Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

My computer is infected with Malware and possible viruses

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

My computer is infected with Malware and possible viruses

Unread postby Tgambaro112 » August 12th, 2012, 3:57 pm

i noticed i had a problem when my email started sending out hundreds of blank emails to random contacts

here are my logs thank you!


.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.19088
Run by Michael Heller at 1:30:52 on 2012-08-12
Microsoft® Windows Vista™ Home Basic 6.0.6001.1.1252.1.1033.18.2036.470 [GMT -4:00]
.
AV: Norton Security Suite *Disabled/Outdated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
AV: AVG Anti-Virus Free *Enabled/Updated* {0C939084-9E57-CBDB-EA61-0B0C7F62AF82}
SP: AVG Anti-Virus Free *Enabled/Updated* {B7F27160-B86D-C455-D0D1-307E04E5E53F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton Security Suite *Disabled/Outdated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Security Suite *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Dell\DellDock\DockLogin.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\Belkin\Router Setup and Monitor\BelkinService.exe
C:\Program Files\comcasttb\ComcastSpywareScan\ComcastAntiSpyService.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Program Files\Norton Security Suite\Engine\5.2.2.3\ccSvcHst.exe
C:\Program Files\Norton PC Checkup 3.0\SymcPCCULaunchSvc.exe
C:\Program Files\Norton PC Checkup\Norton PC Checkup\Engine\2.0.2.506\ccSvcHst.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\Constant Guard Protection Suite\IDVaultSvc.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\Norton Security Suite\Engine\5.2.2.3\ccSvcHst.exe
C:\Program Files\MyWebSearch\bar\2.bin\M3SRCHMN.EXE
C:\Program Files\Norton PC Checkup\Norton PC Checkup\Engine\2.0.2.506\ccSvcHst.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\comcasttb\ComcastSpywareScan\ComcastAntiSpy.exe
C:\Program Files\Common Files\Apple\Internet Services\ubd.exe
C:\Users\Michael Heller\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Constant Guard Protection Suite\IDVault.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Apple\Apple Application Support\distnoted.exe
C:\Windows\system32\Dwm.exe
C:\Windows\explorer.exe
C:\Program Files\Safari\Safari.exe
C:\Program Files\Safari\Apple Application Support\WebKit2WebProcess.exe
C:\desktop\mbamservice.exe
C:\desktop\mbamgui.exe
C:\desktop\mbam.exe
C:\Windows\system32\wermgr.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uWindow Title = Internet Explorer provided by Dell
uStart Page = hxxp://xfinity.comcast.net/?cid=cgps12032011
uDefault_Page_URL = hxxp://www.google.com/ig/dell?hl=en&cli ... bd=3080902
uInternet Settings,ProxyServer = 207.65.71.194:80
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
uURLSearchHooks: YTNavAssistPlugin Class: {81017ea9-9aa8-4a6a-9734-7af40e7d593f} - c:\program files\yahoo!\companion\installs\cpn2\yt.dll
uURLSearchHooks: H - No File
mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
mWinlogon: Userinit=c:\windows\system32\userinit.exe
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn2\yt.dll
BHO: HP Print Clips: {053f9267-dc04-4294-a72c-58f732d338c0} - c:\program files\hp\smart web printing\hpswp_framework.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: {1036AD63-AEAC-460B-9060-C96005D4DC86} - No File
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: Updater For ooVoo Toolbar: {442ae524-eba5-4b17-82f3-888d68bc999a} - c:\program files\oovootb\auxi\oovooAu.dll
BHO: XFINITY Toolbar: {4b9bcce8-a70b-402a-a7e1-db96831ee26f} - c:\program files\xfin_portal\comcastdx.dll
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton security suite\engine\5.2.2.3\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton security suite\engine\5.2.2.3\ips\IPSBHO.DLL
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_05\bin\ssv.dll
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
BHO: {99E00A4C-D35E-11DD-BA95-9B6A56D89593} - No File
BHO: ooVoo Toolbar: {a1fb2f9a-d35e-11dd-8935-e46a56d89593} - c:\program files\oovootb\oovoodx.dll
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
BHO: Privacy Safeguard BHO: {a42d2eb4-dd31-4bb5-8aa5-8d4e04806dbe} - c:\program files\privacysafeguard\PrivacySafeGuard.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar2.dll
BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.3.4501.1418\swg.dll
BHO: Constant Guard Protection Suite (COM): {b84cdbe7-1b46-494b-a188-01d4c52deb61} - c:\programdata\white sky, inc\id vault\iebho1.1.716.0\NativeBHO.dll
BHO: Updater For XFIN_PORTAL: {bb46be07-13eb-4c49-b0f0-fc78b9ea4983} - c:\program files\xfin_portal\auxi\comcastAu.dll
BHO: Windows Live Toolbar Helper: {bdbd1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dll
BHO: 1 (0x1) - No File
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\dell\bae\BAE.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn0\YTSingleInstance.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar2.dll
TB: Windows Live Toolbar: {bdad1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dll
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
TB: ooVoo Toolbar: {a1fb2f9a-d35e-11dd-8935-e46a56d89593} - c:\program files\oovootb\oovoodx.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn2\yt.dll
TB: XFINITY Toolbar: {4b9bcce8-a70b-402a-a7e1-db96831ee26f} - c:\program files\xfin_portal\comcastdx.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton security suite\engine\5.2.2.3\coIEPlg.dll
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
TB: {687578B9-7132-4A7A-80E4-30EE31099E03} - No File
uRun: [ComcastAntispyClient] "c:\program files\comcasttb\comcastspywarescan\ComcastAntispy.exe" /hide
uRun: [MobileDocuments] c:\program files\common files\apple\internet services\ubd.exe
uRun: [Spotify Web Helper] "c:\users\michael heller\appdata\roaming\spotify\data\SpotifyWebHelper.exe"
uRunOnce: [Shockwave Updater] "c:\windows\system32\adobe\shockwave 11\SwHelper_1100465.exe" -Update -1100465 -"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0; Trident/4.0; FunWebProducts; SLCC1; .NET CLR 2.0.50727; .NET CLR 3.0.04506)" -"http://blitinteractive.com/clients/powell/MaxDrifter.htm"
mRun: [dellsupportcenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P dellsupportcenter
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Malwarebytes' Anti-Malware] "c:\desktop\mbamgui.exe" /starttray
mRunOnce: [Malwarebytes Anti-Malware] c:\desktop\mbamgui.exe /install /silent
StartupFolder: c:\users\michae~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\dropbox.lnk - c:\users\michael heller\appdata\roaming\dropbox\bin\Dropbox.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\consta~1.lnk - c:\program files\constant guard protection suite\IDVault.exe
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
dPolicies-explorer: EnableUIADesktopToggle = 0 (0x0)
IE: &Search - http://edits.mywebse...?p=ZJxdm025YYUS
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_05\bin\ssv.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {58ECB495-38F0-49cb-A538-10282ABF65E7} - {E763472E-A716-4CD9-89BD-DBDA6122F741} - c:\program files\hp\smart web printing\hpswp_extensions.dll
IE: {700259D7-1666-479a-93B1-3250410481E8} - {A93C41D8-01F8-4F8B-B14C-DE20B117E636} - c:\program files\hp\smart web printing\hpswp_extensions.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
LSP: mswsock.dll
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/200 ... oader5.cab
DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - hxxp://ak.exe.imgfarm.com/images/nocach ... .0.1.1.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/fl ... rashim.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/s ... wflash.cab
DPF: {D64CF6D4-45DF-4D8F-9F14-E65FADF2777C} - hxxp://www.dvrstation.com/pdvratl.php?vendor=7
TCP: DhcpNameServer = 192.168.2.1
TCP: Interfaces\{66181F27-F2D7-4CC9-A9A8-D251DFDB3BCB} : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{A0EE75E2-6D86-4A88-8EAA-8705DBA8C486} : DhcpNameServer = 205.152.144.23 205.152.132.23
TCP: Interfaces\{B6CC6E43-A91F-4805-AB82-17A098DCA663} : DhcpNameServer = 205.152.144.23 205.152.132.23
TCP: Interfaces\{C5F9D9FF-A389-4C3A-BBFB-8D9964E8A295} : DhcpNameServer = 205.152.144.23 205.152.132.23
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: GoToAssist - c:\program files\citrix\gotoassist\514\G2AWinLogon.dll
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: c:\progra~1\google\google~2\GOEC62~1.DLL
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
.
============= SERVICES / DRIVERS ===============
.
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\n360\0502020.003\symds.sys [2012-7-17 340088]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\n360\0502020.003\symefa.sys [2012-7-17 744568]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-1-21 335240]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-1-21 27784]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-1-31 108552]
R1 BHDrvx86;BHDrvx86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_5.0.0.125\definitions\bashdefs\20111123.001\BHDrvx86.sys [2011-11-24 819320]
R1 IDSVix86;IDSVix86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_5.0.0.125\definitions\ipsdefs\20111212.002\IDSvix86.sys [2011-12-13 368248]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\n360\0502020.003\ironx86.sys [2012-7-17 136312]
R1 SYMTDIv;Symantec Vista Network Dispatch Driver;c:\windows\system32\drivers\n360\0502020.003\symtdiv.sys [2012-7-17 331384]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2011-8-11 116608]
R2 AntiSpywareService;Comcast AntiSpyware;c:\program files\comcasttb\comcastspywarescan\ComcastAntiSpyService.exe [2009-6-17 616408]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\avg\avg8\avgemc.exe [2009-6-23 908056]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-6-23 297752]
R2 DockLoginService;Dock Login Service;c:\program files\dell\delldock\DockLogin.exe [2008-4-28 161048]
R2 IDVaultSvc;CGPS Service;c:\program files\constant guard protection suite\IDVaultSvc.exe [2012-7-18 66160]
R2 MBAMService;MBAMService;c:\desktop\mbamservice.exe [2012-8-12 655944]
R2 N360;Norton Security Suite;c:\program files\norton security suite\engine\5.2.2.3\ccsvchst.exe [2012-7-17 130008]
R2 Norton PC Checkup Application Launcher;Norton PC Checkup Application Launcher;c:\program files\norton pc checkup 3.0\SymcPCCULaunchSvc.exe [2012-8-5 131512]
R2 PCCUJobMgr;Common Client Job Manager Service;c:\program files\norton pc checkup\norton pc checkup\engine\2.0.2.506\ccSvcHst.exe [2009-12-9 126392]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2008-9-8 24652]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2011-12-3 106104]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-8-12 22344]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2012-8-12 40776]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate1c96258450e02c0;Google Update Service (gupdate1c96258450e02c0);c:\program files\google\update\GoogleUpdate.exe [2008-12-20 133104]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-7-27 250056]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\avg\avg8\toolbar\ToolbarBroker.exe [2010-10-26 1025352]
S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\google\google desktop search\GoogleDesktop.exe [2008-9-2 30192]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2008-12-20 133104]
S3 netr73;Linksys Compact Wireless-G USB Adapter Driver for Vista;c:\windows\system32\drivers\WUSB54GCx86.sys [2008-9-4 256000]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2012-08-12 05:13:02 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2012-08-12 05:13:00 -------- d-----w- c:\users\michael heller\appdata\roaming\Malwarebytes
2012-08-12 05:11:57 -------- d-----w- c:\programdata\Malwarebytes
2012-08-12 05:11:53 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-08-12 05:11:53 -------- d-----w- C:\desktop
2012-08-11 23:35:24 -------- d-----w- c:\users\michael heller\appdata\roaming\SUPERAntiSpyware.com
2012-08-11 23:35:05 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2012-08-11 23:35:05 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-08-07 20:18:47 -------- d-----w- c:\windows\system32\?
2012-08-06 13:17:48 -------- d-----w- c:\windows\system32\?
2012-07-27 14:33:22 -------- d-----w- c:\program files\iPod
2012-07-27 14:33:08 -------- d-----w- c:\program files\iTunes
2012-07-27 13:54:59 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin7.dll
2012-07-27 13:54:59 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin6.dll
2012-07-27 13:54:59 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin5.dll
2012-07-27 13:54:59 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin4.dll
2012-07-27 13:54:59 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin3.dll
2012-07-27 13:54:59 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin2.dll
2012-07-27 13:54:59 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin.dll
2012-07-27 13:51:16 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-07-27 13:51:16 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-07-17 15:27:15 744568 ----a-w- c:\windows\system32\drivers\n360\0502020.003\symefa.sys
2012-07-17 15:27:15 516216 ----a-w- c:\windows\system32\drivers\n360\0502020.003\srtsp.sys
2012-07-17 15:27:15 50168 ----a-w- c:\windows\system32\drivers\n360\0502020.003\srtspx.sys
2012-07-17 15:27:15 340088 ----a-w- c:\windows\system32\drivers\n360\0502020.003\symds.sys
2012-07-17 15:27:15 331384 ----a-w- c:\windows\system32\drivers\n360\0502020.003\symtdiv.sys
2012-07-17 15:27:15 299640 ----a-w- c:\windows\system32\drivers\n360\0502020.003\symnets.sys
2012-07-17 15:27:14 136312 ----a-r- c:\windows\system32\drivers\n360\0502020.003\ironx86.sys
2012-07-17 07:08:04 -------- d-----w- c:\windows\system32\drivers\n360\0502020.003
2012-07-13 06:28:41 56200 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{f6923b47-36dd-4da9-b1e4-e879b9c0f65e}\offreg.dll
2012-07-13 06:11:00 6762896 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{f6923b47-36dd-4da9-b1e4-e879b9c0f65e}\mpengine.dll
.
==================== Find3M ====================
.
.
============= FINISH: 1:32:36.93 ===============



