Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Malware/virus check

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Malware/virus check

Unread postby thepatient » January 15th, 2012, 12:13 pm

Hi,

My daugthter has been on my computer and downloaded iLivid and with it came Bandoo Media stuff and Searchqu, which hijacked the search bar. I located iLivid in 'Control Panel -> Add and Remove Programs' and removed it. I also changed google back to my default search.

Additionally she managed to pick up the vista security 2012 virus. I removed this using online forum at bleepingcomputer and downloaded malwarebytes antimalware program and it found and cleaned a trojan file but I want to make sure I have all the residual and peripheral files, registry items, and any other viruses off my system, and I need help with that.

DDS File attached below:

DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 7.0.6002.18005
Run by Paul at 10:47:25 on 2012-01-15
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3069.1801 [GMT -5:00]
.
AV: GFI Software VIPRE *Enabled/Updated* {445B48C3-0FA4-6B16-8F07-6506F305D800}
SP: GFI Software VIPRE *Enabled/Updated* {FF3AA927-299E-6498-B5B7-5E74888292BD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\nvvsvc.exe
C:\Program Files\Fingerprint Reader Suite\upeksvr.exe
C:\Program Files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe
C:\Windows\system32\aestsrv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\NewTech Infosystems\Backup Now EZ\BackupNowEZSvr.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\GFI Software\VIPRE\SBPIMSvc.exe
C:\Windows\system32\STacSV.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\iashost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\OEM04Mon.exe
C:\Program Files\Dell\MediaDirect\PCMService.exe
C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\LaCie\Genie Backup Assistant\GBMAgent.exe
C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe
C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
C:\Program Files\GFI Software\VIPRE\SBAMTray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Fingerprint Reader Suite\psqltray.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\GFI Software\VIPRE\SBAMSvc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\IEUser.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\servicing\TrustedInstaller.exe
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Windows\system32\SearchProtocolHost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10x_ActiveX.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://news.bbc.co.uk/sport2/hi/football/default.stm
uWindow Title = Internet Explorer provided by Dell
mDefault_Page_URL = hxxp://www.google.com/ig/dell?hl=en&cli ... bd=1080312
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0\bin\ssv.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.7227.1100\swg.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\dell\bae\BAE.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: {A057A204-BACC-4D26-8087-36EE87E26986} - No File
uRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
uRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
uRun: [ISUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [PhotoshopElements8SyncAgent] c:\program files\adobe\elements organizer 8.0\ElementsOrganizerSyncAgent.exe
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [ECenter] c:\dell\e-center\EULALauncher.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [OEM04Mon.exe] c:\windows\OEM04Mon.exe
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [PCMService] "c:\program files\dell\mediadirect\PCMService.exe"
mRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\sttray.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NVHotkey] rundll32.exe c:\windows\system32\nvHotkey.dll,Start
mRun: [GBMLite8AgentLaCie] c:\program files\lacie\genie backup assistant\GBMAgent.exe
mRun: [DELL Webcam Manager] "c:\program files\dell\dell webcam manager\DellWMgr.exe" /s
mRun: [PSQLLauncher] "c:\program files\fingerprint reader suite\launcher.exe" /startup
mRun: [RIMBBLaunchAgent.exe] c:\program files\common files\research in motion\usb drivers\RIMBBLaunchAgent.exe
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [SBAMTray] "c:\program files\gfi software\vipre\SBAMTray.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: DisableCAD = 1 (0x1)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0\bin\npjpi160.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} - hxxp://support.dell.com/systemprofiler/SysProExe.CAB
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://webvpn-bw03.jpmorganchase.com/d ... Client.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{91E815F3-E6DF-4A47-B4EF-B88DF23AA238} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{D7FE209D-528A-4E84-9FCD-16BB7C1F404C} : DhcpNameServer = 192.168.1.1
