Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

"MSN Featured" Spam - Cannot get rid of at ALL!!!

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: "MSN Featured" Spam - Cannot get rid of at ALL!!!

Unread postby Sharagoz » January 11th, 2009, 3:44 pm

1) Upload a file to VirusTotal
  • Go to virustotal.com
  • Click Browse and copy the filepath from the codebox below into the File name box and click Open
    Code: Select all
    C:\Windows\System32\drivers\tcpip.sys
  • Click the Send file button to start the scan
  • When the status changes to finished, click the Compact link
  • Copy everything from the windows that pops up into your next reply

2) Run ESET's online scanner
  • Go here using Internet Explorer:
    http://www.eset.com/onlinescan/
  • Put a checkmark next to Yes, I accept the Terms of Use and click the Start button
  • When prompted about installing ActiveX, allow it and click Install
    The interface will load
  • Click Start
    The scanner will initialize and update itself
  • Once the scanner has loaded, leave both check boxes unchecked and click the Scan button
    Your computer will be scanned, this can take a while to complete
  • When the scan has finished, close Internet Explorer
  • A log will be located here
    C:\Program Files\EsetOnlineScanner\log.txt
  • Include this log in your next reply

3) Updating Java
Your version of Java is outdated. I strongly recommend you update, since many applications depend on java and a lot of malware exploits security holes present in old versions of Java.
  • First uninstall this old version of java through Add/Remove programs:
    Java(TM) SE Runtime Environment 6
  • After the old version is uninstalled, download and install the newest version of Java from here

Optional removal: Logitech Desktop Messenger
This program runs every time your computer starts, checks for updates to your logitech product(s) and notifies you if a new update is found. Its also known for sometimes creating a bit of a mess in HJT logs by creating a large number of duplicate entries.
If you'd rather free up system resources and check for updates manually by going to the logitech home page, go to Add/Remove programs uninstall the following:
Logitech Desktop Messenger

Optional removal: URL Assistant
This is a small program that comes pre-installed on some computers.
What it does is to redirect you to a google search when you try to go to a page that doesnt exsist (for instance when you type a wrong address).
If you'd rather not have this happen, go to Add/Remove programs and uninstall the following:
URL Assistant

4) Get new RSIT log
  • Delete this folder: C:\rsit
  • Double click on RSIT.exe (on your desktop) to run RSIT
  • Click Continue at the disclaimer screen to start the scanner
  • Once it has finished, two logs will open:
    • log.txt will be opened maximized
    • info.txt will be opened minimized
  • Post the contents of both log.txt and info.txt in your next reply

Logs I need:
Result from the VirusTotal scan
ESET log
Both RSIT logs

You forgot to answer this question last time:
You have GoToMyPC installed. This is software used to remotely control a PC. Did you install this yourself?

Also, how is the computer running now? Any more ads/spam?
User avatar
Sharagoz
Retired Graduate
 
Posts: 985
Joined: February 22nd, 2008, 4:31 pm
Location: Norway
Advertisement
Register to Remove

Re: "MSN Featured" Spam - Cannot get rid of at ALL!!!

Unread postby refco48 » January 11th, 2009, 7:18 pm

Yes i installed go to my PC but do not need it anymore so i am going to uninstall - also seems to be ok - none of the "MSN Featured" to me from me - most come in right after midnight so i'll see what happens tonight - thanks a lot in advance.
refco48
Regular Member
 
Posts: 16
Joined: January 1st, 2009, 8:20 pm

Re: "MSN Featured" Spam - Cannot get rid of at ALL!!!

Unread postby refco48 » January 13th, 2009, 5:42 pm

All the fixes did not work - still have Featured E-Mail from MSN and no way to unsubscribe. I am ready to go nuts over this.
refco48
Regular Member
 
Posts: 16
Joined: January 1st, 2009, 8:20 pm

Re: "MSN Featured" Spam - Cannot get rid of at ALL!!!

Unread postby Sharagoz » January 13th, 2009, 5:48 pm

I need logs from the previous set of instructions before I can help you further
Logs I need:
Result from the VirusTotal scan
ESET log
Both RSIT logs
User avatar
Sharagoz
Retired Graduate
 
Posts: 985
Joined: February 22nd, 2008, 4:31 pm
Location: Norway

Re: "MSN Featured" Spam - Cannot get rid of at ALL!!!

Unread postby refco48 » January 13th, 2009, 6:00 pm

The same ones i sent a couple of days ago or run them again?
refco48
Regular Member
 
Posts: 16
Joined: January 1st, 2009, 8:20 pm

Re: "MSN Featured" Spam - Cannot get rid of at ALL!!!

Unread postby Sharagoz » January 13th, 2009, 6:44 pm

There was no logs posted two days ago....

Re-do step 1 and 4 of my previous set of instructions and post the logs.
Also post this log:
C:\Program Files\EsetOnlineScanner\log.txt
User avatar
Sharagoz
Retired Graduate
 
Posts: 985
Joined: February 22nd, 2008, 4:31 pm
Location: Norway

Re: "MSN Featured" Spam - Cannot get rid of at ALL!!!

Unread postby refco48 » January 13th, 2009, 7:45 pm

Logfile of random's system information tool 1.05 (written by random/random)
Run by Robert at 2009-01-13 17:36:54
Microsoft® Windows Vista™ Business Service Pack 1
System drive C: has 94 GB (66%) free of 142 GB
Total RAM: 2037 MB (45% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:37:11 PM, on 1/13/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\eFax Messenger 4.3\J2GDllCmd.exe
C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe
C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe
C:\Windows\sttray.exe
C:\Program Files\eAcceleration\OnAccess\onaccess.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\eFax Messenger 4.3\J2GTray.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\PaperMaster Pro 7.0\J2GDllCmd.exe
C:\Program Files\Acceleration Software\Anti-Virus\stopsignav.exe
C:\Program Files\eAcceleration\Station\station_bk.exe
C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE
C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
C:\Program Files\ScanSoft\PDF Professional 4.0\PdfPro4Hook.exe
C:\Program Files\Internet Explorer\IEUser.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Users\Robert\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Robert.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://att.my.yahoo.com/p/3.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer provided by Dell
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
F2 - REG:system.ini: UserInit=C:\Windows\system32\Userinit.exe
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Snapfire Plus\PhotoDownloader.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [eFax 4.3] "C:\Program Files\eFax Messenger 4.3\J2GDllCmd.exe" /R
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PPort11reminder] "C:\Program Files\ScanSoft\PaperPort\Ereg\ereg.exe" -r "C:\ProgramData\ScanSoft\PaperPort\11\Config\Ereg\ereg.ini"
O4 - HKLM\..\Run: [PaperPort PTD] "C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe"
O4 - HKLM\..\Run: [MskAgentexe] C:\Program Files\McAfee\MSK\MskAgent.exe
O4 - HKLM\..\Run: [LVCOMSX] "C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe"
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [IndexSearch] "C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe"
O4 - HKLM\..\Run: [ECenter] c:\dell\E-Center\EULALauncher.exe
O4 - HKLM\..\Run: [PDF4 Registry Controller] "C:\Program Files\ScanSoft\PDF Professional 4.0\RegistryController.exe"
O4 - HKLM\..\Run: [ScanSoft PDF Professional 4-reminder] "C:\Program Files\ScanSoft\PDF Professional 4.0\Ereg\Ereg.exe" -r "C:\ProgramData\ScanSoft\PDF Professional\4\Ereg\Ereg.ini
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [SoftwareStation] "C:\Program Files\eAcceleration\Station\station.exe" /b Startup
O4 - HKLM\..\Run: [webscan] "C:\Program Files\Acceleration Software\Anti-Virus\stopsignav.exe" -k
O4 - HKLM\..\Run: [Carbonite Backup] C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Performance Center] C:\Program Files\Ascentive\Performance Center\APCMain.exe -m
O4 - HKLM\..\Run: [SigmatelSysTrayApp] sttray.exe
O4 - HKLM\..\Run: [OnAccess] "C:\Program Files\eAcceleration\OnAccess\onaccess.exe" -erk
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: PaperMaster Live Menu 7.0.lnk = C:\Program Files\PaperMaster Pro 7.0\J2GDllCmd.exe
O4 - Global Startup: Desktop Manager.lnk = C:\Program Files\Research In Motion\BlackBerry\DesktopMgr.exe
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O4 - Global Startup: eFax 4.3.lnk = C:\Program Files\eFax Messenger 4.3\J2GTray.exe
O4 - Global Startup: Logitech SetPoint.lnk = ?
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Open with ScanSoft PDF Converter 4.1 - res://C:\Program Files\ScanSoft\PDF Professional 4.0\cnvres_eng.dll /100
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {94B82441-A413-4E43-8422-D49930E69764} (TLIEFlashObj Class) - https://chat1.j2.com/Media/VisitorchatEnu/TLIEFlash.CAB
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O16 - DPF: {F5131C24-E56D-11CF-B78A-444553540000} (Ikonic Menu Control) - https://wc.wachovia.com/common/cab/ikcntrls.cab
O23 - Service: CarboniteService - Carbonite, Inc. (http://www.carbonite.com) - C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe
O23 - Service: eAcceleration Notification Service (eac_notifysvc) - eAcceleration Corp - C:\PROGRA~1\EACCEL~1\FRAMEW~1\eac_svc.exe
O23 - Service: eAcceleration Product Manager Service (eac_productsvc) - eAcceleration Corp - C:\PROGRA~1\EACCEL~1\FRAMEW~1\eac_productsvc.exe
O23 - Service: FWService - eAcceleration Corp - C:\Program Files\eAcceleration\Firewall\FWService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: StopSign Update Manager - eAcceleration - C:\Program Files\Common Files\eAcceleration\eacsvc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 10213 bytes

======Scheduled tasks folder======

C:\Windows\tasks\User_Feed_Synchronization-{CB66F83E-71A1-4728-8C2D-0272E93ADB3A}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
&Yahoo! Toolbar Helper - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2008-07-28 882416]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
RealPlayer Download and Record Plugin for Internet Explorer - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll [2008-03-17 370296]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}]
SingleInstance Class - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll [2008-07-28 160496]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2008-07-28 882416]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-19 1008184]
"IgfxTray"=C:\Windows\system32\igfxtray.exe [2007-02-09 98304]
"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2007-02-09 106496]
"Persistence"=C:\Windows\system32\igfxpers.exe [2007-02-09 81920]
"IAAnotif"=C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe [2006-09-29 151552]
"Corel Photo Downloader"=C:\Program Files\Corel\Corel Snapfire Plus\PhotoDownloader.exe []
"ISUSScheduler"=C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [2006-09-11 86960]
"PDVDDXSrv"=C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe [2006-10-20 118784]
"ISUSPM Startup"=C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe [2007-08-30 205480]
"eFax 4.3"=C:\Program Files\eFax Messenger 4.3\J2GDllCmd.exe [2007-03-06 116224]
"SSBkgdUpdate"=C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [2006-10-25 210472]
"PPort11reminder"=C:\Program Files\ScanSoft\PaperPort\Ereg\ereg.exe [2006-03-09 1404928]
"PaperPort PTD"=C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe [2006-05-05 36864]
"MskAgentexe"=C:\Program Files\McAfee\MSK\MskAgent.exe []
"LVCOMSX"=C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe [2006-05-17 243248]
"LogitechCommunicationsManager"=C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe [2006-05-17 480816]
"Logitech Hardware Abstraction Layer"=C:\Windows\KHALMNPR.EXE [2006-05-10 94208]
"IndexSearch"=C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe [2006-05-05 40960]
"ECenter"=c:\dell\E-Center\EULALauncher.exe [2006-11-17 17920]
"PDF4 Registry Controller"=C:\Program Files\ScanSoft\PDF Professional 4.0\RegistryController.exe [2007-01-16 46632]
"ScanSoft PDF Professional 4-reminder"=C:\Program Files\ScanSoft\PDF Professional 4.0\Ereg\Ereg.exe [2006-11-16 35368]
"TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2008-03-17 185896]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2008-03-28 413696]
""= []
"RoxWatchTray"=C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe [2007-04-23 228088]
"SoftwareStation"=C:\Program Files\eAcceleration\Station\station.exe [2008-04-15 173392]
"webscan"=C:\Program Files\Acceleration Software\Anti-Virus\stopsignav.exe [2008-05-14 763232]
"Carbonite Backup"=C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe [2008-06-13 600000]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2008-06-12 34672]
"Performance Center"=C:\Program Files\Ascentive\Performance Center\APCMain.exe -m []
"SigmatelSysTrayApp"=C:\Windows\sttray.exe [2007-02-07 303104]
"OnAccess"=C:\Program Files\eAcceleration\OnAccess\onaccess.exe [2008-06-09 238944]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM"=C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [2007-08-30 205480]
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2008-01-19 202240]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Desktop Manager.lnk - C:\Program Files\Research In Motion\BlackBerry\DesktopMgr.exe
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe
eFax 4.3.lnk - C:\Program Files\eFax Messenger 4.3\J2GTray.exe
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe
WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE

C:\Users\Robert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
PaperMaster Live Menu 7.0.lnk - C:\Program Files\PaperMaster Pro 7.0\J2GDllCmd.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\Windows\system32\igfxdev.dll [2007-02-09 212992]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{42DD0873-5FA9-465D-90DE-0826020416A5}"=C:\Program Files\eAcceleration\OnAccess\onaccess_hk32.dll [2008-06-09 165216]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"EnableShellExecuteHooks"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"EnableShellExecuteHooks"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e5456dfb-e539-11dc-a27e-0019d1469d16}]
shell\AutoRun\command - G:\LaunchU3.exe


======List of files/folders created in the last 1 months======

2009-01-11 11:13:23 ----D---- C:\Users\Robert\AppData\Roaming\Malwarebytes
2009-01-11 11:13:17 ----D---- C:\ProgramData\Malwarebytes
2009-01-11 11:13:17 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-01-11 11:02:14 ----D---- C:\Users\Robert\AppData\Roaming\Yahoo!
2009-01-11 11:02:14 ----D---- C:\ProgramData\Yahoo! Companion
2009-01-11 11:02:10 ----D---- C:\Program Files\CCleaner
2009-01-02 09:01:27 ----D---- C:\rsit
2009-01-01 18:09:14 ----D---- C:\Program Files\Trend Micro
2008-12-19 08:53:28 ----A---- C:\Windows\system32\mshtml.dll

======List of files/folders modified in the last 1 months======

2009-01-13 17:37:05 ----D---- C:\Windows\Prefetch
2009-01-13 17:36:50 ----D---- C:\Windows\Temp
2009-01-13 17:11:46 ----SHD---- C:\System Volume Information
2009-01-13 17:11:27 ----SHD---- C:\Windows\Installer
2009-01-13 17:11:24 ----D---- C:\Program Files\Common Files
2009-01-13 17:11:19 ----D---- C:\Windows\System32
2009-01-13 17:10:46 ----D---- C:\Windows\system32\catroot2
2009-01-13 17:08:23 ----D---- C:\Windows
2009-01-13 17:08:23 ----D---- C:\Program Files\Logitech
2009-01-13 17:08:23 ----A---- C:\Windows\wininit.ini
2009-01-13 15:29:34 ----D---- C:\Windows\inf
2009-01-13 15:29:34 ----A---- C:\Windows\system32\PerfStringBackup.INI
2009-01-13 15:28:39 ----D---- C:\Windows\system32\catroot
2009-01-13 15:28:38 ----D---- C:\Windows\winsxs
2009-01-13 15:23:55 ----D---- C:\MDT
2009-01-11 18:51:09 ----HD---- C:\Program Files\InstallShield Installation Information
2009-01-11 18:51:09 ----D---- C:\Program Files\Citrix
2009-01-11 11:13:20 ----D---- C:\Windows\system32\drivers
2009-01-11 11:13:17 ----RD---- C:\Program Files
2009-01-11 11:13:17 ----HD---- C:\ProgramData
2009-01-11 11:09:45 ----D---- C:\Windows\Minidump
2009-01-11 11:09:45 ----D---- C:\Windows\Debug
2009-01-11 11:02:15 ----D---- C:\Program Files\Yahoo!
2009-01-11 10:54:48 ----D---- C:\Users\Robert\AppData\Roaming\InstallShield
2009-01-06 18:04:30 ----D---- C:\Users\Robert\AppData\Roaming\Corel
2009-01-04 18:32:11 ----SD---- C:\Users\Robert\AppData\Roaming\Microsoft
2008-12-17 22:55:31 ----SD---- C:\Windows\Downloaded Program Files

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 CSC;Offline Files Driver; C:\Windows\system32\drivers\csc.sys [2008-01-18 350720]
R1 DLACDBHM;DLACDBHM; C:\Windows\System32\Drivers\DLACDBHM.SYS [2007-02-08 12856]
R1 DLARTL_M;DLARTL_M; C:\Windows\System32\Drivers\DLARTL_M.SYS [2007-02-08 28120]
R1 FWCore;FWCore; C:\Windows\system32\drivers\fwcore.sys [2008-04-23 58456]
R2 DLABMFSM;DLABMFSM; C:\Windows\System32\DLA\DLABMFSM.SYS [2006-10-26 35096]
R2 DLABOIOM;DLABOIOM; C:\Windows\System32\DLA\DLABOIOM.SYS [2006-10-26 32472]
R2 DLADResM;DLADResM; C:\Windows\System32\DLA\DLADResM.SYS [2006-10-26 9400]
R2 DLAIFS_M;DLAIFS_M; C:\Windows\System32\DLA\DLAIFS_M.SYS [2006-10-26 104536]
R2 DLAOPIOM;DLAOPIOM; C:\Windows\System32\DLA\DLAOPIOM.SYS [2006-10-26 26296]
R2 DLAPoolM;DLAPoolM; C:\Windows\System32\DLA\DLAPoolM.SYS [2006-10-26 14520]
R2 DLAUDF_M;DLAUDF_M; C:\Windows\System32\DLA\DLAUDF_M.SYS [2006-10-26 97848]
R2 DLAUDFAM;DLAUDFAM; C:\Windows\System32\DLA\DLAUDFAM.SYS [2006-10-26 94648]
R2 DRVNDDM;DRVNDDM; C:\Windows\System32\Drivers\DRVNDDM.SYS [2007-02-09 51768]
R2 LBeepKE;LBeepKE; C:\Windows\System32\Drivers\LBeepKE.sys [2006-05-24 3712]
R2 mdmxsdk;mdmxsdk; C:\Windows\system32\DRIVERS\mdmxsdk.sys [2006-06-19 12672]
R2 XAudio;XAudio; C:\Windows\system32\DRIVERS\xaudio.sys [2006-08-04 8192]
R3 e1express;Intel(R) PRO/1000 PCI Express Network Connection Driver; C:\Windows\system32\DRIVERS\e1e6032.sys [2008-01-18 220672]
R3 HSF_DPV;HSF_DPV; C:\Windows\system32\DRIVERS\HSX_DPV.sys [2006-10-18 986624]
R3 HSXHWBS2;HSXHWBS2; C:\Windows\system32\DRIVERS\HSXHWBS2.sys [2006-10-18 258048]
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd32.sys [2007-02-09 1476608]
R3 LHidKe;Logitech SetPoint HID Mouse Filter Driver; C:\Windows\system32\DRIVERS\LHidKE.Sys [2006-05-10 27264]
R3 LMouKE;Logitech SetPoint Mouse Filter Driver; C:\Windows\system32\DRIVERS\LMouKE.Sys [2006-05-10 71680]
R3 RimVSerPort;RIM Virtual Serial Port v2; C:\Windows\system32\DRIVERS\RimSerial.sys [2007-01-18 26496]
R3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\Windows\System32\Drivers\RootMdm.sys [2008-01-18 8192]
R3 STHDA;SigmaTel High Definition Audio CODEC; C:\Windows\system32\drivers\stwrt.sys [2007-02-07 647680]
R3 usbscan;USB Scanner Driver; C:\Windows\system32\DRIVERS\usbscan.sys [2008-01-19 35328]
R3 winachsf;winachsf; C:\Windows\system32\DRIVERS\HSX_CNXT.sys [2006-10-18 659968]
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2008-01-18 5632]
S3 HdAudAddService;Microsoft 1.1 UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-18 8192]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-18 5888]
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2008-01-18 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2008-01-18 6016]
S3 R300;R300; C:\Windows\system32\DRIVERS\atikmdag.sys [2006-11-02 2028032]
S3 RimUsb;BlackBerry Device; C:\Windows\System32\Drivers\RimUsb.sys [2006-11-07 22272]
S3 usb_rndisx;USB RNDIS Adapter; C:\Windows\system32\DRIVERS\usb8023x.sys [2006-11-02 14848]
S3 USBAAPL;Apple Mobile USB Driver; C:\Windows\System32\Drivers\usbaapl.sys []
S3 winusb;WinUSB Service; C:\Windows\system32\DRIVERS\WinUSB.SYS [2008-01-18 31616]
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2008-01-19 39936]
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-18 83328]
S4 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\drivers\wmiacpi.sys [2006-11-02 11264]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 BcmSqlStartupSvc;Business Contact Manager SQL Server Startup Service; C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe [2008-01-11 30312]
R2 BthServ;@%SystemRoot%\System32\bthserv.dll,-101; C:\Windows\system32\svchost.exe [2008-01-19 21504]
R2 CarboniteService;CarboniteService; C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe [2008-06-13 1700288]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2008-01-19 21504]
R2 eac_notifysvc;eAcceleration Notification Service; C:\PROGRA~1\EACCEL~1\FRAMEW~1\eac_svc.exe [2008-09-03 111952]
R2 eac_productsvc;eAcceleration Product Manager Service; C:\PROGRA~1\EACCEL~1\FRAMEW~1\eac_productsvc.exe [2008-10-22 263504]
R2 FWService;FWService; C:\Program Files\eAcceleration\Firewall\FWService.exe [2008-04-23 337232]
R2 IAANTMON;Intel(R) Matrix Storage Event Monitor; C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe [2006-09-29 81920]
R2 RapiMgr;@%windir%\WindowsMobile\rapimgr.dll,-104; C:\Windows\system32\svchost.exe [2008-01-19 21504]
R2 SQLBrowser;SQL Server Browser; c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe [2007-02-10 242544]
R2 SQLWriter;SQL Server VSS Writer; c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe [2007-02-10 89968]
R2 StopSign Update Manager;StopSign Update Manager; C:\Program Files\Common Files\eAcceleration\eacsvc.exe [2008-04-15 103760]
R2 WcesComm;@%windir%\WindowsMobile\wcescomm.dll,-40079; C:\Windows\system32\svchost.exe [2008-01-19 21504]
R2 XAudioService;XAudioService; C:\Windows\system32\DRIVERS\xaudio.exe [2006-08-04 386560]
R3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2008-01-19 21504]
R3 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ); c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2008-02-26 29183504]
R3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S2 Roxio Upnp Server 9;Roxio Upnp Server 9; C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe [2007-04-22 359160]
S2 RoxLiveShare9;LiveShare P2P Server 9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe [2007-04-23 310008]
S2 RoxWatch9;Roxio Hard Drive Watcher 9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe [2007-04-23 166648]
S3 Fax;@%systemroot%\system32\fxsresm.dll,-118; C:\Windows\system32\fxssvc.exe [2008-01-19 523776]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]
S3 Roxio UPnP Renderer 9;Roxio UPnP Renderer 9; C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe [2007-04-22 88824]
S3 RoxMediaDB9;RoxMediaDB9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe [2007-04-23 1010424]
S3 stllssvr;stllssvr; C:\Program Files\Common Files\SureThing Shared\stllssvr.exe [2006-09-14 73728]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2008-01-19 21504]
S3 wbengine;@%systemroot%\system32\wbengine.exe,-104; C:\Windows\system32\wbengine.exe [2008-01-19 917504]
S4 MSSQLServerADHelper;SQL Server Active Directory Helper; c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [2005-10-14 45272]

-----------------EOF-----------------
File tcpip.sys received on 01.14.2009 00:24:10 (CET)Antivirus Version Last Update Result
a-squared 4.0.0.73 2009.01.13 -
AhnLab-V3 2009.1.13.3 2009.01.13 -
AntiVir 7.9.0.54 2009.01.13 -
Authentium 5.1.0.4 2009.01.13 -
Avast 4.8.1281.0 2009.01.13 -
AVG 8.0.0.229 2009.01.13 -
BitDefender 7.2 2009.01.13 -
CAT-QuickHeal 10.00 2009.01.12 -
ClamAV 0.94.1 2009.01.13 -
Comodo 927 2009.01.13 -
DrWeb 4.44.0.09170 2009.01.13 -
eSafe 7.0.17.0 2009.01.13 -
eTrust-Vet 31.6.6306 2009.01.13 -
F-Prot 4.4.4.56 2009.01.13 -
F-Secure 8.0.14470.0 2009.01.13 -
Fortinet 3.117.0.0 2009.01.13 -
GData 19 2009.01.14 -
Ikarus T3.1.1.45.0 2009.01.13 -
K7AntiVirus 7.10.584 2009.01.09 -
Kaspersky 7.0.0.125 2009.01.13 -
McAfee 5494 2009.01.13 -
McAfee+Artemis 5494 2009.01.13 -
Microsoft 1.4205 2009.01.13 -
NOD32 3763 2009.01.13 -
Norman 5.93.01 2009.01.13 -
Panda 9.5.1.2 2009.01.13 -
PCTools 4.4.2.0 2009.01.13 -
Prevx1 V2 2009.01.14 -
Rising 21.12.12.00 2009.01.13 -
SecureWeb-Gateway 6.7.6 2009.01.13 -
Sophos 4.37.0 2009.01.13 -
Sunbelt 3.2.1831.2 2009.01.09 -
Symantec 10 2009.01.14 -
TheHacker 6.3.1.4.218 2009.01.13 -
TrendMicro 8.700.0.1004 2009.01.13 -
VBA32 3.12.8.10 2009.01.13 suspected of Win32.BrokenEmbeddedSignature (paranoid heuristics)
ViRobot 2009.1.13.1556 2009.01.13 -
VirusBuster 4.5.11.0 2009.01.13 -

Additional information
File size: 891448 bytes
MD5...: 82e266bee5f0167e41c6ecfdd2a79c02
SHA1..: f633629656e43452aa08611f0f72d24a46e7441c
SHA256: 1f462e882a662b2a133df035c435001b2ef6364f49a9ed6a6d98bd643093b666
SHA512: 68d9b06394cbedac12e7f7614e869a23d19e1b192d7073b54da9b52dce107b0a<BR>a3728e42daadb142012dbe75c99c8804c3546d3d06b9cb37d10ba7548051e565<BR>
ssdeep: 24576:AU8e8jAyOLkAnwNfH7QijBpVptQ9xtoYA8pk2NoahI/9+6lG:XBmpExtUG<BR>zh<BR>
PEiD..: -
TrID..: File type identification<BR>Win64 Executable Generic (87.2%)<BR>Win32 Executable Generic (8.6%)<BR>Generic Win/DOS Executable (2.0%)<BR>DOS Executable Generic (2.0%)<BR>Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
PEInfo: PE Structure information<BR><BR>( base data )<BR>entrypointaddress.: 0xeb1b9<BR>timedatestamp.....: 0x4812c4f1 (Sat Apr 26 06:00:17 2008)<BR>machinetype.......: 0x14c (I386)<BR><BR>( 9 sections )<BR>name viradd virsiz rawdsiz ntrpy md5<BR>.text 0x1000 0xb845a 0xb8600 6.56 00a1233fe9746187447652d7dc3ffbc6<BR>.rdata 0xba000 0xa624 0xa800 5.96 493d852e4c61e97ecccb7c0f9ef00453<BR>.data 0xc5000 0x127bc 0x8200 0.73 4b04e70641bc018f3bb3ecfe21d14085<BR>PAGE 0xd8000 0x998 0xa00 6.24 adb86400cc1779d55c23b4541ed877a5<BR>.edata 0xd9000 0x49 0x200 0.85 bc4f6499041f7ae6ccd4f9bc34c9a0a6<BR>PAGECONS 0xda000 0x78 0x200 1.25 c38c1652cc4ccd80c9fa5a4b7fd44dce<BR>INIT 0xdb000 0x3e4a 0x4000 5.86 ae6a9304fa92558ccc9e7b58b71aea61<BR>.rsrc 0xdf000 0x3e0 0x400 3.35 26021db0eb5acfd57a42b734b5c2a9bd<BR>.reloc 0xe0000 0x6b2c 0x6c00 6.77 652655dbea4ffa2f4b600805faa41e67<BR><BR>( 8 imports ) <BR>&gt; ntoskrnl.exe: MmUserProbeAddress, PsGetCurrentProcessId, ExAcquireResourceExclusiveLite, KeEnterCriticalRegion, KeLeaveCriticalRegion, ExReleaseResourceLite, ExDeleteResourceLite, ExInitializeResourceLite, RtlUnwind, RtlAnsiCharToUnicodeChar, MmProbeAndLockPages, RtlInitializeBitMap, RtlSetBit, RtlSetBits, ExInitializeLookasideListEx, ExDeleteLookasideListEx, KeBugCheckEx, DbgPrint, RtlEqualSid, RtlSubAuthoritySid, SeQueryInformationToken, ObOpenObjectByPointer, ZwQueryInformationToken, ExGetPreviousMode, ExUuidCreate, ExAllocatePoolWithQuotaTag, KeTickCount, IoGetCurrentProcess, KeInitializeMutex, KeBugCheck, KeDelayExecutionThread, SeSetAuditParameter, SeReportSecurityEventWithSubCategory, DbgBreakPoint, MmSizeOfMdl, MmUnmapLockedPages, ObLogSecurityDescriptor, SeCaptureSubjectContextEx, SeLockSubjectContext, IoGetFileObjectGenericMapping, SeAccessCheck, SeUnlockSubjectContext, SeReleaseSubjectContext, RtlCreateSecurityDescriptor, SeExports, RtlLengthSid, RtlCreateAcl, RtlAddAccessAllowedAceEx, RtlSetDaclSecurityDescriptor, ExInterlockedFlushSList, KeInitializeSemaphore, ExAllocatePoolWithTagPriority, MmUnlockPages, RtlVerifyVersionInfo, KeInitializeTimerEx, ExGetCurrentProcessorCounts, KeSetTimerEx, KeQueryActiveProcessors, KeQueryInterruptTime, KeFlushQueuedDpcs, KeCancelTimer, KeInitializeDpc, KeSetTargetProcessorDpc, KeSetImportanceDpc, KeWaitForMultipleObjects, KeInsertQueueDpc, IoAllocateWorkItem, IoQueueWorkItem, IoFreeWorkItem, MmBuildMdlForNonPagedPool, KeQueryMaximumProcessorCount, RtlInitializeGenericTableAvl, RtlGetVersion, KeQuerySystemTime, RtlLookupElementGenericTableFullAvl, ObDereferenceSecurityDescriptor, IoAllocateErrorLogEntry, IoWriteErrorLogEntry, ExNotifyCallback, KeIsExecutingDpc, PsGetProcessSessionId, InterlockedPushEntrySList, InterlockedPopEntrySList, KefAcquireSpinLockAtDpcLevel, IoAllocateMdl, IoBuildPartialMdl, KefReleaseSpinLockFromDpcLevel, IoFreeMdl, PsGetProcessId, MmMapLockedPagesSpecifyCache, ZwQuerySystemInformation, KeTestSpinLock, KeAcquireInStackQueuedSpinLockAtDpcLevel, KeReleaseInStackQueuedSpinLockFromDpcLevel, ObReferenceSecurityDescriptor, KeReleaseSemaphore, ExCreateCallback, IoBuildDeviceIoControlRequest, IoGetDeviceObjectPointer, ObfReferenceObject, PsGetCurrentProcess, PsIsSystemThread, PsGetThreadProcess, KeGetCurrentThread, KeInitializeEvent, KeSetEvent, RtlEnumerateGenericTableLikeADirectory, RtlIpv4AddressToStringExW, RtlIpv6AddressToStringExW, RtlTimeToTimeFields, ExDeleteNPagedLookasideList, ExInitializeNPagedLookasideList, RtlLengthRequiredSid, RtlInitializeSid, RtlAddAccessAllowedAce, ObSetSecurityObjectByPointer, IoCreateDevice, IoDeleteDevice, KeWaitForSingleObject, KeQueryActiveProcessorCount, KeReleaseMutex, ZwOpenEvent, ObReferenceObjectByHandle, ZwClose, ObfDereferenceObject, KeReadStateEvent, IofCompleteRequest, IofCallDriver, IoWMIRegistrationControl, RtlCompareMemory, RtlInitUnicodeString, MmGetSystemRoutineAddress, RtlValidSid, RtlCopySid, ZwEnumerateKey, ObCloseHandle, RtlIpv4StringToAddressW, RtlIpv6StringToAddressW, RtlIntegerToUnicodeString, RtlConvertSidToUnicodeString, RtlFreeUnicodeString, ZwQueryValueKey, RtlUnicodeStringToInteger, ZwOpenKey, RtlCompareUnicodeString, PsSetCreateProcessNotifyRoutineEx, SeLocateProcessImageName, ZwCreateFile, RtlDowncaseUnicodeString, ZwOpenProcess, KeStackAttachProcess, ZwDuplicateToken, KeUnstackDetachProcess, IoDeleteSymbolicLink, IoCreateSymbolicLink, KeQueryTimeIncrement, PsReferenceImpersonationToken, PsDereferencePrimaryToken, PsReferencePrimaryToken, VerSetConditionMask, RtlFindSetBits, RtlAreBitsClear, RtlFindClearBits, RtlClearBits, ExAcquireResourceSharedLite, RtlClearBit, RtlClearAllBits, SeOpenObjectAuditAlarmForNonObObject, RtlTestBit, PsDereferenceImpersonationToken, RtlQueryRegistryValues, memset, memcpy, ExAllocatePoolWithTag, IoWMIWriteEvent, RtlSubAuthorityCountSid, ExFreePoolWithTag<BR>&gt; NETIO.SYS: FsbAllocateAtDpcLevel, RtlInitializeTimerWheelEntry, NetioShutdownWorkQueue, RtlComputeToeplitzHash, RtlLookupEntryHashTable, RtlGetNextEntryHashTable, RtlInsertEntryHashTable, RtlRemoveEntryHashTable, RtlCleanupTimerWheelEntry, RtlReturnTimerWheelEntry, RtlGetNextExpiredTimerWheelEntry, RtlDeleteElementGenericTableBasicAvl, NetioInitializeWorkQueue, RtlInsertElementGenericTableBasicAvl, FsbAllocate, NetioAdvanceToLocationInNetBuffer, RtlCopyMdlToMdlIndirect, RtlUpdateCurrentTimerWheelTick, RtlEndTimerWheelEnumeration, RtlEnumerateNextTimerWheelEntry, RtlInitializeTimerWheelEnumeration, RtlCleanupTimerWheel, RtlDeleteHashTable, RtlCreateHashTable, RtlInitializeTimerWheel, RtlContractHashTable, RtlExpandHashTable, RtlEndEnumerationHashTable, RtlEnumerateEntryHashTable, RtlInitEnumerationHashTable, NetioFreeOpaquePerProcessorContext, NetioAllocateOpaquePerProcessorContext, TlDefaultRequestQueryDispatchEndpoint, TlDefaultRequestMessage, TlDefaultRequestQueryDispatch, RtlEndWeakEnumerationHashTable, RtlWeaklyEnumerateEntryHashTable, RtlInitWeakEnumerationHashTable, NsiSetAllParameters, RtlCopyMdlToBuffer, NetioFreeNetBufferAndNetBufferList, NetioAllocateAndReferenceNetBufferAndNetBufferList, RtlCopyBufferToMdl, NmrWaitForClientDeregisterComplete, NmrDeregisterClient, NmrClientDetachProviderComplete, NmrClientAttachProvider, NmrRegisterClient, NmrProviderDetachClientComplete, NmrRegisterProvider, NmrWaitForProviderDeregisterComplete, NmrDeregisterProvider, NetioRetreatNetBufferList, NetioAllocateAndReferenceCopyNetBufferListEx, NetioCompleteCopyNetBufferListChain, NetioFreeCopyNetBufferList, NetioInitializeNetBufferListContext, TlDefaultRequestCancel, TlDefaultRequestConnect, TlDefaultRequestListen, NetioReferenceNetBufferList, TlDefaultRequestIoControl, NetioDereferenceNetBufferListChain, NetioAllocateNetBufferMdlAndData, NetioAllocateAndReferenceNetBufferListNetBufferMdlAndData, NetioDereferenceNetBufferList, NetioFreeNetBuffer, NetioExtendNetBuffer, NetioFreeNetBufferList, FsbFree, RtlIndicateTimerWheelEntryTimerStart, NetioFreeMdl, NetioFreeNetBufferListNetBufferMdlAndDataPool, NetioAllocateNetBufferMdlAndDataPool, NetioAllocateNetBufferListNetBufferMdlAndDataPool, NetioFreeNetBufferMdlAndDataPool, RtlCleanupToeplitzHash, RtlInitializeToeplitzHash, WfpStartStreamShim, NetioAllocateMdl, NetioInsertWorkQueue, WfpStreamInspectRemoteDisconnect, WfpStreamInspectReceive, WfpStreamInspectDisconnect, WfpStreamInspectSend, WfpStreamEndpointCleanupBegin, NetioInitializeNetBufferListAndFirstNetBufferContext, NsiEnumerateObjectsAllParameters, NsiReferenceDefaultObjectSecurity, NsiDeregisterChangeNotification, NsiRegisterChangeNotification, NetioCompleteNetBufferListChain, RtlCopyMdlToMdl, NetioAllocateAndReferenceFragmentNetBufferList, SetWfpDeviceObject, IoctlKfdBatchUpdate, IoctlKfdDeleteIndex, IoctlKfdAddIndex, IoctlKfdAddCache, IoctlKfdResetState, IoctlKfdQueryLayerStatistics, IoctlKfdAbortTransaction, IoctlKfdCommitTransaction, IoctlKfdDeleteCache, KfdIsActiveCallout, HfCreateFactory, HfDestroyFactory, NsiSetObjectSecurity, NetioAllocateNetBuffer, NetioAllocateAndReferenceNetBufferList, PtGetNumNodes, PtCreateTable, PtDestroyTable, PtDeleteEntry, PtInsertEntry, PtGetExactMatch, PtEnumOverTable, PtGetLongestMatch, PtGetNextShorterMatch, RtlCompute37Hash, PtGetKey, PtSetData, PtGetData, NsiSetParameter, NsiAllocateAndGetTable, NsiFreeTable, NetioCompleteNetBufferAndNetBufferListChain, NetioQueryNetBufferListTrafficClass, NetioAllocateAndReferenceVacantNetBufferList, NetioAllocateAndReferenceCloneNetBufferListEx, NetioExpandNetBuffer, NetioUpdateNetBufferListContext, NetioAllocateAndReferenceCloneNetBufferList, NetioFreeCloneNetBufferList, NsiGetParameter, KfdCheckAcceptBypass, KfdCheckAndCacheAcceptBypass, KfdCheckConnectBypass, KfdCheckAndCacheConnectBypass, KfdGetLayerActionFromEnumTemplate, KfdEnumLayer, KfdGetNextFilter, KfdDerefFilterContext, KfdFreeEnumHandle, WfpScavangeLeastRecentlyUsedList, KfdAleInitializeFlowTable, WfpSetBucketsToEmptyLru, WfpExpireEntryLru, WfpInsertEntryLru, WfpDeleteEntryLru, WfpStreamIsFilterPresent, KfdToggleFilterActivation, NsiGetAllParameters, WfpInitializeLeastRecentlyUsedList, KfdAleNotifyFlowDeletion, FwppStreamDeleteDpcQueue, WfpUninitializeLeastRecentlyUsedList, KfdAleUninitializeFlowHandles, KfdAleInitializeFlowHandles, KfdGetOffloadEpoch, KfdIsLsoOffloadPossibleV6, KfdIsLsoOffloadPossibleV4, KfdIsV6InTransportFastEmpty, KfdIsV4InTransportFastEmpty, KfdIsV6OutTransportFastEmpty, KfdIsV4OutTransportFastEmpty, WfpRefreshEntryLru, NetioAdvanceNetBufferList, KfdCheckClassifyNeededAndUpdateEpoch, KfdAleAcquireFlowHandleForFlow, KfdClassify, KfdAleReleaseFlowHandleForFlow, KfdGetLayerCacheEpoch, KfdIsLayerEmpty, FwppStreamInject, FwppStreamContinue, FwppCopyStreamDataToBuffer, FwppAdvanceStreamDataPastOffset, FwppTruncateStreamDataAfterOffset, NetioUnRegisterProcessorAddCallback, NetioUnInitializeNetBufferListLibrary, NetioInitializeNetBufferListLibrary, NetioRegisterProcessorAddCallback, RtlInvokeStartRoutines, RtlInvokeStopRoutines, FsbDestroyPool, WfpStopStreamShim, FsbCreatePool, NsiGetParameterEx<BR>&gt; NDIS.SYS: NdisDeregisterProtocolDriver, NdisRegisterProtocolDriver, NdisInitiateOffload, NdisInitializeTimer, NdisAcquireReadWriteLock, NdisGetSessionToCompartmentMappingEpochAndZero, NdisTerminateOffload, NdisUpdateOffload, NdisInvalidateOffload, NdisQueryOffloadState, NdisOidRequest, NdisDirectOidRequest, NdisCompleteNetPnPEvent, NdisCloseAdapterEx, NdisOpenAdapterEx, NdisSetTimer, NdisInitializeReadWriteLock, NdisCancelTimer, NdisCancelSendNetBufferLists, NdisSendNetBufferLists, NdisReleaseReadWriteLock, NdisReturnNetBufferLists, NdisOffloadTcpSend, NdisOffloadTcpReceive, NdisOffloadTcpReceiveReturn, NdisOffloadTcpDisconnect, NdisSetOptionalHandlers, NdisOffloadTcpForward, NdisGetDataBuffer, NetDmaRegisterClient, NetDmaDeregisterClient, NetDmaFreeChannel, NetDmaAllocateChannel, NdisGetProcessorInformation, NdisFreeNetBufferList, NetDmaNullTransfer, NetDmaIsDmaCopyComplete, NdisGetThreadObjectCompartmentId, NdisGetSessionCompartmentId, NdisAdjustNetBufferCurrentMdl, NdisAdvanceNetBufferDataStart, NdisRetreatNetBufferDataStart<BR>&gt; FLTMGR.SYS: FltGetFileNameInformationUnsafe, FltReleaseFileNameInformation<BR>&gt; fwpkclnt.sys: FwpsCalloutUnregisterByKey0, FwpmBfeStateSubscribeChangesWithoutDevice0, FwpmBfeStateUnsubscribeChanges0, FwpsClassifyOptionSet0, FwpmEngineClose0, FwpmEngineOpen0, FwpmSecureSocketDeleteByKeyAsync0, FwpmSecureSocketAddAsync0, FwpmEventProviderIsNetEventTypeEnabled0, FwpsRequestEndpointDeleteNotification0, FwppDispatchDevCtl0, IPsecDriverExpire, IPsecDriverInitiateAcquire, FwpmEventProviderFireNetEvent0, FwpsTcpIpDispatchTableClear0, FwpmEventProviderDestroy0, FwpmEventProviderCreate0, FwpsTcpIpDispatchTableSet0, FwpsCalloutRegisterWithoutDevice0<BR>&gt; HAL.dll: KeGetCurrentIrql, KfReleaseSpinLock, KfLowerIrql, KfAcquireSpinLock, KeAcquireInStackQueuedSpinLock, KeReleaseInStackQueuedSpinLock, KeRaiseIrqlToDpcLevel, ExReleaseFastMutex, ExAcquireFastMutex, KfRaiseIrql, KeQueryPerformanceCounter<BR>&gt; ksecdd.sys: BCryptDestroyHash, BCryptDecrypt, BCryptCloseAlgorithmProvider, BCryptOpenAlgorithmProvider, BCryptSetProperty, BCryptGetProperty, BCryptGenRandom, BCryptHashData, BCryptEncrypt, BCryptGenerateSymmetricKey, BCryptDestroyKey, BCryptFinishHash, BCryptCreateHash<BR>&gt; msrpc.sys: NdrMesTypeDecode2, MesHandleFree, I_RpcExceptionFilter, MesDecodeBufferHandleCreate<BR><BR>( 1 exports ) <BR>EQoSTestHook<BR>


I know i have one more to send - think i took care of Java and Logitech Desktop - thanks again
refco48
Regular Member
 
Posts: 16
Joined: January 1st, 2009, 8:20 pm

Re: "MSN Featured" Spam - Cannot get rid of at ALL!!!

Unread postby Sharagoz » January 14th, 2009, 5:22 am

Are you having trouble finding the ESET log, or do you need perform the scan first?
User avatar
Sharagoz
Retired Graduate
 
Posts: 985
Joined: February 22nd, 2008, 4:31 pm
Location: Norway

Re: "MSN Featured" Spam - Cannot get rid of at ALL!!!

Unread postby refco48 » January 14th, 2009, 11:09 am

Finding it - i did the scan Saturday - it took over an hour.
refco48
Regular Member
 
Posts: 16
Joined: January 1st, 2009, 8:20 pm

Re: "MSN Featured" Spam - Cannot get rid of at ALL!!!

Unread postby Sharagoz » January 15th, 2009, 4:56 pm

Are you having trouble?
I hate to be a nag, but I really need that ESET log if Im going to be able continue to help you
User avatar
Sharagoz
Retired Graduate
 
Posts: 985
Joined: February 22nd, 2008, 4:31 pm
Location: Norway

Re: "MSN Featured" Spam - Cannot get rid of at ALL!!!

Unread postby refco48 » January 15th, 2009, 8:43 pm

Everytime i run the program and turn explorer off i cannot find the log - it takes over an hour - tells me htere are two threats - ask me to buy somethig but the log does not show-up.
refco48
Regular Member
 
Posts: 16
Joined: January 1st, 2009, 8:20 pm

Re: "MSN Featured" Spam - Cannot get rid of at ALL!!!

Unread postby Sharagoz » January 16th, 2009, 5:20 am

The log doesnt pop up, it needs to be opened manually from here:
C:\Program Files\EsetOnlineScanner\log.txt

Another way is to press the windows key and the R key at the same time to open the Run dialog box.
Copy the command below into it and press Enter
Code: Select all
notepad "C:\Program Files\EsetOnlineScanner\log.txt"


Dont do any more ESET scans. The log is already there so all you need to do is open the log and post the contents of it here.
User avatar
Sharagoz
Retired Graduate
 
Posts: 985
Joined: February 22nd, 2008, 4:31 pm
Location: Norway

Re: "MSN Featured" Spam - Cannot get rid of at ALL!!!

Unread postby refco48 » January 16th, 2009, 2:08 pm

I am sorry but i keep getting a message that the 'file does not exist' going to run it again and see what happens.
refco48
Regular Member
 
Posts: 16
Joined: January 1st, 2009, 8:20 pm

Re: "MSN Featured" Spam - Cannot get rid of at ALL!!!

Unread postby Sharagoz » January 16th, 2009, 3:23 pm

Try it one more time. If you're still unable to get the log I will give you an alternate scanner to run.
User avatar
Sharagoz
Retired Graduate
 
Posts: 985
Joined: February 22nd, 2008, 4:31 pm
Location: Norway

Re: "MSN Featured" Spam - Cannot get rid of at ALL!!!

Unread postby refco48 » January 16th, 2009, 3:32 pm

Just did it again keep getting - cannot find message.
refco48
Regular Member
 
Posts: 16
Joined: January 1st, 2009, 8:20 pm
Advertisement
Register to Remove

PreviousNext

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 282 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware