Jump to content

snivy

Members
  • Posts

    1
  • Joined

  • Last visited

Everything posted by snivy

  1. The virus is called "Malware Protection Center" and it appeared to have gone away until I rebooted my PC and now its back with a vengeance. Before I post all the relevant logs, note that I know exactly what link I clicked that gave me this virus (so if thats any help I'll post it). The reason I know specifically what link it is is because I did a scan directly before clicking it because I knew it looked dodgy and 5mins later I'm getting a fake AV popup. Anyway here are the logs: DDS . DDS (Ver_2011-08-26.01) - NTFSAMD64 NETWORK Internet Explorer: 8.0.7600.16385 Run by nate at 23:55:38 on 2012-01-17 Microsoft Windows 7 Home Premium 6.1.7600.0.1252.44.1033.18.3999.2743 [GMT 0:00] . AV: Norton Internet Security *Disabled/Outdated* {63DF5164-9100-186D-2187-8DC619EFD8BF} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: Norton Internet Security *Disabled/Outdated* {D8BEB080-B73A-17E3-1B37-B6B462689202} FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4} . ============== Running Processes =============== . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\Explorer.EXE C:\Windows\system32\ctfmon.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\conhost.exe C:\Windows\SysWOW64\cscript.exe C:\Windows\system32\wbem\wmiprvse.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT1060933 uInternet Settings,ProxyServer = http=127.0.0.1:59556 uURLSearchHooks: YouTube Downloader Toolbar: {f3fee66e-e034-436a-86e4-9690573bee8a} - C:\Program Files (x86)\YouTube Downloader Toolbar\IE\4.9\youtubedownloaderToolbarIE.dll uURLSearchHooks: H - No File mWinlogon: Userinit=userinit.exe, BHO: Complitly: {0fb6a909-6086-458f-bd92-1f8ee10042a0} - C:\Users\nate\AppData\Roaming\Complitly\Complitly.dll BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\coIEPlg.dll BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\IPS\IPSBHO.DLL BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll BHO: YouTube Downloader Toolbar: {f3fee66e-e034-436a-86e4-9690573bee8a} - C:\Program Files (x86)\YouTube Downloader Toolbar\IE\4.9\youtubedownloaderToolbarIE.dll TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\coIEPlg.dll TB: @C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll TB: YouTube Downloader Toolbar: {f3fee66e-e034-436a-86e4-9690573bee8a} - C:\Program Files (x86)\YouTube Downloader Toolbar\IE\4.9\youtubedownloaderToolbarIE.dll uRun: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden uRun: [steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent uRun: [ZumoDrive] C:\Program Files (x86)\Hewlett-Packard\HP CloudDrive\ZumoLauncher.lnk uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background uRun: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized uRun: [Malware Protection Center] "C:\ProgramData\727d59\MP727_8016.exe" /s /d mRun: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe mRun: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" mRun: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" mRun: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe mRun: [ZumoDrive] "C:\Program Files (x86)\Hewlett-Packard\HP CloudDrive\ZumoLauncher.lnk" mRun: [Freecorder FLV Service] "C:\Program Files (x86)\Freecorder\FLVSrvc.exe" /run mRun: [<NO NAME>] mRun: [searchSettings] "C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe" StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SNAPFI~1.LNK - C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe mPolicies-explorer: NoActiveDesktop = 1 (0x1) mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1) mPolicies-explorer: EnableShellExecuteHooks = 1 (0x1) mPolicies-explorer: HideSCAHealth = 1 (0x1) mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab TCP: DhcpNameServer = 192.168.0.1 TCP: Interfaces\{0EAC441C-2363-4CFA-8C48-86E39C74DCFA} : DhcpNameServer = 40.2.1.100 TCP: Interfaces\{39E4DB1A-8D83-43C2-827C-0C72C70717E7} : DhcpNameServer = 192.168.0.1 Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll SEH: EasyBits ShellExecute Hook: {e54729e8-bb3d-4270-9d49-7389ea579090} - C:\Windows\SysWow64\EZUPBH~1.DLL mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe" BHO-X64: Complitly: {0FB6A909-6086-458F-BD92-1F8EE10042A0} - C:\Users\nate\AppData\Roaming\Complitly\Complitly.dll BHO-X64: Complitly - No File BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO-X64: AcroIEHelperStub - No File BHO-X64: Symantec NCO BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\coIEPlg.dll BHO-X64: Symantec NCO BHO - No File BHO-X64: Symantec Intrusion Prevention: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\IPS\IPSBHO.DLL BHO-X64: Symantec Intrusion Prevention - No File BHO-X64: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll BHO-X64: Search Helper - No File BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO-X64: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll BHO-X64: YouTube Downloader Toolbar: {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files (x86)\YouTube Downloader Toolbar\IE\4.9\youtubedownloaderToolbarIE.dll TB-X64: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\coIEPlg.dll TB-X64: @C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll TB-X64: YouTube Downloader Toolbar: {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files (x86)\YouTube Downloader Toolbar\IE\4.9\youtubedownloaderToolbarIE.dll mRun-x64: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe mRun-x64: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" mRun-x64: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" mRun-x64: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe mRun-x64: [ZumoDrive] "C:\Program Files (x86)\Hewlett-Packard\HP CloudDrive\ZumoLauncher.lnk" mRun-x64: [Freecorder FLV Service] "C:\Program Files (x86)\Freecorder\FLVSrvc.exe" /run mRun-x64: [(Default)] mRun-x64: [searchSettings] "C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe" SEH-X64: EasyBits ShellExecute Hook: {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWow64\EZUPBH~1.DLL . ================= FIREFOX =================== . FF - ProfilePath - C:\Users\nate\AppData\Roaming\Mozilla\Firefox\Profiles\eqmj4xyi.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1060933&SearchSource=3&q={searchTerms} FF - prefs.js: browser.search.selectedEngine - Yahoo FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/ FF - prefs.js: keyword.URL - hxxp://uk.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=937811&p= FF - prefs.js: network.proxy.http - 127.0.0.1 FF - prefs.js: network.proxy.http_port - 59556 FF - prefs.js: network.proxy.type - 0 FF - component: C:\Program Files (x86)\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll FF - component: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\coFFPlgn_2011_7_3_6\components\coFFPlgn.dll FF - component: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\IPSFFPlgn\components\IPSFFPl.dll FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.93\npGoogleUpdate3.dll FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrlui.dll FF - plugin: C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll FF - plugin: C:\Users\nate\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll . ============= SERVICES / DRIVERS =============== . R0 SymDS;Symantec Data Store;C:\Windows\system32\drivers\NISx64\1206000.01D\SYMDS64.SYS --> C:\Windows\system32\drivers\NISx64\1206000.01D\SYMDS64.SYS [?] R0 SymEFA;Symantec Extended File Attributes;C:\Windows\system32\drivers\NISx64\1206000.01D\SYMEFA64.SYS --> C:\Windows\system32\drivers\NISx64\1206000.01D\SYMEFA64.SYS [?] R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?] R3 netr28x;Ralink 802.11n Extensible Wireless Driver;C:\Windows\system32\DRIVERS\netr28x.sys --> C:\Windows\system32\DRIVERS\netr28x.sys [?] R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?] S1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20100810.004\BHDrvx64.sys [2011-4-8 945200] S1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20100706.002\IDSVia64.sys [2011-4-8 463408] S1 SymIRON;Symantec Iron Driver;C:\Windows\system32\drivers\NISx64\1206000.01D\Ironx64.SYS --> C:\Windows\system32\drivers\NISx64\1206000.01D\Ironx64.SYS [?] S1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\system32\Drivers\NISx64\1206000.01D\SYMNETS.SYS --> C:\Windows\system32\Drivers\NISx64\1206000.01D\SYMNETS.SYS [?] S2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2011-4-8 98208] S2 Application Updater;Application Updater;C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe [2011-12-14 748440] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2010-10-20 821664] S2 ezSharedSvc;Easybits Services for Windows;C:\Windows\System32\ezSharedSvcHost.exe [2010-10-17 514232] S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-8-24 136176] S2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2011-6-21 85560] S2 HP Wireless Assistant Service;HP Wireless Assistant Service;C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-7-21 103992] S2 HPClientSvc;HP Client Services;C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-8-6 291896] S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-3-28 94264] S2 HPWMISVC;HPWMISVC;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-11-9 26680] S2 NIS;Norton Internet Security;C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\ccsvchst.exe [2011-8-24 130008] S2 NOBU;Norton Online Backup;C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2010-6-1 2804568] S2 RtVOsdService;RtVOsdService Installer;C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe [2010-6-24 315392] S2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2010-9-14 508264] S3 clwvd;CyberLink WebCam Virtual Driver;C:\Windows\system32\DRIVERS\clwvd.sys --> C:\Windows\system32\DRIVERS\clwvd.sys [?] S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-8-24 136176] S3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\system32\DRIVERS\netw5v64.sys --> C:\Windows\system32\DRIVERS\netw5v64.sys [?] S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184] S3 Sftfs;Sftfs;C:\Windows\system32\DRIVERS\Sftfslh.sys --> C:\Windows\system32\DRIVERS\Sftfslh.sys [?] S3 Sftplay;Sftplay;C:\Windows\system32\DRIVERS\Sftplaylh.sys --> C:\Windows\system32\DRIVERS\Sftplaylh.sys [?] S3 Sftredir;Sftredir;C:\Windows\system32\DRIVERS\Sftredirlh.sys --> C:\Windows\system32\DRIVERS\Sftredirlh.sys [?] S3 Sftvol;Sftvol;C:\Windows\system32\DRIVERS\Sftvollh.sys --> C:\Windows\system32\DRIVERS\Sftvollh.sys [?] S3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2010-9-14 219496] S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\system32\DRIVERS\VSTAZL6.SYS --> C:\Windows\system32\DRIVERS\VSTAZL6.SYS [?] S3 SrvHsfV92;SrvHsfV92;C:\Windows\system32\DRIVERS\VSTDPV6.SYS --> C:\Windows\system32\DRIVERS\VSTDPV6.SYS [?] S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\system32\DRIVERS\VSTCNXT6.SYS --> C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [?] S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?] S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk62x64.sys --> C:\Windows\system32\DRIVERS\yk62x64.sys [?] . =============== Created Last 30 ================ . 2012-01-17 23:44:52 -------- d-----w- C:\Users\nate\AppData\Local\{8FEFB2E5-32CE-46FC-9855-6594C851D4B5} 2012-01-17 23:44:42 -------- d-----w- C:\Users\nate\AppData\Local\{72043A45-7A1C-44B9-870B-269D1AD6533E} 2012-01-17 18:48:13 -------- d-----w- C:\Program Files (x86)\D7750 2012-01-17 18:48:12 548864 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcp80.dll 2012-01-17 18:48:12 479232 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcm80.dll 2012-01-17 18:48:12 43992 ----a-w- C:\Program Files (x86)\Mozilla Firefox\mozutils.dll 2012-01-17 18:48:11 626688 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcr80.dll 2012-01-17 18:47:29 -------- d-----w- C:\Program Files (x86)\LP 2012-01-17 18:45:28 -------- d-sh--w- C:\Users\nate\AppData\Roaming\Malware Protection Center 2012-01-17 18:45:27 -------- d-sh--w- C:\ProgramData\MPJSC 2012-01-17 18:45:05 -------- d-sh--w- C:\ProgramData\727d59 2012-01-17 18:44:30 -------- d-----w- C:\Users\nate\AppData\Roaming\D7750 2012-01-17 18:44:27 104448 ----a-w- C:\Users\nate\AppData\Roaming\Microsoft\C46F\AADF.tmp 2012-01-17 18:43:57 -------- d-----w- C:\Users\nate\AppData\Roaming\F2FD7 2012-01-17 16:01:06 -------- d-----w- C:\Program Files (x86)\Traffic Travis v4 2012-01-17 11:58:48 69000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{0364DFAB-9164-4FEF-820E-95FD999DC348}\offreg.dll 2012-01-17 11:58:43 8822856 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{0364DFAB-9164-4FEF-820E-95FD999DC348}\mpengine.dll 2012-01-17 11:44:18 -------- d-----w- C:\Users\nate\AppData\Local\{B8CA5CFC-E174-449B-AC22-9C712BFB79EA} 2012-01-17 11:44:08 -------- d-----w- C:\Users\nate\AppData\Local\{BB24E408-D1D1-457C-A954-91509ADBC0F0} 2012-01-16 17:43:49 -------- d-----w- C:\Users\nate\AppData\Local\{5CE145B8-F5D7-43FD-A1B6-DEB14B190F26} 2012-01-16 17:43:39 -------- d-----w- C:\Users\nate\AppData\Local\{6C8D8173-CB83-4526-81BA-C5831EABD12F} 2012-01-16 12:33:48 -------- d-----w- C:\HP_TOOLS_mountHPSF 2012-01-13 19:58:39 -------- d-----r- C:\Program Files (x86)\Skype 2012-01-12 15:01:52 -------- d-----w- C:\Users\nate\AppData\Local\{697C5DC7-E223-46B4-A179-0248BF76642A} 2012-01-12 15:01:42 -------- d-----w- C:\Users\nate\AppData\Local\{F6553DCA-D728-44A2-A5B2-E3E36FF300AA} 2012-01-12 01:09:01 -------- d-----w- C:\Users\nate\AppData\Local\{857B96ED-C4B7-452F-847E-6F312612B699} 2012-01-12 01:08:51 -------- d-----w- C:\Users\nate\AppData\Local\{24FF29C9-181C-469D-801E-98D15F819D84} 2012-01-11 20:40:59 1328640 ----a-w- C:\Windows\SysWow64\quartz.dll 2012-01-11 20:40:58 514560 ----a-w- C:\Windows\SysWow64\qdvd.dll 2012-01-11 20:40:58 366592 ----a-w- C:\Windows\System32\qdvd.dll 2012-01-11 20:40:58 1572864 ----a-w- C:\Windows\System32\quartz.dll 2012-01-11 20:40:56 1739160 ----a-w- C:\Windows\System32\ntdll.dll 2012-01-11 20:40:56 1292592 ----a-w- C:\Windows\SysWow64\ntdll.dll 2012-01-11 20:40:55 77312 ----a-w- C:\Windows\System32\packager.dll 2012-01-11 20:40:55 67072 ----a-w- C:\Windows\SysWow64\packager.dll 2012-01-11 13:08:26 -------- d-----w- C:\Users\nate\AppData\Local\{32B3BC8A-5BAE-40B3-85E3-C35D0D6033CD} 2012-01-11 13:08:15 -------- d-----w- C:\Users\nate\AppData\Local\{B60366FB-E818-4FDC-8894-A7E71652D948} 2012-01-11 01:08:04 -------- d-----w- C:\Users\nate\AppData\Local\{422D6D3E-64AD-455D-9835-966F1C016B9C} 2012-01-11 01:07:54 -------- d-----w- C:\Users\nate\AppData\Local\{915171E2-2364-4F74-BB10-F717693B9404} 2012-01-10 11:20:12 -------- d-----w- C:\Users\nate\AppData\Local\{8AD7A98F-851A-4841-94C4-76AF832A1D9D} 2012-01-10 11:20:01 -------- d-----w- C:\Users\nate\AppData\Local\{8BA4D7FB-41E3-488C-BA32-348643193A9E} 2012-01-09 22:27:28 -------- d-----w- C:\Users\nate\AppData\Local\{C41C65ED-6A6D-44F0-ABBE-E8CE168A52AB} 2012-01-09 22:27:17 -------- d-----w- C:\Users\nate\AppData\Local\{5A3EDDBE-A1A0-48E3-86E5-7DB57BDD157A} 2012-01-09 10:27:05 -------- d-----w- C:\Users\nate\AppData\Local\{61317536-3F25-4395-9327-FAC18CC6AB06} 2012-01-08 22:26:39 -------- d-----w- C:\Users\nate\AppData\Local\{8A934FB9-C9B3-46A6-B5C2-BBDB0D6154E1} 2012-01-08 22:26:28 -------- d-----w- C:\Users\nate\AppData\Local\{712F4492-EB5F-4FDB-BD4B-CFE91C7B31FF} 2012-01-08 01:53:49 -------- d-----w- C:\Users\nate\AppData\Roaming\RenPy 2012-01-08 01:52:33 -------- d-----w- C:\Program Files (x86)\Katawa Shoujo 2012-01-07 23:31:11 -------- d-----w- C:\Users\nate\AppData\Local\{16D85664-726D-42D2-8DD5-46DBA63C547C} 2012-01-07 23:31:01 -------- d-----w- C:\Users\nate\AppData\Local\{AEC9E10A-9531-4CA4-8396-A54A9DBF648E} 2012-01-07 11:30:49 -------- d-----w- C:\Users\nate\AppData\Local\{57F063E9-BA6C-4603-A47B-E06A73390EF8} 2012-01-07 11:30:39 -------- d-----w- C:\Users\nate\AppData\Local\{03470536-7353-401C-BBAF-6DE0F8D698AD} 2012-01-06 23:23:33 -------- d-----w- C:\Users\nate\AppData\Local\{16DE8CF6-346C-4B92-9E36-E4BCCF8C7203} 2012-01-06 23:23:22 -------- d-----w- C:\Users\nate\AppData\Local\{70282409-E500-4F8F-9C6C-DBE7D14E5441} 2012-01-06 11:23:11 -------- d-----w- C:\Users\nate\AppData\Local\{27070B88-91A8-4F75-8164-AE19D23B1666} 2012-01-06 11:23:01 -------- d-----w- C:\Users\nate\AppData\Local\{CC6C9CA7-0A3A-4FA4-B746-FB2A20AF1074} 2012-01-05 22:05:05 -------- d-----w- C:\Users\nate\AppData\Local\{0187CC80-0476-4C5D-87C7-39BD9149A9D7} 2012-01-05 22:04:54 -------- d-----w- C:\Users\nate\AppData\Local\{2714CCA9-68FA-4D65-9E24-995043FE784A} 2012-01-05 10:04:43 -------- d-----w- C:\Users\nate\AppData\Local\{7FD93547-75F1-423C-811F-2CE8F58D6792} 2012-01-05 10:04:07 -------- d-----w- C:\Users\nate\AppData\Local\{466A96B9-1DE6-4020-B2ED-1A9F1C6F3A8B} 2012-01-04 18:46:16 -------- d-----w- C:\Users\nate\AppData\Local\{A49485E4-59FE-4B63-816D-09C3A894EDB0} 2012-01-04 18:46:06 -------- d-----w- C:\Users\nate\AppData\Local\{C5706161-D6B1-49AE-BF00-CA5C27051366} 2012-01-02 02:57:34 -------- d-----w- C:\Users\nate\AppData\Local\{0253B11A-148A-4236-8131-506249B75BD5} 2011-12-29 02:21:26 -------- d-----w- C:\Program Files (x86)\VideoLAN 2011-12-27 14:14:47 -------- d-----w- C:\Users\nate\AppData\Local\{AF84A7CC-9D0A-447F-9859-4D989A49625C} 2011-12-27 14:14:37 -------- d-----w- C:\Users\nate\AppData\Local\{32A0D396-84B0-4F44-9CDE-C1EC01044086} 2011-12-26 11:41:25 -------- d-----w- C:\Users\nate\AppData\Local\{17CB6838-85BA-468D-A402-AEAE02525293} 2011-12-26 11:41:15 -------- d-----w- C:\Users\nate\AppData\Local\{0BBEE581-6643-4302-B45B-7A3DED2E1B66} 2011-12-25 14:20:44 -------- d-----w- C:\Users\nate\AppData\Local\{852FE508-5AE7-43EE-A734-9AD94839D5A0} 2011-12-25 02:06:36 -------- d-----w- C:\Users\nate\AppData\Local\{0757CEDB-AB10-465B-AC83-6E24A7E773BF} 2011-12-24 13:12:08 -------- d-----w- C:\Program Files (x86)\YouTube Downloader Toolbar 2011-12-24 13:12:08 -------- d-----w- C:\Program Files (x86)\Common Files\Spigot 2011-12-24 13:12:08 -------- d-----w- C:\Program Files (x86)\Application Updater 2011-12-24 12:48:54 -------- d-----w- C:\Users\nate\AppData\Local\{0D0AB6AE-1BB7-4AD8-91E4-9EFB065AC283} 2011-12-24 00:48:27 -------- d-----w- C:\Users\nate\AppData\Local\{77FAAC4E-6EB4-4EDD-AAB8-8BB80DABC3BE} 2011-12-24 00:48:12 -------- d-----w- C:\Users\nate\AppData\Local\{FA87F228-9BFE-4BDA-BA8F-6AA6A663D86D} 2011-12-24 00:40:08 2106216 ----a-w- C:\Program Files (x86)\Mozilla Firefox\D3DCompiler_43.dll 2011-12-24 00:40:08 1998168 ----a-w- C:\Program Files (x86)\Mozilla Firefox\d3dx9_43.dll 2011-12-24 00:40:08 121816 ----a-w- C:\Program Files (x86)\Mozilla Firefox\components\browsercomps.dll 2011-12-24 00:40:07 97240 ----a-w- C:\Program Files (x86)\Mozilla Firefox\libEGL.dll 2011-12-24 00:40:07 486360 ----a-w- C:\Program Files (x86)\Mozilla Firefox\libGLESv2.dll 2011-12-24 00:40:07 15832 ----a-w- C:\Program Files (x86)\Mozilla Firefox\mozalloc.dll 2011-12-24 00:40:06 814040 ----a-w- C:\Program Files (x86)\Mozilla Firefox\mozsqlite3.dll 2011-12-24 00:40:06 2124760 ----a-w- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll 2011-12-22 20:42:41 -------- d-----w- C:\Program Files (x86)\Ralink 2011-12-20 19:47:59 -------- d-----w- C:\Users\nate\AppData\Roaming\Broken Rules 2011-12-20 19:47:37 -------- d-----w- C:\Program Files (x86)\And Yet It Moves . ==================== Find3M ==================== . 2012-01-17 00:21:18 60304 ----a-w- C:\Users\nate\g2mdlhlpx.exe 2011-12-10 15:24:08 23152 ----a-w- C:\Windows\System32\drivers\mbam.sys 2011-11-24 05:00:47 3141632 ----a-w- C:\Windows\System32\win32k.sys 2011-11-05 05:26:29 1197568 ----a-w- C:\Windows\System32\wininet.dll 2011-11-05 05:23:10 57856 ----a-w- C:\Windows\System32\licmgr10.dll 2011-11-05 05:17:42 2048 ----a-w- C:\Windows\System32\tzres.dll 2011-11-05 04:35:50 981504 ----a-w- C:\Windows\SysWow64\wininet.dll 2011-11-05 04:34:15 44544 ----a-w- C:\Windows\SysWow64\licmgr10.dll 2011-11-05 04:30:11 2048 ----a-w- C:\Windows\SysWow64\tzres.dll 2011-11-05 04:07:32 482816 ----a-w- C:\Windows\System32\html.iec 2011-11-05 03:28:41 386048 ----a-w- C:\Windows\SysWow64\html.iec 2011-11-05 03:25:44 1638912 ----a-w- C:\Windows\System32\mshtml.tlb 2011-11-05 02:55:38 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb 2011-10-26 05:19:07 43520 ----a-w- C:\Windows\System32\csrsrv.dll . ============= FINISH: 23:56:54.21 =============== MBAM Quick Scan log: Malwarebytes Anti-Malware 1.60.0.1800 www.malwarebytes.org Database version: v2012.01.17.04 Windows 7 x64 NTFS (Safe Mode/Networking) Internet Explorer 8.0.7600.16385 nate :: NATE-HP [administrator] 18/01/2012 00:03:20 mbam-log-2012-01-18 (00-03-20).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 175125 Time elapsed: 3 minute(s), 29 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) Even though it says nothing detected, I know the virus is there because it said that before. Also sometimes I'd scan and it would detect 1 threat, I'd remove it but the virus is still there.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.