Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Windows Security Center

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Windows Security Center

Unread postby 1000guite » May 12th, 2011, 2:11 pm

DDS.txt
.
DDS (Ver_11-03-05.01) - NTFS_AMD64
Run by Dell at 23:25:30.45 on 12-05-2011
Internet Explorer: 9.0.8112.16421
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.91.1033.18.3959.2442 [GMT 5.5:30]
.
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Program Files (x86)\Sensible Vision\Fast Access\FAService.exe
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_58afa5ca50c7b5e7\STacSV64.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\rundll32.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_58afa5ca50c7b5e7\AESTSr64.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe
c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files (x86)\WordWeb\wweb32.exe
C:\Program Files (x86)\uTorrent\uTorrent.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayMon.exe
c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe
C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayAlert.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Users\Dell\AppData\Local\Google\Chrome\Application\chrome.exe
E:\Downloads\Download Manager\dds (for malware removal log).scr
C:\Users\Dell\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\sppsvc.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
mDefault_Page_URL = hxxp://in.yahoo.com
mStart Page = hxxp://in.yahoo.com
uURLSearchHooks: H - No File
mWinlogon: Userinit=userinit.exe
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: IEVkbdBHO Class: {59273ab4-e7d3-40f9-a1a8-6fa9cca1862c} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\ievkbd.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: QUICKfind BHO Object: {c08df07a-3e49-4e25-9ab0-d3882835f153} - C:\PROGRA~2\IDM\QUICKF~1\PlugIns\IEHelp.dll
BHO: Free Download Manager: {cc59e0f9-7e43-44fa-9faa-8377850bf205} - C:\Program Files (x86)\Free Download Manager\iefdm2.dll
BHO: SSOIEAddonBHO Class: {da5bce70-d057-4d63-943d-5f3927ec59f1} - C:\Program Files (x86)\Sensible Vision\Fast Access\FAIESSO.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: FilterBHO Class: {e33cf602-d945-461a-83f0-819f76a199f8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\klwtbbho.dll
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
TB: {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - No File
uRun: [WordWeb] "C:\Program Files (x86)\WordWeb\wweb32.exe" -startup
uRun: [googletalk] C:\Users\Dell\AppData\Roaming\Google\Google Talk\googletalk.exe /autostart
uRun: [Google Update] "C:\Users\Dell\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [fsm]
uRun: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe" /MINIMIZED
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
mRun: [StartCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [FATrayAlert] C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayMon.exe
mRun: [FAStartup]
mRun: [Dell DataSafe Online] C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe
mRun: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe"
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
mPolicies-system: EnableLinkedConnections = 1 (0x1)
IE: Download all with Free Download Manager - file://C:\Program Files (x86)\Free Download Manager\dlall.htm
IE: Download selected with Free Download Manager - file://C:\Program Files (x86)\Free Download Manager\dlselected.htm
IE: Download video with Free Download Manager - file://C:\Program Files (x86)\Free Download Manager\dlfvideo.htm
IE: Download with Free Download Manager - file://C:\Program Files (x86)\Free Download Manager\dllink.htm
IE: Send image to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {4248FE82-7FCB-46AC-B270-339F08212110} - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\klwtbbho.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\klwtbbho.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
Notify: FastAccess - C:\Program Files (x86)\Sensible Vision\Fast Access\FALogNot.dll
AppInit_DLLs: C:\PROGRA~2\KASPER~1\KASPER~1\mzvkbd3.dll
LSA: Notification Packages = scecli FAPassSync
BHO-X64: IEVkbdBHO Class: {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\x64\ievkbd.dll
BHO-X64: IEVkbdBHO - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: SSOIEAddonBHO Class: {DA5BCE70-D057-4D63-943D-5F3927EC59F1} - C:\Program Files (x86)\Sensible Vision\Fast Access\x64\FAIESSO.dll
BHO-X64: SSOIEAddonBHO - No File
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
BHO-X64: FilterBHO Class: {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\x64\klwtbbho.dll
BHO-X64: link filter bho - No File
TB-X64: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
TB-X64: {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - No File
mRun-x64: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
mRun-x64: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe
mRun-x64: [IntelWireless] "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel Wireless Tray
mRun-x64: [QuickSet] C:\Program Files\Dell\QuickSet\QuickSet.exe
IE-X64: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
Hosts: 0.0.0.0 localhost
Hosts: 0.0.0.0 localhost
Hosts: 0.0.0.0 localhost
Hosts: 0.0.0.0 localhost
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Dell\AppData\Roaming\Mozilla\Firefox\Profiles\0hd3typc.default\
FF - prefs.js: browser.search.defaulturl - hxxp://in.search.yahoo.com/search?fr=ffsp1&p=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.facebook.com/
FF - prefs.js: keyword.URL - hxxp://in.search.yahoo.com/search?fr=ffds1&p=
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: C:\Program Files (x86)\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\4.0.60310.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Dell\AppData\Local\Google\Update\1.3.21.53\npGoogleUpdate3.dll
FF - plugin: C:\Users\Dell\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - plugin: C:\Users\Dell\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
============= SERVICES / DRIVERS ===============
.
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2011-3-24 55856]
R1 kl2;kl2;C:\Windows\System32\drivers\kl2.sys [2010-6-9 11864]
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;C:\Windows\System32\drivers\klim6.sys [2010-4-22 27736]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2010-2-17 14920]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2010-2-17 12360]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\System32\drivers\vwififlt.sys [2009-7-14 59904]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2011-5-4 128384]
R2 AESTFilters;Andrea ST Filters Service;C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_58afa5ca50c7b5e7\AESTSr64.exe [2011-3-25 89600]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2011-3-25 203264]
R2 AVP;Kaspersky Anti-Virus Service;C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe [2010-11-2 365336]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2010-2-28 821664]
R2 FAService;FAService;C:\Program Files (x86)\Sensible Vision\Fast Access\FAService.exe [2010-11-1 2428552]
R2 TurboB;Turbo Boost UI Monitor driver;C:\Windows\System32\drivers\TurboB.sys [2009-11-2 13784]
R3 amdkmdag;amdkmdag;C:\Windows\System32\drivers\atikmdag.sys [2011-3-25 6857728]
R3 amdkmdap;amdkmdap;C:\Windows\System32\drivers\atikmpag.sys [2011-3-25 264192]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\System32\drivers\CtClsFlt.sys [2011-5-5 174848]
R3 HECIx64;Intel(R) Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2011-3-24 56344]
R3 Impcd;Impcd;C:\Windows\System32\drivers\Impcd.sys [2011-3-25 151936]
R3 klmouflt;Kaspersky Lab KLMOUFLT;C:\Windows\System32\drivers\klmouflt.sys [2009-11-2 22544]
R3 NETw5s64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\System32\drivers\NETw5s64.sys [2011-3-25 7680512]
R3 Sftfs;Sftfs;C:\Windows\System32\drivers\Sftfslh.sys [2010-4-24 721768]
R3 Sftplay;Sftplay;C:\Windows\System32\drivers\Sftplaylh.sys [2010-4-24 269672]
R3 Sftredir;Sftredir;C:\Windows\System32\drivers\Sftredirlh.sys [2010-4-24 25960]
R3 Sftvol;Sftvol;C:\Windows\System32\drivers\Sftvollh.sys [2010-4-24 22376]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\System32\drivers\vwifimp.sys [2009-7-14 17920]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 btusbflt;Bluetooth USB Filter;C:\Windows\System32\drivers\btusbflt.sys [2011-3-25 53800]
S3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\System32\drivers\btwl2cap.sys [2011-3-24 35104]
S3 FACAP;facap, FastAccess Video Capture;C:\Windows\System32\drivers\facap.sys [2008-9-24 238848]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2011-3-25 232480]
S3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-3-25 325152]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-5-12 59392]
.
=============== Created Last 30 ================
.
2011-05-12 11:28:09 150200 ----a-w- C:\Program Files (x86)\Mozilla Firefox\extensions\linkfilter@kaspersky.ru\components\kavlinkfilter.dll
2011-05-12 11:27:13 -------- d-----w- C:\Program Files (x86)\Kaspersky Lab
2011-05-12 11:27:13 -------- d-----w- C:\PROGRA~3\Kaspersky Lab
2011-05-12 11:14:59 -------- d-----w- C:\PROGRA~3\Kaspersky Lab Setup Files
2011-05-12 11:04:29 -------- d-----w- C:\Program Files (x86)\SIW
2011-05-12 07:21:05 197120 ----a-w- C:\Windows\System32\d3d10_1.dll
2011-05-12 07:21:05 161792 ----a-w- C:\Windows\SysWow64\d3d10_1.dll
2011-05-12 06:39:53 -------- d-----w- C:\Windows\System32\SPReview
2011-05-12 06:38:56 -------- d-----w- C:\Windows\System32\EventProviders
2011-05-12 06:34:11 48976 ----a-w- C:\Windows\System32\netfxperf.dll
2011-05-12 06:34:11 1942856 ----a-w- C:\Windows\System32\dfshim.dll
2011-05-12 06:34:05 1130824 ----a-w- C:\Windows\SysWow64\dfshim.dll
2011-05-12 06:34:01 59392 ----a-w- C:\Windows\System32\drivers\TsUsbFlt.sys
2011-05-12 06:34:01 3715584 ----a-w- C:\Windows\System32\mstscax.dll
2011-05-12 06:34:01 1838080 ----a-w- C:\Windows\System32\d3d10warp.dll
2011-05-12 06:34:01 14967808 ----a-w- C:\Program Files\DVD Maker\OmdBase.dll
2011-05-12 06:34:01 12288 ----a-w- C:\Windows\System32\TsUsbRedirectionGroupPolicyExtension.dll
2011-05-12 06:32:59 485888 ----a-w- C:\Windows\SysWow64\comdlg32.dll
2011-05-12 06:31:59 70656 ----a-w- C:\Windows\System32\appinfo.dll
2011-05-12 06:30:59 5120 ----a-w- C:\Windows\System32\msdxm.ocx
2011-05-12 06:29:46 323072 ----a-w- C:\Windows\SysWow64\drvstore.dll
2011-05-12 06:29:45 257024 ----a-w- C:\Windows\SysWow64\dpx.dll
2011-05-12 06:29:33 606208 ----a-w- C:\Windows\SysWow64\wbem\fastprox.dll
2011-05-12 06:29:33 363008 ----a-w- C:\Windows\SysWow64\wbemcomn.dll
2011-05-12 06:23:47 529408 ----a-w- C:\Windows\System32\wbemcomn.dll
2011-05-12 06:23:47 524288 ----a-w- C:\Windows\System32\wmicmiplugin.dll
2011-05-12 06:23:47 1225216 ----a-w- C:\Windows\System32\wbem\wbemcore.dll
2011-05-12 06:23:20 933376 ----a-w- C:\Windows\System32\SmiEngine.dll
2011-05-12 06:23:07 199168 ----a-w- C:\Windows\System32\PkgMgr.exe
2011-05-12 06:21:38 422912 ----a-w- C:\Windows\System32\drvstore.dll
2011-05-12 06:21:36 399872 ----a-w- C:\Windows\System32\dpx.dll
2011-05-12 04:18:44 -------- d-----w- C:\Users\Dell\AppData\Roaming\SUPERAntiSpyware.com
2011-05-12 04:18:44 -------- d-----w- C:\PROGRA~3\SUPERAntiSpyware.com
2011-05-12 04:18:40 -------- d-----w- C:\PROGRA~3\!SASCORE
2011-05-12 04:18:36 -------- d-----w- C:\Program Files\SUPERAntiSpyware
2011-05-11 22:51:42 142336 ----a-w- C:\Windows\System32\poqexec.exe
2011-05-11 22:51:42 123904 ----a-w- C:\Windows\SysWow64\poqexec.exe
2011-05-11 21:39:17 632320 ----a-w- C:\Windows\SysWow64\Aqua_3D_Screensaver.scr
2011-05-11 21:39:17 632320 ----a-w- C:\Windows\System32\Aqua_3D_Screensaver.scr
2011-05-11 21:39:17 -------- d-----w- C:\Users\Dell\AppData\Local\Digital Minds Software
2011-05-11 21:39:17 -------- d-----w- C:\Program Files (x86)\Aqua 3D Screensaver
2011-05-11 21:12:52 131072 --sha-r- C:\Windows\SysWow64\bg-BG8.dll
2011-05-11 21:01:16 274448 ----a-w- C:\Windows\Icon Converter Plus Uninstaller.exe
2011-05-11 21:01:09 -------- d-----w- C:\Program Files (x86)\Icon Converter Plus
2011-05-11 21:01:09 -------- d-----w- C:\Program Files (x86)\Common Files\Program4Pc
2011-05-11 19:39:15 5562240 ----a-w- C:\Windows\System32\ntoskrnl.exe
2011-05-11 19:39:14 3967872 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2011-05-11 19:39:14 3912576 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2011-05-11 17:36:12 52736 ----a-w- C:\Windows\System32\drivers\usbehci.sys
2011-05-11 17:36:12 343040 ----a-w- C:\Windows\System32\drivers\usbhub.sys
2011-05-11 17:36:12 325120 ----a-w- C:\Windows\System32\drivers\usbport.sys
2011-05-11 17:36:11 98816 ----a-w- C:\Windows\System32\drivers\usbccgp.sys
2011-05-11 17:36:11 7936 ----a-w- C:\Windows\System32\drivers\usbd.sys
2011-05-11 17:36:11 30720 ----a-w- C:\Windows\System32\drivers\usbuhci.sys
2011-05-11 17:36:11 25600 ----a-w- C:\Windows\System32\drivers\usbohci.sys
2011-05-10 19:06:10 327680 ----a-w- C:\Windows\SysWow64\Flocker.dll
2011-05-08 17:25:37 1139200 ----a-w- C:\Windows\System32\FntCache.dll
2011-05-08 17:25:36 902656 ----a-w- C:\Windows\System32\d2d1.dll
2011-05-08 17:25:36 739840 ----a-w- C:\Windows\SysWow64\d2d1.dll
2011-05-08 17:25:36 1544192 ----a-w- C:\Windows\System32\DWrite.dll
2011-05-08 17:25:36 1076736 ----a-w- C:\Windows\SysWow64\DWrite.dll
2011-05-08 08:28:52 -------- d-----w- C:\Program Files (x86)\Common Files\PCSuite
2011-05-08 08:28:48 -------- d-----w- C:\Program Files (x86)\Common Files\Nokia
2011-05-08 08:28:21 -------- d-----w- C:\Program Files (x86)\PC Connectivity Solution
2011-05-07 22:43:37 25600 ----a-w- C:\Windows\System32\drivers\pccsmcfdx64.sys
2011-05-07 22:43:15 57856 ----a-w- C:\Windows\System32\nmwcdclsx64.dll
2011-05-07 22:43:14 -------- d-----w- C:\Program Files (x86)\Nokia
2011-05-07 20:17:10 -------- d-----w- C:\Users\Dell\AppData\Roaming\Free Download Manager
2011-05-07 20:17:08 -------- d-----w- C:\Program Files (x86)\Free Download Manager
2011-05-07 20:17:08 -------- d-----w- C:\PROGRA~3\FreeDownloadManager.ORG
2011-05-07 10:42:31 -------- d-----w- C:\Program Files (x86)\IObit
2011-05-07 07:48:56 -------- d-----w- C:\Downloads
2011-05-07 07:35:44 -------- d-----w- C:\Users\Dell\AppData\Roaming\IObit
2011-05-07 07:27:58 -------- d-----w- C:\Users\Dell\AppData\Roaming\Software Informer
2011-05-07 07:27:58 -------- d-----w- C:\Program Files (x86)\Software Informer
2011-05-07 06:03:00 -------- d-----w- C:\Program Files\Core Temp
2011-05-06 19:59:44 -------- d-----w- C:\Users\Dell\AppData\Local\Yahoo
2011-05-06 19:15:27 -------- d-----w- C:\Program Files (x86)\Yahoo!
2011-05-06 19:13:03 -------- d-----w- C:\Users\Dell\AppData\Local\Google
2011-05-06 16:00:32 981504 ----a-w- C:\Windows\SysWow64\wininet.dll_old0
2011-05-06 16:00:32 2063360 ----a-w- C:\Windows\SysWow64\iertutil.dll_old0
2011-05-06 16:00:32 1228800 ----a-w- C:\Windows\SysWow64\urlmon.dll_old0
2011-05-06 15:45:54 -------- d-----w- C:\Windows\SysWow64\Wat
2011-05-06 15:45:53 -------- d-----w- C:\Windows\System32\Wat
2011-05-06 15:41:20 2565632 ----a-w- C:\Windows\System32\esent.dll
2011-05-06 15:41:20 1699328 ----a-w- C:\Windows\SysWow64\esent.dll
2011-05-06 15:41:20 166272 ----a-w- C:\Windows\System32\drivers\nvstor.sys
2011-05-06 15:41:20 1659776 ----a-w- C:\Windows\System32\drivers\ntfs.sys
2011-05-06 15:41:19 96768 ----a-w- C:\Windows\System32\fsutil.exe
2011-05-06 15:41:19 410496 ----a-w- C:\Windows\System32\drivers\iaStorV.sys
2011-05-06 15:41:19 27008 ----a-w- C:\Windows\System32\drivers\amdxata.sys
2011-05-06 15:41:19 189824 ----a-w- C:\Windows\System32\drivers\storport.sys
2011-05-06 15:41:19 148352 ----a-w- C:\Windows\System32\drivers\nvraid.sys
2011-05-06 15:41:19 107904 ----a-w- C:\Windows\System32\drivers\amdsata.sys
2011-05-06 15:41:18 74240 ----a-w- C:\Windows\SysWow64\fsutil.exe
2011-05-06 15:31:08 1465344 ----a-w- C:\Windows\System32\XpsPrint.dll
2011-05-06 15:31:07 870912 ----a-w- C:\Windows\SysWow64\XpsPrint.dll
2011-05-06 15:15:47 30208 ----a-w- C:\Windows\System32\dnscacheugc.exe
2011-05-06 15:15:47 28672 ----a-w- C:\Windows\SysWow64\dnscacheugc.exe
2011-05-06 15:15:47 183296 ----a-w- C:\Windows\System32\dnsrslvr.dll
2011-05-06 14:58:37 642944 ----a-w- C:\Windows\System32\winload.efi
2011-05-06 14:58:37 605552 ----a-w- C:\Windows\System32\winload.exe
2011-05-06 14:58:37 566208 ----a-w- C:\Windows\System32\winresume.efi
2011-05-06 14:58:37 518672 ----a-w- C:\Windows\System32\winresume.exe
2011-05-06 14:58:37 20352 ----a-w- C:\Windows\System32\kdusb.dll
2011-05-06 14:58:37 19328 ----a-w- C:\Windows\System32\kd1394.dll
2011-05-06 14:58:37 17792 ----a-w- C:\Windows\System32\kdcom.dll
2011-05-06 14:58:36 63488 ----a-w- C:\Windows\System32\setbcdlocale.dll
2011-05-06 14:58:12 974336 ----a-w- C:\Windows\System32\WFS.exe
2011-05-06 14:58:12 267776 ----a-w- C:\Windows\System32\FXSCOVER.exe
2011-05-06 14:57:11 476160 ----a-w- C:\Windows\System32\XpsGdiConverter.dll
2011-05-06 14:57:10 288256 ----a-w- C:\Windows\SysWow64\XpsGdiConverter.dll
2011-05-06 14:56:55 1395712 ----a-w- C:\Windows\System32\mfc42.dll
2011-05-06 14:56:55 1359872 ----a-w- C:\Windows\System32\mfc42u.dll
2011-05-06 14:56:54 1164288 ----a-w- C:\Windows\SysWow64\mfc42u.dll
2011-05-06 14:56:54 1137664 ----a-w- C:\Windows\SysWow64\mfc42.dll
2011-05-06 14:56:48 467456 ----a-w- C:\Windows\System32\drivers\srv.sys
2011-05-06 14:56:48 411648 ----a-w- C:\Windows\System32\drivers\srv2.sys
2011-05-06 14:56:48 167936 ----a-w- C:\Windows\System32\drivers\srvnet.sys
2011-05-06 14:55:25 70656 ----a-w- C:\Windows\SysWow64\fontsub.dll
2011-05-06 14:55:25 46080 ----a-w- C:\Windows\System32\atmlib.dll
2011-05-06 14:55:25 367616 ----a-w- C:\Windows\System32\atmfd.dll
2011-05-06 14:55:25 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
2011-05-06 14:55:25 294912 ----a-w- C:\Windows\SysWow64\atmfd.dll
2011-05-06 14:55:25 100864 ----a-w- C:\Windows\System32\fontsub.dll
2011-05-06 14:54:37 214016 ----a-w- C:\Windows\System32\winsrv.dll
2011-05-06 14:50:34 976896 ----a-w- C:\Windows\System32\inetcomm.dll
2011-05-06 14:50:34 741376 ----a-w- C:\Windows\SysWow64\inetcomm.dll
2011-05-06 14:39:26 31232 ----a-w- C:\Windows\SysWow64\prevhost.exe
2011-05-06 14:39:26 31232 ----a-w- C:\Windows\System32\prevhost.exe
2011-05-06 14:38:27 287744 ----a-w- C:\Windows\System32\drivers\mrxsmb10.sys
2011-05-06 14:38:27 158208 ----a-w- C:\Windows\System32\drivers\mrxsmb.sys
2011-05-06 14:38:27 128000 ----a-w- C:\Windows\System32\drivers\mrxsmb20.sys
2011-05-06 14:38:26 90624 ----a-w- C:\Windows\System32\drivers\bowser.sys
2011-05-05 22:15:23 -------- d-----w- C:\Users\Dell\AppData\Local\oald8
2011-05-05 22:15:15 -------- d-----w- C:\Users\Dell\AppData\Roaming\oald8
2011-05-05 22:02:23 -------- d-----w- C:\Program Files (x86)\IDM
2011-05-05 22:01:44 -------- d-----w- C:\Program Files (x86)\Oxford
2011-05-05 20:16:48 1195760 ------w- C:\Windows\wweb32.dll
2011-05-05 20:16:48 -------- d-----w- C:\Program Files (x86)\WordWeb
2011-05-05 15:50:50 -------- d-----w- C:\Users\Dell\AppData\Local\uTorrent
2011-05-05 15:48:21 -------- d-----w- C:\Program Files (x86)\uTorrent
2011-05-05 15:47:01 -------- d-----w- C:\Users\Dell\AppData\Roaming\uTorrent
2011-05-05 14:34:13 -------- d-----w- C:\Program Files (x86)\Nero
2011-05-05 10:08:34 -------- d-----w- C:\Users\Dell\AppData\Roaming\Roxio Log Files
2011-05-05 08:49:34 -------- d-----w- C:\PROGRA~3\regid.1986-12.com.adobe
2011-05-05 08:02:49 -------- d-----w- C:\Program Files (x86)\My Company Name
2011-05-04 21:55:45 -------- d-----w- C:\Windows\SysWow64\spool
2011-05-04 19:58:49 -------- d-----w- C:\Program Files (x86)\COED11
2011-05-04 19:52:42 -------- d-----w- C:\Program Files (x86)\Common Files\Adobe Systems Shared
2011-05-04 19:27:11 -------- d-----w- C:\Program Files (x86)\Creative
2011-05-04 19:25:05 -------- d-----w- C:\Program Files (x86)\Dell Webcam
2011-05-04 19:25:00 224768 ----a-w- C:\Windows\System32\drivers\CtAudDrv.sys
2011-05-04 19:25:00 174848 ----a-w- C:\Windows\System32\drivers\CtClsFlt.sys
2011-05-04 19:24:52 -------- d-----w- C:\Program Files (x86)\Creative Live! Cam
2011-05-04 19:20:58 129784 ------w- C:\Windows\SysWow64\pxafs.dll
2011-05-04 12:18:59 -------- d-----w- C:\PROGRA~3\Electronic Arts
2011-05-04 12:18:59 -------- d-----w- C:\PROGRA~3\EA Core
2011-05-04 11:52:07 -------- d-----w- C:\Users\Dell\AppData\Local\ElevatedDiagnostics
2011-05-04 11:42:54 -------- d-----w- C:\Users\Dell\AppData\Roaming\Reallusion
2011-05-04 11:14:47 -------- d-----w- C:\Program Files (x86)\VideoLAN
2011-05-04 11:07:51 -------- d-----w- C:\Program Files (x86)\Alcohol Soft
2011-05-04 11:04:22 828912 ----a-w- C:\Windows\System32\drivers\sptd.sys
2011-05-04 07:06:24 -------- d-----w- C:\PROGRA~3\Nero
2011-05-03 22:32:39 -------- d-----w- C:\Users\Dell\AppData\Roaming\TypingMaster7
2011-05-03 22:32:25 -------- d-----r- C:\Program Files (x86)\TypingMaster
2011-05-03 22:29:54 -------- d-----w- C:\Program Files (x86)\Mountain river Screensaver
2011-05-03 22:28:46 -------- d-----w- C:\Program Files\CCleaner
2011-05-03 22:24:31 165376 ------w- C:\Windows\SysWow64\unrar.dll
2011-05-03 22:24:30 94208 ------w- C:\Windows\SysWow64\dpl100.dll
2011-05-03 22:24:30 881664 ------w- C:\Windows\SysWow64\xvidcore.dll
2011-05-03 22:24:30 720384 ------w- C:\Windows\SysWow64\divx.dll
2011-05-03 22:24:30 232448 ------w- C:\Windows\SysWow64\mp3fhg.acm
2011-05-03 22:24:30 217088 ------w- C:\Windows\SysWow64\yv12vfw.dll
2011-05-03 22:24:30 205824 ------w- C:\Windows\SysWow64\xvidvfw.dll
2011-05-03 22:24:30 151552 ------w- C:\Windows\SysWow64\ac3acm.acm
2011-05-03 22:24:29 108032 ------w- C:\Windows\SysWow64\ff_vfw.dll
2011-05-03 22:24:27 -------- d-----w- C:\Program Files (x86)\K-Lite Codec Pack
2011-05-03 22:23:23 -------- d-----w- C:\Program Files (x86)\GRETECH
2011-05-03 22:17:24 -------- d-----w- C:\Program Files\Sony
2011-05-03 21:20:18 -------- d-----w- C:\Users\Dell\AppData\Local\Sony
2011-05-03 21:17:41 -------- d-----w- C:\Program Files (x86)\Sony
2011-05-03 12:44:18 -------- d-----w- C:\Users\Dell\AppData\Roaming\Xilisoft
2011-05-03 12:43:03 892928 ------w- C:\Windows\SysWow64\iconv.dll
2011-05-03 12:43:03 675840 ------w- C:\Windows\SysWow64\ac3filter.ax
2011-05-03 12:43:03 496640 ------w- C:\Windows\SysWow64\xvid.ax
2011-05-03 12:43:02 -------- d-----w- C:\Program Files (x86)\iSkysoft
2011-05-03 12:42:40 -------- d-----w- C:\Program Files (x86)\Xilisoft
2011-05-03 12:42:40 -------- d-----w- C:\PROGRA~3\Xilisoft
2011-05-03 12:41:36 -------- d-----w- C:\Program Files (x86)\ Brain Games - Chess
2011-05-02 19:45:55 -------- d-----w- C:\PROGRA~3\VirtualizedApplications
2011-05-02 17:36:24 -------- d-----w- C:\Users\Dell\AppData\Roaming\Macrovision
2011-05-02 13:40:58 -------- d-----w- C:\Users\Dell\AppData\Local\Diagnostics
2011-05-02 13:28:30 -------- d-----w- C:\Users\Dell\AppData\Local\{78FC4EED-0FAB-452E-A63B-D8ABF2696852}
2011-05-02 13:25:22 -------- d-----w- C:\Users\Dell\AppData\Local\{A64366CA-4EF5-4189-B388-45893FA33803}
2011-05-02 13:12:15 -------- d-----w- C:\Users\Dell\AppData\Local\Dell
2011-05-02 11:48:52 -------- d-----w- C:\Users\Dell\AppData\Roaming\SoftGrid Client
2011-05-02 11:48:52 -------- d-----w- C:\Users\Dell\AppData\Local\SoftGrid Client
2011-05-02 11:48:27 -------- d-----w- C:\Program Files (x86)\Microsoft Application Virtualization Client
2011-05-02 11:48:19 -------- d-----w- C:\Users\Dell\AppData\Local\Adobe
2011-05-02 11:48:02 -------- d-----w- C:\Users\Dell\AppData\Roaming\TP
2011-05-02 11:46:12 -------- d-----w- C:\Users\Dell\AppData\Local\Broadcom
2011-05-02 11:46:09 -------- d-----w- C:\Users\Dell\AppData\Roaming\Dell
2011-05-02 11:45:56 -------- d-----w- C:\Users\Dell\AppData\Roaming\Dell Touch Zone
2011-05-02 11:45:56 -------- d-----w- C:\Users\Dell\AppData\Local\ATI
2011-05-02 11:45:47 -------- d-----w- C:\Users\Dell\AppData\Roaming\Intel
.
==================== Find3M ====================
.
2011-05-12 06:45:48 175616 ----a-w- C:\Windows\System32\msclmd.dll
2011-05-12 06:45:48 152576 ----a-w- C:\Windows\SysWow64\msclmd.dll
2011-03-24 19:34:55 0 ----a-w- C:\Windows\ativpsrm.bin
2011-03-24 07:14:42 521448 ----a-w- C:\Windows\System32\deployJava1.dll
2011-03-24 07:13:36 472808 ------w- C:\Windows\SysWow64\deployJava1.dll
2011-03-04 06:19:28 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll
2011-03-04 06:19:27 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll
2011-03-03 03:52:08 3135488 ----a-w- C:\Windows\System32\win32k.sys
2011-02-25 06:19:30 2871808 ----a-w- C:\Windows\explorer.exe
2011-02-25 05:30:54 2616320 ----a-w- C:\Windows\SysWow64\explorer.exe
.
============= FINISH: 23:27:49.36 ===============


Hi, the problem i am having is that i cannot turn on Windows Security Center (it shows "cannot be started"). Besides all my desktop gadgets can no longer be displayed. My internet explorer and Google Chrome keeps on opening some particular sites too. I scanned my laptop with an AntiSpyware and detected about 35 malwares, deleted them but still the problem remains. Im using McAfee (provided with my laptop) but somehow these malwares got through to my laptop, now i have uninstalled McAfee and tried Kaspersky 2011 and scanned my laptop again..still..no solution. Anyone?
1000guite
Active Member
 
Posts: 1
Joined: May 12th, 2011, 12:08 am
Advertisement
Register to Remove

Re: Windows Security Center

Unread postby Wingman » May 14th, 2011, 5:50 pm

Checking your logs, will reply soon, with instructions.
User avatar
Wingman
Admin/Teacher
Admin/Teacher
 
Posts: 14108
Joined: July 1st, 2008, 1:34 pm
Location: East Coast, USA

Re: Windows Security Center

Unread postby Wingman » May 14th, 2011, 6:08 pm

Hello...1000guite ... Welcome to the forum.

My name is Wingman, and I'll be helping you with any malware problems.
The logs I request can take a while to research, so please be patient.

Before we begin...please read and follow these important guidelines, so things will proceed smoothly.
  1. The instructions being given are for YOUR computer and system only!
    Using these instructions on a different computer can cause damage to that computer and possibly render it inoperable!
  2. You must have Administrator rights, permissions for this computer.
  3. DO NOT run any other fix or removal tools unless instructed to do so or install any other software (or hardware) during the cleaning process.
  4. [b]Only- post your problem at (1) one help site. Applying fixes from multiple help sites can cause problems.
  5. Print each set of instructions...if possible...your Internet connection will not be available during some fix processes.
  6. Only- reply to this thread, do not start another ... Please, continue responding, until I give you the "All Clean"
  7. Failure to respond for 3 days, will result in your topic being closed.

I am currently reviewing your log and will return, as soon as possible, with additional instructions. In the meantime...
Please take time to read the Malware Removal Forum Guidelines and Rules where the conditions for receiving help at this forum are explained.

The steps presented in these posts are for this person and machine ONLY. Do not apply these steps to your own system, without the guidance of a trained malware removal helper. Doing so, may possibly damage your system, preventing it from starting.

Please read all instructions carefully before executing and perform the steps, in the order given.
lf, you have any questions or problems, executing these instructions, <<STOP>> do not proceed, post back with the question or problem.

Malware removal:
Please be aware that removing Malware is a potentially hazardous undertaking. I will take care, not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

For your safety and protection, I would advise backing up all your important documents, personal data files and photos to a CD or DVD drive as some infections may render your computer unbootable during or before the disinfection process. The safest practice is not to backup any files with the following file extensions: exe, .scr, .ini, .htm, .html, .php, .asp, .xml, .zip, .rar, .cab as they may be infected.


