Jump to content

Virus keeps appearing. Please help!


snivy
 Share

Recommended Posts

The virus is called "Malware Protection Center" and it appeared to have gone away until I rebooted my PC and now its back with a vengeance.

Before I post all the relevant logs, note that I know exactly what link I clicked that gave me this virus (so if thats any help I'll post it). The reason I know specifically what link it is is because I did a scan directly before clicking it because I knew it looked dodgy and 5mins later I'm getting a fake AV popup.

Anyway here are the logs:

DDS

.

DDS (Ver_2011-08-26.01) - NTFSAMD64 NETWORK

Internet Explorer: 8.0.7600.16385

Run by nate at 23:55:38 on 2012-01-17

Microsoft Windows 7 Home Premium 6.1.7600.0.1252.44.1033.18.3999.2743 [GMT 0:00]

.

AV: Norton Internet Security *Disabled/Outdated* {63DF5164-9100-186D-2187-8DC619EFD8BF}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: Norton Internet Security *Disabled/Outdated* {D8BEB080-B73A-17E3-1B37-B6B462689202}

FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\Explorer.EXE

C:\Windows\system32\ctfmon.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\conhost.exe

C:\Windows\SysWOW64\cscript.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT1060933

uInternet Settings,ProxyServer = http=127.0.0.1:59556

uURLSearchHooks: YouTube Downloader Toolbar: {f3fee66e-e034-436a-86e4-9690573bee8a} - C:\Program Files (x86)\YouTube Downloader Toolbar\IE\4.9\youtubedownloaderToolbarIE.dll

uURLSearchHooks: H - No File

mWinlogon: Userinit=userinit.exe,

BHO: Complitly: {0fb6a909-6086-458f-bd92-1f8ee10042a0} - C:\Users\nate\AppData\Roaming\Complitly\Complitly.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\coIEPlg.dll

BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\IPS\IPSBHO.DLL

BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

BHO: YouTube Downloader Toolbar: {f3fee66e-e034-436a-86e4-9690573bee8a} - C:\Program Files (x86)\YouTube Downloader Toolbar\IE\4.9\youtubedownloaderToolbarIE.dll

TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\coIEPlg.dll

TB: @C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll

TB: YouTube Downloader Toolbar: {f3fee66e-e034-436a-86e4-9690573bee8a} - C:\Program Files (x86)\YouTube Downloader Toolbar\IE\4.9\youtubedownloaderToolbarIE.dll

uRun: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden

uRun: [steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent

uRun: [ZumoDrive] C:\Program Files (x86)\Hewlett-Packard\HP CloudDrive\ZumoLauncher.lnk

uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background

uRun: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized

uRun: [Malware Protection Center] "C:\ProgramData\727d59\MP727_8016.exe" /s /d

mRun: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe

mRun: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

mRun: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe

mRun: [ZumoDrive] "C:\Program Files (x86)\Hewlett-Packard\HP CloudDrive\ZumoLauncher.lnk"

mRun: [Freecorder FLV Service] "C:\Program Files (x86)\Freecorder\FLVSrvc.exe" /run

mRun: [<NO NAME>]

mRun: [searchSettings] "C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe"

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SNAPFI~1.LNK - C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)

mPolicies-explorer: EnableShellExecuteHooks = 1 (0x1)

mPolicies-explorer: HideSCAHealth = 1 (0x1)

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab

TCP: DhcpNameServer = 192.168.0.1

TCP: Interfaces\{0EAC441C-2363-4CFA-8C48-86E39C74DCFA} : DhcpNameServer = 40.2.1.100

TCP: Interfaces\{39E4DB1A-8D83-43C2-827C-0C72C70717E7} : DhcpNameServer = 192.168.0.1

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

SEH: EasyBits ShellExecute Hook: {e54729e8-bb3d-4270-9d49-7389ea579090} - C:\Windows\SysWow64\EZUPBH~1.DLL

mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"

BHO-X64: Complitly: {0FB6A909-6086-458F-BD92-1F8EE10042A0} - C:\Users\nate\AppData\Roaming\Complitly\Complitly.dll

BHO-X64: Complitly - No File

BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO-X64: AcroIEHelperStub - No File

BHO-X64: Symantec NCO BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\coIEPlg.dll

BHO-X64: Symantec NCO BHO - No File

BHO-X64: Symantec Intrusion Prevention: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\IPS\IPSBHO.DLL

BHO-X64: Symantec Intrusion Prevention - No File

BHO-X64: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll

BHO-X64: Search Helper - No File

BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO-X64: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll

BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

BHO-X64: YouTube Downloader Toolbar: {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files (x86)\YouTube Downloader Toolbar\IE\4.9\youtubedownloaderToolbarIE.dll

TB-X64: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\coIEPlg.dll

TB-X64: @C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll

TB-X64: YouTube Downloader Toolbar: {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files (x86)\YouTube Downloader Toolbar\IE\4.9\youtubedownloaderToolbarIE.dll

mRun-x64: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe

mRun-x64: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume

mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

mRun-x64: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe

mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun-x64: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe

mRun-x64: [ZumoDrive] "C:\Program Files (x86)\Hewlett-Packard\HP CloudDrive\ZumoLauncher.lnk"

mRun-x64: [Freecorder FLV Service] "C:\Program Files (x86)\Freecorder\FLVSrvc.exe" /run

mRun-x64: [(Default)]

mRun-x64: [searchSettings] "C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe"

SEH-X64: EasyBits ShellExecute Hook: {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWow64\EZUPBH~1.DLL

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\nate\AppData\Roaming\Mozilla\Firefox\Profiles\eqmj4xyi.default\

FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1060933&SearchSource=3&q={searchTerms}

FF - prefs.js: browser.search.selectedEngine - Yahoo

FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/

FF - prefs.js: keyword.URL - hxxp://uk.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=937811&p=

FF - prefs.js: network.proxy.http - 127.0.0.1

FF - prefs.js: network.proxy.http_port - 59556

FF - prefs.js: network.proxy.type - 0

FF - component: C:\Program Files (x86)\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll

FF - component: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\coFFPlgn_2011_7_3_6\components\coFFPlgn.dll

FF - component: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\IPSFFPlgn\components\IPSFFPl.dll

FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL

FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.93\npGoogleUpdate3.dll

FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrlui.dll

FF - plugin: C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll

FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

FF - plugin: C:\Users\nate\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll

FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll

.

============= SERVICES / DRIVERS ===============

.

R0 SymDS;Symantec Data Store;C:\Windows\system32\drivers\NISx64\1206000.01D\SYMDS64.SYS --> C:\Windows\system32\drivers\NISx64\1206000.01D\SYMDS64.SYS [?]

R0 SymEFA;Symantec Extended File Attributes;C:\Windows\system32\drivers\NISx64\1206000.01D\SYMEFA64.SYS --> C:\Windows\system32\drivers\NISx64\1206000.01D\SYMEFA64.SYS [?]

R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]

R3 netr28x;Ralink 802.11n Extensible Wireless Driver;C:\Windows\system32\DRIVERS\netr28x.sys --> C:\Windows\system32\DRIVERS\netr28x.sys [?]

R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]

S1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20100810.004\BHDrvx64.sys [2011-4-8 945200]

S1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20100706.002\IDSVia64.sys [2011-4-8 463408]

S1 SymIRON;Symantec Iron Driver;C:\Windows\system32\drivers\NISx64\1206000.01D\Ironx64.SYS --> C:\Windows\system32\drivers\NISx64\1206000.01D\Ironx64.SYS [?]

S1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\system32\Drivers\NISx64\1206000.01D\SYMNETS.SYS --> C:\Windows\system32\Drivers\NISx64\1206000.01D\SYMNETS.SYS [?]

S2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2011-4-8 98208]

S2 Application Updater;Application Updater;C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe [2011-12-14 748440]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2010-10-20 821664]

S2 ezSharedSvc;Easybits Services for Windows;C:\Windows\System32\ezSharedSvcHost.exe [2010-10-17 514232]

S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-8-24 136176]

S2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2011-6-21 85560]

S2 HP Wireless Assistant Service;HP Wireless Assistant Service;C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-7-21 103992]

S2 HPClientSvc;HP Client Services;C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-8-6 291896]

S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-3-28 94264]

S2 HPWMISVC;HPWMISVC;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-11-9 26680]

S2 NIS;Norton Internet Security;C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\ccsvchst.exe [2011-8-24 130008]

S2 NOBU;Norton Online Backup;C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2010-6-1 2804568]

S2 RtVOsdService;RtVOsdService Installer;C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe [2010-6-24 315392]

S2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2010-9-14 508264]

S3 clwvd;CyberLink WebCam Virtual Driver;C:\Windows\system32\DRIVERS\clwvd.sys --> C:\Windows\system32\DRIVERS\clwvd.sys [?]

S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-8-24 136176]

S3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\system32\DRIVERS\netw5v64.sys --> C:\Windows\system32\DRIVERS\netw5v64.sys [?]

S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]

S3 Sftfs;Sftfs;C:\Windows\system32\DRIVERS\Sftfslh.sys --> C:\Windows\system32\DRIVERS\Sftfslh.sys [?]

S3 Sftplay;Sftplay;C:\Windows\system32\DRIVERS\Sftplaylh.sys --> C:\Windows\system32\DRIVERS\Sftplaylh.sys [?]

S3 Sftredir;Sftredir;C:\Windows\system32\DRIVERS\Sftredirlh.sys --> C:\Windows\system32\DRIVERS\Sftredirlh.sys [?]

S3 Sftvol;Sftvol;C:\Windows\system32\DRIVERS\Sftvollh.sys --> C:\Windows\system32\DRIVERS\Sftvollh.sys [?]

S3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2010-9-14 219496]

S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\system32\DRIVERS\VSTAZL6.SYS --> C:\Windows\system32\DRIVERS\VSTAZL6.SYS [?]

S3 SrvHsfV92;SrvHsfV92;C:\Windows\system32\DRIVERS\VSTDPV6.SYS --> C:\Windows\system32\DRIVERS\VSTDPV6.SYS [?]

S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\system32\DRIVERS\VSTCNXT6.SYS --> C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [?]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]

S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk62x64.sys --> C:\Windows\system32\DRIVERS\yk62x64.sys [?]

.

=============== Created Last 30 ================

.

2012-01-17 23:44:52 -------- d-----w- C:\Users\nate\AppData\Local\{8FEFB2E5-32CE-46FC-9855-6594C851D4B5}

2012-01-17 23:44:42 -------- d-----w- C:\Users\nate\AppData\Local\{72043A45-7A1C-44B9-870B-269D1AD6533E}

2012-01-17 18:48:13 -------- d-----w- C:\Program Files (x86)\D7750

2012-01-17 18:48:12 548864 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcp80.dll

2012-01-17 18:48:12 479232 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcm80.dll

2012-01-17 18:48:12 43992 ----a-w- C:\Program Files (x86)\Mozilla Firefox\mozutils.dll

2012-01-17 18:48:11 626688 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcr80.dll

2012-01-17 18:47:29 -------- d-----w- C:\Program Files (x86)\LP

2012-01-17 18:45:28 -------- d-sh--w- C:\Users\nate\AppData\Roaming\Malware Protection Center

2012-01-17 18:45:27 -------- d-sh--w- C:\ProgramData\MPJSC

2012-01-17 18:45:05 -------- d-sh--w- C:\ProgramData\727d59

2012-01-17 18:44:30 -------- d-----w- C:\Users\nate\AppData\Roaming\D7750

2012-01-17 18:44:27 104448 ----a-w- C:\Users\nate\AppData\Roaming\Microsoft\C46F\AADF.tmp

2012-01-17 18:43:57 -------- d-----w- C:\Users\nate\AppData\Roaming\F2FD7

2012-01-17 16:01:06 -------- d-----w- C:\Program Files (x86)\Traffic Travis v4

2012-01-17 11:58:48 69000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{0364DFAB-9164-4FEF-820E-95FD999DC348}\offreg.dll

2012-01-17 11:58:43 8822856 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{0364DFAB-9164-4FEF-820E-95FD999DC348}\mpengine.dll

2012-01-17 11:44:18 -------- d-----w- C:\Users\nate\AppData\Local\{B8CA5CFC-E174-449B-AC22-9C712BFB79EA}

2012-01-17 11:44:08 -------- d-----w- C:\Users\nate\AppData\Local\{BB24E408-D1D1-457C-A954-91509ADBC0F0}

2012-01-16 17:43:49 -------- d-----w- C:\Users\nate\AppData\Local\{5CE145B8-F5D7-43FD-A1B6-DEB14B190F26}

2012-01-16 17:43:39 -------- d-----w- C:\Users\nate\AppData\Local\{6C8D8173-CB83-4526-81BA-C5831EABD12F}

2012-01-16 12:33:48 -------- d-----w- C:\HP_TOOLS_mountHPSF

2012-01-13 19:58:39 -------- d-----r- C:\Program Files (x86)\Skype

2012-01-12 15:01:52 -------- d-----w- C:\Users\nate\AppData\Local\{697C5DC7-E223-46B4-A179-0248BF76642A}

2012-01-12 15:01:42 -------- d-----w- C:\Users\nate\AppData\Local\{F6553DCA-D728-44A2-A5B2-E3E36FF300AA}

2012-01-12 01:09:01 -------- d-----w- C:\Users\nate\AppData\Local\{857B96ED-C4B7-452F-847E-6F312612B699}

2012-01-12 01:08:51 -------- d-----w- C:\Users\nate\AppData\Local\{24FF29C9-181C-469D-801E-98D15F819D84}

2012-01-11 20:40:59 1328640 ----a-w- C:\Windows\SysWow64\quartz.dll

2012-01-11 20:40:58 514560 ----a-w- C:\Windows\SysWow64\qdvd.dll

2012-01-11 20:40:58 366592 ----a-w- C:\Windows\System32\qdvd.dll

2012-01-11 20:40:58 1572864 ----a-w- C:\Windows\System32\quartz.dll

2012-01-11 20:40:56 1739160 ----a-w- C:\Windows\System32\ntdll.dll

2012-01-11 20:40:56 1292592 ----a-w- C:\Windows\SysWow64\ntdll.dll

2012-01-11 20:40:55 77312 ----a-w- C:\Windows\System32\packager.dll

2012-01-11 20:40:55 67072 ----a-w- C:\Windows\SysWow64\packager.dll

2012-01-11 13:08:26 -------- d-----w- C:\Users\nate\AppData\Local\{32B3BC8A-5BAE-40B3-85E3-C35D0D6033CD}

2012-01-11 13:08:15 -------- d-----w- C:\Users\nate\AppData\Local\{B60366FB-E818-4FDC-8894-A7E71652D948}

2012-01-11 01:08:04 -------- d-----w- C:\Users\nate\AppData\Local\{422D6D3E-64AD-455D-9835-966F1C016B9C}

2012-01-11 01:07:54 -------- d-----w- C:\Users\nate\AppData\Local\{915171E2-2364-4F74-BB10-F717693B9404}

2012-01-10 11:20:12 -------- d-----w- C:\Users\nate\AppData\Local\{8AD7A98F-851A-4841-94C4-76AF832A1D9D}

2012-01-10 11:20:01 -------- d-----w- C:\Users\nate\AppData\Local\{8BA4D7FB-41E3-488C-BA32-348643193A9E}

2012-01-09 22:27:28 -------- d-----w- C:\Users\nate\AppData\Local\{C41C65ED-6A6D-44F0-ABBE-E8CE168A52AB}

2012-01-09 22:27:17 -------- d-----w- C:\Users\nate\AppData\Local\{5A3EDDBE-A1A0-48E3-86E5-7DB57BDD157A}

2012-01-09 10:27:05 -------- d-----w- C:\Users\nate\AppData\Local\{61317536-3F25-4395-9327-FAC18CC6AB06}

2012-01-08 22:26:39 -------- d-----w- C:\Users\nate\AppData\Local\{8A934FB9-C9B3-46A6-B5C2-BBDB0D6154E1}

2012-01-08 22:26:28 -------- d-----w- C:\Users\nate\AppData\Local\{712F4492-EB5F-4FDB-BD4B-CFE91C7B31FF}

2012-01-08 01:53:49 -------- d-----w- C:\Users\nate\AppData\Roaming\RenPy

2012-01-08 01:52:33 -------- d-----w- C:\Program Files (x86)\Katawa Shoujo

2012-01-07 23:31:11 -------- d-----w- C:\Users\nate\AppData\Local\{16D85664-726D-42D2-8DD5-46DBA63C547C}

2012-01-07 23:31:01 -------- d-----w- C:\Users\nate\AppData\Local\{AEC9E10A-9531-4CA4-8396-A54A9DBF648E}

2012-01-07 11:30:49 -------- d-----w- C:\Users\nate\AppData\Local\{57F063E9-BA6C-4603-A47B-E06A73390EF8}

2012-01-07 11:30:39 -------- d-----w- C:\Users\nate\AppData\Local\{03470536-7353-401C-BBAF-6DE0F8D698AD}

2012-01-06 23:23:33 -------- d-----w- C:\Users\nate\AppData\Local\{16DE8CF6-346C-4B92-9E36-E4BCCF8C7203}

2012-01-06 23:23:22 -------- d-----w- C:\Users\nate\AppData\Local\{70282409-E500-4F8F-9C6C-DBE7D14E5441}

2012-01-06 11:23:11 -------- d-----w- C:\Users\nate\AppData\Local\{27070B88-91A8-4F75-8164-AE19D23B1666}

2012-01-06 11:23:01 -------- d-----w- C:\Users\nate\AppData\Local\{CC6C9CA7-0A3A-4FA4-B746-FB2A20AF1074}

2012-01-05 22:05:05 -------- d-----w- C:\Users\nate\AppData\Local\{0187CC80-0476-4C5D-87C7-39BD9149A9D7}

2012-01-05 22:04:54 -------- d-----w- C:\Users\nate\AppData\Local\{2714CCA9-68FA-4D65-9E24-995043FE784A}

2012-01-05 10:04:43 -------- d-----w- C:\Users\nate\AppData\Local\{7FD93547-75F1-423C-811F-2CE8F58D6792}

2012-01-05 10:04:07 -------- d-----w- C:\Users\nate\AppData\Local\{466A96B9-1DE6-4020-B2ED-1A9F1C6F3A8B}

2012-01-04 18:46:16 -------- d-----w- C:\Users\nate\AppData\Local\{A49485E4-59FE-4B63-816D-09C3A894EDB0}

2012-01-04 18:46:06 -------- d-----w- C:\Users\nate\AppData\Local\{C5706161-D6B1-49AE-BF00-CA5C27051366}

2012-01-02 02:57:34 -------- d-----w- C:\Users\nate\AppData\Local\{0253B11A-148A-4236-8131-506249B75BD5}

2011-12-29 02:21:26 -------- d-----w- C:\Program Files (x86)\VideoLAN

2011-12-27 14:14:47 -------- d-----w- C:\Users\nate\AppData\Local\{AF84A7CC-9D0A-447F-9859-4D989A49625C}

2011-12-27 14:14:37 -------- d-----w- C:\Users\nate\AppData\Local\{32A0D396-84B0-4F44-9CDE-C1EC01044086}

2011-12-26 11:41:25 -------- d-----w- C:\Users\nate\AppData\Local\{17CB6838-85BA-468D-A402-AEAE02525293}

2011-12-26 11:41:15 -------- d-----w- C:\Users\nate\AppData\Local\{0BBEE581-6643-4302-B45B-7A3DED2E1B66}

2011-12-25 14:20:44 -------- d-----w- C:\Users\nate\AppData\Local\{852FE508-5AE7-43EE-A734-9AD94839D5A0}

2011-12-25 02:06:36 -------- d-----w- C:\Users\nate\AppData\Local\{0757CEDB-AB10-465B-AC83-6E24A7E773BF}

2011-12-24 13:12:08 -------- d-----w- C:\Program Files (x86)\YouTube Downloader Toolbar

2011-12-24 13:12:08 -------- d-----w- C:\Program Files (x86)\Common Files\Spigot

2011-12-24 13:12:08 -------- d-----w- C:\Program Files (x86)\Application Updater

2011-12-24 12:48:54 -------- d-----w- C:\Users\nate\AppData\Local\{0D0AB6AE-1BB7-4AD8-91E4-9EFB065AC283}

2011-12-24 00:48:27 -------- d-----w- C:\Users\nate\AppData\Local\{77FAAC4E-6EB4-4EDD-AAB8-8BB80DABC3BE}

2011-12-24 00:48:12 -------- d-----w- C:\Users\nate\AppData\Local\{FA87F228-9BFE-4BDA-BA8F-6AA6A663D86D}

2011-12-24 00:40:08 2106216 ----a-w- C:\Program Files (x86)\Mozilla Firefox\D3DCompiler_43.dll

2011-12-24 00:40:08 1998168 ----a-w- C:\Program Files (x86)\Mozilla Firefox\d3dx9_43.dll

2011-12-24 00:40:08 121816 ----a-w- C:\Program Files (x86)\Mozilla Firefox\components\browsercomps.dll

2011-12-24 00:40:07 97240 ----a-w- C:\Program Files (x86)\Mozilla Firefox\libEGL.dll

2011-12-24 00:40:07 486360 ----a-w- C:\Program Files (x86)\Mozilla Firefox\libGLESv2.dll

2011-12-24 00:40:07 15832 ----a-w- C:\Program Files (x86)\Mozilla Firefox\mozalloc.dll

2011-12-24 00:40:06 814040 ----a-w- C:\Program Files (x86)\Mozilla Firefox\mozsqlite3.dll

2011-12-24 00:40:06 2124760 ----a-w- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll

2011-12-22 20:42:41 -------- d-----w- C:\Program Files (x86)\Ralink

2011-12-20 19:47:59 -------- d-----w- C:\Users\nate\AppData\Roaming\Broken Rules

2011-12-20 19:47:37 -------- d-----w- C:\Program Files (x86)\And Yet It Moves

.

==================== Find3M ====================

.

2012-01-17 00:21:18 60304 ----a-w- C:\Users\nate\g2mdlhlpx.exe

2011-12-10 15:24:08 23152 ----a-w- C:\Windows\System32\drivers\mbam.sys

2011-11-24 05:00:47 3141632 ----a-w- C:\Windows\System32\win32k.sys

2011-11-05 05:26:29 1197568 ----a-w- C:\Windows\System32\wininet.dll

2011-11-05 05:23:10 57856 ----a-w- C:\Windows\System32\licmgr10.dll

2011-11-05 05:17:42 2048 ----a-w- C:\Windows\System32\tzres.dll

2011-11-05 04:35:50 981504 ----a-w- C:\Windows\SysWow64\wininet.dll

2011-11-05 04:34:15 44544 ----a-w- C:\Windows\SysWow64\licmgr10.dll

2011-11-05 04:30:11 2048 ----a-w- C:\Windows\SysWow64\tzres.dll

2011-11-05 04:07:32 482816 ----a-w- C:\Windows\System32\html.iec

2011-11-05 03:28:41 386048 ----a-w- C:\Windows\SysWow64\html.iec

2011-11-05 03:25:44 1638912 ----a-w- C:\Windows\System32\mshtml.tlb

2011-11-05 02:55:38 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2011-10-26 05:19:07 43520 ----a-w- C:\Windows\System32\csrsrv.dll

.

============= FINISH: 23:56:54.21 ===============

MBAM Quick Scan log:

Malwarebytes Anti-Malware 1.60.0.1800

www.malwarebytes.org

Database version: v2012.01.17.04

Windows 7 x64 NTFS (Safe Mode/Networking)

Internet Explorer 8.0.7600.16385

nate :: NATE-HP [administrator]

18/01/2012 00:03:20

mbam-log-2012-01-18 (00-03-20).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 175125

Time elapsed: 3 minute(s), 29 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

Even though it says nothing detected, I know the virus is there because it said that before. Also sometimes I'd scan and it would detect 1 threat, I'd remove it but the virus is still there.

Link to post
Share on other sites

Hello and welcome. Please follow these guidelines while we work on your PC:

  • Malware removal is a sometimes lengthy and tedious process. Please stick with the thread until I’ve given you the “All clear.” Absence of symptoms does not mean your machine is clean!
  • Please do not run any scans or install/uninstall any applications without being directed to do so.
  • Please note that the forum is very busy and if I don't hear from you within five days this thread will be closed.

icon11.gif Download Combofix from either of the links below, and save it to your desktop.

Link 1

Link 2

**Note: It is important that it is saved directly to your desktop**

--------------------------------------------------------------------

IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link

--------------------------------------------------------------------

Double click on ComboFix.exe & follow the prompts.

  • If you have trouble, stop and post back. Do not try to repeatedly run comboFix!
  • When finished, it will produce a report for you.

.

Please include the following in your next post:

  • ComboFix log

Link to post
Share on other sites

  • 2 weeks later...

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.