.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft® Windows Vista™ Home Basic
Boot Device: \Device\HarddiskVolume3
Install Date: 9/2/2008 7:23:03 AM
System Uptime: 8/11/2012 11:38:45 PM (2 hours ago)
.
Motherboard: Dell Inc. | | 0RY007
Processor: Intel® Pentium® Dual CPU E2180 @ 2.00GHz | Socket 775 | 2000/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 288 GiB total, 70.671 GiB free.
D: is FIXED (NTFS) - 10 GiB total, 5.919 GiB free.
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft 6to4 Adapter
Device ID: ROOT\*6TO4MP\0027
Manufacturer: Microsoft
Name: 6TO4 Adapter
PNP Device ID: ROOT\*6TO4MP\0027
Service: tunnel
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft ISATAP Adapter
Device ID: ROOT\*ISATAP\0018
Manufacturer: Microsoft
Name: isatap.{92A21619-F471-42B0-88F7-4E7980AAD88A}
PNP Device ID: ROOT\*ISATAP\0018
Service: tunnel
.
==== System Restore Points ===================
.
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader 8.1.3
Adobe Shockwave Player
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ATT-PRT22
Audacity 1.3.12 (Unicode)
AVG Free 8.5
Belkin Setup and Router Monitor
Bonjour
Browser Address Error Redirector
BufferChm
CA Pest Patrol Realtime Protection
CameraHelperMsi
Constant Guard Protection Suite
CustomerResearchQFolder
D4200
D4200_Help
Dell-eBay
Dell Best of Web
Dell DataSafe Online
Dell Dock
Dell Getting Started Guide
Dell Support Center (Support Software)
DeviceDiscovery
DeviceManagementQFolder
dj_sf_ProductContext
dj_sf_software
dj_sf_software_req
Download Updater (AOL LLC)
Drivers Install For Linksys Easylink Advisor
Dropbox
DVD Flick 1.3.0.7
EDocs
erLT
eSupportQFolder
Express Burn
Free Convert M4A to MP3 AMR OGG AAC Converter 5.8
Google Chrome
Google Desktop
Google Earth
Google Toolbar for Internet Explorer
Google Update Helper
Google Updater
GoToAssist 8.0.0.514
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Customer Participation Program 9.0
HP Deskjet Printer Driver Software 9.0
HP Imaging Device Functions 9.0
HP Photosmart Essential 2.01
HP Photosmart Essential2.01
HP Product Assistant
HP Smart Web Printing
HP Solution Center 9.0
HP Update
HPProductAssistant
HPSSupply
iCloud
Intel® PRO Network Connections 12.1.11.0
iTunes
Java™ 6 Update 5
LAME v3.98.2 for Audacity
Linksys EasyLink Advisor 1.6 (0032)
Logitech Vid
Logitech Webcam Software
LWS Facebook
LWS Gallery
LWS Help_main
LWS Launcher
LWS Motion Detection
LWS Pictures And Video
LWS Video Mask Maker
LWS VideoEffects
LWS Webcam Software
LWS WLM Plugin
LWS YouTube Plugin
Malwarebytes Anti-Malware version 1.62.0.1300
MarketResearch
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Excel MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft VC9 runtime libraries
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
MixPad
MobileMe Control Panel
Myxer MP3 Downloader
NCH Toolbox
Norton PC Checkup
Norton Security Suite
ooVoo
ooVoo Toolbar (Remove Toolbar Only)
PanoStandAlone
PowerDVD
Prism Video Converter
Privacy SafeGuard version 1.0
PSSWCORE
QQ Bubble Arena
QQ Hearts
QQ Puzzle Dasher
QuickTime
Reader Rabbit's 1st Grade
Realtek High Definition Audio Driver
Roxio Creator Audio
Roxio Creator Copy
Roxio Creator Data
Roxio Creator DE
Roxio Creator Tools
Roxio Express Labeler 3
Roxio Update Manager
Safari
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596880) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2598041) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB2596786) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2596917) 32-Bit Edition
Skype Toolbars
Skype™ 4.2
SMS (remove only)
SolutionCenter
Spotify
Status
SUPERAntiSpyware
Switch Sound File Converter
Toolbox
TrayApp
UnloadSupport
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
VideoToolkit01
Viewpoint Media Player
WavePad Sound Editor
WebReg
Windows Live Messenger
Windows Live Toolbar
Windows Live Toolbar Extension (Windows Live Toolbar)
Windows Media Player Firefox Plugin
WinRAR archiver
XFINITY Toolbar
Xvid 1.2.1 final uninstall
Yahoo! Messenger
Yahoo! Software Update
Yahoo! Toolbar
.
==== Event Viewer Messages From Past Week ========
.
8/11/2012 6:15:17 PM, Error: EventLog [6008] - The previous system shutdown at 3:27:40 PM on 8/11/2012 was unexpected.
8/10/2012 12:10:56 PM, Error: Service Control Manager [7024] - The Windows Firewall service terminated with service-specific error 5 (0x5).
8/10/2012 12:09:18 PM, Error: EventLog [6008] - The previous system shutdown at 12:07:30 PM on 8/10/2012 was unexpected.
.
==== End Of File ===========================
Tgambaro112
Regular Member
 
Posts: 21
Joined: August 12th, 2012, 3:51 pm
Advertisement
Register to Remove

Re: My computer is infected with Malware and possible viruse

Unread postby diver79 » August 12th, 2012, 4:40 pm

Hi and welcome to MalwareRemoval.com.
My name is Diver79, and I will be helping you with your malware problems.

Before we start please note the following important guidelines.
  • The instructions given are for THIS computer only! Using these instructions on a different computer, can make it inoperable!
  • Please DO NOT run any other software or scans whilst I am helping you.

Note: If you haven't done so already, please ensure you have read the following article. ALL USERS OF THIS FORUM MUST READ THIS FIRST where the conditions for receiving help here are explained.
diver79 wrote:Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.
Because of this, I advise you to backup any personal files and folders before you start.
How to backup your data - Vista/Win7

Looking into your logs now. Will post instructions soon...

diver79.
User avatar
diver79
Retired Graduate
 
Posts: 1004
Joined: January 3rd, 2010, 7:03 pm

Re: My computer is infected with Malware and possible viruse

Unread postby diver79 » August 12th, 2012, 4:59 pm

Hi Tgambaro112

Please run the following scans and post the resulting logs.

Scan with WVCheck:
Please download WVCheck and save it to the desktop.
  • Right click on WVCheck.exe and select Run as Administrator, follow the prompts to allow the program to run.
  • The scan may take some time depending on the Hard-Drive size.
  • Please post the contents of the notepad file WVCheck_1436_dd-mm-yyyy that can be located on the desktop.


MGA Diagnostic Tool Vista/Win7
  • Please download MGA Diagnostic Tool and save it to your Desktop.
  • Right click on MGADiag.exe and select Run As Administrator to run it.
  • Click Continue.
  • The program will run. It takes a while to finish the diagnosis, please be patient.
  • Once done, click on Copy.
  • Open Notepad and paste the contents in the window.
  • Save this file and copy/paste it in your next reply.
User avatar
diver79
Retired Graduate
 
Posts: 1004
Joined: January 3rd, 2010, 7:03 pm

Re: My computer is infected with Malware and possible viruse

Unread postby Tgambaro112 » August 12th, 2012, 6:31 pm

Does it matter what order I do this in? I did them both at the same time and the mga diagnostic is finished but the wvcheck has not finished yet
Tgambaro112
Regular Member
 
Posts: 21
Joined: August 12th, 2012, 3:51 pm

Re: My computer is infected with Malware and possible viruse

Unread postby diver79 » August 12th, 2012, 6:41 pm

The order they are run in should not matter. Please follow each set of instructions one at a time though and be sure to run them using the run as administrator option.
User avatar
diver79
Retired Graduate
 
Posts: 1004
Joined: January 3rd, 2010, 7:03 pm

Re: My computer is infected with Malware and possible viruse

Unread postby Tgambaro112 » August 12th, 2012, 6:45 pm

Windows Validation Check
Version: 1.9.12.5
Log Created On: 1827_12-08-2012
-----------------------

Windows Information
-----------------------
Windows Version: Windows Vista Service Pack 1
Windows Mode: Normal
Systemroot Path: C:\Windows

WVCheck's Auto Update Check
-----------------------
Auto-Update Option: Download updates and install them automatically.
-----------------------
Last Success Time for Update Detection: 2012-07-21 19:51:15
Last Success Time for Update Download: 2012-07-12 19:40:14
Last Success Time for Update Installation: 2012-07-13 07:20:02


WVCheck's Registry Check Check
-----------------------
Antiwpa: Not Found
-----------------------
Chew7Hale: Not Found
-----------------------


WVCheck's File Dump
-----------------------
C:\Windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\x86_microsoft-windows-security-licensing-wga_31bf3856ad364e35_6.0.6002.18005_none_5032e2f3f6cc83e3\slwga.dll
Size: 12288 bytes
Creation; 11/9/2009 1:55:2
Modification; 11/4/2009 2:28:24
MD5; da887f28054d78ee8637bebb924a2db5
Matched: slwga.dll
-----------------------
C:\Windows\System32\slwga.dll
Size: 12288 bytes
Creation; 20/1/2008 21:34:50
Modification; 20/1/2008 21:34:50
MD5; 7269a928bc18dafbddcffb96b6e987f1
Matched: slwga.dll
-----------------------
C:\Windows\winsxs\x86_microsoft-windows-security-licensing-wga_31bf3856ad364e35_6.0.6001.18000_none_4e4769e7f9aab897\slwga.dll
Size: 12288 bytes
Creation; 20/1/2008 21:34:50
Modification; 20/1/2008 21:34:50
MD5; 7269a928bc18dafbddcffb96b6e987f1
Matched: slwga.dll
-----------------------
D:\Windows\System32\slwga.dll
Size: 12288 bytes
Creation; 19/1/2008 0:41:48
Modification; 19/1/2008 2:36:30
MD5; 7269a928bc18dafbddcffb96b6e987f1
Matched: slwga.dll
-----------------------
D:\Windows\winsxs\x86_microsoft-windows-security-licensing-wga_31bf3856ad364e35_6.0.6001.18000_none_4e4769e7f9aab897\slwga.dll
Size: 12288 bytes
Creation; 19/1/2008 3:53:9
Modification; 19/1/2008 3:53:9
MD5; 7269a928bc18dafbddcffb96b6e987f1
Matched: slwga.dll
-----------------------


WVCheck's Dir Dump
-----------------------
WVCheck found no known bad directories.


WVCheck's Missing File Check
-----------------------
WVCheck found no missing Windows files.


WVCheck's MBAM Quarantine Check
-----------------------
There were no bad files quarantined by MBAM.


WVCheck's HOSTS File Check
-----------------------
WVCheck found no bad lines in the hosts file.


WVCheck's MD5 Check
EXPERIMENTAL!!
-----------------------
user32.dll - b974d9f06dc7d1908e825dc201681269


-------- End of File, program close at 1842_12-08-2012 --------

Diagnostic Report (1.9.0027.0):
-----------------------------------------
Windows Validation Data-->
Validation Status: Genuine
Validation Code: 0
Cached Online Validation Code: N/A, hr = 0xc004f012
Windows Product Key: *****-*****-4WD8X-M9WM7-CH4CG
Windows Product Key Hash: EkdqJZ28Y9zyrh7DU/lHNjTXlQY=
Windows Product ID: 89572-OEM-7332166-00096
Windows Product ID Type: 2
Windows License Type: OEM SLP
Windows OS version: 6.0.6001.2.00010300.1.0.002
ID: {67B89BC3-73C1-4B1E-8399-94161C9BBFD4}(1)
Is Admin: Yes
TestCab: 0x0
LegitcheckControl ActiveX: N/A, hr = 0x80070002
Signed By: N/A, hr = 0x80070002
Product Name: Windows Vista (TM) Home Basic
Architecture: 0x00000000
Build lab: 6001.vistasp1_gdr.101014-0432
TTS Error:
Validation Diagnostic:
Resolution Status: N/A

Vista WgaER Data-->
ThreatID(s): N/A, hr = 0x80070002
Version: 6.0.6002.16398

Windows XP Notifications Data-->
Cached Result: N/A, hr = 0x80070002
File Exists: No
Version: N/A, hr = 0x80070002
WgaTray.exe Signed By: N/A, hr = 0x80070002
WgaLogon.dll Signed By: N/A, hr = 0x80070002

OGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
OGAExec.exe Signed By: N/A, hr = 0x80070002
OGAAddin.dll Signed By: N/A, hr = 0x80070002

OGA Data-->
Office Status: 100 Genuine
Microsoft Office Home and Student 2007 - 100 Genuine
OGA Version: N/A, 0x80070002
Signed By: N/A, hr = 0x80070002
Office Diagnostics: 025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3_E2AD56EA-765-d003_E2AD56EA-766-0_E2AD56EA-134-80004005_70AFE6BE-656-80070057_E2AD56EA-815-80070057

Browser Data-->
Proxy settings: N/A
User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
Default Browser: C:\Program Files\Google\Chrome\Application\chrome.exe
Download signed ActiveX controls: Prompt
Download unsigned ActiveX controls: Disabled
Run ActiveX controls and plug-ins: Allowed
Initialize and script ActiveX controls not marked as safe: Disabled
Allow scripting of Internet Explorer Webbrowser control: Disabled
Active scripting: Allowed
Script ActiveX controls marked as safe for scripting: Allowed

File Scan Data-->

Other data-->
Office Details: <GenuineResults><MachineData><UGUID>{67B89BC3-73C1-4B1E-8399-94161C9BBFD4}</UGUID><Version>1.9.0027.0</Version><OS>6.0.6001.2.00010300.1.0.002</OS><Architecture>x32</Architecture><PKey>*****-*****-*****-*****-CH4CG</PKey><PID>89572-OEM-7332166-00096</PID><PIDType>2</PIDType><SID>S-1-5-21-884152912-1954474938-2396056072</SID><SYSTEM><Manufacturer>Dell Inc.</Manufacturer><Model>Inspiron 530s</Model></SYSTEM><BIOS><Manufacturer>Dell Inc.</Manufacturer><Version>1.0.15</Version><SMBIOSVersion major="2" minor="5"/><Date>20080620000000.000000+000</Date></BIOS><HWID>C1323507018400FA</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Eastern Standard Time(GMT-05:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM><OEMID>DELL </OEMID><OEMTableID>FX09 </OEMTableID></OEM><GANotification/></MachineData><Software><Office><Result>100</Result><Products><Product GUID="{91120000-002F-0000-0000-0000000FF1CE}"><LegitResult>100</LegitResult><Name>Microsoft Office Home and Student 2007</Name><Ver>12</Ver><Val>24F3C0FBD1B8DB2</Val><Hash>2UfAaDbcNSwtTQspXpsGG0vHSFU=</Hash><Pid>81602-OEM-6872955-19671</Pid><PidType>4</PidType></Product></Products><Applications><App Id="16" Version="12" Result="100"/><App Id="18" Version="12" Result="100"/><App Id="1B" Version="12" Result="100"/><App Id="A1" Version="12" Result="100"/></Applications></Office></Software></GenuineResults>

Spsys.log Content: 0x80070002

Licensing Data-->
Software licensing service version: 6.0.6001.18000
Name: Windows(TM) Vista, HomeBasic edition
Description: Windows Operating System - Vista, OEM_SLP channel
Activation ID: 199086aa-6cb8-4e5b-b698-f2be56f1e8ee
Application ID: 55c92734-d682-4d71-983e-d6ec3f16059f
Extended PID: 89572-00146-321-600096-02-1033-6001.0000-2482008
Installation ID: 003003950950088175972405078975197614087232990801206290
Processor Certificate URL: http://go.microsoft.com/fwlink/?LinkID=43473
Machine Certificate URL: http://go.microsoft.com/fwlink/?LinkID=43474
Use License URL: http://go.microsoft.com/fwlink/?LinkID=43476
Product Key Certificate URL: http://go.microsoft.com/fwlink/?LinkID=43475
Partial Product Key: CH4CG
License Status: Licensed

