Welcome guest. Before posting on our computer help forum, you must register. Click here it's easy and free.

« previous next »
Pages: [1]   Go Down

Author Topic: confrimation that my cumputer is clean  (Read 5303 times)

0 Members and 1 Guest are viewing this topic.

core126

  • Guest
confrimation that my cumputer is clean
« on: August 21, 2010, 02:44:39 PM »
so i seem to have gotten some viruses from a link on a website. the viruses made multiple error messages come up and messed with my proxy settings so i couldn't access the internet without changing them. here is my information:

SUPERantispyware log:

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 08/20/2010 at 11:31 PM

Application Version : 4.41.1000

Core Rules Database Version : 5347
Trace Rules Database Version: 3159

Scan type       : Complete Scan
Total Scan Time : 08:27:39

Memory items scanned      : 581
Memory threats detected   : 0
Registry items scanned    : 13055
Registry threats detected : 101
File items scanned        : 212585
File threats detected     : 12

Adware.MyWebSearch
   (x86) HKU\S-1-5-21-1801315782-2095267580-2537685392-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00A6FAF1-072E-44CF-8957-5838F569A31D}
   (x86) HKCR\CLSID\{00A6FAF1-072E-44CF-8957-5838F569A31D}
   (x86) HKU\S-1-5-21-1801315782-2095267580-2537685392-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA1-A523-4961-B6BB-170DE4475CCA}
   (x86) HKCR\CLSID\{07B18EA1-A523-4961-B6BB-170DE4475CCA}
   (x86) HKU\S-1-5-21-1801315782-2095267580-2537685392-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA9-A523-4961-B6BB-170DE4475CCA}
   (x86) HKCR\CLSID\{07B18EA9-A523-4961-B6BB-170DE4475CCA}
   C:\USERS\BRAYDEN\DOWNLOADS\MYWEBFACESETUP2.3.67.1.NOSA.NOHP.GRFOX000.EXE

Adware.MyWebSearch/FunWebProducts
   (x86) HKLM\SOFTWARE\Fun Web Products
   (x86) HKLM\SOFTWARE\Fun Web Products#JpegConversionLib
   (x86) HKLM\SOFTWARE\Fun Web Products\MSNMessenger
   (x86) HKLM\SOFTWARE\Fun Web Products\MSNMessenger#DLLFile
   (x86) HKLM\SOFTWARE\Fun Web Products\MSNMessenger#DLLDir
   (x86) HKLM\SOFTWARE\Fun Web Products\ScreenSaver
   (x86) HKLM\SOFTWARE\Fun Web Products\ScreenSaver#ImagesDir
   (x86) HKLM\SOFTWARE\Fun Web Products\Settings
   (x86) HKLM\SOFTWARE\Fun Web Products\Settings\Promos
   (x86) HKLM\SOFTWARE\Fun Web Products\Settings\Promos#BuddyTextNone.numActive
   (x86) HKLM\SOFTWARE\Fun Web Products\Settings\Promos#BuddyTextNone.0
   (x86) HKLM\SOFTWARE\Fun Web Products\Settings\Promos#BuddyFreqNone
   (x86) HKLM\SOFTWARE\Fun Web Products\Settings\Promos#BuddyTextUninstalled.numActive
   (x86) HKLM\SOFTWARE\Fun Web Products\Settings\Promos#BuddyTextUninstalled.0
   (x86) HKLM\SOFTWARE\Fun Web Products\Settings\Promos#BuddyFreqUninstalled
   (x86) HKLM\SOFTWARE\Fun Web Products\Settings\Promos#MSN.numActive
   (x86) HKLM\SOFTWARE\Fun Web Products\Settings\Promos#MSN.numActive2
   (x86) HKLM\SOFTWARE\Fun Web Products\Settings\Promos#MSN.2
   (x86) HKLM\SOFTWARE\Fun Web Products\Settings\Promos#MSN.3
   (x86) HKLM\SOFTWARE\Fun Web Products\Settings\Promos#MSN.1
   (x86) HKLM\SOFTWARE\Fun Web Products\Settings\Promos#MSN.4
   (x86) HKLM\SOFTWARE\Fun Web Products\Settings\Promos#MSN.6
   (x86) HKLM\SOFTWARE\Fun Web Products\Settings\Promos#MSN.8
   (x86) HKLM\SOFTWARE\Fun Web Products\Settings\Promos#MSN.5
   (x86) HKLM\SOFTWARE\Fun Web Products\Settings\Promos#MSN.7
   (x86) HKU\S-1-5-21-1801315782-2095267580-2537685392-1000\SOFTWARE\MyWebSearch
   (x86) HKLM\SOFTWARE\MyWebSearch
   (x86) HKLM\SOFTWARE\MyWebSearch\bar
   (x86) HKLM\SOFTWARE\MyWebSearch\bar#pid
   (x86) HKLM\SOFTWARE\MyWebSearch\bar#fwp
   (x86) HKLM\SOFTWARE\MyWebSearch\bar#tiec
   (x86) HKLM\SOFTWARE\MyWebSearch\bar#Dir
   (x86) HKLM\SOFTWARE\MyWebSearch\bar#UninstallString
   (x86) HKLM\SOFTWARE\MyWebSearch\bar#RegHookPath
   (x86) HKLM\SOFTWARE\MyWebSearch\bar#Id
   (x86) HKLM\SOFTWARE\MyWebSearch\bar#CurInstall
   (x86) HKLM\SOFTWARE\MyWebSearch\bar#SettingsDir
   (x86) HKLM\SOFTWARE\MyWebSearch\bar#sr
   (x86) HKLM\SOFTWARE\MyWebSearch\bar#pl
   (x86) HKLM\SOFTWARE\MyWebSearch\bar#HistoryDir
   (x86) HKLM\SOFTWARE\MyWebSearch\SearchAssistant
   (x86) HKLM\SOFTWARE\MyWebSearch\SearchAssistant#pid
   (x86) HKLM\SOFTWARE\MyWebSearch\SearchAssistant#fwp
   (x86) HKLM\SOFTWARE\MyWebSearch\SearchAssistant#esh
   (x86) HKLM\SOFTWARE\MyWebSearch\SearchAssistant#lsp
   (x86) HKLM\SOFTWARE\MyWebSearch\SkinTools
   (x86) HKLM\SOFTWARE\MyWebSearch\SkinTools#PlayerPath
   (x86) HKCR\CLSID\{147A976F-EEE1-4377-8EA7-4716E4CDD239}
   (x86) HKCR\TypeLib\{D518921A-4A03-425E-9873-B9A71756821E}
   (x86) HKCR\TypeLib\{D518921A-4A03-425E-9873-B9A71756821E}\1.0
   (x86) HKCR\TypeLib\{D518921A-4A03-425E-9873-B9A71756821E}\1.0\0
   (x86) HKCR\TypeLib\{D518921A-4A03-425E-9873-B9A71756821E}\1.0\0\win32
   (x86) HKCR\TypeLib\{D518921A-4A03-425E-9873-B9A71756821E}\1.0\FLAGS
   (x86) HKCR\TypeLib\{D518921A-4A03-425E-9873-B9A71756821E}\1.0\HELPDIR
   (x86) HKCR\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}
   (x86) HKCR\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}\ProxyStubClsid
   (x86) HKCR\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}\ProxyStubClsid32
   (x86) HKCR\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}\TypeLib
   (x86) HKCR\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}\TypeLib#Version
   (x86) HKCR\Interface\{741DE825-A6F0-4497-9AA6-8023CF9B0FFF}
   (x86) HKCR\Interface\{741DE825-A6F0-4497-9AA6-8023CF9B0FFF}\ProxyStubClsid
   (x86) HKCR\Interface\{741DE825-A6F0-4497-9AA6-8023CF9B0FFF}\ProxyStubClsid32
   (x86) HKCR\Interface\{741DE825-A6F0-4497-9AA6-8023CF9B0FFF}\TypeLib
   (x86) HKCR\Interface\{741DE825-A6F0-4497-9AA6-8023CF9B0FFF}\TypeLib#Version
   (x86) HKCR\Interface\{CF54BE1C-9359-4395-8533-1657CF209CFE}
   (x86) HKCR\Interface\{CF54BE1C-9359-4395-8533-1657CF209CFE}\ProxyStubClsid
   (x86) HKCR\Interface\{CF54BE1C-9359-4395-8533-1657CF209CFE}\ProxyStubClsid32
   (x86) HKCR\Interface\{CF54BE1C-9359-4395-8533-1657CF209CFE}\TypeLib
   (x86) HKCR\Interface\{CF54BE1C-9359-4395-8533-1657CF209CFE}\TypeLib#Version
   (x86) HKLM\Software\FocusInteractive
   (x86) HKLM\Software\FocusInteractive\bar
   (x86) HKLM\Software\FocusInteractive\bar\Switches
   (x86) HKLM\Software\FocusInteractive\bar\Switches#incmail.exe
   (x86) HKLM\Software\FocusInteractive\bar\Switches#msimn.exe
   (x86) HKLM\Software\FocusInteractive\bar\Switches#msn.exe
   (x86) HKLM\Software\FocusInteractive\bar\Switches#outlook.exe
   (x86) HKLM\Software\FocusInteractive\bar\Switches#waol.exe
   (x86) HKLM\Software\FocusInteractive\bar\Switches#aim.exe
   (x86) HKLM\Software\FocusInteractive\bar\Switches#icq.exe
   (x86) HKLM\Software\FocusInteractive\bar\Switches#icqlite.exe
   (x86) HKLM\Software\FocusInteractive\bar\Switches#msmsgs.exe
   (x86) HKLM\Software\FocusInteractive\bar\Switches#msnmsgr.exe
   (x86) HKLM\Software\FocusInteractive\bar\Switches#ypager.exe
   (x86) HKLM\Software\FocusInteractive\bar\Switches#ua
   (x86) HKLM\Software\FocusInteractive\bar\Switches#au
   (x86) HKLM\Software\FocusInteractive\bar\Switches#mwsSrcAs.dll
   (x86) HKLM\Software\FocusInteractive\bar\Switches#ok
   (x86) HKLM\Software\FocusInteractive\bar\Switches#od
   (x86) HKLM\Software\FocusInteractive\bar\Switches#nk
   (x86) HKLM\Software\FocusInteractive\bar\Switches#nd
   (x86) HKLM\Software\FocusInteractive\Email-IM
   (x86) HKLM\Software\FocusInteractive\Email-IM\0
   (x86) HKLM\Software\FocusInteractive\Email-IM\0#Toolbar
   (x86) HKLM\Software\FocusInteractive\Email-IM\0#AppName
   (x86) HKLM\Software\FocusInteractive\Outlook
   C:\Program Files (x86)\MyWebSearch\bar\History
   C:\Program Files (x86)\MyWebSearch\bar\Settings\s_pid.dat
   C:\Program Files (x86)\MyWebSearch\bar\Settings
   C:\Program Files (x86)\MyWebSearch\bar
   C:\Program Files (x86)\MyWebSearch
   C:\Program Files (x86)\FunWebProducts\ScreenSaver\Images
   C:\Program Files (x86)\FunWebProducts\ScreenSaver
   C:\Program Files (x86)\FunWebProducts

Trojan.Agent/Gen-Exploit
   C:\PROGRAMDATA\UPDATE\SEUPD.EXE
   C:\Windows\Prefetch\SEUPD.EXE-4AD081F2.pf

Adware.Tracking Cookie
   core.insightexpressai.com [ C:\Users\Brayden\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\TN9NVJCK ]



malware bytes log:

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4456

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18943

8/21/2010 12:22:05 PM
mbam-log-2010-08-21 (12-22-05).txt

Scan type: Quick scan
Objects scanned: 137696
Time elapsed: 11 hour(s), 52 minute(s), 0 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 2
Registry Keys Infected: 10
Registry Values Infected: 3
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 4

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\Users\Brayden\AppData\Local\amapipadaxu.dll (Trojan.Hiloti) -> Delete on reboot.
C:\Users\Brayden\AppData\Local\unevmf32.dll (Trojan.Hiloti.Gen) -> Delete on reboot.

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59c7fc09-1c83-4648-b3e6-003d2bbc7481} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68af847f-6e91-45dd-9b68-d6a12c30e5d7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170b96c-28d4-4626-8358-27e6caeef907} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{d1a71fa0-ff48-48dd-9b6d-7a13a3e42127} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{ddb1968e-ead6-40fd-8dae-ff14757f60c7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{f138d901-86f0-4383-99b6-9cdd406036da} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ekutoherajozap (Trojan.Hiloti) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\cyasahasafoxoqoy (Trojan.Hiloti.Gen) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\wydqagol (Trojan.FakeAlert.Gen) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Users\Brayden\AppData\Local\amapipadaxu.dll (Trojan.Hiloti) -> Delete on reboot.
C:\Users\Brayden\AppData\Local\unevmf32.dll (Trojan.Hiloti.Gen) -> Delete on reboot.
C:\Users\Brayden\Local Settings\Application Data\Windows Server\admin.txt (Malware.Trace) -> Quarantined and deleted successfully.
C:\Users\Brayden\Templates\memory.tmp (Trojan.Agent) -> Quarantined and deleted successfully.




hijack this log:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 1:58:14 PM, on 8/21/2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18943)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Dell V305\dldtmon.exe
C:\Program Files (x86)\Steam\steam.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe
C:\Program Files (x86)\PC Tools Firewall Plus\FirewallGUI.exe
C:\Program Files (x86)\Dell V305\dldtMsdMon.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USCON/1
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USCON/1
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer provided by Dell
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:6522
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=C:\Windows\system32\userinit.exe
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\3.8.0.41\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\3.8.0.41\IPSBHO.DLL
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {99E00A4C-D35E-11DD-BA95-9B6A56D89593} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\3.8.0.41\coIEPlg.dll
O4 - HKLM\..\Run: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
O4 - HKLM\..\Run: [dellsupportcenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P dellsupportcenter
O4 - HKLM\..\Run: [00PCTFW] "C:\Program Files (x86)\PC Tools Firewall Plus\FirewallGUI.exe" -s
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [Steam] "c:\program files (x86)\steam\steam.exe" -silent
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [moecrxsnwa.exe] "C:\Users\Brayden\AppData\Local\Temp\moecrxsnwa.exe"
O4 - .DEFAULT User Startup: Dell Dock First Run.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (User 'Default user')
O4 - Startup: Dell Dock.lnk = C:\Program Files\Dell\DellDock\DellDock.exe
O4 - Global Startup: QuickSet.lnk = C:\Program Files\Dell\QuickSet\quickset.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: symres - {AA1061FE-6C41-421F-9344-69640C9732AB} - C:\Program Files (x86)\Norton 360\Engine\3.8.0.41\coIEPlg.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
O23 - Service: Andrea ST Filters Service (AESTFilters) - Unknown owner - C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_15f4e438\AESTSr64.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Ati External Event Utility - Unknown owner - C:\Windows\system32\Ati2evxx.exe (file missing)
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
O23 - Service: dldtCATSCustConnectService - Unknown owner - C:\Windows\system32\spool\DRIVERS\x64\3\\dldtserv.exe
O23 - Service: dldt_device -   - C:\Windows\system32\dldtcoms.exe
O23 - Service: Dock Login Service (DockLoginService) - Stardock Corporation - C:\Program Files\Dell\DellDock\DockLogin.exe
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Unknown owner - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe (file missing)
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: Norton 360 (N360) - Symantec Corporation - C:\Program Files (x86)\Norton 360\Engine\3.8.0.41\ccSvcHst.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: PC Tools Firewall Plus (PCToolsFirewallPlus) - Unknown owner - C:\Program Files (x86)\PC Tools Firewall Plus\FWService.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: SoftThinks Agent Service (SftService) - SoftThinks - C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: SupportSoft Sprocket Service (DellSupportCenter) (sprtsvc_DellSupportCenter) - SupportSoft, Inc. - C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe
O23 - Service: Audio Service (STacSV) - Unknown owner - C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_15f4e438\STacSV64.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\Windows\System32\WLTRYSVC.EXE (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 10260 bytes


thanks in advance :)
Logged

SuperDave

  • Malware Removal Specialist


    • Genius
    • Thanked: 1020
  • Certifications: List
  • Experience: Expert
  • OS: Windows 10
Re: confrimation that my cumputer is clean
« Reply #1 on: August 24, 2010, 01:16:59 PM »
Hello and welcome to Computer Hope Forum. My name is Dave. I will be helping you out with your particular problem on your computer. I am working under the guidance of one of the specialist of this forum so it may take a bit longer to process your logs.

1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.
2. The fixes are specific to your problem and should only be used for this issue on this machine.
3. If you don't know or understand something, please don't hesitate to ask.
4. Please DO NOT run any other tools or scans while I am helping you.
5. It is important that you reply to this thread. Do not start a new topic.
6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
7. Absence of symptoms does not mean that everything is clear.

Open HijackThis and select Do a system scan only

Place a check mark next to the following entries: (if there)

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:6522
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: (no name) - {99E00A4C-D35E-11DD-BA95-9B6A56D89593} - (no file)
O4 - HKCU\..\Run: [moecrxsnwa.exe] "C:\Users\Brayden\AppData\Local\Temp\moecrxsnwa.exe"

Important: Close all open windows except for HijackThis and then click Fix checked.

Once completed, exit HijackThis.
**************************************
Download OTL  to your Desktop
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Under the Custom Scan box paste this in
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%SYSTEMDRIVE%\*.exe
%systemroot%\*. /mp /s
c:\$recycle.bin\*.* /s
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
/md5start
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
nvstor32.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
explorer.exe
svchost.exe
userinit.exe
qmgr.dll
ws2_32.dll
proquota.exe
imm32.dll
kernel32.dll
ndis.sys
autochk.exe
spoolsv.exe
xmlprov.dll
ntmssvc.dll
mswsock.dll
Beep.SYS
ntfs.sys
termsrv.dll
sfcfiles.dll
st3shark.sys
ahcix86.sys
srsvc.dll
nvrd32.sys
/md5stop
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time
Logged
Windows 8 and Windows 10 dual boot with two SSD's
Pages: [1]   Go Up
« previous next »