Jump to content

sureslip

Members
 View Profile  See their activity

  • Posts

    1

  • Joined

  • Last visited

Reputation

0 Neutral
  1. sureslip
    hi guys, i got a virus from a pc cafe with my flash drive that was even autorun disabled. it renamed all my files to gibberish names with symbols i tried fixing the usb on my asus net book 1015pem and after a while the usb became undetectable. soon after i noticed swl.exe and sxexya.exe so i went safe mode and updated and scanned with malwarebytes and security essentials. all threats were removed successfully but when booting into regular windows after a few minutes i get a bluew screen and the computer restarts. couldn't see the blue screen long enough but i remember seeing something about ataport.sys ill post the logs from dds and gmer. hope someone can help. thanks ryan . DDS (Ver_2011-06-23.01) - NTFSx86 NETWORK Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_24 Run by Ryan at 11:15:29 on 2011-07-08 Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.2038.869 [GMT -7:00] . AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160} SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . ============== Running Processes =============== . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Windows\Explorer.EXE C:\Windows\system32\ctfmon.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Windows\system32\igfxsrvc.exe C:\Windows\system32\ctfmon.exe C:\Windows\system32\conhost.exe C:\Windows\system32\wbem\wmiprvse.exe . ============== Pseudo HJT Report =============== . uSearch Page = hxxp://www.google.com uStart Page = hxxp://www.yahoo.com/ uSearch Bar = hxxp://www.google.com/ie uDefault_Search_URL = hxxp://www.google.com/ie uInternet Settings,ProxyServer = http=127.0.0.1:58687 uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s uURLSearchHooks: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - c:\program files\utorrentbar\tbuTor.dll mURLSearchHooks: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - c:\program files\utorrentbar\tbuTor.dll mURLSearchHooks: WhiteSmoke Bar Toolbar: {167d9323-f7cc-48f5-948a-6f012831a69f} - c:\program files\whitesmoke_bar\prxtbWhit.dll mURLSearchHooks: WhiteSmoke Bar Toolbar: {167d9323-f7cc-48f5-948a-6f012831a69f} - c:\program files\whitesmoke_bar\prxtbWhit.dll BHO: WhiteSmoke Bar Toolbar: {167d9323-f7cc-48f5-948a-6f012831a69f} - c:\program files\whitesmoke_bar\prxtbWhit.dll BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~2\office14\GROOVEEX.DLL BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~2\office14\URLREDIR.DLL BHO: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - c:\program files\utorrentbar\tbuTor.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll TB: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - c:\program files\utorrentbar\tbuTor.dll TB: WhiteSmoke Bar Toolbar: {167d9323-f7cc-48f5-948a-6f012831a69f} - c:\program files\whitesmoke_bar\prxtbWhit.dll uRun: [<NO NAME>] uRun: [sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun uRun: [skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized uRun: [sandboxieControl] "c:\program files\sandboxie\SbieCtrl.exe" uRun: [NokiaOviSuite2] c:\program files\nokia\nokia ovi suite\NokiaOviSuite.exe -tray mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey mRun: [bCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServices mRun: [Persistence] c:\windows\system32\igfxpers.exe mRun: [igfxTray] c:\windows\system32\igfxtray.exe mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe mRun: [ETDWare] %ProgramFiles%\Elantech\ETDCtrl.exe mRun: [superHybridEngine] AsusSender.exe c:\program files\eeepc\she\SuperHybridEngine.exe mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe -s mRun: [HotkeyService] AsusSender.exe c:\program files\eeepc\hotkeyservice\HotkeyService.exe mRun: [HotkeyMon] AsusSender.exe c:\program files\eeepc\hotkeyservice\HotKeyMon.exe mRun: [CapsHook] AsusSender.exe c:\program files\asus\capshook\CapsHook.exe StartupFolder: c:\users\ryan\appdata\roaming\microsoft\windows\start menu\programs\startup\AlwaysOnTop.exe StartupFolder: c:\users\ryan\appdata\roaming\micros~1\windows\startm~1\programs\startup\dropbox.lnk - c:\users\ryan\appdata\roaming\dropbox\bin\Dropbox.exe mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableLUA = 0 (0x0) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) mPolicies-system: PromptOnSecureDesktop = 0 (0x0) IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office14\EXCEL.EXE/3000 IE: Se&nd to OneNote - c:\progra~1\micros~2\office14\ONBttnIE.dll/105 IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab TCP: DhcpNameServer = 209.18.47.61 209.18.47.62 TCP: Interfaces\{C45341A6-423A-41CC-B283-77D5958141E4} : DhcpNameServer = 209.18.47.61 209.18.47.62 TCP: Interfaces\{C45341A6-423A-41CC-B283-77D5958141E4}\2375942554035393 : DhcpNameServer = 192.168.1.254 TCP: Interfaces\{C45341A6-423A-41CC-B283-77D5958141E4}\3557275637C69607 : DhcpNameServer = 172.18.7.170 172.18.7.170 TCP: Interfaces\{C45341A6-423A-41CC-B283-77D5958141E4}\37D6162747 : DhcpNameServer = 192.168.0.1 Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll Notify: igfxcui - igfxdev.dll SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~2\office14\GROOVEEX.DLL . ================= FIREFOX =================== . FF - ProfilePath - c:\users\ryan\appdata\roaming\mozilla\firefox\profiles\u9xdw4wg.default\ FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: keyword.URL - hxxp://ph.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=642886&p= FF - prefs.js: network.proxy.gopher - FF - prefs.js: network.proxy.gopher_port - 0 FF - prefs.js: network.proxy.http - 127.0.0.1 FF - prefs.js: network.proxy.http_port - 58687 FF - prefs.js: network.proxy.type - 0 FF - plugin: c:\progra~1\micros~2\office14\NPAUTHZ.DLL FF - plugin: c:\progra~1\micros~2\office14\NPSPWRAP.DLL FF - plugin: c:\program files\google\picasa3\npPicasa3.dll FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: c:\program files\microsoft silverlight\4.0.60531.0\npctrlui.dll FF - plugin: c:\users\ryan\appdata\local\facebook\video\skype\npFacebookVideoCalling.dll FF - plugin: c:\users\ryan\appdata\local\google\update\1.3.21.57\npGoogleUpdate3.dll . ============= SERVICES / DRIVERS =============== . R0 SmartDefragDriver;SmartDefragDriver;c:\windows\system32\drivers\SmartDefragDriver.sys [2011-6-12 16184] R3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\drivers\ETD.sys [2011-4-10 102912] R3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\drivers\L1C62x86.sys [2009-6-10 50688] S1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-10-24 165264] S2 FLE5WNNT;FLE-5 WindowsNT Driver;c:\windows\system32\drivers\fle5wnnt.sys [2011-6-12 33404] S2 FLSIFACE;FLSIFACE;c:\windows\system32\drivers\flsiface.sys [2011-6-12 14272] S2 FLSPAR;FLSPAR;c:\windows\system32\drivers\flspar.sys [2011-6-12 16314] S2 FLSSER;FLSSER;c:\windows\system32\drivers\flsser.sys [2011-6-12 8344] S2 FLSVCOM;FLSVCOM;c:\windows\system32\drivers\flsvcom.sys [2011-6-12 35226] S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888] S3 BrSerIb;Brother MFC Serial Interface Driver(WDM);c:\windows\system32\drivers\BrSerIb.sys [2009-7-13 265088] S3 BrUsbSIb;Brother MFC Serial USB Driver(WDM);c:\windows\system32\drivers\BrUsbSIb.sys [2009-7-13 11904] S3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2010-4-13 45736] S3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-20 62464] S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\drivers\MpNWMon.sys [2010-10-24 43392] S3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2010-10-24 54144] S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [2010-12-1 137600] S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [2010-12-1 8576] S3 SbieDrv;SbieDrv;c:\program files\sandboxie\SbieDrv.sys [2010-7-4 119016] . =============== Created Last 30 ================ . 2011-07-08 17:35:14 240065 ----a-w- c:\users\ryan\appdata\roaming\microsoft\windows\start menu\programs\startup\AlwaysOnTop.exe 2011-07-08 16:45:58 7074640 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{dfacde51-f3f3-4501-b84c-b2ed95a3deeb}\mpengine.dll 2011-07-08 16:44:08 7074640 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\updates\mpengine.dll 2011-07-07 17:19:06 -------- d-----w- c:\program files\Conduit 2011-07-07 17:19:02 -------- d-----w- c:\program files\WhiteSmoke_Bar 2011-07-07 07:21:42 -------- d-----w- c:\users\ryan\appdata\local\Facebook 2011-07-07 06:33:42 138240 --sha-r- c:\windows\system32\fdprintp.dll 2011-07-06 06:48:17 -------- d-----w- c:\program files\Virtual Console 2011-07-06 06:28:00 -------- d-----w- c:\users\ryan\appdata\roaming\Malwarebytes 2011-07-06 06:27:44 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2011-07-06 06:27:40 -------- d-----w- c:\programdata\Malwarebytes 2011-07-06 06:27:34 22712 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-07-06 06:27:34 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2011-07-05 07:21:50 -------- d-----w- c:\program files\Data Doctor Recovery Pen Drive (Demo) 2011-07-05 07:17:43 -------- d-----w- C:\CPQSYSTEM 2011-07-05 06:51:14 -------- d-----w- c:\programdata\NokiaAccount 2011-07-01 19:33:16 1811848 ----a-w- c:\program files\mozilla firefox\extensions\{82af8dca-6de9-405d-bd5e-43525bdad38a}\components\SkypeFfComponent.dll 2011-07-01 00:11:49 293376 ----a-w- c:\windows\system32\umpnpmgr.dll 2011-07-01 00:11:28 1401344 ----a-w- c:\windows\system32\mssrch.dll 2011-07-01 00:11:27 1549312 ----a-w- c:\windows\system32\tquery.dll 2011-07-01 00:11:26 427520 ----a-w- c:\windows\system32\SearchIndexer.exe 2011-07-01 00:11:25 164352 ----a-w- c:\windows\system32\SearchProtocolHost.exe 2011-07-01 00:11:24 666624 ----a-w- c:\windows\system32\mssvp.dll 2011-07-01 00:11:24 337408 ----a-w- c:\windows\system32\mssph.dll 2011-07-01 00:11:23 86528 ----a-w- c:\windows\system32\SearchFilterHost.exe 2011-07-01 00:11:23 197120 ----a-w- c:\windows\system32\mssphtb.dll 2011-07-01 00:11:22 59392 ----a-w- c:\windows\system32\msscntrs.dll 2011-06-29 09:14:08 -------- d-----w- c:\program files\Network Stumbler 2011-06-28 05:35:38 -------- d-----w- c:\users\ryan\appdata\local\WMTools Downloaded Files 2011-06-28 05:24:37 -------- d-----w- c:\program files\Movie Maker 2.6 2011-06-23 16:40:24 -------- d-----w- c:\program files\DataDoctorRecovery 2011-06-22 10:44:58 73728 ------w- c:\windows\system32\BRCrypt.dll 2011-06-22 10:44:18 106496 ------w- c:\windows\system32\BrMuSNMP.dll 2011-06-22 10:44:17 118784 ------w- c:\windows\system32\BrMfNt.dll 2011-06-22 10:44:15 126976 ------w- c:\windows\system32\BrfxD05b.dll 2011-06-22 10:44:09 5120 ------w- c:\windows\system32\BrDctF2L.dll 2011-06-22 10:44:09 3072 ------w- c:\windows\system32\BrDctF2S.dll 2011-06-22 10:44:08 73728 ------w- c:\windows\system32\BrDctF2.dll 2011-06-22 10:44:03 45056 ----a-w- c:\windows\system32\BRTCPCON.DLL 2011-06-22 10:44:03 111928 ----a-w- c:\windows\system32\BRRBTOOL.EXE 2011-06-22 10:44:02 77824 ----a-w- c:\windows\system32\BRLMW03A.DLL 2011-06-22 10:43:59 176128 ----a-w- c:\windows\system32\BROSNMP.DLL 2011-06-22 10:43:52 -------- d-----w- c:\program files\Brother 2011-06-22 10:43:51 167936 ------w- c:\windows\system32\NSSearch.dll 2011-06-22 10:43:42 24223 ----a-w- c:\windows\system32\BRLM03A.DLL 2011-06-22 10:42:20 -------- d-----w- c:\programdata\Brother 2011-06-22 10:41:17 65536 ----a-w- c:\program files\mozilla firefox\mflpro\mfc-8460n\Setup.exe 2011-06-22 10:41:16 385968 ----a-w- c:\program files\mozilla firefox\mflpro\data\disk1\_Setup.dll 2011-06-22 10:41:15 455600 ----a-w- c:\program files\mozilla firefox\mflpro\data\disk1\setup.exe 2011-06-22 10:41:13 552214 ----a-w- c:\program files\mozilla firefox\mflpro\data\disk1\ISSetup.dll 2011-06-22 10:41:06 45056 ----a-w- c:\program files\mozilla firefox\mflpro\data\disk1\brolink\Brolink0.exe 2011-06-21 13:04:15 -------- d-----r- C:\Sandbox 2011-06-21 13:02:44 -------- d-----w- c:\program files\Sandboxie 2011-06-21 11:21:20 -------- d-----w- c:\users\ryan\appdata\roaming\FreeCommander 2011-06-21 11:21:08 -------- d-----w- c:\program files\FreeCommander 2011-06-14 23:52:04 2382848 ----a-w- c:\windows\system32\mshtml.tlb 2011-06-14 23:52:02 141104 ----a-w- c:\program files\internet explorer\sqmapi.dll 2011-06-14 23:51:58 1797632 ----a-w- c:\windows\system32\jscript9.dll 2011-06-14 23:45:19 338944 ----a-w- c:\windows\system32\drivers\afd.sys 2011-06-14 23:45:19 1290624 ----a-w- c:\windows\system32\drivers\tcpip.sys 2011-06-14 23:45:14 741376 ----a-w- c:\windows\system32\inetcomm.dll 2011-06-14 23:45:10 571904 ----a-w- c:\windows\system32\oleaut32.dll 2011-06-14 23:45:08 310272 ----a-w- c:\windows\system32\drivers\srv2.sys 2011-06-14 23:45:07 311808 ----a-w- c:\windows\system32\drivers\srv.sys 2011-06-14 23:45:07 114688 ----a-w- c:\windows\system32\drivers\srvnet.sys 2011-06-14 23:42:38 223744 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys 2011-06-14 23:42:37 96768 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys 2011-06-14 23:42:37 123904 ----a-w- c:\windows\system32\drivers\mrxsmb.sys 2011-06-14 14:51:52 -------- d-----w- c:\users\ryan\New folder 2011-06-14 04:40:28 -------- d-----w- c:\users\ryan\appdata\local\Remove_Empty_Directories 2011-06-14 04:40:10 -------- d-----w- c:\program files\Remove Empty Directories 2011-06-14 00:57:36 -------- d-----w- c:\windows\pss 2011-06-14 00:49:40 3967872 ----a-w- c:\windows\system32\ntkrnlpa.exe 2011-06-14 00:49:39 3912576 ----a-w- c:\windows\system32\ntoskrnl.exe 2011-06-14 00:49:37 27008 ----a-w- c:\windows\system32\drivers\Diskdump.sys 2011-06-14 00:49:35 123904 ----a-w- c:\windows\system32\poqexec.exe 2011-06-13 06:44:30 -------- d-----w- C:\AllSW 2011-06-13 04:43:05 26719 ----a-w- c:\windows\system32\SERSPL.VXD 2011-06-13 04:43:04 35892 ----a-w- c:\windows\system32\SER9PL.sys 2011-06-13 04:39:44 -------- d-----w- c:\users\ryan\appdata\local\Symbian-Toys.com 2011-06-13 04:25:25 -------- d-----w- C:\INSTALL ON N8 2011-06-13 02:04:33 -------- d-----w- c:\program files\SignSIS-GUI 2011-06-13 01:42:28 -------- d-----w- c:\users\ryan\appdata\roaming\RealHideIP 2011-06-13 01:42:28 -------- d-----w- c:\programdata\RealHideIP 2011-06-12 12:21:45 -------- d-----w- c:\users\ryan\appdata\roaming\IObit 2011-06-12 12:21:43 29008 ----a-w- c:\windows\system32\SmartDefragBootTime.exe 2011-06-12 12:21:43 16184 ----a-w- c:\windows\system32\drivers\SmartDefragDriver.sys 2011-06-12 12:20:32 -------- d-----w- c:\program files\IObit 2011-06-11 15:42:44 -------- d-----w- c:\program files\NCH Swift Sound 2011-06-09 08:19:34 73728 ----a-r- c:\users\ryan\appdata\roaming\microsoft\installer\{e94f986f-9141-4812-840f-609aaa1fb592}\NewShortcut47_74B9CE5DF1F4447F982DCA29A461B529.exe 2011-06-09 08:19:34 73728 ----a-r- c:\users\ryan\appdata\roaming\microsoft\installer\{e94f986f-9141-4812-840f-609aaa1fb592}\NewShortcut46_74B9CE5DF1F4447F982DCA29A461B529.exe 2011-06-09 08:19:34 53248 ----a-r- c:\users\ryan\appdata\roaming\microsoft\installer\{e94f986f-9141-4812-840f-609aaa1fb592}\ARPPRODUCTICON.exe 2011-06-09 08:19:34 49152 ----a-r- c:\users\ryan\appdata\roaming\microsoft\installer\{e94f986f-9141-4812-840f-609aaa1fb592}\Uninstall_QA_OTI_H_FE5D756F71E147C4972AD6775344B40B.exe 2011-06-09 08:19:34 49152 ----a-r- c:\users\ryan\appdata\roaming\microsoft\installer\{e94f986f-9141-4812-840f-609aaa1fb592}\NewShortcut2_1C7B7089989A424FB39D41A32581C775.exe 2011-06-09 06:22:03 18816 ----a-w- c:\windows\system32\drivers\pccsmcfd.sys 2011-06-09 06:21:38 -------- d-----w- c:\program files\PC Connectivity Solution . ==================== Find3M ==================== . 2011-07-04 21:42:28 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2011-06-13 06:55:28 398848 ----a-w- c:\windows\system32\DK2WIN32.DLL 2011-05-25 02:14:10 222080 ------w- c:\windows\system32\MpSigStub.exe 2011-04-24 14:02:25 472808 ----a-w- c:\windows\system32\deployJava1.dll 2011-04-13 22:40:10 4284416 ----a-w- c:\windows\system32\GPhotos.scr 2011-04-10 06:52:33 16896 ----a-w- c:\windows\AsTaskSched.dll . ============= FINISH: 11:18:01.96 =============== heres the malwarebytes log Malwarebytes' Anti-Malware 1.51.0.1200 www.malwarebytes.org Database version: 7031 Windows 6.1.7601 Service Pack 1 (Safe Mode) Internet Explorer 9.0.8112.16421 7/8/2011 12:28:41 AM mbam-log-2011-07-08 (00-28-41).txt Scan type: Full scan (C:\|D:\|E:\|J:\|) Objects scanned: 352020 Time elapsed: 52 minute(s), 33 second(s) Memory Processes Infected: 2 Memory Modules Infected: 0 Registry Keys Infected: 2 Registry Values Infected: 4 Registry Data Items Infected: 1 Folders Infected: 0 Files Infected: 19 Memory Processes Infected: c:\Users\Ryan\AppData\Roaming\microsoft\conhost.exe (Trojan.Agent) -> 1460 -> Unloaded process successfully. c:\Users\Ryan\AppData\Local\Temp\csrss.exe (Trojan.Agent) -> 1520 -> Unloaded process successfully. Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_CURRENT_USER\SOFTWARE\SQ4DY0FH7F (Trojan.FakeAlert.SA) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\ (Hijack.Zones) -> Quarantined and deleted successfully. Registry Values Infected: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\SQ4DY0FH7F (Trojan.FraudPack.Gen) -> Value: SQ4DY0FH7F -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\conhost (Trojan.Agent) -> Value: conhost -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\Load (Trojan.Agent) -> Value: Load -> Delete on reboot. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell (Hijack.Shell.Gen) -> Value: Shell -> Quarantined and deleted successfully. Registry Data Items Infected: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\Load (Trojan.Agent) -> Bad: (C:\Users\Ryan\AppData\Local\Temp\csrss.exe) Good: () -> Quarantined and deleted successfully. Folders Infected: (No malicious items detected) Files Infected: c:\Users\Ryan\AppData\Local\Temp\Swl.exe (Trojan.FraudPack.Gen) -> Quarantined and deleted successfully. c:\Users\Ryan\AppData\Local\microsoft\Windows\temporary internet files\Content.IE5\A7K4BGNJ\asp[1].exe (Trojan.FraudPack.Gen) -> Quarantined and deleted successfully. c:\Users\Ryan\AppData\Local\microsoft\Windows\temporary internet files\Content.IE5\A7K4BGNJ\msi[1].exe (Trojan.Downloader.Gen) -> Quarantined and deleted successfully. c:\Users\Ryan\AppData\Local\Temp\dzd915.exe (Trojan.Downloader.Gen) -> Quarantined and deleted successfully. c:\Users\Ryan\AppData\Local\Temp\gncd.exe (Trojan.Downloader.Gen) -> Quarantined and deleted successfully. c:\Users\Ryan\AppData\Local\Temp\icds.exe (Trojan.Downloader.Gen) -> Quarantined and deleted successfully. c:\Users\Ryan\AppData\Local\Temp\nspc.exe (Trojan.Downloader.Gen) -> Quarantined and deleted successfully. c:\Users\Ryan\AppData\Local\Temp\rs2r.exe (Trojan.Downloader.Gen) -> Quarantined and deleted successfully. c:\Users\Ryan\AppData\Local\Temp\Swk.exe (Trojan.FraudPack.Gen) -> Quarantined and deleted successfully. c:\Windows\Sxexya.exe (Trojan.FraudPack.Gen) -> Quarantined and deleted successfully. c:\Windows\Temp\iqxyna\out5sd.exe (Adware.Agent) -> Quarantined and deleted successfully. c:\Windows\Temp\iqxyna\setup.exe (Trojan.Downloader) -> Quarantined and deleted successfully. c:\Windows\Temp\kmlpvj\setup.exe (Trojan.Dropper) -> Quarantined and deleted successfully. c:\Windows\Temp\swsdsq\setup.exe (Trojan.Agent) -> Quarantined and deleted successfully. c:\Windows\Tasks\sunmicro java update.job (Malware.Trace) -> Quarantined and deleted successfully. c:\Users\Ryan\AppData\Roaming\microsoft\conhost.exe (Trojan.Agent) -> Quarantined and deleted successfully. c:\Users\Ryan\AppData\Local\Temp\csrss.exe (Trojan.Agent) -> Quarantined and deleted successfully. c:\Windows\Tasks\{22116563-108c-42c0-a7ce-60161b75e508}.job (Trojan.Downloader) -> Quarantined and deleted successfully. c:\Windows\Tasks\{810401e2-dde0-454e-b0e2-aa89c9e5967c}.job (Trojan.FraudPack) -> Quarantined and deleted successfully. ark-attach.txt.rar
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.