Jump to content

Got a trojan. At wits end

MarineCorps
 Share

Recommended Posts

MarineCorps

MarineCorps

Posted
Posted

I'm ready to do a wipe over this. Somehow in the last 24 hours I have picked up a trojan. I know so because program are opening without me and menus were being acessed while my mouse and keyboard were unplugged. I am nearly ready to cry because I can't find it. MSE, Super anti spyware, malware bytes, CCleaner, avast, and hijack this. Nothing has been found. Each one has given me a clean bill of health but the problem keeps happening. Shortly before avast finished it's scan things started being opened. If I select an icon on my desktop then it will start moving around selecting other icons. Menus in FF and folders are being accessed. It even tried to delete my history on FF. If you can find something here it would save me the trouble of having to reformat my computer.

Logfile of Trend Micro HijackThis v2.0.3 (BETA)

Scan saved at 10:58:06 PM, on 3/17/2010

Platform: Unknown Windows (WinNT 6.01.3504)

MSIE: Internet Explorer v8.00 (8.00.7600.16385)

Boot mode: Normal

Running processes:

C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe

C:\Program Files (x86)\Skype\Phone\Skype.exe

C:\Program Files (x86)\Steam\steam.exe

C:\Program Files (x86)\SUPERAntiSpyware\SUPERANTISPYWARE.EXE

C:\Program Files (x86)\Stardock\Impulse\Now\ImpulseNow.exe

C:\Program Files (x86)\Google\Gmail Notifier\gnotify.exe

C:\Program Files (x86)\MagicDisc\MagicDisc.exe

C:\Program Files (x86)\Skype\Plugin Manager\skypePM.exe

C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe

C:\Program Files\Alwil Software\Avast5\avastUI.exe

C:\Program Files (x86)\TrendMicro\HiJackThis\HiJackThis.exe

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\Program Files (x86)\JGsoft\EditPadLite\EditPadLite.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - E:\Spybot - Search & Destroy\SDHelper.dll (file missing)

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files (x86)\Google\Gmail Notifier\gnotify.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

O4 - HKLM\..\Run: [ATICustomerCare] "C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized

O4 - HKCU\..\Run: [steam] "c:\program files (x86)\steam\steam.exe" -silent

O4 - HKCU\..\Run: [spybotSD TeaTimer] E:\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program Files (x86)\SUPERAntiSpyware\SUPERAntiSpyware.exe

O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files (x86)\Alcohol Soft\Alcohol 120\axcmd.exe" /automount

O4 - HKCU\..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')

O4 - Startup: ImpulseNow.lnk = C:\Program Files (x86)\Stardock\Impulse\Now\ImpulseNow.exe

O4 - Startup: MagicDisc.lnk = C:\Program Files (x86)\MagicDisc\MagicDisc.exe

O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files (x86)\WinHTTrack\WinHTTrackIEBar.dll

O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files (x86)\WinHTTrack\WinHTTrackIEBar.dll

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - E:\Spybot - Search & Destroy\SDHelper.dll (file missing)

O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - E:\Spybot - Search & Destroy\SDHelper.dll (file missing)

O13 - Gopher Prefix:

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL

O20 - Winlogon Notify: !SASWinLogon - C:\Program Files (x86)\SUPERAntiSpyware\SASWINLO.dll

O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)

O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)

O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

O23 - Service: dlba_device - Unknown owner - C:\Windows\system32\dlbacoms.exe (file missing)

O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)

O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)

O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe

O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe

O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)

O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)

O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)

O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)

O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe

O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)

O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)

O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--

End of file - 8948 bytes

Link to post
Share on other sites
MarineCorps

MarineCorps

Posted
  • Author
Posted

forgot about this log

DDS (Ver_10-03-17.01) - NTFSX64

Run by Michael at 23:15:10.20 on Wed 03/17/2010

Internet Explorer: 8.0.7600.16385

Microsoft Windows 7 Professional 6.1.7600.0.1252.1.1033.18.8191.6397 [GMT -4:00]

SP: SUPERAntiSpyware *enabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}

============== Running Processes ===============

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\nvvsvc.exe

C:\Windows\system32\svchost.exe -k RPCSS

c:\Program Files\Microsoft Security Essentials\MsMpEng.exe

C:\Windows\system32\atiesrxx.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\atieclxx.exe

C:\Windows\system32\nvvsvc.exe

C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\dlbacoms.exe

C:\Windows\System32\svchost.exe -k HPZ12

C:\Windows\SysWOW64\PnkBstrA.exe

C:\Windows\SysWOW64\PnkBstrB.exe

C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Windows\system32\WUDFHost.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Logitech\Gaming Software\LWEMon.exe

C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

C:\Program Files\Microsoft IntelliType Pro\itype.exe

C:\Program Files\Microsoft IntelliPoint\ipoint.exe

C:\Program Files\Microsoft Security Essentials\msseces.exe

C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe

C:\Program Files\Microsoft IntelliType Pro\dpupdchk.exe

C:\Program Files (x86)\Skype\Phone\Skype.exe

C:\Program Files (x86)\Steam\steam.exe

C:\Program Files (x86)\SUPERAntiSpyware\SUPERANTISPYWARE.EXE

C:\Windows\System32\StikyNot.exe

C:\Program Files (x86)\Stardock\Impulse\Now\ImpulseNow.exe

C:\Program Files (x86)\Google\Gmail Notifier\gnotify.exe

C:\Program Files (x86)\MagicDisc\MagicDisc.exe

C:\Program Files (x86)\Adobe\Reader 9.0\Reader\reader_sl.exe

C:\Program Files\Alwil Software\Avast5\AvastUI.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\Windows\System32\svchost.exe -k WerSvcGroup

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Program Files (x86)\Skype\Plugin Manager\skypePM.exe

C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\Users\Michael\mod\aplanes\dds.scr

C:\Windows\system32\conhost.exe

C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

mLocal Page = c:\windows\syswow64\blank.htm

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files (x86)\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - e:\spybot - search & destroy\SDHelper.dll

BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files (x86)\common files\microsoft shared\windows live\WindowsLiveLogin.dll

uRun: [msnmsgr] "c:\program files (x86)\windows live\messenger\msnmsgr.exe" /background

uRun: [skype] "c:\program files (x86)\skype\phone\Skype.exe" /nosplash /minimized

uRun: [steam] "c:\program files (x86)\steam\steam.exe" -silent

uRun: [spybotSD TeaTimer] e:\spybot - search & destroy\TeaTimer.exe

uRun: [sUPERAntiSpyware] c:\program files (x86)\superantispyware\SUPERAntiSpyware.exe

uRun: [RESTART_STICKY_NOTES] c:\windows\system32\StikyNot.exe

mRun: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] c:\program files (x86)\google\gmail notifier\gnotify.exe

mRun: [Adobe Reader Speed Launcher] "c:\program files (x86)\adobe\reader 9.0\reader\Reader_sl.exe"

mRun: [Adobe ARM] "c:\program files (x86)\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [startCCC] "c:\program files (x86)\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun

mRun: [ATICustomerCare] "c:\program files (x86)\ati\aticustomercare\ATICustomerCare.exe"

mRun: [QuickTime Task] "c:\program files (x86)\quicktime\QTTask.exe" -atboottime

mRun: [avast5] "c:\program files\alwil software\avast5\avastUI.exe" /nogui

StartupFolder: c:\users\michael\appdata\roaming\micros~1\windows\startm~1\programs\startup\impuls~1.lnk - c:\program files (x86)\stardock\impulse\now\ImpulseNow.exe

StartupFolder: c:\users\michael\appdata\roaming\micros~1\windows\startm~1\programs\startup\magicd~1.lnk - c:\program files (x86)\magicdisc\MagicDisc.exe

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-explorer: ForceActiveDesktopOn = 0 (0x0)

mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableLUA = 0 (0x0)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

mPolicies-system: PromptOnSecureDesktop = 0 (0x0)

IE: {36ECAF82-3300-8F84-092E-AFF36D6C7040} - {86529161-034E-4F8A-88D2-3C625E612E04} - c:\program files (x86)\winhttrack\WinHTTrackIEBar.dll

IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - e:\spybot - search & destroy\SDHelper.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~2\common~1\skype\SKYPE4~1.DLL

Notify: !SASWinLogon - c:\program files (x86)\superantispyware\SASWINLO.dll

SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files (x86)\superantispyware\SASSEH.DLL

mRun-x64: [start WingMan Profiler] c:\program files\logitech\gaming software\LWEMon.exe /noui

mRun-x64: [RtHDVCpl] c:\program files\realtek\audio\hda\RAVCpl64.exe

mRun-x64: [itype] "c:\program files\microsoft intellitype pro\itype.exe"

mRun-x64: [intelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"

mRun-x64: [MSSE] "c:\program files\microsoft security essentials\msseces.exe" -hide -runkey

================= FIREFOX ===================

FF - ProfilePath - c:\users\michael\appdata\roaming\mozilla\firefox\profiles\wcomxu5q.default\

FF - prefs.js: browser.search.defaulturl - hxxp://aim.search.aol.com/search/search?query={searchTerms}&invocationType=tb50-ff-aim-chromesbox-en-us

FF - prefs.js: browser.search.selectedEngine - Wikipedia (en)

FF - prefs.js: browser.startup.homepage - hxxp://www.aol.com/?src=aim&ncid=snsusaimc00000001

FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50-ff-aim-ab-en-us&query=

FF - plugin: c:\program files (x86)\mozilla firefox\plugins\npdnu.dll

FF - plugin: c:\program files (x86)\mozilla firefox\plugins\npdnupdater2.dll

FF - plugin: c:\program files (x86)\nvidia corporation\3d vision\npnv3dv.dll

---- FIREFOX POLICIES ----

FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(yahoo.homepage.dontask, truec:\program files (x86)\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);

c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);

c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);

c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);

c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);

c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);

c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);

c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);

c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);

c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);

c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);

c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);

c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);

c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);

c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);

c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);

c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("html5.enable", false);

c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

c:\program files (x86)\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);

c:\program files (x86)\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");

c:\program files (x86)\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");

c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");

c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");

c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");

c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");

c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);

c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);

c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);

c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);

c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);

c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);

c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);

c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-3-17 121936]

R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2009-12-2 173984]

R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 59904]

R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-2-3 202752]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-3-17 22096]

R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-3-17 63568]

R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-3-17 40384]

R2 dlba_device;dlba_device;c:\windows\system32\dlbacoms.exe -service --> c:\windows\system32\dlbacoms.exe -service [?]

R2 StarWindServiceAE;StarWind AE Service;c:\program files (x86)\alcohol soft\alcohol 120\starwind\StarWindServiceAE.exe [2007-5-28 275968]

R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\nvidia corporation\3d vision\nvSCPAPISvr.exe [2009-11-20 240232]

R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-3-17 40384]

R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-3-17 40384]

R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\drivers\MpNWMon.sys [2009-12-2 40832]

R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt64win7.sys [2009-6-10 187392]

S1 SASDIFSV;SASDIFSV;c:\program files (x86)\superantispyware\SASDIFSV.SYS [2010-1-5 12872]

S1 SASKUTIL;SASKUTIL;c:\program files (x86)\superantispyware\SASKUTIL.SYS [2010-1-5 66632]

S3 amdkmdag;amdkmdag;c:\windows\system32\drivers\atipmdag.sys [2010-2-3 6366720]

S3 amdkmdap;amdkmdap;c:\windows\system32\drivers\atikmpag.sys [2010-2-2 186880]

S3 camdrv42;Philips SPC 900NC PC Camera;c:\windows\system32\drivers\camdrv42.sys [2007-4-23 1533952]

S3 netr28ux;RT2870 USB Wireless LAN Card Driver for Vista;c:\windows\system32\drivers\netr28ux.sys [2009-6-10 867328]

S3 rt70x64;Wireless 11g RT2500 USB 2.0 Network Driver for Vista;c:\windows\system32\drivers\netr7064.sys [2009-6-19 382464]

S3 SASENUM;SASENUM;c:\program files (x86)\superantispyware\SASENUM.SYS [2010-1-5 12872]

S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]

S3 vpcuxd;USB Virtualization Stub Service;c:\windows\system32\drivers\vpcuxd.sys [2009-12-31 16384]

=============== Created Last 30 ================

2010-03-18 03:08:29 202 ----a-w- c:\users\michael\defogger_reenable

2010-03-18 00:38:37 63568 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys

2010-03-18 00:38:37 0 ----a-w- c:\windows\syswow64\config.nt

2010-03-18 00:37:50 38848 ----a-w- c:\windows\syswow64\avastSS.scr

2010-03-18 00:37:50 153184 ----a-w- c:\windows\syswow64\aswBoot.exe

2010-03-18 00:37:47 0 d-----w- c:\programdata\Alwil Software

2010-03-18 00:37:47 0 d-----w- c:\program files\Alwil Software

2010-03-17 21:41:57 0 d-----w- c:\program files (x86)\CCleaner

2010-03-17 21:41:39 0 d-----w- c:\users\michael\appdata\roaming\Malwarebytes

2010-03-17 21:41:32 0 d-----w- c:\programdata\Malwarebytes

2010-03-17 21:41:31 22104 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-03-17 21:41:31 0 d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2010-03-17 20:43:17 0 d-----w- c:\program files (x86)\TrendMicro

2010-03-12 21:30:38 2434856 ----a-w- c:\windows\syswow64\pbsvc_bc2.exe

2010-03-11 03:36:23 0 d-----w- c:\program files (x86)\common files\Software Update Utility

2010-03-11 03:36:09 0 d-----w- c:\program files (x86)\common files\AOL

2010-03-11 03:36:04 350 ---ha-w- C:\IPH.PH

2010-03-07 23:26:19 0 d-----w- c:\program files (x86)\Microsoft Antimalware

2010-03-07 23:26:12 0 d-----w- c:\program files\Microsoft Security Essentials

2010-03-07 23:14:13 0 d-----w- c:\program files (x86)\Jasc Software Inc

2010-03-07 22:53:41 3442 ----a-w- c:\users\michael\.recently-used.xbel

2010-03-07 22:32:59 0 d-----w- c:\users\michael\.thumbnails

2010-03-07 22:31:54 0 d-----w- c:\users\michael\.gimp-2.6

2010-03-05 19:47:21 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_point64k_01009.Wdf

2010-03-05 19:46:39 0 d-----w- c:\program files\Microsoft IntelliPoint

2010-03-05 19:36:54 0 d-----w- c:\program files\Microsoft IntelliType Pro

2010-03-05 08:35:57 0 d-----w- c:\program files (x86)\RAR Password Cracker

2010-03-04 20:24:44 0 d-----w- c:\programdata\Apple Computer

2010-03-04 20:24:06 0 d-----w- c:\programdata\Apple

2010-02-27 05:39:23 0 d-----w- c:\users\michael\appdata\roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1

2010-02-24 10:06:20 0 d-----w- c:\programdata\ATI

2010-02-24 10:03:31 0 d-----w- c:\program files (x86)\common files\ATI Technologies

2010-02-24 10:03:30 0 d-----w- c:\program files (x86)\ATI

2010-02-24 10:02:35 0 d-----w- c:\program files (x86)\ATI Technologies

2010-02-24 10:01:58 0 d-----w- c:\program files\ATI Technologies

2010-02-24 10:01:56 0 d-----w- c:\program files\ATI

2010-02-24 10:01:15 0 d-----w- C:\ATI

2010-02-23 23:12:19 0 ----a-w- c:\windows\ativpsrm.bin

2010-02-22 05:23:33 215128 ----a-w- c:\windows\syswow64\PnkBstrB.xtr

2010-02-22 03:03:37 4 ---ha-w- c:\windows\syswow64\__iw3mp

2010-02-22 02:05:41 611360 ----a-w- c:\windows\system32\RTSnMg64.cpl

2010-02-22 02:05:41 417824 ----a-w- c:\windows\system32\RtkApi64.dll

2010-02-22 02:05:41 332320 ----a-w- c:\windows\system32\RtlCPAPI64.dll

2010-02-22 02:05:41 1966624 ----a-w- c:\windows\system32\drivers\RTKVHD64.sys

2010-02-22 02:05:41 1603104 ----a-w- c:\windows\system32\RtkAPO64.dll

2010-02-22 02:05:41 149536 ----a-w- c:\windows\system32\RtkCfg64.dll

2010-02-22 02:05:41 1356320 ----a-w- c:\windows\system32\RtPgEx64.dll

2010-02-22 02:05:41 1167904 ----a-w- c:\windows\system32\RTCOM64.dll

2010-02-22 02:05:40 63008 ----a-w- c:\windows\system32\RCoInst64.dll

2010-02-22 02:05:40 294400 ----a-w- c:\windows\system32\FMAPO64.dll

2010-02-22 01:36:22 331 ----a-w- c:\windows\game.ini

2010-02-22 01:27:15 0 d-----w- c:\program files (x86)\Activision

2010-02-22 00:47:55 65536 --sha-w- c:\users\michael\ntuser.dat{d661f3b1-1f4b-11df-b8c8-00248c801335}.TM.blf

2010-02-22 00:47:55 524288 --sha-w- c:\users\michael\ntuser.dat{d661f3b1-1f4b-11df-b8c8-00248c801335}.TMContainer00000000000000000002.regtrans-ms

2010-02-22 00:47:55 524288 --sha-w- c:\users\michael\ntuser.dat{d661f3b1-1f4b-11df-b8c8-00248c801335}.TMContainer00000000000000000001.regtrans-ms

2010-02-16 19:06:01 0 d-----w- C:\My Web Sites

2010-02-16 19:05:30 0 d-----w- c:\program files (x86)\WinHTTrack

==================== Find3M ====================

2010-03-17 21:36:08 215128 ----a-w- c:\windows\syswow64\PnkBstrB.exe

2010-03-12 21:30:38 75064 ----a-w- c:\windows\syswow64\PnkBstrA.exe

2010-02-24 14:16:06 212864 ------w- c:\windows\system32\MpSigStub.exe

2010-02-12 05:20:33 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf

2010-02-03 04:55:18 6366720 ----a-w- c:\windows\system32\drivers\atipmdag.sys

2010-02-03 04:55:18 6366720 ----a-w- c:\windows\system32\drivers\atikmdag.sys

2010-02-03 04:23:36 426496 ----a-w- c:\windows\syswow64\aticfx32.dll

2010-02-03 04:22:40 471552 ----a-w- c:\windows\system32\aticfx64.dll

2010-02-03 04:20:42 18594816 ----a-w- c:\windows\system32\atio6axx.dll

2010-02-03 04:19:14 143360 ----a-w- c:\windows\system32\atiapfxx.exe

2010-02-03 04:17:56 446464 ----a-w- c:\windows\system32\ATIDEMGX.dll

2010-02-03 04:17:46 450048 ----a-w- c:\windows\system32\atieclxx.exe

2010-02-03 04:17:10 202752 ----a-w- c:\windows\system32\atiesrxx.exe

2010-02-03 04:15:46 120320 ----a-w- c:\windows\system32\atitmm64.dll

2010-02-03 04:15:28 420864 ----a-w- c:\windows\system32\atipdl64.dll

2010-02-03 04:15:20 356352 ----a-w- c:\windows\syswow64\atipdlxx.dll

2010-02-03 04:15:06 274432 ----a-w- c:\windows\syswow64\Oemdspif.dll

2010-02-03 04:15:00 12288 ----a-w- c:\windows\system32\atimuixx.dll

2010-02-03 04:14:56 59392 ----a-w- c:\windows\system32\atiedu64.dll

2010-02-03 04:14:52 43520 ----a-w- c:\windows\syswow64\ati2edxx.dll

2010-02-03 04:12:04 3073024 ----a-w- c:\windows\syswow64\atidxx32.dll

2010-02-03 04:04:16 3688960 ----a-w- c:\windows\system32\atidxx64.dll

2010-02-03 04:01:18 14147072 ----a-w- c:\windows\syswow64\atioglxx.dll

2010-02-03 03:55:34 3653632 ----a-w- c:\windows\syswow64\atiumdag.dll

2010-02-03 03:52:48 43008 ----a-w- c:\windows\system32\aticalrt64.dll

2010-02-03 03:52:44 53248 ----a-w- c:\windows\syswow64\aticalrt.dll

2010-02-03 03:52:32 39936 ----a-w- c:\windows\system32\aticalcl64.dll

2010-02-03 03:52:30 53248 ----a-w- c:\windows\syswow64\aticalcl.dll

2010-02-03 03:52:18 4771840 ----a-w- c:\windows\system32\aticaldd64.dll

2010-02-03 03:51:18 3649536 ----a-w- c:\windows\syswow64\aticaldd.dll

2010-02-03 03:49:46 4736000 ----a-w- c:\windows\system32\atiumd64.dll

2010-02-03 03:43:14 2649088 ----a-w- c:\windows\system32\atiumd6a.dll

2010-02-03 03:40:18 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll

2010-02-03 03:37:10 2934272 ----a-w- c:\windows\syswow64\atiumdva.dll

2010-02-03 03:25:06 53248 ----a-w- c:\windows\system32\atimpc64.dll

2010-02-03 03:25:06 53248 ----a-w- c:\windows\system32\amdpcom64.dll

2010-02-03 03:25:00 52224 ----a-w- c:\windows\syswow64\atimpc32.dll

2010-02-03 03:25:00 52224 ----a-w- c:\windows\syswow64\amdpcom32.dll

2010-02-03 03:24:34 321536 ----a-w- c:\windows\system32\atiadlxx.dll

2010-02-03 03:24:28 229376 ----a-w- c:\windows\syswow64\atiadlxy.dll

2010-02-03 03:24:16 14848 ----a-w- c:\windows\system32\atig6pxx.dll

2010-02-03 03:24:12 12800 ----a-w- c:\windows\syswow64\atiglpxx.dll

2010-02-03 03:24:12 12800 ----a-w- c:\windows\system32\atiglpxx.dll

2010-02-03 03:24:08 16384 ----a-w- c:\windows\system32\atig6txx.dll

2010-02-03 03:24:04 14848 ----a-w- c:\windows\syswow64\atigktxx.dll

2010-02-03 03:23:58 186880 ----a-w- c:\windows\system32\drivers\atikmpag.sys

2010-02-03 03:23:32 55296 ----a-w- c:\windows\system32\coinst.dll

2010-02-03 03:23:20 35840 ----a-w- c:\windows\system32\atiuxp64.dll

2010-02-03 03:23:14 27136 ----a-w- c:\windows\syswow64\atiuxpag.dll

2010-02-03 03:23:06 28160 ----a-w- c:\windows\system32\atiu9p64.dll

2010-02-03 03:22:58 20480 ----a-w- c:\windows\syswow64\atiu9pag.dll

2010-02-02 08:36:47 2048 ----a-w- c:\windows\system32\tzres.dll

2010-02-02 07:45:54 2048 ----a-w- c:\windows\syswow64\tzres.dll

2010-01-28 14:33:38 116736 ----a-w- c:\windows\system32\drivers\AtiHdmi.sys

2010-01-24 21:46:33 99384 ----a-w- c:\users\michael\appdata\roaming\inst.exe

2010-01-24 21:46:33 82816 ----a-w- c:\windows\system32\drivers\pcouffin.sys

2010-01-24 21:46:33 82816 ----a-w- c:\users\michael\appdata\roaming\pcouffin.sys

2010-01-22 06:16:34 871408 ----a-w- c:\windows\system32\drivers\sptd.sys

2010-01-19 09:05:57 424960 ----a-w- c:\windows\system32\secproc.dll

2010-01-19 09:05:57 422912 ----a-w- c:\windows\system32\secproc_isv.dll

2010-01-19 09:05:57 121856 ----a-w- c:\windows\system32\secproc_ssp_isv.dll

2010-01-19 09:05:57 121856 ----a-w- c:\windows\system32\secproc_ssp.dll

2010-01-19 09:00:44 305152 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe

2010-01-19 09:00:43 357888 ----a-w- c:\windows\system32\RMActivate_isv.exe

2010-01-19 09:00:37 356352 ----a-w- c:\windows\system32\RMActivate.exe

2010-01-19 09:00:37 306688 ----a-w- c:\windows\system32\RMActivate_ssp.exe

2010-01-18 23:29:31 85504 ----a-w- c:\windows\syswow64\secproc_ssp_isv.dll

2010-01-18 23:29:31 85504 ----a-w- c:\windows\syswow64\secproc_ssp.dll

2010-01-18 23:29:31 365568 ----a-w- c:\windows\syswow64\secproc_isv.dll

2010-01-18 23:29:30 369152 ----a-w- c:\windows\syswow64\secproc.dll

2010-01-18 23:28:33 324608 ----a-w- c:\windows\syswow64\RMActivate_isv.exe

2010-01-18 23:28:33 277504 ----a-w- c:\windows\syswow64\RMActivate_ssp_isv.exe

2010-01-18 23:28:30 320512 ----a-w- c:\windows\syswow64\RMActivate.exe

2010-01-18 23:28:30 280064 ----a-w- c:\windows\syswow64\RMActivate_ssp.exe

2010-01-11 07:12:38 381440 ----a-w- c:\windows\syswow64\iedkcs32.dll

2009-12-22 08:36:19 243200 ----a-w- c:\windows\system32\wow64.dll

2009-12-22 08:24:35 14336 ----a-w- c:\windows\syswow64\ntvdm64.dll

2009-12-22 08:23:35 25600 ----a-w- c:\windows\syswow64\setup16.exe

2009-12-22 08:22:10 5120 ----a-w- c:\windows\syswow64\wow32.dll

2009-12-22 04:28:10 7680 ----a-w- c:\windows\syswow64\instnm.exe

2009-12-22 04:28:08 2048 ----a-w- c:\windows\syswow64\user.exe

2009-12-19 09:51:24 1192960 ----a-w- c:\windows\system32\wininet.dll

2009-12-19 09:50:56 14848 ----a-w- c:\windows\system32\tsbyuv.dll

2009-12-19 09:49:47 1572352 ----a-w- c:\windows\system32\quartz.dll

2009-12-19 09:47:56 25088 ----a-w- c:\windows\system32\msyuv.dll

2009-12-19 09:47:53 38912 ----a-w- c:\windows\system32\msvidc32.dll

2009-12-19 09:47:46 16384 ----a-w- c:\windows\system32\msrle32.dll

2009-12-19 09:46:35 54272 ----a-w- c:\windows\system32\iyuv_32.dll

2009-07-14 05:37:38 31548 ----a-w- c:\windows\inf\perflib\0409\perfd.dat

2009-07-14 05:37:38 31548 ----a-w- c:\windows\inf\perflib\0409\perfc.dat

2009-07-14 05:37:38 291294 ----a-w- c:\windows\inf\perflib\0409\perfi.dat

2009-07-14 05:37:38 291294 ----a-w- c:\windows\inf\perflib\0409\perfh.dat

2009-07-14 04:54:24 174 --sha-w- c:\program files\desktop.ini

2009-07-14 04:54:24 174 --sha-w- c:\program files (x86)\desktop.ini

2009-07-14 01:00:34 291294 ----a-w- c:\windows\inf\perflib\0000\perfi.dat

2009-07-14 01:00:34 291294 ----a-w- c:\windows\inf\perflib\0000\perfh.dat

2009-07-14 01:00:32 31548 ----a-w- c:\windows\inf\perflib\0000\perfd.dat

2009-07-14 01:00:32 31548 ----a-w- c:\windows\inf\perflib\0000\perfc.dat

2009-06-10 20:44:08 9633792 --sha-r- c:\windows\fonts\StaticCache.dat

2009-07-14 01:39:53 398848 --sha-w- c:\windows\winsxs\amd64_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_4d4d1f2f696639a2\WinMail.exe

2009-07-14 01:14:45 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe

============= FINISH: 23:15:44.67 ===============

Not to sure where

Attach.zip

Link to post
Share on other sites
  • Staff
screen317

screen317

Posted
  • Staff
Posted

Hi and welcome to Malwarebytes.

Please update MBAM, run a Quick Scan, and post its log.

Do not wrap your logs in quotes please.

Next, please visit this webpage for instructions for running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

  • When the tool is finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt along with a new HijackThis log so we may continue cleaning the system.

-screen317

Link to post
Share on other sites
  • 3 weeks later...
  • Staff
screen317

screen317

Posted
  • Staff
Posted

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.

  I accept