Jump to content

Recommended Posts

Hello, first off, thanks ahead of time for the help. I do appreciate it very much.

Down to business.

A few days ago, maybe a week, a friend I know in real life sent me an exe file ten mb in size. Naturally, I scanned it with Malwarebytes, Superantispyware, virustotal, jotti, eset online scanner, and rootkit revealer. I also ran process explorer and there were no suspicious processes that I could see.

Anyway, as I was right clicking to scan it, my mouse must have lagged or something and it hit open on the right mouse click menu.

Apparently, it seemed to be some sort of installer. As soon as it opened, I exited it as soon as I could but did not catch the process name unfortunately.

Everything I ran it through came up nothing except one scanner on virus total came up some sort of trojan.

Well, since this all happened, I've noticed increased IP connections from Malwarebytes, and also my pc has been running a bit slower and giving odd video errors. Hopefully it's nothing, but I'd like to be 100% sure.

Also, I did uninstall utorrent before running DDS, so I'm not sure why it would come up as minimized. I'm sorry if this is a problem and I would be more than willing to sort it out if I can.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_22

Run by ~ at 22:17:16 on 2011-11-22

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3327.2458 [GMT -5:00]

.

.

============== Running Processes ===============

.

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

svchost.exe

svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe

C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files\DivX\DivX Update\DivXUpdate.exe

C:\Program Files\iTunes\iTunesHelper.exe

c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe

C:\Program Files\HP\hpcoretech\hpcmpmgr.exe

C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe

C:\WINDOWS\system32\hphmon05.exe

c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe

svchost.exe

C:\Program Files\SUPERAntiSpyware\SASCORE.EXE

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe

C:\WINDOWS\system32\PnkBstrA.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\WINDOWS\system32\HPZipm12.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Program Files\Steam\Steam.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Mozilla Firefox\plugin-container.exe

C:\WINDOWS\system32\wuauclt.exe

.

============== Pseudo HJT Report ===============

.

uInternet Settings,ProxyOverride = *.local

uURLSearchHooks: H - No File

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - c:\program files\divx\divx plus web player\ie\divxhtml5\DivXHTML5.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File

uRun: [uTorrent] "c:\program files\utorrent\uTorrent.exe" /MINIMIZED

uRun: [sUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe

mRun: [ASUS Update Checker] c:\program files\asus\asusupdate\updatechecker\UpdateChecker.exe

mRun: [HDAudDeck] c:\program files\via\viaudioi\hdadeck\HDeck.exe 1

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [iSUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup

mRun: [iSUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray

mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime

mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW

mRun: [startCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun

mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

mRun: [HPDJ Taskbar Utility] c:\windows\system32\spool\drivers\w32x86\3\hpztsb09.exe

mRun: [HPHUPD05] c:\program files\hewlett-packard\{45b6180b-dcab-4093-8ee8-6164457517f0}\hphupd05.exe

mRun: [HP Component Manager] "c:\program files\hp\hpcoretech\hpcmpmgr.exe"

mRun: [HP Software Update] "c:\program files\hewlett-packard\hp software update\HPWuSchd.exe"

mRun: [HPHmon05] c:\windows\system32\hphmon05.exe

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

TCP: Interfaces\{361C027A-14B7-4084-A666-6669AF0D3391} : NameServer = 68.87.64.150,68.87.75.198

Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\program files\hp\hpcoretech\comp\hpuiprot.dll

Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL

Notify: AtiExtEvent - Ati2evxx.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\documents and settings\~\application data\mozilla\firefox\profiles\6irge76i.default\

FF - prefs.js: browser.search.selectedEngine - AVG Secure Search

FF - prefs.js: browser.startup.homepage - www.google.com

FF - prefs.js: keyword.URL - hxxp://search.avg.com/route/?d=4e0fe90d&v=7.005.030.004&i=27&tp=ab&iy=&ychte=us&lng=en-US&q=

FF - plugin: c:\documents and settings\all users\application data\id software\quakelive\npquakezero.dll

FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll

FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll

FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll

FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\microsoft silverlight\4.0.60831.0\npctrlui.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll

.

