Jump to content

Recommended Posts

So I think I am currently infected with a virus. I ran Malwarebytes and it orginally found an infection called PUP.BitMiner but malwarebytes removed it successfully. I know that the PUP.BitMiner is a redirecting virus and even though it was successfully removed every time I click on a link when I googled something it redirects me to another webpage. It only seems to happen with google searches not sure on what to do. I ran malwarebytes again but it did not find anything.

Recent Scan:

Malwarebytes' Anti-Malware 1.51.2.1300

www.malwarebytes.org

Database version: 8343

Windows 6.1.7600

Internet Explorer 8.0.7600.16385

12/9/2011 11:25:13 AM

mbam-log-2011-12-09 (11-25-13).txt

Scan type: Full scan (C:\|D:\|)

Objects scanned: 306156

Time elapsed: 29 minute(s), 11 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

DDS:

.

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 8.0.7600.16385

Run by Rikki at 11:26:47 on 2011-12-09

Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3835.1790 [GMT -7:00]

.

AV: Norton Internet Security *Enabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: Norton Internet Security *Disabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}

FW: Norton Internet Security *Disabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\system32\atiesrxx.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\atieclxx.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\WLANExt.exe

C:\Windows\system32\conhost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe

C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe

C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe

C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe

C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe

C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1438.0\mswinext.exe

C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe

C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe

C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe

C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe

C:\Program Files\Realtek\RtVOsd\RtVOsd.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files (x86)\Hewlett-Packard\Shared\hpCaslNotification.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe

C:\Windows\SysWOW64\Macromed\Flash\FlashUtil11e_ActiveX.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe

C:\Users\Rikki\Downloads\GEEK_SQUAD_MRI_5.1.1.0_CRACKED-SOLDIERX\GEEK_SQUAD_MRI_5.1.1.0_CRACKED-SOLDIERX\MRI.EXE

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Users\Rikki\AppData\Local\Temp\MRI_TEMP\Kaspersky Antivirus\AVP\Scanner\AVP.exe

C:\Users\Rikki\AppData\Local\Temp\MRI_TEMP\Kaspersky Antivirus\AVP\Scanner\avp.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Windows\system32\taskhost.exe

C:\Windows\SysWOW64\NOTEPAD.EXE

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\conhost.exe

C:\Windows\SysWOW64\cscript.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.com/

mWinlogon: Userinit=userinit.exe,

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1438.0\npwinext.dll

BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

TB: @C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1438.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1438.0\npwinext.dll

TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File

uRun: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe" /MINIMIZED

mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

mRun: [bing Bar] "C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1438.0\mswinext.exe"

mRun: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume

mRun: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe

mRun: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

LSP: mswsock.dll

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

TCP: DhcpNameServer = 192.168.1.1

TCP: Interfaces\{EF07AD5D-242B-454B-9D13-A4867C60078E} : DhcpNameServer = 192.168.1.1

SubSystems: Windows = basesrv,1 winsrv:UserServerDllInitialization,3 consrv:ConServerDllInitialization,2 sxssrv,4

BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO-X64: AcroIEHelperStub - No File

BHO-X64: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO-X64: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll

BHO-X64: Search Helper - No File

BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO-X64: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1438.0\npwinext.dll

BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

TB-X64: @C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1438.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1438.0\npwinext.dll

TB-X64: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File

mRun-x64: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

mRun-x64: [bing Bar] "C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1438.0\mswinext.exe"

mRun-x64: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume

mRun-x64: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe

mRun-x64: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe

mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

.

============= SERVICES / DRIVERS ===============

.

R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]

R2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2011-12-9 98208]

R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]

R2 CinemaNow Service;CinemaNow Service;C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe [2010-5-21 140272]

R2 HP Wireless Assistant Service;HP Wireless Assistant Service;C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-6-18 103992]

R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2010-6-25 92216]

R2 HPWMISVC;HPWMISVC;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-6-29 27192]

R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-12-16 366152]

R2 NOBU;Norton Online Backup;C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2010-6-1 2804568]

R2 RtVOsdService;RtVOsdService Installer;C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe [2010-4-19 315392]

R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atipmdag.sys --> C:\Windows\system32\DRIVERS\atipmdag.sys [?]

R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]

R3 AVP;AVP;C:\Users\Rikki\AppData\Local\Temp\MRI_TEMP\Kaspersky Antivirus\AVP\Scanner\avp.exe [2011-12-9 227856]

R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]

R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]

R3 usbfilter;AMD USB Filter Driver;C:\Windows\system32\DRIVERS\usbfilter.sys --> C:\Windows\system32\DRIVERS\usbfilter.sys [?]

S3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\system32\DRIVERS\netw5v64.sys --> C:\Windows\system32\DRIVERS\netw5v64.sys [?]

S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\system32\Drivers\RtsUStor.sys --> C:\Windows\system32\Drivers\RtsUStor.sys [?]

S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\system32\DRIVERS\VSTAZL6.SYS --> C:\Windows\system32\DRIVERS\VSTAZL6.SYS [?]

S3 SrvHsfV92;SrvHsfV92;C:\Windows\system32\DRIVERS\VSTDPV6.SYS --> C:\Windows\system32\DRIVERS\VSTDPV6.SYS [?]

S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\system32\DRIVERS\VSTCNXT6.SYS --> C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [?]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]

S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk62x64.sys --> C:\Windows\system32\DRIVERS\yk62x64.sys [?]

.

=============== Created Last 30 ================

.

2011-12-16 16:33:55 -------- d-----w- C:\Users\Rikki\AppData\Roaming\Malwarebytes

2011-12-16 16:33:46 -------- d-----w- C:\ProgramData\Malwarebytes

2011-12-16 16:33:42 25416 ----a-w- C:\Windows\System32\drivers\mbam.sys

2011-12-16 16:33:42 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2011-12-16 16:33:16 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2011-12-16 12:17:53 -------- d-----w- C:\Windows\SysWow64\Wat

2011-12-16 12:17:53 -------- d-----w- C:\Windows\System32\Wat

2011-12-16 12:15:24 243712 ----a-w- C:\Windows\System32\drivers\ks.sys

2011-12-16 12:15:24 184832 ----a-w- C:\Windows\System32\drivers\usbvideo.sys

2011-12-16 11:59:14 -------- d-----w- C:\Program Files (x86)\Common Files\Symantec Shared

2011-12-16 11:56:08 -------- d-----w- C:\Users\Rikki\AppData\Local\Diagnostics

2011-12-09 17:49:49 41272 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys

2011-12-09 17:29:34 -------- d-----w- C:\ProgramData\Geek Squad

2011-12-09 12:01:37 4398360 ----a-w- C:\Windows\System32\d3dx9_32.dll

2011-12-09 12:01:37 3426072 ----a-w- C:\Windows\SysWow64\d3dx9_32.dll

2011-12-09 12:01:27 141399376 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\wlc4C5B.tmp

2011-12-09 12:00:34 -------- d-----w- C:\Program Files (x86)\MSN Toolbar

2011-12-09 12:00:11 -------- d-----w- C:\Program Files (x86)\Bing Bar Installer

2011-12-09 11:54:46 -------- d-----w- C:\Program Files (x86)\HP Games

2011-12-09 11:54:44 -------- d-----w- C:\ProgramData\WildTangent

2011-12-09 11:52:35 -------- d-----w- C:\ProgramData\Norton

2011-12-09 11:52:02 -------- d-----w- C:\ProgramData\NortonInstaller

2011-12-09 11:51:42 -------- d-----w- C:\Program Files (x86)\Common Files\CyberLink

2011-12-09 11:50:30 29480 ----a-w- C:\Windows\SysWow64\msxml3a.dll

2011-12-09 11:50:13 -------- d-----w- C:\ProgramData\Uninstall

2011-12-09 11:50:01 -------- d-----w- C:\ProgramData\CinemaNow

2011-12-09 11:49:58 -------- d-----w- C:\Program Files (x86)\CinemaNow

2011-12-09 11:49:49 -------- d-----w- C:\Program Files (x86)\Microsoft WSE

2011-12-09 11:48:23 -------- d-----we C:\Windows\system64

2011-12-09 11:48:02 356864 ----a-w- C:\Users\Rikki\AppData\Local\fpa.exe

2011-12-09 11:41:45 0 ----a-w- C:\Windows\ativpsrm.bin

2011-12-09 11:40:44 -------- d-----w- C:\Windows\Hewlett-Packard

2011-12-09 11:40:16 -------- d-----w- C:\Users\Rikki\AppData\Local\ATI

2011-12-09 11:39:54 60416 ----a-w- C:\Windows\System32\athihvui.dll

2011-12-09 11:39:54 439808 ----a-w- C:\Windows\System32\athihvs.dll

2011-12-09 11:39:54 1594368 ----a-w- C:\Windows\System32\drivers\athrx.sys

2011-12-09 11:39:54 -------- d-----w- C:\Windows\System32\nn-NO

2011-12-09 11:39:45 904704 ----a-w- C:\Program Files\Common Files\Microsoft Shared\VC\msdia80.dll

2011-12-09 11:39:45 -------- d-----w- C:\Program Files (x86)\Cisco

2011-12-09 11:39:45 -------- d-----w- C:\Program Files (x86)\Atheros

2011-12-09 11:39:16 -------- d-----w- C:\Users\Rikki\AppData\Roaming\hpqLog

2011-12-09 11:39:14 -------- d-----w- C:\ProgramData\Atheros

2011-12-09 11:38:44 -------- d-----w- C:\Users\Rikki\AppData\Local\VirtualStore

2011-12-09 11:38:22 74272 ----a-w- C:\Windows\System32\RtNicProp64.dll

2011-12-09 11:38:22 347680 ----a-w- C:\Windows\System32\drivers\Rt64win7.sys

2011-12-09 11:38:22 107552 ----a-w- C:\Windows\System32\RTNUninst64.dll

2011-12-09 11:38:07 -------- d-----w- C:\Users\Rikki\AppData\Local\Hewlett-Packard

2011-12-09 11:36:48 38456 ----a-w- C:\Windows\System32\drivers\usbfilter.sys

2011-12-09 11:36:48 -------- d-----w- C:\Program Files (x86)\AMD

2011-12-09 11:35:22 -------- d-----w- C:\Program Files\ATI

2011-12-09 11:35:19 -------- d-----w- C:\Program Files (x86)\ATI Technologies

2011-12-09 11:27:42 52224 ----a-w- C:\Windows\System32\rtutils.dll

2011-12-09 11:27:42 37376 ----a-w- C:\Windows\SysWow64\rtutils.dll

2011-12-09 11:27:31 82944 ----a-w- C:\Windows\SysWow64\iccvid.dll

2011-12-09 11:27:22 16896 ----a-w- C:\Program Files\Internet Explorer\iecompat.dll

2011-12-09 11:27:22 16896 ----a-w- C:\Program Files (x86)\Internet Explorer\iecompat.dll

2011-12-09 11:26:23 463360 ----a-w- C:\Windows\System32\drivers\srv.sys

2011-12-09 11:26:23 404992 ----a-w- C:\Windows\System32\drivers\srv2.sys

2011-12-09 11:26:23 162304 ----a-w- C:\Windows\System32\drivers\srvnet.sys

2011-12-09 11:26:10 5507968 ----a-w- C:\Windows\System32\ntoskrnl.exe

2011-12-09 11:26:10 3955080 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe

2011-12-09 11:26:10 3899784 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe

2011-12-09 11:24:54 46080 ----a-w- C:\Windows\System32\atmlib.dll

2011-12-09 11:24:54 366080 ----a-w- C:\Windows\System32\atmfd.dll

2011-12-09 11:24:54 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll

2011-12-09 11:24:54 293888 ----a-w- C:\Windows\SysWow64\atmfd.dll

2011-12-09 11:24:22 84992 ----a-w- C:\Windows\System32\asycfilt.dll

2011-12-09 11:24:22 67584 ----a-w- C:\Windows\SysWow64\asycfilt.dll

2011-12-09 11:24:12 1896832 ----a-w- C:\Windows\System32\drivers\tcpip.sys

2011-12-09 11:23:58 613888 ----a-w- C:\Windows\System32\psisdecd.dll

2011-12-09 11:23:58 465408 ----a-w- C:\Windows\SysWow64\psisdecd.dll

2011-12-09 11:21:57 144384 ----a-w- C:\Windows\System32\cdd.dll

2011-12-09 11:19:59 -------- d-----w- C:\Windows\ehome

2011-12-09 11:11:33 -------- d-----w- C:\ProgramData\Recovery

.

==================== Find3M ====================

.

2011-12-09 11:50:25 353576 ----a-w- C:\Windows\SysWow64\msvcr71.dll

2011-12-09 11:50:24 505128 ----a-w- C:\Windows\SysWow64\msvcp71.dll

2011-12-09 11:27:03 347648 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll

2011-12-09 11:27:03 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll

2011-12-09 11:22:53 978432 ----a-w- C:\Windows\SysWow64\wininet.dll

2011-12-09 11:22:53 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2011-12-09 11:22:53 1638912 ----a-w- C:\Windows\System32\mshtml.tlb

2011-12-09 11:22:53 1192960 ----a-w- C:\Windows\System32\wininet.dll

2011-12-09 11:22:20 3122688 ----a-w- C:\Windows\System32\win32k.sys

2011-12-09 11:22:09 1877504 ----a-w- C:\Windows\System32\msxml3.dll

2011-12-09 11:22:09 1233920 ----a-w- C:\Windows\SysWow64\msxml3.dll

2011-10-03 12:06:03 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll

.

============= FINISH: 11:27:32.95 ===============

Link to post
Share on other sites

  • 2 weeks later...
  • Staff

Hi and welcome to Malwarebytes.

Please update MBAM, run a Quick Scan, and post its log.

Next, please visit this webpage for instructions for running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

  • When the tool is finished, it will produce a report for you.
  • Please post the contents of C:\ComboFix.txt along with a new DDS log so we may continue cleaning the system.

Link to post
Share on other sites

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.