Malware and Trojans plus Windows Vista Updates problems [Closed]

Need a geek? Geeks to Go offers free, quality tech support -- in terms anyone can understand. Volunteers are waiting to help, friendly, technology experts who have knowledge to share, and enjoy helping others. Feel free to browse the site as a guest. However, you must log in to reply to existing topics, or to start a new topic of your own. Other benefits of joining include richer forum features, and removal of all advertising. Learn more in our Welcome Guide Infected? Malware and Spyware Cleaning Guide. What are you waiting for? Click here to join for free today!

> Geeks to Go! » Security » Virus, Spyware and Trojan Removal

Malware and Trojans plus Windows Vista Updates problems [Closed], Malware and Trojans plus Windows Vista Updates problems

Options

Rorschach112 View Member Profile	Nov 1 2009, 06:41 PM Post #2
GeekU Teacher Posts: 35,078 From: Dublin OS: XP	hi Please download GooredFix from one of the locations below and save it to your Desktop Download Mirror #1 Download Mirror #2 Ensure all Firefox windows are closed. To run the tool, double-click it (XP), or right-click and select Run As Administrator (Vista). When prompted to run the scan, click Yes. GooredFix will check for infections, and then a log will appear. Please post the contents of that log in your next reply (it can also be found on your desktop, called GooredFix.txt). Download ComboFix from one of these locations: Link 1 Link 2 * IMPORTANT !!! Save ComboFix.exe to your Desktop Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you don't know how to disable them then just continue on. Double click on ComboFix.exe & follow the prompts. As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware. Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console. Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures. Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message: Click on Yes, to continue scanning for malware. When finished, it shall produce a log for you. Please include the C:\ComboFix.txt** log in your next reply.

shayspace View Member Profile	Nov 2 2009, 07:21 AM Post #3
New Member Posts: 5 OS: Windows Vista	Here's the GooredFix Log: GooredFix by jpshortstuff (24.09.09.1) Log created at 07:19 on 02/11/2009 (Emma B. Sykes) Firefox version [Unable to determine] ========== GooredScan ========== ========== GooredLog ========== C:\Program Files\Mozilla Firefox\extensions\ (none) [HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions] "{20a82645-c095-46ed-80e3-08825760534b}"="c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\" [08:13 04/09/2009] ---------- Old Logs ---------- GooredFix[13.17.42_02-11-2009].txt -=E.O.F=-

shayspace View Member Profile	Nov 2 2009, 09:09 AM Post #4
New Member Posts: 5 OS: Windows Vista	ComboFix Log ComboFix 09-11-01.04 - Emma B. Sykes 11/02/2009 8:54.2.2 - NTFSx86 Microsoft� Windows Vista� Home Basic 6.0.6002.2.1252.1.1033.18.2036.1355 [GMT -6:00] Running from: c:\users\Emma B. Sykes\Desktop\ComboFix.exe SP: Windows Defender enabled (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46} . ((((((((((((((((((((((((( Files Created from 2009-10-02 to 2009-11-02 ))))))))))))))))))))))))))))))) . 2009-11-02 15:03 . 2009-11-02 15:03 -------- d-----w- c:\users\Emma B. Sykes\AppData\Local\temp 2009-11-02 15:03 . 2009-11-02 15:03 -------- d-----w- c:\users\Public\AppData\Local\temp 2009-11-02 15:03 . 2009-11-02 15:03 -------- d-----w- c:\users\Mariska Sykes\AppData\Local\temp 2009-11-02 15:03 . 2009-11-02 15:03 -------- d-----w- c:\users\Jessie J. Sykes\AppData\Local\temp 2009-11-02 15:03 . 2009-11-02 15:03 -------- d-----w- c:\users\Default\AppData\Local\temp 2009-11-02 13:06 . 2009-11-02 14:46 -------- d-----w- c:\users\Emma B. Sykes\Tracing 2009-11-02 08:06 . 2009-08-06 04:48 54632 ----a-w- c:\windows\system32\drivers\fssfltr.sys 2009-11-02 08:05 . 2009-11-02 08:05 -------- d-----w- c:\program files\Microsoft Sync Framework 2009-11-02 08:05 . 2006-11-29 19:06 3426072 ----a-w- c:\windows\system32\d3dx9_32.dll 2009-11-02 08:04 . 2009-11-02 08:04 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition 2009-11-02 08:03 . 2009-11-02 08:03 -------- d-----w- c:\program files\Windows Live SkyDrive 2009-11-02 08:03 . 2009-11-02 08:06 -------- d-----w- c:\program files\Windows Live 2009-11-02 08:03 . 2009-11-02 08:03 -------- d-----w- c:\windows\PCHEALTH 2009-11-02 05:25 . 2009-11-02 05:25 -------- d-----w- c:\program files\Common Files\Windows Live 2009-11-02 00:14 . 2009-11-02 00:14 -------- d-----w- c:\windows\CheckSur 2009-11-01 04:35 . 2009-11-01 04:35 -------- d-----w- c:\program files\Windows Portable Devices 2009-11-01 04:20 . 2009-10-01 01:02 30208 ----a-w- c:\windows\system32\WPDShextAutoplay.exe 2009-11-01 04:20 . 2009-10-01 01:02 31232 ----a-w- c:\windows\system32\BthMtpContextHandler.dll 2009-11-01 04:20 . 2009-10-01 01:01 81920 ----a-w- c:\windows\system32\wpdbusenum.dll 2009-11-01 04:20 . 2009-10-01 01:01 60928 ----a-w- c:\windows\system32\PortableDeviceConnectApi.dll 2009-11-01 04:20 . 2009-10-01 01:02 2537472 ----a-w- c:\windows\system32\wpdshext.dll 2009-11-01 04:20 . 2009-10-01 01:01 546816 ----a-w- c:\windows\system32\wpd_ci.dll 2009-11-01 04:20 . 2009-10-01 01:02 334848 ----a-w- c:\windows\system32\PortableDeviceApi.dll 2009-11-01 04:20 . 2009-10-01 01:02 87552 ----a-w- c:\windows\system32\WPDShServiceObj.dll 2009-11-01 04:20 . 2009-10-01 01:01 160256 ----a-w- c:\windows\system32\PortableDeviceTypes.dll 2009-11-01 04:20 . 2009-10-01 01:01 350208 ----a-w- c:\windows\system32\WPDSp.dll 2009-11-01 04:20 . 2009-10-01 01:01 196608 ----a-w- c:\windows\system32\PortableDeviceWMDRM.dll 2009-11-01 04:20 . 2009-10-01 01:01 100864 ----a-w- c:\windows\system32\PortableDeviceClassExtension.dll 2009-11-01 04:19 . 2009-10-08 21:07 4096 ----a-w- c:\windows\system32\oleaccrc.dll 2009-11-01 04:19 . 2009-10-08 21:08 234496 ----a-w- c:\windows\system32\oleacc.dll 2009-11-01 04:19 . 2009-10-08 21:08 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll 2009-10-31 16:45 . 2009-10-31 16:45 5216 ----a-w- c:\users\Emma B. Sykes\AppData\Local\d3d9caps.dat 2009-10-31 16:09 . 2009-10-31 16:11 -------- d-----w- c:\windows\system32\ca-ES 2009-10-31 16:09 . 2009-10-31 16:10 -------- d-----w- c:\windows\system32\eu-ES 2009-10-31 16:09 . 2009-10-31 16:10 -------- d-----w- c:\windows\system32\vi-VN 2009-10-30 17:55 . 2009-10-30 17:55 -------- d-----w- c:\programdata\F-Secure 2009-10-30 14:11 . 2009-10-30 14:11 -------- d-----w- C:\411fa47e3ddbc54545a8 2009-10-30 06:26 . 2009-10-01 15:29 195440 ------w- c:\windows\system32\MpSigStub.exe 2009-10-29 18:52 . 2009-07-28 21:33 55656 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2009-10-29 18:52 . 2009-03-30 15:33 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys 2009-10-29 18:52 . 2009-10-29 18:52 -------- d-----w- c:\programdata\Avira 2009-10-29 18:52 . 2009-10-29 18:52 -------- d-----w- c:\program files\Avira 2009-10-29 17:50 . 2009-10-29 17:50 -------- d-----w- c:\windows\system32\EventProviders 2009-10-29 17:45 . 2009-11-02 00:36 -------- d-----w- C:\ATF 2009-10-29 15:43 . 2009-10-29 15:43 -------- d-----w- c:\users\Emma B. Sykes\AppData\Roaming\Malwarebytes 2009-10-29 15:43 . 2009-09-10 19:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-10-29 15:43 . 2009-09-10 19:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-10-29 15:43 . 2009-10-29 15:43 -------- d-----w- c:\programdata\Malwarebytes 2009-10-29 15:43 . 2009-10-29 15:49 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2009-10-28 16:24 . 2009-09-10 14:58 310784 ----a-w- c:\windows\system32\unregmp2.exe 2009-10-28 16:24 . 2009-09-10 14:59 8147456 ----a-w- c:\windows\system32\wmploc.DLL 2009-10-24 03:00 . 2009-10-24 03:00 -------- d-----w- c:\users\Mariska Sykes\AppData\Roaming\Roxio 2009-10-20 19:46 . 2009-04-11 06:28 324608 ----a-w- c:\windows\system32\sdohlp.dll 2009-10-20 19:45 . 2009-04-11 06:28 34304 ----a-w- c:\windows\system32\wshbth.dll 2009-10-20 13:12 . 2009-08-07 02:24 44768 ----a-w- c:\windows\system32\wups2.dll 2009-10-20 13:12 . 2009-08-07 02:24 53472 ----a-w- c:\windows\system32\wuauclt.exe 2009-10-20 13:12 . 2009-08-07 02:23 1929952 ----a-w- c:\windows\system32\wuaueng.dll 2009-10-20 13:12 . 2009-08-07 01:45 2421760 ----a-w- c:\windows\system32\wucltux.dll 2009-10-20 13:11 . 2009-08-07 02:24 35552 ----a-w- c:\windows\system32\wups.dll 2009-10-20 13:11 . 2009-08-07 02:23 575704 ----a-w- c:\windows\system32\wuapi.dll 2009-10-20 13:11 . 2009-08-07 01:44 87552 ----a-w- c:\windows\system32\wudriver.dll 2009-10-20 13:11 . 2009-08-07 00:23 171608 ----a-w- c:\windows\system32\wuwebv.dll 2009-10-20 13:11 . 2009-08-06 23:44 33792 ----a-w- c:\windows\system32\wuapp.exe 2009-10-17 18:21 . 2009-10-17 18:32 -------- d-----w- c:\users\Emma B. Sykes\AppData\Roaming\VTExtra 2009-10-17 18:15 . 2009-10-17 18:21 -------- d-----w- c:\users\Emma B. Sykes\AppData\Local\VTShared 2009-10-17 18:15 . 2009-10-29 18:00 -------- d-----w- c:\users\Emma B. Sykes\AppData\Local\VIPSlotsCasino 2009-10-17 17:57 . 2009-10-17 17:57 -------- d-----w- c:\users\Emma B. Sykes\Office Genuine Advantage 2009-10-15 20:21 . 2009-10-15 20:21 -------- d-----w- c:\users\Mariska Sykes\AppData\Local\The Weather Channel 2009-10-15 16:10 . 2009-10-15 16:10 680 ----a-w- c:\users\Mariska Sykes\AppData\Local\d3d9caps.dat 2009-10-14 09:06 . 2009-09-10 16:48 218624 ----a-w- c:\windows\system32\msv1_0.dll 2009-10-14 09:06 . 2009-08-04 12:34 3600456 ----a-w- c:\windows\system32\ntkrnlpa.exe 2009-10-14 09:06 . 2009-08-04 12:34 3548216 ----a-w- c:\windows\system32\ntoskrnl.exe 2009-10-14 09:04 . 2009-09-04 12:24 61440 ----a-w- c:\windows\system32\msasn1.dll 2009-10-14 09:04 . 2009-09-14 09:29 144896 ----a-w- c:\windows\system32\drivers\srv2.sys 2009-10-14 09:04 . 2009-04-02 12:37 604672 ----a-w- c:\windows\system32\WMSPDMOD.DLL 2009-10-10 22:28 . 2009-10-10 22:28 -------- d-----w- c:\users\Emma B. Sykes\AppData\Roaming\magicJackOutlookAddIn 2009-10-10 20:48 . 2009-10-10 20:48 -------- d-----w- c:\users\Emma B. Sykes\AppData\Roaming\PeerNetworking 2009-10-10 20:47 . 2009-10-10 20:47 -------- d-----w- c:\users\Emma B. Sykes\AppData\Local\The Weather Channel 2009-10-10 20:39 . 2009-10-10 20:39 -------- d-----w- c:\users\Emma B. Sykes\AppData\Roaming\Motive 2009-10-10 20:30 . 2009-10-10 20:30 -------- d-----w- c:\users\Emma B. Sykes\AppData\Local\tjnet 2009-10-10 19:38 . 2009-10-25 14:17 -------- d-----w- c:\users\Emma B. Sykes\AppData\Roaming\mjusbsp 2009-10-10 15:04 . 2009-10-10 15:04 -------- d-----w- c:\program files\MSN Toolbar Installer 2009-10-09 23:50 . 2009-10-09 23:50 -------- d-----w- c:\users\Jessie J. Sykes\AppData\Roaming\WildTangent 2009-10-09 23:46 . 2009-10-09 23:46 -------- d-----w- c:\users\Jessie J. Sykes\Office Genuine Advantage 2009-10-07 19:33 . 2009-10-07 19:33 -------- d-----w- c:\users\Jessie J. Sykes\AppData\Local\MigWiz 2009-10-07 17:16 . 2009-10-07 19:33 680 ----a-w- c:\users\Jessie J. Sykes\AppData\Local\d3d9caps.dat 2009-10-06 21:21 . 2009-10-06 21:21 -------- d-----w- c:\users\Jessie J. Sykes\AppData\Roaming\CyberLink 2009-10-06 16:01 . 2009-10-06 16:01 -------- d-----w- c:\users\Jessie J. Sykes\AppData\Local\The Weather Channel 2009-10-04 17:31 . 2009-10-04 17:31 -------- d-----w- c:\users\Mariska Sykes\AppData\Roaming\PlayFirst 2009-10-03 21:08 . 2009-10-03 21:08 -------- d-----w- c:\users\Emma B. Sykes\AppData\Roaming\yahoo! 2009-10-03 21:08 . 2009-10-03 21:08 -------- d-----w- c:\users\Emma B. Sykes\AppData\Roaming\iolo 2009-10-03 21:08 . 2009-10-03 21:08 -------- d-----w- c:\users\Emma B. Sykes\AppData\Local\SupportSoft 2009-10-03 21:08 . 2009-10-20 08:17 -------- d-----w- c:\users\Emma B. Sykes\AppData\Local\Google 2009-10-03 21:07 . 2009-10-03 21:07 -------- d-----w- c:\users\Emma B. Sykes\AppData\Local\PowerDVD DX 2009-10-03 21:07 . 2009-10-12 18:34 54600 ----a-w- c:\users\Emma B. Sykes\AppData\Local\GDIPFONTCACHEV1.DAT 2009-10-03 18:51 . 2009-10-03 18:51 -------- d-----w- c:\users\Mariska Sykes\AppData\Roaming\DivX 2009-10-03 18:25 . 2009-10-03 18:49 -------- d-----w- c:\program files\DivX 2009-10-03 18:25 . 2009-10-03 18:49 -------- d-----w- c:\program files\Common Files\DivX Shared . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-11-02 05:24 . 2009-09-02 21:43 -------- d-----w- c:\program files\Microsoft 2009-11-01 04:34 . 2009-11-01 04:34 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_07_00.Wdf 2009-10-31 16:11 . 2006-11-02 12:35 -------- d-----w- c:\program files\Windows Calendar 2009-10-31 16:11 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail 2009-10-31 16:11 . 2006-11-02 12:35 -------- d-----w- c:\program files\Windows Sidebar 2009-10-31 16:11 . 2006-11-02 12:35 -------- d-----w- c:\program files\Windows Collaboration 2009-10-31 16:11 . 2006-11-02 12:35 -------- d-----w- c:\program files\Windows Photo Gallery 2009-10-31 16:11 . 2006-11-02 12:35 -------- d-----w- c:\program files\Windows Defender 2009-10-30 02:30 . 2008-09-12 20:12 -------- d-----w- c:\program files\Rushmore Casino 2009-10-30 00:36 . 2009-09-08 20:50 -------- d-----w- c:\program files\Sukoku 2009-10-29 18:15 . 2009-10-02 00:31 180200 --sha-w- c:\windows\system32\drivers\fidbox.idx 2009-10-29 18:15 . 2009-10-02 00:31 13296672 --sha-w- c:\windows\system32\drivers\fidbox.dat 2009-10-29 18:05 . 2008-08-09 01:41 -------- d-----w- c:\programdata\Symantec 2009-10-29 18:05 . 2008-08-09 01:40 -------- d-----w- c:\program files\Common Files\Symantec Shared 2009-10-29 18:03 . 2009-09-02 21:34 -------- d-----w- c:\program files\AOL Games 2009-10-29 18:03 . 2008-07-22 23:44 -------- d--h--w- c:\program files\InstallShield Installation Information 2009-10-29 17:41 . 2008-07-26 14:04 -------- d-----w- c:\program files\PlayFirst 2009-10-29 17:40 . 2009-10-02 00:11 -------- d-----w- c:\program files\Common Files\ParetoLogic 2009-10-29 17:40 . 2009-10-02 00:11 -------- d-----w- c:\programdata\ParetoLogic 2009-10-24 02:43 . 2009-10-03 03:18 54600 ----a-w- c:\users\Jessie J. Sykes\AppData\Local\GDIPFONTCACHEV1.DAT 2009-10-15 08:06 . 2009-09-26 20:24 -------- d-----w- c:\program files\TS 2009-10-12 04:13 . 2009-06-25 05:10 54600 ----a-w- c:\users\Mariska Sykes\AppData\Local\GDIPFONTCACHEV1.DAT 2009-10-06 00:03 . 2009-09-06 00:48 -------- d-----w- c:\users\Mariska Sykes\AppData\Roaming\W Photo Studio 2009-10-03 20:03 . 2009-10-03 03:00 -------- d-----w- c:\program files\Microsoft Silverlight 2009-10-03 03:18 . 2009-10-03 03:18 -------- d-----w- c:\users\Jessie J. Sykes\AppData\Roaming\iolo 2009-10-03 03:18 . 2009-10-03 03:18 -------- d-----w- c:\users\Jessie J. Sykes\AppData\Roaming\yahoo! 2009-10-02 00:11 . 2009-10-02 00:11 -------- d-----w- c:\programdata\ParetoLogic Anti-Virus PLUS 2009-10-01 00:12 . 2009-09-30 22:20 -------- d-----w- c:\programdata\iolo 2009-09-30 22:49 . 2008-07-28 22:02 -------- d-----w- c:\program files\Yahoo! 2009-09-30 22:47 . 2008-08-09 01:40 -------- d-----w- c:\programdata\Yahoo! 2009-09-30 22:47 . 2008-08-09 01:41 -------- d-----w- c:\program files\Symantec 2009-09-30 22:33 . 2009-09-30 22:20 -------- d-----w- c:\users\Mariska Sykes\AppData\Roaming\iolo 2009-09-30 22:20 . 2009-09-30 22:20 74703 ----a-w- c:\windows\system32\mfc45.dll 2009-09-27 08:00 . 2009-09-27 08:00 -------- d-----w- c:\program files\MSXML 4.0 2009-09-27 06:24 . 2009-05-25 22:02 -------- d-----w- c:\program files\AcidCrew Software 2009-09-26 21:26 . 2009-09-26 21:26 -------- d-----w- c:\programdata\Fenomen Games 2009-09-26 20:40 . 2009-09-26 20:40 -------- d-----w- c:\programdata\Sunbelt Software 2009-09-26 20:40 . 2009-09-26 20:40 -------- d-----w- c:\programdata\Ascentive 2009-09-25 02:10 . 2009-11-01 04:21 974848 ----a-w- c:\windows\system32\WindowsCodecs.dll 2009-09-25 02:07 . 2009-11-01 04:21 189440 ----a-w- c:\windows\system32\WindowsCodecsExt.dll 2009-09-25 02:04 . 2009-11-01 04:21 321024 ----a-w- c:\windows\system32\PhotoMetadataHandler.dll 2009-09-25 01:49 . 2009-11-01 04:21 1554432 ----a-w- c:\windows\system32\xpsservices.dll 2009-09-25 01:48 . 2009-11-01 04:21 351232 ----a-w- c:\windows\system32\XpsPrint.dll 2009-09-25 01:38 . 2009-11-01 04:21 847360 ----a-w- c:\windows\system32\OpcServices.dll 2009-09-25 01:36 . 2009-11-01 04:21 280064 ----a-w- c:\windows\system32\XpsGdiConverter.dll 2009-09-25 01:35 . 2009-11-01 04:21 135680 ----a-w- c:\windows\system32\XpsRasterService.dll 2009-09-25 01:33 . 2009-11-01 04:21 195584 ----a-w- c:\windows\system32\dxdiagn.dll 2009-09-25 01:33 . 2009-11-01 04:21 829440 ----a-w- c:\windows\system32\d3d10warp.dll 2009-09-25 01:33 . 2009-11-01 04:21 369664 ----a-w- c:\windows\system32\WMPhoto.dll 2009-09-25 01:32 . 2009-11-01 04:21 252928 ----a-w- c:\windows\system32\dxdiag.exe 2009-09-25 01:31 . 2009-11-01 04:21 519680 ----a-w- c:\windows\system32\d3d11.dll 2009-09-25 01:31 . 2009-11-01 04:21 486912 ----a-w- c:\windows\system32\d3d10level9.dll 2009-09-25 01:31 . 2009-11-01 04:21 161280 ----a-w- c:\windows\system32\d3d10_1.dll 2009-09-25 01:31 . 2009-11-01 04:21 218112 ----a-w- c:\windows\system32\d3d10_1core.dll 2009-09-25 01:31 . 2009-11-01 04:21 1030144 ----a-w- c:\windows\system32\d3d10.dll 2009-09-25 01:31 . 2009-11-01 04:21 828928 ----a-w- c:\windows\system32\d2d1.dll 2009-09-25 01:30 . 2009-11-01 04:21 481792 ----a-w- c:\windows\system32\dxgi.dll 2009-09-25 01:30 . 2009-11-01 04:21 190464 ----a-w- c:\windows\system32\d3d10core.dll 2009-09-25 01:27 . 2009-11-01 04:21 634880 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys 2009-09-25 01:27 . 2009-11-01 04:21 37888 ----a-w- c:\windows\system32\cdd.dll 2009-09-25 01:27 . 2009-11-01 04:21 793088 ----a-w- c:\windows\system32\FntCache.dll 2009-09-25 01:27 . 2009-11-01 04:21 1064448 ----a-w- c:\windows\system32\DWrite.dll 2009-09-24 22:54 . 2009-11-01 04:21 258048 ----a-w- c:\windows\system32\winspool.drv 2009-09-24 22:54 . 2009-11-01 04:21 667648 ----a-w- c:\windows\system32\printfilterpipelinesvc.exe 2009-09-24 22:54 . 2009-11-01 04:21 26112 ----a-w- c:\windows\system32\printfilterpipelineprxy.dll 2009-09-10 02:01 . 2009-11-01 04:21 3023360 ----a-w- c:\windows\system32\UIRibbon.dll 2009-09-10 02:00 . 2009-11-01 04:21 1164800 ----a-w- c:\windows\system32\UIRibbonRes.dll 2009-09-10 02:00 . 2009-11-01 04:21 92672 ----a-w- c:\windows\system32\UIAnimation.dll 2009-09-06 00:49 . 2009-09-06 00:49 -------- d-----w- c:\users\Mariska Sykes\AppData\Roaming\Walgreens 2009-09-04 20:54 . 2009-09-04 20:54 -------- d-----w- c:\programdata\Trymedia 2009-09-04 11:38 . 2009-09-04 11:38 -------- d-----w- c:\programdata\Office Genuine Advantage 2009-09-02 21:39 . 2009-09-02 21:39 411368 ----a-w- c:\windows\system32\deploytk.dll 2009-08-29 00:27 . 2009-09-02 03:03 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll 2009-08-29 00:14 . 2009-09-02 03:03 28672 ----a-w- c:\windows\system32\Apphlpdm.dll 2009-08-27 05:22 . 2009-10-14 09:05 916480 ----a-w- c:\windows\system32\wininet.dll 2009-08-27 05:17 . 2009-10-14 09:05 71680 ----a-w- c:\windows\system32\iesetup.dll 2009-08-27 05:17 . 2009-10-14 09:05 109056 ----a-w- c:\windows\system32\iesysprep.dll 2009-08-27 03:42 . 2009-10-14 09:05 133632 ----a-w- c:\windows\system32\ieUnatt.exe 2009-08-20 20:09 . 2009-08-20 20:09 1193832 ----a-w- c:\windows\system32\FM20.DLL 2009-08-14 16:27 . 2009-09-27 06:35 904776 ----a-w- c:\windows\system32\drivers\tcpip.sys 2009-08-14 15:53 . 2009-09-27 06:35 17920 ----a-w- c:\windows\system32\netevent.dll 2009-08-14 13:49 . 2009-09-27 06:35 9728 ----a-w- c:\windows\system32\TCPSVCS.EXE 2009-08-14 13:49 . 2009-09-27 06:35 17920 ----a-w- c:\windows\system32\ROUTE.EXE 2009-08-14 13:49 . 2009-09-27 06:35 11264 ----a-w- c:\windows\system32\MRINFO.EXE 2009-08-14 13:49 . 2009-09-27 06:35 27136 ----a-w- c:\windows\system32\NETSTAT.EXE 2009-08-14 13:49 . 2009-09-27 06:35 19968 ----a-w- c:\windows\system32\ARP.EXE 2009-08-14 13:49 . 2009-09-27 06:35 8704 ----a-w- c:\windows\system32\HOSTNAME.EXE 2009-08-14 13:49 . 2009-09-27 06:35 10240 ----a-w- c:\windows\system32\finger.exe 2009-08-14 13:48 . 2009-09-27 06:35 30720 ----a-w- c:\windows\system32\drivers\tcpipreg.sys 2009-08-14 13:48 . 2009-09-27 06:35 105984 ----a-w- c:\windows\system32\netiohlp.dll 2008-07-23 02:28 . 2008-07-23 02:27 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT . ((((((((((((((((((((((((((((( SnapShot@2009-11-02_13.35.53 ))))))))))))))))))))))))))))))))))))))))) . + 2006-11-02 13:02 . 2009-11-02 14:46 71826 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin + 2008-07-26 01:32 . 2009-11-02 14:45 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2008-07-26 01:32 . 2009-11-02 13:13 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2008-07-26 01:32 . 2009-11-02 14:45 98304 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat - 2008-07-26 01:32 . 2009-11-02 13:13 98304 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat + 2008-07-26 01:32 . 2009-11-02 14:45 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat - 2008-07-26 01:32 . 2009-11-02 13:13 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2009-10-03 21:15 . 2009-11-02 14:46 6046 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1696485601-562263704-4103742560-1005_UserData.bin + 2009-11-02 13:08 . 2009-11-02 14:44 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat - 2009-11-02 13:08 . 2009-11-02 13:08 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat - 2009-11-02 13:08 . 2009-11-02 13:08 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat + 2009-11-02 13:08 . 2009-11-02 14:44 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat + 2008-07-26 03:03 . 2009-11-02 14:38 264250 c:\windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_FastS4.bin + 2006-11-02 10:33 . 2009-11-02 14:51 595446 c:\windows\System32\perfh009.dat - 2006-11-02 10:33 . 2009-11-02 13:15 595446 c:\windows\System32\perfh009.dat + 2006-11-02 10:33 . 2009-11-02 14:51 101144 c:\windows\System32\perfc009.dat - 2006-11-02 10:33 . 2009-11-02 13:15 101144 c:\windows\System32\perfc009.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "cdloader"="c:\users\Emma B. Sykes\AppData\Roaming\mjusbsp\cdloader2.exe" [2009-08-01 50520] "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240] "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-09-03 39408] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "YSearchProtection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2008-10-07 111856] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-09-02 149280] "Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-12 133656] "PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2008-02-26 128296] "Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-02-03 233304] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-12 141848] "HughesNetTools_McciTrayApp"="c:\program files\HughesNetTools\1\McciTrayApp_SSR.exe" [2007-11-20 1454592] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-12 166424] "dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2008-03-11 16384] "DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 39792] "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153] "Malwarebytes Anti-Malware (rootkit-scan)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080] "RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2007-05-14 4452352] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=c:\progra~1\Google\GOOGLE~2\GoogleDesktopNetwork3.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "aux1"=wdmaud.drv [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend] @="Service" [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"="" "FirewallOverride"="" [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc] "VistaSp2"=hex(b):4a,6c,e0,ca,c4,58,ca,01 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-1696485601-562263704-4103742560-1002] "EnableNotificationsRef"=dword:00000001 R1 ElRawDisk;ElRawDisk;c:\windows\System32\drivers\elrawdsk.sys [9/30/2009 4:53 PM 12800] R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [10/29/2009 12:52 PM 108289] S2 gupdate1ca2c2d7ef35911;Google Update Service (gupdate1ca2c2d7ef35911);c:\program files\Google\Update\GoogleUpdate.exe [9/2/2009 6:28 PM 133104] S2 ioloProductUpdate;iolo Product Update Service;c:\program files\iolo\common\lib\ioloServiceManager.exe --> c:\program files\iolo\common\lib\ioloServiceManager.exe [?] S2 wlidsvc;Windows Live ID Sign-in Assistant;c:\program files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE [3/30/2009 4:28 PM 1533808] S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [1/20/2008 8:33 PM 21504] S3 fssfltr;FssFltr;c:\windows\System32\drivers\fssfltr.sys [11/2/2009 2:06 AM 54632] S3 fsssvc;Windows Live Family Safety Service;c:\program files\Windows Live\Family Safety\fsssvc.exe [8/5/2009 10:48 PM 704864] --- Other Services/Drivers In Memory --- Deregistered - mbr Deregistered - PROCEXP113 [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache . Contents of the 'Scheduled Tasks' folder 2009-11-02 c:\windows\Tasks\Google Software Updater.job - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-09-03 00:26] 2009-11-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-09-03 00:28] 2009-11-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-09-03 00:28] 2009-11-02 c:\windows\Tasks\User_Feed_Synchronization-{5AAC805B-6979-433A-BA29-982C8F3E14C3}.job - c:\windows\system32\msfeedssync.exe [2009-10-14 03:41] 2009-11-02 c:\windows\Tasks\User_Feed_Synchronization-{EA5721F5-911A-40BB-849B-2B7900281668}.job - c:\windows\system32\msfeedssync.exe [2009-10-14 03:41] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.yahoo.com/ IE: Crawler Search - tbr:iemenu IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000 DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://www.gamehouse.com/realarcade-webgames/zylom/zylomplayer.cab DPF: {CAEAFE12-7726-4C39-B620-2601216CFBB5} - hxxp://phughescw.hughes.motive.com/wizlet/spaceway/static/controls/Mcci_6-1-0.cab DPF: {D410AFBD-4E26-4D5F-840F-0412D6F6BB8D} - hxxp://games.bigfishgames.com/en_sandscript/online/SandScript.1.0.0.21.cab . ************************************************************************ catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-11-02 09:03 Windows 6.0.6002 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************ . Completion time: 2009-11-02 9:04 ComboFix-quarantined-files.txt 2009-11-02 15:04 ComboFix2.txt 2009-11-02 13:37 Pre-Run: 30,824,349,696 bytes free Post-Run: 30,790,467,584 bytes free - - End Of File - - ECFDB194FA834811EF65C3D8BA301D63

Rorschach112 View Member Profile	Nov 2 2009, 03:20 PM Post #5
GeekU Teacher Posts: 35,078 From: Dublin OS: XP	hi Download TFC to your desktop Open the file and close any other windows. It will close all programs itself when run, make sure to let it run uninterrupted. Click the Start button to begin the process. The program should not take long to finish its job Once its finished it should reboot your machine, if not, do this yourself to ensure a complete clean Please download Malwarebytes' Anti-Malware from Here Double Click mbam-setup.exe to install the application. Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish. If an update is found, it will download and install the latest version. Once the program has loaded, select "Perform Quick Scan", then click Scan. The scan may take some time to finish,so please be patient. When the scan is complete, click OK, then Show Results to view the results. Make sure that everything is checked, and click Remove Selected. When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note) The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM. Copy&Paste the entire report in your next reply. Extra Note: If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly. Go to Kaspersky website and perform an online antivirus scan. Read through the requirements and privacy statement and click on Accept button. It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run. When the downloads have finished, click on Settings. Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button: Spyware, Adware, Dialers, and other potentially dangerous programs Archives Mail databases Click on My Computer under Scan. Once the scan is complete, it will display the results. Click on View Scan Report. You will see a list of infected items there. Click on Save Report As.... Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button. Then post it here.

shayspace View Member Profile	Nov 2 2009, 05:59 PM Post #6
New Member Posts: 5 OS: Windows Vista	Malwarebytes' Anti-Malware 1.41 Database version: 3089 Windows 6.0.6002 Service Pack 2 11/2/2009 5:57:35 PM mbam-log-2009-11-02 (17-57-35).txt Scan type: Full Scan (C:\\|D:\\|) Objects scanned: 395651 Time elapsed: 1 hour(s), 37 minute(s), 41 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected)

shayspace View Member Profile	Nov 2 2009, 10:08 PM Post #7
New Member Posts: 5 OS: Windows Vista	-------------------------------------------------------------------------------- KASPERSKY ONLINE SCANNER 7.0: scan report Monday, November 2, 2009 Operating system: Microsoft Windows Vista Home Basic Edition, 32-bit Service Pack 2 (build 6002) Kaspersky Online Scanner version: 7.0.26.13 Last database update: Monday, November 02, 2009 22:52:39 Records in database: 3115681 -------------------------------------------------------------------------------- Scan settings: scan using the following database: extended Scan archives: yes Scan e-mail databases: yes Scan area - My Computer: C:\ D:\ E:\ F:\ Scan statistics: Objects scanned: 281633 Threats found: 0 Infected objects found: 0 Suspicious objects found: 0 Scan duration: 03:04:53 No threats found. Scanned area is clean. Selected area has been scanned. Does this mean we got them all? If so, why am I still having problems with windows security updates, even though I have disabled windows defender and anti-virus program? This post has been edited by shayspace: Nov 2 2009, 10:22 PM

Rorschach112 View Member Profile	Nov 3 2009, 09:44 AM Post #8
GeekU Teacher Posts: 35,078 From: Dublin OS: XP	open OTL click quick scan post that log for your windows problem do this Please download Dial-A-Fix. Unzip the folder found in the archive to a place you can remember. For example: C:\DialAFix Then follow the steps below. Browse to the folder where you saved Dial-A-Fix. Open Dial-a-fix.exe Tick the following boxes: CODE Empty temp folders Fix Windows Installer ActiveX controls/codecs Control Panel applets Programming cores/runtimes Explorer/IE/OE/shell/WMP In the bottom left press the GO Button. Note that ticking a box might tick others too. Leave them ticked!

Rorschach112 View Member Profile	Nov 6 2009, 02:15 PM Post #9
GeekU Teacher Posts: 35,078 From: Dublin OS: XP	Due to lack of feedback, this topic has been closed. If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.

« Next Oldest · Virus, Spyware and Trojan Removal · Next Newest »

1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)

0 Members:

Topic Title	Replies / Views	Topic Information
Virus, Spyware and Trojan Removal Please help me remove Malware and Trojans [CLOSED]	2 / 402	19th May 2006 - 05:44 AM melissa.cjohns started - last by Armodeluxe
Virus, Spyware and Trojan Removal Trojans Infected My Laptop Windows Vista {hijackthis log} [CLOSED]	8 / 339	2nd December 2008 - 06:19 PM rr3118 started - last by SpySentinel
Virus, Spyware and Trojan Removal > Windows Vista memory problem [Closed]	3 / 282	14th August 2009 - 11:14 AM gmc01 started - last by Essexboy
Windows Vista� and Windows 7� windows vista networking problems	1 / 136	17th September 2009 - 05:50 AM exepro started - last by rev_olie