Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

New virus that changes my accounting downloads

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

New virus that changes my accounting downloads

Unread postby tmitch » September 1st, 2012, 7:13 pm

This virus changes my downloads name and content when trying to download accounting data from 3 different accounts. Paypal gives me a "winscr" that contains no usable data when trying to get a csv file.

Bank accounts that support qif file result in file that are named qif, but for various dates are all exactly the same file and contain no usable data.

I can download sample csv, and qif files from the internet, but not from my accounts?

Avast (free) didn't alert me and couldn't find it. Even the boot scan.
Malwarebytes has been downloaded and can't find the virus anywhere.
Now I have downloaded and scanned with Kaspersky "virus removal tool" and no threats found.

I can download the correct files fine from my laptop. :cry:

OK, I have downloaded and installed SP3. I hope I posted this right this time! 4th try.


DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.5.1
Run by Ted at 17:43:53 on 2012-09-01
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1086 [GMT -5:00]
.
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\System32\svchost.exe -k NetworkService
C:\WINDOWS\System32\svchost.exe -k LocalService
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\ThreatFire\TFService.exe
C:\Program Files\NeoSmart Technologies\ToolTipFixer\ToolTipFixer.exe
C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
C:\Program Files\Webroot\Washer\WasherSvc.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\Alwil Software\Avast5\avastUI.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
C:\Program Files\ThreatFire\TFTray.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Free Download Manager\fdm.exe
C:\Program Files\HDD Health\hddhealth.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Downloads\tclock\tclock.exe
C:\Program Files\AnalogX\MaxMem\maxmem.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uWindow Title = Darth's Internet Explorer
uInternet Settings,ProxyServer = http=localhost:8118;https=localhost:8118
uInternet Settings,ProxyOverride = <local>
BHO: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - AcroIEHlprObj Class
BHO: {5ca3d70e-1895-11cf-8e15-001234567890} - DriveLetterAccess
BHO: RoboForm Toolbar Helper: {724d43a9-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\oracle\javafx 2.1 runtime\bin\ssv.dll
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\alwil software\avast5\aswWebRepIE.dll
BHO: FDMIECookiesBHO Class: {cc59e0f9-7e43-44fa-9faa-8377850bf205} - c:\program files\free download manager\iefdm2.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\oracle\javafx 2.1 runtime\bin\jp2ssv.dll
TB: Easy-WebPrint: {327c2873-e90d-4c37-aa9d-10ac9baba46c} - c:\program files\canon\easy-webprint\Toolband.dll
TB: &RoboForm Toolbar: {724d43a0-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\alwil software\avast5\aswWebRepIE.dll
EB: {ADA89D2B-04A5-4656-A56D-519E329137C4} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [Free Download Manager] c:\program files\free download manager\fdm.exe -autorun
uRun: [hddhealth] c:\program files\hdd health\hddhealth.exe -wl
mRun: [zBrowser Launcher] c:\program files\logitech\itouch\iTouch.exe
mRun: [FinePrint Dispatcher v4] c:\windows\system32\spool\drivers\w32x86\2\fpdisp4.exe
mRun: [Logitech Utility] Logi_MwX.Exe
mRun: [avast] "c:\program files\alwil software\avast5\avastUI.exe" /nogui
mRun: [SystemTray] SysTray.Exe
mRun: [C6501Sound] RunDll32 c6501.cpl,CMICtrlWnd
mRun: [CanonMyPrinter] c:\program files\canon\myprinter\BJMyPrt.exe /logon
mRun: [CanonSolutionMenu] c:\program files\canon\solutionmenu\CNSLMAIN.exe /logon
mRun: [ThreatFire] c:\program files\threatfire\TFTray.exe
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
dRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NVMCTRAY.DLL,NvTaskbarInit
StartupFolder: c:\docume~1\ted\startm~1\programs\startup\maxmem.lnk - c:\program files\analogx\maxmem\maxmem.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\em_exec.lnk - c:\program files\logitech\mouseware\system\EM_EXEC.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\tclock.lnk - c:\downloads\tclock\tclock.exe
uPolicies-explorer: NoLogOff = 01000000
uPolicies-explorer: HideClock = 0 (0x0)
IE: Customize Menu - file://c:\program files\siber systems\ai roboform\RoboFormComCustomizeIEMenu.html
IE: Download all with Free Download Manager - file://c:\program files\free download manager\dlall.htm
IE: Download selected with Free Download Manager - file://c:\program files\free download manager\dlselected.htm
IE: Download video with Free Download Manager - file://c:\program files\free download manager\dlfvideo.htm
IE: Download web site with Free Download Manager - file://c:\program files\free download manager\dlpage.htm
IE: Download with Free Download Manager - file://c:\program files\free download manager\dllink.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: Easy-WebPrint Add To Print List - c:\program files\canon\easy-webprint\Resource.dll/RC_AddToList.html
IE: Easy-WebPrint High Speed Print - c:\program files\canon\easy-webprint\Resource.dll/RC_HSPrint.html
IE: Easy-WebPrint Preview - c:\program files\canon\easy-webprint\Resource.dll/RC_Preview.html
IE: Easy-WebPrint Print - c:\program files\canon\easy-webprint\Resource.dll/RC_Print.html
IE: Fill Forms - file://c:\program files\siber systems\ai roboform\RoboFormComFillForms.html
IE: Save Forms - file://c:\program files\siber systems\ai roboform\RoboFormComSavePass.html
IE: Show RoboForm Toolbar - file://c:\program files\siber systems\ai roboform\RoboFormComShowToolbar.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\program files\microsoft activesync\INETREPL.DLL
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\program files\microsoft activesync\INETREPL.DLL
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - c:\program files\siber systems\ai roboform\roboform.dll
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - c:\program files\siber systems\ai roboform\roboform.dll
IE: {724d43aa-0d85-11d4-9908-00400523e39a} - {724d43aa-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\microsoft office\office11\REFIEBAR.DLL
IE: {A6B25D86-CB76-44C1-8E35-328EE8F4BEF0} - {ADA89D2B-04A5-4656-A56D-519E329137C4}
IE: {FD4E2FF8-973C-4A19-89BD-8E86B3CFCFE1} - {FD4E2FF8-973C-4A19-89BD-8E86B3CFCFE1} - c:\program files\free download manager\fum\fumiebtn.dll
Trusted Zone: easynews.com\members
Trusted Zone: easynews.com\zip.members
Trusted Zone: expedia.com\www
Trusted Zone: ibc.com\ibcbankonline
Trusted Zone: installogy.com\www
Trusted Zone: microsoft.com\support
Trusted Zone: microsoft.com\www
Trusted Zone: paypal.com\www
Trusted Zone: pcpitstop.com\www
Trusted Zone: weldingtipsandtricks.com\www
Trusted Zone: www.m
Trusted Zone: youtube.com\www
DPF: DirectAnimation Java Classes
DPF: Microsoft XML Parser for Java
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://v5.windowsupdate.microsoft.com/v ... 5443775947
DPF: {CA6F0A67-18BB-4E39-BB8A-A1E04D6AACDF} - hxxp://www.superadblocker.com/activex/sabminf.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/aut ... s-i586.cab
DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} - hxxp://utilities.pcpitstop.com/Optimize3/pcpitstop2.dll
TCP: DhcpNameServer = 192.168.2.1
TCP: Interfaces\{5D3D72CC-172E-451C-B547-CF33BF53688A} : DhcpNameServer = 69.27.130.50 69.27.130.51 66.210.168.2
TCP: Interfaces\{8E331F73-A08F-4C1C-A58A-C2903A73B4B9} : DhcpNameServer = 192.168.2.1
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Handler: mctp - {d7b95390-b1c5-11d0-b111-0080c712fe82} - c:\program files\microsoft activesync\AATP.DLL
WinCE Filter: image/bmp - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - c:\program files\microsoft activesync\CENETFLT.DLL
WinCE Filter: image/gif - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - c:\program files\microsoft activesync\CENETFLT.DLL
WinCE Filter: image/jpeg - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - c:\program files\microsoft activesync\CENETFLT.DLL
WinCE Filter: image/xbm - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - c:\program files\microsoft activesync\CENETFLT.DLL
WinCE Filter: text/asp - {6C5C3074-FFAB-11d1-8EC4-00C04F98D57A} - c:\program files\microsoft activesync\CENETFLT.DLL
