Windows 7 Forums

Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.

Windows 7: Please help virus

12 Jan 2011   #11

Windows 7 Home Premium x64 SP1

I suggest deleting everything on System restrore and rescan the PC again with Hitman Pro. If it didnt find anything, i suggest using some sort of anti-keylogger and sandbox type of program.

My System SpecsSystem Spec
12 Jan 2011   #12
Microsoft MVP

Windows 7 Ult. x64

Quote   Quote: Originally Posted by CanIHaz View Post
I suggest deleting everything on System restrore
The system restore points appear to have been deleted already.
My System SpecsSystem Spec
12 Jan 2011   #13

windows 7 home premium 7

oh no.. how do i know when my computer is safe? I got the virus today, from this website -[
and what do you mean change the passwords... the windows passwords or the websites i've gone to? because i have changed my email, and my facebook, but i can't remember all of the sites i go to...
My System SpecsSystem Spec

12 Jan 2011   #14

windows 7 home premium 7

i got the virus from a file but don't click the linkanyway.
My System SpecsSystem Spec
12 Jan 2011   #15

Windows 7 Home Premium x64 SP1

seem like you were hit by a drive-by download. If you're worried about password stealer, you can try Keyscrambler Personal as an anti-keylogger (QFX Software - Download KeyScrambler). Are you under 32 or 64bits?
My System SpecsSystem Spec
12 Jan 2011   #16
Microsoft MVP

Windows 7 Ult. x64

*** Please delete that link you posted ***

My recommendation to you is to wait until an expert reviews this thread.
My System SpecsSystem Spec
12 Jan 2011   #17

Windows 7 & Windows Vista Ultimate

Hi, catsalive6.

I have the feeling that it is more than Exploit-ByteVerify which is the problem. Let's see what shows in a log and either Jacee or I will take a look at it.

Download DDS and save it to your desktop from here.
Disable any script blocker, and then double click dds.scr to run the tool.
  • When done, DDS will open two (2) logs:
    • DDS.txt
    • Attach.txt
  • Save both reports to your desktop.


Please include the following logs in your thread:
  • Contents of the DDS.txt posted as text in your reply
  • Post a copy of the Attach.txt to your post as well. It may be necessary to create a second reply if the Attach.txt is lengthy.
My System SpecsSystem Spec
12 Jan 2011   #18

windows 7 home premium 7

what is a script blocker?
My System SpecsSystem Spec
12 Jan 2011   #19

windows 7 home premium 7

DDS (Ver_10-12-12.02) - NTFS_AMD64 NETWORK
Run by KC at 20:30:31.37 on Wed 01/12/2011
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_22
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3893.2040 [GMT -5:00]

AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}

============== Running Processes ===============

C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\\Agent\mcagent.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files (x86)\Safari\Safari.exe
C:\Program Files (x86)\Microsoft Office\Office10\WINWORD.EXE
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files (x86)\iTunes\iTunes.exe
C:\Program Files\McAfee\VirusScan\mcods.exe

============== Pseudo HJT Report ===============

uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: H - No File
mWinlogon: Userinit=userinit.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20110112132123.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~2\mcafee\sitead~1\mcieplg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~2\mcafee\sitead~1\mcieplg.dll
TB: {88C7F2AA-F93F-432C-8F0E-B7D85967A527} - No File
uRun: [Google Update] "C:\Users\KC\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [EA Core] "C:\Program Files (x86)\Electronic Arts\EADM\Core.exe" -silent
uRun: [RocketDock] "C:\Program Files (x86)\RocketDock\RocketDock.exe"
uRun: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe
mRun: [DELL Webcam Manager] "C:\Program Files (x86)\Dell\Dell Webcam Manager\DellWMgr.exe" /s
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [mcui_exe] "C:\Program Files\\Agent\mcagent.exe" /runkey
mRun: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
mRunOnce: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
StartupFolder: C:\Users\KC\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\DELLDO~1.LNK - C:\Program Files\Dell\DellDock\DellDock.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MICROS~1.LNK - C:\Program Files (x86)\Microsoft Office\Office10\OSA.EXE
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office10\EXCEL.EXE/3000
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://
DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} - hxxp://
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files (x86)\Common Files\microsoft shared\Web Folders\PKMCDO.DLL
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\McAfee\SITEAD~1\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\McAfee\SITEAD~1\McIEPlg.dll
BHO-X64: McAfee Phishing Filter: {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\MSKAPB~1.DLL
BHO-X64: McAfee Phishing Filter - No File
BHO-X64: Windows Live Family Safety Browser Helper Class: {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll
BHO-X64: Windows Live Family Safety Browser Helper - No File
BHO-X64: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20110112132123.dll
BHO-X64: scriptproxy - No File
BHO-X64: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll
TB-X64: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll
TB-X64: {88C7F2AA-F93F-432C-8F0E-B7D85967A527} - No File
mRun-x64: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
mRun-x64: [Apoint] C:\Program Files\DellTPad\Apoint.exe
mRun-x64: [Broadcom Wireless Manager UI] C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.exe
mRun-x64: [IgfxTray] C:\Windows\system32\igfxtray.exe
mRun-x64: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
mRun-x64: [Persistence] C:\Windows\system32\igfxpers.exe
mRun-x64: [McPvTray] C:\Program Files\McAfee\Anti-Theft\McPvTray.exe

================= FIREFOX ===================

FF - ProfilePath - C:\Users\KC\AppData\Roaming\Mozilla\Firefox\Profiles\hq4hhlek.default\
FF - prefs.js: - Google
FF - prefs.js: network.proxy.type - 0
FF - component: C:\Program Files (x86)\McAfee\SiteAdvisor\components\McFFPlg.dll
FF - component: C:\Users\KC\AppData\Roaming\Mozilla\Firefox\Profiles\hq4hhlek.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\FFExternalAlert.dll
FF - component: C:\Users\KC\AppData\Roaming\Mozilla\Firefox\Profiles\hq4hhlek.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\RadioWMPCore.dll
FF - component: C:\Users\KC\AppData\Roaming\Mozilla\Firefox\Profiles\hq4hhlek.default\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}\components\RadioWMPCore.dll
FF - component: C:\Users\KC\AppData\Roaming\Mozilla\Firefox\Profiles\hq4hhlek.default\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}\components\RadioWMPCoreGecko19.dll
FF - component: C:\Users\KC\AppData\Roaming\Mozilla\Firefox\Profiles\hq4hhlek.default\extensions\\ components\RadioWMPCore.dll
FF - component: C:\Users\KC\AppData\Roaming\Mozilla\Firefox\Profiles\hq4hhlek.default\extensions\\ components\RadioWMPCoreGecko19.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npRLCT4Player.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\KC\AppData\Local\Google\Update\\npGoogleOneClick8.dll
FF - plugin: C:\Users\KC\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Zynga Toolbar: {7b13ec3e-999a-4b70-b9cb-2617b8323822} - %profile%\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}
FF - Ext: Conduit Engine : - %profile%\extensions\
FF - Ext: BitTorrentBar Community Toolbar: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - %profile%\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}
FF - Ext: McAfee SiteAdvisor: {B7082FAA-CB62-4872-9106-E42DD88EDE45} - C:\Program Files (x86)\McAfee\SiteAdvisor

============= SERVICES / DRIVERS ===============

R0 McPvDrv;McPvDrv Driver;C:\Windows\System32\drivers\McPvDrv.sys [2009-11-17 72296]
R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\System32\drivers\mfehidk.sys [2010-8-24 529128]
R1 mfenlfk;McAfee NDIS Light Filter;C:\Windows\System32\drivers\mfenlfk.sys [2011-1-12 75032]
R1 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\System32\drivers\mfewfpk.sys [2011-1-12 283360]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\System32\drivers\vwififlt.sys [2009-7-13 59904]
R2 McMPFSvc;McAfee Personal Firewall Service;"C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [2011-1-12 355440]
R2 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe [2011-1-12 245352]
R2 mfevtp;McAfee Validation Trust Protection Service;C:\Windows\System32\mfevtps.exe [2011-1-12 149032]
R3 HECIx64;Intel(R) Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2010-4-21 56344]
R3 mfefirek;McAfee Inc. mfefirek;C:\Windows\System32\drivers\mfefirek.sys [2011-1-12 441328]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2010-4-21 239616]
S1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2011-1-12 271952]
S1 MOBKFilter;MOBKFilter;C:\Windows\System32\drivers\MOBK.sys [2011-1-12 66040]
S2 0092391294856798mcinstcleanup;McAfee Application Installer Cleanup (0092391294856798);C:\Windows\TEMP\009239~1.EXE C:\PROGRA~2\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service --> C:\Windows\TEMP\009239~1.EXE C:\PROGRA~2\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service [?]
S2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2010-4-21 92160]
S2 aswFsBlk;aswFsBlk;C:\Windows\System32\drivers\aswFsBlk.sys [2011-1-12 20560]
S2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2011-1-12 62032]
S2 avast! Antivirus;avast! Antivirus;C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2011-1-12 40384]
S2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2010-1-11 155648]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;"C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [2011-1-12 355440]
S2 McNaiAnn;McAfee VirusScan Announcer;"C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [2011-1-12 355440]
S2 McProxy;McAfee Proxy Service;"C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [2011-1-12 355440]
S2 McShield;McShield;C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe [2011-1-12 200056]
S2 MOBKbackup;McAfee Online Backup;C:\Program Files (x86)\McAfee Online Backup\MOBKbackup.exe [2010-4-13 231224]
S2 TurboB;Turbo Boost UI Monitor driver;C:\Windows\System32\drivers\TurboB.sys [2009-11-2 13784]
S2 UNS;Intel(R) Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-4-21 2320920]
S3 cfwids;McAfee Inc. cfwids;C:\Windows\System32\drivers\cfwids.sys [2011-1-12 62800]
S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2010-9-20 61288]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-4-28 704872]
S3 Impcd;Impcd;C:\Windows\System32\drivers\Impcd.sys [2010-4-21 151936]
S3 IntcDAud;Intel(R) Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2010-4-21 233984]
S3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\System32\drivers\mfeavfk.sys [2011-1-12 190136]
S3 mferkdet;McAfee Inc. mferkdet;C:\Windows\System32\drivers\mferkdet.sys [2011-1-12 94864]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2010-4-21 220672]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2010-9-28 51712]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-9-26 1255736]
S3 WSDPrintDevice;WSD Print Support via UMB;C:\Windows\System32\drivers\WSDPrint.sys [2009-7-13 23040]

=============== Created Last 30 ================

2011-01-12 20:28:13 -------- d-----w- C:\Users\KC\AppData\Roaming\Malwarebytes
2011-01-12 20:28:00 38224 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
2011-01-12 20:28:00 -------- d-----w- C:\PROGRA~3\Malwarebytes
2011-01-12 20:27:56 24152 ----a-w- C:\Windows\System32\drivers\mbam.sys
2011-01-12 20:27:55 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2011-01-12 20:00:16 62032 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
2011-01-12 20:00:13 38848 ----a-w- C:\Windows\avastSS.scr
2011-01-12 20:00:11 -------- d-----w- C:\PROGRA~3\Alwil Software
2011-01-12 19:36:05 -------- d-----w- C:\PROGRA~3\MFAData
2011-01-12 18:49:53 -------- d-----w- C:\Program Files (x86)\ESET
2011-01-12 18:22:07 -------- d-----w- C:\Program Files (x86)\McAfeeMOBK
2011-01-12 18:22:00 66040 ----a-w- C:\Windows\System32\drivers\MOBK.sys
2011-01-12 18:21:59 -------- d-----w- C:\Program Files (x86)\McAfee Online Backup
2011-01-12 18:21:33 -------- d-----w- C:\Program Files (x86)\
2011-01-12 18:21:23 24376 ----a-w- C:\Program Files (x86)\Mozilla Firefox\components\Scriptff.dll
2011-01-12 18:21:23 -------- d-----w- C:\Program Files (x86)\Common Files\McAfee
2011-01-12 18:21:22 9984 ----a-w- C:\Windows\System32\drivers\mfeclnk.sys
2011-01-12 18:20:44 94864 ----a-w- C:\Windows\System32\drivers\mferkdet.sys
2011-01-12 18:20:44 75032 ----a-w- C:\Windows\System32\drivers\mfenlfk.sys
2011-01-12 18:20:44 62800 ----a-w- C:\Windows\System32\drivers\cfwids.sys
2011-01-12 18:20:44 441328 ----a-w- C:\Windows\System32\drivers\mfefirek.sys
2011-01-12 18:20:44 283360 ----a-w- C:\Windows\System32\drivers\mfewfpk.sys
2011-01-12 18:20:44 190136 ----a-w- C:\Windows\System32\drivers\mfeavfk.sys
2011-01-12 18:20:37 -------- d-----w- C:\Program Files\
2011-01-12 18:20:37 -------- d-----w- C:\Program Files\Common Files\McAfee
2011-01-12 17:57:13 -------- d-----w- C:\Users\KC\AppData\Local\McAfee Anti-Theft
2011-01-12 17:54:31 -------- d-----w- C:\PROGRA~3\McAfee Anti-Theft
2011-01-12 17:53:56 149032 ----a-w- C:\Windows\System32\mfevtps.exe
2011-01-12 17:53:17 -------- d-----w- C:\Users\KC\AppData\Roaming\McAfee
2011-01-12 01:43:51 720896 ----a-w- C:\Windows\System32\odbc32.dll
2011-01-12 01:43:51 573440 ----a-w- C:\Windows\SysWow64\odbc32.dll
2011-01-12 01:43:51 1425408 ----a-w- C:\Program Files\Common Files\System\ado\msado15.dll
2011-01-12 01:43:50 987136 ----a-w- C:\Program Files (x86)\Common Files\System\ado\msado15.dll
2011-01-12 01:43:50 495616 ----a-w- C:\Program Files\Common Files\System\ado\msadox.dll
2011-01-12 01:43:50 466944 ----a-w- C:\Program Files\Common Files\System\ado\msadomd.dll
2011-01-12 01:43:50 258048 ----a-w- C:\Program Files\Common Files\System\msadc\msadco.dll
2011-01-12 01:43:49 372736 ----a-w- C:\Program Files (x86)\Common Files\System\ado\msadox.dll
2011-01-12 01:43:49 352256 ----a-w- C:\Program Files (x86)\Common Files\System\ado\msadomd.dll
2011-01-12 01:43:49 208896 ----a-w- C:\Program Files (x86)\Common Files\System\msadc\msadco.dll
2011-01-11 07:10:28 8199504 ----a-w- C:\PROGRA~3\Microsoft\Windows Defender\Definition Updates\{739CBADB-8551-4653-A7AF-FEB5E48E3D4C}\mpengine.dll
2010-12-29 17:04:40 4277016 ----a-w- C:\PROGRA~3\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-4\markup.dll
2010-12-23 20:13:37 4277016 ----a-w- C:\PROGRA~3\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-7\markup.dll
2010-12-17 20:44:12 34152 ----a-w- C:\Windows\System32\drivers\GEARAspiWDM.sys
2010-12-17 20:44:12 126312 ----a-w- C:\Windows\System32\GEARAspi64.dll
2010-12-17 20:44:12 107368 ----a-w- C:\Windows\SysWow64\GEARAspi.dll
2010-12-17 20:43:27 -------- d-----w- C:\Program Files\iPod
2010-12-17 20:43:26 -------- d-----w- C:\Program Files\iTunes
2010-12-17 20:43:26 -------- d-----w- C:\Program Files (x86)\iTunes
2010-12-17 20:40:22 -------- d-----w- C:\Program Files\Bonjour
2010-12-17 20:40:22 -------- d-----w- C:\Program Files (x86)\Bonjour
2010-12-16 20:59:48 -------- d-----w- C:\Users\KC\AppData\Local\Diagnostics
2010-12-16 03:57:08 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2010-12-16 03:57:08 2048 ----a-w- C:\Windows\System32\tzres.dll

==================== Find3M ====================

2010-11-29 22:38:30 94208 ----a-w- C:\Windows\SysWow64\QuickTimeVR.qtx
2010-11-29 22:38:30 69632 ----a-w- C:\Windows\SysWow64\QuickTime.qts
2010-11-04 06:35:53 1194496 ----a-w- C:\Windows\System32\wininet.dll
2010-11-04 06:31:34 57856 ----a-w- C:\Windows\System32\licmgr10.dll
2010-11-04 05:52:17 978944 ----a-w- C:\Windows\SysWow64\wininet.dll
2010-11-04 05:48:36 44544 ----a-w- C:\Windows\SysWow64\licmgr10.dll
2010-11-04 05:16:14 482816 ----a-w- C:\Windows\System32\html.iec
2010-11-04 04:41:26 386048 ----a-w- C:\Windows\SysWow64\html.iec
2010-11-04 04:35:37 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
2010-11-04 04:08:54 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2010-11-02 05:18:17 524288 ----a-w- C:\Windows\System32\wmicmiplugin.dll
2010-11-02 05:17:38 473600 ----a-w- C:\Windows\System32\taskcomp.dll
2010-11-02 05:17:38 1169408 ----a-w- C:\Windows\System32\taskschd.dll
2010-11-02 05:16:53 1114624 ----a-w- C:\Windows\System32\schedsvc.dll
2010-11-02 05:10:47 464384 ----a-w- C:\Windows\System32\taskeng.exe
2010-11-02 05:10:32 285696 ----a-w- C:\Windows\System32\schtasks.exe
2010-11-02 04:40:36 496128 ----a-w- C:\Windows\SysWow64\taskschd.dll
2010-11-02 04:40:36 305152 ----a-w- C:\Windows\SysWow64\taskcomp.dll
2010-11-02 04:34:44 192000 ----a-w- C:\Windows\SysWow64\taskeng.exe
2010-11-02 04:34:33 179712 ----a-w- C:\Windows\SysWow64\schtasks.exe
2010-10-20 05:20:01 46080 ----a-w- C:\Windows\System32\atmlib.dll
2010-10-20 04:54:18 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
2010-10-20 03:09:15 3124224 ----a-w- C:\Windows\System32\win32k.sys
2010-10-20 03:05:46 367104 ----a-w- C:\Windows\System32\atmfd.dll
2010-10-20 02:58:41 294400 ----a-w- C:\Windows\SysWow64\atmfd.dll
2010-10-19 15:41:44 270720 ------w- C:\Windows\System32\MpSigStub.exe
2010-10-16 05:23:13 112000 ----a-w- C:\Windows\System32\consent.exe
2010-10-16 05:19:41 395776 ----a-w- C:\Windows\System32\webio.dll
2010-10-16 04:36:10 314368 ----a-w- C:\Windows\SysWow64\webio.dll

============= FINISH: 20:30:55.12 ===============


DDS (Ver_10-12-12.02)

Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 9/20/2010 3:54:12 AM
System Uptime: 1/12/2011 1:32:55 PM (7 hours ago)

Motherboard: Dell Inc. | | 0TKV96
Processor: Intel(R) Core(TM) i3 CPU M 330 @ 2.13GHz | U2E1 | 2128/133mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 466 GiB total, 377.874 GiB free.
D: is CDROM ()

==== Disabled Device Manager Items =============

Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: Security Processor Loader Driver
Name: Security Processor Loader Driver
Service: spldr

==== System Restore Points ===================

RP1: 1/12/2011 12:53:42 PM - Installed McAfee Anti-Theft

==== Installed Programs ======================

Adobe AIR
Adobe Flash Player 10 Plugin
Adobe Flash Player ActiveX
Adobe Reader 9.3.4
Advanced Audio FX Engine
Advanced Video FX Engine
Amazon Kindle For PC v1.1
Apple Application Support
Apple Software Update
avast! Free Antivirus
Cisco EAP-FAST Module
Cisco LEAP Module
Cisco PEAP Module
Dell Dock
Dell Driver Download Manager
Dell Webcam Center
Dell Webcam Manager
Diner Dash
Diner Dash 2 Restaurant Rescue
EA Download Manager
ESET Online Scanner v3
Google Chrome
Intel(R) Graphics Media Accelerator Driver
Intel(R) Management Engine Components
Java Auto Updater
Java(TM) 6 Update 22
JMicron JMB38X Flash Media Controller
Malwarebytes' Anti-Malware
McAfee Online Backup
McAfee Total Protection
Microsoft Choice Guard
Microsoft Office XP Professional with FrontPage
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft WSE 3.0 Runtime
Mozilla Firefox (3.6.13)
Netflix in Windows Media Center
Norton Security Scan
Realtek Ethernet Controller Driver For Windows Vista and Later
Realtek High Definition Audio Driver
Realtek USB 2.0 Card Reader
System Requirements Lab CYRI
The Sims™ 3
The Sims™ 3 Ambitions
The Sims™ 3 Late Night
WildTangent Games
WildTangent ORB Game Console
Windows Live Communications Platform
Windows Live Essentials
Windows Live Movie Maker
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Upload Tool
Yahoo! BrowserPlus 2.9.8
Yawcam 0.3.3

==== Event Viewer Messages From Past Week ========

1/12/2011 3:29:32 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
1/12/2011 3:00:15 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}
1/12/2011 1:57:20 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
1/12/2011 1:44:55 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service McNaiAnn with arguments "" in order to run the server: {395633B1-EED9-4DFC-B67F-9788B51C9F06}
1/12/2011 1:44:54 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service McNaiAnn with arguments "" in order to run the server: {DC7EF8E1-824F-4110-AB43-1604DA9B4F40}
1/12/2011 1:44:05 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR2.
1/12/2011 1:38:16 PM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.
1/12/2011 1:33:53 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
1/12/2011 1:33:53 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
1/12/2011 1:33:49 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
1/12/2011 1:33:44 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
1/12/2011 1:33:31 PM, Error: Microsoft-Windows-WLAN-AutoConfig [10000] - WLAN Extensibility Module has failed to start. Module Path: C:\Windows\System32\bcmihvsrv64.dll Error Code: 21
1/12/2011 1:33:29 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: discache MOBKFilter spldr Wanarpv6
1/12/2011 1:33:22 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x00000019 (0x0000000000000020, 0xfffffa8003b17c30, 0xfffffa8003b17cb0, 0x0000000004080016). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 011211-15225-01.

==== End Of File ===========================
My System SpecsSystem Spec
12 Jan 2011   #20

Windows 7 & Windows Vista Ultimate


One or more of the identified infections is a backdoor trojan. This allows hackers to remotely control your computer, steal critical system information and Download and Execute files

I would counsel you to disconnect this PC from the Internet immediately.

Although we may be able to remove the trojan, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of Trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

I would strongly recommend format and reinstallation of this machine. For more information, you may wish to read one of these excellent articles:
Please let me know if you wish to continue to clean this machine or if you wish to format.
My System SpecsSystem Spec

 Please help virus

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Similar help and support threads
Thread Forum
Possible Memory Leak Virus - Anti-virus detects nothing?
Hello, I am needing some support on what is exactly taking up all the RAM on my brother's PC as after about 8 hours of uptime, 65% of my Physical Memory is being used up with nothing really open. I did some research and found out it was a possible memory leak or virus, so I first tried to run...
Performance & Maintenance
how to fix / clean windows from ramnit virus and virut virus?
my windows infected ramnit virus and virut virus,how to clean them?
System Security
I have a virus and unable to run/download anti-virus software
Hi, This is my first time posting to the forum. I am not that knowledgeable with computers, but can follow basic instructions. My laptop is acting funny--I think I have a virus. However, I am unable to run any anti-malware or anti-virus software. I try to run McAfee and I get an error...
System Security
Want ideas for Virus removal if virus shows up in safemode CMD
Hi, Looking for general ideas on how everyone else handles a strong virus. If the virus is showing up in Windows regular mode, it opens in safemode and opens in safmode with command prompt. Besides the usual such as boot to repair mode and use system restore, dock hard drive to another pc and...
System Security
RPC Virus message in Action Center, though the virus seems to be gone?
So I was managing my Laptop (Compaq Presario CQ57 with Windows Home Premium SP1) after a long time away from it, I left it in the care of a friend of mine, I noticed a few strange things. 1) I couldn't update Windows. 2) I couldn't turn ON my firewall 3) Windows Security Center was missing....
System Security
Want are the best afforable anti-virus for a trojan virus
what anti-virus would be great at getting rid of a trojan virus some of the anti virus i have used told me i had one but could not delete it.
System Security

Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 16:00.

Twitter Facebook Google+

Windows 7 Forums

Seven Forums Android App Seven Forums IOS App