Jump to content

I got rid of the malware, but....


Recommended Posts

i was recently attacked by some malware, and a friend turned me to Malwarebytes to get rid of it. i have gotten rid of the malware, but it apparently changes a whole mess of settings and now im having a hard time finding my programs. i know they are still there, but i cant seem to access them. i know part of the problem is that it marked a large portion of my files as hidden, but short or manually going in and unhiding them all, i dont know what to do. Please help!

Attach.txt

DDS.txt

Link to post
Share on other sites

Hello SirNecronomicon and :welcome:! My name is Maniac and I will be glad to help you solve your malware problem.

Please note:

  • If you are a paying customer, you have the privilege to contact the help desk at support@malwarebytes.org or here (http://helpdesk.malwarebytes.org/home). If you choose this option to get help, please let me know.
  • I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
  • Make sure you read all of the instructions and fixes thoroughly before continuing with them.
  • Follow my instructions strictlya and don’t hesitate to stop and ask me if you have any questions.
  • Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.

Your system is still infected.

Step 1

Please download unhide.exe from here and save it to your Desktop. Double-click on the Unhide.exe icon on your desktop and allow the program to run. This program will remove the +H, or hidden, attribute from all the files on your hard drives. If there are any files that were purposely hidden by you, you will need to hide them again after this tool is run.

Step 2

  • Launch Malwarebytes' Anti-Malware
  • Go to Update" tab and select Check for Updates. If an update is found, it will download and install the latest version.
  • Go to Scanner tab and select Perform Quick Scan, then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer,please do so immediately.

In your next reply, post the following log files:

  • Malwarebytes' Anti-Malware log
  • a new fresh DDS log file

Link to post
Share on other sites

well, that seemed to fix things.....

here are the logs:

Malwarebytes Anti-Malware (Trial) 1.60.1.1000

www.malwarebytes.org

Database version: v2012.03.10.03

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 9.0.8112.16421

Wicked Creationz :: WICKEDTWO [administrator]

Protection: Enabled

3/10/2012 11:33:15 AM

mbam-log-2012-03-10 (11-33-15).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 196243

Time elapsed: 3 minute(s), 53 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

and the DDS log:

.

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 9.0.8112.16421

Run by Wicked Creationz at 11:38:55 on 2012-03-10

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8174.5596 [GMT -6:00]

.

AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}

SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\nvvsvc.exe

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Program Files\IDT\WDM\STacSV64.exe

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe

C:\Windows\system32\nvvsvc.exe

C:\Windows\SYSTEM32\WISPTIS.EXE

C:\Windows\system32\WLANExt.exe

C:\Windows\system32\conhost.exe

C:\Program Files\AVAST Software\Avast\AvastSvc.exe

C:\Windows\SYSTEM32\WISPTIS.EXE

C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe

C:\Windows\system32\Dwm.exe

C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe

C:\Windows\Explorer.EXE

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\IDT\WDM\sttray64.exe

C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe

C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe

C:\Program Files (x86)\Lexmark 1300 Series\lxdcamon.exe

C:\Program Files\Microsoft IntelliPoint\ipoint.exe

C:\Program Files (x86)\Lexmark 2300 Series\lxcgmon.exe

C:\Program Files (x86)\Lexmark 2300 Series\ezprint.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

C:\Program Files (x86)\Alienware On-Screen Display\AlienwareOn-ScreenDisplay.exe

C:\Program Files (x86)\Integrated Webcam\Live! Central\WebcamInt.exe

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe

C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe

C:\Program Files\AVAST Software\Avast\AvastUI.exe

C:\Program Files\Alienware\Command Center\AWCCServiceController.exe

C:\Program Files\Logitech\SetPoint\SetPoint.exe

C:\Program Files (x86)\iTunes\iTunesHelper.exe

C:\Program Files (x86)\Autodesk\SketchBookPro2010\SketchBookSnapshot.exe

C:\Program Files (x86)\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe

C:\Program Files (x86)\Adobe\Adobe Acrobat 7.0\Distillr\acrotray.exe

C:\Program Files\Alienware\Command Center\AlienwareAlienFXController.exe

C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe

C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe

C:\Program Files\Alienware\Command Center\AlienwareTactXMacroController.exe

C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin

C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe

C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Program Files\IDT\WDM\AESTSr64.exe

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files (x86)\Bonjour\mDNSResponder.exe

C:\Windows\system32\taskeng.exe

C:\Program Files\Intel\WiFi\bin\EvtEng.exe

C:\Windows\system32\taskeng.exe

C:\Program Files\Core Temp\Core Temp.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\system32\lxcgcoms.exe

C:\Windows\system32\lxdccoms.exe

C:\Program Files (x86)\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_32server.exe

C:\Program Files\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_64server.exe

C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe

C:\Program Files (x86)\AlienRespawn\sftservice.EXE

C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Windows\system32\Pen_Tablet.exe

C:\Users\Wicked Creationz\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\AlienRespawn\TOASTER.EXE

C:\Program Files (x86)\AlienRespawn\Components\DSUpdate\DSUpd.exe

C:\Windows\system32\WTablet\Pen_TabletUser.exe

C:\Program Files (x86)\AlienRespawn\COMPONENTS\SCHEDULER\STSERVICE.EXE

C:\Windows\system32\Pen_Tablet.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Users\Wicked Creationz\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Adobe\Adobe Version Cue CS2\data\database\bin\mysqld-nt.exe

C:\Windows\system32\conhost.exe

C:\Users\Wicked Creationz\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Program Files\Alienware\Command Center\AWCCApplicationWatcher32.exe

C:\Windows\system32\conhost.exe

C:\Program Files\Alienware\Command Center\AWCCApplicationWatcher64.exe

C:\Windows\system32\conhost.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Windows\system32\SearchIndexer.exe

C:\Windows\system32\svchost.exe -k bthsvcs

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Users\Wicked Creationz\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe

C:\Program Files\Alienware\Command Center\AlienFusionService.exe

C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files\Alienware\Command Center\AlienFusionController.exe

C:\Windows\System32\svchost.exe -k secsvcs

C:\Windows\servicing\TrustedInstaller.exe

C:\Windows\notepad.exe

C:\Windows\system32\consent.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\SysWOW64\ctfmon.exe

C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\conhost.exe

C:\Windows\SysWOW64\cscript.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.com/

uDefault_Page_URL = hxxp://AlienwareArena.com

uInternet Settings,ProxyOverride = *.local

uURLSearchHooks: H - No File

mWinlogon: Userinit=userinit.exe,

BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

BHO: ContributeBHO Class: {074c1dc5-9320-4a9a-947d-c042949c6216} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS3/contributeieplugin.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll

BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll

BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

BHO: AcroIEToolbarHelper Class: {ae7cd045-e861-484f-8273-0445ee161910} - C:\Program Files (x86)\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

TB: Contribute Toolbar: {517bdde4-e3a7-4570-b21e-2b52b6139fc7} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS3/contributeieplugin.dll

TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - C:\Program Files (x86)\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll

TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - C:\Program Files (x86)\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll

uRun: [DW6] "C:\Program Files (x86)\The Weather Channel FW\Desktop\DesktopWeather.exe"

uRun: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

uRun: [Google Update] "C:\Users\Wicked Creationz\AppData\Local\Google\Update\GoogleUpdate.exe" /c

mRun: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

mRun: [AlienwareOn-ScreenDisplay] C:\Program Files (x86)\Alienware On-Screen Display\AlienwareOn-ScreenDisplay.exe

mRun: [integrated Webcam Live! Central] "C:\Program Files (x86)\Integrated Webcam\Live! Central\WebcamInt.exe" /mode2

mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe"

mRun: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe"

mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui

mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

mRun: [Adobe_ID0EYTHM] C:\PROGRA~2\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE

mRun: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe

mRun: [Adobe Version Cue CS2] "C:\Program Files (x86)\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe"

mRun: [Acrobat Assistant 7.0] "C:\Program Files (x86)\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe"

mRun: [<NO NAME>]

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Java\jre6\bin\jusched.exe"

mRun: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe" -osboot

mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

StartupFolder: C:\Users\WICKED~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\OPENOF~1.LNK - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\ADOBEA~1.LNK - C:\Windows\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\ADOBEG~1.LNK - C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\LOGITE~1.LNK - C:\Program Files\Logitech\SetPoint\SetPoint.exe

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SKETCH~1.LNK - C:\Program Files (x86)\Autodesk\SketchBookPro2010\SketchBookSnapshot.exe

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: Convert link target to Adobe PDF - C:\Program Files (x86)\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Convert link target to existing PDF - C:\Program Files (x86)\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert selected links to Adobe PDF - C:\Program Files (x86)\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Convert selected links to existing PDF - C:\Program Files (x86)\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Convert selection to Adobe PDF - C:\Program Files (x86)\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Convert selection to existing PDF - C:\Program Files (x86)\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert to Adobe PDF - C:\Program Files (x86)\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Convert to existing PDF - C:\Program Files (x86)\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

TCP: DhcpNameServer = 208.67.222.222 208.67.220.220 67.221.192.194

TCP: Interfaces\{A4C11E55-9A81-4FCE-B3FB-62FA4149C53F} : DhcpNameServer = 208.67.222.222 208.67.220.220 67.221.192.194

TCP: Interfaces\{A4C11E55-9A81-4FCE-B3FB-62FA4149C53F}\1434C4962627162797D2055726C69636 : DhcpNameServer = 192.168.0.1

TCP: Interfaces\{A4C11E55-9A81-4FCE-B3FB-62FA4149C53F}\C696E6B6379637 : DhcpNameServer = 207.192.228.19 207.192.229.10

TCP: Interfaces\{A4C11E55-9A81-4FCE-B3FB-62FA4149C53F}\D4F62747F6E637 : DhcpNameServer = 192.168.1.1

BHO-X64: Adobe PDF Reader Link Helper: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

BHO-X64: ContributeBHO Class: {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS3/contributeieplugin.dll

BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO-X64: AcroIEHelperStub - No File

BHO-X64: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll

BHO-X64: SSVHelper Class: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll

BHO-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

BHO-X64: AcroIEToolbarHelper Class: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll

BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

TB-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

TB-X64: Contribute Toolbar: {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS3/contributeieplugin.dll

TB-X64: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll

TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

EB-X64: {182EC0BE-5110-49C8-A062-BEB1D02A220B} - No File

mRun-x64: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

mRun-x64: [AlienwareOn-ScreenDisplay] C:\Program Files (x86)\Alienware On-Screen Display\AlienwareOn-ScreenDisplay.exe

mRun-x64: [integrated Webcam Live! Central] "C:\Program Files (x86)\Integrated Webcam\Live! Central\WebcamInt.exe" /mode2

mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"

mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun-x64: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe"

mRun-x64: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe"

mRun-x64: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui

mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

mRun-x64: [Adobe_ID0EYTHM] C:\PROGRA~2\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE

mRun-x64: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe

mRun-x64: [Adobe Version Cue CS2] "C:\Program Files (x86)\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe"

mRun-x64: [Acrobat Assistant 7.0] "C:\Program Files (x86)\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe"

mRun-x64: [(Default)]

mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Java\jre6\bin\jusched.exe"

mRun-x64: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe" -osboot

mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

.

============= SERVICES / DRIVERS ===============

.

R0 EMSC;COMPAL Embedded System Control;C:\Windows\System32\drivers\EMSC.sys [2009-6-26 13680]

R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]

R0 stdcfltn;Disk Class Filter Driver for Accelerometer;C:\Windows\system32\DRIVERS\stdcfltn.sys --> C:\Windows\system32\DRIVERS\stdcfltn.sys [?]

R1 aswSnx;aswSnx;C:\Windows\system32\drivers\aswSnx.sys --> C:\Windows\system32\drivers\aswSnx.sys [?]

R1 aswSP;aswSP;C:\Windows\system32\drivers\aswSP.sys --> C:\Windows\system32\drivers\aswSP.sys [?]

R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]

R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-6-6 64952]

R2 AESTFilters;Andrea ST Filters Service;C:\Program Files\IDT\WDM\AESTSr64.exe [2011-7-7 89600]

R2 AlienFusionService;Alienware Fusion Service;C:\Program Files\Alienware\Command Center\AlienFusionService.exe [2011-2-4 15296]

R2 aswFsBlk;aswFsBlk;C:\Windows\system32\drivers\aswFsBlk.sys --> C:\Windows\system32\drivers\aswFsBlk.sys [?]

R2 aswMonFlt;aswMonFlt;\??\C:\Windows\system32\drivers\aswMonFlt.sys --> C:\Windows\system32\drivers\aswMonFlt.sys [?]

R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2012-1-7 44768]

R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-7-7 13336]

R2 lxdc_device;lxdc_device;C:\Windows\system32\lxdccoms.exe -service --> C:\Windows\system32\lxdccoms.exe -service [?]

R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-3-9 652360]

R2 mi-raysat_3dsmax2010_32;mental ray 3.7 Satellite for Autodesk 3ds Max 2010 32-bit 32-bit;C:\Program Files (x86)\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_32server.exe [2009-3-12 86016]

R2 mi-raysat_3dsmax2010_64;mental ray 3.7 Satellite for Autodesk 3ds Max 2010 64-bit 64-bit;C:\Program Files\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_64server.exe [2009-3-12 86016]

R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\AlienRespawn\SftService.exe [2011-7-7 1692480]

R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-3-9 378472]

R2 TabletServicePen;TabletServicePen;C:\Windows\system32\Pen_Tablet.exe --> C:\Windows\system32\Pen_Tablet.exe [?]

R3 Acceler;Accelerometer Service;C:\Windows\system32\DRIVERS\Accelern.sys --> C:\Windows\system32\DRIVERS\Accelern.sys [?]

R3 btwampfl;Bluetooth AMP USB Filter;C:\Windows\system32\drivers\btwampfl.sys --> C:\Windows\system32\drivers\btwampfl.sys [?]

R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\system32\DRIVERS\CtClsFlt.sys --> C:\Windows\system32\DRIVERS\CtClsFlt.sys [?]

R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\Windows\system32\DRIVERS\L1C62x64.sys --> C:\Windows\system32\DRIVERS\L1C62x64.sys [?]

R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]

R3 MEIx64;Intel® Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]

R3 NETwNs64;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\system32\DRIVERS\NETwNs64.sys --> C:\Windows\system32\DRIVERS\NETwNs64.sys [?]

R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\system32\DRIVERS\nusb3hub.sys --> C:\Windows\system32\DRIVERS\nusb3hub.sys [?]

R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\system32\DRIVERS\nusb3xhc.sys --> C:\Windows\system32\DRIVERS\nusb3xhc.sys [?]

R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys --> C:\Windows\system32\drivers\nvhda64v.sys [?]

R3 RSPCIESTOR;Realtek PCIE CardReader Driver;C:\Windows\system32\DRIVERS\RtsPStor.sys --> C:\Windows\system32\DRIVERS\RtsPStor.sys [?]

R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-8-28 136176]

S2 lxdcCATSCustConnectService;lxdcCATSCustConnectService;C:\Windows\System32\spool\drivers\x64\3\lxdcserv.exe [2007-5-25 34224]

S2 RoxWatch12;Roxio Hard Drive Watcher 12;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632]

S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2011-7-15 1315592]

S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-8-28 136176]

S3 Impcd;Impcd;C:\Windows\system32\drivers\Impcd.sys --> C:\Windows\system32\drivers\Impcd.sys [?]

S3 IntcDAud;Intel® Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys --> C:\Windows\system32\DRIVERS\IntcDAud.sys [?]

S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2011-1-5 340240]

S3 npggsvc;nProtect GameGuard Service;C:\Windows\system32\GameMon.des -service --> C:\Windows\system32\GameMon.des -service [?]

S3 RoxMediaDB12OEM;RoxMediaDB12OEM;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]

S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]

S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]

S3 wacmoumonitor;Wacom Mode Helper;C:\Windows\system32\DRIVERS\wacmoumonitor.sys --> C:\Windows\system32\DRIVERS\wacmoumonitor.sys [?]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]

.

=============== Created Last 30 ================

.

2012-03-10 01:16:37 -------- d-----w- C:\Users\Wicked Creationz\AppData\Roaming\Malwarebytes

2012-03-10 01:16:33 23152 ----a-w- C:\Windows\System32\drivers\mbam.sys

2012-03-10 01:16:33 -------- d-----w- C:\ProgramData\Malwarebytes

2012-03-10 01:16:32 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2012-03-09 23:52:40 338432 ----a-w- C:\ProgramData\4xNPweGWEvuiQb.exe

2012-03-09 11:57:42 8643640 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{FDA6C6A8-6345-4B5B-94C3-4C282A1576A4}\mpengine.dll

2012-03-06 05:49:41 -------- d-----w- C:\Games

2012-03-06 05:47:39 -------- d-----w- C:\Users\Wicked Creationz\AppData\Local\Black_Tree_Gaming

2012-03-06 05:47:35 -------- d-----w- C:\Program Files\Nexus Mod Manager

2012-03-03 18:57:09 -------- d-----w- C:\Users\Wicked Creationz\.swt

2012-03-03 00:45:49 -------- d-----w- C:\Program Files\Core Temp

2012-02-25 18:04:34 -------- d-----w- C:\Users\Wicked Creationz\AppData\Roaming\Blender Foundation

2012-02-25 17:55:15 -------- d-----w- C:\Program Files\Blender Foundation

2012-02-15 11:40:39 509952 ----a-w- C:\Windows\System32\ntshrui.dll

2012-02-15 11:40:39 442880 ----a-w- C:\Windows\SysWow64\ntshrui.dll

2012-02-15 11:40:36 515584 ----a-w- C:\Windows\System32\timedate.cpl

2012-02-15 11:40:36 478720 ----a-w- C:\Windows\SysWow64\timedate.cpl

2012-02-15 11:40:34 3145728 ----a-w- C:\Windows\System32\win32k.sys

2012-02-15 11:40:32 498688 ----a-w- C:\Windows\System32\drivers\afd.sys

2012-02-15 11:40:27 690688 ----a-w- C:\Windows\SysWow64\msvcrt.dll

2012-02-15 11:40:27 634880 ----a-w- C:\Windows\System32\msvcrt.dll

.

==================== Find3M ====================

.

2012-03-03 00:40:27 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2012-02-23 15:18:36 279656 ------w- C:\Windows\System32\MpSigStub.exe

2011-12-14 07:11:03 2308096 ----a-w- C:\Windows\System32\jscript9.dll

2011-12-14 07:04:30 1390080 ----a-w- C:\Windows\System32\wininet.dll

2011-12-14 07:03:38 1493504 ----a-w- C:\Windows\System32\inetcpl.cpl

2011-12-14 06:57:28 2382848 ----a-w- C:\Windows\System32\mshtml.tlb

2011-12-14 03:04:54 1798656 ----a-w- C:\Windows\SysWow64\jscript9.dll

2011-12-14 02:57:18 1127424 ----a-w- C:\Windows\SysWow64\wininet.dll

2011-12-14 02:56:58 1427456 ----a-w- C:\Windows\SysWow64\inetcpl.cpl

2011-12-14 02:50:04 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb

.

============= FINISH: 11:39:23.38 ===============

Link to post
Share on other sites

Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please include the C:\ComboFix.txt in your next reply for further review.

Link to post
Share on other sites

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.