-
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org
Database version: 6186
Windows 6.1.7600
Internet Explorer 8.0.7600.16385
4/7/2011 9:12:06 PM
mbam-log-2011-04-07 (21-12-06).txt
Scan type: Full scan (C:\|)
Objects scanned: 329162
Time elapsed: 1 hour(s), 15 minute(s), 31 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
-
ok good. Post a final DDS log and we can call it quits.
-
.
DDS (Ver_11-03-05.01) - NTFSx86
Run by Michael at 20:21:23.36 on Fri 04/08/2011
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_24
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3326.2178 [GMT -4:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\Windows\system32\Ati2evxx.exe
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\PnkBstrA.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\StkASv2K.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\PROGRA~1\SPEEDB~1\VideoAcceleratorService.exe
C:\Windows\system32\Ati2evxx.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\svchost.exe -k WindowsMobile
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Windows\WindowsMobile\wmdc.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\ManyCam\Bin\ManyCam.exe
C:\Program Files\SpeedBit Video Accelerator\VideoAccelerator.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Users\Michael\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\Xfire\Xfire.exe
C:\Windows\system32\PnkBstrB.exe
C:\Users\Michael\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Michael\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Michael\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Michael\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Michael\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Michael\Downloads\dds.scr
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = my.daemon-search.com
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: {9D425283-D487-4337-BAB6-AB8354A81457} - No File
BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: {32099AAC-C132-4136-9E9A-4E364A424E17} - No File
uRun: [Google Update] "c:\users\michael\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [ManyCam] "c:\program files\manycam\bin\ManyCam.exe" /silent
uRun: [SpeedBitVideoAccelerator] "c:\program files\speedbit video accelerator\VideoAccelerator.exe" /startup
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 10.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [UVS10 Preload] c:\program files\ulead systems\ulead videostudio se dvd\uvPL.exe
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe"
mRun: [SwitchBoard] c:\program files\common files\adobe\switchboard\SwitchBoard.exe
mRun: [AdobeCS5ServiceManager] "c:\program files\common files\adobe\cs5servicemanager\CS5ServiceManager.exe" -launchedbylogin
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
StartupFolder: c:\users\michael\appdata\roaming\micros~1\windows\startm~1\programs\startup\dropbox.lnk - c:\users\michael\appdata\roaming\dropbox\bin\Dropbox.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
mPolicies-system: UACDisableNotify = 0 (0x0)
IE: &Clean Traces - c:\program files\dap\privacy package\dapcleanerie.htm
IE: &Download with &DAP - c:\program files\dap\dapextie.htm
IE: Download &all with DAP - c:\program files\dap\dapextie2.htm
IE: E&xport to Microsoft Excel - c:\progra~1\mif5ba~1\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\mif5ba~1\office12\ONBttnIE.dll
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mif5ba~1\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
LSP: c:\program files\speedbit video accelerator\SBLSP.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
Name-Space Handler: ftp\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\progra~1\dap\dapie.dll
Name-Space Handler: http\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\progra~1\dap\dapie.dll
Notify: AtiExtEvent - Ati2evxx.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\michael\appdata\roaming\mozilla\firefox\profiles\xgjyuxwc.default\
FF - prefs.js: browser.search.selectedEngine - DAEMON Search
FF - prefs.js: browser.startup.homepage - hxxp://my.daemon-search.com/
FF - plugin: c:\program files\common files\research in motion\bbwebsllauncher\NPWebSLLauncher.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPcol400.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPcol500.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npMozCouponPrinter.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\programdata\id software\quakelive\npquakezero.dll
FF - plugin: c:\users\michael\appdata\local\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Greasemonkey: {e4a8a97b-f2ed-450b-b12d-ee082ba24781} - %profile%\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
.
============= SERVICES / DRIVERS ===============
.
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-10-24 165264]
R1 MpKsl26de2276;MpKsl26de2276;c:\programdata\microsoft\microsoft antimalware\definition updates\{ffab900b-aec3-49fe-93e1-d5fadbd9d238}\MpKsl26de2276.sys [2011-4-8 28752]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2011-1-15 1153368]
R2 VideoAcceleratorService;VideoAcceleratorService;c:\progra~1\speedb~1\videoacceleratorservice.exe -start -scm --> c:\progra~1\speedb~1\VideoAcceleratorService.exe -start -scm [?]
R3 HPKBCCID;HP Keyboard Smart Card Driver;c:\windows\system32\drivers\HPKBCCID.sys [2006-11-7 46976]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\drivers\MpNWMon.sys [2010-10-24 43392]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2010-10-24 54144]
R3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\antimalware\NisSrv.exe [2010-11-11 206360]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2010-4-14 45736]
S3 SCREAMINGBDRIVER;Screaming Bee Audio;c:\windows\system32\drivers\ScreamingBAudio.sys [2010-7-1 34896]
S3 StkTMini;Syntek AVStream USB2.0 ATV;c:\windows\system32\drivers\StkTMini.sys [2011-2-19 468096]
S3 SwitchBoard;Adobe SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2011-1-15 1343400]
.
=============== Created Last 30 ================
.
2011-04-08 23:43:19 -------- d-----w- C:\Twixtor4
2011-04-08 22:29:29 -------- d-----w- C:\MirandaPortable
2011-04-08 19:38:39 -------- d-----w- c:\program files\XMapper
2011-04-08 16:11:42 28752 ----a-w- c:\progra~2\microsoft\microsoft antimalware\definition updates\{ffab900b-aec3-49fe-93e1-d5fadbd9d238}\MpKsl26de2276.sys
2011-04-07 21:48:09 6792528 ----a-w- c:\progra~2\microsoft\microsoft antimalware\definition updates\{ffab900b-aec3-49fe-93e1-d5fadbd9d238}\mpengine.dll
2011-04-07 21:37:50 -------- d-sh--w- C:\$RECYCLE.BIN
2011-04-07 21:37:49 -------- d-----w- c:\users\michael\appdata\local\temp
2011-04-07 21:26:09 98816 ----a-w- c:\windows\sed.exe
2011-04-07 21:26:09 89088 ----a-w- c:\windows\MBR.exe
2011-04-07 21:26:09 256512 ----a-w- c:\windows\PEV.exe
2011-04-07 21:26:09 161792 ----a-w- c:\windows\SWREG.exe
2011-04-07 21:24:55 -------- d-----w- C:\ComboFix
2011-04-07 02:06:13 -------- d-----w- c:\program files\Realtek
2011-04-07 02:04:20 1284712 ----a-w- c:\windows\RtlExUpd.dll
2011-04-07 02:04:20 -------- d--h--w- c:\program files\Temp
2011-04-07 02:04:18 757760 ----a-w- c:\program files\common files\installshield\professional\runtime\11\50\intel32\iKernel.dll
2011-04-07 02:04:18 69715 ----a-w- c:\program files\common files\installshield\professional\runtime\11\50\intel32\ctor.dll
2011-04-07 02:04:18 5632 ----a-w- c:\program files\common files\installshield\professional\runtime\11\50\intel32\DotNetInstaller.exe
2011-04-07 02:04:18 274432 ----a-w- c:\program files\common files\installshield\professional\runtime\11\50\intel32\iscript.dll
2011-04-07 02:04:18 204800 ----a-w- c:\program files\common files\installshield\professional\runtime\11\50\intel32\iuser.dll
2011-04-07 02:04:16 331908 ----a-w- c:\program files\common files\installshield\professional\runtime\11\50\intel32\setup.dll
2011-04-07 02:04:16 200836 ----a-w- c:\program files\common files\installshield\professional\runtime\11\50\intel32\iGdi.dll
2011-04-06 20:14:07 -------- d-----w- c:\users\michael\appdata\roaming\Tific
2011-04-06 19:56:22 26600 ----a-r- c:\windows\system32\drivers\GEARAspiWDM.sys
2011-04-06 19:56:22 107368 ----a-r- c:\windows\system32\GEARAspi.dll
2011-04-05 02:24:33 -------- d-----r- c:\users\michael\Dropbox
2011-04-05 02:23:06 -------- d-----w- c:\users\michael\appdata\roaming\Dropbox
2011-04-04 21:02:15 439632 ----a-w- c:\progra~2\microsoft\microsoft antimalware\definition updates\{71698777-440b-4fea-8914-adb03ee800be}\gapaengine.dll
2011-04-03 21:11:43 -------- d-----w- c:\users\michael\appdata\roaming\Sony Creative Software
2011-04-03 00:15:41 -------- d-----w- c:\progra~2\WeGame
2011-04-03 00:07:20 488800 ----a-w- c:\windows\system32\Ltkrn15u.dll
2011-04-03 00:07:20 390496 ----a-w- c:\windows\system32\Lfcmp15u.dll
2011-04-03 00:07:20 185688 ----a-w- c:\windows\system32\Ltfil15u.dll
2011-04-02 16:41:08 -------- d-----w- c:\program files\Coupons
2011-04-01 21:50:17 -------- d-----w- c:\progra~2\Symantec
2011-04-01 00:08:43 -------- d-----w- c:\users\michael\appdata\local\Immunet
2011-04-01 00:08:42 -------- d-----w- c:\progra~2\Immunet
2011-03-31 21:42:02 -------- d-----w- c:\users\michael\appdata\local\CrashDumps
2011-03-31 21:17:12 -------- d-----w- c:\progra~2\NortonInstaller
2011-03-31 21:15:22 -------- d-----w- c:\progra~2\Norton
2011-03-30 23:56:19 -------- d-----w- c:\program files\Sytexis Software
2011-03-30 21:31:18 -------- d-----w- c:\users\michael\appdata\local\Innovative Solutions
2011-03-30 21:31:18 -------- d-----w- c:\progra~2\Innovative Solutions
2011-03-30 21:14:00 -------- d-----w- c:\program files\Audacity
2011-03-30 21:06:46 -------- d-----w- c:\program files\Audacity 1.3 Beta (Unicode)
2011-03-30 01:41:55 -------- d-----w- c:\users\michael\appdata\local\QuakeLiveConfigGenerator
2011-03-29 00:20:40 439632 ----a-w- c:\progra~2\microsoft\microsoft antimalware\definition updates\nisbackup\gapaengine.dll
2011-03-29 00:02:26 -------- d-----w- c:\users\michael\appdata\roaming\wolfcamql
2011-03-29 00:01:01 -------- d-----w- c:\users\michael\wolfcam
2011-03-27 23:26:36 -------- d-----w- c:\users\michael\appdata\roaming\Warsow 0.6
2011-03-27 23:26:36 -------- d-----w- c:\program files\Warsow 0.6
2011-03-27 22:31:47 -------- d-----w- c:\progra~2\id Software
2011-03-27 22:03:45 -------- d-----w- c:\program files\iPod
2011-03-27 22:03:44 -------- d-----w- c:\program files\iTunes
2011-03-27 21:55:25 -------- d-----w- c:\users\michael\appdata\local\ManyCam
2011-03-27 21:14:37 -------- d-----w- c:\windows\system32\%APPDATA%
2011-03-27 04:10:28 -------- d-----w- c:\users\michael\appdata\local\Desura
2011-03-27 04:07:09 -------- d-----w- c:\progra~2\Desura
2011-03-27 04:07:06 -------- d-----w- c:\program files\Desura
2011-03-24 21:00:28 -------- d-----w- c:\users\michael\appdata\local\LAG
2011-03-24 21:00:28 -------- d-----w- c:\progra~2\LAG
2011-03-24 21:00:02 -------- d-----w- c:\windows\system32\AGEIA
2011-03-24 20:59:53 -------- d-----w- c:\program files\common files\Wise Installation Wizard
2011-03-22 20:07:13 -------- d-----w- c:\users\michael\appdata\roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
2011-03-20 22:41:17 160560 ------w- c:\windows\system32\drivers\VBoxDrv.sys
2011-03-20 22:40:36 44784 ------w- c:\windows\system32\drivers\VBoxUSBMon.sys
2011-03-18 20:53:47 -------- d-----w- c:\progra~2\regid.1986-12.com.adobe
2011-03-17 23:45:53 -------- d-----w- c:\program files\Window Title Changer
2011-03-17 23:34:34 -------- d-----w- c:\program files\common files\Akamai
2011-03-17 22:09:53 -------- d-----w- c:\program files\common files\Macrovision Shared
2011-03-13 07:37:21 -------- d-----w- c:\program files\YouTube Downloader
2011-03-11 07:14:50 -------- d-----w- c:\users\michael\appdata\local\CrashRpt
2011-03-11 05:44:58 238088 ------w- c:\windows\system32\xactengine3_1.dll
.
==================== Find3M ====================
.
2011-04-09 00:07:15 271200 ----a-w- c:\windows\system32\PnkBstrB.xtr
2011-04-09 00:07:15 271200 ----a-w- c:\windows\system32\PnkBstrB.exe
2011-04-09 00:06:49 271200 ----a-w- c:\windows\system32\PnkBstrB.ex0
2011-03-18 18:32:10 71072 ----a-w- c:\windows\CouponPrinter.ocx
2011-03-06 04:00:11 50688 ------w- c:\windows\system32\wbhelp2.dll
2011-03-06 04:00:11 479298 ------w- c:\windows\system32\wbocx.ocx
2011-03-06 02:42:40 709456 ----a-w- c:\windows\isRS-000.tmp
2011-02-26 01:19:32 41872 ------w- c:\windows\system32\xfcodec.dll
2011-02-19 05:33:11 802304 ----a-w- c:\windows\system32\FntCache.dll
2011-02-19 05:32:48 1074176 ----a-w- c:\windows\system32\DWrite.dll
2011-02-19 05:32:35 739840 ----a-w- c:\windows\system32\d2d1.dll
2011-02-03 06:54:36 86016 ------w- c:\windows\system32\frapsvid.dll
2011-02-03 02:40:23 472808 ------w- c:\windows\system32\deployJava1.dll
2011-01-20 23:53:48 75136 ------w- c:\windows\system32\PnkBstrA.exe
2011-01-20 21:31:17 22328 ----a-w- c:\users\michael\appdata\roaming\PnkBstrK.sys
2011-01-20 01:48:08 37376 ------w- c:\windows\system32\themeservice.dll
2011-01-20 01:48:08 2755072 ------w- c:\windows\system32\themeui.dll
2011-01-20 01:48:07 249856 ------w- c:\windows\system32\uxtheme.dll
2011-01-15 22:26:16 0 ----a-w- c:\windows\ativpsrm.bin
.
============= FINISH: 20:22:19.13 ===============
-
hi,
Ok looks like we are done. Couple things to do; you can delete the tdsskiller icon from your desktop. Combofix can be removed like this:
hold down the Windows icon key and click the R key on your keyboard to bring up the 'run' box. Type in combofix /uninstall
click ok
note the space after the x and before the /
Note that the free version of malwarebytes must be updated manually and a scan started manually.
You can delete all restore points and create a new one. The why:
One of the features of Windows XP,Vista and Windows7 is the System Restore option, however if malware infects a computer it is possible that the malware could be backed up in the System Restore archive. Therefore, clearing the restore points is a good idea after malware is removed and your computer appears to be functioning ok.
You can read this link for how to delete restore points in W7.
W7 restore points
and last; some tip to help you remain malware free:
10 Tips for Prevention and Avoidance of Malware:
There is no reason why your computer can not stay malware free.
No software can think for you. Help yourself. In no special order:
1) It is essential to keep your operating system (Windows) browser (IE, FireFox, Chrome, Opera) and other software up to date to "patch" vulnerabilities that could be exploited. Visit Windows Update frequently or use the Windows auto-update feature. Staying updated is also essential for other web based applications like Java, Adobe Flash/Reader, iTunes etc. More and more third party applications are being targeted. Not sure if you are using the latest version of software? Check their version status and get the updates here.
2) Know what you are installing to your computer. Alot of software can come bundled with unwanted add-ons, like adware, toolbars and malware. More and more legitimate software is installing useless toolbars if not unchecked first. Do not install any files from ads, popups or random links. Do not fall for fake warnings about virus and trojans being found on your computer and you are then prompted to install software to remedy this. See also the signs that you may have malware on your computer.
3) Install and keep updated: one antivirus and two or three anti-malware applications. If not updated they will soon be worthless. If either of these frequently find malware then its time to *review your computer habits*.
4) Refrain from clicking on links or attachments via E-Mail, IM, IRC, Chat Rooms, Blogs or Social Networking Sites, no matter how tempting or legitimate the message may seem. See also E-mail phishing Tricks.
5) Do not click on ads/pop ups or offers from websites requesting that you need to install software to your computer--*for any reason*. Use the Alt+F4 keys to close the window.
6) Don't click on offers to "scan" your computer. Install ActiveX Objects with care. Do you trust the website to install components?
7) Consider the use of limited (non-privileged) accounts for everyday use, rather than administrator accounts. Limited accounts can help prevent *malware from installing and lessen its potential impact.* This is exactly what user account control (UAC) in Windows Vista and Windows 7 attempts to address.
8) Install and understand the *limitations* of a software firewall.
9) A tool for automatically hardening and securing Internet Explorer 8.0. Requires site registration for downloading. Changes some of the default settings of IE 8.0, Read the FAQ's. Or see a slide show Here and do it yourself. How to harden FireFox. for safer surfing.
10) Warez, cracks etc are very popular for carrying malware payloads. If you look for these you will encounter malware. If you download/install files via p2p networks you will encounter malware. Can you really trust the source of the file?
More info/tips with pictures in links below.
Happy Safe Surfing.
Last edited by shelf life; 2011-04-10 at 01:24.
Reason: added stuff
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules