Jump to content

Log files


msL
 Share

Recommended Posts

Got infected with some malware. Don't know if I managed to get rid of it all.

How it happened:

1. Clicked on a suspicious link on the web

2. When restarting machine I noticed a "RunDLL" window saying it couldn't access a file because it contained a virus

3. Avast! reported a virus in system32 folder that was linked to a process in Task Manager. The DLL file kept reappearing all the time and Avast! would keep quarantining it

4. Removed some malware things that was in startup tab

5. Ran Malwarebytes and Spybot

6. Malwarebytes keep telling me it's blocking malicious web sites without me doing anything on the machine (don't know if this i normal)

DDS.txt:

DDS (Ver_10-03-17.01) - NTFSx86  
Run by Admin at 15:17:13,16 on 29.04.2010
Internet Explorer: 8.0.7600.16385
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.47.1033.18.2046.1241 [GMT 2:00]


============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\Program Files\Alwil Software\Avast5\afwServ.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskhost.exe
C:\Program Files\MozyHome\mozybackup.exe
C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Program Files\MozyHome\mozybackup.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrobat_sl.exe
C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE
C:\Program Files\MozyHome\mozystat.exe
C:\Users\Admin\AppData\Local\Google\Update\1.2.183.23\GoogleCrashHandler.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Users\Admin\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files\Opera\opera.exe
C:\Program Files\Microsoft Office\Office14\GROOVE.EXE
C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Users\Admin\Desktop\dds.scr
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

BHO: SnagIt Toolbar Loader: {00c6482d-c502-44c8-8409-fce54ad9c208} - c:\program files\techsmith\snagit 9\SnagitBHO.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~2\office14\GROOVEEX.DLL
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~2\office14\URLREDIR.DLL
BHO: {c14aa221-bae1-45f6-b0b3-90c23f2daa7d} - No File
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Snagit: {8ff5e183-abde-46eb-b09e-d2aab95cabe3} - c:\program files\techsmith\snagit 9\SnagitIEAddin.dll
TB: {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No File
uRun: [uTorrent] "c:\program files\utorrent\uTorrent.exe"
uRun: [Google Update] "c:\users\admin\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [OfficeSyncProcess] "c:\program files\microsoft office\office14\MSOSYNC.EXE"
mRun: [avast5] "c:\program files\alwil software\avast5\avastUI.exe" /nogui
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [BCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServices
mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [Adobe Acrobat Speed Launcher] "c:\program files\adobe\acrobat 9.0\acrobat\Acrobat_sl.exe"
mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 9.0\acrobat\Acrotray.exe"
mRun: [<NO NAME>]
StartupFolder: c:\users\admin\appdata\roaming\micros~1\windows\startm~1\programs\startup\digsby.lnk - c:\program files\digsby\digsby.exe
StartupFolder: c:\users\admin\appdata\roaming\micros~1\windows\startm~1\programs\startup\dropbox.lnk - c:\users\admin\appdata\roaming\dropbox\bin\Dropbox.exe
StartupFolder: c:\users\admin\appdata\roaming\micros~1\windows\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office14\GROOVE.EXE
StartupFolder: c:\users\admin\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office14\ONENOTEM.EXE
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\mozyho~1.lnk - c:\program files\mozyhome\mozystat.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\micros~2\office14\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
AppInit_DLLs: acaptuser32.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~2\office14\GROOVEEX.DLL
Hosts: 127.0.0.1 www.spywareinfo.com

============= SERVICES / DRIVERS ===============

R0 aswNdis;avast! Firewall NDIS Filter Service;c:\windows\system32\drivers\aswNdis.sys [2010-4-14 12112]
R0 aswNdis2;avast! Firewall Core Firewall Service;c:\windows\system32\drivers\aswNdis2.sys [2010-4-14 194640]
R1 aswFW;avast! TDI Firewall driver;c:\windows\system32\drivers\aswFW.sys [2010-4-14 102352]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2010-4-14 294480]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-4-14 162640]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-4-14 19024]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-4-14 51792]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-4-14 40384]
R2 avast! Firewall;avast! Firewall;c:\program files\alwil software\avast5\afwServ.exe [2010-4-14 119200]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\nvidia corporation\3d vision\nvSCPAPISvr.exe [2010-4-3 240232]
R2 vpnagent;Cisco AnyConnect VPN Agent;c:\program files\cisco\cisco anyconnect vpn client\vpnagent.exe [2008-12-11 417464]
R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-4-14 40384]
R3 hidusbf;USB Mouse Rate Adjuster Lower Filter by SweetLow;c:\windows\system32\drivers\hidusbf.sys [2010-4-8 5568]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\drivers\yk62x86.sys [2009-7-20 313856]
S2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2010-4-28 303952]
S2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files\common files\pc tools\smonitor\startmansvc.exe --> c:\program files\common files\pc tools\smonitor\StartManSvc.exe [?]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-4-28 20824]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\microsoft office\office14\GROOVE.EXE [2010-3-25 30969208]
S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]

============== File Associations ===============

.txt=Notepad++_file

=============== Created Last 30 ================

2010-04-29 13:14:38 20 ----a-w- c:\users\admin\defogger_reenable
2010-04-28 16:52:13 95744 ---ha-w- c:\windows\system32\trzB420.tmp
2010-04-28 16:52:12 95744 ---ha-w- c:\windows\system32\trzAEC2.tmp
2010-04-28 16:52:10 95744 ---ha-w- c:\windows\system32\trzA83C.tmp
2010-04-28 16:52:08 95744 ---ha-w- c:\windows\system32\trzA1E4.tmp
2010-04-28 16:52:08 95744 ---ha-w- c:\windows\system32\trz9F25.tmp
2010-04-28 16:52:07 95744 ---ha-w- c:\windows\system32\trz9AD1.tmp
2010-04-28 16:52:05 95744 ---ha-w- c:\windows\system32\trz95E0.tmp
2010-04-28 16:52:04 95744 ---ha-w- c:\windows\system32\trz8ECD.tmp
2010-04-28 16:52:02 95744 ---ha-w- c:\windows\system32\trz86B2.tmp
2010-04-28 16:52:00 95744 ---ha-w- c:\windows\system32\trz803B.tmp
2010-04-28 10:44:26 0 d-----w- c:\program files\MeWiG
2010-04-28 10:29:50 719872 ----a-w- c:\windows\system32\devil.dll
2010-04-28 10:29:48 0 d-----w- c:\program files\AviSynth 2.5
2010-04-28 10:29:30 0 d-----w- c:\program files\eRightSoft
2010-04-28 10:13:24 0 d-----w- c:\users\admin\fontconfig
2010-04-28 10:12:48 0 d-----w- c:\users\admin\.smplayer
2010-04-28 10:12:25 0 d-----w- c:\program files\SMPlayer
2010-04-27 23:25:09 0 d-----w- c:\program files\Spybot - Search & Destroy
2010-04-27 23:17:28 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-27 23:17:27 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-27 23:17:27 0 d-----w- c:\programdata\Malwarebytes
2010-04-27 23:13:04 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-04-27 22:59:14 0 d-----w- c:\users\admin\appdata\roaming\Malwarebytes
2010-04-27 22:48:19 89600 ---ha-w- c:\windows\system32\trz9BE2.tmp
2010-04-27 22:47:06 89600 ---ha-w- c:\windows\system32\trz84D7.tmp
2010-04-27 22:01:32 0 d-----w- c:\program files\Security Task Manager
2010-04-27 17:33:19 0 d-----w- c:\users\admin\appdata\roaming\avidemux
2010-04-27 17:33:13 0 d-----w- c:\program files\Avidemux 2.5
2010-04-27 12:13:13 61440 ----a-w- c:\windows\UnDeploy.exe
2010-04-27 12:13:13 0 d-----w- c:\program files\Microsoft
2010-04-25 19:12:06 0 d-----w- c:\windows\system32\RTCOM
2010-04-25 19:11:48 0 d-----w- c:\program files\Realtek
2010-04-25 19:01:32 170 ----a-w- c:\windows\SMM_HCEditor.INI
2010-04-25 18:49:24 0 d-----w- c:\program files\common files\Solveig Multimedia
2010-04-25 18:36:37 2 ----a-w- c:\users\admin\tenmy.ini
2010-04-25 18:36:19 89600 ---ha-w- c:\windows\system32\opqnoo.dll
2010-04-25 18:36:17 344064 ----a-w- c:\users\admin\windrvswld94.exe
2010-04-25 17:39:37 411480 ----a-w- c:\windows\system32\tsccvid.dll
2010-04-25 17:39:35 0 d-----w- c:\windows\system32\QuickTime
2010-04-25 17:39:07 0 d-----w- c:\program files\common files\TechSmith Shared
2010-04-25 17:30:40 0 d-----w- c:\programdata\TechSmith
2010-04-25 17:29:47 0 d-----w- c:\program files\common files\Wise Installation Wizard
2010-04-24 14:40:46 0 d-----w- c:\program files\Microsoft Analysis Services
2010-04-24 14:35:34 0 d-----w- c:\program files\Microsoft Synchronization Services
2010-04-24 14:34:09 0 d-----w- c:\windows\PCHEALTH
2010-04-24 14:34:09 0 d-----w- c:\program files\Microsoft SQL Server Compact Edition
2010-04-23 22:27:38 0 d-----w- c:\programdata\Sun
2010-04-23 22:27:13 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-04-23 22:25:50 0 d-----w- c:\program files\JabRef
2010-04-23 22:12:56 0 d-----w- c:\users\admin\appdata\roaming\Cisco
2010-04-23 22:11:04 0 d-----w- c:\programdata\Cisco
2010-04-23 22:11:04 0 d-----w- c:\program files\Cisco
2010-04-21 12:16:27 0 d-----w- c:\users\admin\appdata\roaming\XNote Stopwatch
2010-04-21 12:16:25 0 d-----w- c:\program files\XNote Stopwatch
2010-04-21 12:02:46 0 d-----w- c:\program files\StopWatch
2010-04-17 17:22:03 0 d-----w- c:\program files\VideoLAN
2010-04-16 18:30:44 121548 ---ha-w- c:\windows\system32\mlfcache.dat
2010-04-16 15:54:31 0 d-----w- c:\programdata\MediaMonkey
2010-04-14 03:45:02 294480 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2010-04-14 03:45:01 102352 ----a-w- c:\windows\system32\drivers\aswFW.sys
2010-04-14 03:44:52 194640 ----a-w- c:\windows\system32\drivers\aswNdis2.sys
2010-04-14 03:44:50 51792 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2010-04-14 03:44:39 12112 ----a-w- c:\windows\system32\drivers\aswNdis.sys
2010-04-13 04:14:37 0 d-----w- c:\program files\CurioStudio
2010-04-12 00:10:05 0 d-----w- c:\programdata\Apple Computer
2010-04-12 00:10:04 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-04-12 00:10:04 69632 ----a-w- c:\windows\system32\QuickTime.qts
2010-04-12 00:10:04 180224 ----a-w- c:\windows\system32\QTCF.dll
2010-04-12 00:10:01 0 d-----w- c:\program files\QT Lite
2010-04-11 00:04:36 0 d-----w- c:\programdata\Alwil Software
2010-04-10 20:17:54 0 d-----w- c:\users\admin\appdata\roaming\Digsby
2010-04-10 20:17:54 0 d-----w- c:\programdata\Digsby
2010-04-10 20:15:33 0 d-----w- c:\program files\Digsby
2010-04-09 21:15:40 0 d-----w- c:\programdata\SecTaskMan
2010-04-09 21:03:20 0 d-----w- c:\programdata\SUPERAntiSpyware.com
2010-04-09 21:03:15 0 d-----w- c:\users\admin\appdata\roaming\SUPERAntiSpyware.com
2010-04-09 21:02:52 7899168 ----a-w- c:\users\admin\appdata\roaming\5eltd2258EL.exe
2010-04-09 20:26:04 0 d-----w- c:\programdata\Spybot - Search & Destroy
2010-04-09 16:46:37 0 d-----w- C:\perflogs
2010-04-09 16:38:20 0 d-----w- c:\program files\Clue
2010-04-09 15:26:15 1320960 ----a-w- c:\windows\system32\CertEnroll.dll
2010-04-09 15:26:14 71168 ----a-w- c:\windows\system32\fontsub.dll
2010-04-09 15:26:14 293888 ----a-w- c:\windows\system32\atmfd.dll
2010-04-09 15:26:14 108544 ----a-w- c:\windows\system32\t2embed.dll
2010-04-09 15:26:13 728648 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2010-04-09 15:26:11 507568 ----a-w- c:\windows\system32\winload.exe
2010-04-09 15:26:11 442920 ----a-w- c:\windows\system32\winresume.exe
2010-04-09 15:26:10 2613248 ----a-w- c:\windows\explorer.exe
2010-04-09 15:26:09 12625408 ----a-w- c:\windows\system32\wmploc.DLL
2010-04-09 15:25:14 34816 ----a-w- c:\windows\system32\msasn1.dll
2010-04-09 15:24:51 257024 ----a-w- c:\windows\system32\msv1_0.dll
2010-04-09 06:34:21 0 d-----w- c:\windows\pss
2010-04-09 00:51:55 22872 ----a-r- c:\windows\system32\AdobePDFUI.dll
2010-04-09 00:48:53 112056 ----a-w- c:\windows\system32\acaptuser32.dll
2010-04-09 00:38:55 0 d-----w- c:\windows\Panther
2010-04-09 00:38:43 8192 --sha-r- C:\BOOTSECT.BAK
2010-04-09 00:38:42 383562 --sha-r- C:\bootmgr
2010-04-09 00:38:42 0 d-sh--w- C:\Boot
2010-04-09 00:35:58 46928 ----a-w- c:\windows\system32\AdobePDF.dll
2010-04-09 00:23:40 0 d-----w- c:\programdata\FLEXnet
2010-04-09 00:21:47 0 d-----w- c:\program files\common files\Macrovision Shared
2010-04-09 00:18:31 0 d-----w- c:\programdata\Adobe
2010-04-09 00:15:03 165376 ----a-w- c:\windows\system32\unrar.dll
2010-04-09 00:09:03 0 d-----w- c:\windows\system32\appmgmt
2010-04-08 23:05:13 54776 ----a-w- c:\windows\system32\drivers\mozy.sys
2010-04-08 23:05:11 0 d-----w- c:\program files\MozyHome
2010-04-08 22:44:30 0 d-----w- c:\programdata\Microsoft Help
2010-04-08 22:40:17 7122944 ----a-w- c:\users\admin\s-1-5-21-1922580542-423504775-3926344212-1001.rrr
2010-04-08 22:37:32 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-04-08 22:36:38 0 d-----w- c:\users\admin\appdata\roaming\DAEMON Tools Lite
2010-04-08 22:36:36 0 d-----w- c:\programdata\DAEMON Tools Lite
2010-04-08 22:16:02 0 d-----w- c:\users\admin\appdata\roaming\Dropbox
2010-04-08 21:55:17 0 d-----w- c:\program files\MyLifeOrganized.net
2010-04-08 21:42:27 0 d-----w- c:\program files\MediaMonkey
2010-04-08 20:36:50 0 d-----w- c:\program files\Windows Updates Downloader
2010-04-08 20:32:09 0 d-----w- c:\users\admin\appdata\roaming\Registry Mechanic
2010-04-08 20:29:41 0 d---a-w- c:\programdata\TEMP
2010-04-08 20:29:27 880640 ----a-w- c:\windows\system32\UniBox10.ocx
2010-04-08 20:29:27 506368 ----a-w- c:\windows\system32\msxml.dll
2010-04-08 20:29:27 212992 ----a-w- c:\windows\system32\UniBoxVB12.ocx
2010-04-08 20:29:27 1101824 ----a-w- c:\windows\system32\UniBox210.ocx
2010-04-08 20:29:26 0 d-----w- c:\program files\common files\PC Tools
2010-04-08 20:22:17 0 d-----w- c:\program files\uTorrent
2010-04-08 20:22:00 0 d-----w- c:\users\admin\appdata\roaming\uTorrent
2010-04-08 20:14:16 0 d-----w- c:\programdata\Sunbelt
2010-04-08 20:10:37 0 d-----w- c:\program files\Sunbelt Software
2010-04-08 20:00:50 331705 --sh--r- C:\KYODM
2010-04-08 20:00:50 20 --sh--r- C:\win7.ld
2010-04-08 17:08:10 543 ----a-w- c:\windows\NGO.cer
2010-04-08 17:05:30 5568 ----a-w- c:\windows\system32\drivers\hidusbf.sys
2010-04-08 16:56:24 0 d-----w- c:\windows\system32\directx
2010-04-08 16:55:17 0 d-----w- c:\program files\Marvell
2010-04-08 16:54:28 0 d-----w- c:\programdata\NVIDIA
2010-04-08 16:54:14 0 d-sh--w- c:\windows\Installer
2010-04-08 16:54:12 0 d-----w- c:\program files\NVIDIA Corporation
2010-04-08 16:53:57 795104 ----a-w- c:\windows\system32\dpinst.exe
2010-04-08 16:53:56 9386600 ----a-w- c:\windows\system32\nvd3dum.dll
2010-04-08 16:53:55 215656 ----a-w- c:\windows\system32\nvcod1910.dll
2010-04-08 16:53:55 1296488 ----a-w- c:\windows\system32\nvapi.dll
2010-04-08 16:53:37 53248 ----a-w- c:\windows\system32\CSVer.dll
2010-04-08 16:52:45 2898464 ----a-w- c:\windows\system32\RtkAPO.dll
2010-04-08 16:52:44 0 d--h--w- c:\program files\Temp
2010-04-08 16:40:05 0 d-----w- C:\tmp
2010-04-08 16:35:59 713888 ----a-w- c:\windows\system32\PerfStringBackup.INI
2010-04-08 16:35:40 0 d-----w- c:\windows\system32\wbem\Performance
2010-04-08 15:00:44 181632 ------w- c:\windows\system32\MpSigStub.exe
2010-04-03 16:27:00 985704 ----a-w- c:\windows\system32\nvsvc.dll
2010-04-03 16:27:00 13683816 ----a-w- c:\windows\system32\nvcpl.dll
2010-04-03 16:27:00 129640 ----a-w- c:\windows\system32\nvvsvc.exe
2010-04-03 16:27:00 110696 ----a-w- c:\windows\system32\nvmctray.dll
2010-04-03 16:26:56 66714 ----a-w- c:\windows\system32\NvwsApps.xml
2010-04-03 16:26:56 276196 ----a-w- c:\windows\system32\NvApps.xml

==================== Find3M ====================

2010-04-03 22:55:31 56424 ----a-w- c:\windows\system32\OpenCL.dll
2010-04-03 22:55:31 4503144 ----a-w- c:\windows\system32\nvwgf2um.dll
2010-04-03 22:55:31 4029544 ----a-w- c:\windows\system32\nvcuda.dll
2010-04-03 22:55:31 316008 ----a-w- c:\windows\system32\nvdecodemft.dll
2010-04-03 22:55:31 2907752 ----a-w- c:\windows\system32\nvencodemft.dll
2010-04-03 22:55:31 2646632 ----a-w- c:\windows\system32\nvcuvenc.dll
2010-04-03 22:55:31 227944 ----a-w- c:\windows\system32\nvcod1914.dll
2010-04-03 22:55:31 227944 ----a-w- c:\windows\system32\nvcod.dll
2010-04-03 22:55:31 2009704 ----a-w- c:\windows\system32\nvcuvid.dll
2010-04-03 22:55:31 15227496 ----a-w- c:\windows\system32\nvoglv32.dll
2010-04-03 22:55:31 11647592 ----a-w- c:\windows\system32\nvcompiler.dll
2010-04-03 22:55:31 11573800 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2010-04-03 22:55:31 10920 ----a-w- c:\windows\system32\drivers\nvBridge.kmd
2010-03-16 00:15:00 66664 ----a-w- c:\windows\system32\nvshext.dll
2010-02-20 15:20:18 31616 ----a-w- c:\windows\system32\FM20ENU.DLL
2010-02-20 15:20:18 1207144 ----a-w- c:\windows\system32\FM20.DLL
2010-02-17 19:42:38 51584 ----a-w- c:\windows\system32\VBAME.DLL
2010-02-04 08:01:14 74072 ----a-w- c:\windows\system32\XAPOFX1_4.dll
2010-02-04 08:01:14 528216 ----a-w- c:\windows\system32\XAudio2_6.dll
2010-02-04 08:01:14 238936 ----a-w- c:\windows\system32\xactengine3_6.dll
2010-02-04 08:01:14 22360 ----a-w- c:\windows\system32\X3DAudio1_7.dll
2009-07-14 04:56:42 31548 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2009-07-14 04:56:42 31548 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2009-07-14 04:56:42 291294 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2009-07-14 04:56:42 291294 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2009-07-14 04:41:57 174 --sha-w- c:\program files\desktop.ini
2009-07-14 00:34:40 291294 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2009-07-14 00:34:40 291294 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2009-07-14 00:34:38 31548 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2009-07-14 00:34:38 31548 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2009-06-10 21:26:35 9633792 --sha-r- c:\windows\fonts\StaticCache.dat
2006-05-03 10:06:54 163328 --sh--r- c:\windows\system32\flvDX.dll
2007-02-21 11:47:16 31232 --sh--r- c:\windows\system32\msfDX.dll
2008-03-16 13:30:52 216064 --sh--r- c:\windows\system32\nbDX.dll
2009-07-14 01:14:45 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe

============= FINISH: 15:18:38,09 ===============

Malwarebytes' Anti-Malware log file (1):

Malwarebytes' Anti-Malware 1.45
www.malwarebytes.org

Database version: 4043

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

28.04.2010 01:21:54
mbam-log-2010-04-28 (01-21-54).txt

Scan type: Flash scan
Objects scanned: 86788
Time elapsed: 23 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 4
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\urssrqdrv (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\urrspodrv (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\pmkjkhdrv (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\pmkjkhdrv (Trojan.Vundo) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Malwarebytes' Anti-Malware log file (2):


Malwarebytes' Anti-Malware 1.45
www.malwarebytes.org

Database version: 4043

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

28.04.2010 11:53:44
mbam-log-2010-04-28 (11-53-44).txt

Scan type: Full scan (C:\|D:\|E:\|G:\|)
Objects scanned: 473989
Time elapsed: 1 hour(s), 6 minute(s), 3 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 2
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 9

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\pmlkkldrv (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\qonnkldrv (Trojan.Vundo) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
E:\$RECYCLE.BIN\S-1-5-21-1922580542-423504775-3926344212-1001\$RRCCX29.exe (Trojan.Agent.CK) -> Quarantined and deleted successfully.
G:\RECYCLER\S-1-5-21-1078081533-823518204-725345543-500\Df4\EvID4226Patch.exe (Malware.Tool) -> Quarantined and deleted successfully.
G:\RECYCLER\S-1-5-21-1078081533-823518204-725345543-500\Df6\Keygen.exe (Worm.Autorun. -> Quarantined and deleted successfully.
G:\RECYCLER\S-1-5-21-1078081533-823518204-725345543-500\Df6\ORiON\Keygen.exe (Worm.Autorun. -> Quarantined and deleted successfully.
G:\RECYCLER\S-1-5-21-1078081533-823518204-725345543-500\Df8\ORiON\Keygen.exe (Worm.Autorun. -> Quarantined and deleted successfully.
G:\RECYCLER\S-1-5-21-1123561945-308236825-682003330-500\Df4\EvID4226Patch.exe (Malware.Tool) -> Quarantined and deleted successfully.
G:\RECYCLER\S-1-5-21-1123561945-308236825-682003330-500\Df8\Keygen.exe (Worm.Autorun. -> Quarantined and deleted successfully.
G:\RECYCLER\S-1-5-21-1606980848-861567501-682003330-500\Df29\np-fxrp2\Foxit.Reader.Pro.v2.3.2008.2825\Crack\foxit.reader.pro.v2.3.2008.2825-patch.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
G:\RECYCLER\S-1-5-21-1606980848-861567501-682003330-500\Df8\np-fxrp2\Foxit.Reader.Pro.v2.3.2008.2825\Crack\foxit.reader.pro.v2.3.2008.2825-patch.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

Attach.zip

Link to post
Share on other sites

 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.