============= SERVICES / DRIVERS ===============

.

R1 AsUpIO;AsUpIO;c:\windows\system32\drivers\AsUpIO.sys [2011-5-15 11448]

R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]

R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]

R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2011-8-11 116608]

R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-7-17 366152]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-7-17 22216]

R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2011-5-15 2127728]

S1 MpKsl0d880460;MpKsl0d880460;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{b0ced911-38be-494c-9c0c-b84bf6b06896}\mpksl0d880460.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{b0ced911-38be-494c-9c0c-b84bf6b06896}\MpKsl0d880460.sys [?]

S1 MpKsl0f98d6f8;MpKsl0f98d6f8;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{6f44619a-2bac-435c-868c-7e92eae47b4b}\mpksl0f98d6f8.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{6f44619a-2bac-435c-868c-7e92eae47b4b}\MpKsl0f98d6f8.sys [?]

S1 MpKsl127e5e7e;MpKsl127e5e7e;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{6837bc81-eb54-406b-9ca6-0b46831cf47d}\mpksl127e5e7e.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{6837bc81-eb54-406b-9ca6-0b46831cf47d}\MpKsl127e5e7e.sys [?]

S1 MpKsl143eb5ce;MpKsl143eb5ce;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{5ef04d5f-2d9e-4448-baf8-f4169da33465}\mpksl143eb5ce.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{5ef04d5f-2d9e-4448-baf8-f4169da33465}\MpKsl143eb5ce.sys [?]

S1 MpKsl15f2e5ce;MpKsl15f2e5ce;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{2212626e-0b0e-42fb-bfdf-07fab1315355}\mpksl15f2e5ce.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{2212626e-0b0e-42fb-bfdf-07fab1315355}\MpKsl15f2e5ce.sys [?]

S1 MpKsl23f7b2b4;MpKsl23f7b2b4;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{5f349067-9572-4bd8-99cb-972d9ae3af98}\mpksl23f7b2b4.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{5f349067-9572-4bd8-99cb-972d9ae3af98}\MpKsl23f7b2b4.sys [?]

S1 MpKsl378b8709;MpKsl378b8709;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{aeef065f-3a94-4043-8b33-c6b9cbcff2d1}\mpksl378b8709.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{aeef065f-3a94-4043-8b33-c6b9cbcff2d1}\MpKsl378b8709.sys [?]

S1 MpKsl4209393b;MpKsl4209393b;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{126fe654-4365-477f-9b05-0df51745e902}\mpksl4209393b.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{126fe654-4365-477f-9b05-0df51745e902}\MpKsl4209393b.sys [?]

S1 MpKsl50f35b30;MpKsl50f35b30;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{adcb34e7-278e-471f-a4a9-004d7a8e8a8e}\mpksl50f35b30.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{adcb34e7-278e-471f-a4a9-004d7a8e8a8e}\MpKsl50f35b30.sys [?]

S1 MpKsl54c67896;MpKsl54c67896;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{9848d96e-c942-4567-bcbd-aee3e7d2d8cc}\mpksl54c67896.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{9848d96e-c942-4567-bcbd-aee3e7d2d8cc}\MpKsl54c67896.sys [?]

S1 MpKsl58386f52;MpKsl58386f52;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{5ef04d5f-2d9e-4448-baf8-f4169da33465}\mpksl58386f52.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{5ef04d5f-2d9e-4448-baf8-f4169da33465}\MpKsl58386f52.sys [?]

S1 MpKsl6043e513;MpKsl6043e513;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{c89408ce-cd1a-4f7e-81b0-1c9aa8ccd6d3}\mpksl6043e513.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{c89408ce-cd1a-4f7e-81b0-1c9aa8ccd6d3}\MpKsl6043e513.sys [?]

S1 MpKsl6d591126;MpKsl6d591126;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{9c62264d-29c3-47c2-909c-07fdd8072d59}\mpksl6d591126.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{9c62264d-29c3-47c2-909c-07fdd8072d59}\MpKsl6d591126.sys [?]

S1 MpKsl700decb0;MpKsl700decb0;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{9848d96e-c942-4567-bcbd-aee3e7d2d8cc}\mpksl700decb0.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{9848d96e-c942-4567-bcbd-aee3e7d2d8cc}\MpKsl700decb0.sys [?]

S1 MpKsl7d7e2219;MpKsl7d7e2219;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{97b6d95d-5508-4623-a943-4ba62ff9da60}\mpksl7d7e2219.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{97b6d95d-5508-4623-a943-4ba62ff9da60}\MpKsl7d7e2219.sys [?]

S1 MpKsl811761c1;MpKsl811761c1;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{b0ced911-38be-494c-9c0c-b84bf6b06896}\mpksl811761c1.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{b0ced911-38be-494c-9c0c-b84bf6b06896}\MpKsl811761c1.sys [?]

S1 MpKsl9bb91dbc;MpKsl9bb91dbc;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{6f44619a-2bac-435c-868c-7e92eae47b4b}\mpksl9bb91dbc.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{6f44619a-2bac-435c-868c-7e92eae47b4b}\MpKsl9bb91dbc.sys [?]

S1 MpKsla5194639;MpKsla5194639;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{9848d96e-c942-4567-bcbd-aee3e7d2d8cc}\mpksla5194639.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{9848d96e-c942-4567-bcbd-aee3e7d2d8cc}\MpKsla5194639.sys [?]

S1 MpKsla65ad2d8;MpKsla65ad2d8;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{b55a1a87-3b81-4dca-b4dc-00fc2709b2e2}\mpksla65ad2d8.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{b55a1a87-3b81-4dca-b4dc-00fc2709b2e2}\MpKsla65ad2d8.sys [?]

S1 MpKsla67b1d13;MpKsla67b1d13;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{adcb34e7-278e-471f-a4a9-004d7a8e8a8e}\mpksla67b1d13.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{adcb34e7-278e-471f-a4a9-004d7a8e8a8e}\MpKsla67b1d13.sys [?]

S1 MpKsla861221d;MpKsla861221d;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{5ef04d5f-2d9e-4448-baf8-f4169da33465}\mpksla861221d.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{5ef04d5f-2d9e-4448-baf8-f4169da33465}\MpKsla861221d.sys [?]

S1 MpKslb2821e6d;MpKslb2821e6d;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{97270b0a-fc8a-41fc-8e7d-4523a75ea34c}\mpkslb2821e6d.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{97270b0a-fc8a-41fc-8e7d-4523a75ea34c}\MpKslb2821e6d.sys [?]

S1 MpKslc861ee68;MpKslc861ee68;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{6837bc81-eb54-406b-9ca6-0b46831cf47d}\mpkslc861ee68.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{6837bc81-eb54-406b-9ca6-0b46831cf47d}\MpKslc861ee68.sys [?]

S1 MpKslc9490956;MpKslc9490956;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{9c62264d-29c3-47c2-909c-07fdd8072d59}\mpkslc9490956.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{9c62264d-29c3-47c2-909c-07fdd8072d59}\MpKslc9490956.sys [?]

S1 MpKsld466e279;MpKsld466e279;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{6f44619a-2bac-435c-868c-7e92eae47b4b}\mpksld466e279.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{6f44619a-2bac-435c-868c-7e92eae47b4b}\MpKsld466e279.sys [?]

S1 MpKsld8a7b86c;MpKsld8a7b86c;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{2212626e-0b0e-42fb-bfdf-07fab1315355}\mpksld8a7b86c.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{2212626e-0b0e-42fb-bfdf-07fab1315355}\MpKsld8a7b86c.sys [?]

S1 MpKslda65d7e2;MpKslda65d7e2;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{b55a1a87-3b81-4dca-b4dc-00fc2709b2e2}\mpkslda65d7e2.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{b55a1a87-3b81-4dca-b4dc-00fc2709b2e2}\MpKslda65d7e2.sys [?]

S1 MpKsle1674a0c;MpKsle1674a0c;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{5ef04d5f-2d9e-4448-baf8-f4169da33465}\mpksle1674a0c.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{5ef04d5f-2d9e-4448-baf8-f4169da33465}\MpKsle1674a0c.sys [?]

S1 MpKsle55e9c4d;MpKsle55e9c4d;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{126fe654-4365-477f-9b05-0df51745e902}\mpksle55e9c4d.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{126fe654-4365-477f-9b05-0df51745e902}\MpKsle55e9c4d.sys [?]

S1 MpKsle8200c40;MpKsle8200c40;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{5ef04d5f-2d9e-4448-baf8-f4169da33465}\mpksle8200c40.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{5ef04d5f-2d9e-4448-baf8-f4169da33465}\MpKsle8200c40.sys [?]

S1 MpKslf094f97d;MpKslf094f97d;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{b0ced911-38be-494c-9c0c-b84bf6b06896}\mpkslf094f97d.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{b0ced911-38be-494c-9c0c-b84bf6b06896}\MpKslf094f97d.sys [?]

S1 MpKslf43d04ca;MpKslf43d04ca;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{b55a1a87-3b81-4dca-b4dc-00fc2709b2e2}\mpkslf43d04ca.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{b55a1a87-3b81-4dca-b4dc-00fc2709b2e2}\MpKslf43d04ca.sys [?]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S3 dxdiag;dxdiag;\??\c:\docume~1\~\locals~1\temp\dxdiag.sys --> c:\docume~1\~\locals~1\temp\dxdiag.sys [?]

S3 ESEADriver2;ESEADriver2;c:\docume~1\~\locals~1\temp\ESEADriver2.sys [2011-7-2 50164]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

S3 XDva388;XDva388;\??\c:\windows\system32\xdva388.sys --> c:\windows\system32\XDva388.sys [?]

.

=============== Created Last 30 ================

.

2011-11-21 14:18:05 626960 ----a-r- c:\windows\system32\hpvaut32.dll

2011-11-21 14:18:05 487424 ----a-r- c:\windows\system32\hpvcp70.dll

2011-11-21 14:18:05 44544 ----a-r- c:\windows\system32\MSXML4a.dll

2011-11-21 14:18:05 344064 ----a-r- c:\windows\system32\hpvcr70.dll

2011-11-21 14:18:03 -------- d-----w- c:\program files\HP

2011-11-21 14:17:46 35840 ----a-w- c:\windows\system32\drivers\AFS2K.SYS

2011-11-21 14:06:40 483328 ----a-r- c:\windows\system32\hphmon05.exe

2011-11-21 14:06:38 270336 ----a-w- c:\windows\system32\hpzcon09.dll

2011-11-20 19:04:47 -------- d-----w- c:\documents and settings\~\application data\SUPERAntiSpyware.com

2011-11-20 19:04:28 -------- d-----w- c:\program files\SUPERAntiSpyware

2011-11-20 19:04:28 -------- d-----w- c:\documents and settings\all users\application data\SUPERAntiSpyware.com

2011-11-16 18:10:57 -------- d-----w- C:\Music

2011-11-16 14:55:16 -------- d-----w- c:\program files\iPod

2011-11-16 14:53:01 -------- d-----w- c:\program files\Bonjour

2011-11-16 01:45:28 1700352 ----a-w- c:\windows\system32\gdiplus.dll

2011-11-16 01:39:01 225280 ----a-w- c:\windows\system32\rewire.dll

2011-11-16 01:39:01 -------- d-----w- c:\program files\VstPlugins

2011-11-16 01:38:49 1554944 ----a-w- c:\windows\system32\vorbis.acm

2011-11-16 01:38:45 -------- d-----w- c:\program files\Outsim

2011-11-16 01:36:14 -------- d-----w- c:\program files\Image-Line

2011-11-13 21:54:22 -------- d-----w- c:\program files\Exact Audio Copy

2011-11-07 01:49:26 -------- d-----w- c:\documents and settings\~\application data\Audacity

2011-11-07 01:49:10 -------- d-----w- c:\program files\Audacity 1.3 Beta (Unicode)

2011-11-07 01:39:37 -------- d-----w- c:\program files\Adobe Audition CS5.5

2011-11-07 01:37:56 -------- d-----w- c:\documents and settings\~\application data\com.adobe.downloadassistant.AdobeDownloadAssistant

2011-11-07 00:02:07 -------- d-----w- C:\Uploads

2011-11-03 23:10:56 -------- d-----w- c:\documents and settings\~\application data\EAC

2011-11-03 22:23:56 -------- d-----w- c:\program files\Windows Media Connect 2

.

==================== Find3M ====================

.

2011-10-10 14:22:41 692736 ----a-w- c:\windows\system32\inetcomm.dll

2011-10-09 01:08:09 138160 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys

2011-10-09 01:08:01 271200 ----a-w- c:\windows\system32\PnkBstrB.xtr

2011-10-09 01:08:01 271200 ----a-w- c:\windows\system32\PnkBstrB.exe

2011-10-08 15:34:15 271200 ----a-w- c:\windows\system32\PnkBstrB.ex0

2011-10-05 19:46:11 107888 ----a-w- c:\windows\system32\CmdLineExt.dll

2011-10-05 19:41:36 22328 ----a-w- c:\documents and settings\~\application data\PnkBstrK.sys

2011-10-05 19:41:13 669184 ----a-w- c:\windows\system32\pbsvc.exe

2011-09-28 07:06:50 599040 ----a-w- c:\windows\system32\crypt32.dll

2011-09-26 15:41:20 611328 ----a-w- c:\windows\system32\uiautomationcore.dll

2011-09-26 15:41:20 220160 ----a-w- c:\windows\system32\oleacc.dll

2011-09-26 15:41:14 20480 ----a-w- c:\windows\system32\oleaccrc.dll

2011-09-19 12:42:05 18440192 ----a-w- c:\windows\system32\atioglxx.dll

2011-09-19 12:40:59 24064 ----a-w- c:\windows\system32\ativcoxx.dll

2011-09-19 12:40:58 956160 ----a-w- c:\windows\system32\ativvamv.dll

2011-09-19 12:40:57 118784 ----a-w- c:\windows\system32\atibtmon.exe

2011-09-19 12:40:56 53248 ----a-w- c:\windows\system32\aticalcl.dll

2011-09-06 13:20:51 1858944 ----a-w- c:\windows\system32\win32k.sys

2011-09-05 13:56:22 667136 ----a-w- c:\windows\system32\wininet.dll

2011-09-05 13:56:22 61952 ----a-w- c:\windows\system32\tdc.ocx

2011-09-05 13:56:21 81920 ----a-w- c:\windows\system32\ieencode.dll

2011-09-05 12:35:09 369664 ----a-w- c:\windows\system32\html.iec

2011-09-02 13:10:57 73728 ----a-w- c:\windows\system32\javacpl.cpl

2011-09-02 13:10:57 472808 ----a-w- c:\windows\system32\deployJava1.dll

2011-08-31 21:00:50 22216 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-08-31 04:05:04 83816 ----a-w- c:\windows\system32\dns-sd.exe

2011-08-31 04:05:04 73064 ----a-w- c:\windows\system32\dnssd.dll

2011-08-31 04:05:04 50536 ----a-w- c:\windows\system32\jdns_sd.dll

2011-08-31 04:05:04 178536 ----a-w- c:\windows\system32\dnssdX.dll

.

============= FINISH: 22:17:24.42 ===============

attach.zip

Link to post
Share on other sites

  • Staff

Hi and welcome to Malwarebytes.

Please update MBAM, run a Quick Scan, and post its log.

Next, please visit this webpage for instructions for running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

  • When the tool is finished, it will produce a report for you.
  • Please post the contents of C:\ComboFix.txt along with a new DDS log so we may continue cleaning the system.

Link to post
Share on other sites

  • 2 weeks later...
  • 2 weeks later...
  • Staff

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.