Windows Activation Technologies-->
N/A

HWID Data-->
HWID Hash Current: NgAAAAEABAABAAEAAQACAAAAAgABAAEAJJR4BdK/8nu2WWT+iP1AdexQ8vREJcs0ot2sViqF

OEM Activation 1.0 Data-->
N/A

OEM Activation 2.0 Data-->
BIOS valid for OA 2.0: yes
Windows marker version: 0x20000
OEMID and OEMTableID Consistent: yes
BIOS Information:
ACPI Table Name OEMID Value OEMTableID Value
APIC DELL FX09
FACP DELL FX09
HPET DELL FX09
MCFG DELL FX09
SLIC DELL FX09
DMY2 DELL FX09
SSDT PmRef CpuPm
Tgambaro112
Regular Member
 
Posts: 21
Joined: August 12th, 2012, 3:51 pm

Re: My computer is infected with Malware and possible viruse

Unread postby diver79 » August 13th, 2012, 6:31 am

Hi Tgambaro112,

There are many issues that need to be addressed on this machine. For starters Windows has not been updated to Vista Service Pack 2. Is there a reason for this?

I will get to the other issues later, for now I'd like to confirm the presence of a rootkit infection. Please run the following scan.

aswMBR Scan
Please download aswMBR and save it to your Desktop.
  • Right click aswMBR.exe & choose "Run as Administrator" to run it.
  • Click Yes to the prompt to download Avast! virus definitions.
    (Please be patient whilst the virus definitions download)
  • With the AVscan set to Quick Scan, click the Scan button.
    (Please be patient whilst your computer is scanned.)
  • After a while when the scan reports "Scan finished successfully", click Save log & save the log to your desktop.
  • Click OK > Exit.
  • Note: Do not attempt to fix anything at this stage!
  • Two files will be created, aswMBR.txt & a file named MBR.dat.
  • MBR.dat is a backup of the MBR(master boot record), do not delete it..
  • I strongly suggest you keep a copy of this backup stored on an external device.
  • Copy & Paste the contents of aswMBR.txt into your next reply.
User avatar
diver79
Retired Graduate
 
Posts: 1004
Joined: January 3rd, 2010, 7:03 pm

Re: My computer is infected with Malware and possible viruse

Unread postby Tgambaro112 » August 13th, 2012, 8:21 am

i am not sure why i have not updated to vista service pack 2, i dont know what to trust because i know some viruses desguise themselves as updates and antivirus removal sometimes but i am definitly interested in updating to vista service park 2 once everything is all cleared up, i do not have a external hard drive though.

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-08-13 08:07:24
-----------------------------
08:07:24.666 OS Version: Windows 6.0.6001 Service Pack 1
08:07:24.666 Number of processors: 2 586 0xF0D
08:07:24.669 ComputerName: MICHAELHELLE-PC UserName: Michael Heller
08:07:25.615 Initialize success
08:07:31.764 AVAST engine defs: 12081300
08:07:39.392 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
08:07:39.396 Disk 0 Vendor: SAMSUNG_HD322HJ 1AC01113 Size: 305245MB BusType: 3
08:07:39.426 Disk 0 MBR read successfully
08:07:39.430 Disk 0 MBR scan
08:07:39.567 Disk 0 Windows VISTA default MBR code
08:07:39.582 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 54 MB offset 63
08:07:39.614 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 10240 MB offset 112640
08:07:39.645 Disk 0 Partition 3 80 (A) 07 HPFS/NTFS NTFS 294949 MB offset 21084160
08:07:39.723 Disk 0 scanning sectors +625139712
08:07:39.858 Disk 0 scanning C:\Windows\system32\drivers
08:07:52.314 Service scanning
08:08:15.528 Modules scanning
08:08:21.140 Disk 0 trace - called modules:
08:08:21.171 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll ataport.SYS pciide.sys PCIIDEX.SYS atapi.sys
08:08:21.177 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85187780]
08:08:21.183 3 CLASSPNP.SYS[881a8745] -> nt!IofCallDriver -> [0x85001918]
08:08:21.190 5 acpi.sys[8069e6a0] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x84fedba0]
08:08:22.786 AVAST engine scan C:\Windows
08:08:26.407 AVAST engine scan C:\Windows\system32
08:10:28.063 File: C:\Windows\assembly\GAC\Desktop.ini **INFECTED** Win32:Sirefef-PL [Rtk]
08:11:12.851 AVAST engine scan C:\Windows\system32\drivers
08:11:29.547 AVAST engine scan C:\Users\Michael Heller
08:16:35.806 File: C:\Users\Michael Heller\AppData\Local\Temp\msimg32.dll **INFECTED** Win32:ZAccess-GO [Trj]
08:19:35.198 Disk 0 MBR has been saved successfully to "C:\Users\Michael Heller\Desktop\MBR.dat"
08:19:35.206 The log file has been saved successfully to "C:\Users\Michael Heller\Desktop\aswMBR.txt"
Tgambaro112
Regular Member
 
Posts: 21
Joined: August 12th, 2012, 3:51 pm

Re: My computer is infected with Malware and possible viruse

Unread postby diver79 » August 13th, 2012, 8:43 am

Hi Tgambaro112,

I'm afraid I have some bad news for you. You have a very nasty infection called zeroaccess. This infection can be difficult to remove, I would suggest you reformat and re-install. If this is not possible I am willing to attempt removal, so long as you understand there are risks involved.

Rootkit

Your computer has a dangerous Rootkit infection. A rootkit is a set of software tools intended for concealing running processes, files or system data from the operating system. The only true way to ensure there are no remnants of a rootkit on your machine is to fully wipe the hard drive. I understand that this may not be what you want to hear, but it is the safest way to deal with such an infection. There are tools that may identify the infection but removing it can sometimes cause more problems than it solves. The truth is, invasive rootkit malware can dig itself so deep that your safest bet is to wipe and re-install OS.

You are strongly advised to do the following:

  • Disconnect the computer from the Internet and from any networked computers until it is cleaned.
  • Back up all your important data except programs. The programs can be reinstalled back from the original disc or from the Net.
  • Call all your banks, financial institutions, credit card companies and inform them that you may be a victim of identity theft and put a watch on your accounts. If you don't mind the hassle, change all your account numbers.
  • From a clean computer, change all your passwords (ISP login password, your email address(es) passwords, financial accounts, PayPal, eBay, Amazon, online groups and forums and any other online activities you carry out which require a username and password).

DO NOT change your passwords from this computer as the attacker will be able to get all the new passwords and transaction records.

To help you understand more, please take some time to read the following articles:
What are rootkits from Wikipedia
How do I respond to a possible identity theft and how do I prevent it
When should I do a reformat and reinstallation of my OS

Should you have any questions please feel free to ask.

Please let us know what you have decided to do in your next post.
User avatar
diver79
Retired Graduate
 
Posts: 1004
Joined: January 3rd, 2010, 7:03 pm

Re: My computer is infected with Malware and possible viruse

Unread postby Tgambaro112 » August 13th, 2012, 8:57 am

wow this really sucks, i am going to try to borrow my friends external harddrive so i can save my photos and music on there and then i guess we can reformat and reinstall..
Tgambaro112
Regular Member
 
Posts: 21
Joined: August 12th, 2012, 3:51 pm

Re: My computer is infected with Malware and possible viruse

Unread postby Tgambaro112 » August 13th, 2012, 9:23 am

I also am not sure if I even have the windows disc here at my house I will look for it when I get home but what if I can't find the original disk?
Tgambaro112
Regular Member
 
Posts: 21
Joined: August 12th, 2012, 3:51 pm

Re: My computer is infected with Malware and possible viruse

Unread postby diver79 » August 13th, 2012, 11:24 am

If you cannot find the original disk you will need to source a Dell OEM Vista disk. I believe Dell can provide these for a fee.

See if you can find it first and then we will look at other options.

diver.
User avatar
diver79
Retired Graduate
 
Posts: 1004
Joined: January 3rd, 2010, 7:03 pm

Re: My computer is infected with Malware and possible viruse

Unread postby Tgambaro112 » August 13th, 2012, 5:25 pm

Okay I got the external, I am going to look for the cd when I get home, what are the first steps of reformatting and reinstalling , and other then my music and photos I would like to save my iTunes apps is there anyway I can do that too?
Tgambaro112
Regular Member
 
Posts: 21
Joined: August 12th, 2012, 3:51 pm

Re: My computer is infected with Malware and possible viruse

Unread postby Tgambaro112 » August 13th, 2012, 9:44 pm

While trying to copy files to the external hard drive it was putting one of my picture folders into another photos folder and a message came up saying "there is already a file with the same name in this location" the file was "desktop.ini" and previously one of the antivirus programs told me "deskto.ini" is infected, now when I try to search "desktop.ini in my picture folders nothing comes up
Tgambaro112
Regular Member
 
Posts: 21
Joined: August 12th, 2012, 3:51 pm

Re: My computer is infected with Malware and possible viruse

Unread postby Tgambaro112 » August 13th, 2012, 10:10 pm

Also I found the disks I'm not sure which one it is but I have one that says

Windows vista home basic reinstallation DVD
Drivers and Utilities
Dell product recovery cd
Then I have 6 Microsoft WorkSuite CDs

I also ran a scan on the whole external hard drive to make sure it was clean would you like to see my
Logs for that scan?
Tgambaro112
Regular Member
 
Posts: 21
Joined: August 12th, 2012, 3:51 pm
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 57 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware