Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Vista Security 2011

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: Vista Security 2011

Unread postby Zaphod » April 7th, 2011, 4:22 pm

RSIT log:

Logfile of random's system information tool 1.08 (written by random/random)
Run by Home at 2011-04-07 16:17:44
Microsoft® Windows Vista™ Home Premium Service Pack 2
System drive C: has 35 GB (12%) free of 294 GB
Total RAM: 2940 MB (61% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 4:17:57 PM, on 07/04/2011
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.19019)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\notepad.exe
C:\hp\support\hpsysdrv.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\System32\wpcumi.exe
C:\Program Files\HP\HP Software Update\hpwuschd2.exe
C:\Program Files\Hewlett-Packard\Media\DVD\DVDAgent.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\Home\Desktop\Malware\RSIT.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\trend micro\Home.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [WPCUMI] C:\Windows\system32\WpcUmi.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [DVDAgent] "c:\Program Files\Hewlett-Packard\Media\DVD\DVDAgent.exe"
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe -expressboot
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Startup: PMB Media Check Tool.lnk = C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/ms ... b56986.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/So ... b56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/Messenger ... E_UNO1.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/Mi ... b56986.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 8276 bytes

======Scheduled tasks folder======

C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2011-01-30 62376]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2011-04-07 41760]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"=c:\hp\support\hpsysdrv.exe [2007-04-18 65536]
"NvCplDaemon"=C:\Windows\system32\NvCpl.dll [2008-05-22 13539872]
"NvMediaCenter"=C:\Windows\system32\NvMcTray.dll [2008-05-22 92704]
"HP Health Check Scheduler"=c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [2008-06-02 75008]
"ArcSoft Connection Service"=C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [2010-10-27 207424]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2009-11-11 417792]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2009-11-12 141600]
"WPCUMI"=C:\Windows\system32\WpcUmi.exe [2006-11-02 176128]
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2011-02-18 49208]
"DVDAgent"=c:\Program Files\Hewlett-Packard\Media\DVD\DVDAgent.exe [2009-09-09 1148200]
"Malwarebytes' Anti-Malware (reboot)"=C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe [2010-12-20 963976]
"avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2011-03-04 281768]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-10-29 249064]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe [2011-01-30 35736]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-11-10 932288]
"WinPatrol"=C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe [2011-03-16 325000]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2009-04-11 1233920]
"msnmsgr"=C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2010-04-16 3872080]
"ehTray.exe"=C:\Windows\ehome\ehTray.exe [2008-01-20 125952]
"Skype"=C:\Program Files\Skype\Phone\Skype.exe [2009-10-09 25623336]
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2008-01-20 202240]

C:\Users\Home\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
PMB Media Check Tool.lnk - C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"= []

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"LogonHoursAction"=2
"DontDisplayLogonHoursWarnings"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"BindDirectlyToPropertySetStorage"=0
"NoDrives"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1

======List of files/folders created in the last 1 months======

2011-04-07 15:55:51 ----D---- C:\_OTM
2011-04-07 15:03:33 ----D---- C:\Users\Home\AppData\Roaming\WinPatrol
2011-04-07 15:03:25 ----D---- C:\ProgramData\InstallMate
2011-04-07 15:03:25 ----D---- C:\Program Files\BillP Studios
2011-04-07 14:42:51 ----D---- C:\Program Files\trend micro
2011-04-07 14:42:50 ----D---- C:\rsit
2011-04-07 11:22:28 ----D---- C:\Program Files\Adobe
2011-04-07 11:21:45 ----SHD---- C:\Config.Msi
2011-04-07 11:19:18 ----D---- C:\Program Files\Common Files\Java
2011-04-07 11:18:50 ----A---- C:\Windows\system32\javaws.exe
2011-04-07 11:18:50 ----A---- C:\Windows\system32\javaw.exe
2011-04-07 11:18:50 ----A---- C:\Windows\system32\java.exe
2011-04-07 08:55:32 ----SHD---- C:\$RECYCLE.BIN
2011-04-07 08:55:28 ----D---- C:\Windows\temp
2011-04-07 08:55:26 ----A---- C:\ComboFix.txt
2011-04-07 08:41:18 ----D---- C:\ComboFix
2011-04-07 08:40:51 ----A---- C:\Windows\SWXCACLS.exe
2011-04-06 20:20:57 ----D---- C:\Users\Home\AppData\Roaming\Avira
2011-04-06 20:11:10 ----A---- C:\Windows\system32\drivers\ssmdrv.sys
2011-04-06 20:11:08 ----A---- C:\Windows\system32\drivers\avipbb.sys
2011-04-06 20:11:08 ----A---- C:\Windows\system32\drivers\avgntflt.sys
2011-04-06 20:11:07 ----D---- C:\ProgramData\Avira
2011-04-06 20:11:07 ----D---- C:\Program Files\Avira
2011-04-06 19:50:44 ----A---- C:\Windows\zip.exe
2011-04-06 19:50:44 ----A---- C:\Windows\SWSC.exe
2011-04-06 19:50:44 ----A---- C:\Windows\SWREG.exe
2011-04-06 19:50:44 ----A---- C:\Windows\sed.exe
2011-04-06 19:50:44 ----A---- C:\Windows\PEV.exe
2011-04-06 19:50:44 ----A---- C:\Windows\NIRCMD.exe
2011-04-06 19:50:44 ----A---- C:\Windows\MBR.exe
2011-04-06 19:50:44 ----A---- C:\Windows\grep.exe
2011-04-06 19:50:37 ----D---- C:\Windows\ERDNT
2011-04-06 19:45:49 ----D---- C:\Qoobox
2011-04-03 11:05:05 ----A---- C:\FINIS_IT.TXT
2011-04-03 10:54:53 ----D---- C:\Users\Home\AppData\Roaming\HpUpdate
2011-04-03 10:54:48 ----D---- C:\Windows\Hewlett-Packard
2011-03-15 19:48:09 ----A---- C:\Windows\system32\shsvcs.dll
2011-03-13 20:52:35 ----D---- C:\Program Files\Google
2011-03-10 20:13:29 ----D---- C:\Windows\system32\WindowsPowerShell
2011-03-10 19:55:04 ----A---- C:\Windows\system32\oleaccrc.dll
2011-03-10 19:55:03 ----A---- C:\Windows\system32\UIAutomationCore.dll
2011-03-10 19:55:03 ----A---- C:\Windows\system32\oleacc.dll
2011-03-10 19:51:35 ----D---- C:\Program Files\CONEXANT
2011-03-10 19:47:37 ----A---- C:\Windows\system32\winrsmgr.dll
2011-03-10 19:47:17 ----A---- C:\Windows\system32\wsmprovhost.exe
2011-03-10 19:47:17 ----A---- C:\Windows\system32\winrshost.exe
2011-03-10 19:47:17 ----A---- C:\Windows\system32\winrs.exe
2011-03-10 19:47:10 ----A---- C:\Windows\system32\wsmplpxy.dll
2011-03-10 19:47:10 ----A---- C:\Windows\system32\winrssrv.dll
2011-03-10 19:47:08 ----A---- C:\Windows\system32\WsmRes.dll
2011-03-10 19:47:08 ----A---- C:\Windows\system32\wevtfwd.dll
2011-03-10 19:47:08 ----A---- C:\Windows\system32\wecutil.exe
2011-03-10 19:47:08 ----A---- C:\Windows\system32\wecsvc.dll
2011-03-10 19:47:08 ----A---- C:\Windows\system32\wecapi.dll
2011-03-10 19:47:08 ----A---- C:\Windows\system32\pwrshplugin.dll
2011-03-10 19:47:00 ----A---- C:\Windows\system32\winrm.vbs
2011-03-10 19:46:58 ----A---- C:\Windows\system32\WsmWmiPl.dll
2011-03-10 19:46:58 ----A---- C:\Windows\system32\WsmSvc.dll
2011-03-10 19:46:58 ----A---- C:\Windows\system32\WsmAuto.dll
2011-03-10 19:46:58 ----A---- C:\Windows\system32\WSManMigrationPlugin.dll
2011-03-10 19:46:58 ----A---- C:\Windows\system32\WSManHTTPConfig.exe
2011-03-10 19:46:58 ----A---- C:\Windows\system32\winrscmd.dll
2011-03-10 19:45:08 ----A---- C:\Windows\system32\FntCache.dll
2011-03-10 19:45:08 ----A---- C:\Windows\system32\d3d10warp.dll
2011-03-10 19:45:07 ----A---- C:\Windows\system32\DWrite.dll
2011-03-10 19:45:07 ----A---- C:\Windows\system32\d3d10_1.dll
2011-03-10 19:45:07 ----A---- C:\Windows\system32\d3d10.dll
2011-03-10 19:45:07 ----A---- C:\Windows\system32\d2d1.dll
2011-03-10 19:45:06 ----A---- C:\Windows\system32\MFH264Dec.dll
2011-03-10 19:45:06 ----A---- C:\Windows\system32\dxgi.dll
2011-03-10 19:45:06 ----A---- C:\Windows\system32\d3d10level9.dll
2011-03-10 19:45:06 ----A---- C:\Windows\system32\d3d10_1core.dll
2011-03-10 19:45:05 ----A---- C:\Windows\system32\XpsRasterService.dll
2011-03-10 19:45:05 ----A---- C:\Windows\system32\XpsGdiConverter.dll
2011-03-10 19:45:05 ----A---- C:\Windows\system32\drivers\dxgkrnl.sys
2011-03-10 19:45:05 ----A---- C:\Windows\system32\d3d10core.dll
2011-03-10 19:45:04 ----A---- C:\Windows\system32\MFHEAACdec.dll
2011-03-10 19:45:03 ----A---- C:\Windows\system32\mfreadwrite.dll
2011-03-10 19:45:03 ----A---- C:\Windows\system32\mfmp4src.dll
2011-03-10 19:45:02 ----A---- C:\Windows\system32\shdocvw.dll
2011-03-10 19:45:02 ----A---- C:\Windows\system32\printfilterpipelinesvc.exe
2011-03-10 19:45:02 ----A---- C:\Windows\system32\mfplat.dll
2011-03-10 19:45:02 ----A---- C:\Windows\system32\mf.dll
2011-03-10 19:45:02 ----A---- C:\Windows\system32\cdd.dll
2011-03-10 19:45:01 ----A---- C:\Windows\system32\stobject.dll
2011-03-10 19:45:00 ----A---- C:\Windows\system32\printfilterpipelineprxy.dll
2011-03-10 19:45:00 ----A---- C:\Windows\system32\mfps.dll
2011-03-10 19:44:48 ----A---- C:\Windows\system32\gameux.dll
2011-03-10 19:44:47 ----A---- C:\Windows\system32\GameUXLegacyGDFs.dll
2011-03-10 19:44:47 ----A---- C:\Windows\system32\Apphlpdm.dll
2011-03-10 19:43:06 ----A---- C:\Windows\system32\secproc_isv.dll
2011-03-10 19:43:05 ----A---- C:\Windows\system32\secproc.dll
2011-03-10 19:43:00 ----A---- C:\Windows\system32\RMActivate_isv.exe
2011-03-10 19:42:59 ----A---- C:\Windows\system32\RMActivate_ssp_isv.exe
2011-03-10 19:42:59 ----A---- C:\Windows\system32\RMActivate_ssp.exe
2011-03-10 19:42:58 ----A---- C:\Windows\system32\secproc_ssp_isv.dll
2011-03-10 19:42:58 ----A---- C:\Windows\system32\secproc_ssp.dll
2011-03-10 19:42:58 ----A---- C:\Windows\system32\RMActivate.exe
2011-03-10 19:42:58 ----A---- C:\Windows\system32\msdrm.dll
2011-03-09 16:03:33 ----A---- C:\Windows\system32\sbeio.dll
2011-03-09 16:03:33 ----A---- C:\Windows\system32\sbe.dll
2011-03-09 16:03:33 ----A---- C:\Windows\system32\EncDec.dll
2011-03-09 16:03:30 ----A---- C:\Windows\system32\mstscax.dll
2011-03-09 16:03:30 ----A---- C:\Windows\system32\mstsc.exe

======List of files/folders modified in the last 1 months======

2011-04-07 16:17:57 ----D---- C:\Windows\Prefetch
2011-04-07 16:15:55 ----D---- C:\Users\Home\AppData\Roaming\skypePM
2011-04-07 16:15:49 ----D---- C:\Users\Home\AppData\Roaming\Skype
2011-04-07 16:13:57 ----RD---- C:\Program Files
2011-04-07 15:59:34 ----SHD---- C:\System Volume Information
2011-04-07 15:03:25 ----D---- C:\ProgramData
2011-04-07 11:24:02 ----SHD---- C:\Windows\Installer
2011-04-07 11:22:45 ----D---- C:\Program Files\Common Files\Adobe
2011-04-07 11:22:34 ----D---- C:\ProgramData\Adobe
2011-04-07 11:21:02 ----D---- C:\Windows\System32
2011-04-07 11:19:18 ----D---- C:\Program Files\Common Files
2011-04-07 11:18:34 ----A---- C:\Windows\system32\deployJava1.dll
2011-04-07 08:55:28 ----D---- C:\WINDOWS
2011-04-07 08:52:49 ----A---- C:\Windows\system.ini
2011-04-07 08:52:41 ----D---- C:\Windows\system32\drivers\etc
2011-04-07 08:48:10 ----D---- C:\Windows\system32\drivers
2011-04-07 08:48:10 ----D---- C:\Windows\AppPatch
2011-04-06 22:14:05 ----A---- C:\Windows\system32\PerfStringBackup.INI
2011-04-06 22:14:04 ----D---- C:\Windows\inf
2011-04-06 19:40:16 ----D---- C:\Windows\system32\drivers\AVG
2011-04-06 19:15:51 ----D---- C:\Program Files\Java
2011-04-05 00:00:20 ----D---- C:\Windows\system32\catroot2
2011-04-04 07:17:40 ----D---- C:\Users\Home\AppData\Roaming\WinFF
2011-04-03 19:06:51 ----D---- C:\Windows\Help
2011-04-03 14:35:06 ----D---- C:\Windows\system32\config
2011-04-03 14:34:53 ----D---- C:\Windows\Tasks
2011-04-03 14:34:53 ----D---- C:\Windows\system32\wbem
2011-04-03 14:34:53 ----D---- C:\Windows\system32\spool
2011-04-03 14:34:53 ----D---- C:\Windows\system32\Msdtc
2011-04-03 14:34:46 ----D---- C:\Windows\registration
2011-04-03 11:09:32 ----D---- C:\Windows\winsxs
2011-04-03 11:09:26 ----D---- C:\Windows\system32\catroot
2011-04-03 11:07:49 ----D---- C:\Windows\SoftwareDistribution
2011-04-03 11:06:14 ----D---- C:\Windows\system32\Tasks
2011-04-03 11:05:46 ----D---- C:\ProgramData\Hewlett-Packard
2011-04-03 11:05:25 ----D---- C:\hp
2011-04-03 11:04:11 ----HD---- C:\Program Files\InstallShield Installation Information
2011-04-03 11:01:51 ----D---- C:\Program Files\Hewlett-Packard
2011-04-03 11:01:12 ----AD---- C:\ProgramData\TEMP
2011-04-03 10:55:11 ----D---- C:\Program Files\HP
2011-04-03 09:34:58 ----D---- C:\Windows\Web
2011-04-02 22:18:09 ----D---- C:\Program Files\SpywareBlaster
2011-04-02 21:27:20 ----D---- C:\Windows\SMINST
2011-03-23 15:56:36 ----D---- C:\Program Files\Mozilla Firefox
2011-03-22 15:25:18 ----SD---- C:\Users\Home\AppData\Roaming\Microsoft
2011-03-10 20:33:29 ----D---- C:\Windows\rescache
2011-03-10 20:30:07 ----D---- C:\Windows\Microsoft.NET
2011-03-10 20:29:28 ----RSD---- C:\Windows\assembly
2011-03-10 20:19:44 ----D---- C:\ProgramData\NVIDIA
2011-03-10 20:13:54 ----D---- C:\Windows\system32\en-US
2011-03-10 20:13:50 ----D---- C:\Windows\system32\uk-UA
2011-03-10 20:13:50 ----D---- C:\Windows\system32\sl-SI
2011-03-10 20:13:50 ----D---- C:\Windows\system32\pt-PT
2011-03-10 20:13:50 ----D---- C:\Windows\system32\pt-BR
2011-03-10 20:13:50 ----D---- C:\Windows\system32\pl-PL
2011-03-10 20:13:50 ----D---- C:\Windows\system32\ko-KR
2011-03-10 20:13:50 ----D---- C:\Windows\system32\it-IT
2011-03-10 20:13:50 ----D---- C:\Windows\system32\hu-HU
2011-03-10 20:13:50 ----D---- C:\Windows\system32\hr-HR
2011-03-10 20:13:50 ----D---- C:\Windows\system32\he-IL
2011-03-10 20:13:50 ----D---- C:\Windows\system32\bg-BG
2011-03-10 20:13:49 ----D---- C:\Windows\system32\zh-TW
2011-03-10 20:13:49 ----D---- C:\Windows\system32\zh-HK
2011-03-10 20:13:49 ----D---- C:\Windows\system32\zh-CN
2011-03-10 20:13:49 ----D---- C:\Windows\system32\tr-TR
2011-03-10 20:13:49 ----D---- C:\Windows\system32\th-TH
2011-03-10 20:13:49 ----D---- C:\Windows\system32\sv-SE
2011-03-10 20:13:49 ----D---- C:\Windows\system32\sr-Latn-CS
2011-03-10 20:13:49 ----D---- C:\Windows\system32\sk-SK
2011-03-10 20:13:49 ----D---- C:\Windows\system32\ru-RU
2011-03-10 20:13:49 ----D---- C:\Windows\system32\ro-RO
2011-03-10 20:13:49 ----D---- C:\Windows\system32\nl-NL
2011-03-10 20:13:49 ----D---- C:\Windows\system32\nb-NO
2011-03-10 20:13:49 ----D---- C:\Windows\system32\lv-LV
2011-03-10 20:13:49 ----D---- C:\Windows\system32\lt-LT
2011-03-10 20:13:49 ----D---- C:\Windows\system32\ja-JP
2011-03-10 20:13:49 ----D---- C:\Windows\system32\fr-FR
2011-03-10 20:13:49 ----D---- C:\Windows\system32\fi-FI
2011-03-10 20:13:49 ----D---- C:\Windows\system32\et-EE
2011-03-10 20:13:49 ----D---- C:\Windows\system32\es-ES
2011-03-10 20:13:49 ----D---- C:\Windows\system32\el-GR
2011-03-10 20:13:49 ----D---- C:\Windows\system32\de-DE
2011-03-10 20:13:49 ----D---- C:\Windows\system32\da-DK
2011-03-10 20:13:49 ----D---- C:\Windows\system32\cs-CZ
2011-03-10 20:13:49 ----D---- C:\Windows\system32\ar-SA
2011-03-10 20:13:48 ----D---- C:\Program Files\Internet Explorer
2011-03-10 20:13:47 ----D---- C:\Windows\ehome
2011-03-10 20:13:47 ----D---- C:\Program Files\Windows Mail
2011-03-10 20:13:40 ----RSD---- C:\Windows\Fonts
2011-03-10 20:13:35 ----D---- C:\Windows\PolicyDefinitions
2011-03-10 19:52:37 ----D---- C:\Windows\system32\RTCOM
2011-03-10 04:22:47 ----D---- C:\Program Files\Microsoft Silverlight
2011-03-10 04:01:54 ----D---- C:\Windows\Debug
2011-03-10 04:01:52 ----A---- C:\Windows\system32\mrt.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 PxHelp20;PxHelp20; C:\Windows\System32\Drivers\PxHelp20.sys [2008-07-04 44944]
R1 avipbb;avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [2011-03-04 137656]
R1 ssmdrv;ssmdrv; C:\Windows\system32\DRIVERS\ssmdrv.sys [2010-06-17 28520]
R2 avgntflt;avgntflt; C:\Windows\system32\DRIVERS\avgntflt.sys [2011-03-04 61960]
R2 mdmxsdk;mdmxsdk; C:\Windows\system32\DRIVERS\mdmxsdk.sys [2006-06-19 12672]
R2 XAudio;XAudio; C:\Windows\system32\DRIVERS\xaudio.sys [2007-10-18 8704]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\system32\DRIVERS\GEARAspiWDM.sys [2009-05-18 26600]
R3 HSF_DP;HSF_DP; C:\Windows\system32\DRIVERS\HSX_DP.sys [2008-02-12 985600]
R3 HSXHWBS3;HSXHWBS3; C:\Windows\system32\DRIVERS\HSXHWBS3.sys [2008-02-12 207360]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2009-02-11 2324512]
R3 NVENETFD;NVIDIA nForce 10/100 Mbps Ethernet ; C:\Windows\system32\DRIVERS\nvmfdx32.sys [2008-08-01 1052704]
R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2008-05-22 7465312]
R3 StillCam;Still Serial Digital Camera Driver; C:\Windows\system32\DRIVERS\serscan.sys [2008-01-20 9216]
R3 winachsf;winachsf; C:\Windows\system32\DRIVERS\HSX_CNXT.sys [2008-02-12 661504]
R3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-20 83328]
S3 CamDrL;Logitech QuickCam Pro 3000(CamDrl); C:\Windows\system32\DRIVERS\Camdrl.sys [2007-02-03 1075360]
S3 catchme;catchme; \??\C:\Users\Home\AppData\Local\Temp\catchme.sys []
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2008-01-20 5632]
S3 fssfltr;FssFltr; C:\Windows\system32\DRIVERS\fssfltr.sys [2010-04-28 54632]
S3 FsUsbExDisk;FsUsbExDisk; \??\C:\Windows\system32\FsUsbExDisk.SYS [2009-01-02 36608]
S3 LVUSBSta;Logitech USB Monitor Filter; C:\Windows\system32\drivers\LVUSBSta.sys [2007-02-03 41504]
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-20 8192]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-20 5888]
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2008-01-20 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2008-01-20 6016]
S3 ss_bus;SAMSUNG Mobile USB Device 1.0 driver (WDM); C:\Windows\system32\DRIVERS\ss_bus.sys [2007-05-02 83592]
S3 ss_mdfl;SAMSUNG Mobile USB Modem 1.0 Filter; C:\Windows\system32\DRIVERS\ss_mdfl.sys [2007-05-02 15112]
S3 ss_mdm;SAMSUNG Mobile USB Modem 1.0 Drivers; C:\Windows\system32\DRIVERS\ss_mdm.sys [2007-05-02 109704]
S3 sscdbus;SAMSUNG USB Composite Device driver (WDM); C:\Windows\system32\DRIVERS\sscdbus.sys [2008-02-22 87936]
S3 sscdmdfl;SAMSUNG Mobile Modem Filter; C:\Windows\system32\DRIVERS\sscdmdfl.sys [2008-02-22 14976]
S3 sscdmdm;SAMSUNG Mobile Modem Drivers; C:\Windows\system32\DRIVERS\sscdmdm.sys [2008-02-22 114304]
S3 sscdserd;SAMSUNG Mobile Modem Diagnostic Serial Port (WDM); C:\Windows\system32\DRIVERS\sscdserd.sys [2008-02-22 94336]
S3 USBAAPL;Apple Mobile USB Driver; C:\Windows\System32\Drivers\usbaapl.sys [2009-08-28 40448]
S3 usbaudio;USB Audio Driver (WDM); C:\Windows\system32\drivers\usbaudio.sys [2009-04-11 73216]
S3 usbscan;USB Scanner Driver; C:\Windows\system32\DRIVERS\usbscan.sys [2008-01-20 35328]
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2008-01-20 39936]
S4 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys [2008-01-20 6656]
S4 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys [2008-01-20 386616]
S4 nvsmu;nvsmu; C:\Windows\system32\drivers\nvsmu.sys [2008-05-22 15360]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 ACDaemon;ArcSoft Connect Daemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [2010-03-18 113152]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2011-03-04 135336]
R2 AntiVirService;Avira AntiVir Guard; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2011-03-04 269480]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-07-09 144712]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
R2 FontCache;@%systemroot%\system32\FntCache.dll,-100; C:\Windows\system32\svchost.exe [2008-01-20 21504]
R2 HP Health Check Service;HP Health Check Service; c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [2008-06-02 94208]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2008-05-22 118784]
R2 Viewpoint Manager Service;Viewpoint Manager Service; C:\Program Files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]
R2 XAudioService;XAudioService; C:\Windows\system32\DRIVERS\xaudio.exe [2007-10-18 386560]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2009-11-12 545568]
S2 gupdate;Google Update Service (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2011-03-13 136176]
S3 fsssvc;Windows Live Family Safety Service; C:\Program Files\Windows Live\Family Safety\fsssvc.exe [2010-04-28 704872]
S3 GameConsoleService;GameConsoleService; C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe [2008-03-28 165416]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]

-----------------EOF-----------------
Zaphod
Regular Member
 
Posts: 29
Joined: November 1st, 2010, 3:13 pm
Advertisement
Register to Remove

Re: Vista Security 2011

Unread postby Cypher » April 8th, 2011, 4:23 am

Hi Zaphod.
Computer still running fine.

your latest set of logs appear to be clean!
This is my general post for when your logs show no more signs of malware.

Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:

Time for some housekeeping
  • Click on Start > All programs > Accessories > Run.
  • Now type in ComboFix /Uninstall into the box and click OK.
  • Note the space between the X and the /Uninstall, it needs to be there.
    Image
The above procedure will reset your System Restore and clear out the backups and quarantines created during the course of this fix.

Next

Clean up with OTM

  • Right-click OTM.exe And select " Run as administrator " to run it. If Windows UAC prompts you, please allow it.
  • This tool will remove all the tools we used to clean your pc.
  • Close all other programs apart from OTMoveIt3 as this step will require a reboot
  • On the OTM main screen, press the CleanUp! button
  • Say Yes to the prompt and then allow the program to reboot your computer.

You can now delete any tools we used if they remain on your Desktop.

Protection Programs
Don't forget to re-enable any protection programs we disabled during your fix.

Here are some free programs I recommend that could help you improve your computer's security.

Install SiteAdvisor
SiteAdvisor is a toolbar for Microsoft Internet Explorer and Mozilla Firefox which alerts you if you're about to enter a potentially dangerous website.
You can find more information and download it from Here

Install WinPatrol
As a robust security monitor, WinPatrol will alert you to hijackings, malware attacks and critical changes made to your computer without your permission. WinPatrol takes snapshot of your critical system resources and alerts you to any changes that may occur without your knowledge.
For more information, please visit HERE

MVPS Hosts

Install MVPS Hosts File From Here
The MVPS Hosts file replaces your current HOSTS file with one containing well know ad sites etc. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer.
You can Find the Tutorial HERE

Update your Antivirus programs and other security products regularly to avoid new threats that could infect your system.
You can use one of these sites to check if any updates are needed for your pc.
Secunia Software Inspector
F-secure Health Check

Microsoft Windows Update
Microsoft releases patches for Windows and Office products regularly to patch up Windows and Office products loopholes and fix any bugs found. Install the updates immediately if they are found.
To update Windows
Go to Start > All Programs > Windows Update > Check for updates.
To update Office
Open up any Office program.
Go to Help > Check for Updates

I would be grateful if you could reply to this post so that I know you have read it and, if you've no other questions, the thread can be closed.

Safe surfing!
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 15148
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: Vista Security 2011

Unread postby Zaphod » April 8th, 2011, 9:24 am

Hi Cypher

Ran the combofix uninstall successfully. Also ran the OTM successfully. However, when I turned on OTM, there were only 2 boxes that I could see any words in them - the moveit box and the exit box. When I took a chance and clicked on the 3rd box that had nothing visible in it, that's when the cleanup started. So, yes, it ran, but wasn't what I was expecting.

Currently reinstalling AVG and installed winpatrol yesterday.

Once again, I want to THANK YOU!!! for your assistance. It's great to know that there are people out there who can assist when the tools we use get a tad cranky. :) Now my friend just needs to practice safe computing. :)

Thanks again and have a great day!

Zaphod
Zaphod
Regular Member
 
Posts: 29
Joined: November 1st, 2010, 3:13 pm

Re: Vista Security 2011

Unread postby Cypher » April 8th, 2011, 10:36 am

Hi Zaphod.
Once again, I want to THANK YOU!!! for your assistance.

You're most welcome glad we could help.
Good luck and stay safe.
As this issue appears to be resolved, this topic is now closed.

We are pleased we could help you resolve your computer's malware issues.

If you would like to make a comment or leave a compliment regarding the help you have received, please see Feedback for Our Helpers - Say "Thanks" Here.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 15148
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns
Advertisement
Register to Remove

Previous

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 481 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware