Please help virus

Page 2 of 3 FirstFirst 123 LastLast

  1. CanIHaz
    Posts : 91
    Windows 7 Home Premium x64 SP1
       New #11

    I suggest deleting everything on System restrore and rescan the PC again with Hitman Pro. If it didnt find anything, i suggest using some sort of anti-keylogger and sandbox type of program.
      My Computer
    Quote Quote

  3. Golden
    Posts : 19,383
    Windows 10 Pro x64 ; Xubuntu x64
       New #12

    CanIHaz said:
    I suggest deleting everything on System restrore
    The system restore points appear to have been deleted already.
      My Computer
    Quote Quote

  4. catsalive6
    Posts : 12
    windows 7 home premium 7
    Thread Starter
       New #13

    oh no.. how do i know when my computer is safe? I got the virus today, from this website -[
    and what do you mean change the passwords... the windows passwords or the websites i've gone to? because i have changed my email, and my facebook, but i can't remember all of the sites i go to...
    Last edited by catsalive6; 12 Jan 2011 at 20:28.
      My Computer
    Quote Quote

  6. catsalive6
    Posts : 12
    windows 7 home premium 7
    Thread Starter
       New #14

    DO NOT CLIKC ON THE WEBSITE
    i got the virus from a file but don't click the linkanyway.
      My Computer
    Quote Quote

  7. CanIHaz
    Posts : 91
    Windows 7 Home Premium x64 SP1
       New #15

    seem like you were hit by a drive-by download. If you're worried about password stealer, you can try Keyscrambler Personal as an anti-keylogger (QFX Software - Download KeyScrambler). Are you under 32 or 64bits?
      My Computer
    Quote Quote

  8. Golden
    Posts : 19,383
    Windows 10 Pro x64 ; Xubuntu x64
       New #16

    *** Please delete that link you posted ***

    My recommendation to you is to wait until an expert reviews this thread.
      My Computer
    Quote Quote

  10. Corrine
    Posts : 2,303
    Windows 7 & Windows Vista Ultimate
       New #17

    Hi, catsalive6.

    I have the feeling that it is more than Exploit-ByteVerify which is the problem. Let's see what shows in a log and either Jacee or I will take a look at it.

    Download DDS and save it to your desktop from here.
    Disable any script blocker, and then double click dds.scr to run the tool.
    • When done, DDS will open two (2) logs:
      • DDS.txt
      • Attach.txt

    • Save both reports to your desktop.


    -----------------------------------------------------

    Please include the following logs in your thread:

    • Contents of the DDS.txt posted as text in your reply
    • Post a copy of the Attach.txt to your post as well. It may be necessary to create a second reply if the Attach.txt is lengthy.
      My Computer
    Quote Quote

  11. catsalive6
    Posts : 12
    windows 7 home premium 7
    Thread Starter
       New #18

    what is a script blocker?
      My Computer
    Quote Quote

  12. catsalive6
    Posts : 12
    windows 7 home premium 7
    Thread Starter
       New #19

    DDS (Ver_10-12-12.02) - NTFS_AMD64 NETWORK
    Run by KC at 20:30:31.37 on Wed 01/12/2011
    Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_22
    Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3893.2040 [GMT -5:00]

    AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
    FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}

    ============== Running Processes ===============

    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\system32\mfevtps.exe
    C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
    C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Windows\Explorer.EXE
    C:\Windows\system32\ctfmon.exe
    C:\Program Files\McAfee.com\Agent\mcagent.exe
    C:\Windows\System32\svchost.exe -k secsvcs
    C:\Program Files (x86)\Safari\Safari.exe
    C:\Program Files (x86)\Microsoft Office\Office10\WINWORD.EXE
    C:\Windows\explorer.exe
    C:\Program Files\Alwil Software\Avast5\AvastUI.exe
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
    C:\Program Files (x86)\iTunes\iTunes.exe
    C:\Program Files\McAfee\VirusScan\mcods.exe
    C:\Windows\SysWOW64\NOTEPAD.EXE
    C:\Users\KC\AppData\Local\Temp\4ob9pe01.tmp\dds.scr
    C:\Windows\system32\conhost.exe
    C:\Windows\system32\wbem\wmiprvse.exe

    ============== Pseudo HJT Report ===============

    uInternet Settings,ProxyOverride = *.local
    uURLSearchHooks: H - No File
    mWinlogon: Userinit=userinit.exe
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll
    BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20110112132123.dll
    BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~2\mcafee\sitead~1\mcieplg.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~2\mcafee\sitead~1\mcieplg.dll
    TB: {88C7F2AA-F93F-432C-8F0E-B7D85967A527} - No File
    uRun: [Google Update] "C:\Users\KC\AppData\Local\Google\Update\GoogleUpdate.exe" /c
    uRun: [EA Core] "C:\Program Files (x86)\Electronic Arts\EADM\Core.exe" -silent
    uRun: [RocketDock] "C:\Program Files (x86)\RocketDock\RocketDock.exe"
    uRun: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe
    mRun: [DELL Webcam Manager] "C:\Program Files (x86)\Dell\Dell Webcam Manager\DellWMgr.exe" /s
    mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRun: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
    mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    mRun: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
    mRun: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
    mRunOnce: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
    StartupFolder: C:\Users\KC\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\DELLDO~1.LNK - C:\Program Files\Dell\DellDock\DellDock.exe
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MICROS~1.LNK - C:\Program Files (x86)\Microsoft Office\Office10\OSA.EXE
    mPolicies-explorer: NoActiveDesktop = 1 (0x1)
    mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office10\EXCEL.EXE/3000
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
    DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} - hxxp://support.dell.com/systemprofiler/DellSystemLite.CAB
    DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
    Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files (x86)\Common Files\microsoft shared\Web Folders\PKMCDO.DLL
    Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\McAfee\SITEAD~1\McIEPlg.dll
    Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\McAfee\SITEAD~1\McIEPlg.dll
    BHO-X64: McAfee Phishing Filter: {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\MSKAPB~1.DLL
    BHO-X64: McAfee Phishing Filter - No File
    BHO-X64: Windows Live Family Safety Browser Helper Class: {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll
    BHO-X64: Windows Live Family Safety Browser Helper - No File
    BHO-X64: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20110112132123.dll
    BHO-X64: scriptproxy - No File
    BHO-X64: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll
    TB-X64: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll
    TB-X64: {88C7F2AA-F93F-432C-8F0E-B7D85967A527} - No File
    mRun-x64: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
    mRun-x64: [Apoint] C:\Program Files\DellTPad\Apoint.exe
    mRun-x64: [Broadcom Wireless Manager UI] C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.exe
    mRun-x64: [IgfxTray] C:\Windows\system32\igfxtray.exe
    mRun-x64: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
    mRun-x64: [Persistence] C:\Windows\system32\igfxpers.exe
    mRun-x64: [McPvTray] C:\Program Files\McAfee\Anti-Theft\McPvTray.exe

    ================= FIREFOX ===================

    FF - ProfilePath - C:\Users\KC\AppData\Roaming\Mozilla\Firefox\Profiles\hq4hhlek.default\
    FF - prefs.js: browser.search.selectedEngine - Google
    FF - prefs.js: network.proxy.type - 0
    FF - component: C:\Program Files (x86)\McAfee\SiteAdvisor\components\McFFPlg.dll
    FF - component: C:\Users\KC\AppData\Roaming\Mozilla\Firefox\Profiles\hq4hhlek.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\FFExternalAlert.dll
    FF - component: C:\Users\KC\AppData\Roaming\Mozilla\Firefox\Profiles\hq4hhlek.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\RadioWMPCore.dll
    FF - component: C:\Users\KC\AppData\Roaming\Mozilla\Firefox\Profiles\hq4hhlek.default\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}\components\RadioWMPCore.dll
    FF - component: C:\Users\KC\AppData\Roaming\Mozilla\Firefox\Profiles\hq4hhlek.default\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}\components\RadioWMPCoreGecko19.dll
    FF - component: C:\Users\KC\AppData\Roaming\Mozilla\Firefox\Profiles\hq4hhlek.default\extensions\engine@conduit.com\ components\RadioWMPCore.dll
    FF - component: C:\Users\KC\AppData\Roaming\Mozilla\Firefox\Profiles\hq4hhlek.default\extensions\engine@conduit.com\ components\RadioWMPCoreGecko19.dll
    FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npRLCT4Player.dll
    FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
    FF - plugin: C:\Users\KC\AppData\Local\Google\Update\1.2.183.39\npGoogleOneClick8.dll
    FF - plugin: C:\Users\KC\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll
    FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
    FF - Ext: Zynga Toolbar: {7b13ec3e-999a-4b70-b9cb-2617b8323822} - %profile%\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}
    FF - Ext: Conduit Engine : engine@conduit.com - %profile%\extensions\engine@conduit.com
    FF - Ext: BitTorrentBar Community Toolbar: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - %profile%\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}
    FF - Ext: McAfee SiteAdvisor: {B7082FAA-CB62-4872-9106-E42DD88EDE45} - C:\Program Files (x86)\McAfee\SiteAdvisor

    ============= SERVICES / DRIVERS ===============

    R0 McPvDrv;McPvDrv Driver;C:\Windows\System32\drivers\McPvDrv.sys [2009-11-17 72296]
    R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\System32\drivers\mfehidk.sys [2010-8-24 529128]
    R1 mfenlfk;McAfee NDIS Light Filter;C:\Windows\System32\drivers\mfenlfk.sys [2011-1-12 75032]
    R1 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\System32\drivers\mfewfpk.sys [2011-1-12 283360]
    R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\System32\drivers\vwififlt.sys [2009-7-13 59904]
    R2 McMPFSvc;McAfee Personal Firewall Service;"C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [2011-1-12 355440]
    R2 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe [2011-1-12 245352]
    R2 mfevtp;McAfee Validation Trust Protection Service;C:\Windows\System32\mfevtps.exe [2011-1-12 149032]
    R3 HECIx64;Intel(R) Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2010-4-21 56344]
    R3 mfefirek;McAfee Inc. mfefirek;C:\Windows\System32\drivers\mfefirek.sys [2011-1-12 441328]
    R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2010-4-21 239616]
    S1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2011-1-12 271952]
    S1 MOBKFilter;MOBKFilter;C:\Windows\System32\drivers\MOBK.sys [2011-1-12 66040]
    S2 0092391294856798mcinstcleanup;McAfee Application Installer Cleanup (0092391294856798);C:\Windows\TEMP\009239~1.EXE C:\PROGRA~2\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service --> C:\Windows\TEMP\009239~1.EXE C:\PROGRA~2\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service [?]
    S2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2010-4-21 92160]
    S2 aswFsBlk;aswFsBlk;C:\Windows\System32\drivers\aswFsBlk.sys [2011-1-12 20560]
    S2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2011-1-12 62032]
    S2 avast! Antivirus;avast! Antivirus;C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2011-1-12 40384]
    S2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2010-1-11 155648]
    S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;"C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [2011-1-12 355440]
    S2 McNaiAnn;McAfee VirusScan Announcer;"C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [2011-1-12 355440]
    S2 McProxy;McAfee Proxy Service;"C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [2011-1-12 355440]
    S2 McShield;McShield;C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe [2011-1-12 200056]
    S2 MOBKbackup;McAfee Online Backup;C:\Program Files (x86)\McAfee Online Backup\MOBKbackup.exe [2010-4-13 231224]
    S2 TurboB;Turbo Boost UI Monitor driver;C:\Windows\System32\drivers\TurboB.sys [2009-11-2 13784]
    S2 UNS;Intel(R) Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-4-21 2320920]
    S3 cfwids;McAfee Inc. cfwids;C:\Windows\System32\drivers\cfwids.sys [2011-1-12 62800]
    S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2010-9-20 61288]
    S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-4-28 704872]
    S3 Impcd;Impcd;C:\Windows\System32\drivers\Impcd.sys [2010-4-21 151936]
    S3 IntcDAud;Intel(R) Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2010-4-21 233984]
    S3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\System32\drivers\mfeavfk.sys [2011-1-12 190136]
    S3 mferkdet;McAfee Inc. mferkdet;C:\Windows\System32\drivers\mferkdet.sys [2011-1-12 94864]
    S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2010-4-21 220672]
    S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2010-9-28 51712]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-9-26 1255736]
    S3 WSDPrintDevice;WSD Print Support via UMB;C:\Windows\System32\drivers\WSDPrint.sys [2009-7-13 23040]

    =============== Created Last 30 ================

    2011-01-12 20:28:13 -------- d-----w- C:\Users\KC\AppData\Roaming\Malwarebytes
    2011-01-12 20:28:00 38224 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
    2011-01-12 20:28:00 -------- d-----w- C:\PROGRA~3\Malwarebytes
    2011-01-12 20:27:56 24152 ----a-w- C:\Windows\System32\drivers\mbam.sys
    2011-01-12 20:27:55 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2011-01-12 20:00:16 62032 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
    2011-01-12 20:00:13 38848 ----a-w- C:\Windows\avastSS.scr
    2011-01-12 20:00:11 -------- d-----w- C:\PROGRA~3\Alwil Software
    2011-01-12 19:36:05 -------- d-----w- C:\PROGRA~3\MFAData
    2011-01-12 18:49:53 -------- d-----w- C:\Program Files (x86)\ESET
    2011-01-12 18:22:07 -------- d-----w- C:\Program Files (x86)\McAfeeMOBK
    2011-01-12 18:22:00 66040 ----a-w- C:\Windows\System32\drivers\MOBK.sys
    2011-01-12 18:21:59 -------- d-----w- C:\Program Files (x86)\McAfee Online Backup
    2011-01-12 18:21:33 -------- d-----w- C:\Program Files (x86)\McAfee.com
    2011-01-12 18:21:23 24376 ----a-w- C:\Program Files (x86)\Mozilla Firefox\components\Scriptff.dll
    2011-01-12 18:21:23 -------- d-----w- C:\Program Files (x86)\Common Files\McAfee
    2011-01-12 18:21:22 9984 ----a-w- C:\Windows\System32\drivers\mfeclnk.sys
    2011-01-12 18:20:44 94864 ----a-w- C:\Windows\System32\drivers\mferkdet.sys
    2011-01-12 18:20:44 75032 ----a-w- C:\Windows\System32\drivers\mfenlfk.sys
    2011-01-12 18:20:44 62800 ----a-w- C:\Windows\System32\drivers\cfwids.sys
    2011-01-12 18:20:44 441328 ----a-w- C:\Windows\System32\drivers\mfefirek.sys
    2011-01-12 18:20:44 283360 ----a-w- C:\Windows\System32\drivers\mfewfpk.sys
    2011-01-12 18:20:44 190136 ----a-w- C:\Windows\System32\drivers\mfeavfk.sys
    2011-01-12 18:20:37 -------- d-----w- C:\Program Files\McAfee.com
    2011-01-12 18:20:37 -------- d-----w- C:\Program Files\Common Files\McAfee
    2011-01-12 17:57:13 -------- d-----w- C:\Users\KC\AppData\Local\McAfee Anti-Theft
    2011-01-12 17:54:31 -------- d-----w- C:\PROGRA~3\McAfee Anti-Theft
    2011-01-12 17:53:56 149032 ----a-w- C:\Windows\System32\mfevtps.exe
    2011-01-12 17:53:17 -------- d-----w- C:\Users\KC\AppData\Roaming\McAfee
    2011-01-12 01:43:51 720896 ----a-w- C:\Windows\System32\odbc32.dll
    2011-01-12 01:43:51 573440 ----a-w- C:\Windows\SysWow64\odbc32.dll
    2011-01-12 01:43:51 1425408 ----a-w- C:\Program Files\Common Files\System\ado\msado15.dll
    2011-01-12 01:43:50 987136 ----a-w- C:\Program Files (x86)\Common Files\System\ado\msado15.dll
    2011-01-12 01:43:50 495616 ----a-w- C:\Program Files\Common Files\System\ado\msadox.dll
    2011-01-12 01:43:50 466944 ----a-w- C:\Program Files\Common Files\System\ado\msadomd.dll
    2011-01-12 01:43:50 258048 ----a-w- C:\Program Files\Common Files\System\msadc\msadco.dll
    2011-01-12 01:43:49 372736 ----a-w- C:\Program Files (x86)\Common Files\System\ado\msadox.dll
    2011-01-12 01:43:49 352256 ----a-w- C:\Program Files (x86)\Common Files\System\ado\msadomd.dll
    2011-01-12 01:43:49 208896 ----a-w- C:\Program Files (x86)\Common Files\System\msadc\msadco.dll
    2011-01-11 07:10:28 8199504 ----a-w- C:\PROGRA~3\Microsoft\Windows Defender\Definition Updates\{739CBADB-8551-4653-A7AF-FEB5E48E3D4C}\mpengine.dll
    2010-12-29 17:04:40 4277016 ----a-w- C:\PROGRA~3\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-4\markup.dll
    2010-12-23 20:13:37 4277016 ----a-w- C:\PROGRA~3\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-7\markup.dll
    2010-12-17 20:44:12 34152 ----a-w- C:\Windows\System32\drivers\GEARAspiWDM.sys
    2010-12-17 20:44:12 126312 ----a-w- C:\Windows\System32\GEARAspi64.dll
    2010-12-17 20:44:12 107368 ----a-w- C:\Windows\SysWow64\GEARAspi.dll
    2010-12-17 20:43:27 -------- d-----w- C:\Program Files\iPod
    2010-12-17 20:43:26 -------- d-----w- C:\Program Files\iTunes
    2010-12-17 20:43:26 -------- d-----w- C:\Program Files (x86)\iTunes
    2010-12-17 20:40:22 -------- d-----w- C:\Program Files\Bonjour
    2010-12-17 20:40:22 -------- d-----w- C:\Program Files (x86)\Bonjour
    2010-12-16 20:59:48 -------- d-----w- C:\Users\KC\AppData\Local\Diagnostics
    2010-12-16 03:57:08 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
    2010-12-16 03:57:08 2048 ----a-w- C:\Windows\System32\tzres.dll

    ==================== Find3M ====================

    2010-11-29 22:38:30 94208 ----a-w- C:\Windows\SysWow64\QuickTimeVR.qtx
    2010-11-29 22:38:30 69632 ----a-w- C:\Windows\SysWow64\QuickTime.qts
    2010-11-04 06:35:53 1194496 ----a-w- C:\Windows\System32\wininet.dll
    2010-11-04 06:31:34 57856 ----a-w- C:\Windows\System32\licmgr10.dll
    2010-11-04 05:52:17 978944 ----a-w- C:\Windows\SysWow64\wininet.dll
    2010-11-04 05:48:36 44544 ----a-w- C:\Windows\SysWow64\licmgr10.dll
    2010-11-04 05:16:14 482816 ----a-w- C:\Windows\System32\html.iec
    2010-11-04 04:41:26 386048 ----a-w- C:\Windows\SysWow64\html.iec
    2010-11-04 04:35:37 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
    2010-11-04 04:08:54 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
    2010-11-02 05:18:17 524288 ----a-w- C:\Windows\System32\wmicmiplugin.dll
    2010-11-02 05:17:38 473600 ----a-w- C:\Windows\System32\taskcomp.dll
    2010-11-02 05:17:38 1169408 ----a-w- C:\Windows\System32\taskschd.dll
    2010-11-02 05:16:53 1114624 ----a-w- C:\Windows\System32\schedsvc.dll
    2010-11-02 05:10:47 464384 ----a-w- C:\Windows\System32\taskeng.exe
    2010-11-02 05:10:32 285696 ----a-w- C:\Windows\System32\schtasks.exe
    2010-11-02 04:40:36 496128 ----a-w- C:\Windows\SysWow64\taskschd.dll
    2010-11-02 04:40:36 305152 ----a-w- C:\Windows\SysWow64\taskcomp.dll
    2010-11-02 04:34:44 192000 ----a-w- C:\Windows\SysWow64\taskeng.exe
    2010-11-02 04:34:33 179712 ----a-w- C:\Windows\SysWow64\schtasks.exe
    2010-10-20 05:20:01 46080 ----a-w- C:\Windows\System32\atmlib.dll
    2010-10-20 04:54:18 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
    2010-10-20 03:09:15 3124224 ----a-w- C:\Windows\System32\win32k.sys
    2010-10-20 03:05:46 367104 ----a-w- C:\Windows\System32\atmfd.dll
    2010-10-20 02:58:41 294400 ----a-w- C:\Windows\SysWow64\atmfd.dll
    2010-10-19 15:41:44 270720 ------w- C:\Windows\System32\MpSigStub.exe
    2010-10-16 05:23:13 112000 ----a-w- C:\Windows\System32\consent.exe
    2010-10-16 05:19:41 395776 ----a-w- C:\Windows\System32\webio.dll
    2010-10-16 04:36:10 314368 ----a-w- C:\Windows\SysWow64\webio.dll

    ============= FINISH: 20:30:55.12 ===============



    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT

    DDS (Ver_10-12-12.02)

    Microsoft Windows 7 Home Premium
    Boot Device: \Device\HarddiskVolume1
    Install Date: 9/20/2010 3:54:12 AM
    System Uptime: 1/12/2011 1:32:55 PM (7 hours ago)

    Motherboard: Dell Inc. | | 0TKV96
    Processor: Intel(R) Core(TM) i3 CPU M 330 @ 2.13GHz | U2E1 | 2128/133mhz

    ==== Disk Partitions =========================

    C: is FIXED (NTFS) - 466 GiB total, 377.874 GiB free.
    D: is CDROM ()

    ==== Disabled Device Manager Items =============

    Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
    Description: Security Processor Loader Driver
    Device ID: ROOT\LEGACY_SPLDR\0000
    Manufacturer:
    Name: Security Processor Loader Driver
    PNP Device ID: ROOT\LEGACY_SPLDR\0000
    Service: spldr

    ==== System Restore Points ===================

    RP1: 1/12/2011 12:53:42 PM - Installed McAfee Anti-Theft

    ==== Installed Programs ======================

    Adobe AIR
    Adobe Flash Player 10 Plugin
    Adobe Flash Player ActiveX
    Adobe Reader 9.3.4
    Advanced Audio FX Engine
    Advanced Video FX Engine
    Amazon Kindle For PC v1.1
    Apple Application Support
    Apple Software Update
    avast! Free Antivirus
    Cisco EAP-FAST Module
    Cisco LEAP Module
    Cisco PEAP Module
    Dell Dock
    Dell Driver Download Manager
    Dell Webcam Center
    Dell Webcam Manager
    Diner Dash
    Diner Dash 2 Restaurant Rescue
    EA Download Manager
    ESET Online Scanner v3
    Google Chrome
    Intel(R) Graphics Media Accelerator Driver
    Intel(R) Management Engine Components
    Java Auto Updater
    Java(TM) 6 Update 22
    JMicron JMB38X Flash Media Controller
    Malwarebytes' Anti-Malware
    McAfee Online Backup
    McAfee Total Protection
    Microsoft Choice Guard
    Microsoft Office XP Professional with FrontPage
    Microsoft Silverlight
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    Microsoft WSE 3.0 Runtime
    Mozilla Firefox (3.6.13)
    MSVCRT
    Netflix in Windows Media Center
    Norton Security Scan
    QuickTime
    Realtek Ethernet Controller Driver For Windows Vista and Later
    Realtek High Definition Audio Driver
    Realtek USB 2.0 Card Reader
    Safari
    System Requirements Lab CYRI
    The Sims™ 3
    The Sims™ 3 Ambitions
    The Sims™ 3 Late Night
    WildTangent Games
    WildTangent ORB Game Console
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Movie Maker
    Windows Live Photo Gallery
    Windows Live Sign-in Assistant
    Windows Live Sync
    Windows Live Upload Tool
    Yahoo! BrowserPlus 2.9.8
    Yawcam 0.3.3

    ==== Event Viewer Messages From Past Week ========

    1/12/2011 3:29:32 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
    1/12/2011 3:00:15 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}
    1/12/2011 1:57:20 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
    1/12/2011 1:44:55 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service McNaiAnn with arguments "" in order to run the server: {395633B1-EED9-4DFC-B67F-9788B51C9F06}
    1/12/2011 1:44:54 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service McNaiAnn with arguments "" in order to run the server: {DC7EF8E1-824F-4110-AB43-1604DA9B4F40}
    1/12/2011 1:44:05 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR2.
    1/12/2011 1:38:16 PM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.
    1/12/2011 1:33:53 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
    1/12/2011 1:33:53 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
    1/12/2011 1:33:49 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
    1/12/2011 1:33:44 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
    1/12/2011 1:33:31 PM, Error: Microsoft-Windows-WLAN-AutoConfig [10000] - WLAN Extensibility Module has failed to start. Module Path: C:\Windows\System32\bcmihvsrv64.dll Error Code: 21
    1/12/2011 1:33:29 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: discache MOBKFilter spldr Wanarpv6
    1/12/2011 1:33:22 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x00000019 (0x0000000000000020, 0xfffffa8003b17c30, 0xfffffa8003b17cb0, 0x0000000004080016). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 011211-15225-01.

    ==== End Of File ===========================
      My Computer
    Quote Quote

  13. Corrine
    Posts : 2,303
    Windows 7 & Windows Vista Ultimate
       New #20

    Catsalive,

    One or more of the identified infections is a backdoor trojan. This allows hackers to remotely control your computer, steal critical system information and Download and Execute files

    I would counsel you to disconnect this PC from the Internet immediately.

    Although we may be able to remove the trojan, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of Trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

    I would strongly recommend format and reinstallation of this machine. For more information, you may wish to read one of these excellent articles:


    Please let me know if you wish to continue to clean this machine or if you wish to format.
    Last edited by Corrine; 12 Jan 2011 at 22:21.
      My Computer
    Quote Quote

 
Page 2 of 3 FirstFirst 123 LastLast

  Related Discussions
http://i.imgur.com/8bE5b4I.jpg What steps should I take ? How do I resolve this issue
Hello, I am needing some support on what is exactly taking up all the RAM on my brother's PC as after about 8 hours of uptime, 65% of my Physical Memory is being used up with nothing really open. I did some research and found out it was a possible memory leak or virus, so I first tried to run...
my windows infected ramnit virus and virut virus,how to clean them?
Hi, This is my first time posting to the forum. I am not that knowledgeable with computers, but can follow basic instructions. My laptop is acting funny--I think I have a virus. However, I am unable to run any anti-malware or anti-virus software. I try to run McAfee and I get an error...
Hi, Looking for general ideas on how everyone else handles a strong virus. If the virus is showing up in Windows regular mode, it opens in safemode and opens in safmode with command prompt. Besides the usual such as boot to repair mode and use system restore, dock hard drive to another pc and...
Our Sites
Site Links
About Us
Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

 © Designer Media Ltd
All times are GMT -5. The time now is 11:53.
Find Us