Jump to content

Recommended Posts

Hi,

yesterday my avast anti virus started detecting threats whenever i opened a program (firefox, thunderbird, messenger etc.). Today random websites started opening in firefox or links led me to wrong pages. I have installed and quick scanned with malwarebytes but it did not find anything. However i noticed it is blocking the random websites.

ty for help

.

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_29

Run by Kai at 6:50:58 on 2011-11-20

Microsoft Windows 7 Ultimate 6.1.7601.1.1252.44.1033.18.4065.2029 [GMT 0:00]

.

AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}

SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\system32\atiesrxx.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Program Files\AVAST Software\Avast\AvastSvc.exe

C:\Windows\system32\atieclxx.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe

C:\Program Files\Logitech\SetPointP\SetPoint.exe

E:\games\Steam\steam.exe

C:\Program Files\TortoiseSVN\bin\TSVNCache.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE

C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\taskhost.exe

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe

C:\Windows\SysWOW64\PnkBstrA.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files (x86)\Tunngle\TnglCtrl.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\system32\SearchIndexer.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Program Files\AVAST Software\Avast\AvastUI.exe

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe

C:\Windows\System32\svchost.exe -k secsvcs

C:\Windows\system32\wuauclt.exe

C:\Windows\SysWOW64\ping.exe

C:\Windows\system32\conhost.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Windows\system32\vssvc.exe

C:\Windows\System32\svchost.exe -k swprv

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\mmc.exe

C:\Windows\system32\sppsvc.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\conhost.exe

C:\Windows\SysWOW64\cscript.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.co.uk/

mWinlogon: Userinit=userinit.exe

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll

BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background

uRun: [steam] "E:\games\Steam\steam.exe" -silent

uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun

uRun: [Google Update] "C:\Users\Kai\AppData\Local\Google\Update\GoogleUpdate.exe" /c

uRun: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized

mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start

mRun: [switchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

mRun: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin

mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"

mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui

mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

mRunOnce: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent

StartupFolder: C:\Users\Kai\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Kai\AppData\Roaming\Dropbox\bin\Dropbox.exe

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\LOLREC~1.LNK - C:\Program Files (x86)\LOLReplay\LOLRecorder.exe

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)

mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableLUA = 0 (0x0)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

mPolicies-system: PromptOnSecureDesktop = 0 (0x0)

IE: E&xport to Microsoft Excel - C:\PROGRA~2\MIF5BA~1\Office12\EXCEL.EXE/3000

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MIF5BA~1\Office12\ONBttnIE.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MIF5BA~1\Office12\REFIEBAR.DLL

LSP: mswsock.dll

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

TCP: Interfaces\{7E88C19E-E5FA-4FBF-828F-3CD2CE9260C7} : DhcpNameServer = 192.168.1.254

TCP: Interfaces\{954AF377-36A9-4039-AC27-75CE4163E220} : DhcpNameServer = 192.168.2.1

Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll

SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll

SubSystems: Windows = basesrv,1 winsrv:UserServerDllInitialization,3 consrv:ConServerDllInitialization,2 sxssrv,4

BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO-X64: AcroIEHelperStub - No File

BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll

BHO-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

TB-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun-x64: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start

mRun-x64: [switchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

mRun-x64: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin

mRun-x64: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"

mRun-x64: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun-x64: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui

mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

mRunOnce-x64: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent

SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\Kai\AppData\Roaming\Mozilla\Firefox\Profiles\mmgk006u.default\

FF - prefs.js: browser.startup.homepage - www.google.co.uk

FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll

FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\0.80.0\npesnlaunch.dll

FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.0\npesnsonar.dll

FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrlui.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll

FF - plugin: C:\Program Files (x86)\OnLive\Plugin\npolgdet.dll

FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll

FF - plugin: C:\ProgramData\id Software\QuakeLive\npquakezero.dll

FF - plugin: C:\Users\Kai\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll

FF - plugin: C:\Users\Kai\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll

.

============= SERVICES / DRIVERS ===============

.

R1 aswSP;aswSP;C:\Windows\system32\drivers\aswSP.sys --> C:\Windows\system32\drivers\aswSP.sys [?]

R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\system32\DRIVERS\dtsoftbus01.sys --> C:\Windows\system32\DRIVERS\dtsoftbus01.sys [?]

R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]

R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-6-6 64952]

R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]

R2 aswFsBlk;aswFsBlk;C:\Windows\system32\drivers\aswFsBlk.sys --> C:\Windows\system32\drivers\aswFsBlk.sys [?]

R2 aswMonFlt;aswMonFlt;\??\C:\Windows\system32\drivers\aswMonFlt.sys --> C:\Windows\system32\drivers\aswMonFlt.sys [?]

R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2011-9-13 44768]

R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe [2011-8-15 2329480]

R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-11-20 366152]

R2 TunngleService;TunngleService;C:\Program Files (x86)\Tunngle\TnglCtrl.exe [2011-9-18 741224]

R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]

R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]

R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\system32\drivers\AtihdW76.sys --> C:\Windows\system32\drivers\AtihdW76.sys [?]

R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]

R3 MBfilt;MBfilt;C:\Windows\system32\drivers\MBfilt64.sys --> C:\Windows\system32\drivers\MBfilt64.sys [?]

R3 tap0901t;TAP-Win32 Adapter V9 (Tunngle);C:\Windows\system32\DRIVERS\tap0901t.sys --> C:\Windows\system32\DRIVERS\tap0901t.sys [?]

R3 V0260VID;Live! Cam Vista IM;C:\Windows\system32\DRIVERS\V0260Vid.sys --> C:\Windows\system32\DRIVERS\V0260Vid.sys [?]

S1 aswSnx;aswSnx;C:\Windows\system32\drivers\aswSnx.sys --> C:\Windows\system32\drivers\aswSnx.sys [?]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S3 hidusbf;USB Mouse Rate Adjuster Lower Filter by SweetLow;C:\Windows\system32\DRIVERS\hidusbf.sys --> C:\Windows\system32\DRIVERS\hidusbf.sys [?]

S3 netr7364;RT73 USB Wireless LAN Card Driver for Vista;C:\Windows\system32\DRIVERS\netr7364.sys --> C:\Windows\system32\DRIVERS\netr7364.sys [?]

S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\system32\drivers\rdpvideominiport.sys --> C:\Windows\system32\drivers\rdpvideominiport.sys [?]

S3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]

S3 SwitchBoard;SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]

.

=============== File Associations ===============

.

.txt=Notepad++_file

.

=============== Created Last 30 ================

.

2011-11-20 06:29:10 25416 ----a-w- C:\Windows\System32\drivers\mbam.sys

2011-11-20 06:28:08 69000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{6E3409E9-7F9F-444F-A40E-CB9CFD299513}\offreg.dll

2011-11-20 06:28:02 8570192 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{6E3409E9-7F9F-444F-A40E-CB9CFD299513}\mpengine.dll

2011-11-20 06:26:55 -------- d-----w- C:\Users\Kai\AppData\Local\{A895D5B8-3D9D-4421-B0A3-7C70380E1695}

2011-11-20 06:26:40 -------- d-----w- C:\Users\Kai\AppData\Local\{602D90E8-63D3-4625-B9EB-E3637D69904A}

2011-11-20 04:36:38 -------- d-----w- C:\Users\Kai\AppData\Roaming\Malwarebytes

2011-11-20 04:36:31 -------- d-----w- C:\ProgramData\Malwarebytes

2011-11-20 04:36:27 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2011-11-20 03:37:50 -------- d-----w- C:\Users\Kai\AppData\Local\{1F67C60A-2783-439F-8FE7-9099DD1B3AE4}

2011-11-20 03:37:16 -------- d-----w- C:\Users\Kai\AppData\Local\{07D8F5F0-32A1-4CD9-BAF4-121BE5C7D452}

2011-11-19 23:52:55 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy

2011-11-19 23:32:04 -------- d--h--w- C:\$AVG

2011-11-19 22:39:31 -------- d--h--w- C:\ProgramData\Common Files

2011-11-19 22:39:10 -------- d-----w- C:\ProgramData\AVG2012

2011-11-19 22:38:48 -------- d-----w- C:\Program Files (x86)\AVG

2011-11-19 22:34:45 -------- d-----w- C:\ProgramData\MFAData

2011-11-19 21:24:52 388096 ----a-r- C:\Users\Kai\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2011-11-19 21:24:52 -------- d-----w- C:\Program Files (x86)\Trend Micro

2011-11-19 15:36:17 -------- d-----w- C:\Users\Kai\AppData\Local\{D11F4C2F-7D02-4D15-8C8D-8851420D22AA}

2011-11-19 15:35:57 -------- d-----w- C:\Users\Kai\AppData\Local\{478A92E9-4573-401E-AF78-03EEC484436B}

2011-11-18 19:22:10 -------- d-----we C:\Windows\system64

2011-11-18 16:41:33 -------- d-----w- C:\Users\Kai\AppData\Local\{1A3DFB1D-4D5D-4D85-AA49-41FFB7453C28}

2011-11-18 16:41:13 -------- d-----w- C:\Users\Kai\AppData\Local\{8FE5E360-5E76-4534-9E89-4661F68F0512}

2011-11-17 20:44:01 -------- d-----w- C:\Users\Kai\AppData\Local\{B1999836-2A2F-4257-A325-E88E09AA7AD9}

2011-11-17 20:43:38 -------- d-----w- C:\Users\Kai\AppData\Local\{EEB4CEAB-A96F-429A-872C-68C025C09E7D}

2011-11-16 15:48:31 -------- d-----w- C:\Users\Kai\AppData\Local\{7E453FA5-5647-4E7F-A40E-7AE1A6BCDF0B}

2011-11-16 15:48:13 -------- d-----w- C:\Users\Kai\AppData\Local\{61578BC1-C84E-45CD-9F4A-D7FAF69F11ED}

2011-11-15 15:56:25 -------- d-----w- C:\Users\Kai\AppData\Local\{A65C099A-6838-427E-BA84-8553B747275F}

2011-11-15 15:56:06 -------- d-----w- C:\Users\Kai\AppData\Local\{0A5DA662-D217-43B9-9762-651802E39BC6}

2011-11-14 16:33:14 -------- d-----w- C:\Users\Kai\AppData\Local\{EBDF1838-492C-4386-AE41-3E7241A4ABE4}

2011-11-14 16:32:51 -------- d-----w- C:\Users\Kai\AppData\Local\{DD0D3F96-9E47-41B7-9BEE-9572B3109D64}

2011-11-13 16:27:17 -------- d-----w- C:\Users\Kai\AppData\Local\{A81BD763-CDCA-46B2-805F-E7AEF83AEA5D}

2011-11-13 16:26:55 -------- d-----w- C:\Users\Kai\AppData\Local\{4C3D00E6-42C3-4D4B-92B8-63C4724BA8E6}

2011-11-13 03:54:47 -------- d-----w- C:\Users\Kai\AppData\Local\{8D944ADE-2E52-4FD5-9696-E09149B9907A}

2011-11-13 03:54:22 -------- d-----w- C:\Users\Kai\AppData\Local\{2576485F-F5C2-4A15-BCC5-E3003D6DC4D9}

2011-11-12 14:44:53 -------- d-----w- C:\Users\Kai\AppData\Local\{CD8605BB-853B-435A-BDF7-EEA763D585B5}

2011-11-12 14:44:29 -------- d-----w- C:\Users\Kai\AppData\Local\{D9DA2F65-A893-4342-B50E-CFA94E344B34}

2011-11-11 12:17:03 -------- d-----w- C:\Users\Kai\AppData\Local\Skyrim

2011-11-11 12:15:59 3977496 ----a-w- C:\Windows\System32\d3dx9_31.dll

2011-11-11 11:57:15 -------- d-----w- C:\Users\Kai\AppData\Local\{B3463540-3488-4240-8D30-D9FEEE0CF32C}

2011-11-11 11:56:34 -------- d-----w- C:\Users\Kai\AppData\Local\{E0D7D90B-22C0-4BA6-A5AC-9BA974B3E5C4}

2011-11-10 16:57:27 -------- d-----w- C:\Users\Kai\AppData\Local\{1FC8452B-5343-4446-87B9-0F6D987FAD0C}

2011-11-10 16:56:49 -------- d-----w- C:\Users\Kai\AppData\Local\{9DFC421F-F6E5-4BEA-8788-DC5F7BB46174}

2011-11-10 04:27:59 -------- d-----w- C:\Users\Kai\AppData\Local\{B0D1E309-085C-480D-B3C6-BF9663861810}

2011-11-10 04:27:48 -------- d-----w- C:\Users\Kai\AppData\Local\{B3D095DB-02C1-4B19-88D1-C699BA955460}

2011-11-09 16:34:53 1923952 ----a-w- C:\Windows\System32\drivers\tcpip.sys

2011-11-09 16:34:52 886784 ----a-w- C:\Program Files\Common Files\System\wab32.dll

2011-11-09 16:34:52 708608 ----a-w- C:\Program Files (x86)\Common Files\System\wab32.dll

2011-11-09 16:34:50 3144704 ----a-w- C:\Windows\System32\win32k.sys

2011-11-09 16:27:25 -------- d-----w- C:\Users\Kai\AppData\Local\{D1BF1F88-9A2D-47D7-8DA8-07F31ED60F57}

2011-11-09 16:27:08 -------- d-----w- C:\Users\Kai\AppData\Local\{8E8584C5-7F20-46B2-9359-DF5839371FF2}

2011-11-08 21:09:29 -------- d-----w- C:\Program Files (x86)\LOLReplay

2011-11-08 15:49:40 -------- d-----w- C:\Users\Kai\AppData\Local\{E7B7D5BA-CF48-4CBD-9ADC-7CBF2D2F3E66}

2011-11-08 15:49:22 -------- d-----w- C:\Users\Kai\AppData\Local\{7C4E0D78-E271-4783-95AD-DE4675EB321F}

2011-11-07 17:30:03 -------- d-----w- C:\Users\Kai\AppData\Local\{60D8946A-2458-47CB-AA64-397564427AD1}

2011-11-07 17:29:43 -------- d-----w- C:\Users\Kai\AppData\Local\{D7B38D8D-D436-4576-9CDD-BAD5A1F61A7B}

2011-11-06 16:10:48 -------- d-----w- C:\Users\Kai\AppData\Local\{A9E5C242-E83E-4A61-BAE1-211EB6B4A9C7}

2011-11-06 16:10:37 -------- d-----w- C:\Users\Kai\AppData\Local\{445F0243-219A-4F2B-94E8-18A42C4F7835}

2011-11-06 04:10:11 -------- d-----w- C:\Users\Kai\AppData\Local\{C6C5E381-A2AB-48C5-9084-BBED495FD184}

2011-11-06 04:09:25 -------- d-----w- C:\Users\Kai\AppData\Local\{1255CCC1-E318-4804-9A55-22D937714E42}

2011-11-05 16:09:05 -------- d-----w- C:\Users\Kai\AppData\Local\{80B88F14-CCFF-4D60-8790-C71273F7DD87}

2011-11-05 16:08:49 -------- d-----w- C:\Users\Kai\AppData\Local\{361E04F6-3CFD-4FBC-B9A2-EC185509A11B}

2011-11-05 01:46:54 -------- d-----w- C:\Users\Kai\AppData\Local\{6F272427-F847-4E7A-A6B2-4936D9AB5576}

2011-11-05 01:46:12 -------- d-----w- C:\Users\Kai\AppData\Local\{03517209-F70D-4B72-989A-9855832DD353}

2011-11-04 00:36:16 -------- d-----w- C:\Users\Kai\AppData\Local\{AFCBF37B-3659-4593-8538-EDE8762C20CD}

2011-11-04 00:35:41 -------- d-----w- C:\Users\Kai\AppData\Local\{0EB34FF2-0411-4749-915B-9FE7081BA273}

2011-11-03 12:35:29 -------- d-----w- C:\Users\Kai\AppData\Local\{5AECB64F-D85E-48FB-A263-E2787A4C7C35}

2011-11-03 12:34:47 -------- d-----w- C:\Users\Kai\AppData\Local\{37516B1A-6032-43D4-B1D3-F71FD93AF8E3}

2011-11-03 00:34:36 -------- d-----w- C:\Users\Kai\AppData\Local\{5896230B-AE9A-4ED5-8476-875F47861B87}

2011-11-03 00:34:02 -------- d-----w- C:\Users\Kai\AppData\Local\{1A7B4E40-BFB9-4E1C-9F67-00C5A1DD4B82}

2011-11-02 12:33:13 -------- d-----w- C:\Users\Kai\AppData\Local\{19E5110C-CEC7-41C1-9AE6-A94C86BD95C9}

2011-11-02 12:32:56 -------- d-----w- C:\Users\Kai\AppData\Local\{F341B675-C4CE-4508-974C-D33E75993477}

2011-11-01 19:44:50 476904 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll

2011-11-01 15:01:31 -------- d-----w- C:\Users\Kai\AppData\Local\{F4B77FDB-1C66-4D24-A6A4-BF3392154D25}

2011-11-01 15:01:12 -------- d-----w- C:\Users\Kai\AppData\Local\{F2E4F521-469F-48E9-81FA-2380432E5995}

2011-10-31 18:09:02 -------- d-----w- C:\Users\Kai\AppData\Local\{CD05D213-BD67-4F76-B29F-40A30BF5CFD2}

2011-10-31 18:08:42 -------- d-----w- C:\Users\Kai\AppData\Local\{2A17CB01-14E0-4D6F-A636-A43D04F626AE}

2011-10-31 02:12:23 -------- d-----w- C:\Users\Kai\AppData\Local\{4EC53053-6D32-4111-8482-1DCFC9CB5B6A}

2011-10-31 02:11:39 -------- d-----w- C:\Users\Kai\AppData\Local\{2B1492B5-B083-4C66-8894-DB10E477D58A}

2011-10-30 14:11:27 -------- d-----w- C:\Users\Kai\AppData\Local\{F15AE3F7-AB9A-42FF-915A-C314F147DA7F}

2011-10-30 14:11:09 -------- d-----w- C:\Users\Kai\AppData\Local\{A163A961-6BC3-4355-88BD-A0574FD77955}

2011-10-30 02:10:57 -------- d-----w- C:\Users\Kai\AppData\Local\{E29E74A2-FAA3-4147-B98E-0461721DDEC9}

2011-10-30 02:10:34 -------- d-----w- C:\Users\Kai\AppData\Local\{19648B05-7E57-4BCF-B4F6-9B2B47C69287}

2011-10-29 14:10:21 -------- d-----w- C:\Users\Kai\AppData\Local\{7EA3DAB8-A64C-4901-B34F-5C7953EC069D}

2011-10-29 14:09:46 -------- d-----w- C:\Users\Kai\AppData\Local\{A790DACA-AED5-4525-8EA3-014A4C4F0088}

2011-10-28 22:50:14 -------- d-----w- C:\Users\Kai\AppData\Local\{75B50D46-ECC6-4D22-970A-3E68FA0D4F24}

2011-10-28 22:49:41 -------- d-----w- C:\Users\Kai\AppData\Local\{7721964F-00B2-47C7-AE62-A673EA66F5C9}

2011-10-28 10:49:00 -------- d-----w- C:\Users\Kai\AppData\Local\{288E5D9D-131A-4F44-BBC7-3614D26807A8}

2011-10-28 10:48:41 -------- d-----w- C:\Users\Kai\AppData\Local\{D606839F-C7FD-4BC6-B39A-9DF788BA993C}

2011-10-27 13:23:26 -------- d-----w- C:\Users\Kai\AppData\Local\{76369AD3-1780-42B9-9EA4-3EE72E06BFEC}

2011-10-27 13:23:04 -------- d-----w- C:\Users\Kai\AppData\Local\{E52BC653-1199-4983-9D56-0296348573A5}

2011-10-26 15:26:58 -------- d-----w- C:\Users\Kai\AppData\Local\{CA8A2B2C-A167-4A8D-8BF8-CD9C85BEFEC1}

2011-10-26 15:26:36 -------- d-----w- C:\Users\Kai\AppData\Local\{2C5A437D-AD9D-4C92-ADC6-817C0B862B3E}

2011-10-25 15:55:52 -------- d-----w- C:\Users\Kai\AppData\Local\{C60C3FB9-5615-4F04-8CCE-EE9DE3F8F915}

2011-10-25 15:55:35 -------- d-----w- C:\Users\Kai\AppData\Local\{C639FDC3-E596-410E-BEF0-3B626BE5CC28}

2011-10-24 17:00:43 75776 ----a-w- C:\Windows\SysWow64\psisrndr.ax

2011-10-24 17:00:43 613888 ----a-w- C:\Windows\System32\psisdecd.dll

2011-10-24 17:00:43 465408 ----a-w- C:\Windows\SysWow64\psisdecd.dll

2011-10-24 17:00:43 108032 ----a-w- C:\Windows\System32\psisrndr.ax

2011-10-24 17:00:24 331776 ----a-w- C:\Windows\System32\oleacc.dll

2011-10-24 17:00:23 861696 ----a-w- C:\Windows\System32\oleaut32.dll

2011-10-24 17:00:23 571904 ----a-w- C:\Windows\SysWow64\oleaut32.dll

2011-10-24 17:00:23 233472 ----a-w- C:\Windows\SysWow64\oleacc.dll

2011-10-24 16:57:35 -------- d-----w- C:\Users\Kai\AppData\Local\{24BEEEDF-549C-4972-B371-B04F2FE08330}

2011-10-24 16:56:52 -------- d-----w- C:\Users\Kai\AppData\Local\{46235BA7-5BE1-4B4A-9E42-EBD2880D924C}

2011-10-24 03:33:03 -------- d-----w- C:\Users\Kai\AppData\Local\{4647EAD0-8636-4E78-981D-AF2D1E81C0A8}

2011-10-24 03:32:28 -------- d-----w- C:\Users\Kai\AppData\Local\{5B093B28-351C-4C75-A57A-19D9A4AAFD1F}

2011-10-23 15:32:16 -------- d-----w- C:\Users\Kai\AppData\Local\{E8A69890-D228-4B15-9681-B0AD9E18BEF2}

2011-10-23 15:31:32 -------- d-----w- C:\Users\Kai\AppData\Local\{DAA1A823-8087-401F-82C4-3C8B28697812}

2011-10-23 03:31:20 -------- d-----w- C:\Users\Kai\AppData\Local\{91FE4CCD-E60B-46E7-B74D-C676F3F67A29}

2011-10-23 03:30:46 -------- d-----w- C:\Users\Kai\AppData\Local\{60BFD9E2-AA76-4C6F-8256-AE5175F6726D}

2011-10-22 15:30:33 -------- d-----w- C:\Users\Kai\AppData\Local\{C3B84C72-D08D-4B9C-8414-C39F83794984}

2011-10-22 15:29:59 -------- d-----w- C:\Users\Kai\AppData\Local\{E8F1212A-52DA-4B12-A91D-C4EB6655656D}

2011-10-22 11:56:46 -------- d-----w- C:\Users\Kai\AppData\Local\Focus Home Interactive

2011-10-22 03:29:47 -------- d-----w- C:\Users\Kai\AppData\Local\{1AE686A3-B39B-43FA-937D-7EC058DD814E}

2011-10-22 03:29:05 -------- d-----w- C:\Users\Kai\AppData\Local\{89BD5DA5-A2D7-4281-919A-5F83B18354FC}

2011-10-21 15:28:53 -------- d-----w- C:\Users\Kai\AppData\Local\{0C1FC6B0-6038-4C9D-8DDB-7E88D7BC69BD}

2011-10-21 15:28:09 -------- d-----w- C:\Users\Kai\AppData\Local\{90E4DE5D-A9E8-44A0-9A13-050A07DA7736}

.

==================== Find3M ====================

.

2011-10-13 15:10:49 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2011-10-07 11:34:43 280904 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr

2011-10-07 11:34:43 280904 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe

2011-10-07 11:13:37 280904 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0

2011-10-04 00:44:27 466456 ----a-w- C:\Windows\System32\wrap_oal.dll

2011-10-04 00:44:27 444952 ----a-w- C:\Windows\SysWow64\wrap_oal.dll

2011-10-04 00:44:27 122904 ----a-w- C:\Windows\System32\OpenAL32.dll

2011-10-04 00:44:27 109080 ----a-w- C:\Windows\SysWow64\OpenAL32.dll

2011-10-03 05:06:03 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll

2011-09-29 23:54:16 249856 ------w- C:\Windows\Setup1.exe

2011-09-29 23:54:11 73216 ----a-w- C:\Windows\ST6UNST.EXE

2011-09-29 16:41:37 75136 ----a-w- C:\Windows\SysWow64\PnkBstrA.exe

2011-09-24 02:58:12 10207232 ----a-w- C:\Windows\System32\drivers\atikmdag.sys

2011-09-24 02:12:22 24604160 ----a-w- C:\Windows\System32\atio6axx.dll

2011-09-24 02:03:30 159744 ----a-w- C:\Windows\System32\atiapfxx.exe

2011-09-24 02:03:18 736768 ----a-w- C:\Windows\SysWow64\aticfx32.dll

2011-09-24 02:01:54 867328 ----a-w- C:\Windows\System32\aticfx64.dll

2011-09-24 01:59:14 466944 ----a-w- C:\Windows\System32\ATIDEMGX.dll

2011-09-24 01:59:06 487936 ----a-w- C:\Windows\System32\atieclxx.exe

2011-09-24 01:58:30 204288 ----a-w- C:\Windows\System32\atiesrxx.exe

2011-09-24 01:57:16 120320 ----a-w- C:\Windows\System32\atitmm64.dll

2011-09-24 01:57:00 423424 ----a-w- C:\Windows\System32\atipdl64.dll

2011-09-24 01:56:52 356352 ----a-w- C:\Windows\SysWow64\atipdlxx.dll

2011-09-24 01:56:40 278528 ----a-w- C:\Windows\SysWow64\Oemdspif.dll

2011-09-24 01:56:36 21504 ----a-w- C:\Windows\System32\atimuixx.dll

2011-09-24 01:56:30 59392 ----a-w- C:\Windows\System32\atiedu64.dll

2011-09-24 01:56:24 43520 ----a-w- C:\Windows\SysWow64\ati2edxx.dll

2011-09-24 01:56:10 18587648 ----a-w- C:\Windows\SysWow64\atioglxx.dll

2011-09-24 01:53:08 4231680 ----a-w- C:\Windows\SysWow64\atidxx32.dll

2011-09-24 01:43:24 4960768 ----a-w- C:\Windows\System32\atidxx64.dll

2011-09-24 01:43:08 1113088 ----a-w- C:\Windows\System32\atiumd6v.dll

2011-09-24 01:42:44 1828864 ----a-w- C:\Windows\SysWow64\atiumdmv.dll

2011-09-24 01:42:32 4023296 ----a-w- C:\Windows\System32\atiumd6a.dll

2011-09-24 01:35:00 51200 ----a-w- C:\Windows\System32\aticalrt64.dll

2011-09-24 01:34:58 46080 ----a-w- C:\Windows\SysWow64\aticalrt.dll

2011-09-24 01:34:50 44544 ----a-w- C:\Windows\System32\aticalcl64.dll

2011-09-24 01:34:48 44032 ----a-w- C:\Windows\SysWow64\aticalcl.dll

2011-09-24 01:34:36 9809920 ----a-w- C:\Windows\System32\aticaldd64.dll

2011-09-24 01:32:56 4289024 ----a-w- C:\Windows\SysWow64\atiumdag.dll

2011-09-24 01:32:14 4174848 ----a-w- C:\Windows\SysWow64\atiumdva.dll

2011-09-24 01:31:34 8390656 ----a-w- C:\Windows\SysWow64\aticaldd.dll

2011-09-24 01:27:50 58880 ----a-w- C:\Windows\System32\coinst.dll

2011-09-24 01:26:48 5431808 ----a-w- C:\Windows\System32\atiumd64.dll

2011-09-24 01:19:58 479744 ----a-w- C:\Windows\System32\atiadlxx.dll

2011-09-24 01:19:48 335872 ----a-w- C:\Windows\SysWow64\atiadlxy.dll

2011-09-24 01:19:36 17408 ----a-w- C:\Windows\System32\atig6pxx.dll

2011-09-24 01:19:32 14336 ----a-w- C:\Windows\SysWow64\atiglpxx.dll

2011-09-24 01:19:32 14336 ----a-w- C:\Windows\System32\atiglpxx.dll

2011-09-24 01:19:30 39936 ----a-w- C:\Windows\System32\atig6txx.dll

2011-09-24 01:19:22 32768 ----a-w- C:\Windows\SysWow64\atigktxx.dll

2011-09-24 01:19:14 317952 ----a-w- C:\Windows\System32\drivers\atikmpag.sys

2011-09-24 01:18:32 40960 ----a-w- C:\Windows\System32\atiuxp64.dll

2011-09-24 01:18:26 31744 ----a-w- C:\Windows\SysWow64\atiuxpag.dll

2011-09-24 01:18:20 38912 ----a-w- C:\Windows\System32\atiu9p64.dll

2011-09-24 01:18:14 29184 ----a-w- C:\Windows\SysWow64\atiu9pag.dll

2011-09-24 01:17:34 53248 ----a-w- C:\Windows\System32\drivers\ati2erec.dll

2011-09-24 01:16:38 54784 ----a-w- C:\Windows\System32\atimpc64.dll

2011-09-24 01:16:38 54784 ----a-w- C:\Windows\System32\amdpcom64.dll

2011-09-24 01:16:16 53760 ----a-w- C:\Windows\SysWow64\atimpc32.dll

2011-09-24 01:16:16 53760 ----a-w- C:\Windows\SysWow64\amdpcom32.dll

2011-09-23 21:15:12 66048 ----a-w- C:\Windows\System32\OpenVideo64.dll

2011-09-23 21:15:08 56832 ----a-w- C:\Windows\SysWow64\OpenVideo.dll

2011-09-23 21:14:58 16787456 ----a-w- C:\Windows\System32\amdocl64.dll

2011-09-23 21:14:18 13753856 ----a-w- C:\Windows\SysWow64\amdocl.dll

2011-09-23 21:13:30 51200 ----a-w- C:\Windows\System32\OpenCL.dll

2011-09-23 21:13:24 43520 ----a-w- C:\Windows\SysWow64\OpenCL.dll

2011-09-18 16:34:22 967 ----a-w- C:\Windows\ScUnin.pif

2011-09-18 16:34:22 94208 ----a-w- C:\Windows\ScUnin.exe

2011-09-06 20:45:29 41184 ----a-w- C:\Windows\avastSS.scr

2011-09-06 20:38:18 601944 ----a-w- C:\Windows\System32\drivers\aswSnx.sys

2011-09-06 20:36:30 65368 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys

2011-09-01 05:24:07 2309120 ----a-w- C:\Windows\System32\jscript9.dll

2011-09-01 05:17:57 1389056 ----a-w- C:\Windows\System32\wininet.dll

2011-09-01 05:12:04 2382848 ----a-w- C:\Windows\System32\mshtml.tlb

2011-09-01 02:35:59 1798144 ----a-w- C:\Windows\SysWow64\jscript9.dll

2011-09-01 02:28:15 1126912 ----a-w- C:\Windows\SysWow64\wininet.dll

2011-09-01 02:22:54 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2011-08-25 23:07:15 94208 ----a-w- C:\Windows\DIIUnin.exe

2011-08-25 23:07:15 2829 ----a-w- C:\Windows\DIIUnin.pif

2011-08-25 22:50:11 43520 ----a-w- C:\Windows\SysWow64\CmdLineExt03.dll

2011-08-25 22:49:34 21840 ----a-w- C:\Windows\SysWow64\SIntfNT.dll

2011-08-25 22:49:34 17212 ----a-w- C:\Windows\SysWow64\SIntf32.dll

2011-08-25 22:49:34 12067 ----a-w- C:\Windows\SysWow64\SIntf16.dll

.

============= FINISH: 6:51:11.59 ===============

Attach.txt

DDS.txt

Link to post
Share on other sites

  • Staff

Hi and welcome to Malwarebytes.

Please update MBAM, run a Quick Scan, and post its log.

Next, please visit this webpage for instructions for running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

  • When the tool is finished, it will produce a report for you.
  • Please post the contents of C:\ComboFix.txt along with a new DDS log so we may continue cleaning the system.

Link to post
Share on other sites

  • 2 weeks later...
  • 2 weeks later...
  • Staff

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.