ive got a virus... help

[tom1987]

Ive got some sort of virus on my computer i turned it on clicked internet explorer.

 

it came up Internet Explorer warning visiting this website may harm your computer it was google by the way. then a pop up came on from

 

awareremover2010 / anti virus live which appeared to scan my computer then say key logger detected to repair become a member (50 dollers) the whole thing screams dodgy to me :mad:

 

now every few seconds i get a pop up on my computer saying application cannot be executed wuaudt.exe is infected

 

i cant access internet nor control panel and its constantly coming up saying become a member for 50 dollers ive run my anti virus with no joy (avast)

 

anyone got any suggestions

 

thanks.

[chiaz]

Hey Tom,

 

A few things before we start....

1. Please Read All Instructions Carefully.

2. If you don't understand something, stop and ask! Don't keep going on.

3. Please do not run any other tools or scans whilst I am helping you.

4. If you have to go away for an extended period of time, let me know.

5. Please continue to respond until I give you the "All Clear".

(Just because you can't see a problem doesn't mean it isn't there)

 

 

Please download Malwarebytes' Anti-Malware by clicking the link below:

Malwarebytes Anti-Malware - Reviews and free Malwarebytes Anti-Malware downloads at Download.com

 

Double Click mbam-setup.exe to install the application.

 

* Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.

* If an update is found, it will download and install the latest version.

* Once the program has loaded, select "Perform Quick Scan", then click Scan.

* The scan may take some time to finish,so please be patient.

* When the scan is complete, click OK, then Show Results to view the results.

* Make sure that everything is checked, and click Remove Selected.

* When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)

* The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.

* You'll be required to post the contents of this log later.

 

Please Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.

 

 

 

Next let's have you download ComboFix.exe. Please visit this webpage for downloading and instructions for running the tool:

 

Go here ======> A guide and tutorial on using ComboFix <====== Go here

 

Please ensure you read this guide carefully and install the Recovery Console first.This applies to XP Pro and XP Home users only.If you have SP3 installed you will need to use the download meant for SP2.

 

The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

 

Once installed, you should get a prompt that says:

 

The Recovery Console was successfully installed.

 

Please continue as follows:

 

(1) Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

(2) Click Yes to allow ComboFix to continue scanning for malware.

 

When the tool is finished, it will produce a report for you.

 

 

Please include the MBAM log and C:\ComboFix.txt for further review, so that we may continue cleansing the system.

 

 

Caution: Never run and remove files with Combofix unless supervised by a qualified security analyst who is experienced in the use of Combofix. Misuse can cause serious computer problems.

[tom1987]

thanks alot Chiaz did what you said and it worked perfectly.

 

thanks again

 

great site il make sure i donate :D

[chiaz]

@Tom,

A donation would be greatly appreciated. But as I said just because the problem appears to be fixed doesn't mean it actually is. For the sake of your PC, I hope you will post the logs I requested in your next reply.

Edited December 9, 2009 by RandyL

[tom1987]

here you go chiaz. this means nothing to me :D

 

ComboFix 09-12-08.07 - Tom 09/12/2009 18:46:58.2.2 - x86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.502.267 [GMT 0:00]

Running from: c:\documents and settings\Tom\Desktop\ComboFix.exe

AV: avast! antivirus 4.8.1368 [VPS 091209-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

.

((((((((((((((((((((((((( Files Created from 2009-11-09 to 2009-12-09 )))))))))))))))))))))))))))))))

.

2009-12-08 20:59 . 2009-12-08 21:02 -------- d-----w- c:\program files\iTunes

2009-12-08 20:59 . 2009-12-08 21:02 -------- d-----w- c:\documents and settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}

2009-12-08 20:50 . 2009-12-08 20:52 -------- d-----w- c:\program files\QuickTime

2009-12-08 20:23 . 2009-12-08 20:23 79144 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.0.2.25\SetupAdmin.exe

2009-12-08 20:15 . 2009-12-08 20:16 -------- d-----w- c:\program files\Safari

2009-12-08 20:08 . 2009-12-08 20:08 79144 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\Safari 5.31.21.10\SetupAdmin.exe

2009-12-07 21:12 . 2009-12-07 21:12 -------- d-----w- c:\windows\ie8updates

2009-12-07 19:11 . 2009-12-07 19:11 -------- d-----w- c:\documents and settings\Tom\Application Data\Malwarebytes

2009-12-07 19:05 . 2009-12-07 19:05 -------- d-----w- c:\documents and settings\david\Application Data\Malwarebytes

2009-12-07 19:05 . 2009-12-03 16:14 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2009-12-07 19:05 . 2009-12-07 19:05 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2009-12-07 19:05 . 2009-12-03 16:13 19160 ----a-w- c:\windows\system32\drivers\mbam.sys

2009-12-07 19:05 . 2009-12-07 19:05 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2009-12-07 18:33 . 2009-12-07 18:33 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache

2009-12-07 18:32 . 2009-12-07 18:32 -------- d-sh--w- c:\documents and settings\david\PrivacIE

2009-12-07 18:31 . 2009-12-07 18:31 -------- d-sh--w- c:\documents and settings\david\IETldCache

2009-12-07 18:23 . 2009-08-29 08:08 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll

2009-12-07 18:23 . 2009-08-29 08:08 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll

2009-12-06 21:37 . 2009-12-06 21:37 -------- d-sh--w- c:\documents and settings\Tom\IECompatCache

2009-12-06 21:36 . 2009-12-06 21:36 -------- d-sh--w- c:\documents and settings\Tom\PrivacIE

2009-12-06 21:34 . 2009-12-06 21:34 -------- d-sh--w- c:\documents and settings\Tom\IETldCache

2009-12-06 20:10 . 2009-12-06 20:13 -------- dc-h--w- c:\windows\ie8

2009-12-06 19:47 . 2009-12-07 18:32 117760 ----a-w- c:\documents and settings\david\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL

2009-12-06 19:46 . 2009-12-06 19:46 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com

2009-12-06 19:46 . 2009-12-06 19:46 65024 ----a-r- c:\documents and settings\david\Application Data\Microsoft\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF15.exe

2009-12-06 19:46 . 2009-12-06 19:46 5120 ----a-r- c:\documents and settings\david\Application Data\Microsoft\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF16.exe

2009-12-06 19:46 . 2009-12-06 19:46 18944 ----a-r- c:\documents and settings\david\Application Data\Microsoft\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF13.exe

2009-12-06 19:46 . 2009-12-07 19:13 -------- d-----w- c:\program files\SUPERAntiSpyware

2009-12-06 19:46 . 2009-12-06 19:46 -------- d-----w- c:\documents and settings\david\Application Data\SUPERAntiSpyware.com

2009-12-06 17:01 . 2009-12-07 18:31 -------- d-----w- c:\documents and settings\david\Tracing

2009-12-06 16:56 . 2009-12-06 16:56 -------- d-----w- c:\documents and settings\david\Local Settings\Application Data\Apple

2009-12-06 07:24 . 2009-12-07 20:59 -------- d-----w- c:\documents and settings\Tom\Local Settings\Application Data\enkedn

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-12-08 22:22 . 2006-02-18 18:56 12 ----a-w- c:\windows\bthservsdp.dat

2009-12-08 21:13 . 2005-07-28 12:12 -------- d-----w- c:\documents and settings\Tom\Application Data\Apple Computer

2009-12-08 21:00 . 2005-09-11 11:59 -------- d-----w- c:\program files\iPod

2009-12-08 21:00 . 2008-03-23 17:01 -------- d-----w- c:\program files\Common Files\Apple

2009-12-08 19:19 . 2008-11-26 17:40 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater

2009-12-06 19:46 . 2007-10-21 13:25 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard

2009-12-06 16:58 . 2007-09-25 17:08 -------- d-----w- c:\documents and settings\david\Application Data\Apple Computer

2009-12-06 10:59 . 2007-09-25 17:02 32776 ----a-w- c:\documents and settings\david\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2009-12-01 21:04 . 2008-09-12 15:53 -------- d-----w- c:\documents and settings\Tom\Application Data\FrostWire

2009-11-24 23:54 . 2008-11-26 21:44 1280480 ----a-w- c:\windows\system32\aswBoot.exe

2009-11-24 23:51 . 2008-11-26 21:44 93424 ----a-w- c:\windows\system32\drivers\aswmon.sys

2009-11-24 23:50 . 2008-11-26 21:44 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys

2009-11-24 23:50 . 2008-11-26 21:44 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys

2009-11-24 23:50 . 2008-11-26 21:44 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys

2009-11-24 23:49 . 2008-11-26 21:44 48560 ----a-w- c:\windows\system32\drivers\aswTdi.sys

2009-11-24 23:48 . 2008-11-26 21:44 23120 ----a-w- c:\windows\system32\drivers\aswRdr.sys

2009-11-24 23:47 . 2008-11-26 21:44 27408 ----a-w- c:\windows\system32\drivers\aavmker4.sys

2009-11-24 23:47 . 2008-11-26 21:44 97480 ----a-w- c:\windows\system32\AvastSS.scr

2009-11-07 19:03 . 2005-07-27 19:40 17440 ----a-w- c:\documents and settings\Tom\Application Data\wklnhst.dat

2009-11-02 20:42 . 2009-10-02 19:05 195456 ------w- c:\windows\system32\MpSigStub.exe

2009-11-02 19:25 . 2005-07-27 19:40 32776 ----a-w- c:\documents and settings\Tom\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2009-11-02 19:24 . 2009-11-02 19:24 -------- d-----w- c:\program files\Microsoft

2009-11-02 19:24 . 2009-11-02 19:23 -------- d-----w- c:\program files\Windows Live

2009-11-02 19:24 . 2009-11-02 19:24 -------- d-----w- c:\program files\Windows Live SkyDrive

2009-11-02 19:19 . 2009-11-02 19:19 -------- d-----w- c:\program files\Common Files\Windows Live

2009-09-11 14:18 . 2005-04-25 23:05 136192 ----a-w- c:\windows\system32\msv1_0.dll

2005-07-27 19:50 . 2005-07-27 19:50 0 --sha-w- c:\windows\SMINST\HPCD.sys

.

((((((((((((((((((((((((((((( SnapShot@2009-12-08_19.15.15 )))))))))))))))))))))))))))))))))))))))))

.

+ 2009-12-09 18:24 . 2009-12-09 18:24 16384 c:\windows\Temp\Perflib_Perfdata_6d0.dat

+ 2009-12-08 20:39 . 2009-08-28 19:42 40448 c:\windows\system32\DRVSTORE\usbaapl_6DA28B91FF48C57089E4D2436654AFA4ECAD0622\usbaapl.sys

+ 2009-12-08 21:02 . 2009-05-18 14:17 26600 c:\windows\system32\DRVSTORE\GEARAspiWD_3B7AACF0636A2C042EB7AD2AFF76D37B27BDD28C\x86\GEARAspiWDM.sys

+ 2008-03-23 17:02 . 2009-08-28 19:42 40448 c:\windows\system32\drivers\usbaapl.sys

+ 2006-09-19 15:44 . 2009-05-18 14:17 26600 c:\windows\system32\drivers\GEARAspiWDM.sys

+ 2009-07-12 01:12 . 2009-07-12 01:12 632656 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcr80.dll

+ 2009-07-12 01:09 . 2009-07-12 01:09 554832 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcp80.dll

+ 2009-07-12 01:08 . 2009-07-12 01:08 479232 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcm80.dll

+ 2006-10-03 18:47 . 2008-04-17 13:12 107368 c:\windows\system32\GEARAspi.dll

- 2006-10-03 18:47 . 2008-04-17 11:12 107368 c:\windows\system32\GEARAspi.dll

+ 2009-12-08 21:02 . 2008-04-17 13:12 107368 c:\windows\system32\DRVSTORE\GEARAspiWD_3B7AACF0636A2C042EB7AD2AFF76D37B27BDD28C\x86\GEARAspi.dll

+ 2009-12-08 20:15 . 2009-12-08 20:15 796672 c:\windows\Installer\5c82d1.msi

+ 2009-12-08 20:16 . 2009-12-08 20:16 307200 c:\windows\Installer\{D6E4E5D6-7693-4BB4-95BA-21F38FAFEE90}\SafariIco.exe

+ 2009-12-08 21:04 . 2009-12-08 21:04 102400 c:\windows\Installer\{A6FDF86A-F541-4E7B-AEA0-8849A2A700D5}\iTunesIco.exe

+ 2009-08-08 11:22 . 2009-08-28 19:42 2065696 c:\windows\system32\usbaaplrc.dll

+ 2009-12-08 20:39 . 2009-08-28 19:42 2065696 c:\windows\system32\DRVSTORE\usbaapl_6DA28B91FF48C57089E4D2436654AFA4ECAD0622\usbaaplrc.dll

+ 2009-12-08 21:04 . 2009-12-08 21:04 4454912 c:\windows\Installer\6f78a5.msi

+ 2009-12-08 20:51 . 2009-12-08 20:51 9473024 c:\windows\Installer\6f755e.msi

+ 2009-12-08 20:39 . 2009-12-08 20:39 3310592 c:\windows\Installer\6f72c8.msi

+ 2009-12-08 20:16 . 2009-12-08 20:16 2449408 c:\windows\Installer\5c82d7.msi

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]

"SmileboxTray"="c:\documents and settings\Tom\Application Data\Smilebox\SmileboxTray.exe" [2008-05-19 201352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2002-09-13 212992]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2004-08-20 155648]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2004-08-20 118784]

"CHotkey"="zHotkey.exe" [2004-05-17 543232]

"ShowWnd"="ShowWnd.exe" [2003-09-19 36864]

"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 32768]

"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2005-01-07 61952]

"SunKistEM"="c:\program files\Digital Media Reader\shwiconem.exe" [2004-11-15 135168]

"AlcFDMonitor"="c:\windows\ALCFDRTM.EXE" [2005-10-25 73728]

"SoundMan"="SOUNDMAN.EXE" [2005-05-12 90112]

"AlcWzrd"="ALCWZRD.EXE" [2005-05-12 2805248]

"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]

"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]

"PCSuiteTrayApplication"="c:\program files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2006-11-08 222208]

"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2006-11-03 866584]

"TalkTalk"="c:\program files\TalkTalk\bin\sprtcmd.exe" [2005-08-15 192512]

"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-02-05 185632]

"DVDtoiPodConverter_upgrade"="c:\program files\E-Zsoft\DVDtoiPodConverter\DVDtoiPodConverter.exe" [2007-12-06 822272]

"Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe" [2008-01-29 583048]

"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]

"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 49152]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-10 417792]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-11-12 141600]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

"PcSync"="c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2006-11-09 1634304]

"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]

c:\documents and settings\All Users\Start Menu\Programs\Startup\

DSLMON.lnk - c:\program files\SAGEM\SAGEM F@st 800-840\dslmon.exe [2007-1-31 962660]

HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-2-19 288472]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Messenger\\msmsgs.exe"=

"c:\\Program Files\\LimeWire\\LimeWire.exe"=

"c:\\StubInstaller.exe"=

"c:\\Program Files\\BitTorrent\\bittorrent.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\DNA\\btdna.exe"=

"c:\\Program Files\\FrostWire\\FrostWire.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\Spotify\\spotify.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"20452:TCP"= 20452:TCP:BitComet 20452 TCP

"20452:UDP"= 20452:UDP:BitComet 20452 UDP

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [26/11/2008 21:44 114768]

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [23/11/2009 08:43 9968]

R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [23/11/2009 08:43 74480]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [26/11/2008 21:44 20560]

R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [03/11/2006 18:19 13592]

S3 iadusb;Zoom USB Network Adapter;c:\windows\system32\drivers\glauiad.sys [21/07/2007 12:24 30371]

S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [23/11/2009 08:43 7408]

S3 w550obex;Sony Ericsson W550 USB WMC OBEX Interface Drivers;c:\windows\system32\DRIVERS\w550obex.sys --> c:\windows\system32\DRIVERS\w550obex.sys [?]

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.co.uk/

mSearch Bar = hxxp://www.google.co.uk/ie

IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html

IE: Send To &Bluetooth - c:\program files\Belkin\Bluetooth Software\btsendto_ie_ctx.htm

.

**************************************************************************

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files:

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(2908)

c:\windows\system32\WININET.dll

c:\progra~1\WINDOW~2\wmpband.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

Completion time: 2009-12-09 18:56:57

ComboFix-quarantined-files.txt 2009-12-09 18:56

ComboFix2.txt 2009-12-08 19:18

Pre-Run: 160,213,295,104 bytes free

Post-Run: 160,167,862,272 bytes free

- - End Of File - - DB2990D6C474355E1B75D3C32ED1A2F5

[chiaz]

Hi Tom,

 

Do you recognize this program?

enkedn

 

Also go to http://virusscan.jotti.org , click on Browse, and upload the following file for analysis:

 

c:\documents and settings\Tom\Application Data\Smilebox\SmileboxTray.exe

 

Then click Submit. Allow the file to be scanned, and then please Copy/Paste the results here for me to see.

[tom1987]

there was nothing found :cool:

 

Scanners

 

http://virusscan.jotti.org/images/logos/arcavir.gif 2009-12-10 Found nothing

http://virusscan.jotti.org/images/logos/gdata.gif 2009-12-10 Found nothing

http://virusscan.jotti.org/images/logos/asquared.gif 2009-12-10 Found nothing

http://virusscan.jotti.org/images/logos/ikarus.gif 2009-12-10 Found nothing

http://virusscan.jotti.org/images/logos/avast.gif 2009-12-10 Found nothing

http://virusscan.jotti.org/images/logos/kaspersky.gif 2009-12-10 Found nothing

http://virusscan.jotti.org/images/logos/avg.gif 2009-12-10 Found nothing

http://virusscan.jotti.org/images/logos/nod32.gif 2009-12-10 Found nothing

http://virusscan.jotti.org/images/logos/avira.gif 2009-12-10 Found nothing

http://virusscan.jotti.org/images/logos/norman.gif Operation timed out

http://virusscan.jotti.org/images/logos/bitdefender.gif 2009-12-10 Found nothing

http://virusscan.jotti.org/images/logos/panda.gif 2009-12-10 Found nothing

http://virusscan.jotti.org/images/logos/clamav.gif 2009-12-10 Found nothing

http://virusscan.jotti.org/images/logos/quickheal.gif 2009-12-10 Found nothing

http://virusscan.jotti.org/images/logos/cpsecure.gif 2009-12-10 Found nothing

http://virusscan.jotti.org/images/logos/sophos.gif 2009-12-10 Found nothing

http://virusscan.jotti.org/images/logos/drweb.gif 2009-12-10 Found nothing

http://virusscan.jotti.org/images/logos/vba32.gif 2009-12-09 Found nothing

http://virusscan.jotti.org/images/logos/fprot.gif 2009-12-10 Found nothing

[chiaz]

Do you recognize this program?

enkedn

[tom1987]

No I don't recognise that

[RandyL]

I don't see the enkedn entry but it might just be my old tired eyes.

 

I don't read combofix logs so I don't pretend to know the structure but I do see references to Avast And Symantec. They might be leftovers but might I ask what antivirus you currently use?

 

What really bothers me is that I'm concerned that no matter how this cleanup goes I think you run an extremely high risk of becoming reinfected.

 

I see bittorrent, frostwire, limewire and bitcomet.

 

If you still have these I highly suggest that you remove them now. P2P programs have caused more infections than I can count.

 

chiaz and tom if I'm mistaken about these I apologize but I do have to mention it.

[tom1987]

i currently use avast antivirus

 

i have uninstalled all the programes you have mentioned except frostwire which i dont use very offen

[chiaz]

Hi Tom,

 

Randy is absolutely right about the P2P programs...they are likely to be the source of infections for you.

 

Also, there is indeed a small remnant left from a Norton product, but it is not causing any conflicts so we'll deal with that later.

 

=====================

 

Please copy this page to *Notepad* and save to your desktop for reference as you will not have any browsers open while you are carrying out portions of these instructions.

 

It's IMPORTANT to carry out the instructions in the sequence listed below.

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

 

Open *notepad* and copy/paste the red text in the quotebox below into it:

 

[color="red"]Folder::
c:\documents and settings\Tom\Local Settings\Application Data\enkedn[/color]

 

Save this as CFScript.txt, in the same location as ComboFix.exe which is on the Desktop.

 

 

http://users.pandora.be/bluepatchy/miekiemoes/images/CFScript.gif

 

Refering to the picture above, drag CFScript.txt into ComboFix.exe

 

 

When finished, it shall produce a log for you at C:\ComboFix.txt

 

Please copy and paste the ComboFix.txt in your new reply.

 

*Note:

Do not mouseclick combofix's window whilst it's running. That may cause it to stall. Altering this script in any way could damage your computer.*