WinCE Filter: text/html - {6C5C3074-FFAB-11d1-8EC4-00C04F98D57A} - c:\program files\microsoft activesync\CENETFLT.DLL
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: awtQhhhe - awtQhhhe.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
LSA: Notification Packages =
.
============= SERVICES / DRIVERS ===============
.
R0 m5289;m5289;c:\windows\system32\drivers\m5289.sys [2012-4-18 52480]
R0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [2012-4-18 51984]
R0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [2012-4-18 59664]
R0 uliagpkx;ULi AGP Bus Filter Driver;c:\windows\system32\drivers\AGPKX.SYS [2012-4-18 45056]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2012-4-9 729752]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2012-4-18 355632]
R1 mchInjDrv;madCodeHook DLL injection driver;c:\windows\system32\drivers\mchInjDrv.sys [2012-4-18 2560]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\SASDIFSV.SYS [2008-2-29 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2008-2-29 67664]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCORE.EXE [2010-8-21 116608]
R2 AdobeActiveFileMonitor8.0;Adobe Active File Monitor V8;c:\program files\adobe\elements organizer 8.0\PhotoshopElementsFileAgent.exe [2009-10-9 169312]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2012-4-9 21256]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2011-12-3 44808]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-8-26 655944]
R2 ThreatFire;ThreatFire;c:\program files\threatfire\tfservice.exe service --> c:\program files\threatfire\TFService.exe service [?]
R2 ToolTipFixer;ToolTipFixer;c:\program files\neosmart technologies\tooltipfixer\ToolTipFixer.exe [2008-10-14 61952]
R2 wwEngineSvc;Window Washer Engine;c:\program files\webroot\washer\WasherSvc.exe [2009-8-2 598856]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-8-26 22344]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2012-9-1 40776]
R3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [2012-4-18 33552]
S3 ALSysIO;ALSysIO; [x]
S3 Bdfndisf;BitDefender Firewall NDIS Filter Service;c:\windows\system32\drivers\bdfndisf.sys [2012-4-18 71040]
S3 gupdate1c98ada76b71a2b;Google Update Service (gupdate1c98ada76b71a2b); [x]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-5-7 129976]
S3 NPF;Netgroup Packet Filter;c:\windows\system32\drivers\npf.sys [2012-4-18 14448]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2006-2-16 12872]
S3 UCORESYS;UCORESYS;c:\downloads\asrock\bios\939dual-sata2(2.20)win\afu939dual-sata2_2.20\Ucoresys.sys [2008-6-13 8544]
S3 ULI5261XP;ULi M526X Ethernet NT Driver;c:\windows\system32\drivers\ULILAN51.SYS [2012-4-18 28672]
S3 WCPUID;WCPUID; [x]
S4 PuranDefrag;PuranDefrag;c:\windows\system32\PuranDefragS.exe [2012-4-18 229376]
.
=============== Created Last 30 ================
.
2012-09-01 22:37:41 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2012-09-01 21:15:18 79872 -c----w- c:\windows\system32\dllcache\msxml6r.dll
2012-09-01 21:15:18 79872 ------w- c:\windows\system32\msxml6r.dll
2012-09-01 21:15:18 1306624 -c----w- c:\windows\system32\dllcache\msxml6.dll
2012-09-01 21:15:17 1306624 ------w- c:\windows\system32\msxml6.dll
2012-09-01 21:13:59 650752 ------w- c:\windows\system32\dot3ui.dll
2012-09-01 21:02:25 294912 -c----w- c:\windows\system32\dllcache\dlimport.exe
2012-09-01 20:57:01 144384 ------w- c:\windows\system32\drivers\hdaudbus.sys
2012-09-01 20:56:59 10240 ------w- c:\windows\system32\drivers\sffp_mmc.sys
2012-09-01 20:48:05 19569 ----a-w- c:\windows\000001_.tmp
2012-09-01 18:56:17 -------- d-----w- c:\windows\system32\scripting
2012-09-01 18:56:07 -------- d-----w- c:\windows\l2schemas
2012-09-01 18:56:05 -------- d-----w- c:\windows\system32\en
2012-09-01 18:36:32 -------- d-----w- c:\windows\network diagnostic
2012-09-01 18:34:20 33656 ----a-w- c:\windows\system32\sprecovr.exe
2012-09-01 18:26:53 19569 ----a-w- c:\windows\005956_.tmp
2012-09-01 18:22:54 239616 ----a-w- c:\windows\system32\wstrenderer.ax
2012-09-01 18:21:48 164352 ----a-w- c:\windows\system32\wstpager.ax
2012-09-01 18:20:59 73728 ----a-w- c:\windows\system32\fdeploy.dll
2012-09-01 18:19:56 153088 ----a-w- c:\program files\common files\microsoft shared\triedit\triedit.dll
2012-09-01 18:18:59 94720 ----a-w- c:\windows\system32\SETA67.tmp
2012-09-01 18:17:59 75776 ----a-w- c:\windows\system32\wiascr.dll
2012-09-01 18:08:01 -------- d-----w- c:\windows\system32\CatRoot_bak
2012-08-27 17:50:47 23040 -c--a-w- c:\windows\system32\dllcache\xrxwbtmp.dll
2012-08-27 17:50:46 27648 -c--a-w- c:\windows\system32\dllcache\xrxftplt.exe
2012-08-27 17:50:45 4608 -c--a-w- c:\windows\system32\dllcache\xrxflnch.exe
2012-08-27 17:50:10 99865 -c--a-w- c:\windows\system32\dllcache\xlog.exe
2012-08-27 17:50:03 16970 -c--a-w- c:\windows\system32\dllcache\xem336n5.sys
2012-08-27 17:50:00 19455 -c--a-w- c:\windows\system32\dllcache\wvchntxx.sys
2012-08-27 17:49:53 12063 -c--a-w- c:\windows\system32\dllcache\wsiintxx.sys
2012-08-27 17:48:53 154624 -c--a-w- c:\windows\system32\dllcache\wlluc48.sys
2012-08-27 17:48:52 34890 -c--a-w- c:\windows\system32\dllcache\wlandrv2.sys
2012-08-27 17:48:31 771581 -c--a-w- c:\windows\system32\dllcache\winacisa.sys
2012-08-27 17:48:26 87040 -c--a-w- c:\windows\system32\dllcache\wiafbdrv.dll
2012-08-27 17:48:26 53760 -c--a-w- c:\windows\system32\dllcache\wiamsmud.dll
2012-08-27 17:48:11 701386 -c--a-w- c:\windows\system32\dllcache\wdhaalba.sys
2012-08-27 17:48:10 23615 -c--a-w- c:\windows\system32\dllcache\wch7xxnt.sys
2012-08-27 17:48:08 35871 -c--a-w- c:\windows\system32\dllcache\wbfirdma.sys
2012-08-27 17:46:59 113762 -c--a-w- c:\windows\system32\dllcache\usrpda.sys
2012-08-27 17:45:59 315520 -c--a-w- c:\windows\system32\dllcache\trid3d.dll
2012-08-27 17:44:59 7040 -c--a-w- c:\windows\system32\dllcache\tandqic.sys
2012-08-27 17:43:49 61824 -c--a-w- c:\windows\system32\dllcache\speed.sys
2012-08-27 17:42:45 91294 -c--a-w- c:\windows\system32\dllcache\skfpwin.sys
2012-08-27 17:42:45 63547 -c--a-w- c:\windows\system32\dllcache\sla30nd5.sys
2012-08-27 17:42:43 94698 -c--a-w- c:\windows\system32\dllcache\sk98xwin.sys
2012-08-27 17:42:43 157696 -c--a-w- c:\windows\system32\dllcache\sisv256.dll
2012-08-27 17:42:41 50432 -c--a-w- c:\windows\system32\dllcache\sisv.sys
2012-08-27 17:42:40 32768 -c--a-w- c:\windows\system32\dllcache\sisnic.sys
2012-08-27 17:42:40 238592 -c--a-w- c:\windows\system32\dllcache\sisgrv.dll
2012-08-27 17:42:38 104064 -c--a-w- c:\windows\system32\dllcache\sisgrp.sys
2012-08-27 17:42:36 150144 -c--a-w- c:\windows\system32\dllcache\sis6306v.dll
2012-08-27 17:42:35 68608 -c--a-w- c:\windows\system32\dllcache\sis6306p.sys
2012-08-27 17:42:35 252032 -c--a-w- c:\windows\system32\dllcache\sis300iv.dll
2012-08-27 17:42:34 101760 -c--a-w- c:\windows\system32\dllcache\sis300ip.sys
2012-08-27 17:40:59 62496 -c--a-w- c:\windows\system32\dllcache\s3mtrio.dll
2012-08-27 17:39:31 714762 -c--a-w- c:\windows\system32\dllcache\r2mdmkxx.sys
2012-08-27 17:38:59 16128 -c--a-w- c:\windows\system32\dllcache\pscr.sys
2012-08-27 17:37:45 44544 -c--a-w- c:\windows\system32\dllcache\ovui2.dll
2012-08-27 17:36:56 198144 -c--a-w- c:\windows\system32\dllcache\nv3.sys
2012-08-27 17:36:56 123776 -c--a-w- c:\windows\system32\dllcache\nv3.dll
2012-08-27 17:36:45 51552 -c--a-w- c:\windows\system32\dllcache\ntgrip.sys
2012-08-27 17:36:40 9344 -c--a-w- c:\windows\system32\dllcache\ntapm.sys
2012-08-27 17:36:39 7552 -c--a-w- c:\windows\system32\dllcache\nsmmc.sys
2012-08-27 17:36:29 87040 -c--a-w- c:\windows\system32\dllcache\nm6wdm.sys
2012-08-27 17:36:28 126080 -c--a-w- c:\windows\system32\dllcache\nm5a2wdm.sys
2012-08-27 17:36:14 32840 -c--a-w- c:\windows\system32\dllcache\ngrpci.sys
2012-08-27 17:36:09 132695 -c--a-w- c:\windows\system32\dllcache\netwlan5.sys
2012-08-27 17:36:00 65278 -c--a-w- c:\windows\system32\dllcache\netflx3.sys
2012-08-27 17:34:47 12416 -c--a-w- c:\windows\system32\dllcache\msriffwv.sys
2012-08-27 17:33:55 35200 -c--a-w- c:\windows\system32\dllcache\msgame.sys
2012-08-27 17:33:53 6016 -c--a-w- c:\windows\system32\dllcache\msfsio.sys
2012-08-27 17:33:34 17280 -c--a-w- c:\windows\system32\dllcache\mraid35x.sys
2012-08-27 17:33:12 16128 -c--a-w- c:\windows\system32\dllcache\modemcsa.sys
2012-08-27 17:33:01 6528 -c--a-w- c:\windows\system32\dllcache\miniqic.sys
2012-08-27 17:31:56 4992 -c--a-w- c:\windows\system32\dllcache\loop.sys
2012-08-27 17:31:48 70730 -c--a-w- c:\windows\system32\dllcache\lne100tx.sys
2012-08-27 17:31:47 20573 -c--a-w- c:\windows\system32\dllcache\lne100.sys
2012-08-27 17:31:46 25065 -c--a-w- c:\windows\system32\dllcache\lmndis3.sys
2012-08-27 17:31:45 15744 -c--a-w- c:\windows\system32\dllcache\lit220p.sys
2012-08-27 17:31:39 26442 -c--a-w- c:\windows\system32\dllcache\lanepic5.sys
2012-08-27 17:31:36 19016 -c--a-w- c:\windows\system32\dllcache\ktc111.sys
2012-08-27 17:31:34 37376 -c--a-w- c:\windows\system32\dllcache\kousd.dll
2012-08-27 17:30:39 8704 -c--a-w- c:\windows\system32\dllcache\kbdjpn.dll
2012-08-27 17:30:39 8192 -c--a-w- c:\windows\system32\dllcache\kbdkor.dll
2012-08-27 17:29:54 6144 -c--a-w- c:\windows\system32\dllcache\kbd101c.dll
2012-08-27 17:29:54 5632 -c--a-w- c:\windows\system32\dllcache\kbd103.dll
2012-08-27 17:29:53 6144 -c--a-w- c:\windows\system32\dllcache\kbd101b.dll
2012-08-27 17:29:39 26624 -c--a-w- c:\windows\system32\dllcache\irstusb.sys
2012-08-27 17:29:36 23552 -c--a-w- c:\windows\system32\dllcache\irmk7.sys
2012-08-27 17:29:20 45632 -c--a-w- c:\windows\system32\dllcache\ip5515.sys
2012-08-27 17:29:19 90200 -c--a-w- c:\windows\system32\dllcache\io8ports.dll
2012-08-27 17:29:19 38784 -c--a-w- c:\windows\system32\dllcache\io8.sys
2012-08-27 17:29:15 13056 -c--a-w- c:\windows\system32\dllcache\inport.sys
2012-08-27 17:29:14 16000 -c--a-w- c:\windows\system32\dllcache\ini910u.sys
2012-08-27 17:26:23 50751 -c--a-w- c:\windows\system32\dllcache\hsf_tone.sys
2012-08-27 17:25:55 2688 -c--a-w- c:\windows\system32\dllcache\hidswvd.sys
2012-08-27 17:25:54 8576 -c--a-w- c:\windows\system32\dllcache\hidgame.sys
2012-08-27 17:25:35 82304 -c--a-w- c:\windows\system32\dllcache\grclass.sys
2012-08-27 17:25:32 17408 -c--a-w- c:\windows\system32\dllcache\gpr400.sys
2012-08-27 17:25:25 322432 -c--a-w- c:\windows\system32\dllcache\g400m.sys
2012-08-27 17:25:24 1733120 -c--a-w- c:\windows\system32\dllcache\g400d.dll
2012-08-27 17:25:23 470144 -c--a-w- c:\windows\system32\dllcache\g200d.dll
2012-08-27 17:25:23 320384 -c--a-w- c:\windows\system32\dllcache\g200m.sys
2012-08-27 17:25:22 454912 -c--a-w- c:\windows\system32\dllcache\fxusbase.sys
2012-08-27 17:25:09 92160 -c--a-w- c:\windows\system32\dllcache\fuusd.dll
2012-08-27 17:25:09 455296 -c--a-w- c:\windows\system32\dllcache\fusbbase.sys
2012-08-27 17:25:07 455680 -c--a-w- c:\windows\system32\dllcache\fus2base.sys
2012-08-27 17:23:59 72192 -c--a-w- c:\windows\system32\dllcache\es1969.sys
2012-08-27 17:22:59 28062 -c--a-w- c:\windows\system32\dllcache\dp83820.sys
2012-08-27 17:21:59 86016 -c--a-w- c:\windows\system32\dllcache\dc240usd.dll
2012-08-27 17:20:50 44032 -c--a-w- c:\windows\system32\dllcache\cnusd.dll
2012-08-27 17:20:50 39936 -c--a-w- c:\windows\system32\dllcache\cnxt1803.sys
2012-08-27 17:20:44 6656 -c--a-w- c:\windows\system32\dllcache\cmdide.sys
2012-08-27 17:20:42 20736 -c--a-w- c:\windows\system32\dllcache\cmbp0wdm.sys
2012-08-27 17:20:36 248064 -c--a-w- c:\windows\system32\dllcache\cl546xm.sys
2012-08-27 17:20:36 170880 -c--a-w- c:\windows\system32\dllcache\cl546x.dll
2012-08-27 17:20:35 111232 -c--a-w- c:\windows\system32\dllcache\cl5465.dll
2012-08-27 17:20:32 45696 -c--a-w- c:\windows\system32\dllcache\cirrus.sys
2012-08-27 17:20:31 91264 -c--a-w- c:\windows\system32\dllcache\cirrus.dll
2012-08-27 17:20:24 272640 -c--a-w- c:\windows\system32\dllcache\cinemclc.sys
2012-08-27 17:20:20 980034 -c--a-w- c:\windows\system32\dllcache\cicap.sys
2012-08-27 17:18:49 13824 -c--a-w- c:\windows\system32\dllcache\bulltlp3.sys
2012-08-27 17:17:49 26624 -c--a-w- c:\windows\system32\dllcache\ativxbar.sys
2012-08-27 17:16:56 6272 -c--a-w- c:\windows\system32\dllcache\apmbatt.sys
2012-08-27 17:15:59 7424 -c--a-w- c:\windows\system32\dllcache\adicvls.sys
2012-08-27 17:15:54 61440 -c--a-w- c:\windows\system32\dllcache\acerscad.dll
2012-08-27 17:15:52 84480 -c--a-w- c:\windows\system32\dllcache\ac97via.sys
2012-08-27 17:15:50 297728 -c--a-w- c:\windows\system32\dllcache\ac97sis.sys
2012-08-27 17:15:49 96256 -c--a-w- c:\windows\system32\dllcache\ac97intc.sys
2012-08-27 17:15:46 23552 -c--a-w- c:\windows\system32\dllcache\abp480n5.sys
2012-08-27 17:15:46 231552 -c--a-w- c:\windows\system32\dllcache\ac97ali.sys
2012-08-27 17:15:45 462848 -c--a-w- c:\windows\system32\dllcache\a3dapi.dll
2012-08-27 17:15:43 38400 -c--a-w- c:\windows\system32\dllcache\8514a.dll
2012-08-27 17:15:40 689216 -c--a-w- c:\windows\system32\dllcache\3dfxvs.dll
2012-08-27 17:15:40 148352 -c--a-w- c:\windows\system32\dllcache\3dfxvsm.sys
2012-08-27 17:15:39 762780 -c--a-w- c:\windows\system32\dllcache\3cwmcru.sys
2012-08-27 17:15:38 11264 -c--a-w- c:\windows\system32\dllcache\1394vdbg.sys
2012-08-27 17:14:41 66048 -c--a-w- c:\windows\system32\dllcache\s3legacy.dll
2012-08-26 17:17:59 -------- d-----w- c:\documents and settings\ted\application data\Malwarebytes
2012-08-26 17:15:50 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2012-08-26 17:15:25 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-08-26 17:15:22 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-08-19 21:00:26 -------- d-----w- c:\program files\Folder Marker
2012-08-19 19:28:36 -------- d-----w- c:\documents and settings\ted\application data\TrueCrypt
2012-08-19 17:07:10 -------- d-----w- c:\windows\Downloaded Installations
2012-08-16 18:32:31 -------- d-----w- c:\documents and settings\ted\application data\AVS4YOU
2012-08-16 18:29:37 11137024 ----a-w- c:\windows\system32\libmfxsw32.dll
2012-08-16 18:29:10 -------- d-----w- c:\program files\common files\AVSMedia
2012-08-16 18:26:02 -------- d-----w- c:\windows\SxsCaPendDel
2012-08-16 18:24:07 24576 ----a-w- c:\windows\system32\msxml3a.dll
2012-08-16 18:24:07 -------- d-----w- c:\documents and settings\all users\application data\AVS4YOU
2012-08-16 15:47:44 -------- d-----w- c:\program files\WMV9_VCM
2012-08-16 15:47:20 53252 ----a-w- c:\windows\Video Cleaner Uninstaller.exe
2012-08-16 15:47:04 -------- d-----w- c:\documents and settings\ted\application data\River Past G5
2012-08-16 15:47:04 -------- d-----w- c:\documents and settings\all users\application data\River Past G5
2012-08-16 15:47:03 -------- d-----w- c:\program files\common files\River Past
2012-08-06 19:52:32 -------- d-----w- c:\documents and settings\ted\local settings\application data\Adobe
2012-08-06 19:40:40 -------- d-----w- c:\program files\common files\Macrovision Shared
.
==================== Find3M ====================
.
2012-08-21 09:13:15 729752 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-08-21 09:12:33 41224 ----a-w- c:\windows\avastSS.scr
2008-03-23 15:20:33 18672 ----a-w- c:\program files\WEBWRAP.EXE
2008-03-23 15:19:30 9902 ----a-w- c:\program files\VGLUE.DLL
2008-03-23 15:19:19 42798 ----a-w- c:\program files\UNSQUASH.EXE
2008-03-23 14:08:59 7680 ----a-w- c:\program files\TAXFORMS.USA
2008-03-23 14:08:59 726032 ----a-w- c:\program files\TEJ.DLL
2008-03-23 13:37:32 1500736 ----a-w- c:\program files\SIT.DLL
2008-03-23 13:23:46 14192 ----a-w- c:\program files\PERRVAL.DLL
2008-03-23 13:16:25 1497152 ----a-w- c:\program files\NAVIGATE.EXE
2008-03-23 12:22:12 19568 ----a-w- c:\program files\CTL3D.DLL
2008-03-23 12:17:47 605348 ----a-w- c:\program files\CGMZV.DLL
2008-03-23 12:09:58 219648 ----a-w- c:\program files\BC450RTL.DLL
.
=================== ROOTKIT ====================
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600
.
CreateFile("\\.\PHYSICALDRIVE0"): The process cannot access the file because it is being used by another process.
device: opened successfully
user: error reading MBR
.
Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll sfsync02.sys atapi.sys aliide.sys
c:\windows\system32\drivers\sfsync02.sys Protection Technology StarForce Protection System
c:\windows\system32\drivers\aliide.sys Acer Laboratories Inc. ALi mini IDE Driver
1 ntkrnlpa!IofCallDriver[0x804EF196] -> \Device\Harddisk0\DR0[0x8A68BAB8]
3 CLASSPNP[0xBA8F8FD7] -> ntkrnlpa!IofCallDriver[0x804EF196] -> \Device\0000008e[0x8A6961A8]
5 ACPI[0xBA77F620] -> ntkrnlpa!IofCallDriver[0x804EF196] -> \Device\Ide\IdeDeviceP0T0L0-4[0x8A6BAD98]
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; STI ; PUSH AX; POP ES; PUSH AX; POP DS; CLD ; MOV SI, 0x7c1b; MOV DI, 0x61b; PUSH AX; PUSH DI; MOV CX, 0x1e5; REP MOVSB ; RETF ; MOV BP, 0x7be; MOV CL, 0x4; CMP [BP+0x0], CH; JL 0x2e; JNZ 0x3a; }
user != kernel MBR !!!
.
============= FINISH: 17:53:54.82 ===============
tmitch
Active Member
 
Posts: 6
Joined: August 30th, 2012, 1:21 pm
Location: Oklahoma
Advertisement
Register to Remove

Re: New virus that changes my accounting downloads

Unread postby deltalima » September 2nd, 2012, 3:45 pm

Hi tmitch,

New virus that changes my accounting downloads


Please let me know if the computer is used for business in any way.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: New virus that changes my accounting downloads

Unread postby tmitch » September 2nd, 2012, 5:04 pm

Just my own home accounting.
tmitch
Active Member
 
Posts: 6
Joined: August 30th, 2012, 1:21 pm
Location: Oklahoma

Re: New virus that changes my accounting downloads

Unread postby deltalima » September 2nd, 2012, 5:13 pm

Hi tmitch,

Welcome to the forum.

Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start.

Please note the following:
  • I will be working on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The fixes are specific to your problem and should only be used for this issue on this machine.
  • Please do not run any scans or make any changes to the system unless I ask you too.
  • Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear.
  • If after 3 days you have not responded to this topic, it will be closed, and you will need to start a new one.
  • It's often worth reading through these instructions and printing them for ease of reference.
  • If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
  • Please reply to this thread. Do not start a new topic.

Please run a new scan with DDS and post the attach.txt log.

CKScanner

  • Please download CKScanner from here to your Desktop.
  • Make sure that CKScanner.exe is on the your Desktop before running the application!
  • Double-click on CKScanner.exe and click Search For Files.
  • After a very short time, when the cursor hourglass disappears, click Save List To File.
  • A message box will verify the file saved
  • Double-click on the CKFiles.txt icon on your Desktop and copy/paste the contents in your next reply.

Next

  • Please download this tool from Microsoft.
  • Double click on MGADiag.exe to run it.
  • Click Continue.
  • The program will run. It takes a while to finish the diagnosis, please be patient.
  • Once done, click on Copy.
  • Open Notepad and paste the contents in the window.
  • Save this file and copy/paste it in your next reply.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: New virus that changes my accounting downloads

Unread postby tmitch » September 2nd, 2012, 7:07 pm

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.5.1
Run by Ted at 17:57:50 on 2012-09-02
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1372 [GMT -5:00]
.
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\System32\svchost.exe -k NetworkService
C:\WINDOWS\System32\svchost.exe -k LocalService
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe -k LocalService
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\ThreatFire\TFService.exe
C:\Program Files\NeoSmart Technologies\ToolTipFixer\ToolTipFixer.exe
C:\Program Files\Webroot\Washer\WasherSvc.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\Alwil Software\Avast5\avastUI.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\ThreatFire\TFTray.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Free Download Manager\fdm.exe
C:\Program Files\HDD Health\hddhealth.exe
C:\Downloads\tclock\tclock.exe
C:\Program Files\AnalogX\MaxMem\maxmem.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Mozilla Thunderbird\thunderbird.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uWindow Title = Darth's Internet Explorer
uInternet Settings,ProxyServer = http=localhost:8118;https=localhost:8118
uInternet Settings,ProxyOverride = <local>
BHO: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - AcroIEHlprObj Class
BHO: {5ca3d70e-1895-11cf-8e15-001234567890} - DriveLetterAccess
BHO: RoboForm Toolbar Helper: {724d43a9-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\oracle\javafx 2.1 runtime\bin\ssv.dll
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\alwil software\avast5\aswWebRepIE.dll
BHO: FDMIECookiesBHO Class: {cc59e0f9-7e43-44fa-9faa-8377850bf205} - c:\program files\free download manager\iefdm2.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\oracle\javafx 2.1 runtime\bin\jp2ssv.dll
TB: Easy-WebPrint: {327c2873-e90d-4c37-aa9d-10ac9baba46c} - c:\program files\canon\easy-webprint\Toolband.dll
TB: &RoboForm Toolbar: {724d43a0-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\alwil software\avast5\aswWebRepIE.dll
EB: {ADA89D2B-04A5-4656-A56D-519E329137C4} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [Free Download Manager] c:\program files\free download manager\fdm.exe -autorun
uRun: [hddhealth] c:\program files\hdd health\hddhealth.exe -wl
mRun: [zBrowser Launcher] c:\program files\logitech\itouch\iTouch.exe
mRun: [FinePrint Dispatcher v4] c:\windows\system32\spool\drivers\w32x86\2\fpdisp4.exe
mRun: [Logitech Utility] Logi_MwX.Exe
mRun: [avast] "c:\program files\alwil software\avast5\avastUI.exe" /nogui
mRun: [SystemTray] SysTray.Exe
mRun: [C6501Sound] RunDll32 c6501.cpl,CMICtrlWnd
mRun: [CanonMyPrinter] c:\program files\canon\myprinter\BJMyPrt.exe /logon
mRun: [CanonSolutionMenu] c:\program files\canon\solutionmenu\CNSLMAIN.exe /logon
mRun: [ThreatFire] c:\program files\threatfire\TFTray.exe
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
dRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NVMCTRAY.DLL,NvTaskbarInit
StartupFolder: c:\docume~1\ted\startm~1\programs\startup\maxmem.lnk - c:\program files\analogx\maxmem\maxmem.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\em_exec.lnk - c:\program files\logitech\mouseware\system\EM_EXEC.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\tclock.lnk - c:\downloads\tclock\tclock.exe
uPolicies-explorer: NoLogOff = 01000000
uPolicies-explorer: HideClock = 0 (0x0)
IE: Customize Menu - file://c:\program files\siber systems\ai roboform\RoboFormComCustomizeIEMenu.html
IE: Download all with Free Download Manager - file://c:\program files\free download manager\dlall.htm
IE: Download selected with Free Download Manager - file://c:\program files\free download manager\dlselected.htm
IE: Download video with Free Download Manager - file://c:\program files\free download manager\dlfvideo.htm
IE: Download web site with Free Download Manager - file://c:\program files\free download manager\dlpage.htm
IE: Download with Free Download Manager - file://c:\program files\free download manager\dllink.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: Easy-WebPrint Add To Print List - c:\program files\canon\easy-webprint\Resource.dll/RC_AddToList.html
IE: Easy-WebPrint High Speed Print - c:\program files\canon\easy-webprint\Resource.dll/RC_HSPrint.html
IE: Easy-WebPrint Preview - c:\program files\canon\easy-webprint\Resource.dll/RC_Preview.html
IE: Easy-WebPrint Print - c:\program files\canon\easy-webprint\Resource.dll/RC_Print.html
IE: Fill Forms - file://c:\program files\siber systems\ai roboform\RoboFormComFillForms.html
IE: Save Forms - file://c:\program files\siber systems\ai roboform\RoboFormComSavePass.html
IE: Show RoboForm Toolbar - file://c:\program files\siber systems\ai roboform\RoboFormComShowToolbar.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\program files\microsoft activesync\INETREPL.DLL
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\program files\microsoft activesync\INETREPL.DLL
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - c:\program files\siber systems\ai roboform\roboform.dll
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - c:\program files\siber systems\ai roboform\roboform.dll
IE: {724d43aa-0d85-11d4-9908-00400523e39a} - {724d43aa-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\microsoft office\office11\REFIEBAR.DLL
IE: {A6B25D86-CB76-44C1-8E35-328EE8F4BEF0} - {ADA89D2B-04A5-4656-A56D-519E329137C4}
IE: {FD4E2FF8-973C-4A19-89BD-8E86B3CFCFE1} - {FD4E2FF8-973C-4A19-89BD-8E86B3CFCFE1} - c:\program files\free download manager\fum\fumiebtn.dll
Trusted Zone: easynews.com\members
Trusted Zone: easynews.com\zip.members
Trusted Zone: expedia.com\www
Trusted Zone: ibc.com\ibcbankonline
Trusted Zone: installogy.com\www
Trusted Zone: microsoft.com\support
Trusted Zone: microsoft.com\www
Trusted Zone: paypal.com\www
Trusted Zone: pcpitstop.com\www
Trusted Zone: weldingtipsandtricks.com\www
Trusted Zone: www.m
Trusted Zone: youtube.com\www
DPF: DirectAnimation Java Classes
DPF: Microsoft XML Parser for Java
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://v5.windowsupdate.microsoft.com/v ... 5443775947
DPF: {CA6F0A67-18BB-4E39-BB8A-A1E04D6AACDF} - hxxp://www.superadblocker.com/activex/sabminf.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/aut ... s-i586.cab
DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} - hxxp://utilities.pcpitstop.com/Optimize3/pcpitstop2.dll
TCP: DhcpNameServer = 192.168.2.1
TCP: Interfaces\{5D3D72CC-172E-451C-B547-CF33BF53688A} : DhcpNameServer = 69.27.130.50 69.27.130.51 66.210.168.2
TCP: Interfaces\{8E331F73-A08F-4C1C-A58A-C2903A73B4B9} : DhcpNameServer = 192.168.2.1
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Handler: mctp - {d7b95390-b1c5-11d0-b111-0080c712fe82} - c:\program files\microsoft activesync\AATP.DLL
WinCE Filter: image/bmp - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - c:\program files\microsoft activesync\CENETFLT.DLL
WinCE Filter: image/gif - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - c:\program files\microsoft activesync\CENETFLT.DLL
WinCE Filter: image/jpeg - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - c:\program files\microsoft activesync\CENETFLT.DLL
WinCE Filter: image/xbm - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - c:\program files\microsoft activesync\CENETFLT.DLL
WinCE Filter: text/asp - {6C5C3074-FFAB-11d1-8EC4-00C04F98D57A} - c:\program files\microsoft activesync\CENETFLT.DLL
WinCE Filter: text/html - {6C5C3074-FFAB-11d1-8EC4-00C04F98D57A} - c:\program files\microsoft activesync\CENETFLT.DLL
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: awtQhhhe - awtQhhhe.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
LSA: Notification Packages =
.
============= SERVICES / DRIVERS ===============
.
R0 m5289;m5289;c:\windows\system32\drivers\m5289.sys [2012-4-18 52480]
R0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [2012-4-18 51984]
R0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [2012-4-18 59664]
R0 uliagpkx;ULi AGP Bus Filter Driver;c:\windows\system32\drivers\AGPKX.SYS [2012-4-18 45056]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2012-4-9 729752]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2012-4-18 355632]
R1 mchInjDrv;madCodeHook DLL injection driver;c:\windows\system32\drivers\mchInjDrv.sys [2012-4-18 2560]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\SASDIFSV.SYS [2008-2-29 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2008-2-29 67664]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCORE.EXE [2010-8-21 116608]
R2 AdobeActiveFileMonitor8.0;Adobe Active File Monitor V8;c:\program files\adobe\elements organizer 8.0\PhotoshopElementsFileAgent.exe [2009-10-9 169312]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2012-4-9 21256]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2011-12-3 44808]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-8-26 655944]
R2 ThreatFire;ThreatFire;c:\program files\threatfire\tfservice.exe service --> c:\program files\threatfire\TFService.exe service [?]
R2 ToolTipFixer;ToolTipFixer;c:\program files\neosmart technologies\tooltipfixer\ToolTipFixer.exe [2008-10-14 61952]
R2 wwEngineSvc;Window Washer Engine;c:\program files\webroot\washer\WasherSvc.exe [2009-8-2 598856]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-8-26 22344]
R3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [2012-4-18 33552]
S3 ALSysIO;ALSysIO; [x]
S3 Bdfndisf;BitDefender Firewall NDIS Filter Service;c:\windows\system32\drivers\bdfndisf.sys [2012-4-18 71040]
S3 gupdate1c98ada76b71a2b;Google Update Service (gupdate1c98ada76b71a2b); [x]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-5-7 129976]
S3 NPF;Netgroup Packet Filter;c:\windows\system32\drivers\npf.sys [2012-4-18 14448]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2006-2-16 12872]
S3 UCORESYS;UCORESYS;c:\downloads\asrock\bios\939dual-sata2(2.20)win\afu939dual-sata2_2.20\Ucoresys.sys [2008-6-13 8544]
S3 ULI5261XP;ULi M526X Ethernet NT Driver;c:\windows\system32\drivers\ULILAN51.SYS [2012-4-18 28672]
S3 WCPUID;WCPUID; [x]
S4 PuranDefrag;PuranDefrag;c:\windows\system32\PuranDefragS.exe [2012-4-18 229376]
.
=============== Created Last 30 ================
.
2012-09-02 17:12:28 272128 -c----w- c:\windows\system32\dllcache\bthport.sys
2012-09-02 17:10:54 953856 -c----w- c:\windows\system32\dllcache\mfc40u.dll
2012-09-02 17:08:13 456320 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2012-09-02 17:06:37 617472 -c----w- c:\windows\system32\dllcache\comctl32.dll
2012-09-02 17:05:45 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
2012-09-02 16:58:57 153088 -c----w- c:\windows\system32\dllcache\triedit.dll
2012-09-02 16:56:56 536576 -c----w- c:\windows\system32\dllcache\msado15.dll
2012-09-02 16:56:14 3558912 -c----w- c:\windows\system32\dllcache\moviemk.exe
2012-09-02 16:55:01 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2012-09-02 16:55:01 55296 ------w- c:\windows\system32\SETA8.tmp
2012-09-02 16:54:57 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2012-09-02 16:54:57 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2012-09-02 16:54:43 629760 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2012-09-02 16:54:43 629760 ------w- c:\windows\system32\SETA9.tmp
2012-09-02 16:54:38 2000384 -c----w- c:\windows\system32\dllcache\iertutil.dll
2012-09-02 16:54:38 2000384 ------w- c:\windows\system32\SETAD.tmp
2012-09-02 16:54:36 521728 -c----w- c:\windows\system32\dllcache\jsdbgui.dll
2012-09-02 16:54:31 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2012-09-02 16:52:07 3072 -c----w- c:\windows\system32\dllcache\iacenc.dll
2012-09-02 16:52:07 3072 ------w- c:\windows\system32\iacenc.dll
2012-09-02 16:48:49 590848 -c----w- c:\windows\system32\dllcache\rpcrt4.dll
2012-09-02 16:30:09 -------- d-----w- c:\windows\system32\PreInstall
2012-09-02 16:26:56 -------- d-----w- c:\program files\MSXML 4.0
2012-09-02 16:26:35 -------- d-----w- c:\windows\ie8updates
2012-09-02 16:22:10 74240 -c----w- c:\windows\system32\dllcache\mscms.dll
2012-09-02 16:22:03 345600 -c----w- c:\windows\system32\dllcache\localspl.dll
2012-09-02 16:20:58 1172480 -c----w- c:\windows\system32\dllcache\msxml3.dll
2012-09-02 16:20:54 551936 -c----w- c:\windows\system32\dllcache\oleaut32.dll
2012-09-02 16:20:46 58880 -c----w- c:\windows\system32\dllcache\spoolsv.exe
2012-09-02 16:20:41 439296 -c----w- c:\windows\system32\dllcache\shimgvw.dll
2012-09-02 16:20:37 8462848 -c----w- c:\windows\system32\dllcache\shell32.dll
2012-09-02 16:20:31 78336 -c----w- c:\windows\system32\dllcache\browser.dll
2012-09-02 16:20:31 337920 -c----w- c:\windows\system32\dllcache\netapi32.dll
2012-09-02 16:20:26 58880 -c----w- c:\windows\system32\dllcache\msasn1.dll
2012-09-02 16:20:22 17920 -c----w- c:\windows\system32\dllcache\msyuv.dll
2012-09-02 16:20:19 1292288 -c----w- c:\windows\system32\dllcache\quartz.dll
2012-09-02 16:20:13 357888 -c----w- c:\windows\system32\dllcache\srv.sys
2012-09-02 16:20:10 58880 -c----w- c:\windows\system32\dllcache\atl.dll
2012-09-02 16:20:06 270336 -c----w- c:\windows\system32\dllcache\oakley.dll
2012-09-02 16:19:58 978944 -c----w- c:\windows\system32\dllcache\mfc42.dll
2012-09-02 16:19:53 84992 -c----w- c:\windows\system32\dllcache\avifil32.dll
2012-09-02 16:19:53 48128 -c----w- c:\windows\system32\dllcache\iyuv_32.dll
2012-09-02 16:19:53 11264 -c----w- c:\windows\system32\dllcache\msrle32.dll
2012-09-02 16:19:51 186880 -c----w- c:\windows\system32\dllcache\encdec.dll
2012-09-02 16:19:45 343040 -c----w- c:\windows\system32\dllcache\mspaint.exe
2012-09-02 16:19:41 354816 -c----w- c:\windows\system32\dllcache\winhttp.dll
2012-09-02 16:19:35 286720 -c----w- c:\windows\system32\dllcache\gdi32.dll
2012-09-02 16:19:17 1866112 -c----w- c:\windows\system32\dllcache\win32k.sys
2012-09-02 16:17:56 40960 -c----w- c:\windows\system32\dllcache\ndproxy.sys
2012-09-02 16:17:47 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe
2012-09-02 16:17:33 60416 -c----w- c:\windows\system32\dllcache\packager.exe
2012-09-02 16:17:22 81920 -c----w- c:\windows\system32\dllcache\fontsub.dll
2012-09-02 16:17:21 119808 -c----w- c:\windows\system32\dllcache\t2embed.dll
2012-09-02 16:16:43 139784 -c----w- c:\windows\system32\dllcache\rdpwd.sys
2012-09-02 16:16:37 331776 -c----w- c:\windows\system32\dllcache\msadce.dll
2012-09-02 16:16:21 105472 -c----w- c:\windows\system32\dllcache\mup.sys
2012-09-02 16:14:56 718336 -c----w- c:\windows\system32\dllcache\ntdll.dll
2012-09-02 16:14:52 2192640 -c----w- c:\windows\system32\dllcache\ntoskrnl.exe
2012-09-02 16:14:52 2148352 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe
2012-09-02 16:14:48 2069120 -c----w- c:\windows\system32\dllcache\ntkrnlpa.exe
2012-09-02 16:14:48 2026496 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe
2012-09-02 16:14:13 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2012-09-02 16:14:06 218112 -c----w- c:\windows\system32\dllcache\wordpad.exe
2012-09-02 16:13:44 10496 -c----w- c:\windows\system32\dllcache\ndistapi.sys
2012-09-02 16:13:17 45568 -c----w- c:\windows\system32\dllcache\wab.exe
2012-09-02 16:12:57 86016 -c----w- c:\windows\system32\dllcache\cabview.dll
2012-09-01 22:51:54 -------- d-----w- c:\windows\system32\SoftwareDistribution
2012-09-01 21:15:18 79872 -c----w- c:\windows\system32\dllcache\msxml6r.dll
2012-09-01 21:15:18 79872 ------w- c:\windows\system32\msxml6r.dll
2012-09-01 21:15:18 1372672 -c----w- c:\windows\system32\dllcache\msxml6.dll
2012-09-01 21:15:17 1372672 ------w- c:\windows\system32\msxml6.dll
2012-09-01 21:13:59 650752 ------w- c:\windows\system32\dot3ui.dll
2012-09-01 21:02:25 294912 -c----w- c:\windows\system32\dllcache\dlimport.exe
2012-09-01 20:57:01 144384 ------w- c:\windows\system32\drivers\hdaudbus.sys
2012-09-01 20:56:59 10240 ------w- c:\windows\system32\drivers\sffp_mmc.sys
2012-09-01 20:48:05 19569 ----a-w- c:\windows\000001_.tmp
2012-09-01 18:56:17 -------- d-----w- c:\windows\system32\scripting
2012-09-01 18:56:07 -------- d-----w- c:\windows\l2schemas
2012-09-01 18:56:05 -------- d-----w- c:\windows\system32\en
2012-09-01 18:36:32 -------- d-----w- c:\windows\network diagnostic
2012-09-01 18:34:20 33656 ----a-w- c:\windows\system32\sprecovr.exe
2012-09-01 18:26:53 19569 ----a-w- c:\windows\005956_.tmp
2012-09-01 18:22:54 239616 ----a-w- c:\windows\system32\wstrenderer.ax
2012-09-01 18:21:48 164352 ----a-w- c:\windows\system32\wstpager.ax
2012-09-01 18:20:59 73728 ----a-w- c:\windows\system32\fdeploy.dll
2012-09-01 18:19:56 153088 ----a-w- c:\program files\common files\microsoft shared\triedit\triedit.dll
2012-09-01 18:18:59 94720 ----a-w- c:\windows\system32\SETA67.tmp
2012-09-01 18:17:59 75776 ----a-w- c:\windows\system32\wiascr.dll
2012-09-01 18:08:01 -------- d-----w- c:\windows\system32\CatRoot_bak
2012-08-27 17:50:47 23040 -c--a-w- c:\windows\system32\dllcache\xrxwbtmp.dll
2012-08-27 17:50:46 27648 -c--a-w- c:\windows\system32\dllcache\xrxftplt.exe
2012-08-27 17:50:45 4608 -c--a-w- c:\windows\system32\dllcache\xrxflnch.exe
2012-08-27 17:50:10 99865 -c--a-w- c:\windows\system32\dllcache\xlog.exe
2012-08-27 17:50:03 16970 -c--a-w- c:\windows\system32\dllcache\xem336n5.sys
2012-08-27 17:50:00 19455 -c--a-w- c:\windows\system32\dllcache\wvchntxx.sys
2012-08-27 17:49:53 12063 -c--a-w- c:\windows\system32\dllcache\wsiintxx.sys
2012-08-27 17:48:53 154624 -c--a-w- c:\windows\system32\dllcache\wlluc48.sys
2012-08-27 17:48:52 34890 -c--a-w- c:\windows\system32\dllcache\wlandrv2.sys
2012-08-27 17:48:31 771581 -c--a-w- c:\windows\system32\dllcache\winacisa.sys
2012-08-27 17:48:26 87040 -c--a-w- c:\windows\system32\dllcache\wiafbdrv.dll
2012-08-27 17:48:26 53760 -c--a-w- c:\windows\system32\dllcache\wiamsmud.dll
2012-08-27 17:48:11 701386 -c--a-w- c:\windows\system32\dllcache\wdhaalba.sys
2012-08-27 17:48:10 23615 -c--a-w- c:\windows\system32\dllcache\wch7xxnt.sys
2012-08-27 17:48:08 35871 -c--a-w- c:\windows\system32\dllcache\wbfirdma.sys
2012-08-27 17:46:59 113762 -c--a-w- c:\windows\system32\dllcache\usrpda.sys
2012-08-27 17:45:59 315520 -c--a-w- c:\windows\system32\dllcache\trid3d.dll
2012-08-27 17:44:59 7040 -c--a-w- c:\windows\system32\dllcache\tandqic.sys
2012-08-27 17:43:49 61824 -c--a-w- c:\windows\system32\dllcache\speed.sys
2012-08-27 17:42:45 91294 -c--a-w- c:\windows\system32\dllcache\skfpwin.sys
2012-08-27 17:42:45 63547 -c--a-w- c:\windows\system32\dllcache\sla30nd5.sys
2012-08-27 17:42:43 94698 -c--a-w- c:\windows\system32\dllcache\sk98xwin.sys
2012-08-27 17:42:43 157696 -c--a-w- c:\windows\system32\dllcache\sisv256.dll
2012-08-27 17:42:41 50432 -c--a-w- c:\windows\system32\dllcache\sisv.sys
2012-08-27 17:42:40 32768 -c--a-w- c:\windows\system32\dllcache\sisnic.sys
2012-08-27 17:42:40 238592 -c--a-w- c:\windows\system32\dllcache\sisgrv.dll
2012-08-27 17:42:38 104064 -c--a-w- c:\windows\system32\dllcache\sisgrp.sys
2012-08-27 17:42:36 150144 -c--a-w- c:\windows\system32\dllcache\sis6306v.dll
2012-08-27 17:42:35 68608 -c--a-w- c:\windows\system32\dllcache\sis6306p.sys
2012-08-27 17:42:35 252032 -c--a-w- c:\windows\system32\dllcache\sis300iv.dll
2012-08-27 17:42:34 101760 -c--a-w- c:\windows\system32\dllcache\sis300ip.sys
2012-08-27 17:40:59 62496 -c--a-w- c:\windows\system32\dllcache\s3mtrio.dll
2012-08-27 17:39:31 714762 -c--a-w- c:\windows\system32\dllcache\r2mdmkxx.sys
2012-08-27 17:38:59 16128 -c--a-w- c:\windows\system32\dllcache\pscr.sys
2012-08-27 17:37:45 44544 -c--a-w- c:\windows\system32\dllcache\ovui2.dll
2012-08-27 17:36:56 198144 -c--a-w- c:\windows\system32\dllcache\nv3.sys
2012-08-27 17:36:56 123776 -c--a-w- c:\windows\system32\dllcache\nv3.dll
2012-08-27 17:36:45 51552 -c--a-w- c:\windows\system32\dllcache\ntgrip.sys
2012-08-27 17:36:40 9344 -c--a-w- c:\windows\system32\dllcache\ntapm.sys
2012-08-27 17:36:39 7552 -c--a-w- c:\windows\system32\dllcache\nsmmc.sys
2012-08-27 17:36:29 87040 -c--a-w- c:\windows\system32\dllcache\nm6wdm.sys
2012-08-27 17:36:28 126080 -c--a-w- c:\windows\system32\dllcache\nm5a2wdm.sys
2012-08-27 17:36:14 32840 -c--a-w- c:\windows\system32\dllcache\ngrpci.sys
2012-08-27 17:36:09 132695 -c--a-w- c:\windows\system32\dllcache\netwlan5.sys
2012-08-27 17:36:00 65278 -c--a-w- c:\windows\system32\dllcache\netflx3.sys
2012-08-27 17:34:47 12416 -c--a-w- c:\windows\system32\dllcache\msriffwv.sys
2012-08-27 17:33:55 35200 -c--a-w- c:\windows\system32\dllcache\msgame.sys
2012-08-27 17:33:53 6016 -c--a-w- c:\windows\system32\dllcache\msfsio.sys
2012-08-27 17:33:34 17280 -c--a-w- c:\windows\system32\dllcache\mraid35x.sys
2012-08-27 17:33:12 16128 -c--a-w- c:\windows\system32\dllcache\modemcsa.sys
2012-08-27 17:33:01 6528 -c--a-w- c:\windows\system32\dllcache\miniqic.sys
2012-08-27 17:31:56 4992 -c--a-w- c:\windows\system32\dllcache\loop.sys
2012-08-27 17:31:48 70730 -c--a-w- c:\windows\system32\dllcache\lne100tx.sys
2012-08-27 17:31:47 20573 -c--a-w- c:\windows\system32\dllcache\lne100.sys
2012-08-27 17:31:46 25065 -c--a-w- c:\windows\system32\dllcache\lmndis3.sys
2012-08-27 17:31:45 15744 -c--a-w- c:\windows\system32\dllcache\lit220p.sys
2012-08-27 17:31:39 26442 -c--a-w- c:\windows\system32\dllcache\lanepic5.sys
2012-08-27 17:31:36 19016 -c--a-w- c:\windows\system32\dllcache\ktc111.sys
2012-08-27 17:31:34 37376 -c--a-w- c:\windows\system32\dllcache\kousd.dll
2012-08-27 17:30:39 8704 -c--a-w- c:\windows\system32\dllcache\kbdjpn.dll
2012-08-27 17:30:39 8192 -c--a-w- c:\windows\system32\dllcache\kbdkor.dll
2012-08-27 17:29:54 6144 -c--a-w- c:\windows\system32\dllcache\kbd101c.dll
2012-08-27 17:29:54 5632 -c--a-w- c:\windows\system32\dllcache\kbd103.dll
2012-08-27 17:29:53 6144 -c--a-w- c:\windows\system32\dllcache\kbd101b.dll
2012-08-27 17:29:39 26624 -c--a-w- c:\windows\system32\dllcache\irstusb.sys
2012-08-27 17:29:36 23552 -c--a-w- c:\windows\system32\dllcache\irmk7.sys
2012-08-27 17:29:20 45632 -c--a-w- c:\windows\system32\dllcache\ip5515.sys
2012-08-27 17:29:19 90200 -c--a-w- c:\windows\system32\dllcache\io8ports.dll
2012-08-27 17:29:19 38784 -c--a-w- c:\windows\system32\dllcache\io8.sys
2012-08-27 17:29:15 13056 -c--a-w- c:\windows\system32\dllcache\inport.sys
2012-08-27 17:29:14 16000 -c--a-w- c:\windows\system32\dllcache\ini910u.sys
2012-08-27 17:26:23 50751 -c--a-w- c:\windows\system32\dllcache\hsf_tone.sys
2012-08-27 17:25:55 2688 -c--a-w- c:\windows\system32\dllcache\hidswvd.sys
2012-08-27 17:25:54 8576 -c--a-w- c:\windows\system32\dllcache\hidgame.sys
2012-08-27 17:25:35 82304 -c--a-w- c:\windows\system32\dllcache\grclass.sys
2012-08-27 17:25:32 17408 -c--a-w- c:\windows\system32\dllcache\gpr400.sys
2012-08-27 17:25:25 322432 -c--a-w- c:\windows\system32\dllcache\g400m.sys
2012-08-27 17:25:24 1733120 -c--a-w- c:\windows\system32\dllcache\g400d.dll
2012-08-27 17:25:23 470144 -c--a-w- c:\windows\system32\dllcache\g200d.dll
2012-08-27 17:25:23 320384 -c--a-w- c:\windows\system32\dllcache\g200m.sys
2012-08-27 17:25:22 454912 -c--a-w- c:\windows\system32\dllcache\fxusbase.sys
2012-08-27 17:25:09 92160 -c--a-w- c:\windows\system32\dllcache\fuusd.dll
2012-08-27 17:25:09 455296 -c--a-w- c:\windows\system32\dllcache\fusbbase.sys
2012-08-27 17:25:07 455680 -c--a-w- c:\windows\system32\dllcache\fus2base.sys
2012-08-27 17:23:59 72192 -c--a-w- c:\windows\system32\dllcache\es1969.sys
2012-08-27 17:22:59 28062 -c--a-w- c:\windows\system32\dllcache\dp83820.sys
2012-08-27 17:21:59 86016 -c--a-w- c:\windows\system32\dllcache\dc240usd.dll
2012-08-27 17:20:50 44032 -c--a-w- c:\windows\system32\dllcache\cnusd.dll
2012-08-27 17:20:50 39936 -c--a-w- c:\windows\system32\dllcache\cnxt1803.sys
2012-08-27 17:20:44 6656 -c--a-w- c:\windows\system32\dllcache\cmdide.sys
2012-08-27 17:20:42 20736 -c--a-w- c:\windows\system32\dllcache\cmbp0wdm.sys
2012-08-27 17:20:36 248064 -c--a-w- c:\windows\system32\dllcache\cl546xm.sys
2012-08-27 17:20:36 170880 -c--a-w- c:\windows\system32\dllcache\cl546x.dll
2012-08-27 17:20:35 111232 -c--a-w- c:\windows\system32\dllcache\cl5465.dll
2012-08-27 17:20:32 45696 -c--a-w- c:\windows\system32\dllcache\cirrus.sys
2012-08-27 17:20:31 91264 -c--a-w- c:\windows\system32\dllcache\cirrus.dll
2012-08-27 17:20:24 272640 -c--a-w- c:\windows\system32\dllcache\cinemclc.sys
2012-08-27 17:20:20 980034 -c--a-w- c:\windows\system32\dllcache\cicap.sys
2012-08-27 17:18:49 13824 -c--a-w- c:\windows\system32\dllcache\bulltlp3.sys
2012-08-27 17:17:49 26624 -c--a-w- c:\windows\system32\dllcache\ativxbar.sys
2012-08-27 17:16:56 6272 -c--a-w- c:\windows\system32\dllcache\apmbatt.sys
2012-08-27 17:15:59 7424 -c--a-w- c:\windows\system32\dllcache\adicvls.sys
2012-08-27 17:15:54 61440 -c--a-w- c:\windows\system32\dllcache\acerscad.dll
2012-08-27 17:15:52 84480 -c--a-w- c:\windows\system32\dllcache\ac97via.sys
2012-08-27 17:15:50 297728 -c--a-w- c:\windows\system32\dllcache\ac97sis.sys
2012-08-27 17:15:49 96256 -c--a-w- c:\windows\system32\dllcache\ac97intc.sys
2012-08-27 17:15:46 23552 -c--a-w- c:\windows\system32\dllcache\abp480n5.sys
2012-08-27 17:15:46 231552 -c--a-w- c:\windows\system32\dllcache\ac97ali.sys
2012-08-27 17:15:45 462848 -c--a-w- c:\windows\system32\dllcache\a3dapi.dll
2012-08-27 17:15:43 38400 -c--a-w- c:\windows\system32\dllcache\8514a.dll
2012-08-27 17:15:40 689216 -c--a-w- c:\windows\system32\dllcache\3dfxvs.dll
2012-08-27 17:15:40 148352 -c--a-w- c:\windows\system32\dllcache\3dfxvsm.sys
2012-08-27 17:15:39 762780 -c--a-w- c:\windows\system32\dllcache\3cwmcru.sys
2012-08-27 17:15:38 11264 -c--a-w- c:\windows\system32\dllcache\1394vdbg.sys
2012-08-27 17:14:41 66048 -c--a-w- c:\windows\system32\dllcache\s3legacy.dll
2012-08-26 17:17:59 -------- d-----w- c:\documents and settings\ted\application data\Malwarebytes
2012-08-26 17:15:50 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2012-08-26 17:15:25 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-08-26 17:15:22 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-08-19 21:00:26 -------- d-----w- c:\program files\Folder Marker
2012-08-19 19:28:36 -------- d-----w- c:\documents and settings\ted\application data\TrueCrypt
2012-08-19 17:07:10 -------- d-----w- c:\windows\Downloaded Installations
2012-08-16 18:32:31 -------- d-----w- c:\documents and settings\ted\application data\AVS4YOU
2012-08-16 18:29:37 11137024 ----a-w- c:\windows\system32\libmfxsw32.dll
2012-08-16 18:29:10 -------- d-----w- c:\program files\common files\AVSMedia
2012-08-16 18:26:02 -------- d-----w- c:\windows\SxsCaPendDel
2012-08-16 18:24:07 24576 ----a-w- c:\windows\system32\msxml3a.dll
2012-08-16 18:24:07 -------- d-----w- c:\documents and settings\all users\application data\AVS4YOU
2012-08-16 15:47:44 -------- d-----w- c:\program files\WMV9_VCM
2012-08-16 15:47:20 53252 ----a-w- c:\windows\Video Cleaner Uninstaller.exe
2012-08-16 15:47:04 -------- d-----w- c:\documents and settings\ted\application data\River Past G5
2012-08-16 15:47:04 -------- d-----w- c:\documents and settings\all users\application data\River Past G5
2012-08-16 15:47:03 -------- d-----w- c:\program files\common files\River Past
2012-08-06 19:52:32 -------- d-----w- c:\documents and settings\ted\local settings\application data\Adobe
2012-08-06 19:40:40 -------- d-----w- c:\program files\common files\Macrovision Shared
.
==================== Find3M ====================
.
2012-08-21 09:13:15 729752 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-08-21 09:12:33 41224 ----a-w- c:\windows\avastSS.scr
2012-07-06 13:58:51 78336 ----a-w- c:\windows\system32\browser.dll
2012-07-04 14:05:18 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-07-03 13:40:15 1866112 ----a-w- c:\windows\system32\win32k.sys
2012-07-03 04:19:34 11111424 ------w- c:\windows\system32\SETAF.tmp
2012-07-02 17:49:33 916992 ----a-w- c:\windows\system32\wininet.dll
2012-07-02 17:49:32 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-07-02 17:49:32 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2012-07-02 12:05:43 385024 ----a-w- c:\windows\system32\html.iec
2012-06-05 15:50:25 1172480 ----a-w- c:\windows\system32\msxml3.dll
2008-03-23 15:20:33 18672 ----a-w- c:\program files\WEBWRAP.EXE
2008-03-23 15:19:30 9902 ----a-w- c:\program files\VGLUE.DLL
2008-03-23 15:19:19 42798 ----a-w- c:\program files\UNSQUASH.EXE
2008-03-23 14:08:59 7680 ----a-w- c:\program files\TAXFORMS.USA
2008-03-23 14:08:59 726032 ----a-w- c:\program files\TEJ.DLL
2008-03-23 13:37:32 1500736 ----a-w- c:\program files\SIT.DLL
2008-03-23 13:23:46 14192 ----a-w- c:\program files\PERRVAL.DLL
2008-03-23 13:16:25 1497152 ----a-w- c:\program files\NAVIGATE.EXE
2008-03-23 12:22:12 19568 ----a-w- c:\program files\CTL3D.DLL
2008-03-23 12:17:47 605348 ----a-w- c:\program files\CGMZV.DLL
2008-03-23 12:09:58 219648 ----a-w- c:\program files\BC450RTL.DLL
.
=================== ROOTKIT ====================
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600
.
CreateFile("\\.\PHYSICALDRIVE0"): The process cannot access the file because it is being used by another process.
device: opened successfully
user: error reading MBR
.
Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll sfsync02.sys atapi.sys aliide.sys PCIIDEX.SYS
c:\windows\system32\drivers\sfsync02.sys Protection Technology StarForce Protection System
c:\windows\system32\drivers\aliide.sys Acer Laboratories Inc. ALi mini IDE Driver
1 ntkrnlpa!IofCallDriver[0x804EF1B0] -> \Device\Harddisk0\DR0[0x8A6A7AB8]
3 CLASSPNP[0xBA0F8FD7] -> ntkrnlpa!IofCallDriver[0x804EF1B0] -> \Device\0000008e[0x8A6B6F18]
5 ACPI[0xB9F7F620] -> ntkrnlpa!IofCallDriver[0x804EF1B0] -> \Device\Ide\IdeDeviceP0T0L0-4[0x8A64ED98]
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; STI ; PUSH AX; POP ES; PUSH AX; POP DS; CLD ; MOV SI, 0x7c1b; MOV DI, 0x61b; PUSH AX; PUSH DI; MOV CX, 0x1e5; REP MOVSB ; RETF ; MOV BP, 0x7be; MOV CL, 0x4; CMP [BP+0x0], CH; JL 0x2e; JNZ 0x3a; }
user != kernel MBR !!!
.
============= FINISH: 18:02:56.89 ===============

CKScanner - Additional Security Risks - These are not necessarily bad
c:\documents and settings\ted\favorites\computer stuff\software\serial numbers etc\--=+ gulli.com - gullisworld +=-- crackz, serialz & vieles m.url
c:\documents and settings\ted\favorites\computer stuff\software\serial numbers etc\best cracks - tnt!crackers official distro [c].url
c:\documents and settings\ted\favorites\computer stuff\software\serial numbers etc\crackz unlimited.url
c:\documents and settings\ted\favorites\computer stuff\software\warez\vipzone portal - ????? ????????, icq, free uins, warez, games, mp3, crack.url
c:\downloads\video utilities\dvdcloner\crack\akey.dat
c:\downloads\video utilities\dvdcloner\crack\dvd-cloner3.exe
c:\program files\321studios\xpress\crack.exe
c:\temp\roboform 659 with crack\airoboform.exe
c:\temp\roboform 659 with crack\te.nfo
scanner sequence 3.ED.11.CBNAAC
----- EOF -----

Diagnostic Report (1.9.0027.0):
-----------------------------------------
Windows Validation Data-->
Validation Status: Blocked VLK
Validation Code: 3
Cached Validation Code: N/A
Windows Product Key: *****-*****-TDDFQ-XX4F6-W4P9W
Windows Product Key Hash: Po0/fPudLXc3Owxp/l5Kvi9HsGg=
Windows Product ID: 55274-646-6099792-23848
Windows Product ID Type: 1
Windows License Type: Volume
Windows OS version: 5.1.2600.2.00010100.3.0.pro
ID: {59FAF234-710E-440F-8DA6-C54FCEA1B2D7}(1)
Is Admin: Yes
TestCab: 0x0
LegitcheckControl ActiveX: N/A, hr = 0x80070002
Signed By: N/A, hr = 0x80070002
Product Name: N/A
Architecture: N/A
Build lab: N/A
TTS Error: N/A
Validation Diagnostic: 025D1FF3-230-1_E2AD56EA-765-d003_E2AD56EA-766-0_E2AD56EA-134-80004005
Resolution Status: N/A

Vista WgaER Data-->
ThreatID(s): N/A
Version: N/A

Windows XP Notifications Data-->
Cached Result: N/A, hr = 0x80070002
File Exists: No
Version: N/A, hr = 0x80070002
WgaTray.exe Signed By: N/A, hr = 0x80070002
WgaLogon.dll Signed By: N/A, hr = 0x80070002

OGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
OGAExec.exe Signed By: N/A, hr = 0x80070002
OGAAddin.dll Signed By: N/A, hr = 0x80070002

OGA Data-->
Office Status: 114 Blocked VLK 2
Microsoft Outlook 2002 - 100 Genuine
Microsoft Office Professional Edition 2003 - 114 Blocked VLK 2
Microsoft Office FrontPage 2003 - 100 Genuine
OGA Version: N/A, 0x80070002
Signed By: N/A, hr = 0x80070002
Office Diagnostics: 025D1FF3-230-1

Browser Data-->
Proxy settings: N/A
User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
Default Browser: C:\Program Files\Mozilla Firefox\firefox.exe
Download signed ActiveX controls: Prompt
Download unsigned ActiveX controls: Disabled
Run ActiveX controls and plug-ins: Allowed
Initialize and script ActiveX controls not marked as safe: Disabled
Allow scripting of Internet Explorer Webbrowser control: Disabled
Active scripting: Allowed
Script ActiveX controls marked as safe for scripting: Allowed

File Scan Data-->

Other data-->
Office Details: <GenuineResults><MachineData><UGUID>{59FAF234-710E-440F-8DA6-C54FCEA1B2D7}</UGUID><Version>1.9.0027.0</Version><OS>5.1.2600.2.00010100.3.0.pro</OS><Architecture>x32</Architecture><PKey>*****-*****-*****-*****-W4P9W</PKey><PID>55274-646-6099792-23848</PID><PIDType>1</PIDType><SID>S-1-5-21-1614895754-1343024091-1412948403</SID><SYSTEM><Manufacturer>To Be Filled By O.E.M.</Manufacturer><Model>939Dual-VSTA</Model></SYSTEM><BIOS><Manufacturer>American Megatrends Inc.</Manufacturer><Version>P1.30</Version><SMBIOSVersion major="2" minor="4"/><Date>20060925000000.000000+000</Date></BIOS><HWID>AE03388F0184AE76</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Central Standard Time(GMT-06:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM/><GANotification/></MachineData> <Software><Office><Result>114</Result><Products><Product GUID="{911A0409-6000-11D3-8CFE-0050048383C9}"><LegitResult>100</LegitResult><Name>Microsoft Outlook 2002</Name><Ver>10</Ver><Val>B9E9B9EF1C08368</Val><Hash>AlnSn3KY4YSAVehbRu0qDyhXVzY=</Hash><Pid>54193-OEM-1695421-20980</Pid><PidType>4</PidType></Product><Product GUID="{90110409-6000-11D3-8CFE-0150048383C9}"><LegitResult>114</LegitResult><Name>Microsoft Office Professional Edition 2003</Name><Ver>11</Ver><Val>59D1605114E3500</Val><Hash>vfZmaSmFPIYrLWTcZSZErUQg+Fo=</Hash><Pid>73931-640-0000106-57782</Pid><PidType>14</PidType></Product><Product GUID="{90170409-6000-11D3-8CFE-0150048383C9}"><LegitResult>100</LegitResult><Name>Microsoft Office FrontPage 2003</Name><Ver>11</Ver><Val>5EA9C3672EB0500</Val><Hash>GZD+9sfb5ecL3RxyV4F75a86u2M=</Hash><Pid>72079-640-0000106-55211</Pid><PidType>14</PidType></Product></Products><Applications><App Id="1A" Version="10" Result="100"/><App Id="15" Version="11" Result="114"/><App Id="16" Version="11" Result="114"/><App Id="17" Version="11" Result="100"/><App Id="18" Version="11" Result="114"/><App Id="19" Version="11" Result="114"/><App Id="1A" Version="11" Result="114"/><App Id="1B" Version="11" Result="114"/><App Id="44" Version="11" Result="114"/></Applications></Office></Software></GenuineResults>

Licensing Data-->
N/A

Windows Activation Technologies-->
N/A

HWID Data-->
N/A

OEM Activation 1.0 Data-->
BIOS string matches: yes
Marker string from BIOS: 8A47:HITACHI, Ltd|8A47:HITACHI, Ltd|8A47:HITACHI, Ltd
Marker string from OEMBIOS.DAT: N/A, hr = 0x80004005

OEM Activation 2.0 Data-->
N/A
tmitch
Active Member
 
Posts: 6
Joined: August 30th, 2012, 1:21 pm
Location: Oklahoma

Re: New virus that changes my accounting downloads

Unread postby deltalima » September 3rd, 2012, 2:40 am

Unlicensed software

There are clear signs in the logs that you have software installed for which you do not have a valid license.

Our forum policy Here says we will not help people who use cracked or pirated software.

This topic will now be closed.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 11 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware