Jump to content

MBAM not scanning fully + Other Problem


BadEND

Recommended Posts

Hi. I've been using MBAM to clear out all sorts of malware that I occasionally get from surfing on the net. Recently, I obtained one that makes all of my google searches redirect and in addition, brings up a window every 20~30 minutes of some random site ranging from chinaontv to some random european news site. Thinking I could clear it after a few runs of TDSSkiller + Mbam + Hitman Pro, I tried doing exactly that. TDSS came up with nothing, Hitman Pro came up with only tracking cookies (which appear here and there), but MBAM wouldn't even fully scan. More specifically, it came up with this.

Malwarebytes' Anti-Malware 1.51.2.1300

www.malwarebytes.org

Database version: 8331

Windows 6.0.6002 Service Pack 2

Internet Explorer 7.0.6002.18005

12/8/2011 2:10:04 AM

mbam-log-2011-12-08 (02-10-04).txt

Scan type: Full scan (C:\|D:\|E:\|)

Objects scanned: 4054

Time elapsed: 2 minute(s), 19 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

I used to at least hit around 40k+ files before, but why am I getting only 4000 now? Also, after watching the scan closely, it seems to only skim over the SYSTEM32 area, nothing else.

This leads me to believe MBAM was somehow was infected. So I uninstalled it, installed another clean version, ran on safe mode, and still the same thing happened.

Any ideas how to fix? My DDS log is below:

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 7.0.6002.18005 BrowserJavaVersion: 1.6.0_22

Run by Alex at 2:01:06 on 2011-12-08

AV: Avira Desktop *Enabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}

SP: Avira Desktop *Enabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k rpcss

C:\Windows\System32\svchost.exe -k secsvcs

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\SLsvc.exe

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\WLTRYSVC.EXE

C:\Windows\System32\bcmwltry.exe

C:\Windows\system32\WLANExt.exe

C:\Windows\System32\spoolsv.exe

C:\Program Files\Avira\AntiVir Desktop\sched.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\taskeng.exe

C:\Program Files\Windows Defender\MSASCui.exe

C:\Windows\System32\WLTRAY.EXE

C:\Windows\system32\taskeng.exe

C:\Windows\OEM02Mon.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files\DellTPad\Apoint.exe

C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe

C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe

C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files\DAEMON Tools Lite\DTLite.exe

C:\Windows\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\Program Files\Steam\Steam.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Program Files\Skype\Phone\Skype.exe

C:\Program Files\DellTPad\ApMsgFwd.exe

C:\Windows\system32\igfxsrvc.exe

C:\Windows\System32\rundll32.exe

C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_c09c50a2\aestsrv.exe

C:\Program Files\Avira\AntiVir Desktop\avguard.exe

C:\Program Files\Microsoft\BingBar\SeaPort.EXE

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe

C:\Program Files\OpenOffice.org 3\program\soffice.exe

C:\Program Files\OpenOffice.org 3\program\soffice.bin

C:\Windows\System32\rundll32.exe

C:\Program Files\DellTPad\Apntex.exe

C:\Program Files\DellTPad\HidFind.exe

C:\Program Files\Avira\AntiVir Desktop\avshadow.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe

C:\Windows\System32\svchost.exe -k WerSvcGroup

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Windows\system32\DRIVERS\xaudio.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe

C:\Program Files\Windows Live\Contacts\wlcomm.exe

C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Windows\system32\wuauclt.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\System32\rundll32.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\conime.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: {45E397B1-58E1-43D7-A074-DB98ECDC5405} - No File

BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "c:\program files\microsoft\bingbar\BingExt.dll"

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "c:\program files\microsoft\bingbar\BingExt.dll"

uRun: [Google Update] "c:\users\alex\appdata\local\google\update\GoogleUpdate.exe" /c

uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\DTLite.exe" -autorun

uRun: [RocketDock] "c:\windows\bricopacks\vista inspirat 2\rocketdock\RocketDock.exe"

uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background

uRun: [steam] "c:\program files\steam\steam.exe" -silent

uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe

uRun: [skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized

uRun: [JavaSoft Update] rundll32 "c:\users\alex\appdata\local\{032041d6-e80d-4642-b789-188f0b8f182f}\{032041d6-e80d-4642-b789-188f0b8f182f}update\{032041D6-E80D-4642-B789-188F0B8F182F}updt32.dll",DllRegisterServer

uRun: [GoogleServiceProfile] rundll32.exe "c:\programdata\GoogleServiceProfile.dll",DllRegisterServer

mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

mRun: [broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe

mRun: [OEM02Mon.exe] c:\windows\OEM02Mon.exe

mRun: [igfxTray] c:\windows\system32\igfxtray.exe

mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe

mRun: [Persistence] c:\windows\system32\igfxpers.exe

mRun: [Apoint] c:\program files\delltpad\Apoint.exe

mRun: [<NO NAME>]

mRun: [RoxWatchTray] "c:\program files\common files\roxio shared\9.0\sharedcom\RoxWatchTray9.exe"

mRun: [RoxioDragToDisc] "c:\program files\roxio\drag-to-disc\DrgToDsc.exe"

mRun: [iSUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup

mRun: [iSUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start

mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [sigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\sttray.exe

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray

StartupFolder: c:\users\alex\appdata\roaming\micros~1\windows\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exe

StartupFolder: c:\users\alex\appdata\roaming\micros~1\windows\startm~1\programs\startup\rocket~1.lnk - c:\windows\bricopacks\vista inspirat 2\rocketdock\RocketDock.exe

mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)

mPolicies-system: EnableLUA = 0 (0x0)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

TCP: DhcpNameServer = 68.87.64.150 68.87.75.198

TCP: Interfaces\{3E7CE6B6-B17B-4659-9BC3-8618740D0D60} : DhcpNameServer = 68.87.64.150 68.87.75.198

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL

Notify: igfxcui - igfxdev.dll

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\users\alex\appdata\roaming\mozilla\firefox\profiles\08yn18xq.default\

FF - prefs.js: network.proxy.type - 0

FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll

FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\microsoft silverlight\4.0.50401.0\npctrlui.dll

FF - plugin: c:\programdata\nexonus\ngm\npNxGameUS.dll

FF - plugin: c:\users\alex\appdata\local\google\update\1.3.21.79\npGoogleUpdate3.dll

.

============= SERVICES / DRIVERS ===============

.

R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [2011-10-11 36000]

R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [2011-10-11 232512]

R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2011-6-6 64952]

R2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\driverstore\filerepository\stwrt.inf_c09c50a2\AEstSrv.exe [2011-10-11 73728]

R2 AntiVirSchedulerService;Avira Scheduler;c:\program files\avira\antivir desktop\sched.exe [2011-10-11 86224]

R2 AntiVirService;Avira Realtime Protection;c:\program files\avira\antivir desktop\avguard.exe [2011-10-11 110032]

R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2011-10-11 74640]

R2 BBUpdate;BBUpdate;c:\program files\microsoft\bingbar\SeaPort.EXE [2011-6-15 249648]

R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2011-10-12 21504]

R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-12-7 366152]

R2 TeamViewer6;TeamViewer 6;c:\program files\teamviewer\version6\TeamViewer_Service.exe [2011-10-30 2358656]

R3 IntcHdmiAddService;Intel® High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [2011-10-11 111616]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-12-7 22216]

S3 BBSvc;Bing Bar Update Service;c:\program files\microsoft\bingbar\BBSvc.EXE [2011-7-7 195336]

.

=============== Created Last 30 ================

.

2011-12-08 06:33:04 56200 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{4f0c06e9-e005-4403-8862-0eb745d0433d}\offreg.dll

2011-12-08 06:32:59 6823496 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{4f0c06e9-e005-4403-8862-0eb745d0433d}\mpengine.dll

2011-12-08 04:32:49 -------- d-----w- c:\program files\ESET

2011-12-08 04:04:38 -------- d-----w- c:\users\alex\appdata\roaming\Malwarebytes

2011-12-08 04:03:50 -------- d-----w- c:\programdata\Malwarebytes

2011-12-08 04:03:44 22216 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-12-08 04:03:44 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-12-07 22:10:17 167424 ----a-w- c:\programdata\GoogleServiceProfile.dll

2011-12-07 20:47:05 -------- d-----w- c:\users\alex\appdata\local\{6E0838A0-C37D-4BAE-956C-C4D90DA42EC8}

2011-12-07 20:46:50 -------- d-----w- c:\users\alex\appdata\local\{7AA65EE1-CF57-4A03-A00F-BFCA5F4AE25B}

2011-12-07 02:13:51 -------- d-----w- c:\users\alex\appdata\local\{E9AD4B3E-E82A-4104-90AA-4529CA58DFD5}

2011-12-07 02:13:29 -------- d-----w- c:\users\alex\appdata\local\{967C5A7A-E82D-493F-9000-D2A1EA7C6C34}

2011-12-06 14:12:53 -------- d-----w- c:\users\alex\appdata\local\{76521684-E8CC-4AFD-A4EB-F7ECB1F5CEC3}

2011-12-06 14:12:31 -------- d-----w- c:\users\alex\appdata\local\{E165C981-5159-4706-B14C-38DA152D6756}

2011-12-06 02:12:06 -------- d-----w- c:\users\alex\appdata\local\{CC749C1A-67B0-4912-9CD0-4C6BCF68C819}

2011-12-06 02:11:45 -------- d-----w- c:\users\alex\appdata\local\{558781F8-03A8-4A07-BD42-9C12967EF582}

2011-12-05 14:11:22 -------- d-----w- c:\users\alex\appdata\local\{5B9E5A34-67F5-4D7B-8E99-961D167EFC81}

2011-12-05 14:11:01 -------- d-----w- c:\users\alex\appdata\local\{418662F5-DC43-4CCC-AFDD-2CA2B87C1054}

2011-12-05 02:10:48 -------- d-----w- c:\users\alex\appdata\local\{06776EC3-0389-4DAB-8038-61BD9F3DDB52}

2011-12-05 02:10:26 -------- d-----w- c:\users\alex\appdata\local\{ECD8639F-2A51-4501-B81B-07A7FEE89AED}

2011-12-04 14:10:02 -------- d-----w- c:\users\alex\appdata\local\{A0598C18-6D5B-44E3-A5FD-E10AF2E5F88D}

2011-12-04 14:09:40 -------- d-----w- c:\users\alex\appdata\local\{B09F387D-F8C9-4BBE-9FEC-CD9E346185C5}

2011-12-04 02:09:29 -------- d-----w- c:\users\alex\appdata\local\{2AA40598-920F-414C-BBD3-891ED04BEE12}

2011-12-04 02:09:07 -------- d-----w- c:\users\alex\appdata\local\{A774D66C-36AB-4FD6-905C-AAD4629073F2}

2011-12-03 14:08:44 -------- d-----w- c:\users\alex\appdata\local\{55EB62E9-E305-4735-A16E-2BFDB0E738B9}

2011-12-03 14:08:23 -------- d-----w- c:\users\alex\appdata\local\{2AB4589C-FA7E-434C-9D87-48810EF6344E}

2011-12-03 02:08:11 -------- d-----w- c:\users\alex\appdata\local\{8A2C882F-7EA9-4F17-8D11-0A0C8B3DC1D5}

2011-12-03 02:07:49 -------- d-----w- c:\users\alex\appdata\local\{E299AD0F-24E7-4268-B8FA-A36D311BB6EE}

2011-12-02 14:07:25 -------- d-----w- c:\users\alex\appdata\local\{30D0A355-1354-4EF8-BBE9-24076832478E}

2011-12-02 14:07:03 -------- d-----w- c:\users\alex\appdata\local\{B57075AA-56CE-48DC-94CA-2A7755E113FA}

2011-12-02 02:06:39 -------- d-----w- c:\users\alex\appdata\local\{302F51DB-79B3-43CF-BC3C-8DCD148512A5}

2011-12-02 02:06:17 -------- d-----w- c:\users\alex\appdata\local\{3AAA98E8-989A-48B7-9FFF-3F6B0E9BD427}

2011-12-01 14:05:52 -------- d-----w- c:\users\alex\appdata\local\{E4EE3150-1F0C-4854-8B19-3F3FE08A1074}

2011-12-01 14:05:30 -------- d-----w- c:\users\alex\appdata\local\{A3A5C47C-81D1-4896-99BD-E56473E69AC9}

2011-12-01 02:05:18 -------- d-----w- c:\users\alex\appdata\local\{ED40DF2A-5675-40F1-9DDC-53761D27FDF7}

2011-12-01 02:05:08 -------- d-----w- c:\users\alex\appdata\local\{30BAE175-11C7-4C99-9E6A-8F767FEB1334}

2011-11-30 14:04:43 -------- d-----w- c:\users\alex\appdata\local\{C1BF914D-3014-48E0-82FA-4CDF8805901B}

2011-11-30 14:04:21 -------- d-----w- c:\users\alex\appdata\local\{60DA3BA1-27E1-4522-86A7-FD37CDF93170}

2011-11-30 02:04:09 -------- d-----w- c:\users\alex\appdata\local\{2EFA1218-AF76-4ED5-A808-6D20F16B5D9F}

2011-11-30 02:03:47 -------- d-----w- c:\users\alex\appdata\local\{2FB4F24B-747F-4B9A-B624-1427229DB352}

2011-11-29 14:03:23 -------- d-----w- c:\users\alex\appdata\local\{EEDA2E46-2615-4230-B093-3B546C9210C1}

2011-11-29 14:03:02 -------- d-----w- c:\users\alex\appdata\local\{C693FE14-3A19-40D7-9E24-4C854FC686E1}

2011-11-29 02:02:38 -------- d-----w- c:\users\alex\appdata\local\{EEC79D2A-8C35-484F-8D16-677A3B98AA45}

2011-11-29 02:02:16 -------- d-----w- c:\users\alex\appdata\local\{A6DD1F71-D1DD-4BF7-975C-5AF9B97585A0}

2011-11-28 14:02:04 -------- d-----w- c:\users\alex\appdata\local\{A7CC1C27-803D-4440-8A19-03A25CBBA8A5}

2011-11-28 14:01:42 -------- d-----w- c:\users\alex\appdata\local\{799CA0AD-171F-4589-8202-8F2BB4697179}

2011-11-28 02:01:30 -------- d-----w- c:\users\alex\appdata\local\{7FF8E270-D42A-4C82-BE3A-002F61BDEA1D}

2011-11-28 02:01:08 -------- d-----w- c:\users\alex\appdata\local\{53B14248-1E33-4EA8-A56A-CA213AA30800}

2011-11-27 14:00:56 -------- d-----w- c:\users\alex\appdata\local\{34803F71-8B3B-4FF1-9ADE-77A85B671D45}

2011-11-27 14:00:34 -------- d-----w- c:\users\alex\appdata\local\{33642E6D-FE98-4998-8ED5-B122F2ECF50A}

2011-11-27 02:00:23 -------- d-----w- c:\users\alex\appdata\local\{E98BACA6-9469-4CD6-B807-F89C739CF22A}

2011-11-27 02:00:01 -------- d-----w- c:\users\alex\appdata\local\{2343263F-1216-45A2-A47D-83F5BBE1EE29}

2011-11-26 13:59:39 -------- d-----w- c:\users\alex\appdata\local\{B1A3109A-C358-40E7-9F54-6A382F655E05}

2011-11-26 13:59:18 -------- d-----w- c:\users\alex\appdata\local\{189B75EA-1988-4921-8A96-CAE898F506DC}

2011-11-26 01:59:05 -------- d-----w- c:\users\alex\appdata\local\{88A378A4-A0BE-47AB-BA51-0EE7791B2AC1}

2011-11-26 01:58:44 -------- d-----w- c:\users\alex\appdata\local\{5A4A14EB-B5DE-4918-A0FB-BD74AE899163}

2011-11-25 13:58:32 -------- d-----w- c:\users\alex\appdata\local\{7A991545-94EB-4215-B1F3-46ACE66BB351}

2011-11-25 13:58:10 -------- d-----w- c:\users\alex\appdata\local\{FC5E7395-1976-43B3-B195-5E57195571E7}

2011-11-25 01:57:43 -------- d-----w- c:\users\alex\appdata\local\{2F87FB53-A01A-4C8E-A919-E6784AE87F70}

2011-11-25 01:57:20 -------- d-----w- c:\users\alex\appdata\local\{6ACF2C91-C423-4306-B5E3-F23E78A4D1BB}

2011-11-24 13:56:54 -------- d-----w- c:\users\alex\appdata\local\{5B9E4A1B-96BC-4283-914B-FE71686C523D}

2011-11-24 13:56:32 -------- d-----w- c:\users\alex\appdata\local\{1C36E139-3271-4855-9B46-3B7BE0E80EEF}

2011-11-24 04:25:15 -------- d-----w- c:\program files\CCleaner

2011-11-24 01:56:09 -------- d-----w- c:\users\alex\appdata\local\{45430AAA-8089-4EA6-9FDE-FA63DBFF7352}

2011-11-24 01:55:47 -------- d-----w- c:\users\alex\appdata\local\{D07CD002-EE11-4C45-B203-714031F4EFD9}

2011-11-23 13:55:34 -------- d-----w- c:\users\alex\appdata\local\{B60D4744-93CA-4B6E-828A-AFADCF726352}

2011-11-23 13:55:12 -------- d-----w- c:\users\alex\appdata\local\{F58D5CC4-24E2-45A3-A965-E3E44291D68D}

2011-11-23 01:54:58 -------- d-----w- c:\users\alex\appdata\local\{D58CA419-9677-4FC1-A7A0-D7F245F5A253}

2011-11-23 01:54:35 -------- d-----w- c:\users\alex\appdata\local\{0A1A576B-923B-4D1A-95B4-30820A36ACE9}

2011-11-22 13:54:24 -------- d-----w- c:\users\alex\appdata\local\{D8E2ACF3-EC00-482C-9F46-D3AB93C16FCE}

2011-11-22 13:54:02 -------- d-----w- c:\users\alex\appdata\local\{1F1F21A9-1652-4A6C-A9A7-C95A357BA8D1}

2011-11-22 01:53:50 -------- d-----w- c:\users\alex\appdata\local\{CF28E29E-27DD-4F9C-8BB1-3F6F622E637B}

2011-11-22 01:53:29 -------- d-----w- c:\users\alex\appdata\local\{56958538-695A-4C09-8E51-F3D70B68528E}

2011-11-21 13:53:18 -------- d-----w- c:\users\alex\appdata\local\{BEE1A9D4-41DD-4376-9290-0B72D76F1648}

2011-11-21 13:52:56 -------- d-----w- c:\users\alex\appdata\local\{7FFC1522-606D-4B06-B2BC-42049A027BB5}

2011-11-21 03:43:36 -------- d-----w- c:\users\alex\appdata\local\Adobe

2011-11-21 01:52:42 -------- d-----w- c:\users\alex\appdata\local\{961BA35F-6BB0-45F5-BD84-E9C1ED37A4BD}

2011-11-21 01:52:20 -------- d-----w- c:\users\alex\appdata\local\{B8A3D9F5-FD3D-4B64-B551-261E4AEBD280}

2011-11-20 13:51:56 -------- d-----w- c:\users\alex\appdata\local\{E241B0E2-AD5E-49BF-BF25-64B86F18B350}

2011-11-20 13:51:34 -------- d-----w- c:\users\alex\appdata\local\{E89703DD-6A2F-44E5-9802-BB27FC9E8306}

2011-11-20 01:51:07 -------- d-----w- c:\users\alex\appdata\local\{C70B64D0-E6A1-4D68-A70F-0B3C1988092D}

2011-11-20 01:50:45 -------- d-----w- c:\users\alex\appdata\local\{DE04D980-0DA3-422F-AECD-188398491B2B}

2011-11-19 13:50:32 -------- d-----w- c:\users\alex\appdata\local\{643ABB3E-300F-4435-B052-2D24A569D5B2}

2011-11-19 13:50:10 -------- d-----w- c:\users\alex\appdata\local\{4DE99A06-D58E-4C5C-A462-651951554A49}

2011-11-19 01:49:57 -------- d-----w- c:\users\alex\appdata\local\{C8CE86A4-AD2F-4B6F-BBDB-29B7FBC90CA9}

2011-11-19 01:49:35 -------- d-----w- c:\users\alex\appdata\local\{F6EE82E1-F4F8-4FBA-9A49-0CD5C5516419}

2011-11-18 13:49:24 -------- d-----w- c:\users\alex\appdata\local\{9F5F9E67-4B07-4079-8290-C850AD82CA5F}

2011-11-18 13:49:02 -------- d-----w- c:\users\alex\appdata\local\{FD4315ED-B357-465D-A174-BD6D7B83A3F3}

2011-11-18 01:48:50 -------- d-----w- c:\users\alex\appdata\local\{2C1E44CC-4409-4FA5-A66A-32BBEEBEB8A2}

2011-11-18 01:48:28 -------- d-----w- c:\users\alex\appdata\local\{9878A386-BE28-426E-B911-092151C0A1A2}

2011-11-17 13:48:05 -------- d-----w- c:\users\alex\appdata\local\{1397C355-C8DD-40EF-BD69-3381B4F3F6A1}

2011-11-17 13:47:43 -------- d-----w- c:\users\alex\appdata\local\{BCBC9EC1-3DB1-49E8-9CF0-A96105045285}

2011-11-17 01:47:31 -------- d-----w- c:\users\alex\appdata\local\{95CEA09A-4AA5-4DDD-8740-1D41743ADDE9}

2011-11-17 01:47:09 -------- d-----w- c:\users\alex\appdata\local\{AD3906CF-2B62-47A7-9C15-B5D594FBC20F}

2011-11-16 13:46:57 -------- d-----w- c:\users\alex\appdata\local\{8DE48EC3-5A56-4689-AB0F-67CB42501182}

2011-11-16 13:46:36 -------- d-----w- c:\users\alex\appdata\local\{FCABBDA0-2053-40C8-B787-4D39B6914EE2}

2011-11-16 01:46:23 -------- d-----w- c:\users\alex\appdata\local\{DE762585-945C-46F3-8BF4-C6DA7961C84E}

2011-11-16 01:46:08 -------- d-----w- c:\users\alex\appdata\local\{AFCF20C9-E3DD-4A70-8850-5FBA40612BDF}

2011-11-15 13:23:05 -------- d-----w- c:\users\alex\appdata\local\{ECBE29CF-812D-4007-A8DF-250E4DAC1AF8}

2011-11-15 13:22:44 -------- d-----w- c:\users\alex\appdata\local\{523BEC91-1C67-4FAC-8549-AEC54B17070D}

2011-11-15 01:22:31 -------- d-----w- c:\users\alex\appdata\local\{20F66D5C-BAAF-48B4-86CF-8D2BD359DFD1}

2011-11-15 01:22:10 -------- d-----w- c:\users\alex\appdata\local\{104E5B34-BA39-4215-8D2A-B1254D0B7CBE}

2011-11-14 13:21:58 -------- d-----w- c:\users\alex\appdata\local\{26AF9E5C-DCA2-4C0C-81D9-6EB756EBACF8}

2011-11-14 13:21:36 -------- d-----w- c:\users\alex\appdata\local\{56D6ECCF-BB2D-4C1A-9019-8A2557F25814}

2011-11-14 01:21:24 -------- d-----w- c:\users\alex\appdata\local\{5B5D62D8-E430-4345-B5D3-ACFA00839D76}

2011-11-14 01:21:03 -------- d-----w- c:\users\alex\appdata\local\{026D9F37-EF20-451F-B468-4B36E0809529}

2011-11-13 13:20:40 -------- d-----w- c:\users\alex\appdata\local\{554746D5-9013-4C34-B9B0-E01D49C97949}

2011-11-13 13:20:19 -------- d-----w- c:\users\alex\appdata\local\{A54B4202-3667-45FD-A6B9-171BC8688BE3}

2011-11-13 01:20:08 -------- d-----w- c:\users\alex\appdata\local\{FD371D81-D235-4E1D-85B5-6AD320B3FBE6}

2011-11-13 01:19:47 -------- d-----w- c:\users\alex\appdata\local\{7875C52A-24E6-4851-B060-185AE4AC8A2D}

2011-11-12 13:19:30 -------- d-----w- c:\users\alex\appdata\local\{7DE26FC2-1A82-4321-BDDF-85EF5374CBC9}

2011-11-12 13:19:08 -------- d-----w- c:\users\alex\appdata\local\{FEF99180-B8AA-4398-AF46-EB589108AD9E}

2011-11-12 04:27:16 -------- d-----r- c:\program files\Skype

2011-11-12 01:18:42 -------- d-----w- c:\users\alex\appdata\local\{24A0D603-025F-49C5-AC1A-5D8410F261FB}

2011-11-12 01:18:20 -------- d-----w- c:\users\alex\appdata\local\{DDA263CD-40C3-4BD2-95D3-14B03ADA6472}

2011-11-11 13:17:45 -------- d-----w- c:\users\alex\appdata\local\{D64AF6FD-432A-40B3-9AEA-013821736EB5}

2011-11-11 13:17:23 -------- d-----w- c:\users\alex\appdata\local\{69337AB6-8C67-47F4-8C25-54251B151180}

2011-11-11 01:17:11 -------- d-----w- c:\users\alex\appdata\local\{15F6AA48-9B7F-41FE-BA6E-C98CD8F67E90}

2011-11-11 01:16:49 -------- d-----w- c:\users\alex\appdata\local\{351364E8-DEAD-4AA7-AB6C-2D8D128C2F0B}

2011-11-10 13:16:23 -------- d-----w- c:\users\alex\appdata\local\{F589B882-BC0C-42DB-B601-571950E95416}

2011-11-10 13:16:00 -------- d-----w- c:\users\alex\appdata\local\{FB37829E-B6BE-4B65-9A72-5C0AC932642F}

2011-11-10 01:15:33 -------- d-----w- c:\users\alex\appdata\local\{3EACB991-FBC7-4FC6-886B-B4575E42F43A}

2011-11-10 01:15:11 -------- d-----w- c:\users\alex\appdata\local\{2FD38A71-5458-4E54-B825-55ED47B17EB8}

2011-11-09 13:14:46 -------- d-----w- c:\users\alex\appdata\local\{123DED75-AA34-468B-B9A0-B278B55852D8}

2011-11-09 13:14:24 -------- d-----w- c:\users\alex\appdata\local\{0EAF479B-7863-4B4E-80B8-552C7A96F5EF}

2011-11-09 01:14:12 -------- d-----w- c:\users\alex\appdata\local\{2C0A64FB-FC85-4803-ADE4-450CDD545AB4}

2011-11-09 01:13:50 -------- d-----w- c:\users\alex\appdata\local\{A6C4275F-44AD-4EA5-A02F-D07196A46F4B}

2011-11-08 13:13:26 -------- d-----w- c:\users\alex\appdata\local\{E08C90D0-DD92-47AF-B1CD-DF8DF73FAAD1}

2011-11-08 13:13:04 -------- d-----w- c:\users\alex\appdata\local\{B1945B13-9DD1-4989-861E-8CC673F53780}

.

==================== Find3M ====================

.

2011-12-08 06:14:59 23624 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys

2011-10-18 23:31:45 0 ----a-w- c:\windows\system32\ddsbcfgfry.tmp

2011-10-13 21:31:28 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-10-12 22:04:47 6172 ----a-w- c:\windows\BricoPackFoldersDelete.cmd

2011-10-12 22:04:47 52036 ----a-w- c:\windows\BricoPackUninst.cmd

2011-10-12 22:04:46 0 ----a-w- c:\windows\system32\nsf9C04.tmp

2011-10-12 20:38:16 101888 ----a-w- c:\windows\system32\ifxcardm.dll

2011-10-12 20:37:37 82432 ----a-w- c:\windows\system32\axaltocm.dll

2011-10-12 09:23:57 62464 ----a-w- c:\windows\system32\l3codeca.acm

2011-10-12 09:23:57 220672 ----a-w- c:\windows\system32\l3codecp.acm

2011-10-12 09:22:38 30720 ----a-w- c:\windows\system32\drivers\tcpipreg.sys

2011-10-12 09:22:38 25088 ----a-w- c:\windows\system32\drivers\tunnel.sys

2011-10-12 09:22:38 200704 ----a-w- c:\windows\system32\iphlpsvc.dll

2011-10-12 09:22:38 15360 ----a-w- c:\windows\system32\drivers\TUNMP.SYS

2011-10-12 09:18:36 98304 ----a-w- c:\windows\system32\cabview.dll

2011-10-12 09:16:40 37888 ----a-w- c:\windows\system32\printcom.dll

2011-10-12 09:15:53 2036736 ----a-w- c:\windows\system32\win32k.sys

2011-10-12 09:15:14 14848 ----a-w- c:\windows\system32\wshrm.dll

2011-10-12 09:14:26 43520 ----a-w- c:\windows\system32\msdxm.tlb

2011-10-12 09:14:26 313344 ----a-w- c:\windows\system32\wmpdxm.dll

2011-10-12 09:14:26 18432 ----a-w- c:\windows\system32\amcompat.tlb

2011-10-12 09:13:24 471552 ----a-w- c:\windows\system32\secproc.dll

2011-10-12 09:13:24 347136 ----a-w- c:\windows\system32\RMActivate_ssp.exe

2011-10-12 09:13:24 346624 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe

2011-10-12 09:13:24 332288 ----a-w- c:\windows\system32\msdrm.dll

2011-10-12 09:13:24 152576 ----a-w- c:\windows\system32\secproc_ssp_isv.dll

2011-10-12 09:13:24 152064 ----a-w- c:\windows\system32\secproc_ssp.dll

2011-10-12 09:13:23 526336 ----a-w- c:\windows\system32\RMActivate_isv.exe

2011-10-12 09:13:23 518144 ----a-w- c:\windows\system32\RMActivate.exe

2011-10-12 09:13:23 471552 ----a-w- c:\windows\system32\secproc_isv.dll

2011-10-12 02:55:21 72704 ----a-w- c:\windows\system32\fontsub.dll

2011-10-12 02:55:21 34304 ----a-w- c:\windows\system32\atmlib.dll

2011-10-12 02:55:21 289792 ----a-w- c:\windows\system32\atmfd.dll

2011-10-12 02:55:21 23552 ----a-w- c:\windows\system32\lpk.dll

2011-10-12 02:55:21 156672 ----a-w- c:\windows\system32\t2embed.dll

2011-10-12 02:55:21 10240 ----a-w- c:\windows\system32\dciman32.dll

2011-10-12 02:52:20 72704 ----a-w- c:\windows\system32\admparse.dll

2011-10-12 02:52:14 78336 ----a-w- c:\windows\system32\ieencode.dll

2011-10-12 02:52:14 48128 ----a-w- c:\windows\system32\mshtmler.dll

2011-10-12 02:49:23 61440 ----a-w- c:\windows\system32\winipsec.dll

2011-10-12 02:49:23 272896 ----a-w- c:\windows\system32\polstore.dll

2011-10-12 02:46:21 98816 ----a-w- c:\windows\system32\drivers\srvnet.sys

2011-10-12 02:46:20 302080 ----a-w- c:\windows\system32\drivers\srv.sys

2011-10-12 02:41:35 9728 ----a-w- c:\windows\system32\TCPSVCS.EXE

2011-10-12 02:41:35 8704 ----a-w- c:\windows\system32\HOSTNAME.EXE

2011-10-12 02:41:35 17920 ----a-w- c:\windows\system32\netevent.dll

2011-10-12 02:41:35 11264 ----a-w- c:\windows\system32\MRINFO.EXE

2011-10-12 02:41:35 105984 ----a-w- c:\windows\system32\netiohlp.dll

2011-10-12 02:41:34 27136 ----a-w- c:\windows\system32\NETSTAT.EXE

2011-10-12 02:41:34 19968 ----a-w- c:\windows\system32\ARP.EXE

2011-10-12 02:41:34 17920 ----a-w- c:\windows\system32\ROUTE.EXE

2011-10-12 02:41:34 10240 ----a-w- c:\windows\system32\finger.exe

2011-10-12 02:36:48 127488 ----a-w- c:\windows\system32\L2SecHC.dll

2011-10-12 02:36:46 68096 ----a-w- c:\windows\system32\wlanhlp.dll

2011-10-12 02:36:46 65024 ----a-w- c:\windows\system32\wlanapi.dll

2011-10-12 02:36:46 513536 ----a-w- c:\windows\system32\wlansvc.dll

2011-10-12 02:36:46 302592 ----a-w- c:\windows\system32\wlansec.dll

2011-10-12 02:36:46 293376 ----a-w- c:\windows\system32\wlanmsm.dll

2011-10-12 02:36:42 15181 ----a-w- c:\windows\system32\gatherWirelessInfo.vbs

2011-10-12 02:35:06 1401856 ----a-w- c:\windows\system32\msxml6.dll

2011-10-12 02:35:05 2048 ----a-w- c:\windows\system32\msxml3r.dll

2011-10-12 02:35:04 2048 ----a-w- c:\windows\system32\msxml6r.dll

2011-10-12 02:33:32 218624 ----a-w- c:\windows\system32\msv1_0.dll

2011-10-12 02:32:04 79360 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys

2011-10-12 02:32:04 212992 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys

2011-10-12 02:32:04 106496 ----a-w- c:\windows\system32\drivers\mrxsmb.sys

2011-10-12 02:30:00 53248 ----a-w- c:\windows\system32\rrinstaller.exe

2011-10-12 02:30:00 24576 ----a-w- c:\windows\system32\mfpmp.exe

2011-10-12 02:30:00 2048 ----a-w- c:\windows\system32\mferror.dll

2011-10-12 02:23:19 430080 ----a-w- c:\windows\system32\vbscript.dll

2011-10-12 02:21:56 71680 ----a-w- c:\windows\system32\atl.dll

2011-10-12 02:12:59 160256 ----a-w- c:\windows\system32\wkssvc.dll

2011-10-12 02:11:35 53248 ----a-w- c:\windows\system32\tsgqec.dll

2011-10-12 02:11:35 136192 ----a-w- c:\windows\system32\aaclient.dll

2011-10-12 02:05:19 714240 ----a-w- c:\windows\system32\timedate.cpl

2011-10-12 01:55:27 69632 ----a-w- c:\windows\system32\Mpeg2Data.ax

2011-10-12 01:50:36 2048 ----a-w- c:\windows\system32\tzres.dll

2011-10-12 01:48:51 623616 ----a-w- c:\windows\system32\localspl.dll

2011-10-12 01:42:50 172032 ----a-w- c:\windows\system32\wintrust.dll

2011-10-12 01:41:40 9728 ----a-w- c:\windows\system32\lsass.exe

2011-10-12 01:41:40 72704 ----a-w- c:\windows\system32\secur32.dll

2011-10-12 01:41:40 499712 ----a-w- c:\windows\system32\kerberos.dll

2011-10-12 01:41:40 439864 ----a-w- c:\windows\system32\drivers\ksecdd.sys

2011-10-12 01:41:40 175104 ----a-w- c:\windows\system32\wdigest.dll

2011-10-12 01:41:40 1259008 ----a-w- c:\windows\system32\lsasrv.dll

2011-10-12 01:34:48 6656 ----a-w- c:\windows\system32\kbd106n.dll

2011-10-12 01:09:58 472808 ----a-w- c:\windows\system32\deployJava1.dll

2011-10-12 01:01:40 41984 ----a-w- c:\windows\system32\netfxperf.dll

2011-10-12 00:39:08 28672 ----a-w- c:\windows\system32\Apphlpdm.dll

2011-10-12 00:39:08 2560 ----a-w- c:\windows\apppatch\AcRes.dll

2011-10-12 00:39:07 542720 ----a-w- c:\windows\apppatch\AcLayers.dll

2011-10-12 00:39:07 458752 ----a-w- c:\windows\apppatch\AcSpecfc.dll

2011-10-12 00:39:07 2159616 ----a-w- c:\windows\apppatch\AcGenral.dll

2011-10-12 00:39:07 173056 ----a-w- c:\windows\apppatch\AcXtrnal.dll

2011-10-12 00:39:06 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll

2011-10-12 00:39:05 1696768 ----a-w- c:\windows\system32\gameux.dll

2011-10-12 00:35:42 84480 ----a-w- c:\windows\system32\INETRES.dll

2011-10-12 00:35:09 60928 ----a-w- c:\windows\system32\msasn1.dll

2011-10-12 00:33:39 784896 ----a-w- c:\windows\system32\rpcrt4.dll

2011-10-12 00:32:26 411648 ----a-w- c:\windows\system32\drivers\http.sys

.

============= FINISH: 2:03:23.86 ===============

Any help would be appreciated, thanks!

Link to post
Share on other sites

  • 2 weeks later...
  • Staff

Hi and welcome to Malwarebytes.

Please update MBAM, run a Quick Scan, and post its log.

Next, please visit this webpage for instructions for running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

  • When the tool is finished, it will produce a report for you.
  • Please post the contents of C:\ComboFix.txt along with a new DDS log so we may continue cleaning the system.

Link to post
Share on other sites

  • 1 month later...
  • 1 month later...
  • Staff

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.