New
#11
I suggest deleting everything on System restrore and rescan the PC again with Hitman Pro. If it didnt find anything, i suggest using some sort of anti-keylogger and sandbox type of program.
I suggest deleting everything on System restrore and rescan the PC again with Hitman Pro. If it didnt find anything, i suggest using some sort of anti-keylogger and sandbox type of program.
oh no.. how do i know when my computer is safe? I got the virus today, from this website -[
and what do you mean change the passwords... the windows passwords or the websites i've gone to? because i have changed my email, and my facebook, but i can't remember all of the sites i go to...
Last edited by catsalive6; 12 Jan 2011 at 20:28.
DO NOT CLIKC ON THE WEBSITE
i got the virus from a file but don't click the linkanyway.
seem like you were hit by a drive-by download. If you're worried about password stealer, you can try Keyscrambler Personal as an anti-keylogger (QFX Software - Download KeyScrambler). Are you under 32 or 64bits?
*** Please delete that link you posted ***
My recommendation to you is to wait until an expert reviews this thread.
Hi, catsalive6.
I have the feeling that it is more than Exploit-ByteVerify which is the problem. Let's see what shows in a log and either Jacee or I will take a look at it.
Download DDS and save it to your desktop from here.
Disable any script blocker, and then double click dds.scr to run the tool.
- When done, DDS will open two (2) logs:
- DDS.txt
- Attach.txt
- Save both reports to your desktop.
-----------------------------------------------------
Please include the following logs in your thread:
- Contents of the DDS.txt posted as text in your reply
- Post a copy of the Attach.txt to your post as well. It may be necessary to create a second reply if the Attach.txt is lengthy.
what is a script blocker?
DDS (Ver_10-12-12.02) - NTFS_AMD64 NETWORK
Run by KC at 20:30:31.37 on Wed 01/12/2011
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_22
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3893.2040 [GMT -5:00]
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
============== Running Processes ===============
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\mfevtps.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\Explorer.EXE
C:\Windows\system32\ctfmon.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files (x86)\Safari\Safari.exe
C:\Program Files (x86)\Microsoft Office\Office10\WINWORD.EXE
C:\Windows\explorer.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files (x86)\iTunes\iTunes.exe
C:\Program Files\McAfee\VirusScan\mcods.exe
C:\Windows\SysWOW64\NOTEPAD.EXE
C:\Users\KC\AppData\Local\Temp\4ob9pe01.tmp\dds.scr
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
============== Pseudo HJT Report ===============
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: H - No File
mWinlogon: Userinit=userinit.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20110112132123.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~2\mcafee\sitead~1\mcieplg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~2\mcafee\sitead~1\mcieplg.dll
TB: {88C7F2AA-F93F-432C-8F0E-B7D85967A527} - No File
uRun: [Google Update] "C:\Users\KC\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [EA Core] "C:\Program Files (x86)\Electronic Arts\EADM\Core.exe" -silent
uRun: [RocketDock] "C:\Program Files (x86)\RocketDock\RocketDock.exe"
uRun: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe
mRun: [DELL Webcam Manager] "C:\Program Files (x86)\Dell\Dell Webcam Manager\DellWMgr.exe" /s
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
mRun: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
mRunOnce: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
StartupFolder: C:\Users\KC\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\DELLDO~1.LNK - C:\Program Files\Dell\DellDock\DellDock.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MICROS~1.LNK - C:\Program Files (x86)\Microsoft Office\Office10\OSA.EXE
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office10\EXCEL.EXE/3000
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} - hxxp://support.dell.com/systemprofiler/DellSystemLite.CAB
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files (x86)\Common Files\microsoft shared\Web Folders\PKMCDO.DLL
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\McAfee\SITEAD~1\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\McAfee\SITEAD~1\McIEPlg.dll
BHO-X64: McAfee Phishing Filter: {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\MSKAPB~1.DLL
BHO-X64: McAfee Phishing Filter - No File
BHO-X64: Windows Live Family Safety Browser Helper Class: {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll
BHO-X64: Windows Live Family Safety Browser Helper - No File
BHO-X64: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20110112132123.dll
BHO-X64: scriptproxy - No File
BHO-X64: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll
TB-X64: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll
TB-X64: {88C7F2AA-F93F-432C-8F0E-B7D85967A527} - No File
mRun-x64: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
mRun-x64: [Apoint] C:\Program Files\DellTPad\Apoint.exe
mRun-x64: [Broadcom Wireless Manager UI] C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.exe
mRun-x64: [IgfxTray] C:\Windows\system32\igfxtray.exe
mRun-x64: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
mRun-x64: [Persistence] C:\Windows\system32\igfxpers.exe
mRun-x64: [McPvTray] C:\Program Files\McAfee\Anti-Theft\McPvTray.exe
================= FIREFOX ===================
FF - ProfilePath - C:\Users\KC\AppData\Roaming\Mozilla\Firefox\Profiles\hq4hhlek.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: network.proxy.type - 0
FF - component: C:\Program Files (x86)\McAfee\SiteAdvisor\components\McFFPlg.dll
FF - component: C:\Users\KC\AppData\Roaming\Mozilla\Firefox\Profiles\hq4hhlek.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\FFExternalAlert.dll
FF - component: C:\Users\KC\AppData\Roaming\Mozilla\Firefox\Profiles\hq4hhlek.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\RadioWMPCore.dll
FF - component: C:\Users\KC\AppData\Roaming\Mozilla\Firefox\Profiles\hq4hhlek.default\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}\components\RadioWMPCore.dll
FF - component: C:\Users\KC\AppData\Roaming\Mozilla\Firefox\Profiles\hq4hhlek.default\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}\components\RadioWMPCoreGecko19.dll
FF - component: C:\Users\KC\AppData\Roaming\Mozilla\Firefox\Profiles\hq4hhlek.default\extensions\engine@conduit.com\ components\RadioWMPCore.dll
FF - component: C:\Users\KC\AppData\Roaming\Mozilla\Firefox\Profiles\hq4hhlek.default\extensions\engine@conduit.com\ components\RadioWMPCoreGecko19.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npRLCT4Player.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\KC\AppData\Local\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: C:\Users\KC\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Zynga Toolbar: {7b13ec3e-999a-4b70-b9cb-2617b8323822} - %profile%\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}
FF - Ext: Conduit Engine : engine@conduit.com - %profile%\extensions\engine@conduit.com
FF - Ext: BitTorrentBar Community Toolbar: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - %profile%\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}
FF - Ext: McAfee SiteAdvisor: {B7082FAA-CB62-4872-9106-E42DD88EDE45} - C:\Program Files (x86)\McAfee\SiteAdvisor
============= SERVICES / DRIVERS ===============
R0 McPvDrv;McPvDrv Driver;C:\Windows\System32\drivers\McPvDrv.sys [2009-11-17 72296]
R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\System32\drivers\mfehidk.sys [2010-8-24 529128]
R1 mfenlfk;McAfee NDIS Light Filter;C:\Windows\System32\drivers\mfenlfk.sys [2011-1-12 75032]
R1 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\System32\drivers\mfewfpk.sys [2011-1-12 283360]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\System32\drivers\vwififlt.sys [2009-7-13 59904]
R2 McMPFSvc;McAfee Personal Firewall Service;"C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [2011-1-12 355440]
R2 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe [2011-1-12 245352]
R2 mfevtp;McAfee Validation Trust Protection Service;C:\Windows\System32\mfevtps.exe [2011-1-12 149032]
R3 HECIx64;Intel(R) Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2010-4-21 56344]
R3 mfefirek;McAfee Inc. mfefirek;C:\Windows\System32\drivers\mfefirek.sys [2011-1-12 441328]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2010-4-21 239616]
S1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2011-1-12 271952]
S1 MOBKFilter;MOBKFilter;C:\Windows\System32\drivers\MOBK.sys [2011-1-12 66040]
S2 0092391294856798mcinstcleanup;McAfee Application Installer Cleanup (0092391294856798);C:\Windows\TEMP\009239~1.EXE C:\PROGRA~2\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service --> C:\Windows\TEMP\009239~1.EXE C:\PROGRA~2\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service [?]
S2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2010-4-21 92160]
S2 aswFsBlk;aswFsBlk;C:\Windows\System32\drivers\aswFsBlk.sys [2011-1-12 20560]
S2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2011-1-12 62032]
S2 avast! Antivirus;avast! Antivirus;C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2011-1-12 40384]
S2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2010-1-11 155648]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;"C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [2011-1-12 355440]
S2 McNaiAnn;McAfee VirusScan Announcer;"C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [2011-1-12 355440]
S2 McProxy;McAfee Proxy Service;"C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [2011-1-12 355440]
S2 McShield;McShield;C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe [2011-1-12 200056]
S2 MOBKbackup;McAfee Online Backup;C:\Program Files (x86)\McAfee Online Backup\MOBKbackup.exe [2010-4-13 231224]
S2 TurboB;Turbo Boost UI Monitor driver;C:\Windows\System32\drivers\TurboB.sys [2009-11-2 13784]
S2 UNS;Intel(R) Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-4-21 2320920]
S3 cfwids;McAfee Inc. cfwids;C:\Windows\System32\drivers\cfwids.sys [2011-1-12 62800]
S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2010-9-20 61288]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-4-28 704872]
S3 Impcd;Impcd;C:\Windows\System32\drivers\Impcd.sys [2010-4-21 151936]
S3 IntcDAud;Intel(R) Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2010-4-21 233984]
S3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\System32\drivers\mfeavfk.sys [2011-1-12 190136]
S3 mferkdet;McAfee Inc. mferkdet;C:\Windows\System32\drivers\mferkdet.sys [2011-1-12 94864]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2010-4-21 220672]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2010-9-28 51712]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-9-26 1255736]
S3 WSDPrintDevice;WSD Print Support via UMB;C:\Windows\System32\drivers\WSDPrint.sys [2009-7-13 23040]
=============== Created Last 30 ================
2011-01-12 20:28:13 -------- d-----w- C:\Users\KC\AppData\Roaming\Malwarebytes
2011-01-12 20:28:00 38224 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
2011-01-12 20:28:00 -------- d-----w- C:\PROGRA~3\Malwarebytes
2011-01-12 20:27:56 24152 ----a-w- C:\Windows\System32\drivers\mbam.sys
2011-01-12 20:27:55 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2011-01-12 20:00:16 62032 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
2011-01-12 20:00:13 38848 ----a-w- C:\Windows\avastSS.scr
2011-01-12 20:00:11 -------- d-----w- C:\PROGRA~3\Alwil Software
2011-01-12 19:36:05 -------- d-----w- C:\PROGRA~3\MFAData
2011-01-12 18:49:53 -------- d-----w- C:\Program Files (x86)\ESET
2011-01-12 18:22:07 -------- d-----w- C:\Program Files (x86)\McAfeeMOBK
2011-01-12 18:22:00 66040 ----a-w- C:\Windows\System32\drivers\MOBK.sys
2011-01-12 18:21:59 -------- d-----w- C:\Program Files (x86)\McAfee Online Backup
2011-01-12 18:21:33 -------- d-----w- C:\Program Files (x86)\McAfee.com
2011-01-12 18:21:23 24376 ----a-w- C:\Program Files (x86)\Mozilla Firefox\components\Scriptff.dll
2011-01-12 18:21:23 -------- d-----w- C:\Program Files (x86)\Common Files\McAfee
2011-01-12 18:21:22 9984 ----a-w- C:\Windows\System32\drivers\mfeclnk.sys
2011-01-12 18:20:44 94864 ----a-w- C:\Windows\System32\drivers\mferkdet.sys
2011-01-12 18:20:44 75032 ----a-w- C:\Windows\System32\drivers\mfenlfk.sys
2011-01-12 18:20:44 62800 ----a-w- C:\Windows\System32\drivers\cfwids.sys
2011-01-12 18:20:44 441328 ----a-w- C:\Windows\System32\drivers\mfefirek.sys
2011-01-12 18:20:44 283360 ----a-w- C:\Windows\System32\drivers\mfewfpk.sys
2011-01-12 18:20:44 190136 ----a-w- C:\Windows\System32\drivers\mfeavfk.sys
2011-01-12 18:20:37 -------- d-----w- C:\Program Files\McAfee.com
2011-01-12 18:20:37 -------- d-----w- C:\Program Files\Common Files\McAfee
2011-01-12 17:57:13 -------- d-----w- C:\Users\KC\AppData\Local\McAfee Anti-Theft
2011-01-12 17:54:31 -------- d-----w- C:\PROGRA~3\McAfee Anti-Theft
2011-01-12 17:53:56 149032 ----a-w- C:\Windows\System32\mfevtps.exe
2011-01-12 17:53:17 -------- d-----w- C:\Users\KC\AppData\Roaming\McAfee
2011-01-12 01:43:51 720896 ----a-w- C:\Windows\System32\odbc32.dll
2011-01-12 01:43:51 573440 ----a-w- C:\Windows\SysWow64\odbc32.dll
2011-01-12 01:43:51 1425408 ----a-w- C:\Program Files\Common Files\System\ado\msado15.dll
2011-01-12 01:43:50 987136 ----a-w- C:\Program Files (x86)\Common Files\System\ado\msado15.dll
2011-01-12 01:43:50 495616 ----a-w- C:\Program Files\Common Files\System\ado\msadox.dll
2011-01-12 01:43:50 466944 ----a-w- C:\Program Files\Common Files\System\ado\msadomd.dll
2011-01-12 01:43:50 258048 ----a-w- C:\Program Files\Common Files\System\msadc\msadco.dll
2011-01-12 01:43:49 372736 ----a-w- C:\Program Files (x86)\Common Files\System\ado\msadox.dll
2011-01-12 01:43:49 352256 ----a-w- C:\Program Files (x86)\Common Files\System\ado\msadomd.dll
2011-01-12 01:43:49 208896 ----a-w- C:\Program Files (x86)\Common Files\System\msadc\msadco.dll
2011-01-11 07:10:28 8199504 ----a-w- C:\PROGRA~3\Microsoft\Windows Defender\Definition Updates\{739CBADB-8551-4653-A7AF-FEB5E48E3D4C}\mpengine.dll
2010-12-29 17:04:40 4277016 ----a-w- C:\PROGRA~3\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-4\markup.dll
2010-12-23 20:13:37 4277016 ----a-w- C:\PROGRA~3\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-7\markup.dll
2010-12-17 20:44:12 34152 ----a-w- C:\Windows\System32\drivers\GEARAspiWDM.sys
2010-12-17 20:44:12 126312 ----a-w- C:\Windows\System32\GEARAspi64.dll
2010-12-17 20:44:12 107368 ----a-w- C:\Windows\SysWow64\GEARAspi.dll
2010-12-17 20:43:27 -------- d-----w- C:\Program Files\iPod
2010-12-17 20:43:26 -------- d-----w- C:\Program Files\iTunes
2010-12-17 20:43:26 -------- d-----w- C:\Program Files (x86)\iTunes
2010-12-17 20:40:22 -------- d-----w- C:\Program Files\Bonjour
2010-12-17 20:40:22 -------- d-----w- C:\Program Files (x86)\Bonjour
2010-12-16 20:59:48 -------- d-----w- C:\Users\KC\AppData\Local\Diagnostics
2010-12-16 03:57:08 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2010-12-16 03:57:08 2048 ----a-w- C:\Windows\System32\tzres.dll
==================== Find3M ====================
2010-11-29 22:38:30 94208 ----a-w- C:\Windows\SysWow64\QuickTimeVR.qtx
2010-11-29 22:38:30 69632 ----a-w- C:\Windows\SysWow64\QuickTime.qts
2010-11-04 06:35:53 1194496 ----a-w- C:\Windows\System32\wininet.dll
2010-11-04 06:31:34 57856 ----a-w- C:\Windows\System32\licmgr10.dll
2010-11-04 05:52:17 978944 ----a-w- C:\Windows\SysWow64\wininet.dll
2010-11-04 05:48:36 44544 ----a-w- C:\Windows\SysWow64\licmgr10.dll
2010-11-04 05:16:14 482816 ----a-w- C:\Windows\System32\html.iec
2010-11-04 04:41:26 386048 ----a-w- C:\Windows\SysWow64\html.iec
2010-11-04 04:35:37 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
2010-11-04 04:08:54 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2010-11-02 05:18:17 524288 ----a-w- C:\Windows\System32\wmicmiplugin.dll
2010-11-02 05:17:38 473600 ----a-w- C:\Windows\System32\taskcomp.dll
2010-11-02 05:17:38 1169408 ----a-w- C:\Windows\System32\taskschd.dll
2010-11-02 05:16:53 1114624 ----a-w- C:\Windows\System32\schedsvc.dll
2010-11-02 05:10:47 464384 ----a-w- C:\Windows\System32\taskeng.exe
2010-11-02 05:10:32 285696 ----a-w- C:\Windows\System32\schtasks.exe
2010-11-02 04:40:36 496128 ----a-w- C:\Windows\SysWow64\taskschd.dll
2010-11-02 04:40:36 305152 ----a-w- C:\Windows\SysWow64\taskcomp.dll
2010-11-02 04:34:44 192000 ----a-w- C:\Windows\SysWow64\taskeng.exe
2010-11-02 04:34:33 179712 ----a-w- C:\Windows\SysWow64\schtasks.exe
2010-10-20 05:20:01 46080 ----a-w- C:\Windows\System32\atmlib.dll
2010-10-20 04:54:18 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
2010-10-20 03:09:15 3124224 ----a-w- C:\Windows\System32\win32k.sys
2010-10-20 03:05:46 367104 ----a-w- C:\Windows\System32\atmfd.dll
2010-10-20 02:58:41 294400 ----a-w- C:\Windows\SysWow64\atmfd.dll
2010-10-19 15:41:44 270720 ------w- C:\Windows\System32\MpSigStub.exe
2010-10-16 05:23:13 112000 ----a-w- C:\Windows\System32\consent.exe
2010-10-16 05:19:41 395776 ----a-w- C:\Windows\System32\webio.dll
2010-10-16 04:36:10 314368 ----a-w- C:\Windows\SysWow64\webio.dll
============= FINISH: 20:30:55.12 ===============
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
DDS (Ver_10-12-12.02)
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 9/20/2010 3:54:12 AM
System Uptime: 1/12/2011 1:32:55 PM (7 hours ago)
Motherboard: Dell Inc. | | 0TKV96
Processor: Intel(R) Core(TM) i3 CPU M 330 @ 2.13GHz | U2E1 | 2128/133mhz
==== Disk Partitions =========================
C: is FIXED (NTFS) - 466 GiB total, 377.874 GiB free.
D: is CDROM ()
==== Disabled Device Manager Items =============
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: Security Processor Loader Driver
Device ID: ROOT\LEGACY_SPLDR\0000
Manufacturer:
Name: Security Processor Loader Driver
PNP Device ID: ROOT\LEGACY_SPLDR\0000
Service: spldr
==== System Restore Points ===================
RP1: 1/12/2011 12:53:42 PM - Installed McAfee Anti-Theft
==== Installed Programs ======================
Adobe AIR
Adobe Flash Player 10 Plugin
Adobe Flash Player ActiveX
Adobe Reader 9.3.4
Advanced Audio FX Engine
Advanced Video FX Engine
Amazon Kindle For PC v1.1
Apple Application Support
Apple Software Update
avast! Free Antivirus
Cisco EAP-FAST Module
Cisco LEAP Module
Cisco PEAP Module
Dell Dock
Dell Driver Download Manager
Dell Webcam Center
Dell Webcam Manager
Diner Dash
Diner Dash 2 Restaurant Rescue
EA Download Manager
ESET Online Scanner v3
Google Chrome
Intel(R) Graphics Media Accelerator Driver
Intel(R) Management Engine Components
Java Auto Updater
Java(TM) 6 Update 22
JMicron JMB38X Flash Media Controller
Malwarebytes' Anti-Malware
McAfee Online Backup
McAfee Total Protection
Microsoft Choice Guard
Microsoft Office XP Professional with FrontPage
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft WSE 3.0 Runtime
Mozilla Firefox (3.6.13)
MSVCRT
Netflix in Windows Media Center
Norton Security Scan
QuickTime
Realtek Ethernet Controller Driver For Windows Vista and Later
Realtek High Definition Audio Driver
Realtek USB 2.0 Card Reader
Safari
System Requirements Lab CYRI
The Sims™ 3
The Sims™ 3 Ambitions
The Sims™ 3 Late Night
WildTangent Games
WildTangent ORB Game Console
Windows Live Communications Platform
Windows Live Essentials
Windows Live Movie Maker
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Upload Tool
Yahoo! BrowserPlus 2.9.8
Yawcam 0.3.3
==== Event Viewer Messages From Past Week ========
1/12/2011 3:29:32 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
1/12/2011 3:00:15 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}
1/12/2011 1:57:20 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
1/12/2011 1:44:55 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service McNaiAnn with arguments "" in order to run the server: {395633B1-EED9-4DFC-B67F-9788B51C9F06}
1/12/2011 1:44:54 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service McNaiAnn with arguments "" in order to run the server: {DC7EF8E1-824F-4110-AB43-1604DA9B4F40}
1/12/2011 1:44:05 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR2.
1/12/2011 1:38:16 PM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.
1/12/2011 1:33:53 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
1/12/2011 1:33:53 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
1/12/2011 1:33:49 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
1/12/2011 1:33:44 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
1/12/2011 1:33:31 PM, Error: Microsoft-Windows-WLAN-AutoConfig [10000] - WLAN Extensibility Module has failed to start. Module Path: C:\Windows\System32\bcmihvsrv64.dll Error Code: 21
1/12/2011 1:33:29 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: discache MOBKFilter spldr Wanarpv6
1/12/2011 1:33:22 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x00000019 (0x0000000000000020, 0xfffffa8003b17c30, 0xfffffa8003b17cb0, 0x0000000004080016). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 011211-15225-01.
==== End Of File ===========================
Catsalive,
One or more of the identified infections is a backdoor trojan. This allows hackers to remotely control your computer, steal critical system information and Download and Execute files
I would counsel you to disconnect this PC from the Internet immediately.
Although we may be able to remove the trojan, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of Trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:
I would strongly recommend format and reinstallation of this machine. For more information, you may wish to read one of these excellent articles:
- Malware Removal -- Where to Draw the Line
- When Should I Reformat? How Should I Reinstall?
- How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
Please let me know if you wish to continue to clean this machine or if you wish to format.
Last edited by Corrine; 12 Jan 2011 at 22:21.