Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

yafraudcheckonline browser hijack + explorer(windows) issues

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

yafraudcheckonline browser hijack + explorer(windows) issues

Unread postby stanbridge » March 7th, 2011, 2:07 am

Hi there,

I doing some Google image searching online and appear to contracted a browser hijack via an image download!

Since then, I had a LOT of trouble booting back into Windows. Windows would freeze at my wallpaper before loading my desktop icons and start menu. I was able to get past it by disabling a couple of extra "explorer.exe" processes. That said, it looks more like a Win98 Start bar now.

Following this, now when I do a Google search, my searches begin to redirect to yafraudcheckonline, at which point I quickly close the browser.

I am running Windows XP Pro SP3, IE8 and CA Anti-Virus.

My DDS and Attach logs are included below. Thanks very much!!!! :)

Regards,
Stanbridge


DDS
.
DDS (Ver_11-03-05.01) - NTFSx86
Run by Administrator at 16:50:17.70 on Mon 07/03/2011
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3070.2325 [GMT 11:00]
.
AV: CA Anti-Virus Plus *Disabled/Updated* {6B98D35F-BB76-41C0-876B-A50645ED099A}
FW: CA Personal Firewall *Enabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe
svchost.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus Plus\caamsvc.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus Plus\isafe.exe
C:\Program Files\CA\CA Internet Security Suite\ccschedulersvc.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Program Files\CA\CA Internet Security Suite\ccEvtMgr.exe
C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\stsystra.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\AutoMate 5\AM5HkWnd.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files\CA\CA Internet Security Suite\casc.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\AutoMate 5\AutoMate5Svc.exe
C:\SOFTWARE\TimesheetAssistant.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe
C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe
C:\Program Files\Cisco Systems\VPN Client\vpngui.exe
C:\WINDOWS\system32\wscntfy.exe
C:\temp\AV\dds.scr
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com.au/
uInternet Connection Wizard,ShellNext = hxxp://www.nitropdf.com/services/LinkRe ... guage=1033
uInternet Settings,ProxyOverride = *.local
mWinlogon: Userinit=userinit.exe,
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: CA Anti-Phishing Toolbar Helper: {45011cf5-e4a9-4f13-9093-f30a784eb9b2} - c:\program files\ca\ca internet security suite\ca anti-phishing\toolbar\caIEToolbar.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
TB: CA Anti-Phishing Toolbar: {0123b506-0ad9-43aa-b0cf-916c122ad4c5} - c:\program files\ca\ca internet security suite\ca anti-phishing\toolbar\caIEToolbar.dll
EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\ahead\lib\NMBgMonitor.exe"
uRun: [DIMDownloading your update...1285781003180] "c:\program files\corel\coreldraw graphics suite x5\draw\dim.exe" "c:\documents and settings\all users\application data\corel\downloads\540215253_807001\1285781003180\dim_params.xml" -launch=3 -uibase="c:\documents and settings\administrator\application data\corel\messages\540215253_807001\en\messagecache1\workflow"
uRun: [pronto] "c:\program files\wimba\pronto\pronto.exe"
mRun: [SigmatelSysTrayApp] stsystra.exe
mRun: [nwiz] c:\program files\nvidia corporation\nview\nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [AutoMate5] c:\program files\automate 5\AM5HkWnd.exe
mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 8.0\acrobat\Acrotray.exe"
mRun: [NeroFilterCheck] c:\program files\common files\ahead\lib\NeroCheck.exe
mRun: [cctray] "c:\program files\ca\ca internet security suite\casc.exe"
mRun: [capfupgrade] c:\program files\ca\ca internet security suite\ca personal firewall\capfupgrade.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 10.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [MSConfig] c:\windows\pchealth\helpctr\binaries\MSConfig.exe /auto
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\custom~1.lnk - c:\program files\ultravnc\vncviewer.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office\OSA9.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\timesh~1.lnk - c:\software\TimesheetAssistant.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\vpncli~1.lnk - c:\windows\installer\{ccbaa1f7-e5e1-48b2-9ed9-a79c6a37ce78}\Icon3E5562ED7.ico
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\winzip~1.lnk - c:\program files\winzip\WZQKPICK.EXE
IE: Append to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Download with GetRight - c:\program files\getright\GRdownload.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Open With GetRight Browser - c:\program files\getright\GRbrowse.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
LSP: c:\windows\system32\VetRedir.dll
DPF: {00134F72-5284-44F7-95A8-52A619F70751} - hxxps://wsus.bne-staff.rpdata.net.au:43 ... nNTChk.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shoc ... tor/sw.cab
DPF: {5EFE8CB1-D095-11D1-88FC-0080C859833B} - hxxps://wsus.bne-staff.rpdata.net.au:43 ... veCtrl.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/microsoftup ... 7055890000
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftup ... 7055882421
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Notify: PFW - UmxWnp.Dll
AppInit_DLLs: UmxSbxExw.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\docume~1\admini~1\applic~1\mozilla\firefox\profiles\0flgfuuu.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com.au/
FF - prefs.js: network.proxy.type - 0
FF - component: c:\program files\ca\ca internet security suite\ca anti-phishing\toolbar\firefox\components\CAFxToolBar.dll
FF - plugin: c:\documents and settings\administrator\application data\mozilla\firefox\profiles\0flgfuuu.default\extensions\{1bc9ba34-1eed-42ca-a505-6d2f1a935bbb}\plugins\npietab2.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: IE Tab 2 (FF 3.6+): {1BC9BA34-1EED-42ca-A505-6D2F1A935BBB} - %profile%\extensions\{1BC9BA34-1EED-42ca-A505-6D2F1A935BBB}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: New Tab Homepage: {66E978CD-981F-47DF-AC42-E3CF417C1467} - %profile%\extensions\{66E978CD-981F-47DF-AC42-E3CF417C1467}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: CA Anti-Phishing Toolbar: caaphishtoolbar@ca.com - c:\program files\ca\ca internet security suite\ca anti-phishing\toolbar\Firefox
.
---- FIREFOX POLICIES ----
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
============= SERVICES / DRIVERS ===============
.
R0 KmxAMRT;KmxAMRT;c:\windows\system32\drivers\KmxAMRT.sys [2010-9-17 135248]
R0 KmxStart;KmxStart;c:\windows\system32\drivers\KmxStart.sys [2010-5-3 108112]
R1 KmxAgent;KmxAgent;c:\windows\system32\drivers\KmxAgent.sys [2010-3-22 79864]
R1 KmxFile;KmxFile;c:\windows\system32\drivers\KmxFile.sys [2010-9-24 61008]
R1 KmxFw;KmxFw;c:\windows\system32\drivers\KmxFw.sys [2010-9-24 115792]
R2 CAAMSvc;CAAMSvc;c:\program files\ca\ca internet security suite\ca anti-virus plus\CAAMSvc.exe [2011-2-25 206152]
R2 CAISafe;CAISafe;c:\program files\ca\ca internet security suite\ca anti-virus plus\isafe.exe [2011-2-25 212992]
R2 ccSchedulerSVC;CA Common Scheduler Service;c:\program files\ca\ca internet security suite\ccschedulersvc.exe [2011-2-25 206160]
R2 KmxCF;KmxCF;c:\windows\system32\drivers\KmxCF.sys [2010-9-24 146000]
R2 KmxSbx;KmxSbx;c:\windows\system32\drivers\KmxSbx.sys [2010-9-24 61008]
R2 UmxAgent;HIPS Event Manager;c:\program files\ca\sharedcomponents\hipsengine\UmxAgent.exe [2009-8-4 887288]
R2 UmxCfg;HIPS Configuration Interpreter;c:\program files\ca\sharedcomponents\hipsengine\UmxCfg.exe [2010-8-24 740160]
R2 UmxPol;HIPS Policy Manager;c:\program files\ca\sharedcomponents\hipsengine\UmxPol.exe [2010-9-17 301648]
R3 KmxCfg;KmxCfg;c:\windows\system32\drivers\KmxCfg.sys [2010-6-9 244304]
R3 mv2;mv2;c:\windows\system32\drivers\mv2.sys [2011-2-17 10688]
S0 cerc6;cerc6; [x]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-2-23 136176]
S2 uvnc_service;uvnc_service;c:\program files\ultravnc\winvnc.exe [2011-3-7 712704]
S3 KmxAMVet;KmxAMVet;c:\windows\system32\drivers\KmxAMVet.sys [2009-3-27 598656]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2008-4-14 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\microsoft sql server\100\shared\sqladhlp.exe [2009-7-23 47128]
S4 RsFx0103;RsFx0103 Driver;c:\windows\system32\drivers\RsFx0103.sys [2009-3-30 239336]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\microsoft sql server\mssql10.sqlexpress\mssql\binn\SQLAGENT.EXE [2009-3-30 366936]
.
=============== Created Last 30 ================
.
2011-03-07 04:09:01 625664 ----a-w- c:\temp\av\dds.scr
2011-03-04 03:06:23 -------- d-----w- c:\docume~1\admini~1\applic~1\Malwarebytes
2011-03-04 03:06:17 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-03-04 03:06:16 -------- d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2011-03-04 03:06:13 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-03-04 03:06:13 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-03-04 03:03:33 36744 ----a-w- c:\windows\system32\msdnldr.exe
2011-03-02 00:03:57 -------- d-----w- c:\windows\system32\appmgmt
2011-03-01 23:39:01 -------- d-----w- c:\program files\UltraVNC
2011-03-01 23:29:26 -------- d-----w- c:\docume~1\admini~1\locals~1\applic~1\Installer3224
2011-03-01 23:19:20 -------- d-----w- c:\docume~1\admini~1\locals~1\applic~1\Installer3280
2011-03-01 04:56:35 3080237 ----a-w- c:\windows\system32\Msowc.dll
2011-03-01 04:24:19 -------- d-----w- c:\program files\Cityscope Publications
2011-03-01 04:23:32 74000 ----a-w- c:\program files\common files\microsoft shared\database replication\REPLRES.DLL
2011-03-01 04:23:32 213264 ----a-w- c:\program files\common files\microsoft shared\database replication\REPLPROV.DLL
2011-03-01 04:23:32 127248 ----a-w- c:\program files\common files\microsoft shared\database replication\REPLREC.DLL
2011-03-01 04:23:16 56832 ----a-w- c:\program files\common files\microsoft shared\msdesigners98\resources\1033\MDT2DBUI.DLL
2011-03-01 04:23:16 53760 ----a-w- c:\program files\common files\microsoft shared\msdesigners98\resources\1033\MDT2QDUI.DLL
2011-03-01 04:23:16 14336 ----a-w- c:\program files\common files\microsoft shared\msdesigners98\resources\1033\MDT2DDUI.DLL
2011-03-01 04:23:15 20080 ----a-w- c:\windows\system32\WINSSPI.DLL
2011-03-01 04:23:14 32768 ----a-w- c:\windows\system32\hlinkprx.dll
2011-03-01 04:23:12 68080 ----a-w- c:\windows\system32\DIMM.DLL
2011-03-01 04:22:55 31744 ----a-w- c:\windows\system32\hlp95en.dll
2011-03-01 04:22:55 -------- d-----w- c:\program files\Snapshot Viewer
2011-03-01 02:03:50 -------- d-----w- c:\docume~1\admini~1\applic~1\PrimoPDF
2011-02-28 04:31:07 -------- d-----w- c:\program files\PeerBlock
2011-02-28 03:59:10 -------- d-----w- c:\docume~1\admini~1\applic~1\HorizonWimba
2011-02-28 03:56:22 -------- d-----w- c:\program files\Wimba
2011-02-27 23:03:41 21504 -c--a-w- c:\windows\system32\dllcache\hidserv.dll
2011-02-27 23:03:41 21504 ----a-w- c:\windows\system32\hidserv.dll
2011-02-27 23:03:12 32128 -c--a-w- c:\windows\system32\dllcache\usbccgp.sys
2011-02-27 23:03:12 32128 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2011-02-27 22:11:58 -------- d-----w- c:\docume~1\admini~1\applic~1\UltraVNC
2011-02-25 05:55:11 -------- d-----w- c:\program files\ultravnc(NewButRemoved)
2011-02-25 05:45:57 -------- d-----w- c:\program files\ISSThirdParty
2011-02-25 05:45:47 95568 ----a-w- c:\windows\system32\vetredir.dll
2011-02-25 05:45:47 201968 ----a-w- c:\windows\system32\Isafprod.dll
2011-02-25 05:45:47 128336 ----a-w- c:\windows\system32\isafeif.dll
2011-02-25 05:44:36 -------- d-----w- c:\program files\CA
2011-02-25 05:40:31 -------- d-----w- c:\docume~1\alluse~1\applic~1\CA
2011-02-25 04:28:20 55800 ----a-w- c:\temp\ca stuff\amrt\policystorage\ProductAppSign.exe
2011-02-25 04:28:20 453112 ----a-w- c:\temp\ca stuff\UmxAmrtSettings.dll
2011-02-25 04:28:20 135248 ----a-w- c:\temp\ca stuff\KmxAMRT.sys
2011-02-25 03:54:59 7 ----a-w- c:\windows\system32\mkghj.dll
2011-02-25 03:27:02 1445888 ----a-w- c:\documents and settings\administrator\DesktopWinsockxpFix.exe
2011-02-25 03:26:40 186368 ----a-w- c:\documents and settings\administrator\DesktopLSPFix.exe
2011-02-25 03:26:35 36864 ----a-w- c:\documents and settings\administrator\DesktopSafeMSI.exe
2011-02-24 03:58:26 73728 ----a-r- c:\docume~1\admini~1\applic~1\microsoft\installer\{006deade-e12e-4da0-ab65-134f0de9af9a}\NewShortcut6_FA22C8B36029437A9646719DBA760EAE.exe
2011-02-24 03:58:26 73728 ----a-r- c:\docume~1\admini~1\applic~1\microsoft\installer\{006deade-e12e-4da0-ab65-134f0de9af9a}\NewShortcut4_FA22C8B36029437A9646719DBA760EAE.exe
2011-02-24 03:58:26 143360 ----a-r- c:\docume~1\admini~1\applic~1\microsoft\installer\{006deade-e12e-4da0-ab65-134f0de9af9a}\NewShortcut5_FA22C8B36029437A9646719DBA760EAE.exe
2011-02-24 03:58:26 143360 ----a-r- c:\docume~1\admini~1\applic~1\microsoft\installer\{006deade-e12e-4da0-ab65-134f0de9af9a}\ARPPRODUCTICON.exe
2011-02-24 03:58:20 -------- d-----w- c:\program files\Electric Rain
2011-02-24 03:54:25 -------- d-----w- c:\program files\Serena Software Inc
2011-02-24 03:41:07 -------- d-----w- c:\docume~1\admini~1\locals~1\applic~1\Ahead
2011-02-24 03:35:04 -------- d-----w- c:\program files\Nero
2011-02-24 01:36:48 50200 ----a-w- c:\windows\system32\perf-SQLAgent$SQLEXPRESS-sqlagtctr10.1.2531.0.dll
2011-02-24 01:36:43 79896 ----a-w- c:\windows\system32\perf-MSSQL$SQLEXPRESS-sqlctr10.1.2531.0.dll
2011-02-24 01:36:15 -------- d-----w- c:\windows\system32\RsFx
2011-02-24 01:33:45 -------- d-----w- c:\program files\Microsoft SQL Server
2011-02-24 01:33:34 -------- d-----w- c:\program files\Microsoft Synchronization Services
2011-02-24 01:33:34 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2011-02-24 01:33:02 -------- d-----w- c:\docume~1\alluse~1\applic~1\PreEmptive Solutions
2011-02-24 01:31:19 -------- d-----w- c:\program files\Microsoft ASP.NET
2011-02-24 01:31:17 -------- d-----w- c:\program files\IIS
2011-02-24 01:30:40 18368 ----a-w- c:\docume~1\alluse~1\applic~1\microsoft\vsa\9.0\1033\ResourceCache.dll
2011-02-24 01:30:38 2377696 ----a-w- c:\docume~1\alluse~1\applic~1\microsoft\visualstudio\10.0\1033\ResourceCache.dll
2011-02-24 01:25:44 -------- d-----w- c:\program files\Microsoft F#
2011-02-24 01:25:44 -------- d-----w- c:\program files\HTML Help Workshop
2011-02-24 01:25:43 -------- d-----w- c:\program files\Microsoft Visual Studio 10.0
2011-02-24 01:25:43 -------- d-----w- c:\program files\Microsoft Help Viewer
2011-02-24 01:25:43 -------- d-----w- c:\program files\common files\Merge Modules
2011-02-24 00:31:19 -------- d-----w- c:\program files\common files\Control Panels
2011-02-24 00:12:19 -------- d-----w- c:\program files\MagicISO
2011-02-23 22:58:17 -------- d-----w- c:\windows\pss
2011-02-23 01:22:55 -------- d-----w- c:\docume~1\alluse~1\applic~1\ALM
2011-02-23 01:22:14 -------- d-----w- c:\program files\Bonjour
2011-02-23 01:17:35 -------- d-----w- c:\program files\common files\Macrovision Shared
2011-02-23 00:11:53 -------- d-----w- c:\docume~1\admini~1\locals~1\applic~1\Qurb4
2011-02-22 23:53:49 -------- d-----w- c:\program files\PowerISO
2011-02-22 23:32:50 50152 ----a-w- c:\program files\windows nt\accessories\imagevue\wangimg.exe
2011-02-22 23:32:50 50152 ----a-w- c:\program files\windows nt\accessories\imagevue\kodakimg.exe
2011-02-22 23:32:48 -------- d-----w- c:\program files\Imaging
2011-02-22 23:32:34 304128 ----a-w- c:\windows\IsUninst.exe
2011-02-22 23:30:13 -------- d-----w- c:\docume~1\admini~1\locals~1\applic~1\Temp
2011-02-22 23:30:09 -------- d-----w- c:\docume~1\admini~1\locals~1\applic~1\Google
2011-02-22 23:13:33 -------- d-----w- c:\program files\GetRight
2011-02-22 22:44:32 -------- d-----w- c:\program files\Mach5 Mailer 4
2011-02-22 21:43:32 -------- d-----w- c:\program files\InstantDemo
2011-02-22 01:17:49 -------- d-----w- c:\program files\common files\Corel
2011-02-22 01:17:33 -------- d-----w- c:\docume~1\alluse~1\applic~1\CorelDRAW Graphics Suite X5
2011-02-22 01:12:11 -------- d-----w- c:\docume~1\alluse~1\applic~1\Protexis
2011-02-22 01:08:47 -------- d-----w- c:\docume~1\admini~1\locals~1\applic~1\Axialis
2011-02-22 01:08:44 -------- d-----w- c:\program files\My Company Name
2011-02-22 00:37:16 348256 ----a-w- c:\docume~1\alluse~1\applic~1\microsoft\vstahost\corelphotopaint\9.0\1033\ResourceCache.dll
2011-02-22 00:37:02 348256 ----a-w- c:\docume~1\alluse~1\applic~1\microsoft\vstahost\coreldraw\9.0\1033\ResourceCache.dll
2011-02-22 00:36:19 416 ----a-w- c:\docume~1\alluse~1\applic~1\microsoft\msdn\9.0\1033\ResourceCache.dll
2011-02-22 00:34:30 -------- d-----w- c:\program files\common files\Protexis
2011-02-22 00:34:29 -------- d-----w- c:\docume~1\alluse~1\applic~1\Corel
2011-02-22 00:29:56 -------- d-----w- c:\program files\Corel
2011-02-22 00:13:03 -------- d-----w- c:\documents and settings\administrator\log
2011-02-21 05:37:23 -------- d-----w- c:\windows\Internet Logs
2011-02-21 05:37:00 127376 ----a-w- c:\windows\system32\drivers\dne2000.sys
2011-02-21 05:37:00 101904 ----a-w- c:\windows\system32\dneinobj.dll
2011-02-21 05:36:53 -------- d-----w- c:\program files\common files\Deterministic Networks
2011-02-21 05:36:51 -------- d-----w- c:\program files\Cisco Systems
2011-02-21 05:23:58 -------- d-----w- c:\program files\AutoMate 5
2011-02-21 05:23:58 -------- d-----w- c:\docume~1\alluse~1\applic~1\Network Automation
2011-02-21 05:23:51 210000 ----a-w- c:\windows\system32\amsco32.dll
2011-02-21 05:10:10 -------- d-----w- c:\documents and settings\administrator\WINDOWS
2011-02-18 17:00:49 -------- d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2
2011-02-18 17:00:30 -------- d-----w- c:\program files\MSXML 4.0
2011-02-18 11:43:52 25 ----a-w- C:\testtask.bat
2011-02-18 11:39:57 112616 ----a-w- c:\temp\ra1004.exe
2011-02-18 11:39:55 538624 ----a-w- c:\temp\pim4dearbhla\omnisres.dll
2011-02-18 11:39:52 2595328 ----a-w- c:\temp\pim4dearbhla\OMNIS7.exe
2011-02-18 11:39:52 216576 ----a-w- c:\temp\pim4dearbhla\OMNI2UI.DLL
2011-02-18 11:39:51 953856 ----a-w- c:\temp\pim4dearbhla\DGDSC32.DLL
2011-02-18 11:39:51 20308 ----a-w- c:\temp\pim4dearbhla\O7TK16.DLL
2011-02-18 11:39:51 15872 ----a-w- c:\temp\pim4dearbhla\O7TK32.DLL
2011-02-18 11:39:24 94352 ----a-w- c:\temp\oldtemp2\whitepages annoying files\MHRUN400.DLL
2011-02-18 11:39:24 45108 ----a-w- c:\temp\oldtemp2\whitepages annoying files\WPPD.DLL
2011-02-18 11:39:24 220832 ----a-w- c:\temp\oldtemp2\whitepages annoying files\WPCDAZ.DLL
2011-02-18 11:38:31 112802954 ----a-w- c:\temp\oldtemp2\setupPD.exe
2011-02-18 11:38:17 18389504 ----a-w- c:\temp\oldtemp2\pm\PM_72.exe
2011-02-18 11:26:38 149222 ----a-w- c:\temp\oldtemp2\oldtemp\testingEXEfileLauncher.exe
2011-02-18 11:26:34 7083364 ----a-w- c:\temp\oldtemp2\oldtemp\signwizard\sw51demo.exe
2011-02-18 11:26:33 1849677 ----a-w- c:\temp\oldtemp2\oldtemp\setup patch\setup_patch.exe
2011-02-18 11:26:33 149504 ----a-w- c:\temp\oldtemp2\oldtemp\setup patch\UNWISE.EXE
2011-02-18 11:26:02 20795904 ----a-w- c:\temp\oldtemp2\oldtemp\OnlineStorage.exe
2011-02-18 11:26:00 3026989 ----a-w- c:\temp\oldtemp2\oldtemp\Msowc.dll
2011-02-18 11:25:49 16332072 ----a-w- c:\temp\oldtemp2\oldtemp\msnblock\Install_Messenger_nous.exe
2011-02-18 11:25:41 20752672 ----a-w- c:\temp\oldtemp2\oldtemp\msnblock\automate5540-full.exe
2011-02-18 11:25:23 12754672 ----a-w- c:\temp\oldtemp2\oldtemp\MP10Setup.exe
2011-02-18 11:23:51 5538680 ----a-w- c:\temp\oldtemp2\oldtemp\dmg2iso\macdrive_6.1.5_enu_qtd_setup.exe
2011-02-18 11:23:51 13824 ----a-w- c:\temp\oldtemp2\oldtemp\dmg2iso\dmg2iso.exe
2011-02-18 11:23:50 1511320 ----a-w- c:\temp\oldtemp2\oldtemp\dmg2iso\daemon408-x86.exe
2011-02-18 11:23:23 7168 ----a-w- c:\temp\oldtemp2\oldtemp\COLLauncherQBE.exe
2011-02-18 11:23:15 318558 ----a-w- c:\temp\oldtemp2\oldtemp\catfud\site-size-count-au\SetupPDF6.exe
2011-02-18 11:23:15 1831840 ----a-w- c:\temp\oldtemp2\oldtemp\catfud\site-size-count-au\snpvw90.exe
2011-02-18 11:23:12 1380352 ----a-w- c:\temp\oldtemp2\oldtemp\catfud\site-size-count-au\inhouse\CSCOMMON.exe
2011-02-18 11:23:11 1274886 ----a-w- c:\temp\oldtemp2\oldtemp\catfud\site-size-count-au\inhouse\Client500.exe
2011-02-18 11:23:11 1015808 ----a-w- c:\temp\oldtemp2\oldtemp\catfud\site-size-count-au\inhouse\Client495.exe
2011-02-18 11:22:14 50720515 ----a-w- c:\temp\oldtemp2\oldtemp\catfud\setup_upd.exe
2011-02-18 11:21:43 81175064 ----a-w- c:\temp\oldtemp2\oldtemp\catfud\Setup.exe
2011-02-18 11:21:39 1049705 ----a-w- c:\temp\oldtemp2\oldtemp\catfud\DOSBox0[1][1].63-win32-installer.exe
2011-02-18 11:21:19 29058885 ----a-w- c:\temp\oldtemp2\oldtemp\AKsetup_upd.exe
2011-02-18 11:20:51 40693248 ----a-w- c:\temp\oldtemp2\old-sy-updates\SY_95.exe
2011-02-18 11:20:33 40145920 ----a-w- c:\temp\oldtemp2\old-sy-updates\SY_94.exe
2011-02-18 11:19:14 50512131 ----a-w- c:\temp\oldtemp2\MLQIC-setup_upd.exe
2011-02-18 11:19:04 59904 ----a-w- c:\temp\oldtemp2\imagingsoftware\imagingocxs\SETUP.EXE
2011-02-18 11:19:04 352256 ----a-w- c:\temp\oldtemp2\imagingsoftware\Install.exe
2011-02-18 11:18:59 8192 ----a-w- c:\temp\oldtemp2\imagingsoftware\imagingocxs\_ISDEL.EXE
2011-02-18 11:18:59 803680 ----a-w- c:\temp\oldtemp2\imagingsoftware\imagingocxs\axdist.exe
2011-02-18 11:18:59 59904 ----a-w- c:\temp\oldtemp2\imagingsoftware\imaging\SETUP.EXE
2011-02-18 11:18:59 11264 ----a-w- c:\temp\oldtemp2\imagingsoftware\imagingocxs\_SETUP.DLL
2011-02-18 11:18:52 8192 ----a-w- c:\temp\oldtemp2\imagingsoftware\imaging\_ISDEL.EXE
2011-02-18 11:18:52 803680 ----a-w- c:\temp\oldtemp2\imagingsoftware\imaging\axdist.exe
2011-02-18 11:18:52 11264 ----a-w- c:\temp\oldtemp2\imagingsoftware\imaging\_SETUP.DLL
2011-02-18 11:18:51 8192 ----a-w- c:\temp\oldtemp2\imagingsoftware\1xclient\_ISDEL.EXE
2011-02-18 11:18:51 59904 ----a-w- c:\temp\oldtemp2\imagingsoftware\1xclient\SETUP.EXE
2011-02-18 11:18:51 151552 ----a-w- c:\temp\oldtemp2\imagingsoftware\1xclient\instsrvr.dll
2011-02-18 11:18:51 11264 ----a-w- c:\temp\oldtemp2\imagingsoftware\1xclient\_SETUP.DLL
2011-02-18 11:17:41 33161216 ----a-w- c:\temp\oldtemp2\eiStreamImaging28.exe
2011-02-18 11:17:20 1897408 ----a-w- c:\temp\oldtemp2\backups\nvidia riva tnt2 model 64 model 64 pro (microsoft corporation)\nv4_mini.sys
2011-02-18 11:17:18 8811 ----a-w- c:\temp\oldtemp2\backups\conexant setup api\SetupSys.sys
2011-02-18 11:17:18 4274816 ----a-w- c:\temp\oldtemp2\backups\nvidia riva tnt2 model 64 model 64 pro (microsoft corporation)\nv4_disp.dll
2011-02-18 11:15:08 149504 ----a-w- c:\temp\melbcityrecd2k\UNWISE.EXE
2011-02-18 11:04:26 563200 ----a-w- c:\temp\melbcityrecd2k\Ads.exe
2011-02-18 11:04:18 153104 ----a-w- c:\temp\ext18866\install.exe
2011-02-18 11:04:18 1065480 ----a-w- c:\temp\ext18866\install.res.dll
2011-02-18 10:51:37 121206136 ----a-w- c:\temp\chris virusfixtools\ca - anti-virus plus (rp data account)\cd files\en\SETUP.EXE
2011-02-18 10:51:36 874292 ----a-w- c:\temp\chris virusfixtools\bootdisk.com files\xpboot.exe
2011-02-18 10:51:36 700781 ----a-w- c:\temp\chris virusfixtools\bootdisk.com files\task40.exe
2011-02-18 10:51:33 197233 ----a-w- c:\temp\chris virusfixtools\bootdisk.com files\rest2514.exe
2011-02-18 10:51:32 553687 ----a-w- c:\temp\chris virusfixtools\bootdisk.com files\jv16regc.exe
2011-02-18 10:51:31 1420962 ----a-w- c:\temp\chris virusfixtools\bootdisk.com files\jv16ptv1.exe
2011-02-18 10:51:28 477308 ----a-w- c:\temp\chris virusfixtools\bootdisk.com files\doscdrom.exe
2011-02-18 10:51:28 1290938 ----a-w- c:\temp\chris virusfixtools\bootdisk.com files\drdos703.exe
2011-02-18 10:51:17 27386280 ----a-w- c:\temp\chris virusfixtools\acrobat reader\AdbeRdr920_en_US.exe
2011-02-18 10:50:20 5760288 ----a-w- c:\temp\ar405eng.exe
2011-02-18 08:54:34 339968 ----a-w- c:\windows\system32\hpbicoin.dll
2011-02-18 08:46:02 -------- d-----w- c:\docume~1\admini~1\applic~1\Eqpy
2011-02-18 07:45:30 63 ----a-w- C:\reminder_timesheet.bat
2011-02-18 07:45:30 527 ----a-w- C:\Reset.cmd
2011-02-18 07:01:57 269 ----a-w- C:\ftpdownload.bat
2011-02-18 07:01:57 266 ----a-w- C:\ftpupload.bat
2011-02-18 06:50:40 72 ----a-w- C:\connectme3.bat
2011-02-18 06:50:40 67 ----a-w- C:\connectme2.bat
2011-02-18 06:50:40 266 ----a-w- C:\Copy of ftpupload.bat
2011-02-18 06:50:40 0 ----a-w- C:\connectme.bat
2011-02-17 15:24:48 358 ----a-w- C:\AcrE02B.tmp
2011-02-17 15:24:48 358 ----a-w- C:\Acr334C.tmp
2011-02-17 11:15:54 -------- d-----w- C:\NICKY
2011-02-17 11:14:59 -------- d-----w- C:\== RPDATA ==
2011-02-17 11:14:36 -------- d-----w- C:\== CPM ==
2011-02-17 11:14:22 -------- d-----w- C:\== Cityscope ==
2011-02-17 06:09:23 20672 ----a-w- c:\windows\system32\mv2.dll
2011-02-17 06:09:23 10688 ----a-w- c:\windows\system32\drivers\mv2.sys
2011-02-17 05:40:15 1341176 ----a-w- c:\temp\2010\issdm_ca_en.exe
2011-02-17 05:40:14 144648 ----a-w- c:\temp\2010\removal tool\SupportBridge.exe
2011-02-17 05:30:52 -------- d-----w- c:\windows\system32\winsflte.dl1
2011-02-17 05:30:52 -------- d-----w- c:\windows\system32\winsflt.dl1
2011-02-17 05:29:10 -------- d-----w- c:\docume~1\alluse~1\applic~1\CA-SupportBridge
2011-02-17 04:18:31 -------- d-----w- c:\program files\FreeFileSync
2011-02-15 19:45:26 -------- d-sh--w- C:\$RECYCLE.BIN
2011-02-15 00:52:28 -------- d-----w- c:\windows\system32\winrm
2011-02-15 00:52:24 -------- dc-h--w- c:\windows\$968930Uinstall_KB968930$
2011-02-15 00:48:25 -------- d-----w- c:\docume~1\admini~1\locals~1\applic~1\ApplicationHistory
2011-02-15 00:37:56 274288 ----a-w- c:\windows\system32\mucltui.dll
2011-02-15 00:37:56 16736 ----a-w- c:\windows\system32\mucltui.dll.mui
2011-02-15 00:35:51 -------- d-----w- C:\temp
.
==================== Find3M ====================
.
2011-02-07 05:05:56 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-02-07 05:05:56 411368 ----a-w- c:\windows\system32\deploytk.dll
2011-01-21 14:44:37 439296 ----a-w- c:\windows\system32\shimgvw.dll
2011-01-07 14:09:02 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-12-31 13:10:33 1854976 ----a-w- c:\windows\system32\win32k.sys
2010-12-22 12:34:28 301568 ----a-w- c:\windows\system32\kerberos.dll
2010-12-20 23:59:20 916480 ----a-w- c:\windows\system32\wininet.dll
2010-12-20 23:59:19 43520 ------w- c:\windows\system32\licmgr10.dll
2010-12-20 23:59:19 1469440 ------w- c:\windows\system32\inetcpl.cpl
2010-12-20 17:26:00 730112 ----a-w- c:\windows\system32\lsasrv.dll
2010-12-20 12:55:26 385024 ------w- c:\windows\system32\html.iec
2010-12-09 15:15:09 718336 ----a-w- c:\windows\system32\ntdll.dll
2010-12-09 14:30:22 33280 ----a-w- c:\windows\system32\csrsrv.dll
2010-12-09 13:42:26 2148864 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-12-09 13:07:07 2027008 ----a-w- c:\windows\system32\ntkrnlpa.exe
.
=================== ROOTKIT ====================
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: WDC_WD50 rev.12.0 -> Harddisk0\DR0 -> \Device\Ide\iaStor0
.
device: opened successfully
user: MBR read successfully
.
Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x8A40C439]<<
_asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x8a4127b8]; MOV EAX, [0x8a412834]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; }
1 ntkrnlpa!IofCallDriver[0x804EF1A6] -> \Device\Harddisk0\DR0[0x8ADC8AB8]
3 CLASSPNP[0xB80E8FD7] -> ntkrnlpa!IofCallDriver[0x804EF1A6] -> [0x8A0268B8]
\Driver\iastor[0x8A42A558] -> IRP_MJ_CREATE -> 0x8A40C439
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; MOV ES, AX; MOV DS, AX; MOV SI, 0x7c00; MOV DI, 0x600; MOV CX, 0x200; CLD ; REP MOVSB ; PUSH AX; PUSH 0x61c; RETF ; STI ; PUSHA ; MOV CX, 0x132; MOV BP, 0x62a; ROR BYTE [BP+0x0], CL; INC BP; }
detected disk devices:
\Device\Ide\IAAStorageDevice-1 -> \??\IDE#DiskWDC_WD5000AAKS-75TMA0___________________12.01C01#4&d9859c0&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found
detected hooks:
user != kernel MBR !!!
sectors 976773166 (+255): user != kernel
Warning: possible TDL4 rootkit infection !
TDL4 rootkit infection detected ! Use: "mbr.exe -f" to fix.
.
============= FINISH: 16:52:34.98 ===============





Attach
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_11-03-05.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 7/02/2011 2:58:54 PM
System Uptime: 7/03/2011 12:15:09 PM (4 hours ago)
.
Motherboard: Dell Inc. | | 0CT017
Processor: Intel(R) Core(TM)2 Quad CPU @ 2.40GHz | Microprocessor | 2394/1066mhz
.
==== Disk Partitions =========================
.
.
==== Installed Programs ======================
.
.
2007 Microsoft Office Suite Service Pack 2 (SP2)
Adobe Acrobat 8 Professional - English, Français, Deutsch
Adobe Acrobat 8.1.3 Professional
Adobe AIR
Adobe Anchor Service CS3
Adobe Asset Services CS3
Adobe Bridge CS3
Adobe Bridge Start Meeting
Adobe Camera Raw 4.0
Adobe CMaps
Adobe Color Common Settings
Adobe Color EU Extra Settings
Adobe Color JA Extra Settings
Adobe Color NA Recommended Settings
Adobe Default Language CS3
Adobe Device Central CS3
Adobe ExtendScript Toolkit 2
Adobe Flash Player 10 ActiveX
Adobe Fonts All
Adobe Help Viewer CS3
Adobe Illustrator CS3
Adobe InDesign CS3
Adobe InDesign CS3 Icon Handler
Adobe Linguistics CS3
Adobe PDF Library Files
Adobe Reader X (10.0.1)
Adobe Setup
Adobe Shockwave Player 11.5
Adobe SING CS3
Adobe Stock Photos CS3
Adobe Type Support
Adobe Update Manager CS3
Adobe Version Cue CS3 Client
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS3
AMRT
AntiPhishing
APH placeholder
AutoMate 5
CA Anti-Virus Plus
CA Internet Security Suite
CA Personal Firewall
CDSCOPE2000 - Cityscope Database
Corel Graphics - Windows Shell Extension
CorelDRAW Graphics Suite X5
CorelDRAW Graphics Suite X5 - BR
CorelDRAW Graphics Suite X5 - Capture
CorelDRAW Graphics Suite X5 - Common
CorelDRAW Graphics Suite X5 - Connect
CorelDRAW Graphics Suite X5 - Custom Data
CorelDRAW Graphics Suite X5 - Draw
CorelDRAW Graphics Suite X5 - EN
CorelDRAW Graphics Suite X5 - ES
CorelDRAW Graphics Suite X5 - Extra Content
CorelDRAW Graphics Suite X5 - Filters
CorelDRAW Graphics Suite X5 - FontNav
CorelDRAW Graphics Suite X5 - FR
CorelDRAW Graphics Suite X5 - IPM
CorelDRAW Graphics Suite X5 - PHOTO-PAINT
CorelDRAW Graphics Suite X5 - Photozoom Plugin
CorelDRAW Graphics Suite X5 - Premium Fonts
CorelDRAW Graphics Suite X5 - Redist
CorelDRAW Graphics Suite X5 - Setup Files
CorelDRAW Graphics Suite X5 - VBA
CorelDRAW Graphics Suite X5 - VideoBrowser
CorelDRAW Graphics Suite X5 - VSTA
CorelDRAW Graphics Suite X5 - WT
CorelDRAW(R) Graphics Suite X5
Crystal Reports for Visual Studio
Dotfuscator Software Services - Community Edition
FileZilla Client 3.3.5.1
FreeFileSync
GetRight
Google Earth
Google Update Helper
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946040)
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946308)
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946344)
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB947540)
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB947789)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB915800-v4)
Hotfix for Windows XP (KB942288-v3)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB958655-v2)
Hotfix for Windows XP (KB961118)
Imaging for Windows® 2.8
Instant Demo by NetPlay Software
Intel(R) PRO Network Connections Drivers
Java(TM) 6 Update 18
Mach5 Mailer 4
Magic ISO Maker v5.4 (build 0239)
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2416447)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft .NET Framework 4 Multi-Targeting Pack
Microsoft Access 2000 Runtime
Microsoft Application Error Reporting
Microsoft ASP.NET MVC 2
Microsoft ASP.NET MVC 2 - Visual Studio 2010 Tools
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Help Viewer 1.0
Microsoft Office 2000 Premium
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Professional Plus 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Visio Professional 2003
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft Silverlight 3 SDK
Microsoft Software Update for Web Folders (English) 12
Microsoft SQL Server 2008
Microsoft SQL Server 2008 Browser
Microsoft SQL Server 2008 Common Files
Microsoft SQL Server 2008 Database Engine Services
Microsoft SQL Server 2008 Database Engine Shared
Microsoft SQL Server 2008 Native Client
Microsoft SQL Server 2008 R2 Data-Tier Application Framework
Microsoft SQL Server 2008 R2 Data-Tier Application Project
Microsoft SQL Server 2008 R2 Management Objects
Microsoft SQL Server 2008 R2 Transact-SQL Language Service
Microsoft SQL Server 2008 RsFx Driver
Microsoft SQL Server 2008 Setup Support Files
Microsoft SQL Server Compact 3.5 SP2 ENU
Microsoft SQL Server Database Publishing Wizard 1.4
Microsoft SQL Server System CLR Types
Microsoft SQL Server VSS Writer
Microsoft Sync Framework Runtime v1.0 SP1 (x86)
Microsoft Sync Framework SDK v1.0 SP1
Microsoft Sync Framework Services v1.0 SP1 (x86)
Microsoft Sync Services for ADO.NET v2.0 SP1 (x86)
Microsoft Team Foundation Server 2010 Object Model - ENU
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974
Microsoft Visual C++ 2010 x86 Runtime - 10.0.30319
Microsoft Visual F# 2.0 Runtime
Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools
Microsoft Visual Studio 2010 Office Developer Tools (x86)
Microsoft Visual Studio 2010 Professional - ENU
Microsoft Visual Studio 2010 SharePoint Developer Tools
Microsoft Visual Studio 2010 Tools for Office Runtime (x86)
Microsoft Visual Studio Macro Tools
Microsoft Visual Studio Tools for Applications 2.0 - ENU
Microsoft Visual Studio Tools for Applications 2.0 Runtime
Mozilla Firefox (3.6.13)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Nero 7 Premium
Notepad++
NVIDIA Drivers
NVIDIA nView Desktop Manager
NVIDIA PhysX
OpenProj
PDF Settings
PeerBlock 1.1 (r518)
PowerISO
PrimoPDF -- brought to you by Nitro PDF Software
Pronto 3.1.0-D
Qurb
RP Data VPN Client 5.0.00.0340
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2289158)
Security Update for 2007 Microsoft Office System (KB2344875)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
Security Update for Microsoft Office Access 2007 (KB979440)
Security Update for Microsoft Office Excel 2007 (KB2345035)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB982158)
Security Update for Microsoft Office PowerPoint Viewer (KB2413381)
Security Update for Microsoft Office Publisher 2007 (KB2284697)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB2482017)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Search 4 - KB963093
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2416400)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981349)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Service Pack 1 for SQL Server 2008 (KB968369)
SigmaTel Audio
Sql Server Customer Experience Improvement Program
Swift 3D v4.50
UltraVNC 1.0.8.2
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office Outlook 2007 (KB2412171)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Update for Microsoft Windows (KB971513)
Update for Outlook 2007 Junk Email Filter (KB2492475)
Update for Windows Internet Explorer 8 (KB2447568)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB898461)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Visual Basic for Applications (R) Core
Visual Basic for Applications (R) Core - English
Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU
Web Deployment Tool
WebFldrs XP
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 8
Windows Management Framework Core
Windows Media Format 11 runtime
Windows Media Player 11
WinRAR archiver
WinZip
.
==== End Of File ===========================
stanbridge
Active Member
 
Posts: 2
Joined: March 7th, 2011, 12:14 am
Advertisement
Register to Remove

Re: yafraudcheckonline browser hijack + explorer(windows) is

Unread postby deltalima » March 7th, 2011, 9:06 am

Checking your log - back soon.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: yafraudcheckonline browser hijack + explorer(windows) is

Unread postby deltalima » March 7th, 2011, 9:11 am

Hi stanbridge,

Welcome to the forum.

My nickname is deltalima and I will be helping you with your malware issue.

Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.


Please note the following:
  • I will be working on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The fixes are specific to your problem and should only be used for this issue on this machine.
  • Please do not run any scans or make any changes to the system unless I ask you too.
  • Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear.
  • If after 3 days you have not responded to this topic, it will be closed, and you will need to start a new one.
  • It's often worth reading through these instructions and printing them for ease of reference.
  • If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
  • Please reply to this thread. Do not start a new topic.

Microsoft Visual Studio 2010 Professional – ENU
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe


This looks to be a computer that is used for business. Please confirm.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: yafraudcheckonline browser hijack + explorer(windows) is

Unread postby stanbridge » March 7th, 2011, 6:28 pm

Nice catch, but no, it's not a work PC. It's my home computer.
I am studying IT at uni and have installed Visio for the unit I am currently studying (Database Systems).
Cisco VPN Client IS a connection tool I use to connect to my work system, but rarely. For example, I only connect if I'm off sick or for some other reason, but desparately need to check something for someone (yes, I have been called once or twice when I am off sick!).

Also note, I have backed up everything here on this computer.

So even if this computer disintegrates as a reault of running the wrong app, it's not the worst thing in the world - although will still cause me a couple of weeks of grief personally!
stanbridge
Active Member
 
Posts: 2
Joined: March 7th, 2011, 12:14 am

Re: yafraudcheckonline browser hijack + explorer(windows) is

Unread postby Gary R » March 8th, 2011, 2:45 am

I see you are posting for help for a computer connected to an "Educational" Network.

May I draw your attention to THIS topic, which you should have read before posting for help.

The section ....


.... explains why we do not offer help for such computers.

This topic is now closed
User avatar
Gary R
Administrator
Administrator
 
Posts: 21872
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 77 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware