Jump to content

Infected Laptop Olmarik.awo.torjan


Recommended Posts

Good morning,

My bosses laptop has been infected with the above mentioned nasty trojan. Not sure if they're related, but I also cleaned off llivid and searchqu toolbar earlier (whether they are truly gone remains to be seen). Ran Malwarebytes quick scan but keep getting popups that Malwarebytes has successfully blocked access to various malicious websites and associated IP addresses that seem to be triggered by SVCHost.exe. Ran log files, DDS is as follows:

.

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 9.0.8112.16421

Run by John at 8:57:13 on 2012-01-10

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4010.1852 [GMT -5:00]

.

AV: ESET NOD32 Antivirus 5.0 *Enabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}

SP: ESET NOD32 Antivirus 5.0 *Enabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\WLANExt.exe

C:\Windows\system32\conhost.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe

C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\svchost.exe -k bthsvcs

C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe

C:\Program Files\Intel\WiFi\bin\EvtEng.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe

C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE

C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe

C:\Windows\System32\igfxtray.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe

C:\Windows\System32\rundll32.exe

C:\Program Files\Intel\WiMAX\Bin\WiMAXCU.exe

C:\Program Files\Dell\QuickSet\quickset.exe

C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE

C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe

C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE

C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe

C:\Program Files\Microsoft IntelliPoint\ipoint.exe

C:\Program Files (x86)\Skype\Phone\Skype.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

-netsvcs

-netsvcs

-netsvcs

-netsvcs

-netsvcs

-netsvcs

C:\Windows\system32\wbem\unsecapp.exe

C:\Windows\system32\conhost.exe

C:\Windows\system32\conhost.exe

C:\Windows\system32\conhost.exe

C:\Windows\system32\conhost.exe

C:\Windows\system32\conhost.exe

C:\Windows\system32\conhost.exe

C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe

C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe

C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe

C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe

C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

C:\Windows\system32\msiexec.exe

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe

C:\Windows\explorer.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\conhost.exe

C:\Windows\SysWOW64\cscript.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.searchqu.com/406

uDefault_Page_URL = hxxp://www.dell.com

mWinlogon: Userinit=userinit.exe,

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Searchqu Toolbar: {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~2\WI3C8A~1\Datamngr\ToolBar\searchqudtx.dll

BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll

BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

TB: Searchqu Toolbar: {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~2\WI3C8A~1\Datamngr\ToolBar\searchqudtx.dll

uRun: [best Buy pc app] C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Best Buy\Best Buy pc app.appref-ms

uRun: [Google Update] "C:\Users\John\AppData\Local\Google\Update\GoogleUpdate.exe" /c

uRun: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized

uRun: [DW6] "C:\Program Files (x86)\The Weather Channel FW\Desktop\DesktopWeather.exe"

uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background

mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2

mRun: [Dell Registration] C:\Program Files (x86)\System Registration\prodreg.exe /boot

mRun: [<NO NAME>]

mRun: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe"

mRun: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe"

mRun: [NSCSysTrayUI_XEROX] "C:\Program Files (x86)\XEROX\NetworkScan\NSCSysUI_XEROX.exe" /HIDEUI

mRun: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe" -osboot

mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

mRunOnce: [removeSearchqudatamngr] cmd.exe /c RD /S /Q "C:\Program Files (x86)\SearchCore for Browsers"

uPolicies-explorer: HideSCAHealth = 1 (0x1)

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105

IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

TCP: DhcpNameServer = 192.168.1.254

TCP: Interfaces\{72B84301-93ED-4E10-8707-6892EF909914} : DhcpNameServer = 192.168.42.129

TCP: Interfaces\{C35710B7-F473-4ED3-BCC8-2F74E2DC0AAC} : DhcpNameServer = 192.168.3.1 72.252.24.138 65.183.0.84

TCP: Interfaces\{EAD22527-447C-4D0C-AC65-2B3E66BAEFD2} : DhcpNameServer = 192.168.1.254

TCP: Interfaces\{EAD22527-447C-4D0C-AC65-2B3E66BAEFD2}\74F6C66602659656770284F64756C6 : DhcpNameServer = 192.168.0.1

TCP: Interfaces\{EAD22527-447C-4D0C-AC65-2B3E66BAEFD2}\84F6C69646169794E6E6 : DhcpNameServer = 65.183.0.78 65.183.0.84

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO-X64: AcroIEHelperStub - No File

BHO-X64: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll

BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO-X64: Searchqu Toolbar: {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~2\WI3C8A~1\Datamngr\ToolBar\searchqudtx.dll

BHO-X64: Searchqu Toolbar - No File

BHO-X64: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll

BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

BHO-X64: SkypeIEPluginBHO - No File

BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL

BHO-X64: URLRedirectionBHO - No File

BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

TB-X64: Searchqu Toolbar: {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~2\WI3C8A~1\Datamngr\ToolBar\searchqudtx.dll

mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"

mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun-x64: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2

mRun-x64: [Dell Registration] C:\Program Files (x86)\System Registration\prodreg.exe /boot

mRun-x64: [(Default)]

mRun-x64: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe"

mRun-x64: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe"

mRun-x64: [NSCSysTrayUI_XEROX] "C:\Program Files (x86)\XEROX\NetworkScan\NSCSysUI_XEROX.exe" /HIDEUI

mRun-x64: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe" -osboot

mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

mRunOnce-x64: [removeSearchqudatamngr] cmd.exe /c RD /S /Q "C:\Program Files (x86)\SearchCore for Browsers"

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\8oaqnlus.default\

FF - prefs.js: browser.search.selectedEngine - iLivid Web Search

FF - prefs.js: browser.startup.homepage - www.bbc.co.uk

FF - prefs.js: keyword.URL - hxxp://www.searchqu.com/web?src=ffb&appid=113&systemid=406&sr=0&q=

FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL

FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL

FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll

FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll

FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll

FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrlui.dll

FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

FF - plugin: C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll

FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll

FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll

FF - plugin: C:\Users\John\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll

FF - plugin: C:\Users\John\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll

FF - plugin: C:\Users\John\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll

.

============= SERVICES / DRIVERS ===============

.

R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]

R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]

R2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2011-6-24 98208]

R2 Bluetooth Device Monitor;Bluetooth Device Monitor;C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe [2010-12-14 901184]

R2 Bluetooth OBEX Service;Bluetooth OBEX Service;C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe [2010-12-14 974912]

R2 DMAgent;Intel® PROSet/Wireless WiMAX Red Bend Device Management Service;C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe [2011-2-27 499200]

R2 eamonm;eamonm;C:\Windows\system32\DRIVERS\eamonm.sys --> C:\Windows\system32\DRIVERS\eamonm.sys [?]

R2 ekrn;ESET Service;C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [2011-8-9 974944]

R2 epfwwfpr;epfwwfpr;C:\Windows\system32\DRIVERS\epfwwfpr.sys --> C:\Windows\system32\DRIVERS\epfwwfpr.sys [?]

R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-1-10 652872]

R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2011-6-24 1692480]

R2 SSPORT;SSPORT;\??\C:\Windows\system32\Drivers\SSPORT.sys --> C:\Windows\system32\Drivers\SSPORT.sys [?]

R3 Bluetooth Media Service;Bluetooth Media Service;C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe [2010-12-14 1298496]

R3 bpenum;Intel® Centrino® WiMAX Enumerator;C:\Windows\system32\DRIVERS\bpenum.sys --> C:\Windows\system32\DRIVERS\bpenum.sys [?]

R3 bpmp;Intel® Centrino® WiMAX 6050 Series;C:\Windows\system32\DRIVERS\bpmp.sys --> C:\Windows\system32\DRIVERS\bpmp.sys [?]

R3 bpusb;Intel® Centrino® WiMAX 6050 Series Function Driver;C:\Windows\system32\Drivers\bpusb.sys --> C:\Windows\system32\Drivers\bpusb.sys [?]

R3 btmaux;Intel Bluetooth Auxiliary Service;C:\Windows\system32\DRIVERS\btmaux.sys --> C:\Windows\system32\DRIVERS\btmaux.sys [?]

R3 btmhsf;btmhsf;C:\Windows\system32\DRIVERS\btmhsf.sys --> C:\Windows\system32\DRIVERS\btmhsf.sys [?]

R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\system32\DRIVERS\CtClsFlt.sys --> C:\Windows\system32\DRIVERS\CtClsFlt.sys [?]

R3 iBtFltCoex;iBtFltCoex;C:\Windows\system32\DRIVERS\iBtFltCoex.sys --> C:\Windows\system32\DRIVERS\iBtFltCoex.sys [?]

R3 IntcDAud;Intel® Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys --> C:\Windows\system32\DRIVERS\IntcDAud.sys [?]

R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]

R3 MEIx64;Intel® Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]

R3 NETwNs64;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\system32\DRIVERS\NETwNs64.sys --> C:\Windows\system32\DRIVERS\NETwNs64.sys [?]

R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\system32\DRIVERS\nusb3hub.sys --> C:\Windows\system32\DRIVERS\nusb3hub.sys [?]

R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\system32\DRIVERS\nusb3xhc.sys --> C:\Windows\system32\DRIVERS\nusb3xhc.sys [?]

R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]

R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]

R3 wdkmd;Intel WiDi KMD;C:\Windows\system32\DRIVERS\WDKMD.sys --> C:\Windows\system32\DRIVERS\WDKMD.sys [?]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-9-22 136176]

S2 RoxWatch12;Roxio Hard Drive Watcher 12;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632]

S3 androidusb;SAMSUNG Android Composite ADB Interface Driver;C:\Windows\system32\Drivers\ssadadb.sys --> C:\Windows\system32\Drivers\ssadadb.sys [?]

S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-9-22 136176]

S3 Impcd;Impcd;C:\Windows\system32\drivers\Impcd.sys --> C:\Windows\system32\drivers\Impcd.sys [?]

S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2010-12-17 340240]

S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]

S3 RoxMediaDB12OEM;RoxMediaDB12OEM;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656]

S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\system32\Drivers\RtsUStor.sys --> C:\Windows\system32\Drivers\RtsUStor.sys [?]

S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);C:\Windows\system32\DRIVERS\ssadbus.sys --> C:\Windows\system32\DRIVERS\ssadbus.sys [?]

S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);C:\Windows\system32\DRIVERS\ssadmdfl.sys --> C:\Windows\system32\DRIVERS\ssadmdfl.sys [?]

S3 ssadmdm;SAMSUNG Android USB Modem Drivers;C:\Windows\system32\DRIVERS\ssadmdm.sys --> C:\Windows\system32\DRIVERS\ssadmdm.sys [?]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]

S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]

S3 WSDPrintDevice;WSD Print Support via UMB;C:\Windows\system32\DRIVERS\WSDPrint.sys --> C:\Windows\system32\DRIVERS\WSDPrint.sys [?]

.

=============== Created Last 30 ================

.

2012-01-10 13:44:56 -------- d-----w- C:\Users\John\AppData\Local\{C6E7D214-29AF-473B-80F1-AF931A9F7CBA}

2012-01-10 13:44:33 -------- d-----w- C:\Users\John\AppData\Local\{73F89550-EDEA-4081-80D6-0EA38A37FAFB}

2012-01-10 13:20:56 -------- d-----w- C:\Users\John\AppData\Local\{E6E0CA4F-D871-43EE-8181-F95000589BC8}

2012-01-10 13:20:30 -------- d-----w- C:\Users\John\AppData\Local\{7277A290-99A0-4A38-9066-4E779A7DBD84}

2012-01-10 13:10:36 -------- d-----w- C:\Users\John\AppData\Local\{03591E45-DC5F-4E85-B7C6-393B537485AF}

2012-01-10 13:10:24 -------- d-----w- C:\Users\John\AppData\Local\{7669DE32-C791-49CD-BE6E-1D3727C5C749}

2012-01-09 14:18:01 -------- d-----w- C:\Users\John\AppData\Local\{C18DA4F8-5DAF-43E5-8544-5CAA763D261A}

2012-01-09 12:46:55 -------- d-----w- C:\Users\John\AppData\Roaming\Malwarebytes

2012-01-09 12:46:50 -------- d-----w- C:\ProgramData\Malwarebytes

2012-01-09 12:46:47 23152 ----a-w- C:\Windows\System32\drivers\mbam.sys

2012-01-09 12:46:47 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2012-01-07 18:06:20 -------- d-sh--w- C:\Windows\SysWow64\%USERPROFILE%

2012-01-07 12:35:43 -------- d-----w- C:\Users\John\AppData\Local\{CB0755BF-EB6E-423C-834F-9E3EF87ED468}

2012-01-07 12:35:32 -------- d-----w- C:\Users\John\AppData\Local\{0FAF1C10-A5BD-4C6A-AE82-66078EAC5248}

2012-01-07 03:08:09 8822856 ------w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{471B156B-D9ED-4630-8123-A2EE240990CC}\mpengine.dll

2012-01-07 03:04:59 -------- d-----w- C:\Users\John\AppData\Local\{596B883B-7A38-49E8-B4F4-CE27C43D3A8A}

2012-01-07 03:04:49 -------- d-----w- C:\Users\John\AppData\Local\{74806C39-4197-45C5-B80B-65DF96C95D99}

2012-01-06 20:07:28 -------- d-----w- C:\Users\John\AppData\Local\{CAF32071-0D7B-4F66-A914-1B050CE0DFB9}

2012-01-06 16:53:54 -------- d-----w- C:\Users\John\AppData\Local\{F21DA1B8-BF40-46CA-9C35-5F13D4CF059D}

2012-01-05 21:47:21 -------- d-----w- C:\Users\John\AppData\Local\{05682CD3-1FD0-4D2C-85AB-EBA54CC3BF36}

2012-01-05 16:59:43 -------- d-----w- C:\Users\John\AppData\Local\{69731EA4-729A-42CF-9339-928096CB7BD4}

2012-01-05 11:25:52 -------- d-----w- C:\Users\John\AppData\Local\{7DEF220D-233A-423B-8007-7B6A41EEEA62}

2012-01-05 11:25:10 -------- d-----w- C:\Users\John\AppData\Local\{D5AA7AC9-67C8-45A5-9509-D9068DB8AFBB}

2012-01-04 00:52:13 -------- d-----w- C:\Users\John\AppData\Local\{0A18B952-94A5-4C20-A6E0-046CF34852A0}

2012-01-04 00:52:02 -------- d-----w- C:\Users\John\AppData\Local\{8A0E8FEA-F49D-4FB8-85F0-F457E617F7A0}

2012-01-03 13:41:16 -------- d-----w- C:\Users\John\AppData\Local\{544192B6-3F0E-423B-9032-9DD60635874D}

2012-01-03 13:40:51 -------- d-----w- C:\Users\John\AppData\Local\{399144D2-A19A-4001-8FC0-0FD2FC1F3606}

2012-01-03 07:30:30 -------- d-----w- C:\Users\John\AppData\Local\{D29ACC71-7C63-4439-B4C6-5147F7F1D5AF}

2012-01-03 07:30:06 -------- d-----w- C:\Users\John\AppData\Local\{7C9CA4B8-D541-4120-B918-696FE1E4006F}

2012-01-02 18:53:32 -------- d-----w- C:\Users\John\AppData\Local\{0DD88E09-8197-45F7-9F1E-AD0516A037D9}

2012-01-02 18:53:19 -------- d-----w- C:\Users\John\AppData\Local\{A7109523-58D4-44B8-9987-C0A6817479FC}

2012-01-02 12:14:30 -------- d-----w- C:\Users\John\AppData\Local\{AE63C2FF-18D3-47ED-804A-CE281482A6B3}

2012-01-02 12:14:18 -------- d-----w- C:\Users\John\AppData\Local\{F7D80FB6-0B77-4462-A3F4-670CF45D578D}

2012-01-02 09:58:50 -------- d-----w- C:\Users\John\AppData\Local\{547EB06B-70E0-404F-8994-C4AD13096858}

2012-01-02 09:58:27 -------- d-----w- C:\Users\John\AppData\Local\{1D1731AF-84CF-4A55-BDD6-2D217D2F987B}

2012-01-02 08:22:19 -------- d-----w- C:\Users\John\AppData\Local\{A36330B7-4B16-4759-B961-607A0C2BAC22}

2012-01-02 08:22:02 -------- d-----w- C:\Users\John\AppData\Local\{664FC4F5-36C4-41CA-9DDF-E0E59B580FE2}

2012-01-01 08:43:38 -------- d-----w- C:\Users\John\AppData\Local\{7354881D-25B8-4199-B4EE-ACAF25633847}

2012-01-01 08:43:14 -------- d-----w- C:\Users\John\AppData\Local\{5BEEC68A-7610-4141-90C6-838918A1AA5B}

2012-01-01 02:06:48 -------- d-----w- C:\Users\John\AppData\Local\{23B3293A-B8E2-4221-A3DD-6A367334E767}

2012-01-01 02:06:23 -------- d-----w- C:\Users\John\AppData\Local\{2135EC32-2077-43B3-8A3A-D44CADD45F84}

2011-12-29 16:14:29 -------- d-----w- C:\Users\John\AppData\Local\{8406FB4F-6880-4487-887D-0A707CE3C935}

2011-12-29 15:52:31 -------- d-----w- C:\Users\John\AppData\Local\{704C0BB9-6C0D-4E09-A73E-D9FC558B8369}

2011-12-28 22:34:11 -------- d-sh--w- C:\Windows\SysWow64\%APPDATA%

2011-12-28 22:34:04 -------- d-----w- C:\Users\John\AppData\Local\{CED7D72C-55F9-4CE3-9E95-863E83BA3ED6}

2011-12-28 22:33:53 -------- d-----w- C:\Users\John\AppData\Local\{AC6C204A-AB71-43CA-B964-506E1C2B8C39}

2011-12-28 22:31:29 20480 ----a-w- C:\Windows\svchost.exe

2011-12-28 20:04:02 -------- d-----w- C:\Users\John\AppData\Local\{AA8C85A1-F75A-4D78-841B-03191E4AB267}

2011-12-28 20:03:51 -------- d-----w- C:\Users\John\AppData\Local\{6684FFAD-4CF8-4215-932E-78EB611E8AD7}

2011-12-28 19:48:51 -------- d-----w- C:\Users\John\AppData\Local\{7E4D4342-08D3-4E7E-A141-335BB1ECE728}

2011-12-28 19:48:41 -------- d-----w- C:\Users\John\AppData\Local\{35756EA6-4098-49D5-BBF3-F8FF87160D57}

2011-12-28 14:40:26 -------- d-----w- C:\Users\John\AppData\Local\{0DBB5345-BDD6-4B7C-AC05-6ABC92AE3A90}

2011-12-28 14:39:50 -------- d-----w- C:\Users\John\AppData\Local\{B060F31B-A5DB-42B8-A2DF-4DD6F04B9C81}

2011-12-25 13:09:39 -------- d-----w- C:\Users\John\AppData\Local\{31140178-50B5-4E4A-88E9-784C30330209}

2011-12-25 13:09:19 -------- d-----w- C:\Users\John\AppData\Local\{3706CCFA-614A-4A22-BCA9-75A0E6EC6D20}

2011-12-24 16:32:58 -------- d-----w- C:\Users\John\AppData\Local\{95FE45EB-7C6B-4822-A7E3-9BEF03457DD5}

2011-12-24 16:32:34 -------- d-----w- C:\Users\John\AppData\Local\{681D57DB-49F3-4E0D-8A7A-878AD9FA0CBB}

2011-12-24 03:10:48 -------- d-----w- C:\Users\John\AppData\Local\{E8768B1E-CA0E-4CA3-9973-DF64C401FB22}

2011-12-24 03:10:27 -------- d-----w- C:\Users\John\AppData\Local\{9359B9AC-42AD-4B42-801D-0B7D429102FD}

2011-12-22 22:16:20 -------- d-----w- C:\Users\John\AppData\Local\{8A87A492-C6A7-4C01-933F-1EC4AC170DD6}

2011-12-22 22:16:07 -------- d-----w- C:\Users\John\AppData\Local\{25C43AA4-7FF5-432A-8E7E-2C14920D0C22}

2011-12-21 23:33:11 -------- d-----w- C:\Users\John\AppData\Local\{3811EDE7-3D9D-4583-89CD-66D146827188}

2011-12-21 23:32:50 -------- d-----w- C:\Users\John\AppData\Local\{89D1C9C2-1287-4630-ACFC-F8FE4842440B}

2011-12-21 12:14:52 -------- d-----w- C:\Users\John\AppData\Local\{489C8FC3-0827-451B-B3B2-ED64BAE28EBE}

2011-12-21 12:14:28 -------- d-----w- C:\Users\John\AppData\Local\{01390831-3ABE-4E2D-A207-6225708242D6}

2011-12-21 00:42:46 -------- d-----w- C:\Users\John\AppData\Local\{4A4C2C96-221C-477F-A383-E76A8234B061}

2011-12-21 00:42:35 -------- d-----w- C:\Users\John\AppData\Local\{814F20FE-5614-4F0D-A3AC-DD9D1F6165B8}

2011-12-20 13:15:16 -------- d-----w- C:\Users\John\AppData\Local\{845FE852-3447-40D4-8C83-A4058965EC03}

2011-12-20 01:14:56 -------- d-----w- C:\Users\John\AppData\Local\{F329F4FE-0643-4DE3-86FA-D5A085399403}

2011-12-19 11:59:45 -------- d-----w- C:\Users\John\AppData\Local\{06BEA61D-7073-4031-BC0D-298C78FEA7E8}

2011-12-19 11:59:20 -------- d-----w- C:\Users\John\AppData\Local\{772CF3CC-834A-44CC-98A7-4B01CC05A2D1}

2011-12-18 18:05:44 -------- d-----w- C:\Users\John\AppData\Local\{D7EF194D-99FA-44D5-A992-3EFFEA027462}

2011-12-18 18:05:29 -------- d-----w- C:\Users\John\AppData\Local\{CDA215C2-C1E8-48D2-A83B-3003EFB99B93}

2011-12-18 02:06:41 -------- d-----w- C:\Users\John\AppData\Local\Windows Live

2011-12-18 02:06:26 -------- d-----w- C:\Users\John\AppData\Local\{CCEE858D-0906-4E6C-AD6D-9509A7A27ABE}

2011-12-18 02:06:26 -------- d-----w- C:\Users\John\AppData\Local\{17A409D5-462A-4574-B425-B7733A73E2F5}

2011-12-18 02:06:11 -------- d-----w- C:\Users\John\Tracing

2011-12-15 01:23:03 43520 ----a-w- C:\Windows\System32\csrsrv.dll

2011-12-15 01:23:02 3145216 ----a-w- C:\Windows\System32\win32k.sys

2011-12-15 01:23:01 723456 ----a-w- C:\Windows\System32\EncDec.dll

2011-12-15 01:23:01 534528 ----a-w- C:\Windows\SysWow64\EncDec.dll

2011-12-15 01:22:51 2048 ----a-w- C:\Windows\SysWow64\tzres.dll

2011-12-15 01:22:51 2048 ----a-w- C:\Windows\System32\tzres.dll

.

==================== Find3M ====================

.

2011-11-15 19:29:56 270720 ------w- C:\Windows\System32\MpSigStub.exe

2011-11-10 20:06:24 72080 ----a-w- C:\Users\John\g2mdlhlpx.exe

2011-11-08 17:43:22 499712 ----a-w- C:\Windows\SysWow64\msvcp71.dll

2011-11-08 17:43:22 348160 ----a-w- C:\Windows\SysWow64\msvcr71.dll

2011-11-04 01:53:39 2309120 ----a-w- C:\Windows\System32\jscript9.dll

2011-11-04 01:44:47 1390080 ----a-w- C:\Windows\System32\wininet.dll

2011-11-04 01:44:21 1493504 ----a-w- C:\Windows\System32\inetcpl.cpl

2011-11-04 01:34:43 2382848 ----a-w- C:\Windows\System32\mshtml.tlb

2011-11-03 22:47:42 1798144 ----a-w- C:\Windows\SysWow64\jscript9.dll

2011-11-03 22:40:21 1427456 ----a-w- C:\Windows\SysWow64\inetcpl.cpl

2011-11-03 22:39:47 1127424 ----a-w- C:\Windows\SysWow64\wininet.dll

2011-11-03 22:31:57 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb

.

============= FINISH: 8:59:12.96 ===============

Any assistance you can provide would be greatly appreciated.

Best regards,

Jim

Attach.txt

Link to post
Share on other sites

  • 1 month later...
  • Staff

Hi and welcome to Malwarebytes.

Please update MBAM, run a Quick Scan, and post its log.

Next, please visit this webpage for instructions for running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

  • When the tool is finished, it will produce a report for you.
  • Please post the contents of C:\ComboFix.txt along with a new DDS log so we may continue cleaning the system.

Link to post
Share on other sites

  • 2 weeks later...
  • 1 month later...
  • Staff

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.