Jump to content

Infected With Codec V Trojan


Recommended Posts

A friend was trying to watch a movie on my computer and downloaded Codec V not realizing that it was a Trojan. I did a Malwarebytes scan and deleted the malicious items. As of then, I haven't experienced any difficulties, other than slowness (but not necessarily slower than normal). I have pasted the Malwarebytes log in addition to the other logs.

Malwarebytes Anti-Malware 1.62.0.1300

www.malwarebytes.org

Database version: v2012.08.12.01

Windows Vista Service Pack 2 x86 NTFS

Internet Explorer 9.0.8112.16421

Evan :: EVAN-PC [administrator]

12/08/2012 12:41:02 AM

mbam-log-2012-08-12 (00-41-02).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 204066

Time elapsed: 10 minute(s), 22 second(s)

Memory Processes Detected: 1

C:\ProgramData\Codec\Codec.exe (Trojan.Dropper) -> 6604 -> Delete on reboot.

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 1

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Codec (Trojan.Dropper) -> Quarantined and deleted successfully.

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 2

C:\ProgramData\Codec\Codec.exe (Trojan.Dropper) -> Delete on reboot.

C:\Users\Evan\Local Settings\Temporary Internet Files\Content.IE5\MCRTNFVS\updater[1].exe (Trojan.Dropper) -> Quarantined and deleted successfully.

(end)

______________________________________________________________________________________________________________________________________________________________

DDS.txt

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.5.0

Run by Evan at 1:16:12 on 2012-08-12

Microsoft® Windows Vista™ Ultimate 6.0.6002.2.1252.2.1033.18.3066.1855 [GMT -3:00]

.

AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}

FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k rpcss

C:\Windows\system32\atiesrxx.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f6ef8056\STacSV.exe

C:\Windows\system32\svchost.exe -k GPSvcGroup

C:\Windows\system32\SLsvc.exe

C:\Windows\system32\svchost.exe -k LocalService

C:\Program Files\Dell\DellDock\DockLogin.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\WLTRYSVC.EXE

C:\Windows\System32\bcmwltry.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\atieclxx.exe

C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f6ef8056\aestsrv.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Windows\system32\svchost.exe -k bthsvcs

C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe

C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe

C:\Program Files\Sensible Vision\Fast Access\FAService.exe

C:\Windows\system32\svchost.exe -k hpdevmgmt

C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe

C:\Windows\System32\svchost.exe -k HPZ12

C:\Program Files\Nitro PDF\Reader 2\NitroPDFReaderDriverService2.exe

C:\Windows\System32\svchost.exe -k HPZ12

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Program Files\Microsoft\BingBar\SeaPort.EXE

C:\Program Files\Secunia\PSI\PSIA.exe

C:\Program Files\Dell DataSafe Local Backup\sftservice.EXE

C:\Windows\system32\svchost.exe -k imgsvc

C:\Windows\System32\svchost.exe -k WerSvcGroup

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe

C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe

C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Windows\system32\taskeng.exe

C:\Program Files\Secunia\PSI\sua.exe

C:\Windows\system32\taskeng.exe

C:\Program Files\Dell\DellDock\DellDock.exe

C:\Windows\system32\conime.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Windows\System32\WLTRAY.EXE

C:\Program Files\Sensible Vision\Fast Access\FATrayMon.exe

C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe

C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell2.exe

C:\Program Files\HP\HP Software Update\hpwuSchd2.exe

C:\Program Files\IDT\WDM\sttray.exe

C:\Program Files\McAfee.com\Agent\mcagent.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\DivX\DivX Update\DivXUpdate.exe

C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\Program Files\Secunia\PSI\psi_tray.exe

C:\Program Files\Sensible Vision\Fast Access\FATrayAlert.exe

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe

C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe

C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

C:\Windows\System32\mobsync.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe

.

============== Pseudo HJT Report ===============

.

uSearch Bar = hxxp://www.google.com

uStart Page = hxxp://isearch.avg.com/?cid={FA11E35F-50EE-4C4A-9752-31F8E682B394}&mid=e6ffcf62f1cd47d09629d16b19512a9d-5832330ce5a5246a794cc753c9f312e5aed5d2cf〈=en&ds=qw011&pr=sa&d=2012-06-26 14:46:36&v=11.1.0.12&sap=hp

mSearch Bar = hxxp://www.google.com

uInternet Settings,ProxyOverride = *.local

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll

BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - c:\program files\divx\divx plus web player\ie\divxhtml5\DivXHTML5.dll

BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre7\bin\ssv.dll

BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\common files\mcafee\systemcore\ScriptSn.20120626184752.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - c:\program files\windows live\companion\companioncore.dll

BHO: FAIESSOHelper Class: {a2f122da-055f-4df7-8f24-7354dbdba85b} - c:\program files\sensible vision\fast access\FAIESSO.dll

BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "c:\program files\microsoft\bingbar\BingExt.dll"

BHO: AnchorFree Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre7\bin\jp2ssv.dll

TB: AnchorFree Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll

TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "c:\program files\microsoft\bingbar\BingExt.dll"

{e7df6bff-55a5-4eb7-a673-4ed3e9456d39}

uRun: [sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun

uRun: [FileHippo.com] "c:\program files\filehippo.com\UpdateChecker.exe" /background

uRun: [Download] c:\mediaholder\MediaHolder.exe

uRun: [Google Update] "c:\users\evan\appdata\local\google\update\GoogleUpdate.exe" /c

mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

mRun: [synTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe

mRun: [broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe

mRun: [startCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun

mRun: [FATrayAlert] c:\program files\sensible vision\fast access\FATrayMon.exe

mRun: [Microsoft Default Manager] "c:\program files\microsoft\search enhancement pack\default manager\DefMgr.exe" -resume

mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe"

mRun: [Dell Webcam Central] "c:\program files\dell webcam\dell webcam central\WebcamDell2.exe" /mode2

mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe

mRun: [sysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe

mRun: [mcui_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey

mRun: [FAStartup]

mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"

mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW

StartupFolder: c:\users\evan\appdata\roaming\micros~1\windows\startm~1\programs\startup\delldo~1.lnk - c:\program files\dell\delldock\DellDock.exe

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\secuni~1.lnk - c:\program files\secunia\psi\psi_tray.exe

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\vpncli~1.lnk - c:\windows\installer\{08b785c1-3893-4154-b53b-f5d341d0aaaa}\Icon3E5562ED7.ico

mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm

IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - c:\program files\windows live\companion\companioncore.dll

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office12\REFIEBAR.DLL

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab

TCP: DhcpNameServer = 192.168.1.1

TCP: Interfaces\{BDD7B7A4-0FEA-4425-B0B6-5C689ED7F860} : DhcpNameServer = 192.168.1.1

Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\progra~1\mcafee\msc\McSnIePl.dll

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll

Notify: FastAccess - c:\program files\sensible vision\fast access\FALogNot.dll

Notify: GoToAssist - c:\program files\citrix\gotoassist\514\G2AWinLogon.dll

LSA: Notification Packages = scecli FAPassSync

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\users\evan\appdata\roaming\mozilla\firefox\profiles\cikcfdim.default\

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - google.ca

FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7B8223d7df-a81b-4c21-9dc7-f307bd489bc2%7D&mid=e6ffcf62f1cd47d09629d16b19512a9d-5832330ce5a5246a794cc753c9f312e5aed5d2cf&ds=qw011&v=11.1.0.12〈=en&pr=sa&d=2012-06-26%2014%3A46%3A36&sap=ku&q=

FF - prefs.js: network.proxy.http - 127.0.0.1

FF - prefs.js: network.proxy.http_port - 50370

FF - prefs.js: network.proxy.type - 0

FF - plugin: c:\progra~1\mcafee\msc\npMcSnFFPl.dll

FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll

FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll

FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll

FF - plugin: c:\program files\java\jre7\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll

FF - plugin: c:\program files\microsoft silverlight\5.1.10411.0\npctrlui.dll

FF - plugin: c:\program files\microsoft\office live\npOLW.dll

FF - plugin: c:\program files\nitro pdf\reader 2\npdf.dll

FF - plugin: c:\program files\nitro pdf\reader 2\npnitroie.dll

FF - plugin: c:\program files\nitro pdf\reader 2\npnitromozilla.dll

FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll

FF - plugin: c:\users\evan\appdata\local\google\update\1.3.21.115\npGoogleUpdate3.dll

FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_3_300_270.dll

FF - plugin: c:\windows\system32\npDeployJava1.dll

FF - plugin: c:\windows\system32\npmproxy.dll

.

============= SERVICES / DRIVERS ===============

.

R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2010-8-24 464304]

R1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\drivers\mfenlfk.sys [2010-8-24 64912]

R1 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2010-8-24 169608]

R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2012-1-3 63928]

R2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\driverstore\filerepository\stwrt.inf_f6ef8056\AEstSrv.exe [2009-8-13 81920]

R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-8-13 180224]

R2 DockLoginService;Dock Login Service;c:\program files\dell\delldock\DockLogin.exe [2008-12-18 155648]

R2 FAService;FAService;c:\program files\sensible vision\fast access\FAService.exe [2008-9-5 2340096]

R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]

R2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2010-8-24 214904]

R2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2010-8-24 214904]

R2 McProxy;McAfee Proxy Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2010-8-24 214904]

R2 McShield;McAfee McShield;c:\program files\common files\mcafee\systemcore\mcshield.exe [2010-8-24 166288]

R2 mfefire;McAfee Firewall Core Service;c:\program files\common files\mcafee\systemcore\mfefire.exe [2010-8-24 161632]

R2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\common files\mcafee\systemcore\mfevtps.exe [2010-8-24 151880]

R2 NitroReaderDriverReadSpool2;NitroPDFReaderDriverCreatorReadSpool2;c:\program files\nitro pdf\reader 2\NitroPDFReaderDriverService2.exe [2012-6-25 184848]

R2 Secunia PSI Agent;Secunia PSI Agent;c:\program files\secunia\psi\psia.exe [2011-1-5 988216]

R2 Secunia Update Agent;Secunia Update Agent;c:\program files\secunia\psi\sua.exe [2011-1-5 399416]

R2 SftService;SoftThinks Agent Service;c:\program files\dell datasafe local backup\SftService.exe [2009-8-13 658656]

R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\drivers\btwl2cap.sys [2009-8-13 29736]

R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2010-8-24 57600]

R3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\drivers\CtClsFlt.sys [2009-8-13 144128]

R3 itecir;ITECIR Infrared Receiver;c:\windows\system32\drivers\itecir.sys [2009-8-13 54784]

R3 k57nd60x;Broadcom NetLink Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\k57nd60x.sys [2009-8-13 203264]

R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2012-8-12 40776]

R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2010-8-24 180848]

R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2010-8-24 59456]

R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2010-8-24 340920]

R3 OA001Ufd;Creative Camera OA001 Upper Filter Driver;c:\windows\system32\drivers\OA001Ufd.sys [2009-8-13 133472]

R3 OA001Vid;Creative Camera OA001 Function Driver;c:\windows\system32\drivers\OA001Vid.sys [2009-8-13 279488]

R3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [2010-9-1 15544]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-3-31 250056]

S3 BBSvc;Bing Bar Update Service;c:\program files\microsoft\bingbar\BBSvc.EXE [2011-4-1 183560]

S3 FACAP;facap, FastAccess Video Capture;c:\windows\system32\drivers\facap.sys [2008-8-2 230912]

S3 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr.sys [2012-7-2 39272]

S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2012-3-8 1492840]

S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2010-8-24 87656]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

S4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\windows live\mesh\wlcrasvc.exe [2010-9-22 51040]

.

=============== Created Last 30 ================

.

2012-08-12 04:07:54 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2012-08-12 03:38:16 -------- d-----w- c:\programdata\Codec

2012-08-01 22:27:03 -------- d-----w- c:\users\evan\appdata\local\{60529DF5-A856-413E-A4BC-07CC4F619E6E}

2012-08-01 22:26:51 -------- d-----w- c:\users\evan\appdata\local\{A7F617D3-2BA2-458C-A516-06D31B8DB8CB}

2012-07-31 21:23:26 -------- d-----w- c:\users\evan\appdata\local\{31D0D9F7-077F-4D1E-93BA-50391F26CC1F}

2012-07-31 21:23:13 -------- d-----w- c:\users\evan\appdata\local\{6A70EED5-3F8F-4C4D-BAFD-7CB64E9CBB40}

2012-07-29 19:31:15 -------- d-----w- c:\users\evan\appdata\local\{F4C29857-3CFA-4F25-A997-EC512575F611}

2012-07-29 19:31:04 -------- d-----w- c:\users\evan\appdata\local\{88B2809C-869D-4D35-8BE3-6CCC99450021}

2012-07-29 00:25:24 -------- d-----w- c:\users\evan\appdata\local\{5788FCAD-FCB7-4CE3-884C-1BCF778321CC}

2012-07-29 00:25:13 -------- d-----w- c:\users\evan\appdata\local\{3F8D059B-CA8A-438F-9664-5456C8FD9104}

2012-07-27 20:43:24 -------- d-----w- c:\users\evan\appdata\local\{48D9760F-8F60-4BE1-ABDA-CEA85E407DD4}

2012-07-27 20:43:13 -------- d-----w- c:\users\evan\appdata\local\{69A92001-0054-4233-9AE3-7C8EE67210DC}

2012-07-26 20:20:26 -------- d-----w- c:\users\evan\appdata\local\{D572B553-5589-4FFB-BDFF-209DBA9C1DFD}

2012-07-26 20:19:52 -------- d-----w- c:\users\evan\appdata\local\{4E599C01-171D-4695-971E-1C583972B36E}

2012-07-25 21:10:00 -------- d-----w- c:\users\evan\appdata\local\{3D0C4FDA-4DFF-4B65-80C3-3D8BB9814A88}

2012-07-25 21:09:47 -------- d-----w- c:\users\evan\appdata\local\{5A503DD0-DABD-44F2-BE6B-64E84BA455FC}

2012-07-24 23:46:21 -------- d-----w- c:\users\evan\appdata\local\{8D3E2D72-A3D1-4860-8E47-892DFB303AD5}

2012-07-24 22:18:44 -------- d-----w- c:\windows\en

2012-07-24 22:14:23 -------- d-----w- c:\users\evan\appdata\local\{F163ED79-68B2-4BB3-AA0A-A536066E3437}

2012-07-24 22:14:11 -------- d-----w- c:\users\evan\appdata\local\{C274129E-3B64-4D95-8F62-64C4ABDEFFB6}

2012-07-24 20:52:06 -------- d-----w- c:\users\evan\appdata\local\{8DA5D940-C959-43D8-B9BB-2216C7BF69B9}

2012-07-24 20:51:55 -------- d-----w- c:\users\evan\appdata\local\{2319818E-CC76-43DA-838E-87069D38AC74}

2012-07-23 21:43:44 -------- d-----w- c:\users\evan\appdata\local\{A0711CFD-6141-4989-8EB2-82A0F55AA692}

2012-07-23 21:43:32 -------- d-----w- c:\users\evan\appdata\local\{C4A337BD-A24C-4245-A443-6885C29A47F3}

2012-07-23 21:39:43 -------- d-----w- c:\users\evan\appdata\local\{4C68C2E7-7876-4AB1-AAB2-4E0B1D1BFE1E}

2012-07-23 21:39:31 -------- d-----w- c:\users\evan\appdata\local\{DB3A73A0-4D16-487C-B57F-BED487D14A43}

2012-07-22 04:18:28 -------- d-----w- c:\users\evan\appdata\local\{D271DB22-50D7-4C1D-8B87-D364750A6DEA}

2012-07-22 04:18:16 -------- d-----w- c:\users\evan\appdata\local\{97E30B85-7E22-45CC-AA50-C575E72E0B79}

2012-07-21 22:14:58 -------- d-----w- c:\users\evan\appdata\local\{285BBA35-D5A0-4D18-8BE5-698B575509C5}

2012-07-21 22:14:47 -------- d-----w- c:\users\evan\appdata\local\{B35AD8A6-9ECB-4D23-8CB2-4722344432D6}

2012-07-21 01:08:36 -------- d-----w- c:\users\evan\appdata\local\{C7FA9998-CDA9-4573-AC0A-E3AB2F80A0A9}

2012-07-21 01:08:25 -------- d-----w- c:\users\evan\appdata\local\{5C7E550D-072A-4390-B4BB-ECD09A0D1383}

2012-07-20 21:01:33 -------- d-----w- c:\users\evan\appdata\local\{BFB33320-8A70-4FAC-8C0F-544C473E9648}

2012-07-20 21:01:21 -------- d-----w- c:\users\evan\appdata\local\{8E3E88A7-E460-4077-BA7E-280329D86E2D}

2012-07-20 16:15:09 -------- d-----w- c:\users\evan\appdata\local\{B1D9CA9C-3B8E-45E7-AF39-A0C8367D4E2A}

2012-07-20 16:14:58 -------- d-----w- c:\users\evan\appdata\local\{B13BA3CD-CEEF-496A-A685-884BE70DADED}

2012-07-19 03:23:39 -------- d-----w- c:\users\evan\appdata\local\{41939811-296D-4D0B-A31A-04F97F72DCCA}

2012-07-19 03:23:28 -------- d-----w- c:\users\evan\appdata\local\{3F095810-EA9B-4741-8995-B5EBA5C4F242}

2012-07-19 01:04:17 -------- d-----w- c:\users\evan\appdata\local\{2AA53213-E13F-4D34-BE86-90677D29E667}

2012-07-19 01:03:28 -------- d-----w- c:\users\evan\appdata\local\{DACE0E68-80F1-4CD2-A686-61160170554E}

2012-07-18 23:10:13 -------- d-----w- c:\users\evan\appdata\local\{B3DB0485-EE0E-4D62-A31B-B3AA54664269}

2012-07-18 23:09:05 -------- d-----w- c:\users\evan\appdata\local\{7D76376A-9810-450F-8B70-7A95CDDA62C8}

2012-07-15 02:25:31 -------- d-----w- c:\users\evan\appdata\local\{2E4AF657-B01A-4B66-9455-E9C520910C63}

2012-07-15 02:25:16 -------- d-----w- c:\users\evan\appdata\local\{A0369A53-1B7F-45C3-A72E-29A3341AA637}

2012-07-14 03:34:22 -------- d-----w- c:\users\evan\appdata\local\{1C0A20EE-3D11-4BE0-AC41-3872FF463199}

2012-07-14 03:34:09 -------- d-----w- c:\users\evan\appdata\local\{E677FA00-953F-43D3-8E69-95A5C4BB8C77}

.

==================== Find3M ====================

.

2012-08-02 23:21:59 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-08-02 23:21:59 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-07-03 16:46:44 22344 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-07-01 22:43:39 772592 ----a-w- c:\windows\system32\npDeployJava1.dll

2012-07-01 22:43:39 687600 ----a-w- c:\windows\system32\deployJava1.dll

2012-06-25 17:58:44 18448 ----a-w- c:\windows\system32\nitrolocalui2.dll

2012-06-25 17:58:42 27152 ----a-w- c:\windows\system32\nitrolocalmon2.dll

2012-06-13 13:40:21 2047488 ----a-w- c:\windows\system32\win32k.sys

2012-06-05 16:47:28 1401856 ----a-w- c:\windows\system32\msxml6.dll

2012-06-05 16:47:27 1248768 ----a-w- c:\windows\system32\msxml3.dll

2012-06-04 15:26:04 440704 ----a-w- c:\windows\system32\drivers\ksecdd.sys

2012-06-02 22:12:32 2422272 ----a-w- c:\windows\system32\wucltux.dll

2012-06-02 22:12:13 88576 ----a-w- c:\windows\system32\wudriver.dll

2012-06-02 18:19:42 171904 ----a-w- c:\windows\system32\wuwebv.dll

2012-06-02 18:12:20 33792 ----a-w- c:\windows\system32\wuapp.exe

2012-06-02 08:33:25 1800192 ----a-w- c:\windows\system32\jscript9.dll

2012-06-02 08:25:08 1129472 ----a-w- c:\windows\system32\wininet.dll

2012-06-02 08:25:03 1427968 ----a-w- c:\windows\system32\inetcpl.cpl

2012-06-02 08:20:33 142848 ----a-w- c:\windows\system32\ieUnatt.exe

2012-06-02 08:16:52 2382848 ----a-w- c:\windows\system32\mshtml.tlb

2012-06-02 00:04:25 278528 ----a-w- c:\windows\system32\schannel.dll

2012-06-02 00:03:42 204288 ----a-w- c:\windows\system32\ncrypt.dll

.

============= FINISH: 1:18:23.43 ===============

Attach.txt

Link to post
Share on other sites

Hello Kubrick101 and :welcome:! My name is Maniac and I will be glad to help you solve your malware problem.

Please note:

  • If you are a paying customer, you have the privilege to contact the help desk at Consumer Support. If you choose this option to get help, please let me know.
  • I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
  • Make sure you read all of the instructions and fixes thoroughly before continuing with them.
  • Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
  • Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.

Download OTL to your Desktop

  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Please tick the Scan All users. Next, click the Quick Scan button. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic.

Link to post
Share on other sites

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.