Jump to content

infected

auttomich
 Share

Recommended Posts

auttomich

auttomich

Posted
Posted

HI

I think my computer is infected, i ran malwarebytes and nothing shows up. Internet explorer stops working, redirects. I ran the dds like it said to do on the forum. here is the log.

.

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 8.0.7601.17514

Run by atomich at 11:13:44 on 2012-06-04

Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.8149.6151 [GMT -4:00]

.

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files\Common Files\SPBA\upeksvr.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\Dwm.exe

C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe

C:\ProgramData\Macrovision\FLEXnet Connect\11\ISUSPM.exe

C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE

C:\Windows\System32\svchost.exe -k secsvcs

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe

C:\Program Files (x86)\2020\Giza\gf_main.exe

C:\Windows\explorer.exe

C:\Users\atomich\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\atomich\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\atomich\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\REGSVR32.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\conhost.exe

C:\Windows\SysWOW64\cscript.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uWindow Title = Windows Internet Explorer provided by Yahoo!

uStart Page = hxxp://www.yahoo.com/

uInternet Settings,ProxyOverride = <local>

mWinlogon: Userinit=userinit.exe

BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: TmIEPlugInBHO Class: {1ca1377b-dc1d-4a52-9585-6e06050fac53} - c:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1009\TmIEPlg32.dll

BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL

BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll

TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

uRun: [<NO NAME>]

uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background

uRun: [iSUSPM] "C:\ProgramData\Macrovision\FLEXnet Connect\11\ISUSPM.exe" -scheduler

uRun: [Google Update] "C:\Users\atomich\AppData\Local\Google\Update\GoogleUpdate.exe" /c

mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

mRun: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"

mRun: [<NO NAME>]

mRun: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

dRun: [{4FACEE47-5D2E-4B3F-9375-9EFEC517DB84}] rundll32.exe "C:\Users\atomich\AppData\Local\{6B597B5A-F27E-4923-B9AF-6FD87B171320}\{4FACEE47-5D2E-4B3F-9375-9EFEC517DB84}\zgkpnd.dll",DllRegisterServer

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)

mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableLUA = 0 (0x0)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

mPolicies-system: PromptOnSecureDesktop = 0 (0x0)

mPolicies-system: DisableCAD = 1 (0x1)

IE: Append to existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert link target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Convert link target to existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab

DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://2020commercialtraining.webex.com/client/T26L10NSP49EP26/support/ieatgpc1.cab

TCP: DhcpNameServer = 192.168.1.1

TCP: Interfaces\{73FFA776-5DB5-445E-B6E0-CC755BCF6DC0} : DhcpNameServer = 192.168.1.1

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL

Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} -

SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL

LSA: Authentication Packages = msv1_0 wvauth

mASetup: {2D46B6DC-2207-486B-B523-A557E6D54B47} - C:\Windows\system32\cmd.exe /D /C start C:\Windows\system32\ie4uinit.exe -ClearIconCache

BHO-X64: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File

BHO-X64: 0x1 - No File

BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO-X64: AcroIEHelperStub - No File

BHO-X64: TmIEPlugInBHO Class: {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - c:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1009\TmIEPlg32.dll

BHO-X64: Trend Micro NSC BHO - No File

BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL

BHO-X64: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll

BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO-X64: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL

BHO-X64: URLRedirectionBHO - No File

BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

BHO-X64: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

BHO-X64: SmartSelect - No File

BHO-X64: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll

TB-X64: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

mRun-x64: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"

mRun-x64: [(Default)]

mRun-x64: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"

mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL

Hosts: 10.0.11.30 maifile maifile.maispace.local

.

============= SERVICES / DRIVERS ===============

.

R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]

R1 raddrvv3;raddrvv3;C:\Windows\SysWOW64\rserver30\raddrvv3.sys [2010-4-21 68680]

R1 se64a;EnTech softEngine;C:\Windows\System32\drivers\se64a.sys [2007-5-3 14032]

R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]

R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]

R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;C:\Windows\system32\drivers\AtihdW76.sys --> C:\Windows\system32\drivers\AtihdW76.sys [?]

R3 e1cexpress;Intel® PRO/1000 PCI Express Network Connection Driver C;C:\Windows\system32\DRIVERS\e1c62x64.sys --> C:\Windows\system32\DRIVERS\e1c62x64.sys [?]

R3 MEIx64;Intel® Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]

R3 mirrorv3;mirrorv3;C:\Windows\system32\DRIVERS\rminiv3.sys --> C:\Windows\system32\DRIVERS\rminiv3.sys [?]

R3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]

R3 SNTUSB64;SafeNet USB SuperPro/UltraPro/HardwareKey;C:\Windows\system32\DRIVERS\SNTUSB64.SYS --> C:\Windows\system32\DRIVERS\SNTUSB64.SYS [?]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-5-31 654408]

S2 Sentinel64;Sentinel64;C:\Windows\system32\Drivers\Sentinel64.sys --> C:\Windows\system32\Drivers\Sentinel64.sys [?]

S3 dmvsc;dmvsc;C:\Windows\system32\drivers\dmvsc.sys --> C:\Windows\system32\drivers\dmvsc.sys [?]

S3 IntcDAud;Intel® Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys --> C:\Windows\system32\DRIVERS\IntcDAud.sys [?]

S3 mbamchameleon;mbamchameleon;\??\C:\Windows\system32\drivers\mbamchameleon.sys --> C:\Windows\system32\drivers\mbamchameleon.sys [?]

S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-6-12 31125880]

S3 netvsc;netvsc;C:\Windows\system32\DRIVERS\netvsc60.sys --> C:\Windows\system32\DRIVERS\netvsc60.sys [?]

S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]

S3 SynthVid;SynthVid;C:\Windows\system32\DRIVERS\VMBusVideoM.sys --> C:\Windows\system32\DRIVERS\VMBusVideoM.sys [?]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]

S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]

S4 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-3 257696]

S4 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]

S4 atashost;WebEx Service Host for Support Center;C:\Windows\SysWOW64\atashost.exe [2011-11-30 133944]

S4 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-10-24 13336]

S4 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;C:\Windows\system32\IProsetMonitor.exe --> C:\Windows\system32\IProsetMonitor.exe [?]

S4 RoxMediaDB12OEM;RoxMediaDB12OEM;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656]

S4 RoxWatch12;Roxio Hard Drive Watcher 12;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632]

S4 RServer3;Radmin Server V3;C:\Windows\SysWOW64\rserver30\rserver3.exe [2010-4-21 1242480]

S4 softOSD;softOSD;C:\Program Files (x86)\softOSD\softOSD.exe [2010-12-18 291384]

S4 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-10-24 2656536]

S4 Wave Authentication Manager Service;Wave Authentication Manager Service;C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Authentication Manager\WaveAMService.exe [2011-7-1 1600000]

.

=============== Created Last 30 ================

.

2012-06-04 14:32:53 -------- d-----w- C:\Users\atomich\AppData\Local\{D7A29127-C564-4473-8F21-4FE17E6CBE32}

2012-06-04 14:32:42 -------- d-----w- C:\Users\atomich\AppData\Local\{8A5C9CA1-B14D-4037-A3AC-BA0BF79FEE93}

2012-06-04 13:26:52 69000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{F26EB8E2-4B32-4F87-A867-F7B10E41A0AB}\offreg.dll

2012-06-04 02:32:18 -------- d-----w- C:\Users\atomich\AppData\Local\{7F911415-A865-43A5-BBB3-0A6A18387B59}

2012-06-03 14:31:55 -------- d-----w- C:\Users\atomich\AppData\Local\{D7D95B94-5002-45B6-BD0E-E5851B13CD60}

2012-06-03 14:31:45 -------- d-----w- C:\Users\atomich\AppData\Local\{F5743E8A-1D51-4692-9838-A2CF8609ABEA}

2012-06-02 13:22:08 -------- d-----w- C:\Users\atomich\AppData\Local\{904A6B08-D358-4E27-9CB8-C3731B899C0A}

2012-06-02 13:21:57 -------- d-----w- C:\Users\atomich\AppData\Local\{4AA66806-E151-4EB0-B0B9-075B19EA0916}

2012-06-02 01:21:44 -------- d-----w- C:\Users\atomich\AppData\Local\{F61252FC-A07B-460E-B445-45FF761C7BFB}

2012-06-02 01:21:33 -------- d-----w- C:\Users\atomich\AppData\Local\{42F4AF5C-2E1E-47F2-A6DA-259584264B15}

2012-06-01 13:46:56 33096 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys

2012-06-01 13:21:21 -------- d-----w- C:\Users\atomich\AppData\Local\{6DBA5C80-618B-430C-BA0D-9267A10CFBB3}

2012-06-01 13:21:10 -------- d-----w- C:\Users\atomich\AppData\Local\{373B6051-BA0B-482D-9D7C-9AE3E2F4D88B}

2012-06-01 08:03:30 8955792 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{F26EB8E2-4B32-4F87-A867-F7B10E41A0AB}\mpengine.dll

2012-06-01 01:20:56 -------- d-----w- C:\Users\atomich\AppData\Local\{32DE006E-6966-4C90-A6D3-8BB107CA7070}

2012-06-01 01:20:44 -------- d-----w- C:\Users\atomich\AppData\Local\{5D509465-BC92-4DD4-9F2F-C70D5087ABAE}

2012-05-31 16:45:40 584 ----a-w- C:\Windows\SysWow64\reset.bat

2012-05-31 16:01:42 -------- d-----w- C:\Users\atomich\AppData\Local\Google

2012-05-31 16:01:02 -------- d-----w- C:\Users\atomich\AppData\Local\Apps

2012-05-31 16:01:01 -------- d-----w- C:\Users\atomich\AppData\Local\Deployment

2012-05-31 15:47:17 24416 ----a-r- C:\Windows\System32\AdobePDFUI.dll

2012-05-31 15:38:45 52568 ----a-w- C:\Windows\System32\AdobePDF.dll

2012-05-31 15:34:44 -------- d-----w- C:\Program Files (x86)\Common Files\Macrovision Shared

2012-05-31 15:06:17 -------- d-----w- C:\_AcroTemp

2012-05-31 14:59:10 -------- d-----w- C:\Users\atomich\AppData\Roaming\Malwarebytes

2012-05-31 14:59:01 -------- d-----w- C:\ProgramData\Malwarebytes

2012-05-31 14:59:01 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2012-05-31 13:20:20 -------- d-----w- C:\Users\atomich\AppData\Local\{7C981887-28B4-4D72-9C37-3A85AC686EA6}

2012-05-31 13:20:09 -------- d-----w- C:\Users\atomich\AppData\Local\{B437272D-3640-442C-90C4-4FC84CAE7341}

2012-05-31 01:19:57 -------- d-----w- C:\Users\atomich\AppData\Local\{5BE9229D-16FF-4474-ACCA-DC66CDAF4A67}

2012-05-31 01:19:46 -------- d-----w- C:\Users\atomich\AppData\Local\{0A7D7DB6-8F11-4870-99FF-F8D55013A569}

2012-05-30 13:19:24 -------- d-----w- C:\Users\atomich\AppData\Local\{B8274B30-E0D9-4505-A7C0-50A6FB21402B}

2012-05-30 13:19:13 -------- d-----w- C:\Users\atomich\AppData\Local\{5DF6CF40-6375-4B05-AB78-6662A9DEF1D2}

2012-05-30 01:19:01 -------- d-----w- C:\Users\atomich\AppData\Local\{F4890901-2F77-4598-8640-216E314EED89}

2012-05-30 01:18:50 -------- d-----w- C:\Users\atomich\AppData\Local\{3CCCB88F-F74F-48DC-AEB7-B37AFE40A67D}

2012-05-29 13:18:38 -------- d-----w- C:\Users\atomich\AppData\Local\{54F82E25-7348-4D96-9EC4-2DFDC60A015C}

2012-05-29 13:18:27 -------- d-----w- C:\Users\atomich\AppData\Local\{A51AEA76-221E-44F0-971C-6B4346CA8214}

2012-05-29 01:18:15 -------- d-----w- C:\Users\atomich\AppData\Local\{ED370CC5-8A18-4021-AA2D-3AE3AD74AA55}

2012-05-29 01:18:03 -------- d-----w- C:\Users\atomich\AppData\Local\{E8A70367-E0B2-483F-A28E-00A0206D15CC}

2012-05-28 13:17:51 -------- d-----w- C:\Users\atomich\AppData\Local\{4E48CDC4-672D-427D-8D04-DE94026139A6}

2012-05-28 13:17:40 -------- d-----w- C:\Users\atomich\AppData\Local\{5A00ECB0-4208-4373-91EB-CA84D1B66943}

2012-05-28 01:17:28 -------- d-----w- C:\Users\atomich\AppData\Local\{72280971-4A36-457F-B692-BB86D52C9401}

2012-05-28 01:17:17 -------- d-----w- C:\Users\atomich\AppData\Local\{74E47E8F-9901-4FD0-871F-470689633B49}

2012-05-27 13:17:05 -------- d-----w- C:\Users\atomich\AppData\Local\{E94AF365-0043-4451-A464-DD28E3EF99FC}

2012-05-27 13:16:54 -------- d-----w- C:\Users\atomich\AppData\Local\{F7C11C98-C0F7-4B2D-A040-4C1DF4FE2D4E}

2012-05-27 01:16:42 -------- d-----w- C:\Users\atomich\AppData\Local\{A020F46F-8925-4EF2-83F0-8C33F5589758}

2012-05-27 01:16:31 -------- d-----w- C:\Users\atomich\AppData\Local\{18D825FE-D348-4196-804D-CECC6FC20113}

2012-05-26 13:16:20 -------- d-----w- C:\Users\atomich\AppData\Local\{CB19C00A-2A62-4F1B-9589-23A8143BCCC1}

2012-05-26 13:16:08 -------- d-----w- C:\Users\atomich\AppData\Local\{BD71405D-2AEF-4FC8-996A-D160FB9AAE45}

2012-05-26 01:15:57 -------- d-----w- C:\Users\atomich\AppData\Local\{5D6979DC-E341-43D9-BB61-7D1AEE723D2F}

2012-05-26 01:15:46 -------- d-----w- C:\Users\atomich\AppData\Local\{454680BA-D71F-409F-852C-12C075B8965F}

2012-05-25 13:15:34 -------- d-----w- C:\Users\atomich\AppData\Local\{DB7ABAE0-2E49-4C56-86C1-74EB683FAF9B}

2012-05-25 13:15:22 -------- d-----w- C:\Users\atomich\AppData\Local\{72F8AF1D-6394-4A5C-A5D2-3B9B24310EC9}

2012-05-25 01:15:10 -------- d-----w- C:\Users\atomich\AppData\Local\{4864A5F9-4213-47AD-B4AB-109B803B4F04}

2012-05-25 01:14:59 -------- d-----w- C:\Users\atomich\AppData\Local\{5C5F9BC4-D647-498A-84B9-06C91524C040}

2012-05-24 13:14:34 -------- d-----w- C:\Users\atomich\AppData\Local\{E5F313D0-9AB8-4E09-BC69-75FE0C552779}

2012-05-24 13:14:23 -------- d-----w- C:\Users\atomich\AppData\Local\{99EDDCE8-06C3-49B3-97DF-2C1AAEBEAB14}

2012-05-23 15:39:36 60 ----a-w- C:\Windows\wpd99.drv

2012-05-23 15:39:36 -------- d-----w- C:\ProgramData\pdf995

2012-05-23 15:39:35 40448 ----a-w- C:\Windows\System32\pdf995mon64.dll

2012-05-23 15:39:34 2266624 ----a-w- C:\Windows\System32\pdfmona64.dll

2012-05-23 15:39:33 40448 ----a-w- C:\Windows\SysWow64\pdf995mon64.dll

2012-05-23 15:39:33 11264 ----a-w- C:\Windows\System32\pdf995mon64ui.dll

2012-05-23 15:39:33 -------- d-----w- C:\Program Files (x86)\pdf995

2012-05-23 13:02:06 -------- d-----w- C:\Users\atomich\AppData\Local\{27E614BD-07DA-438B-BCCF-007EEBEC754C}

2012-05-23 13:01:55 -------- d-----w- C:\Users\atomich\AppData\Local\{CC615BA8-8A23-4DEF-B7B1-D34C24B3A57D}

2012-05-23 12:16:08 302 ----a-w- C:\FixitRegBackup.reg

2012-05-23 12:01:47 -------- d-----w- C:\WINSSLog

2012-05-23 07:04:49 8955792 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll

2012-05-22 21:47:02 -------- d-----w- C:\Users\atomich\AppData\Local\{600CCA79-B468-4D3E-938D-E4CE94F48DD2}

2012-05-22 19:49:26 -------- d-----w- C:\Users\atomich\AppData\Local\visi_coupon

2012-05-22 18:05:53 -------- d-----w- C:\Users\atomich\AppData\Roaming\Wave Systems Corp

2012-05-22 17:24:37 1544704 ----a-w- C:\Windows\System32\DWrite.dll

2012-05-22 17:24:37 1077248 ----a-w- C:\Windows\SysWow64\DWrite.dll

2012-05-22 17:24:36 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe

2012-05-22 17:24:36 3146240 ----a-w- C:\Windows\System32\win32k.sys

2012-05-22 17:24:35 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe

2012-05-22 17:24:35 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe

2012-05-22 17:23:39 75120 ----a-w- C:\Windows\System32\drivers\partmgr.sys

2012-05-22 17:23:18 1918320 ----a-w- C:\Windows\System32\drivers\tcpip.sys

2012-05-22 17:23:17 936960 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\ink\journal.dll

2012-05-22 17:23:17 1732096 ----a-w- C:\Program Files\Windows Journal\NBDoc.DLL

2012-05-22 17:23:17 1402880 ----a-w- C:\Program Files\Windows Journal\JNWDRV.dll

2012-05-22 17:23:17 1393664 ----a-w- C:\Program Files\Windows Journal\JNTFiltr.dll

2012-05-22 17:23:17 1367552 ----a-w- C:\Program Files\Common Files\Microsoft Shared\ink\journal.dll

2012-05-22 16:33:25 476960 ----a-w- C:\Windows\SysWow64\npdeployJava1.dll

2012-05-22 15:24:55 44512 --sh--w- C:\Users\atomich\AppData\Local\dplayx.dll

2012-05-22 14:40:39 -------- d-----w- C:\Users\atomich\AppData\Local\{DD54B203-DDA5-47EB-B0AD-B8252C1490C0}

2012-05-22 14:40:26 -------- d-----w- C:\Users\atomich\AppData\Local\{0047AFED-3F20-4E20-9F6F-A909EBB5D1EE}

2012-05-22 13:15:06 -------- d-----w- C:\Users\atomich\AppData\Local\{4FACEE47-5D2E-4B3F-9375-9EFEC517DB84}

2012-05-22 13:14:53 -------- d-----w- C:\Users\atomich\AppData\Local\{6B597B5A-F27E-4923-B9AF-6FD87B171320}

2012-05-22 11:55:41 -------- d--h--w- C:\Users\atomich\AppData\Local\{DB21329D-3BAA-4AD8-96DE-307B0F89634A}

2012-05-22 11:55:29 -------- d--h--w- C:\Users\atomich\AppData\Local\{55802D52-D2BD-4434-B2DB-F0A3F28D6B50}

2012-05-21 11:34:32 -------- d--h--w- C:\Users\atomich\AppData\Local\{B77FEBBB-E0A2-4F0C-93EC-E57C885CBB3C}

2012-05-21 11:34:18 -------- d--h--w- C:\Users\atomich\AppData\Local\{3CFB2AC3-40E3-4539-BF90-C5D6599BDF1F}

2012-05-20 13:01:04 -------- d--h--w- C:\Users\atomich\AppData\Local\{98A67A66-5B90-4613-8622-81DF70392D40}

2012-05-20 13:00:54 -------- d--h--w- C:\Users\atomich\AppData\Local\{E615AFA4-0F7F-4C97-B553-D4C3169EC115}

2012-05-20 01:00:43 -------- d--h--w- C:\Users\atomich\AppData\Local\{15293925-C1AE-42EA-98B8-3329EB509CFB}

2012-05-20 01:00:32 -------- d--h--w- C:\Users\atomich\AppData\Local\{B2D9921D-DABF-421D-BB31-31ED0748870A}

2012-05-19 13:00:21 -------- d--h--w- C:\Users\atomich\AppData\Local\{9680682B-15E7-471C-BEDE-1F8E7B36B220}

2012-05-19 13:00:11 -------- d--h--w- C:\Users\atomich\AppData\Local\{6DF65478-DF7C-4369-9664-F19FFD164462}

2012-05-19 01:00:00 -------- d--h--w- C:\Users\atomich\AppData\Local\{CB8AD48A-F159-4139-9D85-DA48900905B2}

2012-05-19 00:59:49 -------- d--h--w- C:\Users\atomich\AppData\Local\{2B4371E3-F320-466B-9607-826A06B89687}

2012-05-18 12:59:38 -------- d--h--w- C:\Users\atomich\AppData\Local\{4E4A9A34-B2C8-464F-A963-B067CD7672DF}

2012-05-18 12:59:28 -------- d--h--w- C:\Users\atomich\AppData\Local\{2867F382-5CC0-4C37-A0A9-A8399276CD41}

2012-05-18 00:59:17 -------- d--h--w- C:\Users\atomich\AppData\Local\{F1989641-2E56-4C55-AC39-7C84106E57C1}

2012-05-18 00:59:06 -------- d--h--w- C:\Users\atomich\AppData\Local\{055522F9-10E3-440F-B70B-61BB02095DE8}

2012-05-17 12:58:43 -------- d--h--w- C:\Users\atomich\AppData\Local\{F97E0D70-675E-4989-B726-94D4A732AFBD}

2012-05-17 12:58:33 -------- d--h--w- C:\Users\atomich\AppData\Local\{50F78136-AC0B-496C-8D7E-EC8AF596DE71}

2012-05-17 00:58:22 -------- d--h--w- C:\Users\atomich\AppData\Local\{E88EA9B2-8329-4790-BE06-3F204B18C141}

2012-05-17 00:58:11 -------- d--h--w- C:\Users\atomich\AppData\Local\{9CAC3CB7-1056-4957-9484-91A773616FF5}

2012-05-16 12:58:00 -------- d--h--w- C:\Users\atomich\AppData\Local\{75659738-78B5-4D69-884B-E9777707D238}

2012-05-16 12:57:50 -------- d--h--w- C:\Users\atomich\AppData\Local\{9996D177-0448-4898-9119-F4E8384A744C}

2012-05-16 00:57:39 -------- d--h--w- C:\Users\atomich\AppData\Local\{468ACFFE-F2ED-4F61-8FFD-F722CDFFECAF}

2012-05-16 00:57:28 -------- d--h--w- C:\Users\atomich\AppData\Local\{A1AE6530-A277-4E57-8CFC-0D7815CE9C2A}

2012-05-15 12:57:05 -------- d--h--w- C:\Users\atomich\AppData\Local\{71E823E9-F875-408C-8024-1B40E53F4E03}

2012-05-15 12:56:55 -------- d--h--w- C:\Users\atomich\AppData\Local\{16459C61-E581-4171-9FB1-FBA47AEB56FF}

2012-05-15 00:56:45 -------- d--h--w- C:\Users\atomich\AppData\Local\{0BD3D18E-06C1-438A-A435-7D8B3E0674F3}

2012-05-15 00:56:34 -------- d--h--w- C:\Users\atomich\AppData\Local\{EB21A7CA-4E02-4D7F-8B28-9F542B4B094C}

2012-05-14 12:56:23 -------- d--h--w- C:\Users\atomich\AppData\Local\{E697CDEE-03B9-433D-8CBB-513DF91E6993}

2012-05-14 12:56:13 -------- d--h--w- C:\Users\atomich\AppData\Local\{2E07DB5E-6CF7-42A7-8C89-07543628B1F9}

2012-05-14 00:56:02 -------- d--h--w- C:\Users\atomich\AppData\Local\{D808014E-1E25-4761-A771-D44239703703}

2012-05-14 00:55:52 -------- d--h--w- C:\Users\atomich\AppData\Local\{F497F356-A5B0-4E26-B1DF-8D2075A68FA1}

2012-05-13 12:55:41 -------- d--h--w- C:\Users\atomich\AppData\Local\{C5BD2D5B-62CD-4D37-A757-A8116B83CA56}

2012-05-13 12:55:30 -------- d--h--w- C:\Users\atomich\AppData\Local\{E5A57C5F-0284-47C1-AB9B-D1BCCB19864F}

2012-05-13 00:55:19 -------- d--h--w- C:\Users\atomich\AppData\Local\{CA08DE2F-8A4C-43E5-B4DF-B5ACF948F2E0}

2012-05-13 00:55:08 -------- d--h--w- C:\Users\atomich\AppData\Local\{0844FE21-CBD7-4A52-9B97-034D7832FA50}

2012-05-12 12:54:57 -------- d--h--w- C:\Users\atomich\AppData\Local\{4B25DB40-590F-41CD-B0C5-B6E88F0D9D82}

2012-05-12 12:54:47 -------- d--h--w- C:\Users\atomich\AppData\Local\{37746B28-A90B-4D27-B107-9524578735E5}

2012-05-12 00:54:36 -------- d--h--w- C:\Users\atomich\AppData\Local\{5B27CD1E-FA8B-4CE2-9BD0-3B82740894AF}

2012-05-12 00:54:25 -------- d--h--w- C:\Users\atomich\AppData\Local\{2988962E-4C26-436B-9568-C17D75D2AC37}

2012-05-11 12:54:15 -------- d--h--w- C:\Users\atomich\AppData\Local\{E74BF01E-4C1D-44FD-A028-037CBDCF47D8}

2012-05-11 12:54:04 -------- d--h--w- C:\Users\atomich\AppData\Local\{1E480EBA-16F8-49BC-AA6A-BBE591AF1D5D}

2012-05-11 00:53:53 -------- d--h--w- C:\Users\atomich\AppData\Local\{6C35B746-9D93-4355-97C2-E161DE6BD656}

2012-05-11 00:53:43 -------- d--h--w- C:\Users\atomich\AppData\Local\{168AC37B-194B-415C-9935-81F1DF659AC4}

2012-05-10 12:53:32 -------- d--h--w- C:\Users\atomich\AppData\Local\{BB69F68D-60BF-410C-9E4C-D6240F26F9ED}

2012-05-10 12:53:21 -------- d--h--w- C:\Users\atomich\AppData\Local\{48607EC4-4253-49CF-B7C2-2388457F321C}

2012-05-10 00:53:10 -------- d--h--w- C:\Users\atomich\AppData\Local\{FBFE3FD5-744E-422E-A35C-558EBFA64408}

2012-05-10 00:52:59 -------- d--h--w- C:\Users\atomich\AppData\Local\{F9E2E2B7-B76A-4B28-95FF-35F1DDE4DA65}

2012-05-09 12:52:48 -------- d--h--w- C:\Users\atomich\AppData\Local\{B08A566C-2118-47BF-B5DF-2BC99BFC6B1F}

2012-05-09 12:52:38 -------- d--h--w- C:\Users\atomich\AppData\Local\{85E1C584-FA91-4036-8B5D-6E594ADD7B6D}

2012-05-08 21:51:27 -------- d--h--w- C:\Users\atomich\AppData\Local\{EAC5BD73-C263-4CEA-AF2A-63BBCB60911B}

2012-05-08 21:51:16 -------- d--h--w- C:\Users\atomich\AppData\Local\{33C37786-F8F9-4E08-BC6D-BEB33789519D}

2012-05-08 09:51:05 -------- d--h--w- C:\Users\atomich\AppData\Local\{1F059A67-9541-4099-AC8F-BE686D4F0735}

2012-05-08 09:50:53 -------- d--h--w- C:\Users\atomich\AppData\Local\{A8C688DA-9A0F-4766-BEAD-EE31EAF28729}

2012-05-07 21:50:43 -------- d--h--w- C:\Users\atomich\AppData\Local\{130ECCC6-1EB3-4DEB-8566-55D99449EE2F}

2012-05-07 21:50:32 -------- d--h--w- C:\Users\atomich\AppData\Local\{9B5B4D8C-2BF2-43DE-AFCF-6C8EA1718EAD}

2012-05-07 09:50:21 -------- d--h--w- C:\Users\atomich\AppData\Local\{CE980545-BC57-4915-B691-ADF366D2022F}

2012-05-07 09:50:10 -------- d--h--w- C:\Users\atomich\AppData\Local\{9C8DEAFF-A1D7-44E4-B3D3-6FCB54911A8A}

2012-05-06 21:50:00 -------- d--h--w- C:\Users\atomich\AppData\Local\{1DE864B4-6082-4023-85CD-116825E5A4C4}

2012-05-06 21:49:49 -------- d--h--w- C:\Users\atomich\AppData\Local\{38F85E1E-741A-49CD-A2D4-763D6CEBBC26}

2012-05-06 09:49:38 -------- d--h--w- C:\Users\atomich\AppData\Local\{9759D793-6447-4BC6-BABF-0CCFEE970BEB}

2012-05-06 09:49:28 -------- d--h--w- C:\Users\atomich\AppData\Local\{5E0F23F3-EC9F-42BC-BFD3-7A31D45FBBF7}

2012-05-05 21:49:17 -------- d--h--w- C:\Users\atomich\AppData\Local\{2BA24113-E378-4D37-9742-0DC06CF21F48}

2012-05-05 21:49:07 -------- d--h--w- C:\Users\atomich\AppData\Local\{5C6F28BF-2720-47BC-A9F2-126619A8E508}

.

==================== Find3M ====================

.

2012-05-30 16:22:22 70304 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2012-05-30 16:22:22 419488 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

2012-05-23 19:54:31 111 ----a-w- C:\Windows\gzcdweb.bat

2012-05-23 16:45:38 133944 ----a-w- C:\Windows\SysWow64\atashost.exe

2012-05-23 14:44:37 215864 ----a-w- C:\Windows\SysWow64\atsckernel.exe

2012-05-22 16:33:08 472864 ----a-w- C:\Windows\SysWow64\deployJava1.dll

2012-05-22 15:53:38 8744608 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe

2012-03-08 22:50:28 49016 ----a-w- C:\Windows\SysWow64\sirenacm.dll

.

============= FINISH: 11:21:47.03 ===============

Link to post
Share on other sites
MrCharlie

MrCharlie

Posted
Posted

Welcome to the forum.

Can you post the Attach.txt from DDS.

-------------------

Please remove any usb or external drives from the computer before you run this scan!

Please download and run RogueKiller.

For Windows XP, double-click to start.

For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Click Scan to scan the system (don't run any other options, they're not all bad!)

Post back the report.

MrC

Link to post
Share on other sites
LDTate

LDTate

Posted
Posted

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.