDownloader.GetCodec.gen trojan   cleaned - quarantined
          C:\Program Files\vShare\imedix-silent.exe   Win32/Toolbar.Zugo application   deleted - quarantined
          C:\System Volume Information\_restore{B5B2433D-7C5E-4FF8-8417-FE18E7328867}\RP1\A0000006.exe   Win32/InstallBrain application   cleaned by deleting - quarantined
          C:\System Volume Information\_restore{B5B2433D-7C5E-4FF8-8417-FE18E7328867}\RP19\A0006180.exe   Win32/Toolbar.Zugo application   deleted - quarantined
          C:\TDSSKiller_Quarantine\02.04.2012_20.31.37\mbr0000\tdlfs0000\tsk0007.dta   a variant of Win32/Olmasco.O trojan   cleaned by deleting - quarantined
          C:\TDSSKiller_Quarantine\02.04.2012_20.31.37\mbr0000\tdlfs0000\tsk0010.dta   Win64/Olmasco.R trojan   cleaned by deleting - quarantined
          C:\TDSSKiller_Quarantine\02.04.2012_20.31.37\mbr0000\tdlfs0000\tsk0011.dta   a variant of Win32/Olmasco.Q trojan   cleaned by deleting - quarantined
          Logged

          brc3404

            Topic Starter


            Rookie

            • Experience: Beginner
            • OS: Unknown
            Re: Need help with an unknown infection.
            « Reply #22 on: April 05, 2012, 09:12:06 PM »
            Update: Shortly after posting my previous reply msinfo32 did come up, but it took some time to do so. Help and support also came up, but under services is still saying its stopped. When i try to start it, I still get error message.
            Thanks
            Logged

            SuperDave

            • Malware Removal Specialist


              • Genius
              • Thanked: 1020
            • Certifications: List
            • Experience: Expert
            • OS: Windows 10
            Re: Need help with an unknown infection.
            « Reply #23 on: April 06, 2012, 05:02:14 PM »
            Quote
            Also I have pending windows updates Ive yet to install because I didnt want to change anything while weve been working at this. Is it safe to do so now? A pop up to upgrade to internet explorer 8 keeps coming up, but according to i.e, im already running i.e 8? The contexual toolbar which was in add/remove programs previously alerted me with threat detections (from avg) everytime i attempted to uninstall it from there. That tool bar is now gone from the add/remove programs   which according to a google search, it was not a good file for my computer! Other than that, anything else I can take a look at to see if computer is indeed running better?
            Yes, go ahead and get your updates. After that is done we can do some cleanup.
            As for msinfo32, it is just information about your computer. Not needed.

            To uninstall ComboFix

            • Click the Start button. Click Run. For Vista: type in Run in the Start search, and click on Run in the results pane.
            • In the field, type in ComboFix /uninstall


            (Note: Make sure there's a space between the word ComboFix and the forward-slash.)

            • Then, press Enter, or click OK.
            • This will uninstall ComboFix, delete its folders and files, hides System files and folders, and resets System Restore.
            *************************************************
            Update Your Java (JRE)

            Old versions of Java have vulnerabilities that malware can use to infect your system.

            First Verify your Java Version

            If there are any other version(s) installed then update now.

            Get the new version (if needed)

            If your version is out of date install the newest version of the Sun Java Runtime Environment.

            Note: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

            Be sure to close ALL open web browsers before starting the installation.

            Remove any old versions

            1. Download JavaRa and unzip the file to your Desktop.
            2. Open JavaRA.exe and choose Remove Older Versions
            3. Once complete exit JavaRA.

            Additional Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. To disable the JQS service if you don't want to use it, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and reboot your computer.
            *******************************************************
            Clean out your temporary internet files and temp files.

            Download TFC by OldTimer to your desktop.

            Double-click TFC.exe to run it.

            Note: If you are running on Vista, right-click on the file and choose Run As Administrator

            TFC will close all programs when run, so make sure you have saved all your work before you begin.

            * Click the Start button to begin the cleaning process.
            * Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two.
            * Please let TFC run uninterrupted until it is finished.

            Once TFC is finished it should restart your computer. If it does not, please manually restart the computer yourself to ensure a complete cleaning.
            ****************************************************
            Looking over your log it seems you don't have any evidence of a third party firewall.

            Firewalls protect against hackers and malicious intruders. You need to download a free firewall from one of these reliable vendors.

            Remember only install ONE firewall

            1) Comodo Personal Firewall (Uncheck during installation "Install Comodo SafeSurf..", Make Comodo my default search provider" and "Make Comodo Search my homepage" and uncheck any HopSurf and/or Ask.com options if you choose this one)
            2) Online Armor
            3) Agnitum Outpost
            4) PC Tools Firewall Plus

            If you are using the built-in Windows XP firewall, it is not recommended as it does not block outgoing connections. This means that any malware on your computer is free to "phone home" for more instructions. Simply put, Windows XP contains a mediocre firewall. This firewall is NO replacement for a dedicated software solution. Remember to use only one firewall at the same time.
            *****************************************************
            Use the Secunia Software Inspector to check for out of date software.

            •Click Start Now

            •Check the box next to Enable thorough system inspection.

            •Click Start

            •Allow the scan to finish and scroll down to see if any updates are needed.
            •Update anything listed.
            .
            ----------

            Go to Microsoft Windows Update and get all critical updates.

            ----------

            I suggest using WOT - Web of Trust. WOT is a free Internet security addon for your browser. It will keep you safe from online scams, identity theft, spyware, spam, viruses and unreliable shopping sites. WOT warns you before you interact with a risky website. It's easy and it's free.

            SpywareBlaster- Secure your Internet Explorer to make it harder for ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox.
            * Using SpywareBlaster to protect your computer from Spyware and Malware
            * If you don't know what ActiveX controls are, see here

            Protect yourself against spyware using the Immunize feature in Spybot - Search & Destroy. Guide: Use Spybot's Immunize Feature to prevent spyware infection in real-time. Note: To ensure you have the latest Immunizations always update Spybot - Search & Destroy before Immunizing. Spybot - Search & Destroy FAQ

            Check out Keeping Yourself Safe On The Web for tips and free tools to help keep you safe in the future.

            Also see Slow Computer? It may not be Malware for free cleaning/maintenance tools to help keep your computer running smoothly.
            Safe Surfing!
            Logged
            Windows 8 and Windows 10 dual boot with two SSD's

            brc3404

              Topic Starter


              Rookie

              • Experience: Beginner
              • OS: Unknown
              Re: Need help with an unknown infection.
              « Reply #24 on: April 10, 2012, 12:08:15 AM »
              Super Dave,
                 I cant thank you ENOUGH! Computer appears clean and is running like it should be!!!!!! I followed all steps :D   My final question, and then you can lock this thread. Am I to delete the
               sysprot folder, TDSKILLER, ANTI-MALLWARE BYTES, SPYWARE SWEEPER along with all the setup files for the other programs that I wont be keeping? Are all the logs now safe to delete?
              Thanks!
              Logged

              SuperDave

              • Malware Removal Specialist


                • Genius
                • Thanked: 1020
              • Certifications: List
              • Experience: Expert
              • OS: Windows 10
              Re: Need help with an unknown infection.
              « Reply #25 on: April 10, 2012, 11:33:20 AM »
              Quote
              Am I to delete the
               sysprot folder, TDSKILLER, ANTI-MALLWARE BYTES, SPYWARE SWEEPER along with all the setup files for the other programs that I wont be keeping? Are all the logs now safe to delete?
              If I were you the only two I would keep is SAS and MBAM. Update them and run them on a regular basis. Uninstall/delete all the rest.
              You're welcome. I will lock this thread. If you need it re-opened, please send me a pm.
              Logged
              Windows 8 and Windows 10 dual boot with two SSD's
              Pages: 1 [2]  All   Go Up
              « previous next »