Notify: GoToAssist - c:\program files\citrix\gotoassist\615\G2AWinLogon.dll
Notify: psfus - c:\windows\system32\psqlpwd.dll
AppInit_DLLs: c:\progra~1\google\google~2\GOEC62~1.DLL
LSA: Notification Packages = scecli psqlpwd
.
============= SERVICES / DRIVERS ===============
.
R1 NEOFLTR_650_15255;Juniper Networks TDI Filter Driver (NEOFLTR_650_15255);c:\windows\system32\drivers\NEOFLTR_650_15255.SYS [2010-11-10 85360]
R1 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys [2011-10-26 101112]
R2 AdobeActiveFileMonitor8.0;Adobe Active File Monitor V8;c:\program files\adobe\elements organizer 8.0\PhotoshopElementsFileAgent.exe [2009-9-6 169312]
R2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\AEstSrv.exe [2008-3-11 73728]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-5-27 21504]
R2 NTI BackupNowEZSvr;NTI BackupNowEZSvr;c:\program files\newtech infosystems\backup now ez\BackupNowEZSvr.exe [2009-9-19 45312]
R2 SBAMSvc;VIPRE Antivirus;c:\program files\gfi software\vipre\SBAMSvc.exe [2011-11-1 3287472]
R2 sbapifs;sbapifs;c:\windows\system32\drivers\sbapifs.sys [2011-9-9 77816]
R2 SBPIMSvc;SB Recovery Service;c:\program files\gfi software\vipre\SBPIMSvc.exe [2011-11-1 173424]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2008-3-11 179712]
R3 OEM04Vfx;Creative Camera OEM004 Video VFX Driver;c:\windows\system32\drivers\OEM04Vfx.sys [2008-3-11 7424]
R3 OEM04Vid;Creative Camera OEM004 Driver;c:\windows\system32\drivers\OEM04Vid.sys [2008-3-11 234720]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2009-11-26 135664]
S3 cpuz132;cpuz132;c:\windows\system32\drivers\cpuz132_x32.sys [2009-5-27 12672]
S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\google\google desktop search\GoogleDesktop.exe [2008-3-11 30192]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2009-11-26 135664]
S3 sbwtis;sbwtis;c:\windows\system32\drivers\sbwtis.sys [2011-11-1 72312]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2012-01-15 03:56:03 -------- d-----w- c:\users\paul\appdata\roaming\Malwarebytes
2012-01-15 03:55:54 -------- d-----w- c:\programdata\Malwarebytes
2012-01-15 03:55:52 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-01-15 03:55:52 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-01-14 06:17:10 440192 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-01-14 06:17:10 278528 ----a-w- c:\windows\system32\schannel.dll
2012-01-14 06:17:09 9728 ----a-w- c:\windows\system32\lsass.exe
2012-01-14 06:17:09 72704 ----a-w- c:\windows\system32\secur32.dll
2012-01-14 06:17:09 377344 ----a-w- c:\windows\system32\winhttp.dll
2012-01-14 06:17:09 1259008 ----a-w- c:\windows\system32\lsasrv.dll
2012-01-14 02:30:48 -------- d-----w- c:\users\paul\appdata\local\Ilivid Player
2012-01-14 02:28:57 -------- d-----w- c:\users\paul\appdata\local\PackageAware
2012-01-12 19:32:35 -------- d-----w- c:\program files\iPod
2012-01-12 19:32:33 -------- d-----w- c:\program files\iTunes
2012-01-12 04:32:20 -------- d-----w- c:\users\paul\appdata\roaming\MegaCloud
2012-01-12 04:31:57 -------- d-----w- c:\programdata\Web Installer
2012-01-11 19:17:13 1205064 ----a-w- c:\windows\system32\ntdll.dll
2012-01-11 19:17:11 23552 ----a-w- c:\windows\system32\mciseq.dll
2012-01-11 19:17:11 189952 ----a-w- c:\windows\system32\winmm.dll
2012-01-11 19:17:09 66560 ----a-w- c:\windows\system32\packager.dll
2012-01-11 19:17:09 376320 ----a-w- c:\windows\system32\winsrv.dll
2012-01-11 19:17:08 2409784 ----a-w- c:\program files\windows mail\OESpamFilter.dat
2012-01-11 19:16:39 1314816 ----a-w- c:\windows\system32\quartz.dll
2012-01-11 19:16:38 497152 ----a-w- c:\windows\system32\qdvd.dll
2012-01-03 13:22:02 103864 ----a-w- c:\program files\internet explorer\plugins\nppdf32.dll
.
==================== Find3M ====================
.
2012-01-06 20:40:56 38344 ----a-w- c:\windows\system32\drivers\CO_Mon.sys
2011-11-23 13:37:27 2043904 ----a-w- c:\windows\system32\win32k.sys
2011-11-08 14:42:19 2048 ----a-w- c:\windows\system32\tzres.dll
2011-11-04 14:54:57 1383424 ----a-w- c:\windows\system32\mshtml.tlb
2011-11-01 05:42:10 11632 ----a-w- c:\windows\system32\drivers\vdd\apvdd.dll
2011-11-01 05:42:02 42864 ----a-w- c:\windows\system32\sbbd.exe
2011-11-01 05:08:14 72312 ----a-w- c:\windows\system32\drivers\sbwtis.sys
2011-10-27 08:01:53 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-10-27 08:01:53 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-10-26 20:40:02 101112 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2011-10-25 15:56:04 49152 ----a-w- c:\windows\system32\csrsrv.dll
2011-10-24 19:29:02 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2011-10-24 19:29:02 69632 ----a-w- c:\windows\system32\QuickTime.qts
2011-10-20 15:55:43 834048 ----a-w- c:\windows\system32\wininet.dll
2011-10-20 14:08:44 389632 ----a-w- c:\windows\system32\html.iec
.
============= FINISH: 10:48:15.34 ===============
thepatient
Active Member
 
Posts: 4
Joined: January 15th, 2012, 11:57 am
Advertisement
Register to Remove

Re: Malware/virus check

Unread postby diver79 » January 16th, 2012, 5:54 pm

Hi and welcome to MalwareRemoval.com, sorry for any delay in answering your request for help, the forum is really busy.
My name is Diver79, and I will be helping you with your malware problems. I am currently in training at the Malware University. All of my instructions need to be checked and approved by a teacher, which may lead to a slight delay.

Before we start please note the following important guidelines.
  • The instructions given are for THIS computer only! Using these instructions on a different computer, can make it inoperable!
  • Please DO NOT run any other software or scans whilst I am helping you.

Note: If you haven't done so already, please ensure you have read the following article. ALL USERS OF THIS FORUM MUST READ THIS FIRST where the conditions for receiving help here are explained.
diver79 wrote:Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.
Because of this, I advise you to backup any personal files and folders before you start.
How do I backup my files and folders in XP?
How to backup your data - Vista/Win7

Looking into your logs now. Will post instructions soon...

diver79.
User avatar
diver79
Retired Graduate
 
Posts: 1004
Joined: January 3rd, 2010, 7:03 pm

Re: Malware/virus check

Unread postby diver79 » January 16th, 2012, 6:17 pm

Hi thepatient,

I would like to see what malwarebytes removed to give me a better understanding of the problems on your computer. Follow the instructions below to locate the log file.

Malwarebytes log
  • Click the Start Button.
  • In the Search programs and files search box paste the following location and press the Enter key;
    C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\Logs\
  • Locate the .txt file that corresponds to the date you ran the scan. It should be in the following format mbam-log-yyyy-mm-dd.txt
  • Paste the contents of this file in your next reply.


Attach.txt log
You did not post the attach.txt log that DDS produced.
Please re-run DDS and post the contents of the Attach.txt log file.


OTL - Custom Fix
Please right-click on the filename link below and select "Save target as..." or "Save Link as...", choose the Desktop location, and choose to save as the filename :Fix.txt
SQW7-Vista_x32.TXT

Download the OTL Scanner
Please download OTL.exe by OldTimer and save it to your desktop.
Right Click on the OTL icon and select "Run as administrator".
  • Click the Run Fix button at the top.
  • You will see a popup dialog reporting "No fix has been provided. Click OK to load from a file or Cancel". Click on OK
  • When the Open dialog comes up, Navigate to the Desktop, scroll to find the file named Fix.txt and click Open
  • Some text will appear in the Custom scans/Fixes box.
  • Click the Run Fix button.
  • Let the program run unhindered and reboot the PC when it is done.
    When the computer Reboots, and you start your usual account, a Notepad text file will appear.
  • Copy the contents of that file and post it in your next reply. The file will also appear on your desktop as OTL.txt


For your next Reply
  • mbam log file
  • attach.txt log file
  • OTL.txt log file
User avatar
diver79
Retired Graduate
 
Posts: 1004
Joined: January 3rd, 2010, 7:03 pm

Re: Malware/virus check

Unread postby thepatient » January 16th, 2012, 9:52 pm

Hi,

I ran the MBAM a few times. The logs were not under the file headings you attached, but I located them in the program itself. The results of each are below. The last one is clean. Also, when running the last scan Run Fix the system stalled and when I rebooted, IE has a new homepage. Is this normal? Can you explain?

---------------------------------------------------------

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 7.0.6002.18005
Paul :: PAUL-PC [administrator]

1/14/2012 10:56:35 PM
mbam-log-2012-01-14 (22-56-35).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 51114
Time elapsed: 3 minute(s), 22 second(s) [aborted]

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 7.0.6002.18005
Paul :: PAUL-PC [administrator]

1/14/2012 11:06:58 PM
mbam-log-2012-01-14 (23-06-58).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 370825
Time elapsed: 2 hour(s), 43 minute(s), 54 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Users\Paul\AppData\Local\Temp\Low\0.53838275147833.tmp (Trojan.FakeMS) -> Quarantined and deleted successfully.

(end)

Malwarebytes Anti-Malware 1.60.0.1800
www.malwarebytes.org

Database version: v2012.01.16.02

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 7.0.6002.18005
Paul :: PAUL-PC [administrator]

1/16/2012 1:49:32 PM
mbam-log-2012-01-16 (13-49-32).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 371684
Time elapsed: 2 hour(s), 27 minute(s), 19 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

------------------------------------------------------------------------------------------------------------------------

.
DDS (Ver_2011-08-26.01)
.
Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume3
Install Date: 3/11/2008 1:35:57 PM
System Uptime: 1/16/2012 6:53:01 AM (14 hours ago)
.
Motherboard: Dell Inc. | |
Processor: Intel(R) Core(TM)2 Duo CPU T7500 @ 2.20GHz | Microprocessor | 1200/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 136 GiB total, 9.129 GiB free.
D: is FIXED (NTFS) - 10 GiB total, 4.127 GiB free.
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP496: 1/15/2012 11:42:44 AM - Scheduled Checkpoint
.
==== Installed Programs ======================
.
7-Zip 4.57
Acrobat.com
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Photoshop Elements 8.0
Adobe Photoshop Lightroom 3.4
Adobe Photoshop.com Inspiration Browser
Adobe Reader 9.5.0
Adobe Shockwave Player
Advanced Audio FX Engine
Advanced Video FX Engine
Apple Application Support
Apple Mobile Device Support
Apple Software Update
BlackBerry Desktop Software 6.1
Bonjour
Broadcom Management Programs
Browser Address Error Redirector
Canon CanoScan Toolbox 5.0
Canon DIGITAL CAMERA Solution Disk Software Guide
Canon IJ Network Scan Utility
Canon IJ Network Tool
CANON iMAGE GATEWAY MyCamera Download Plugin
CANON iMAGE GATEWAY Task for ZoomBrowser EX
Canon Internet Library for ZoomBrowser EX
Canon MOV Decoder
Canon MOV Encoder
Canon MovieEdit Task for ZoomBrowser EX
Canon MP Navigator EX 2.0
Canon MP620 series MP Drivers
Canon MP620 series User Registration
Canon Personal Printing Guide
Canon PowerShot S95 Camera User Guide
Canon RAW Codec
Canon RAW Image Task for ZoomBrowser EX
Canon Utilities CameraWindow DC 8
Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
Canon Utilities CameraWindow Launcher
Canon Utilities Digital Photo Professional 3.9
Canon Utilities Easy-PhotoPrint EX
Canon Utilities EOS Utility
Canon Utilities Movie Uploader for YouTube
Canon Utilities My Printer
Canon Utilities MyCamera
Canon Utilities Original Data Security Tools
Canon Utilities PhotoStitch
Canon Utilities Picture Style Editor
Canon Utilities RemoteCapture Task for ZoomBrowser EX
Canon Utilities Solution Menu
Canon Utilities WFT Utility
Canon Utilities ZoomBrowser EX
Canon ZoomBrowser EX Memory Card Utility
CanoScan 4400F
Citrix XenApp Web Plugin
Compatibility Pack for the 2007 Office system
Computrace
Confidence Online(tm) for Web Applications
CPUID HWMonitor 1.14
datasafeupdate
Dell Driver Download Manager
Dell Getting Started Guide
Dell Support Center
Dell Touchpad
Dell Webcam Center
Dell Webcam Manager
EOS USB WIA Driver
eReg
Excel Programming Weekend Crash Course
Fingerprint Reader Suite 5.6
Garmin ANT Agent
Garmin Communicator Plugin
Garmin USB Drivers
Genie Backup Assistant
Google Desktop
Google Toolbar for Internet Explorer
Google Update Helper
GoToAssist Corporate
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
iCloud
Intel(R) PROSet/Wireless Software
iTunes
Java(TM) SE Runtime Environment 6
Juniper Networks Cache Cleaner 6.5.0
Juniper Networks Host Checker
Juniper Networks Secure Application Manager
Juniper Networks Setup Client
Laptop Integrated Webcam Driver (1.03.01.1011)
Live! Cam Avatar Creator
Live! Cam Avatar v1.0
Malwarebytes Anti-Malware version 1.60.0.1800
mCore
MediaDirect
mHelp
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2656353)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Office File Validation Add-In
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Professional Edition 2003
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
mMHouse
MobileMe Control Panel
Move Networks Media Player for Internet Explorer
mPfMgr
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Music, Photos & Videos Launcher
mWMI
NOOK for PC
NTI Backup Now EZ
NVIDIA Drivers
OutlookAddinSetup
Product Documentation Launcher
QualxServ Service Agreement
QuickSet
QuickTime
Roxio Creator Audio
Roxio Creator BDAV Plugin
Roxio Creator Copy
Roxio Creator Data
Roxio Creator DE
Roxio Creator Premier
Roxio Creator Tools
Roxio EasyArchive
Roxio Express Labeler 3
Roxio MyDVD Premier
Roxio Update Manager
Safari
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Shortcut Button
Skype™ 5.5
Sonic Activation Module
Spelling Dictionaries Support For Adobe Reader 8
TouchChip USB Driver 2.6
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
User's Guides
Veetle TV 0.9.14
VIPRE Antivirus
VitalSource Bookshelf
VZAccess Manager for Sierra Wireless
WIDCOMM Bluetooth Software 6.0.1.3100
Windows Driver Package - Dynastream Innovations (libusb0) LibUsbDevices (07/07/2009 1.12.2)
Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0)
.
==== End Of File ===========================

Files\Folders moved on Reboot...
File\Folder C:\Users\Paul\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\GRVUIQ7I\viewtopic[2].htm not found!
File\Folder C:\Users\Paul\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\EO79MQP1\viewtopic[2].htm not found!
C:\Users\Paul\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT moved successfully.

Registry entries deleted on Reboot...
thepatient
Active Member
 
Posts: 4
Joined: January 15th, 2012, 11:57 am

Re: Malware/virus check

Unread postby diver79 » January 18th, 2012, 4:11 pm

Hi thepatient,

Can you let me know what you use the following applications for?

  • Citrix XenApp Web Plugin
  • Juniper Networks Cache Cleaner 6.5.0
  • Juniper Networks Host Checker
  • Juniper Networks Secure Application Manager
  • Juniper Networks Setup Client

Thanks,

diver79.
User avatar
diver79
Retired Graduate
 
Posts: 1004
Joined: January 3rd, 2010, 7:03 pm

Re: Malware/virus check

Unread postby thepatient » January 18th, 2012, 9:39 pm

Sure. The Junipers are used for remote dial in to an employer network. I think the citrix was downloaded for the same reason, but I can probably delete that one now, as it is not used.
thepatient
Active Member
 
Posts: 4
Joined: January 15th, 2012, 11:57 am

Re: Malware/virus check

Unread postby diver79 » January 19th, 2012, 7:12 am

Hi thepatient,

Are you still using Juniper or any other software to connect to an employer network?

Thanks,

diver79.
User avatar
diver79
Retired Graduate
 
Posts: 1004
Joined: January 3rd, 2010, 7:03 pm

Re: Malware/virus check

Unread postby thepatient » January 19th, 2012, 11:29 am

Hi,

I need the Juniper network, but I have removed the Citrix thinwall plugin.
thepatient
Active Member
 
Posts: 4
Joined: January 15th, 2012, 11:57 am

Re: Malware/virus check

Unread postby deltalima » January 19th, 2012, 2:20 pm

Business Use / Business Networked Computer
It appears you are using your computer for business purposes or connecting to a business network.

May I draw your attention to the topic: ALL USERS OF THIS FORUM MUST READ THIS FIRST, which you should have read before posting for help.

The section here explains why we do not offer help for such computers. Thank you for your understanding.


This topic is now closed.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 123 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware