Jump to content

j0hnny07

Members
 View Profile  See their activity

  • Posts

    2

  • Joined

  • Last visited

Reputation

0 Neutral
  1. j0hnny07
    Hi, I have a couple of symptoms of malware: 1. The iexplore.exe process starts up on its own, uses increasingly more memory and uses the internet. - I used Process Explorer (http://technet.microsoft.com/en-us/sysinternals/bb896653) to have a look at it and saw that it was being run under an svchost.exe process () - Process Explorer also showed me that it's being run embedded, and from my desktop () - I can also see what IPs it's accessing () 2. Using any browser (IE, Firefox or Google Chrome), I experience redirecting to ad sites and other crap. I've tried a few things including aswMBR, MalwareBytes Anti Malware, Spybot S&D, TDSS Killer and ComboFix but nothing has gotten rid of the damn thing! I've worked around the problem temporarily by renaming firefox.exe to firefox1.exe, this prevents the redirecting issue. I've also renamed iexplore.exe to iexplore1.exe and this has stopped it from starting up on its own, but IE won't work with a renamed exe so I haven't been able to use IE. This is far from a fix though as the malware is definitely still there. Hopefully someone here can help me. Here is my DDS Log: . DDS (Ver_2011-08-26.01) - NTFSAMD64 Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_29 Run by Adamidis at 13:11:14 on 2011-11-09 Microsoft Windows 7 Ultimate 6.1.7601.1.1252.61.1033.18.4094.2189 [GMT 11:00] . SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . ============== Running Processes =============== . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\nvvsvc.exe C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Windows\system32\svchost.exe -k apphost C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files (x86)\Symantec AntiVirus\DefWatch.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Windows\system32\hasplms.exe C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneService.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files (x86)\Symantec AntiVirus\Rtvscan.exe C:\Windows\system32\svchost.exe -k iissvcs C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe C:\Windows\system32\nvvsvc.exe C:\Windows\system32\taskhost.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files (x86)\WhatPulse\WhatPulse.exe C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe C:\Program Files\NVIDIA Corporation\Display\nvtray.exe C:\Program Files (x86)\Symantec AntiVirus\VPTray.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Windows\system32\SearchIndexer.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Windows\System32\svchost.exe -k LocalServicePeerNet C:\Windows\system32\DllHost.exe C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe C:\Windows\System32\svchost.exe -k secsvcs C:\Windows\system32\wuauclt.exe C:\Program Files (x86)\Mozilla Firefox\firefox1.exe C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\conhost.exe C:\Windows\SysWOW64\cscript.exe C:\Windows\system32\wbem\wmiprvse.exe . ============== Pseudo HJT Report =============== . uStart Page = about:Tabs uInternet Settings,ProxyOverride = *.local;<local> BHO: QuickStores-Toolbar: {10edb994-47f8-43f7-ae96-f2ea63e9f90f} - mscoree.dll BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll TB: QuickStores-Toolbar: {10edb994-47f8-43f7-ae96-f2ea63e9f90f} - mscoree.dll uRun: [NVIDIA nTune] "C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneCmd.exe" clear uRun: [WhatPulse] C:\Program Files (x86)\WhatPulse\WhatPulse.exe mRun: [ccApp] "C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe" mRun: [vptray] C:\PROGRA~2\SYMANT~1\VPTray.exe mRun: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableLUA = 0 (0x0) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) mPolicies-system: PromptOnSecureDesktop = 0 (0x0) mPolicies-system: SoftwareSASGeneration = 1 (0x1) IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab TCP: DhcpNameServer = 192.168.1.1 TCP: Interfaces\{6998D207-41D5-464E-A85B-0837915BBE7E} : DhcpNameServer = 198.142.0.51 61.88.88.88 8.8.8.8 TCP: Interfaces\{7EFFFE3C-E3CB-4AC4-AC3C-808D7767D71F} : DhcpNameServer = 192.168.1.1 TCP: Interfaces\{BDFA4018-4080-4524-85ED-38BEA3E153C0} : DhcpNameServer = 192.168.1.1 Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL Handler: saphtmlp - {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - c:\Program Files (x86)\SAP\FrontEnd\SAPgui\SAPHTMLP.DLL Handler: sapr3 - {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - c:\Program Files (x86)\SAP\FrontEnd\SAPgui\SAPHTMLP.DLL Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe" BHO-X64: QuickStores-Toolbar: {10EDB994-47F8-43F7-AE96-F2EA63E9F90F} - mscoree.dll BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO-X64: AcroIEHelperStub - No File BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO-X64: Skype Plug-In: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll BHO-X64: SkypeIEPluginBHO - No File BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL BHO-X64: URLRedirectionBHO - No File BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll TB-X64: QuickStores-Toolbar: {10EDB994-47F8-43F7-AE96-F2EA63E9F90F} - mscoree.dll mRun-x64: [ccApp] "C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe" mRun-x64: [vptray] C:\PROGRA~2\SYMANT~1\VPTray.exe mRun-x64: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL . ============= SERVICES / DRIVERS =============== . R2 aksdf;aksdf;\??\C:\Windows\system32\drivers\aksdf.sys --> C:\Windows\system32\drivers\aksdf.sys [?] R2 hasplms;Sentinel HASP License Manager;C:\Windows\system32\hasplms.exe -run --> C:\Windows\system32\hasplms.exe -run [?] R2 LMIGuardianSvc;LMIGuardianSvc;C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [2011-9-26 375176] R2 LMIInfo;LogMeIn Kernel Information Provider;C:\Program Files (x86)\LogMeIn\x64\rainfo.sys [2011-9-16 15928] R2 LMIRfsDriver;LogMeIn Remote File System Driver;\??\C:\Windows\system32\drivers\LMIRfsDriver.sys --> C:\Windows\system32\drivers\LMIRfsDriver.sys [?] R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-8-6 2253120] R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-10-15 381248] R2 Symantec AntiVirus;Symantec AntiVirus;C:\Program Files (x86)\Symantec AntiVirus\Rtvscan.exe [2006-12-13 1962136] R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2011-9-19 136824] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S3 epmntdrv;epmntdrv;C:\Windows\System32\epmntdrv.sys [2011-9-21 14216] S3 EuGdiDrv;EuGdiDrv;C:\Windows\System32\EuGdiDrv.sys [2011-9-21 8456] S3 EverestDriver;Lavalys EVEREST Kernel Driver;C:\Program Files (x86)\Lavalys\EVEREST Ultimate Edition\kerneld.amd64 [2011-10-11 26752] S3 iTeleportService;iTeleportService;C:\Program Files (x86)\iTeleport\iTeleport Connect\iTeleportService.exe [2011-9-1 23040] S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files\Microsoft Office\Office14\GROOVE.EXE [2011-6-12 51740536] S3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;C:\Windows\system32\DRIVERS\MijXfilt.sys --> C:\Windows\system32\DRIVERS\MijXfilt.sys [?] S3 Netaapl;Apple Mobile Device Ethernet Service;C:\Windows\system32\DRIVERS\netaapl64.sys --> C:\Windows\system32\DRIVERS\netaapl64.sys [?] S3 nmwcdnsux64;Nokia USB Flashing Phone Parent;C:\Windows\system32\drivers\nmwcdnsux64.sys --> C:\Windows\system32\drivers\nmwcdnsux64.sys [?] S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-1-9 174440] S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184] S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\system32\drivers\rdpvideominiport.sys --> C:\Windows\system32\drivers\rdpvideominiport.sys [?] S3 SwitchBoard;SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096] S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?] S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?] S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\system32\DRIVERS\wdcsam64.sys --> C:\Windows\system32\DRIVERS\wdcsam64.sys [?] S4 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-6-6 64952] S4 MySQL55;MySQL55;"C:\Program Files\MySQL\MySQL Server 5.5\bin\mysqld" --defaults-file="C:\ProgramData\MySQL\MySQL Server 5.5\my.ini" MySQL55 --> C:\Program Files\MySQL\MySQL Server 5.5\bin\mysqld [?] . =============== Created Last 30 ================ . 2011-11-09 01:55:24 69000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{8D726AE6-F20F-43A5-8452-553A1F9008C5}\offreg.dll 2011-11-09 01:23:02 8570192 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{8D726AE6-F20F-43A5-8452-553A1F9008C5}\mpengine.dll 2011-11-09 01:22:23 886784 ----a-w- C:\Program Files\Common Files\System\wab32.dll 2011-11-09 01:22:23 708608 ----a-w- C:\Program Files (x86)\Common Files\System\wab32.dll 2011-11-09 01:22:21 1923952 ----a-w- C:\Windows\System32\drivers\tcpip.sys 2011-11-09 01:22:20 3144704 ----a-w- C:\Windows\System32\win32k.sys 2011-11-08 03:39:36 -------- d-----w- C:\Users\Adamidis\AppData\Roaming\QuickStoresToolbar 2011-11-08 03:39:36 -------- d-----w- C:\Program Files (x86)\Unlocker 2011-11-08 03:32:20 3888 ----a-w- C:\Windows\SysWow64\drivers\NTHANDLE.SYS 2011-11-07 13:07:50 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll 2011-11-06 03:02:51 -------- d-----w- C:\Users\Adamidis\AppData\Local\LogMeIn 2011-11-06 03:02:47 59776 ----a-w- C:\Windows\System32\Spool\prtprocs\x64\LMIproc.dll 2011-11-06 03:02:47 34688 ----a-w- C:\Windows\System32\LMIport.dll 2011-11-06 03:02:46 87456 ----a-w- C:\Windows\System32\LMIRfsClientNP.dll.000.bak 2011-11-06 03:02:46 87456 ----a-w- C:\Windows\System32\LMIRfsClientNP.dll 2011-11-06 03:02:46 72216 ----a-w- C:\Windows\System32\drivers\LMIRfsDriver.sys 2011-11-06 03:02:39 80768 ----a-w- C:\Windows\System32\LMIinit.dll 2011-11-06 03:02:30 -------- d-----w- C:\ProgramData\LogMeIn 2011-11-06 03:02:12 -------- d-----w- C:\Program Files (x86)\LogMeIn 2011-11-05 09:06:08 -------- d-----w- C:\Users\Adamidis\AppData\Roaming\Resource Tuner 2011-11-05 09:06:04 -------- d-----w- C:\Program Files (x86)\Resource Tuner 2011-11-04 14:57:34 -------- d-----w- C:\Program Files (x86)\ESET 2011-11-03 08:40:27 -------- d-----w- C:\$RECYCLE.BIN 2011-11-03 07:40:48 98816 ----a-w- C:\Windows\sed.exe 2011-11-03 07:40:48 518144 ----a-w- C:\Windows\SWREG.exe 2011-11-03 07:40:48 256000 ----a-w- C:\Windows\PEV.exe 2011-11-03 07:40:48 208896 ----a-w- C:\Windows\MBR.exe 2011-11-03 07:39:33 -------- d-----w- C:\ComboFix 2011-11-03 06:07:58 2 --shatr- C:\Windows\winstart.bat 2011-11-03 05:56:26 55384 ----a-w- C:\Windows\System32\drivers\SBREDrv.sys 2011-11-03 05:50:54 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy 2011-11-03 05:50:54 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy 2011-11-03 05:12:20 -------- d-----w- C:\TDSSKiller_Quarantine 2011-11-03 04:13:20 -------- d-----w- C:\Users\Adamidis\AppData\Roaming\SUPERAntiSpyware.com 2011-11-03 04:13:20 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com 2011-11-03 01:46:41 -------- d-----w- C:\Users\Adamidis\AppData\Roaming\Malwarebytes 2011-11-03 01:46:31 -------- d-----w- C:\ProgramData\Malwarebytes 2011-11-03 01:46:26 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware 2011-11-03 01:10:17 -------- d-----w- C:\Program Files (x86)\Trend Micro 2011-11-01 01:44:17 -------- d-----w- C:\Program Files (x86)\Common Files\Wise Installation Wizard 2011-11-01 01:33:48 -------- d-----w- C:\Program Files (x86)\Eidos 2011-10-30 08:01:04 -------- d-----w- C:\Users\Adamidis\AppData\Roaming\NetMedia Providers 2011-10-30 07:58:08 -------- d-----w- C:\Program Files (x86)\Sony 2011-10-30 07:56:13 -------- d-----w- C:\Program Files (x86)\Sony Setup 2011-10-16 08:10:50 24270208 ----a-w- C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSO.DLL 2011-10-16 07:55:32 18139008 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSO.DLL 2011-10-14 13:54:52 321856 ----a-w- C:\Windows\SysWow64\nvStreaming.exe 2011-10-12 08:05:59 -------- d-----w- C:\Program Files\iPod 2011-10-12 08:05:58 -------- d-----w- C:\Program Files\iTunes 2011-10-12 08:05:58 -------- d-----w- C:\Program Files (x86)\iTunes 2011-10-12 08:03:23 -------- d-----w- C:\Program Files\Bonjour 2011-10-12 08:03:23 -------- d-----w- C:\Program Files (x86)\Bonjour 2011-10-12 02:55:44 75776 ----a-w- C:\Windows\SysWow64\psisrndr.ax 2011-10-12 02:55:44 613888 ----a-w- C:\Windows\System32\psisdecd.dll 2011-10-12 02:55:44 465408 ----a-w- C:\Windows\SysWow64\psisdecd.dll 2011-10-12 02:55:44 108032 ----a-w- C:\Windows\System32\psisrndr.ax 2011-10-12 02:55:24 861696 ----a-w- C:\Windows\System32\oleaut32.dll 2011-10-12 02:55:24 571904 ----a-w- C:\Windows\SysWow64\oleaut32.dll 2011-10-12 02:55:24 331776 ----a-w- C:\Windows\System32\oleacc.dll 2011-10-12 02:55:24 233472 ----a-w- C:\Windows\SysWow64\oleacc.dll 2011-10-10 13:23:43 -------- d-----w- C:\Program Files (x86)\Lavalys 2011-10-10 13:18:54 -------- d-----w- C:\Windows\System32\wbem\Framework\root\CPUThermometer 2011-10-10 13:18:54 -------- d-----w- C:\Windows\System32\wbem\Framework\root 2011-10-10 13:18:54 -------- d-----w- C:\Windows\System32\wbem\Framework . ==================== Find3M ==================== . 2011-10-09 01:25:30 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2011-10-02 08:10:32 280904 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr 2011-10-02 08:10:32 280904 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe 2011-10-02 08:07:08 280904 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0 2011-09-30 16:15:57 75136 ----a-w- C:\Windows\SysWow64\PnkBstrA.exe 2011-09-16 04:10:24 35616 ----a-w- C:\Windows\System32\lmimirr.dll 2011-09-16 04:10:24 14624 ----a-w- C:\Windows\System32\lmimirr2.dll 2011-09-16 04:10:24 11552 ----a-w- C:\Windows\System32\drivers\lmimirr.sys 2011-09-09 08:23:34 2469760 ----a-w- C:\Windows\SysWow64\BootMan.exe 2011-09-07 07:06:40 3321728 ----a-w- C:\Windows\System32\BootMan.exe 2011-09-01 05:24:07 2309120 ----a-w- C:\Windows\System32\jscript9.dll 2011-09-01 05:17:57 1389056 ----a-w- C:\Windows\System32\wininet.dll 2011-09-01 05:12:04 2382848 ----a-w- C:\Windows\System32\mshtml.tlb 2011-09-01 02:35:59 1798144 ----a-w- C:\Windows\SysWow64\jscript9.dll 2011-09-01 02:28:15 1126912 ----a-w- C:\Windows\SysWow64\wininet.dll 2011-09-01 02:22:54 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb 2011-08-30 12:05:32 96104 ----a-w- C:\Windows\System32\dns-sd.exe 2011-08-30 12:05:32 85864 ----a-w- C:\Windows\System32\dnssd.dll 2011-08-30 12:05:32 61288 ----a-w- C:\Windows\System32\jdns_sd.dll 2011-08-30 12:05:32 212840 ----a-w- C:\Windows\System32\dnssdX.dll 2011-08-30 12:05:04 83816 ----a-w- C:\Windows\SysWow64\dns-sd.exe 2011-08-30 12:05:04 73064 ----a-w- C:\Windows\SysWow64\dnssd.dll 2011-08-30 12:05:04 50536 ----a-w- C:\Windows\SysWow64\jdns_sd.dll 2011-08-30 12:05:04 178536 ----a-w- C:\Windows\SysWow64\dnssdX.dll 2011-08-29 14:54:28 117520 ----a-w- C:\Windows\System32\drivers\MijXfilt.sys 2006-12-29 04:15:42 3100672 ----a-w- C:\Program Files (x86)\Common Files\sapxlhelper.dll 2006-12-29 04:15:40 626688 ----a-w- C:\Program Files (x86)\Common Files\sapconsaccess.dll 2006-12-29 04:15:40 40960 ----a-w- C:\Program Files (x86)\Common Files\DigitalSignature.ocx 2006-12-29 04:15:40 192512 ----a-w- C:\Program Files (x86)\Common Files\sapconsr3.dll . ============= FINISH: 13:21:45.37 ===============
  2. j0hnny07
    Hi, I have a couple of symptoms of malware: 1. The iexplore.exe process starts up on its own, uses increasingly more memory and uses the internet. - I used Process Explorer (http://technet.microsoft.com/en-us/sysinternals/bb896653) to have a look at it and saw that it was being run under an svchost.exe process () - Process Explorer also showed me that it's being run embedded, and from my desktop () - I can also see what IPs it's accessing () 2. Using any browser (IE, Firefox or Google Chrome), I experience redirecting to ad sites and other crap. I've tried a few things including aswMBR, MalwareBytes Anti Malware, Spybot S&D, TDSS Killer and ComboFix but nothing has gotten rid of the damn thing! I've worked around the problem temporarily by renaming firefox.exe to firefox1.exe, this prevents the redirecting issue. I've also renamed iexplore.exe to iexplore1.exe and this has stopped it from starting up on its own, but IE won't work with a renamed exe so I haven't been able to use IE. This is far from a fix though as the malware is definitely still there. Hopefully someone here can help me. Thanks, Johnny
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.