Step 1.
Create a System Restore Point - W7

  1. Go to Start > Control Panel... click the System icon in the Control Panel.
  2. In the left pane click on System Protection.
  3. When the Dialog comes up, click on theSystem protection tab.
  4. Check that the drive letter where Windows is located (usually C:) indicates System protection ON.
    (This indicates System restore is turned ON for the Windows drive).
  5. Click the Create button to create a new restore point.
  6. In the Name dialog, type the name Pre-malware Removal... then click Create.
  7. You will get a message that the Restore Point was created successfully. Click Close.
  8. Click OK and close the System window in the Control Panel.
    < STOP > If you did not successfully complete this step. < STOP > Do not continue with any other steps, post back and let me know!


Step 2.
P2P Advisory!
IMPORTANT There are signs of one or more P2P (Peer to Peer) File Sharing Programs installed on your computer.
uTorrent

As long as you have any P2P program(s) installed, per Forum Policy, I can offer you no further assitance.
If you choose NOT to remove the program(s)...indicate that in your next reply and this topic will be closed.
Otherwise, please perform the following steps:
Remove P2P Program(s)
  1. Click on Start > Control Panel and double click on Programs and Features.
  2. Locate the following program:
    uTorrent
  3. Click on the Change/Remove button to uninstall it.
  4. Repeat this process for all other P2P programs you have installed.
  5. When the program(s) have been uninstalled... Close Control Panel.

By using any form of P2P networking to download files you can anticipate infestations of malware to occur. The P2P program
itself, may be safe but the files may not... use P2P at your own risk! Keep in mind that this practice may be the source of your current malware infestation.
Reference... siting risk factors, using P2P programs: How to Prevent the Online Invasion of Spyware and Adware

If you have uninstalled all P2P programs, please continue...

Step 3.
CKScanner
Please download CKScanner ... Save it to your desktop.
Make sure that CKScanner.exe is on the your desktop before running the application!
  1. Double-click on the CKScanner.exe icon... then click the Search For Files button.
    Vista-W7 users, you must right click the (CKScanner.exe) icon and choose "Run As Administrator", then click the "Search For Files" button.
  2. When the scan is finished (the cursor hourglass disappears) click the Save List To File button.
    A text file will be created on your desktop named "ckfiles.txt"
  3. Click OK at the file saved message box. Double-click on the ckfiles.txt icon on your desktop.
  4. Please copy/paste the contents of ckfiles.txt in your next reply.

Step 4.
ComboFix
Image
Please download ComboFix.exe... © Copyrighted to sUBs. Save it to your desktop. <<--- IMPORTANT!! .
Alternate download site: here
If you previously downloaded ComboFix, please delete that version and download it again. This tool is frequently updated.

The first thing you need to do is print out How-To-Use-ComboFix. Read these instructions thoroughly.
You will not have Internet access when you execute ComboFix.
Please disable any Antivirus or Firewall you have active, as shown in this topic. Close all open application windows.

  1. Double click the ComboFix.exe icon on your desktop to begin execution. If you receive the "Open File - Security Warning"... press Run.
  2. Press Yes to the Disclaimer prompt.
    ComboFix screen appears... preparing to run. ComboFix will now begin creating a System Restore Point and then backup your registry.
  3. If not already installed... Press Yes to the "Install Recovery Console" prompt.
  4. Press Yes at the Recovery Console installation results prompt...
    Do Not use your keyboard or mouse click anywhere in the ComboFix window, as this may cause the program to stall or crash!
    When finished... Notepad will open ... ComboFix will produce a log file called "log.txt".
  5. Please copy/paste the contents of log.txt... in your next reply.
Do NOT use Combofix unless you have been instructed to do so by a Malware Removal Expert. It is a powerful tool intended by its creator to be used under the guidance and supervision of an expert, NOT for general public or personal use. Using this tool incorrectly could lead to serious problems with your operating system such as preventing it from ever starting again. This site, sUBs and myself will not be responsible for any damage caused to your machine by misusing or running ComboFix on your own. Please read Combofix's Disclaimer.

** Enable your Antivirus and Firewall, before connecting to the Internet again! **

Step 5.
Please include in your next reply:
  1. Any problem executing the instructions?
  2. P2P program(s) removed?
  3. CKScanner - ckfiles.txt file contents.
  4. ComboFix log.txt file contents.
  5. How is the computer behaving?
Thanks,
Wingman
User avatar
Wingman
Admin/Teacher
Admin/Teacher
 
Posts: 14108
Joined: July 1st, 2008, 1:34 pm
Location: East Coast, USA

Re: Windows Security Center

Unread postby Wingman » May 18th, 2011, 6:34 pm

Due to a lack of response, this topic is now closed.

If you still require help, please open a new thread in the Infected? Virus, malware, adware, ransomware, oh my! forum, include a fresh FRST log, and wait for a new helper.
User avatar
Wingman
Admin/Teacher
Admin/Teacher
 
Posts: 14108
Joined: July 1st, 2008, 1:34 pm
Location: East Coast, USA
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 45 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware