malwarebyte's anti-malware

View previous topic View next topic Go down

malwarebyte's anti-malware

Post by shine on 15th December 2009, 10:34 pm

I'm trying to uninstall malwarebyte's anti-malware but it won't let me delete it. it say unins000.msg is misisng.

shine
Novice
Novice

Posts Posts : 41
Joined Joined : 2009-11-17
Gender Gender : Female
OS OS : vista
Points Points : 26259
# Likes # Likes : 0

View user profile

Back to top Go down

Re: malwarebyte's anti-malware

Post by Belahzur on 15th December 2009, 11:50 pm

Please download the current version of HijackThis from [You must be registered and logged in to see this link.]

  • Double click and run the installer.
  • It will install to C:\Program Files\Trend Micro\HijackThis\hijackthis.exe
  • After installing, you should get the user agreement, press accept and Hijack This will run.
  • Select Do a system scan and save a log file. This will open a notepad file of everything Hijack This found, copy and paste it back here.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245111
# Likes # Likes : 1

View user profile

Back to top Go down

Re: malwarebyte's anti-malware

Post by shine on 16th December 2009, 10:52 pm

i couldnt download the hijack.. the page cannot be found 404

shine
Novice
Novice

Posts Posts : 41
Joined Joined : 2009-11-17
Gender Gender : Female
OS OS : vista
Points Points : 26259
# Likes # Likes : 0

View user profile

Back to top Go down

Re: malwarebyte's anti-malware

Post by Belahzur on 17th December 2009, 1:17 am

Sorry about that, new link!

[You must be registered and logged in to see this link.]


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245111
# Likes # Likes : 1

View user profile

Back to top Go down

Re: malwarebyte's anti-malware

Post by shine on 19th December 2009, 2:48 pm

i already download the hijackthis but for some reason it have a problem and told me to right click on hijackthis and run as administrator. But i couldn't find run as administrator after i click on hijackthis

shine
Novice
Novice

Posts Posts : 41
Joined Joined : 2009-11-17
Gender Gender : Female
OS OS : vista
Points Points : 26259
# Likes # Likes : 0

View user profile

Back to top Go down

Re: malwarebyte's anti-malware

Post by Belahzur on 19th December 2009, 3:40 pm

Is yout OS Vista or 7?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245111
# Likes # Likes : 1

View user profile

Back to top Go down

Re: malwarebyte's anti-malware

Post by shine on 20th December 2009, 5:03 am

mine is window vista

shine
Novice
Novice

Posts Posts : 41
Joined Joined : 2009-11-17
Gender Gender : Female
OS OS : vista
Points Points : 26259
# Likes # Likes : 0

View user profile

Back to top Go down

Re: malwarebyte's anti-malware

Post by Belahzur on 20th December 2009, 2:38 pm

Thought so.
Does Hijack This not run even if you run it normally (double left click)


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245111
# Likes # Likes : 1

View user profile

Back to top Go down

Re: malwarebyte's anti-malware

Post by shine on 20th December 2009, 4:31 pm

it run but in half way it say
For some reason your system denied write access the Hosts file. If any hijacked domanis are in this file, Hijack This may NOT be able fix this.
If that happens, you need to edit the file yourself. To do this, click start, run, and type: notepad C:\Windows\System32\drivers\etc\hosts
and press Enter. Find the line(s) hijack This reports and delete them. Save the file as 'hosts' (with quotes), and reboot.
For Vista: simply, exit hijackthis, right click on the hijackthis icon, choose "run as administrator"

i did right click but i don't see "run as administrator" and i also try the notepad one this is what it pop up after i type notepad C:\Windows\System32\drivers\etc\hosts
# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host
127.0.0.1 localhost
::1 localhost

shine
Novice
Novice

Posts Posts : 41
Joined Joined : 2009-11-17
Gender Gender : Female
OS OS : vista
Points Points : 26259
# Likes # Likes : 0

View user profile

Back to top Go down

Re: malwarebyte's anti-malware

Post by Belahzur on 20th December 2009, 6:03 pm

Ignore that warning, it's because your OS is Vista or 7, UAC blocking access to host file.

The scan should continue regardless of that alert though, can you get a full log?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245111
# Likes # Likes : 1

View user profile

Back to top Go down

Re: malwarebyte's anti-malware

Post by shine on 21st December 2009, 3:15 pm

it finish scanning but it say cannot find the C:\program files\TrendMicro\Hijackthis\hijackthis.log file Do you want to create a new file?

shine
Novice
Novice

Posts Posts : 41
Joined Joined : 2009-11-17
Gender Gender : Female
OS OS : vista
Points Points : 26259
# Likes # Likes : 0

View user profile

Back to top Go down

Re: malwarebyte's anti-malware

Post by Belahzur on 21st December 2009, 6:39 pm

Hello.

  • Please download DDS by sUBs to your Desktop (Important!!) from one of these locations:
    [You must be registered and logged in to see this link.]
    [You must be registered and logged in to see this link.]
  • Double click DDS.scr to run.
  • When complete, two logs will open. Save both of the report to your Desktop.
  • Copy and paste BOTH LOGS back here, use more than one post if needed.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245111
# Likes # Likes : 1

View user profile

Back to top Go down

Re: malwarebyte's anti-malware

Post by shine on 22nd December 2009, 6:47 am

DDS (Ver_09-12-01.01) - NTFSx86
Run by Stella Ngan at 0:42:53.16 on Tue 12/22/2009
Internet Explorer: 8.0.6001.18865
Microsoft Windows Vista Home Premium 6.0.6002.2.1252.1.1033.18.2038.1029 [GMT -6:00]

SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Windows\system32\svchost.exe -k nȯne
C:\Windows\system32\taskeng.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\PPLiveVA\PPLiveVA.exe
C:\ProgramData\PPLiveVA\Application\PPAP.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10c.exe
C:\Program Files\PPLive\PPLive.exe
C:\Windows\system32\conime.exe
c:\Users\Stella Ngan\Downloads\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = [You must be registered and logged in to see this link.]
uSearch Page =
uSearch Bar =
mStart Page = [You must be registered and logged in to see this link.]
mDefault_Page_URL = [You must be registered and logged in to see this link.]
uInternet Settings,ProxyOverride = local;*.local
mSearchAssistant =
uURLSearchHooks: Yahoo! uC: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn0\yt.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\progra~1\yahoo!\companion\installs\cpn0\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Yahoo! IE Services Button: {5bab4b5b-68bc-4b02-94d6-2fc0de4a7897} - c:\program files\yahoo!\common\yiesrvc.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Yahoo! uC: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn0\yt.dll
TB: {D0523BB4-21E7-11DD-9AB7-415B56D89593} - No File
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
TB: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [PPLiveVA] c:\program files\ppliveva\PPLiveVA.exe /LoadModule PPVA.DLL /M REAL /S 0 /T 0
uRun: [PPAP] c:\programdata\ppliveva\application\PPAP.exe
uRun: [PPLive] "c:\program files\pplive\PPLive.exe" /LoadModule ppvod.dll
uRunOnce: [Shockwave Updater] c:\windows\system32\adobe\shockwave 11\SwHelper_1150596.exe -Update -1150596 -"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; SLCC1; .NET CLR 2.0.50727; Media Center PC 5.0; InfoPath.2; .NET CLR 3.5.30729; .NET CLR 3.0.30618)" -"http://www.cookinggames247.com/file.php?f=438&a=popup"
mRun: []
mRun: [LogitechCommunicationsManager] "c:\program files\common files\logishrd\lcommgr\Communications_Helper.exe"
mRun: [LogitechQuickCamRibbon] "c:\program files\logitech\quickcam\Quickcam.exe" /hide
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
dRun: [QvodPlayer] c:\program files\qvodplayer\QvodTerminal.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\desktop messenger\8876480\program\LogitechDesktopMessenger.exe
uPolicies-system: DisableTaskMgr =
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {53F6FCCD-9E22-4d71-86EA-6E43136192AB}
IE: {925DAB62-F9AC-4221-806A-057BFB1014AA}
IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\program files\yahoo!\common\yiesrvc.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
Trusted Zone: spogg.com\www
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - [You must be registered and logged in to see this link.]
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
DPF: {44990B00-3C9D-426D-81DF-AAB636FA4345} - [You must be registered and logged in to see this link.]
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - [You must be registered and logged in to see this link.]
DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} - [You must be registered and logged in to see this link.]
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - [You must be registered and logged in to see this link.]
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - [You must be registered and logged in to see this link.]
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - [You must be registered and logged in to see this link.]
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - [You must be registered and logged in to see this link.]
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\logitech\desktop messenger\8876480\program\GAPlugProtocol-8876480.dll
Notify: igfxcui - igfxdev.dll
SEH: ShlExecHack Class: {32cd708b-60a7-4c00-9377-d73eaa495f0f} - c:\windows\system32\RavExt.dll

================= FIREFOX ===================

FF - ProfilePath - c:\users\stella~1\appdata\roaming\mozilla\firefox\profiles\a80oewe7.default\
FF - prefs.js: network.proxy.type - 2
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - hȋdden: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

============= SERVICES / DRIVERS ===============

R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2009-12-14 11608]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2009-12-14 108289]
R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2009-12-14 185089]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2009-12-14 56816]
S2 RsVScanner;Rising Vista Scanner;c:\program files\rising\rav\scannerd.exe --> c:\program files\rising\rav\scannerd.exe [?]
S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-6-6 21504]

=============== Created Last 30 ================

2009-12-21 15:11:31 0 d-----w- c:\program files\TrendMicro
2009-12-14 23:01:56 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-12-12 06:07:43 24064 ----a-w- c:\windows\system32\nshhttp.dll
2009-12-12 06:07:42 411648 ----a-w- c:\windows\system32\drivers\http.sys
2009-12-12 06:07:42 30720 ----a-w- c:\windows\system32\httpapi.dll
2009-12-10 15:25:54 0 d-----w- c:\program files\Windows Portable Devices
2009-12-10 15:25:31 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_07_00.Wdf
2009-12-10 06:09:33 2048 ----a-w- c:\windows\system32\tzres.dll
2009-12-10 06:09:05 92672 ----a-w- c:\windows\system32\UIAnimation.dll
2009-12-10 06:09:04 3023360 ----a-w- c:\windows\system32\UIRibbon.dll
2009-12-10 06:09:04 1164800 ----a-w- c:\windows\system32\UIRibbonRes.dll
2009-12-10 06:07:59 87552 ----a-w- c:\windows\system32\WPDShServiceObj.dll
2009-12-10 06:07:59 546816 ----a-w- c:\windows\system32\wpd_ci.dll
2009-12-10 06:07:59 350208 ----a-w- c:\windows\system32\WPDSp.dll
2009-12-10 06:07:59 334848 ----a-w- c:\windows\system32\PortableDeviceApi.dll
2009-12-10 06:07:59 2537472 ----a-w- c:\windows\system32\wpdshext.dll
2009-12-10 06:07:59 196608 ----a-w- c:\windows\system32\PortableDeviceWMDRM.dll
2009-12-10 06:07:59 160256 ----a-w- c:\windows\system32\PortableDeviceTypes.dll
2009-12-10 06:07:59 100864 ----a-w- c:\windows\system32\PortableDeviceClassExtension.dll
2009-12-10 06:07:18 4096 ----a-w- c:\windows\system32\oleaccrc.dll
2009-12-10 06:07:17 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll
2009-12-10 06:07:17 234496 ----a-w- c:\windows\system32\oleacc.dll
2009-12-10 06:05:59 118 ----a-w- c:\windows\system32\MRT.INI
2009-12-10 04:10:58 243712 ----a-w- c:\windows\system32\rastls.dll
2009-12-10 04:10:56 1401856 ----a-w- c:\windows\system32\msxml6.dll
2009-12-10 04:10:55 1248768 ----a-w- c:\windows\system32\msxml3.dll
2009-12-10 04:10:52 714240 ----a-w- c:\windows\system32\timedate.cpl
2009-12-09 23:37:26 0 d-----w- c:\users\stella~1\appdata\roaming\PPLiveVA
2009-12-09 23:37:06 0 d-----w- c:\programdata\PPLiveVA
2009-12-09 23:37:06 0 d-----w- c:\program files\PPLiveVA
2009-12-09 23:37:01 0 d-----w- c:\program files\PPLive
2009-11-30 21:51:01 0 d-----w- C:\_OTM
2009-11-27 02:45:06 0 d-----w- c:\programdata\Avira
2009-11-27 02:45:06 0 d-----w- c:\program files\Avira
2009-11-26 22:17:38 0 d-----w- c:\program files\Veoh Networks

==================== Find3M ====================

2009-12-10 17:10:10 312344 ----a-w- c:\windows\system32\drivers\iaStor.sys
2009-12-10 15:25:44 86016 ----a-w- c:\windows\inf\infpub.dat
2009-12-10 15:25:44 665600 ----a-w- c:\windows\inf\drvindex.dat
2009-12-10 15:25:44 143360 ----a-w- c:\windows\inf\infstrng.dat
2009-12-10 15:25:44 143360 ----a-w- c:\windows\inf\infstor.dat
2009-11-21 06:40:20 916480 ----a-w- c:\windows\system32\wininet.dll
2009-11-21 06:34:39 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-11-21 06:34:39 109056 ----a-w- c:\windows\system32\iesysprep.dll
2009-11-21 04:59:58 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-11-15 17:42:29 37665 ----a-w- c:\windows\fonts\GlobalUserInterface.CompositeFont
2009-11-03 02:42:06 195456 ------w- c:\windows\system32\MpSigStub.exe
2009-10-23 20:15:10 0 ----a-w- c:\windows\system32\drivers\lvuvc.hs
2009-10-19 02:12:02 127034 ------r- c:\windows\bwUnin-8.1.1.50-8876480SL.exe
2009-10-17 21:08:55 148899 ----a-w- c:\windows\hpoins19.dat
2009-10-01 01:02:05 30208 ----a-w- c:\windows\system32\WPDShextAutoplay.exe
2009-10-01 01:02:00 31232 ----a-w- c:\windows\system32\BthMtpContextHandler.dll
2009-10-01 01:01:56 60928 ----a-w- c:\windows\system32\PortableDeviceConnectApi.dll
2009-10-01 01:01:54 81920 ----a-w- c:\windows\system32\wpdbusenum.dll
2009-09-25 02:10:10 974848 ----a-w- c:\windows\system32\WindowsCodecs.dll
2009-09-25 02:07:08 189440 ----a-w- c:\windows\system32\WindowsCodecsExt.dll
2009-09-25 02:04:32 321024 ----a-w- c:\windows\system32\PhotoMetadataHandler.dll
2009-09-25 01:49:22 1554432 ----a-w- c:\windows\system32\xpsservices.dll
2009-09-25 01:48:08 351232 ----a-w- c:\windows\system32\XpsPrint.dll
2009-09-25 01:38:29 847360 ----a-w- c:\windows\system32\OpcServices.dll
2009-09-25 01:36:13 280064 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2009-09-25 01:35:31 135680 ----a-w- c:\windows\system32\XpsRasterService.dll
2009-09-25 01:33:25 195584 ----a-w- c:\windows\system32\dxdiagn.dll
2009-09-25 01:33:15 829440 ----a-w- c:\windows\system32\d3d10warp.dll
2009-09-25 01:33:01 369664 ----a-w- c:\windows\system32\WMPhoto.dll
2009-09-25 01:32:59 252928 ----a-w- c:\windows\system32\dxdiag.exe
2009-09-25 01:31:53 519680 ----a-w- c:\windows\system32\d3d11.dll
2009-09-25 01:31:26 486912 ----a-w- c:\windows\system32\d3d10level9.dll
2009-09-25 01:31:21 161280 ----a-w- c:\windows\system32\d3d10_1.dll
2009-09-25 01:31:19 218112 ----a-w- c:\windows\system32\d3d10_1core.dll
2009-09-25 01:31:16 1030144 ----a-w- c:\windows\system32\d3d10.dll
2009-09-25 01:31:15 828928 ----a-w- c:\windows\system32\d2d1.dll
2009-09-25 01:30:23 481792 ----a-w- c:\windows\system32\dxgi.dll
2009-09-25 01:30:23 190464 ----a-w- c:\windows\system32\d3d10core.dll
2009-09-25 01:27:04 793088 ----a-w- c:\windows\system32\FntCache.dll
2009-09-25 01:27:04 37888 ----a-w- c:\windows\system32\cdd.dll
2009-09-25 01:27:04 1064448 ----a-w- c:\windows\system32\DWrite.dll
2009-09-24 22:54:55 258048 ----a-w- c:\windows\system32\winspool.drv
2009-09-24 22:54:53 667648 ----a-w- c:\windows\system32\printfilterpipelinesvc.exe
2009-09-24 22:54:52 26112 ----a-w- c:\windows\system32\printfilterpipelineprxy.dll
2008-06-28 16:26:03 174 --sha-w- c:\program files\desktop.ini
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat

============= FINISH: 0:45:03.55 ===============

shine
Novice
Novice

Posts Posts : 41
Joined Joined : 2009-11-17
Gender Gender : Female
OS OS : vista
Points Points : 26259
# Likes # Likes : 0

View user profile

Back to top Go down

Re: malwarebyte's anti-malware

Post by shine on 22nd December 2009, 6:47 am

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-12-01.01)

Microsoft Windows Vista Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 4/19/2008 12:31:17 PM
System Uptime: 12/21/2009 9:03:17 AM (15 hours ago)

Motherboard: Quanta | | 30CC
Processor: Intel(R) Pentium(R) Dual CPU T2330 @ 1.60GHz | U2E1 | 1600/533mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 104 GiB total, 55.225 GiB free.
D: is FIXED (NTFS) - 8 GiB total, 0.495 GiB free.
E: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP557: 11/15/2009 11:28:51 AM - Windows Vista Service Pack 2
RP558: 11/16/2009 4:24:08 PM - Windows Update
RP559: 11/16/2009 4:47:31 PM - Windows Update

==== Installed Programs ======================

32 Bit HP CIO Components Installer
Acrobat.com
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Reader 9.1
Adobe Shockwave Player 11.5
AIO_CDB_ProductContext
AIO_CDB_Software
AIO_Scan
Apple Mobile Device Support
Apple Software Update
Avira AntiVir Personal - Free Antivirus
Bonjour
BufferChm
Copy
CustomerResearchQFolder
Destinations
DeviceManagementQFolder
DocProc
DocProcQFolder
ESU for Microsoft Vista
eSupportQFolder
F300
F300_Help
F300Trb
Fax
Hewlett-Packard Active Check
Hewlett-Packard Asset Agent for Health Check
HiJackThis
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Active Support Library
HP Active Support Library 32 bit components
HP Customer Experience Enhancements
HP Customer Participation Program 8.0
HP Doc Viewer
HP Imaging Device Functions 8.0
HP OCR Software 8.0
HP Photosmart Essential
HP Photosmart Essential 2.0
HP Photosmart Essential2.5
HP Photosmart, Officejet, PSC and Deskjet All-In-One Driver Software 8.0.B
HP Quick Launch Buttons 6.20 B1
HP QuickPlay 3.2
HP Solution Center 8.0
HP Total Care Advisor
HP Update
HP User Guides 0057
HP Wireless Assistant
HPNetworkAssistant
HPProductAssistant
HPSSupply
Intel(R) Graphics Media Accelerator Driver
Intel Matrix Storage Manager
iTunes
Java(TM) 6 Update 13
Java(TM) SE Runtime Environment 6
LightScribe 1.4.136.1
LiveUpdate 3.2 (Symantec Corporation)
Logitech Desktop Messenger
Logitech QuickCam
Logitech QuickCam Driver Package
Malwarebytes' Anti-Malware
MarketResearch
Microsoft .NET Framework 3.5 SP1
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Professional Plus 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Works
Move Networks Media Player for Internet Explorer
Mozilla Firefox (3.5.6)
MSCU for Microsoft Vista
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
muvee autoProducer 6.0
NJStar Communicator
OLYMPUS Master
Pando Media Booster
PPLive Video Accelerator
PSSWCORE
QQϷ
QuickTime
Realtek High Definition Audio Driver
Rhapsody
Rhapsody Player Engine
Roxio Activation Module
Roxio Creator Audio
Roxio Creator Basic v9
Roxio Creator Copy
Roxio Creator Data
Roxio Creator EasyArchive
Roxio Creator Tools
Roxio Express Labeler 3
Roxio MyDVD Basic v9
Scan
SolutionCenter
Status
Synaptics Pointing Device Driver
Toolbox
TrayApp
UnloadSupport
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Viewpoint Media Player
WebReg
WinRAR archiver
Yahoo! Browser Services
Yahoo! Install Manager
Yahoo! Internet Mail
Yahoo! uC

==== Event Viewer Messages From Past Week ========

12/21/2009 9:07:48 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the HP Health Check Service service to connect.
12/21/2009 9:07:48 AM, Error: Service Control Manager [7000] - The HP Health Check Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
12/21/2009 9:05:40 AM, Error: Service Control Manager [7001] - The CyberLink Task Scheduler (CTS) service depends on the CyberLink Background Capture Service (CBCS) service which failed to start because of the following error: After starting, the service hung in a start-pending state.
12/21/2009 9:05:39 AM, Error: Service Control Manager [7022] - The CyberLink Background Capture Service (CBCS) service hung on starting.
12/21/2009 9:05:18 AM, Error: Service Control Manager [7000] - The Rising Vista Scanner service failed to start due to the following error: The system cannot find the file specified.
12/21/2009 9:05:18 AM, Error: Service Control Manager [7000] - The Parallel port driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
12/21/2009 9:05:18 AM, Error: Service Control Manager [7000] - The npkcrypt service failed to start due to the following error: The system cannot find the path specified.
12/21/2009 9:04:02 AM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.0.11 for the Network Card with network address 002100056E0F has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
12/21/2009 8:52:34 AM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.102 for the Network Card with network address 002100056E0F has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).
12/17/2009 10:04:32 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Reboot the machine) after the unexpected termination of the Plug and Play service, but this action failed with the following error: A system shutdown has already been scheduled.
12/17/2009 10:04:32 PM, Error: Service Control Manager [7031] - The Plug and Play service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Reboot the machine.
12/17/2009 10:04:32 PM, Error: Service Control Manager [7031] - The DCOM Server Process Launcher service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Reboot the machine.

==== End Of File ===========================

shine
Novice
Novice

Posts Posts : 41
Joined Joined : 2009-11-17
Gender Gender : Female
OS OS : vista
Points Points : 26259
# Likes # Likes : 0

View user profile

Back to top Go down

Re: malwarebyte's anti-malware

Post by Belahzur on 22nd December 2009, 5:44 pm

1. If you are using Firefox, make sure that your download settings are as follows:

* Tools->Options->Main tab
* Set to "Always ask me where to Save the files".

2. During the download, rename Combofix to svchost as follows:





3. It is important you rename Combofix during the download, but not after.
4. Please do not rename Combofix to other names, but only to the one indicated.
5. Close any open browsers.
6. We need to disable your local AV (Anti-virus) before running Combofix.

  • See [You must be registered and logged in to see this link.] for how to disable your AV.
  • Double click on svchost.exe.
  • Follow the prompts. NOTE:
  • Allow combofix to run
  • Post C:\combofix.txt back here.

    Note:
    Do not mouse click combofix's window whilst it's running. That may cause it to stall.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245111
# Likes # Likes : 1

View user profile

Back to top Go down

Re: malwarebyte's anti-malware

Post by shine on 22nd December 2009, 6:53 pm

ComboFix 09-12-21.08 - Stella Ngan 12/22/2009 12:26:03.1.2 - x86
Microsoft Windows Vista Home Premium 6.0.6002.2.1252.1.1033.18.2038.1264 [GMT -6:00]
Running from: c:\users\Stella Ngan\Downloads\ComboFix.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\$recycle.bin\S-1-5-21-1033904266-600452733-3844603866-500
c:\$recycle.bin\S-1-5-21-4055113683-2864743704-3741799464-500
c:\users\Stella Ngan\Favorites\games.url
c:\users\STELLA~1\FAVORI~1\games.url
c:\windows\system32\Drivers\hdzuk.sys
c:\windows\TEMP\logishrd\LVPrcInj01.dll

Infected copy of c:\windows\system32\DRIVERS\iaStor.sys was found and disinfected
Restored copy from - Kitty ate it :p
.
((((((((((((((((((((((((( Files Created from 2009-11-22 to 2009-12-22 )))))))))))))))))))))))))))))))
.

2009-12-21 15:11 . 2009-12-21 15:11 -------- d-----w- c:\program files\TrendMicro
2009-12-14 23:01 . 2009-12-15 23:02 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-12-14 23:01 . 2009-03-30 15:33 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys
2009-12-12 06:07 . 2009-11-09 12:31 24064 ----a-w- c:\windows\system32\nshhttp.dll
2009-12-12 06:07 . 2009-11-09 12:30 30720 ----a-w- c:\windows\system32\httpapi.dll
2009-12-12 06:07 . 2009-11-09 10:36 411648 ----a-w- c:\windows\system32\drivers\http.sys
2009-12-10 15:25 . 2009-12-10 15:25 -------- d-----w- c:\program files\Windows Portable Devices
2009-12-10 06:09 . 2009-10-29 09:17 2048 ----a-w- c:\windows\system32\tzres.dll
2009-12-10 06:09 . 2009-09-10 02:00 92672 ----a-w- c:\windows\system32\UIAnimation.dll
2009-12-10 06:09 . 2009-09-10 02:01 3023360 ----a-w- c:\windows\system32\UIRibbon.dll
2009-12-10 06:09 . 2009-09-10 02:00 1164800 ----a-w- c:\windows\system32\UIRibbonRes.dll
2009-12-10 06:07 . 2009-10-01 01:02 2537472 ----a-w- c:\windows\system32\wpdshext.dll
2009-12-10 06:07 . 2009-10-01 01:02 334848 ----a-w- c:\windows\system32\PortableDeviceApi.dll
2009-12-10 06:07 . 2009-10-01 01:02 87552 ----a-w- c:\windows\system32\WPDShServiceObj.dll
2009-12-10 06:07 . 2009-10-01 01:01 546816 ----a-w- c:\windows\system32\wpd_ci.dll
2009-12-10 06:07 . 2009-10-01 01:01 160256 ----a-w- c:\windows\system32\PortableDeviceTypes.dll
2009-12-10 06:07 . 2009-10-01 01:01 350208 ----a-w- c:\windows\system32\WPDSp.dll
2009-12-10 06:07 . 2009-10-01 01:01 196608 ----a-w- c:\windows\system32\PortableDeviceWMDRM.dll
2009-12-10 06:07 . 2009-10-01 01:01 100864 ----a-w- c:\windows\system32\PortableDeviceClassExtension.dll
2009-12-10 06:07 . 2009-10-08 21:07 4096 ----a-w- c:\windows\system32\oleaccrc.dll
2009-12-10 06:07 . 2009-10-08 21:08 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll
2009-12-10 06:07 . 2009-10-08 21:08 234496 ----a-w- c:\windows\system32\oleacc.dll
2009-12-10 04:10 . 2009-10-07 11:36 243712 ----a-w- c:\windows\system32\rastls.dll
2009-12-10 04:10 . 2009-08-11 16:44 1401856 ----a-w- c:\windows\system32\msxml6.dll
2009-12-10 04:10 . 2009-08-11 16:44 1248768 ----a-w- c:\windows\system32\msxml3.dll
2009-12-09 23:37 . 2009-12-09 23:37 -------- d-----w- c:\users\Stella Ngan\AppData\Roaming\PPLiveVA
2009-12-09 23:37 . 2009-12-16 02:58 -------- d-----w- c:\programdata\PPLiveVA
2009-12-09 23:37 . 2009-12-09 23:37 -------- d-----w- c:\program files\PPLiveVA
2009-12-09 23:37 . 2009-12-09 23:37 -------- d-----w- c:\program files\PPLive
2009-11-30 21:51 . 2009-11-30 21:51 -------- d-----w- C:\_OTM
2009-11-27 02:45 . 2009-11-27 02:45 -------- d-----w- c:\programdata\Avira
2009-11-27 02:45 . 2009-11-27 02:45 -------- d-----w- c:\program files\Avira
2009-11-26 22:17 . 2009-11-26 22:17 -------- d-----w- c:\program files\Veoh Networks

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-22 17:57 . 2009-04-25 23:25 -------- d-----w- c:\programdata\PPLive
2009-12-21 15:11 . 2009-12-21 15:11 388096 ----a-r- c:\users\Stella Ngan\AppData\Roaming\Microsoft\Installer\{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}\HiJackThis.exe
2009-12-10 17:10 . 2009-03-27 20:39 312344 ----a-w- c:\windows\system32\drivers\iaStor.sys
2009-12-10 15:25 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-12-10 15:25 . 2009-12-10 15:25 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_07_00.Wdf
2009-12-09 23:38 . 2009-11-16 22:22 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-12-09 23:38 . 2007-05-14 12:30 -------- d-----w- c:\program files\Java
2009-12-09 23:37 . 2008-05-28 21:15 -------- d-----w- c:\programdata\Viewpoint
2009-12-09 23:37 . 2008-05-28 21:15 -------- d-----w- c:\program files\Viewpoint
2009-12-09 23:36 . 2007-05-14 12:30 -------- d-----w- c:\program files\Common Files\Java
2009-12-09 22:49 . 2009-12-09 22:48 10220680 ----a-w- c:\users\Stella Ngan\AppData\Roaming\Tencent\QQGame\Download\QQGame2009Beta6P2_setup.EXE
2009-11-30 22:54 . 2009-03-01 18:26 -------- d-----w- c:\users\Stella Ngan\AppData\Roaming\Malwarebytes
2009-11-30 22:54 . 2009-03-01 18:26 -------- d-----w- c:\programdata\Malwarebytes
2009-11-21 06:40 . 2009-12-10 04:17 916480 ----a-w- c:\windows\system32\wininet.dll
2009-11-21 06:34 . 2009-12-10 04:17 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-11-21 06:34 . 2009-12-10 04:17 109056 ----a-w- c:\windows\system32\iesysprep.dll
2009-11-21 04:59 . 2009-12-10 04:17 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-11-16 22:22 . 2009-11-16 22:22 4045527 ----a-w- c:\programdata\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-11-16 03:20 . 2009-11-16 03:20 -------- d-----w- c:\program files\Enigma Software Group
2009-11-15 21:35 . 2009-08-13 20:03 -------- d-----w- c:\program files\PC Tools AntiVirus
2009-11-15 21:06 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Sidebar
2009-11-15 21:06 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Journal
2009-11-15 21:06 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Collaboration
2009-11-15 21:06 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Calendar
2009-11-15 21:06 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Photo Gallery
2009-11-15 21:06 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Defender
2009-11-15 06:17 . 2009-10-25 04:47 -------- d-----w- c:\program files\Google
2009-11-03 02:42 . 2009-10-03 14:40 195456 ------w- c:\windows\system32\MpSigStub.exe
2009-10-23 20:15 . 2009-10-19 02:13 0 ----a-w- c:\windows\system32\drivers\lvuvc.hs
2009-10-19 06:07 . 2009-12-09 23:37 181704 ----a-w- c:\programdata\PPLiveVA\Application\PPAP.exe
2009-10-19 02:12 . 2009-10-19 02:12 127034 ------r- c:\windows\bwUnin-8.1.1.50-8876480SL.exe
2009-10-17 21:08 . 2009-10-17 20:10 148899 ----a-w- c:\windows\hpoins19.dat
2009-10-01 01:02 . 2009-12-10 06:08 30208 ----a-w- c:\windows\system32\WPDShextAutoplay.exe
2009-10-01 01:02 . 2009-12-10 06:08 31232 ----a-w- c:\windows\system32\BthMtpContextHandler.dll
2009-10-01 01:01 . 2009-12-10 06:08 60928 ----a-w- c:\windows\system32\PortableDeviceConnectApi.dll
2009-10-01 01:01 . 2009-12-10 06:08 81920 ----a-w- c:\windows\system32\wpdbusenum.dll
2009-09-25 02:10 . 2009-12-10 06:08 974848 ----a-w- c:\windows\system32\WindowsCodecs.dll
2009-09-25 02:07 . 2009-12-10 06:08 189440 ----a-w- c:\windows\system32\WindowsCodecsExt.dll
2009-09-25 02:04 . 2009-12-10 06:08 321024 ----a-w- c:\windows\system32\PhotoMetadataHandler.dll
2009-09-25 01:49 . 2009-12-10 06:08 1554432 ----a-w- c:\windows\system32\xpsservices.dll
2009-09-25 01:48 . 2009-12-10 06:08 351232 ----a-w- c:\windows\system32\XpsPrint.dll
2009-09-25 01:38 . 2009-12-10 06:08 847360 ----a-w- c:\windows\system32\OpcServices.dll
2009-09-25 01:36 . 2009-12-10 06:08 280064 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2009-09-25 01:35 . 2009-12-10 06:08 135680 ----a-w- c:\windows\system32\XpsRasterService.dll
2009-09-25 01:33 . 2009-12-10 06:08 195584 ----a-w- c:\windows\system32\dxdiagn.dll
2009-09-25 01:33 . 2009-12-10 06:08 829440 ----a-w- c:\windows\system32\d3d10warp.dll
2009-09-25 01:33 . 2009-12-10 06:08 369664 ----a-w- c:\windows\system32\WMPhoto.dll
2009-09-25 01:32 . 2009-12-10 06:08 252928 ----a-w- c:\windows\system32\dxdiag.exe
2009-09-25 01:31 . 2009-12-10 06:08 519680 ----a-w- c:\windows\system32\d3d11.dll
2009-09-25 01:31 . 2009-12-10 06:08 486912 ----a-w- c:\windows\system32\d3d10level9.dll
2009-09-25 01:31 . 2009-12-10 06:08 161280 ----a-w- c:\windows\system32\d3d10_1.dll
2009-09-25 01:31 . 2009-12-10 06:08 218112 ----a-w- c:\windows\system32\d3d10_1core.dll
2009-09-25 01:31 . 2009-12-10 06:08 1030144 ----a-w- c:\windows\system32\d3d10.dll
2009-09-25 01:31 . 2009-12-10 06:08 828928 ----a-w- c:\windows\system32\d2d1.dll
2009-09-25 01:30 . 2009-12-10 06:08 481792 ----a-w- c:\windows\system32\dxgi.dll
2009-09-25 01:30 . 2009-12-10 06:08 190464 ----a-w- c:\windows\system32\d3d10core.dll
2009-09-25 01:27 . 2009-12-10 06:08 634880 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2009-09-25 01:27 . 2009-12-10 06:08 37888 ----a-w- c:\windows\system32\cdd.dll
2009-09-25 01:27 . 2009-12-10 06:08 793088 ----a-w- c:\windows\system32\FntCache.dll
2009-09-25 01:27 . 2009-12-10 06:08 1064448 ----a-w- c:\windows\system32\DWrite.dll
2009-09-24 22:54 . 2009-12-10 06:08 258048 ----a-w- c:\windows\system32\winspool.drv
2009-09-24 22:54 . 2009-12-10 06:08 667648 ----a-w- c:\windows\system32\printfilterpipelinesvc.exe
2009-09-24 22:54 . 2009-12-10 06:08 26112 ----a-w- c:\windows\system32\printfilterpipelineprxy.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
"PPLiveVA"="c:\program files\PPLiveVA\PPLiveVA.exe" [2009-08-27 202064]
"PPAP"="c:\programdata\PPLiveVA\Application\PPAP.exe" [2009-10-19 181704]
"PPLive"="c:\program files\PPLive\PPLive.exe" [2009-11-12 165280]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Shockwave Updater"="c:\windows\system32\Adobe\Shockwave 11\SwHelper_1150596.exe" [2009-04-29 468408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2008-02-13 564496]
"LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam\Quickcam.exe" [2008-02-13 2196240]
"RtHDVCpl"="RtHDVCpl.exe" [2007-03-09 4390912]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="c:\windows\SMINST\launcher.exe" [2006-11-08 44128]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"QvodPlayer"="c:\program files\QvodPlayer\QvodTerminal.exe" [2008-05-26 532480]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2009-10-18 66864]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^Users^Stella Ngan^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^QQϷٳ.lnk]
path=c:\users\Stella Ngan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\QQϷٳ.lnk
backup=c:\windows\pss\QQϷٳ.lnk.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-02-27 22:10 35696 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe]
2008-01-19 07:33 125952 ----a-w- c:\windows\ehome\ehtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2008-02-12 02:13 166424 ----a-w- c:\windows\System32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2006-12-11 02:52 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpWirelessAssistant]
2007-03-01 20:18 472776 ----a-w- c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAAnotif]
2008-04-15 22:54 178712 ----a-w- c:\program files\Intel\Intel Matrix Storage Manager\IAAnotif.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2008-02-12 02:13 141848 ----a-w- c:\windows\System32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2009-07-13 19:03 292128 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OM_Monitor]
2006-05-16 23:50 40960 ----a-w- c:\program files\OLYMPUS\OLYMPUS Master\FirstStart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2008-02-12 02:13 133656 ----a-w- c:\windows\System32\igfxpers.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QlbCtrl]
2007-02-13 18:38 159744 ----a-w- c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QPService]
2007-04-24 01:11 176128 ----a-w- c:\program files\HP\QuickPlay\QPService.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-05-26 22:18 413696 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
2007-03-09 17:50 4390912 ----a-w- c:\windows\RtHDVCpl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-03-27 20:34 148888 ----a-w- c:\program files\Java\jre6\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
2007-01-13 03:36 827392 ----a-w- c:\program files\Synaptics\SynTP\SynTPEnh.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WAWifiMessage]
2007-01-10 23:12 317128 ----a-w- c:\program files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2008-01-19 07:38 1008184 ----a-w- c:\program files\Windows Defender\MSASCui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
2008-01-19 07:33 202240 ----a-w- c:\program files\Windows Media Player\wmpnscfg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):7f,44,28,6c,38,66,ca,01

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [12/14/2009 5:01 PM 108289]
S2 RsVScanner;Rising Vista Scanner;c:\program files\Rising\Rav\scannerd.exe --> c:\program files\Rising\Rav\scannerd.exe [?]
S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [6/6/2008 2:38 PM 21504]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
mStart Page = [You must be registered and logged in to see this link.]
uInternet Settings,ProxyOverride = local;*.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
Trusted Zone: spogg.com\www
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
FF - ProfilePath - c:\users\Stella Ngan\AppData\Roaming\Mozilla\Firefox\Profiles\a80oewe7.default\
FF - prefs.js: network.proxy.type - 2
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF - hȋdden: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{D0523BB4-21E7-11DD-9AB7-415B56D89593} - (no file)
ShellExecuteHooks-{32CD708B-60A7-4C00-9377-D73EAA495F0F} - c:\windows\system32\RavExt.dll
MSConfigStartUp-HP Health Check Scheduler - [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
MSConfigStartUp-MyWebSearch Plugin - c:\progra~1\MYWEBS~1\bar\1.bin\M3PLUGIN.DLL
MSConfigStartUp-PCTAVApp - c:\program files\PC Tools AntiVirus\PCTAV.exe



**************************************************************************
scanning hȋdden processes ...

scanning hȋdden autostart entries ...

scanning hȋdden files ...

scan completed successfully
hȋdden files:

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'Explorer.exe'(8548)
c:\windows\TEMP\logishrd\LVPrcInj01.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
c:\program files\HP\QuickPlay\Kernel\TV\CLSched.exe
c:\windows\system32\conime.exe
c:\program files\Hewlett-Packard\HP Health Check\hphc_service.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\system32\WerCon.exe
c:\windows\servicing\TrustedInstaller.exe
.
**************************************************************************
.
Completion time: 2009-12-22 12:48:08 - machine was rebooted
ComboFix-quarantined-files.txt 2009-12-22 18:48

Pre-Run: 59,267,862,528 bytes free
Post-Run: 60,059,742,208 bytes free

- - End Of File - - 74D748D62AAD26D224EFD9574B555965

shine
Novice
Novice

Posts Posts : 41
Joined Joined : 2009-11-17
Gender Gender : Female
OS OS : vista
Points Points : 26259
# Likes # Likes : 0

View user profile

Back to top Go down

Re: malwarebyte's anti-malware

Post by Belahzur on 22nd December 2009, 6:59 pm

Click Start > Run and copy/paste the following bolded text into the Run box and click OK:

ComboFix /uninstall

This will also reset your restore points.

How is the machine running now?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245111
# Likes # Likes : 1

View user profile

Back to top Go down

Re: malwarebyte's anti-malware

Post by shine on 23rd December 2009, 2:14 am

it still won't let me delete malware

shine
Novice
Novice

Posts Posts : 41
Joined Joined : 2009-11-17
Gender Gender : Female
OS OS : vista
Points Points : 26259
# Likes # Likes : 0

View user profile

Back to top Go down

Re: malwarebyte's anti-malware

Post by Belahzur on 23rd December 2009, 7:13 pm

Hello.
Please download the MBAM cleaning utility.
[You must be registered and logged in to see this link.]

It will ask to restart your computer (please allow it to).
After the computer restarts, install the latest version again.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245111
# Likes # Likes : 1

View user profile

Back to top Go down

Re: malwarebyte's anti-malware

Post by shine on 25th December 2009, 12:40 am

ok thanx i can delete it..
i have another question, before i download that online scanner. then later my internet were kinda mess up. is like i clicking on a website but it show another one. will it happen again after i delete the malware??

shine
Novice
Novice

Posts Posts : 41
Joined Joined : 2009-11-17
Gender Gender : Female
OS OS : vista
Points Points : 26259
# Likes # Likes : 0

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum