Page 2 of 2 FirstFirst 12
Results 11 to 14 of 14

Thread: click.GiftLoad

  1. #11
    Junior Member
    Join Date
    Mar 2011
    Posts
    9

    Default

    Malwarebytes' Anti-Malware 1.50.1.1100
    www.malwarebytes.org

    Database version: 6186

    Windows 6.1.7600
    Internet Explorer 8.0.7600.16385

    4/7/2011 9:12:06 PM
    mbam-log-2011-04-07 (21-12-06).txt

    Scan type: Full scan (C:\|)
    Objects scanned: 329162
    Time elapsed: 1 hour(s), 15 minute(s), 31 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)

  2. #12
    Emeritus
    Join Date
    Nov 2005
    Location
    @localhost
    Posts
    6,066

    Default

    ok good. Post a final DDS log and we can call it quits.
    How Can I Reduce My Risk?

  3. #13
    Junior Member
    Join Date
    Mar 2011
    Posts
    9

    Default

    .
    DDS (Ver_11-03-05.01) - NTFSx86
    Run by Michael at 20:21:23.36 on Fri 04/08/2011
    Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_24
    Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3326.2178 [GMT -4:00]
    .
    AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
    SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
    C:\Windows\system32\Ati2evxx.exe
    C:\Windows\system32\Ati2evxx.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Windows\system32\PnkBstrA.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Windows\System32\StkASv2K.exe
    C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
    C:\PROGRA~1\SPEEDB~1\VideoAcceleratorService.exe
    C:\Windows\system32\Ati2evxx.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
    C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Windows\system32\WUDFHost.exe
    C:\Windows\system32\svchost.exe -k WindowsMobile
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\system32\taskhost.exe
    C:\Program Files\Microsoft Security Client\msseces.exe
    C:\Windows\WindowsMobile\wmdc.exe
    C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\ManyCam\Bin\ManyCam.exe
    C:\Program Files\SpeedBit Video Accelerator\VideoAccelerator.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Users\Michael\AppData\Roaming\Dropbox\bin\Dropbox.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\system32\taskhost.exe
    C:\Program Files\Xfire\Xfire.exe
    C:\Windows\system32\PnkBstrB.exe
    C:\Users\Michael\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Michael\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Michael\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Michael\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Michael\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Users\Michael\Downloads\dds.scr
    C:\Windows\system32\conhost.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = my.daemon-search.com
    uInternet Settings,ProxyOverride = *.local
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
    BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
    BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: {9D425283-D487-4337-BAB6-AB8354A81457} - No File
    BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    TB: {32099AAC-C132-4136-9E9A-4E364A424E17} - No File
    uRun: [Google Update] "c:\users\michael\appdata\local\google\update\GoogleUpdate.exe" /c
    uRun: [ManyCam] "c:\program files\manycam\bin\ManyCam.exe" /silent
    uRun: [SpeedBitVideoAccelerator] "c:\program files\speedbit video accelerator\VideoAccelerator.exe" /startup
    uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
    mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 10.0\reader\Reader_sl.exe"
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
    mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
    mRun: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
    mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
    mRun: [UVS10 Preload] c:\program files\ulead systems\ulead videostudio se dvd\uvPL.exe
    mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe"
    mRun: [SwitchBoard] c:\program files\common files\adobe\switchboard\SwitchBoard.exe
    mRun: [AdobeCS5ServiceManager] "c:\program files\common files\adobe\cs5servicemanager\CS5ServiceManager.exe" -launchedbylogin
    mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
    StartupFolder: c:\users\michael\appdata\roaming\micros~1\windows\startm~1\programs\startup\dropbox.lnk - c:\users\michael\appdata\roaming\dropbox\bin\Dropbox.exe
    mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableLUA = 0 (0x0)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
    mPolicies-system: UACDisableNotify = 0 (0x0)
    IE: &Clean Traces - c:\program files\dap\privacy package\dapcleanerie.htm
    IE: &Download with &DAP - c:\program files\dap\dapextie.htm
    IE: Download &all with DAP - c:\program files\dap\dapextie2.htm
    IE: E&xport to Microsoft Excel - c:\progra~1\mif5ba~1\office12\EXCEL.EXE/3000
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\mif5ba~1\office12\ONBttnIE.dll
    IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll
    IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll
    IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mif5ba~1\office12\REFIEBAR.DLL
    IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
    LSP: c:\program files\speedbit video accelerator\SBLSP.dll
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
    Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
    Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
    Name-Space Handler: ftp\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\progra~1\dap\dapie.dll
    Name-Space Handler: http\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\progra~1\dap\dapie.dll
    Notify: AtiExtEvent - Ati2evxx.dll
    SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - c:\users\michael\appdata\roaming\mozilla\firefox\profiles\xgjyuxwc.default\
    FF - prefs.js: browser.search.selectedEngine - DAEMON Search
    FF - prefs.js: browser.startup.homepage - hxxp://my.daemon-search.com/
    FF - plugin: c:\program files\common files\research in motion\bbwebsllauncher\NPWebSLLauncher.dll
    FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\NPcol400.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\NPcol500.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npMozCouponPrinter.dll
    FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
    FF - plugin: c:\programdata\id software\quakelive\npquakezero.dll
    FF - plugin: c:\users\michael\appdata\local\google\update\1.2.183.39\npGoogleOneClick8.dll
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
    FF - Ext: Greasemonkey: {e4a8a97b-f2ed-450b-b12d-ee082ba24781} - %profile%\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
    .
    ============= SERVICES / DRIVERS ===============
    .
    R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-10-24 165264]
    R1 MpKsl26de2276;MpKsl26de2276;c:\programdata\microsoft\microsoft antimalware\definition updates\{ffab900b-aec3-49fe-93e1-d5fadbd9d238}\MpKsl26de2276.sys [2011-4-8 28752]
    R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2011-1-15 1153368]
    R2 VideoAcceleratorService;VideoAcceleratorService;c:\progra~1\speedb~1\videoacceleratorservice.exe -start -scm --> c:\progra~1\speedb~1\VideoAcceleratorService.exe -start -scm [?]
    R3 HPKBCCID;HP Keyboard Smart Card Driver;c:\windows\system32\drivers\HPKBCCID.sys [2006-11-7 46976]
    R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\drivers\MpNWMon.sys [2010-10-24 43392]
    R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2010-10-24 54144]
    R3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\antimalware\NisSrv.exe [2010-11-11 206360]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
    S3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2010-4-14 45736]
    S3 SCREAMINGBDRIVER;Screaming Bee Audio;c:\windows\system32\drivers\ScreamingBAudio.sys [2010-7-1 34896]
    S3 StkTMini;Syntek AVStream USB2.0 ATV;c:\windows\system32\drivers\StkTMini.sys [2011-2-19 468096]
    S3 SwitchBoard;Adobe SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]
    S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2011-1-15 1343400]
    .
    =============== Created Last 30 ================
    .
    2011-04-08 23:43:19 -------- d-----w- C:\Twixtor4
    2011-04-08 22:29:29 -------- d-----w- C:\MirandaPortable
    2011-04-08 19:38:39 -------- d-----w- c:\program files\XMapper
    2011-04-08 16:11:42 28752 ----a-w- c:\progra~2\microsoft\microsoft antimalware\definition updates\{ffab900b-aec3-49fe-93e1-d5fadbd9d238}\MpKsl26de2276.sys
    2011-04-07 21:48:09 6792528 ----a-w- c:\progra~2\microsoft\microsoft antimalware\definition updates\{ffab900b-aec3-49fe-93e1-d5fadbd9d238}\mpengine.dll
    2011-04-07 21:37:50 -------- d-sh--w- C:\$RECYCLE.BIN
    2011-04-07 21:37:49 -------- d-----w- c:\users\michael\appdata\local\temp
    2011-04-07 21:26:09 98816 ----a-w- c:\windows\sed.exe
    2011-04-07 21:26:09 89088 ----a-w- c:\windows\MBR.exe
    2011-04-07 21:26:09 256512 ----a-w- c:\windows\PEV.exe
    2011-04-07 21:26:09 161792 ----a-w- c:\windows\SWREG.exe
    2011-04-07 21:24:55 -------- d-----w- C:\ComboFix
    2011-04-07 02:06:13 -------- d-----w- c:\program files\Realtek
    2011-04-07 02:04:20 1284712 ----a-w- c:\windows\RtlExUpd.dll
    2011-04-07 02:04:20 -------- d--h--w- c:\program files\Temp
    2011-04-07 02:04:18 757760 ----a-w- c:\program files\common files\installshield\professional\runtime\11\50\intel32\iKernel.dll
    2011-04-07 02:04:18 69715 ----a-w- c:\program files\common files\installshield\professional\runtime\11\50\intel32\ctor.dll
    2011-04-07 02:04:18 5632 ----a-w- c:\program files\common files\installshield\professional\runtime\11\50\intel32\DotNetInstaller.exe
    2011-04-07 02:04:18 274432 ----a-w- c:\program files\common files\installshield\professional\runtime\11\50\intel32\iscript.dll
    2011-04-07 02:04:18 204800 ----a-w- c:\program files\common files\installshield\professional\runtime\11\50\intel32\iuser.dll
    2011-04-07 02:04:16 331908 ----a-w- c:\program files\common files\installshield\professional\runtime\11\50\intel32\setup.dll
    2011-04-07 02:04:16 200836 ----a-w- c:\program files\common files\installshield\professional\runtime\11\50\intel32\iGdi.dll
    2011-04-06 20:14:07 -------- d-----w- c:\users\michael\appdata\roaming\Tific
    2011-04-06 19:56:22 26600 ----a-r- c:\windows\system32\drivers\GEARAspiWDM.sys
    2011-04-06 19:56:22 107368 ----a-r- c:\windows\system32\GEARAspi.dll
    2011-04-05 02:24:33 -------- d-----r- c:\users\michael\Dropbox
    2011-04-05 02:23:06 -------- d-----w- c:\users\michael\appdata\roaming\Dropbox
    2011-04-04 21:02:15 439632 ----a-w- c:\progra~2\microsoft\microsoft antimalware\definition updates\{71698777-440b-4fea-8914-adb03ee800be}\gapaengine.dll
    2011-04-03 21:11:43 -------- d-----w- c:\users\michael\appdata\roaming\Sony Creative Software
    2011-04-03 00:15:41 -------- d-----w- c:\progra~2\WeGame
    2011-04-03 00:07:20 488800 ----a-w- c:\windows\system32\Ltkrn15u.dll
    2011-04-03 00:07:20 390496 ----a-w- c:\windows\system32\Lfcmp15u.dll
    2011-04-03 00:07:20 185688 ----a-w- c:\windows\system32\Ltfil15u.dll
    2011-04-02 16:41:08 -------- d-----w- c:\program files\Coupons
    2011-04-01 21:50:17 -------- d-----w- c:\progra~2\Symantec
    2011-04-01 00:08:43 -------- d-----w- c:\users\michael\appdata\local\Immunet
    2011-04-01 00:08:42 -------- d-----w- c:\progra~2\Immunet
    2011-03-31 21:42:02 -------- d-----w- c:\users\michael\appdata\local\CrashDumps
    2011-03-31 21:17:12 -------- d-----w- c:\progra~2\NortonInstaller
    2011-03-31 21:15:22 -------- d-----w- c:\progra~2\Norton
    2011-03-30 23:56:19 -------- d-----w- c:\program files\Sytexis Software
    2011-03-30 21:31:18 -------- d-----w- c:\users\michael\appdata\local\Innovative Solutions
    2011-03-30 21:31:18 -------- d-----w- c:\progra~2\Innovative Solutions
    2011-03-30 21:14:00 -------- d-----w- c:\program files\Audacity
    2011-03-30 21:06:46 -------- d-----w- c:\program files\Audacity 1.3 Beta (Unicode)
    2011-03-30 01:41:55 -------- d-----w- c:\users\michael\appdata\local\QuakeLiveConfigGenerator
    2011-03-29 00:20:40 439632 ----a-w- c:\progra~2\microsoft\microsoft antimalware\definition updates\nisbackup\gapaengine.dll
    2011-03-29 00:02:26 -------- d-----w- c:\users\michael\appdata\roaming\wolfcamql
    2011-03-29 00:01:01 -------- d-----w- c:\users\michael\wolfcam
    2011-03-27 23:26:36 -------- d-----w- c:\users\michael\appdata\roaming\Warsow 0.6
    2011-03-27 23:26:36 -------- d-----w- c:\program files\Warsow 0.6
    2011-03-27 22:31:47 -------- d-----w- c:\progra~2\id Software
    2011-03-27 22:03:45 -------- d-----w- c:\program files\iPod
    2011-03-27 22:03:44 -------- d-----w- c:\program files\iTunes
    2011-03-27 21:55:25 -------- d-----w- c:\users\michael\appdata\local\ManyCam
    2011-03-27 21:14:37 -------- d-----w- c:\windows\system32\%APPDATA%
    2011-03-27 04:10:28 -------- d-----w- c:\users\michael\appdata\local\Desura
    2011-03-27 04:07:09 -------- d-----w- c:\progra~2\Desura
    2011-03-27 04:07:06 -------- d-----w- c:\program files\Desura
    2011-03-24 21:00:28 -------- d-----w- c:\users\michael\appdata\local\LAG
    2011-03-24 21:00:28 -------- d-----w- c:\progra~2\LAG
    2011-03-24 21:00:02 -------- d-----w- c:\windows\system32\AGEIA
    2011-03-24 20:59:53 -------- d-----w- c:\program files\common files\Wise Installation Wizard
    2011-03-22 20:07:13 -------- d-----w- c:\users\michael\appdata\roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
    2011-03-20 22:41:17 160560 ------w- c:\windows\system32\drivers\VBoxDrv.sys
    2011-03-20 22:40:36 44784 ------w- c:\windows\system32\drivers\VBoxUSBMon.sys
    2011-03-18 20:53:47 -------- d-----w- c:\progra~2\regid.1986-12.com.adobe
    2011-03-17 23:45:53 -------- d-----w- c:\program files\Window Title Changer
    2011-03-17 23:34:34 -------- d-----w- c:\program files\common files\Akamai
    2011-03-17 22:09:53 -------- d-----w- c:\program files\common files\Macrovision Shared
    2011-03-13 07:37:21 -------- d-----w- c:\program files\YouTube Downloader
    2011-03-11 07:14:50 -------- d-----w- c:\users\michael\appdata\local\CrashRpt
    2011-03-11 05:44:58 238088 ------w- c:\windows\system32\xactengine3_1.dll
    .
    ==================== Find3M ====================
    .
    2011-04-09 00:07:15 271200 ----a-w- c:\windows\system32\PnkBstrB.xtr
    2011-04-09 00:07:15 271200 ----a-w- c:\windows\system32\PnkBstrB.exe
    2011-04-09 00:06:49 271200 ----a-w- c:\windows\system32\PnkBstrB.ex0
    2011-03-18 18:32:10 71072 ----a-w- c:\windows\CouponPrinter.ocx
    2011-03-06 04:00:11 50688 ------w- c:\windows\system32\wbhelp2.dll
    2011-03-06 04:00:11 479298 ------w- c:\windows\system32\wbocx.ocx
    2011-03-06 02:42:40 709456 ----a-w- c:\windows\isRS-000.tmp
    2011-02-26 01:19:32 41872 ------w- c:\windows\system32\xfcodec.dll
    2011-02-19 05:33:11 802304 ----a-w- c:\windows\system32\FntCache.dll
    2011-02-19 05:32:48 1074176 ----a-w- c:\windows\system32\DWrite.dll
    2011-02-19 05:32:35 739840 ----a-w- c:\windows\system32\d2d1.dll
    2011-02-03 06:54:36 86016 ------w- c:\windows\system32\frapsvid.dll
    2011-02-03 02:40:23 472808 ------w- c:\windows\system32\deployJava1.dll
    2011-01-20 23:53:48 75136 ------w- c:\windows\system32\PnkBstrA.exe
    2011-01-20 21:31:17 22328 ----a-w- c:\users\michael\appdata\roaming\PnkBstrK.sys
    2011-01-20 01:48:08 37376 ------w- c:\windows\system32\themeservice.dll
    2011-01-20 01:48:08 2755072 ------w- c:\windows\system32\themeui.dll
    2011-01-20 01:48:07 249856 ------w- c:\windows\system32\uxtheme.dll
    2011-01-15 22:26:16 0 ----a-w- c:\windows\ativpsrm.bin
    .
    ============= FINISH: 20:22:19.13 ===============

  4. #14
    Emeritus
    Join Date
    Nov 2005
    Location
    @localhost
    Posts
    6,066

    Default

    hi,

    Ok looks like we are done. Couple things to do; you can delete the tdsskiller icon from your desktop. Combofix can be removed like this:

    hold down the Windows icon key and click the R key on your keyboard to bring up the 'run' box. Type in combofix /uninstall
    click ok
    note the space after the x and before the /

    Note that the free version of malwarebytes must be updated manually and a scan started manually.

    You can delete all restore points and create a new one. The why:

    One of the features of Windows XP,Vista and Windows7 is the System Restore option, however if malware infects a computer it is possible that the malware could be backed up in the System Restore archive. Therefore, clearing the restore points is a good idea after malware is removed and your computer appears to be functioning ok.

    You can read this link for how to delete restore points in W7.

    W7 restore points


    and last; some tip to help you remain malware free:

    10 Tips for Prevention and Avoidance of Malware:
    There is no reason why your computer can not stay malware free.

    No software can think for you. Help yourself. In no special order:

    1) It is essential to keep your operating system (Windows) browser (IE, FireFox, Chrome, Opera) and other software up to date to "patch" vulnerabilities that could be exploited. Visit Windows Update frequently or use the Windows auto-update feature. Staying updated is also essential for other web based applications like Java, Adobe Flash/Reader, iTunes etc. More and more third party applications are being targeted. Not sure if you are using the latest version of software? Check their version status and get the updates here.

    2) Know what you are installing to your computer. Alot of software can come bundled with unwanted add-ons, like adware, toolbars and malware. More and more legitimate software is installing useless toolbars if not unchecked first. Do not install any files from ads, popups or random links. Do not fall for fake warnings about virus and trojans being found on your computer and you are then prompted to install software to remedy this. See also the signs that you may have malware on your computer.

    3) Install and keep updated: one antivirus and two or three anti-malware applications. If not updated they will soon be worthless. If either of these frequently find malware then its time to *review your computer habits*.

    4) Refrain from clicking on links or attachments via E-Mail, IM, IRC, Chat Rooms, Blogs or Social Networking Sites, no matter how tempting or legitimate the message may seem. See also E-mail phishing Tricks.

    5) Do not click on ads/pop ups or offers from websites requesting that you need to install software to your computer--*for any reason*. Use the Alt+F4 keys to close the window.

    6) Don't click on offers to "scan" your computer. Install ActiveX Objects with care. Do you trust the website to install components?

    7) Consider the use of limited (non-privileged) accounts for everyday use, rather than administrator accounts. Limited accounts can help prevent *malware from installing and lessen its potential impact.* This is exactly what user account control (UAC) in Windows Vista and Windows 7 attempts to address.

    8) Install and understand the *limitations* of a software firewall.

    9) A tool for automatically hardening and securing Internet Explorer 8.0. Requires site registration for downloading. Changes some of the default settings of IE 8.0, Read the FAQ's. Or see a slide show Here and do it yourself. How to harden FireFox. for safer surfing.

    10) Warez, cracks etc are very popular for carrying malware payloads. If you look for these you will encounter malware. If you download/install files via p2p networks you will encounter malware. Can you really trust the source of the file?


    More info/tips with pictures in links below.

    Happy Safe Surfing.
    Last edited by shelf life; 2011-04-10 at 01:24. Reason: added stuff
    How Can I Reduce My Risk?

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •