Welcome guest. Before posting on our computer help forum, you must register. Click here it's easy and free.

« previous next »
Pages: [1]   Go Down

Author Topic: Help, internet preventing virus  (Read 6872 times)

0 Members and 1 Guest are viewing this topic.

jcaps474

    Topic Starter


    Rookie
    • Experience: Familiar
    • OS: Windows 7
    Help, internet preventing virus
    « on: January 30, 2011, 09:29:10 AM »
    Hello all, i am having a problem with a possible virus. This virus does not allow IE7 to show. It only leaves the page as Diagnose Connection Problem. Firefox works fine as a browser (which is what i am using right now), but it is not my default browser. Also, it wont let me access things such as WoW, LoL, or even Xbox Live. Each one asks if I am connected to the internet. Please help, thanks.

    Jcaps
    Logged

    Allan

    • Moderator

      • Mastermind
      • Thanked: 1260
    • Experience: Guru
    • OS: Windows 10
    Re: Help, internet preventing virus
    « Reply #1 on: January 30, 2011, 09:33:17 AM »
    Please follow the instructions in the following link and post your logs:
    http://www.computerhope.com/forum/index.php/topic,46313.0.html
    Logged

    jcaps474

      Topic Starter


      Rookie
      • Experience: Familiar
      • OS: Windows 7
      Re: Help, internet preventing virus
      « Reply #2 on: January 30, 2011, 10:51:00 AM »
      SUPERAntiSpyware Scan Log
      http://www.superantispyware.com

      Generated 01/30/2011 at 12:48 PM

      Application Version : 4.48.1000

      Core Rules Database Version : 6297
      Trace Rules Database Version: 4109

      Scan type       : Complete Scan
      Total Scan Time : 00:29:00

      Memory items scanned      : 578
      Memory threats detected   : 0
      Registry items scanned    : 14086
      Registry threats detected : 2
      File items scanned        : 28224
      File threats detected     : 4

      Security.HiJack[ImageFileExecutionOptions]
         (x86) HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\OLT.EXE
         (x86) HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\OLT.EXE#Debugger

      Trojan.Agent/Gen-Bancos
         C:\PROGRAM FILES (X86)\CHEAT ENGINE\CEHOOK.DLL
         C:\PROGRAM FILES (X86)\CHEAT ENGINE\DXHOOK.DLL
         C:\PROGRAM FILES (X86)\CHEAT ENGINE\PLUGINS\DEBUGEVENTLOG\DEBUGEVENTLOG.DLL
         C:\PROGRAM FILES (X86)\CHEAT ENGINE\PLUGINS\EXAMPLE-DELPHI\EXAMPLEPLUGIN.DLL
      Logged

      jcaps474

        Topic Starter


        Rookie
        • Experience: Familiar
        • OS: Windows 7
        Re: Help, internet preventing virus
        « Reply #3 on: January 30, 2011, 03:12:25 PM »
        Malwarebytes' Anti-Malware 1.50.1.1100
        www.malwarebytes.org

        Database version: 5641

        Windows 6.1.7600
        Internet Explorer 8.0.7600.16385

        1/30/2011 4:36:53 PM
        mbam-log-2011-01-30 (16-36-53).txt

        Scan type: Quick scan
        Objects scanned: 163957
        Time elapsed: 1 minute(s), 41 second(s)

        Memory Processes Infected: 0
        Memory Modules Infected: 0
        Registry Keys Infected: 0
        Registry Values Infected: 0
        Registry Data Items Infected: 0
        Folders Infected: 1
        Files Infected: 5

        Memory Processes Infected:
        (No malicious items detected)

        Memory Modules Infected:
        (No malicious items detected)

        Registry Keys Infected:
        (No malicious items detected)

        Registry Values Infected:
        (No malicious items detected)

        Registry Data Items Infected:
        (No malicious items detected)

        Folders Infected:
        c:\Users\mindy\AppData\Roaming\smart internet protection 2011 (Rogue.SmartInternetProtection2011) -> Quarantined and deleted successfully.

        Files Infected:
        c:\Users\mindy\AppData\Roaming\microsoft\Windows\start menu\smart internet protection 2011.lnk (Rogue.SmartInternetProtection2011) -> Quarantined and deleted successfully.
        c:\Users\mindy\AppData\Roaming\microsoft\Windows\start menu\Programs\smart internet protection 2011.lnk (Rogue.SmartInternetProtection2011) -> Quarantined and deleted successfully.
        c:\Users\mindy\AppData\Roaming\microsoft\internet explorer\quick launch\smart internet protection 2011.lnk (Rogue.SmartInternetProtection2011) -> Quarantined and deleted successfully.
        c:\Users\mindy\AppData\Roaming\smart internet protection 2011\cookies.sqlite (Rogue.SmartInternetProtection2011) -> Quarantined and deleted successfully.
        c:\Users\mindy\AppData\Roaming\smart internet protection 2011\instructions.ini (Rogue.SmartInternetProtection2011) -> Quarantined and deleted successfully.
        Logged

        jcaps474

          Topic Starter


          Rookie
          • Experience: Familiar
          • OS: Windows 7
          Re: Help, internet preventing virus
          « Reply #4 on: January 30, 2011, 03:13:06 PM »
          Logfile of Trend Micro HijackThis v2.0.4
          Scan saved at 5:11:31 PM, on 1/30/2011
          Platform: Windows 7  (WinNT 6.00.3504)
          MSIE: Internet Explorer v8.00 (8.00.7600.16700)
          Boot mode: Normal

          Running processes:
          C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
          C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe
          C:\Program Files (x86)\Mozilla Firefox\firefox.exe
          C:\Program Files (x86)\Trend Micro\HiJackThis\sniper.exe.exe
          C:\Windows\SysWOW64\DllHost.exe

          R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
          R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
          R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
          R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
          R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
          R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:25430
          F2 - REG:system.ini: UserInit=userinit.exe,
          O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll
          O2 - BHO: vShare Plugin - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files (x86)\vShare\vshare_toolbar.dll
          O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
          O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\ievkbd.dll
          O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
          O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
          O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
          O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll
          O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
          O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll
          O3 - Toolbar: vShare Plugin - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files (x86)\vShare\vshare_toolbar.dll
          O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
          O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
          O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
          O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
          O4 - HKLM\..\Run: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe"
          O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
          O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
          O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\ie_banner_deny.htm
          O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
          O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
          O9 - Extra button: &Virtual Keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll
          O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
          O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
          O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
          O9 - Extra button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll
          O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
          O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
          O16 - DPF: {140E4DF8-9E14-4A34-9577-C77561ED7883} (SysInfo Class) - http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.1.71.0.cab
          O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
          O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
          O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
          O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
          O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
          O18 - Protocol: vsharechrome - {3F3A4B8A-86FC-43A4-BB00-6D7EBE9D4484} - C:\Program Files (x86)\vShare\vshare_toolbar.dll
          O20 - AppInit_DLLs: ???Z?*, C:\PROGRA~2\KASPER~1\KASPER~1\mzvkbd3.dll, C:\PROGRA~2\KASPER~1\KASPER~1\sbhook.dll
          O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
          O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
          O23 - Service: Kaspersky Anti-Virus Service (AVP) - Kaspersky Lab ZAO - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe
          O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
          O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
          O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
          O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
          O23 - Service: MSSQL$SONY_MEDIAMGR - Unknown owner - C:\Program Files (x86)\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe (file missing)
          O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
          O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)
          O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
          O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
          O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
          O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
          O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
          O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
          O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
          O23 - Service: SQLAgent$SONY_MEDIAMGR - Unknown owner - C:\Program Files (x86)\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlagent.EXE (file missing)
          O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
          O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
          O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
          O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
          O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
          O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
          O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
          O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
          O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
          O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe

          --
          End of file - 9839 bytes
          Logged

          jcaps474

            Topic Starter


            Rookie
            • Experience: Familiar
            • OS: Windows 7
            Re: Help, internet preventing virus
            « Reply #5 on: January 30, 2011, 03:55:16 PM »
            The problem persists, anything else to consider doing?
            Logged

            SuperDave

            • Malware Removal Specialist
            • Moderator


              • Genius
              • Thanked: 1020
            • Certifications: List
            • Experience: Expert
            • OS: Windows 10
            Re: Help, internet preventing virus
            « Reply #6 on: January 31, 2011, 01:10:42 PM »
            Hello and welcome to Computer Hope Forum. My name is Dave. I will be helping you out with your particular problem on your computer.

            1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.
            2. The fixes are specific to your problem and should only be used for this issue on this machine.
            3. If you don't know or understand something, please don't hesitate to ask.
            4. Please DO NOT run any other tools or scans while I am helping you.
            5. It is important that you reply to this thread. Do not start a new topic.
            6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
            7. Absence of symptoms does not mean that everything is clear.

            If you can't access the internet with your infected computer you will have to download and transfer any programs to the computer you're using now and transfer them to the infected computer with a CD-RW or a USB storage device. I prefer a CD because a storage device can get infected. If you use a storage device hold the shift key down while inserting the USB storage device for about 10 secs. You will also have to transfer the logs you receive back to the good computer using the same method until we can get the computer back on-line.
            ****************************************************
            Open HijackThis and select Do a system scan only

            Place a check mark next to the following entries: (if there)

            R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:25430

            Important: Close all open windows except for HijackThis and then click Fix checked.

            Once completed, exit HijackThis.
            ******************************************
            Download ComboFix by sUBs from one of the below links.  Be sure to save it to the Desktop.

            link # 1
            Link # 2
            If you are using Firefox, make sure that your download settings are as follows:

            * Tools->Options->Main tab
            * Set to "Always ask me where to Save the files".

            Close any open web browsers (Firefox, Internet Explorer, etc) before starting ComboFix.

            Temporarily disable your anti-virus, and any anti-spyware real-time protection before performing a scan. Click this link to see a list of security programs that should be disabled and how to disable them.

            Right-click combofix.exe and select Run as Administrator and follow the prompts.
            When finished, ComboFix will produce a log for you.
            Post the ComboFix log and a new HijackThis log in your next reply.

            NOTE: Do not mouseclick ComboFix's window while it is running. That may cause it to stall.

            Remember to re-enable your anti-virus and anti-spyware protection when ComboFix is complete.
            Logged
            Windows 8 and Windows 10 dual boot with two SSD's

            jcaps474

              Topic Starter


              Rookie
              • Experience: Familiar
              • OS: Windows 7
              Re: Help, internet preventing virus
              « Reply #7 on: January 31, 2011, 06:05:25 PM »
              ComboFix 11-01-31.01 - mindy 01/31/2011  19:57:18.1.4 - x64
              Microsoft Windows 7 Professional   6.1.7600.0.1252.1.1033.18.3839.2543 [GMT -5:00]
              Running from: c:\users\mindy\Desktop\ComboFix.exe
              AV: Kaspersky Internet Security *Disabled/Outdated* {56547CC9-C9B2-849D-8FEF-A496150D6A06}
              AV: Microsoft Security Essentials *Disabled/Updated* {BF5CEBDC-F2D3-7540-343C-F0CE11FD6E66}
              FW: Kaspersky Internet Security *Disabled* {6E6FFDEC-83DD-85C5-A4B0-0DA3EBDE2D7D}
              SP: Kaspersky Internet Security *Disabled/Updated* {ED359D2D-EF88-8B13-B55F-9FE46E8A20BB}
              SP: Microsoft Security Essentials *Disabled/Updated* {043D0A38-D4E9-7ACE-0E8C-CBBC6A7A24DB}
              SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
              .

              (((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
              .

              c:\users\mindy\AppData\Roaming\Microsoft\Windows\Recent\ANTIGEN.dll
              c:\users\mindy\AppData\Roaming\Microsoft\Windows\Recent\ANTIGEN.tmp
              c:\users\mindy\AppData\Roaming\Microsoft\Windows\Recent\cid.sys
              c:\users\mindy\AppData\Roaming\Microsoft\Windows\Recent\CLSV.dll
              c:\users\mindy\AppData\Roaming\Microsoft\Windows\Recent\CLSV.exe
              c:\users\mindy\AppData\Roaming\Microsoft\Windows\Recent\CLSV.tmp
              c:\users\mindy\AppData\Roaming\Microsoft\Windows\Recent\DBOLE.exe
              c:\users\mindy\AppData\Roaming\Microsoft\Windows\Recent\ddv.sys
              c:\users\mindy\AppData\Roaming\Microsoft\Windows\Recent\delfile.dll
              c:\users\mindy\AppData\Roaming\Microsoft\Windows\Recent\dudl.tmp
              c:\users\mindy\AppData\Roaming\Microsoft\Windows\Recent\eb.sys
              c:\users\mindy\AppData\Roaming\Microsoft\Windows\Recent\eb.tmp
              c:\users\mindy\AppData\Roaming\Microsoft\Windows\Recent\energy.drv
              c:\users\mindy\AppData\Roaming\Microsoft\Windows\Recent\energy.exe
              c:\users\mindy\AppData\Roaming\Microsoft\Windows\Recent\energy.sys
              c:\users\mindy\AppData\Roaming\Microsoft\Windows\Recent\exec.exe
              c:\users\mindy\AppData\Roaming\Microsoft\Windows\Recent\exec.tmp
              c:\users\mindy\AppData\Roaming\Microsoft\Windows\Recent\fix.dll
              c:\users\mindy\AppData\Roaming\Microsoft\Windows\Recent\fix.drv
              c:\users\mindy\AppData\Roaming\Microsoft\Windows\Recent\FW.drv
              c:\users\mindy\AppData\Roaming\Microsoft\Windows\Recent\gid.tmp
              c:\users\mindy\AppData\Roaming\Microsoft\Windows\Recent\hymt.exe
              c:\users\mindy\AppData\Roaming\Microsoft\Windows\Recent\hymt.sys
              c:\users\mindy\AppData\Roaming\Microsoft\Windows\Recent\kernel32.drv
              c:\users\mindy\AppData\Roaming\Microsoft\Windows\Recent\pal.exe
              c:\users\mindy\AppData\Roaming\Microsoft\Windows\Recent\PE.dll
              c:\users\mindy\AppData\Roaming\Microsoft\Windows\Recent\PE.drv
              c:\users\mindy\AppData\Roaming\Microsoft\Windows\Recent\PE.sys
              c:\users\mindy\AppData\Roaming\Microsoft\Windows\Recent\PE.tmp
              c:\users\mindy\AppData\Roaming\Microsoft\Windows\Recent\ppal.exe
              c:\users\mindy\AppData\Roaming\Microsoft\Windows\Recent\SICKBOY.drv
              c:\users\mindy\AppData\Roaming\Microsoft\Windows\Recent\SICKBOY.sys
              c:\users\mindy\AppData\Roaming\Microsoft\Windows\Recent\sld.dll
              c:\users\mindy\AppData\Roaming\Microsoft\Windows\Recent\sld.drv
              c:\users\mindy\AppData\Roaming\Microsoft\Windows\Recent\SM.drv
              c:\users\mindy\AppData\Roaming\Microsoft\Windows\Recent\snl2w.dll
              c:\users\mindy\AppData\Roaming\Microsoft\Windows\Recent\snl2w.drv
              c:\users\mindy\AppData\Roaming\Microsoft\Windows\Recent\std.dll
              c:\users\mindy\AppData\Roaming\Microsoft\Windows\Recent\tjd.drv
              c:\users\mindy\AppData\Roaming\Microsoft\Windows\Recent\tjd.exe
              c:\users\mindy\AppData\Roaming\Microsoft\Windows\Recent\tjd.sys

              .
              (((((((((((((((((((((((((   Files Created from 2011-01-01 to 2011-02-01  )))))))))))))))))))))))))))))))
              .

              2011-02-01 01:02 . 2011-02-01 01:02   --------   d-----w-   c:\users\Default\AppData\Local\temp
              2011-01-30 22:04 . 2011-01-30 22:04   388096   ----a-r-   c:\users\mindy\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
              2011-01-30 22:04 . 2011-01-30 22:04   --------   d-----w-   c:\program files (x86)\Trend Micro
              2011-01-30 16:54 . 2011-01-30 16:54   --------   d-----w-   c:\users\mindy\AppData\Roaming\SUPERAntiSpyware.com
              2011-01-30 16:54 . 2011-01-30 16:54   --------   d-----w-   c:\programdata\SUPERAntiSpyware.com
              2011-01-30 16:54 . 2011-01-30 16:54   --------   d-----w-   c:\programdata\!SASCORE
              2011-01-30 16:54 . 2011-01-30 17:59   --------   d-----w-   c:\program files\SUPERAntiSpyware
              2011-01-30 16:44 . 2011-01-30 16:44   --------   d-----w-   c:\program files\CCleaner
              2011-01-30 07:35 . 2010-10-06 01:26   109240   ----a-w-   c:\program files (x86)\Mozilla *Blocked Russian URL*\components\abhelperxpcom.dll
              2011-01-30 07:35 . 2010-10-06 01:27   150200   ----a-w-   c:\program files (x86)\Mozilla *Blocked Russian URL*\components\kavlinkfilter.dll
              2011-01-30 07:33 . 2011-02-01 01:02   --------   d-----w-   c:\programdata\Kaspersky Lab
              2011-01-30 07:33 . 2011-01-30 07:33   --------   d-----w-   c:\program files (x86)\Kaspersky Lab
              2011-01-30 07:29 . 2011-01-30 07:29   --------   d-----w-   c:\programdata\Kaspersky Lab Setup Files
              2011-01-28 09:34 . 2011-01-13 10:20   7844688   ----a-w-   c:\programdata\Microsoft\Windows Defender\Definition Updates\{362F9319-122B-448E-BA0E-1075F677CA49}\mpengine.dll
              2011-01-27 13:56 . 2011-01-27 13:56   --------   d-sh--w-   c:\programdata\SIVUGHTP
              2011-01-20 17:44 . 2011-01-20 17:44   --------   d-----w-   c:\users\mindy\AppData\Roaming\Malwarebytes
              2011-01-20 17:44 . 2011-01-20 17:44   --------   d-----w-   c:\programdata\Malwarebytes
              2011-01-20 17:44 . 2010-12-20 23:09   38224   ----a-w-   c:\windows\SysWow64\drivers\mbamswissarmy.sys
              2011-01-20 17:44 . 2011-01-30 21:33   --------   d-----w-   c:\program files (x86)\Malwarebytes' Anti-Malware
              2011-01-20 17:44 . 2010-12-20 23:08   24152   ----a-w-   c:\windows\system32\drivers\mbam.sys
              2011-01-16 22:51 . 2011-01-16 22:51   --------   d-sh--w-   c:\programdata\PIYIIXFNS
              2011-01-16 22:49 . 2011-01-28 02:50   --------   d-sh--w-   c:\programdata\76f0d4
              2011-01-05 23:35 . 2008-05-08 00:59   99840   ----a-w-   c:\windows\system32\Spool\prtprocs\x64\HPZPPLHN.DLL

              .
              ((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
              .
              2010-11-12 23:53 . 2010-06-24 03:43   472808   ----a-w-   c:\windows\SysWow64\deployJava1.dll
              2010-11-10 02:35 . 2010-12-09 13:35   8199504   ------w-   c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{7D7E80C4-4068-4C66-8CCC-AC5FD27C62BC}\mpengine.dll
              2010-11-04 06:35 . 2010-12-16 02:50   1194496   ----a-w-   c:\windows\system32\wininet.dll
              2010-11-04 06:31 . 2010-12-16 02:50   57856   ----a-w-   c:\windows\system32\licmgr10.dll
              2010-11-04 05:52 . 2010-12-16 02:50   978944   ----a-w-   c:\windows\SysWow64\wininet.dll
              2010-11-04 05:48 . 2010-12-16 02:50   44544   ----a-w-   c:\windows\SysWow64\licmgr10.dll
              2010-11-04 05:16 . 2010-12-16 02:50   482816   ----a-w-   c:\windows\system32\html.iec
              2010-11-04 04:41 . 2010-12-16 02:50   386048   ----a-w-   c:\windows\SysWow64\html.iec
              2010-11-04 04:35 . 2010-12-16 02:50   1638912   ----a-w-   c:\windows\system32\mshtml.tlb
              2010-11-04 04:08 . 2010-12-16 02:50   1638912   ----a-w-   c:\windows\SysWow64\mshtml.tlb
              2010-02-28 04:24 . 2010-02-28 04:24   8327264   ----a-w-   c:\program files (x86)\Firefox Setup 3.6.exe
              .

              (((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
              .
              .
              *Note* empty entries & legit default entries are not shown
              REGEDIT4

              [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
              "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1475072]
              "SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-01-13 2988784]

              [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
              "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-03-18 421888]
              "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
              "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
              "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
              "AVP"="c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe" [2010-11-03 365336]

              [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
              "ConsentPromptBehaviorUser"= 2 (0x2)
              "EnableUIADesktopToggle"= 0 (0x0)

              [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
              "AppInit_DLLs"=c:\progra~2\KASPER~1\KASPER~1\mzvkbd3.dll c:\progra~2\KASPER~1\KASPER~1\sbhook.dll

              [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
              Security Packages   REG_MULTI_SZ      kerberos msv1_0 schannel wdigest tspkg pku2u livessp

              [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
              @=""

              [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
              @="Service"

              [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
              "DisableMonitoring"=dword:00000001

              R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
              R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
              R3 dump_wmimmc;dump_wmimmc;c:\program files\GALA-NET\Rappelz\GameGuard\dump_wmimmc.sys

              R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des

              R3 UsbGps;LGE CDMA USB GPS NMEA Port;c:\windows\system32\DRIVERS\lgx64gps.sys [2008-11-11 27136]
              R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-02-28 1255736]
              S1 kl2;kl2;c:\windows\system32\DRIVERS\kl2.sys [2010-06-09 11864]
              S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [2010-04-22 27736]
              S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2010-02-17 14920]
              S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2010-02-17 12360]
              S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2010-06-29 128752]
              S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 27136]
              S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys [2009-11-03 22544]
              S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2009-12-02 40832]


              [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
              Akamai   REG_MULTI_SZ      Akamai
              .
              Contents of the 'Scheduled Tasks' folder
              .

              --------- x86-64 -----------


              [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
              "LoadAppInit_DLLs"=0x1
              "AppInit_DLLs"=c:\progra~2\KASPER~1\KASPER~1\x64\sbhook64.dll
              .
              ------- Supplementary Scan -------
              .
              uLocal Page = c:\windows\system32\blank.htm
              uStart Page = hxxp://www.google.com/
              mLocal Page = c:\windows\SysWOW64\blank.htm
              IE: Add to Anti-Banner - c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\ie_banner_deny.htm
              DPF: {140E4DF8-9E14-4A34-9577-C77561ED7883} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.1.71.0.cab
              FF - ProfilePath - c:\users\mindy\AppData\Roaming\Mozilla\Firefox\Profiles\9s0gbjlr.default\
              FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2536667&SearchSource=3&q={searchTerms}
              FF - prefs.js: browser.search.selectedEngine - Web Search...
              FF - prefs.js: browser.startup.homepage - hxxp://www.facebook.com/?ref=hp
              FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2536667&q=
              FF - prefs.js: network.proxy.type - 0
              FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
              FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
              FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
              FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
              FF - Ext: Anti-Banner: *Blocked Russian URL* - c:\program files (x86)\Mozilla *Blocked Russian URL*
              FF - Ext: Kaspersky URL Advisor: *Blocked Russian URL* - c:\program files (x86)\Mozilla *Blocked Russian URL*
              FF - Ext: Castle Age Toolbar: {aac4043a-8832-4abe-9963-35377f30b8e6} - %profile%\extensions\{aac4043a-8832-4abe-9963-35377f30b8e6}
              FF - Ext: Yahoo! Toolbar: {635abd67-4fe9-1b23-4f01-e679fa7484c1} - %profile%\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
              FF - Ext: Personas: [email protected] - %profile%\extensions\[email protected]
              FF - Ext: Greasemonkey: {e4a8a97b-f2ed-450b-b12d-ee082ba24781} - %profile%\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
              FF - Ext: <?xmlversion=1.0?><RDF xmlns=http://www.w3.org/1999/02/22-rdf-syntax-ns# xmlns:em=http://www.mozilla.org/2004/em-rdf#><Description about=urn:mozilla:install-manifest><em:id>{cd994368-1a91-4839-acc9-f8aa8aeb550c}: {cd994368-1a91-4839-acc9-f8aa8aeb550c} - %profile%\extensions\{cd994368-1a91-4839-acc9-f8aa8aeb550c}
              FF - Ext: vShare Plugin: vshare@toolbar - %profile%\extensions\vshare@toolbar
              FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
              .
              - - - - ORPHANS REMOVED - - - -

              WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
              AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe



              [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npggsvc]
              "ImagePath"="c:\windows\system32\GameMon.des -service"
              .
              --------------------- LOCKED REGISTRY KEYS ---------------------

              [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
              @Denied: (A 2) (Everyone)
              @="FlashBroker"
              "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe,-101"

              [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
              "Enabled"=dword:00000001

              [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
              @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe"

              [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
              @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

              [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
              @Denied: (A 2) (Everyone)
              @="Shockwave Flash Object"

              [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
              @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx"
              "ThreadingModel"="Apartment"

              [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
              @="0"

              [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
              @="ShockwaveFlash.ShockwaveFlash.10"

              [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
              @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx, 1"

              [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
              @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

              [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
              @="1.0"

              [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
              @="ShockwaveFlash.ShockwaveFlash"

              [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
              @Denied: (A 2) (Everyone)
              @="Macromedia Flash Factory Object"

              [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
              @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx"
              "ThreadingModel"="Apartment"

              [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
              @="FlashFactory.FlashFactory.1"

              [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
              @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx, 1"

              [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
              @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

              [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
              @="1.0"

              [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
              @="FlashFactory.FlashFactory"

              [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
              @Denied: (A 2) (Everyone)
              @="IFlashBroker4"

              [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
              @="{00020424-0000-0000-C000-000000000046}"

              [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
              @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
              "Version"="1.0"

              [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
              @Denied: (A) (Users)
              @Denied: (A) (Everyone)
              @Allowed: (B 1 2 3 4 5) (S-1-5-20)
              "BlindDial"=dword:00000000

              [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
              @Denied: (A) (Users)
              @Denied: (A) (Everyone)
              @Allowed: (B 1 2 3 4 5) (S-1-5-20)
              "BlindDial"=dword:00000000

              [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
              @Denied: (A) (Users)
              @Denied: (A) (Everyone)
              @Allowed: (B 1 2 3 4 5) (S-1-5-20)
              "BlindDial"=dword:00000000

              [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
              @Denied: (Full) (Everyone)
              .
              Completion time: 2011-01-31  20:03:45
              ComboFix-quarantined-files.txt  2011-02-01 01:03

              Pre-Run: 43,635,773,440 bytes free
              Post-Run: 43,136,581,632 bytes free

              - - End Of File - - AB824D39D0E3C9E8E7C1747E1CE8164D
              Logged

              jcaps474

                Topic Starter


                Rookie
                • Experience: Familiar
                • OS: Windows 7
                Re: Help, internet preventing virus
                « Reply #8 on: January 31, 2011, 06:06:57 PM »
                srry, lost the Hijack This log, thats all my bad :P
                Logged

                jcaps474

                  Topic Starter


                  Rookie
                  • Experience: Familiar
                  • OS: Windows 7
                  Re: Help, internet preventing virus
                  « Reply #9 on: January 31, 2011, 06:27:58 PM »
                  well, the symptoms are gone, But this doesnt mean the malware is... right?
                  Logged

                  SuperDave

                  • Malware Removal Specialist
                  • Moderator


                    • Genius
                    • Thanked: 1020
                  • Certifications: List
                  • Experience: Expert
                  • OS: Windows 10
                  Re: Help, internet preventing virus
                  « Reply #10 on: February 01, 2011, 01:00:32 PM »
                  Quote
                  srry, lost the Hijack This log, thats all my bad
                  Not a problem.
                  Quote
                  well, the symptoms are gone, But this doesnt mean the malware is... right?
                  Correct. We still have some more scans to run.

                  Mindy, the CF log shows that your're running two AV programs which is a no-no; Kaspersky Internet Security and Microsoft Security Essentials. One will have to be disabled/removed.
                  Kaspersky is outdated. It would be best to keep MSE. Please look after this pronto.

                  Please download the Sophos Anti-Rootkit Scanner and save it to your desktop.

                  You will need to enter your name, e-mail address and location in order to access the download page.

                  • Once you have downloaded the file, double click the sarsfx icon
                  • Review the licence agreement and click on the Accept button
                  • The scanner will prompt you to extract the files to C:\SOPHTEMP - DO NOT change this location, simply click the Install button

                  • Once the files have been extracted; using Windows Explorer, navigate to C:\SOPHTEMP and double click on the blue shield icon called sargui
                  • Ensure that there are checkmarks next to Running processes, Windows registry and Local hard drives, then click Start scan
                  • Allow the program to scan your computer - please be patient as it may take some time
                  • Once the scan has completed a window will pop-up with the results of the scan - click OK to this
                  • In the main window, you will see each of the entries found by the scan (if any)
                    • If the scanner generated any warning messages, please click on each warning and copy and paste the text of it into this thread for me to review
                    • Once you have posted any warning messages here, you can close the scanner and wait for me to get back to you
                  • If you have not had any warnings, any entries which can be cleaned up by the scanner will have a box with a green checkmark in it next to the entry
                  • To clean up these entries click on the Clean up checked items button
                  • If you accidentally check a file NOT recommended for clean up, you will get a warning message and if necessary can re-select the entries you want to clean up
                  • Once you have cleaned the selected files, you will be prompted to re-boot your computer - please do so
                  • When you have re-booted, please post a fresh HijackThis log into this thread and tell me how your computer is running now
                  Logged
                  Windows 8 and Windows 10 dual boot with two SSD's

                  jcaps474

                    Topic Starter


                    Rookie
                    • Experience: Familiar
                    • OS: Windows 7
                    Re: Help, internet preventing virus
                    « Reply #11 on: February 01, 2011, 08:00:02 PM »
                    Logfile of Trend Micro HijackThis v2.0.4
                    Scan saved at 9:58:22 PM, on 2/1/2011
                    Platform: Windows 7  (WinNT 6.00.3504)
                    MSIE: Internet Explorer v8.00 (8.00.7600.16700)
                    Boot mode: Normal

                    Running processes:
                    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
                    C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe
                    C:\Program Files (x86)\Mozilla Firefox\firefox.exe
                    C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
                    C:\Program Files (x86)\DAP\DAP.EXE
                    C:\Program Files (x86)\Trend Micro\HiJackThis\sniper.exe.exe
                    C:\Windows\SysWOW64\DllHost.exe

                    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
                    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
                    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
                    O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll
                    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
                    O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\ievkbd.dll
                    O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
                    O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
                    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
                    O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll
                    O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
                    O2 - BHO: Download Accelerator Plus Integration - {FF6C3CF0-4B15-11D1-ABED-709549C10000} - C:\PROGRA~2\DAP\DAPIEL~1.DLL
                    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll
                    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
                    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
                    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
                    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
                    O4 - HKLM\..\Run: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe"
                    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
                    O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
                    O4 - HKCU\..\Run: [DownloadAccelerator] "C:\Program Files (x86)\DAP\DAP.EXE" /STARTUP
                    O8 - Extra context menu item: &Clean Traces - C:\Program Files (x86)\DAP\Privacy Package\dapcleanerie.htm
                    O8 - Extra context menu item: &Download with &DAP - C:\Program Files (x86)\DAP\dapextie.htm
                    O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\ie_banner_deny.htm
                    O8 - Extra context menu item: Download &all with DAP - C:\Program Files (x86)\DAP\dapextie2.htm
                    O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
                    O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
                    O9 - Extra button: &Virtual Keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll
                    O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
                    O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
                    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
                    O9 - Extra button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll
                    O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
                    O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
                    O16 - DPF: {140E4DF8-9E14-4A34-9577-C77561ED7883} (SysInfo Class) - http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.1.71.0.cab
                    O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
                    O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
                    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
                    O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
                    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
                    O18 - Protocol: vsharechrome - {3F3A4B8A-86FC-43A4-BB00-6D7EBE9D4484} - (no file)
                    O20 - AppInit_DLLs: C:\PROGRA~2\KASPER~1\KASPER~1\mzvkbd3.dll C:\PROGRA~2\KASPER~1\KASPER~1\sbhook.dll
                    O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
                    O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
                    O23 - Service: Kaspersky Anti-Virus Service (AVP) - Kaspersky Lab ZAO - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe
                    O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
                    O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
                    O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
                    O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
                    O23 - Service: MSSQL$SONY_MEDIAMGR - Unknown owner - C:\Program Files (x86)\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe (file missing)
                    O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
                    O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)
                    O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
                    O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
                    O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
                    O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
                    O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
                    O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
                    O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
                    O23 - Service: SQLAgent$SONY_MEDIAMGR - Unknown owner - C:\Program Files (x86)\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlagent.EXE (file missing)
                    O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
                    O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
                    O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
                    O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
                    O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
                    O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
                    O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
                    O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
                    O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
                    O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe

                    --
                    End of file - 9855 bytes


                    Computer is running fine now, thanks Dave!
                    Logged

                    SuperDave

                    • Malware Removal Specialist
                    • Moderator


                      • Genius
                      • Thanked: 1020
                    • Certifications: List
                    • Experience: Expert
                    • OS: Windows 10
                    Re: Help, internet preventing virus
                    « Reply #12 on: February 02, 2011, 11:53:08 AM »
                    Why do you keep on posting the HJT log? I need to see the log from the Sophos Anti-Rootkit scanner.
                    Logged
                    Windows 8 and Windows 10 dual boot with two SSD's

                    jcaps474

                      Topic Starter


                      Rookie
                      • Experience: Familiar
                      • OS: Windows 7
                      Re: Help, internet preventing virus
                      « Reply #13 on: February 05, 2011, 07:27:35 AM »
                      there is nothing to clean from anti rootkit scanner and no option comes up to where it says anything about a log.
                      Logged

                      SuperDave

                      • Malware Removal Specialist
                      • Moderator


                        • Genius
                        • Thanked: 1020
                      • Certifications: List
                      • Experience: Expert
                      • OS: Windows 10
                      Re: Help, internet preventing virus
                      « Reply #14 on: February 05, 2011, 01:01:54 PM »
                      Ok. Let's try this one.
                      Please download Rooter and Save it to your desktop.
                      • Double click it to start the tool.Vista and Windows7 run as administrator.
                      • Click Scan.
                      • Eventually, a Notepad file containing the report will open, also found at C:\Rooter.txt. Post that log in your next reply.
                      Logged
                      Windows 8 and Windows 10 dual boot with two SSD's
                      Pages: [1]   Go Up
                      « previous next »