Jump to content

5722.r.google.com


Recommended Posts

Hi, I'm having troubles once again. Tried to reformat and problem is still there. GMER doesn't respond.

MBAM:

Malwarebytes' Anti-Malware 1.50.1.1100

www.malwarebytes.org

Database version: 6103

Windows 6.1.7600

Internet Explorer 8.0.7600.16385

3/18/2011 7:10:32 PM

mbam-log-2011-03-18 (19-10-32).txt

Scan type: Quick scan

Objects scanned: 156239

Time elapsed: 27 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

DDS:

.

DDS (Ver_11-03-05.01) - NTFS_AMD64

Run by David at 19:10:56.29 on Fri 03/18/2011

Internet Explorer: 8.0.7600.16385

Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.4094.2923 [GMT -7:00]

.

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\nvvsvc.exe

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\AUDIODG.EXE

C:\Windows\servicing\TrustedInstaller.exe

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\system32\nvvsvc.exe

C:\Windows\system32\Dwm.exe

C:\Windows\system32\taskhost.exe

C:\Windows\Explorer.EXE

C:\Program Files\UltraMon\UltraMon.exe

C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe

C:\Program Files\UltraMon\UltraMonTaskbar.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files (x86)\Common Files\Realtime Soft\RTSHookInterop\x32\RTSHookInterop.exe

C:\Windows\System32\dinotify.exe

C:\Windows\System32\svchost.exe -k swprv

C:\Windows\system32\msiexec.exe

C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe

C:\Windows\System32\svchost.exe -k secsvcs

C:\Windows\system32\taskhost.exe

C:\Program Files (x86)\ANI\ANIWZCS2 Service\WZCSLDR2.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\SysWOW64\ANIWConnService.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Users\David\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\David\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\David\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\David\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Windows\SysWOW64\NOTEPAD.EXE

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Users\David\Downloads\dds.scr

C:\Windows\system32\conhost.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

mWinlogon: Userinit=userinit.exe

uRun: [Google Update] "C:\Users\David\AppData\Local\Google\Update\GoogleUpdate.exe" /c

mRun: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r

mRun: [ANIWZCS2Service] C:\Program Files (x86)\ANI\ANIWZCS2 Service\WZCSLDR2.exe

mRun: [D-Link D-Link Wireless 150 USB Adapter DWA-125] C:\Program Files (x86)\D-Link\DWA-125 revA\AirGCFG.exe

mRunOnce: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\UltraMon.lnk - C:\Windows\Installer\{537056B7-32A4-4408-9B54-0341963C7C9C}\IcoUltraMon.ico

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)

mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableLUA = 0 (0x0)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

mPolicies-system: PromptOnSecureDesktop = 0 (0x0)

.

============= SERVICES / DRIVERS ===============

.

R2 ANIWConnService;ANIWConn Service;C:\Windows\system32\ANIWConnService.exe --> C:\Windows\system32\ANIWConnService.exe [?]

R2 UltraMonUtility;UltraMon Utility Driver;C:\Program Files (x86)\Common Files\Realtime Soft\UltraMonMirrorDrv\x64\UltraMonUtility.sys [2008-11-14 20512]

R3 rt2870;D-Link 802.11n USB Wireless LAN Card Driver;C:\Windows\System32\drivers\rt2870.sys [2011-3-18 941056]

R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-3-18 215040]

R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;C:\Windows\System32\drivers\viahduaa.sys [2010-7-1 1250816]

R3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\System32\drivers\wdcsam64.sys [2008-5-6 14464]

.

=============== Created Last 30 ================

.

2011-03-19 02:09:04 -------- d-----w- C:\Users\David\AppData\Roaming\Malwarebytes

2011-03-19 02:09:00 38224 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys

2011-03-19 02:08:59 -------- d-----w- C:\Windows\Panther

2011-03-19 02:08:59 -------- d-----w- C:\PROGRA~3\Malwarebytes

2011-03-19 02:08:57 24152 ----a-w- C:\Windows\System32\drivers\mbam.sys

2011-03-19 02:08:57 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2011-03-19 02:05:31 147456 ----a-w- C:\Windows\SysWow64\ANIWConnService.exe

2011-03-19 02:05:18 302080 ----a-w- C:\Windows\lwd.exe

2011-03-19 02:05:09 700416 ----a-w- C:\Windows\SysWow64\ANIWZCS2.dll

2011-03-19 02:05:09 49152 ----a-w- C:\Windows\SysWow64\JJAKEn.dll

2011-03-19 02:05:09 49152 ----a-w- C:\Windows\SysWow64\AQCKGen.dll

2011-03-19 02:05:09 45115 ----a-w- C:\Windows\SysWow64\ANICtl.dll

2011-03-19 02:05:09 270336 ----a-w- C:\Windows\SysWow64\wnicapi.dll

2011-03-19 02:05:09 258048 ----a-w- C:\Windows\SysWow64\wlanapp.dll

2011-03-19 02:05:09 204800 ----a-w- C:\Windows\SysWow64\aIPH.dll

2011-03-19 02:05:09 1327189 ----a-w- C:\Windows\SysWow64\odSupp_M.dll

2011-03-19 01:51:35 -------- d-----w- C:\Users\David\AppData\Roaming\Realtime Soft

2011-03-19 01:51:34 -------- d-----w- C:\Program Files\UltraMon

2011-03-19 01:51:34 -------- d-----w- C:\Program Files (x86)\Common Files\Realtime Soft

2011-03-19 01:51:34 -------- d-----w- C:\PROGRA~3\Realtime Soft

2011-03-19 01:34:09 7947600 ----a-w- C:\PROGRA~3\Microsoft\Windows Defender\Definition Updates\{BB98DAAC-1E58-49DD-A80A-F223A54D2EDF}\mpengine.dll

2011-03-19 01:34:09 270720 ------w- C:\Windows\System32\MpSigStub.exe

2011-03-19 01:27:33 -------- d-----w- C:\PROGRA~3\NVIDIA Corporation

2011-03-19 01:27:31 -------- d-----w- C:\Users\David\AppData\Local\Google

2011-03-19 01:27:31 -------- d-----w- C:\Program Files\NVIDIA Corporation

2011-03-19 01:27:21 -------- d-----w- C:\Users\David\AppData\Local\Deployment

2011-03-19 01:27:21 -------- d-----w- C:\Users\David\AppData\Local\Apps

2011-03-19 01:25:47 414632 ------w- C:\Windows\difxapi.dll

2011-03-19 01:25:47 -------- d-----w- C:\Program Files (x86)\VIA

2011-03-19 01:25:35 -------- d-sh--w- C:\Windows\Installer

2011-03-19 01:23:34 67584 ----a-w- C:\Windows\System32\RtNicProp64.dll

2011-03-19 01:23:34 215040 ----a-w- C:\Windows\System32\drivers\Rt64win7.sys

2011-03-19 01:23:34 -------- d-----w- C:\Program Files (x86)\Realtek

2011-03-19 01:22:52 53248 ----a-w- C:\Windows\SysWow64\CSVer.dll

2011-03-19 01:22:46 -------- d-----w- C:\Intel

2011-03-19 01:20:12 220672 ----a-w- C:\Windows\System32\wintrust.dll

2011-03-19 01:20:12 172032 ----a-w- C:\Windows\SysWow64\wintrust.dll

2011-03-19 01:20:11 139264 ----a-w- C:\Windows\System32\cabview.dll

2011-03-19 01:20:11 132608 ----a-w- C:\Windows\SysWow64\cabview.dll

2011-03-19 01:15:19 -------- d-sh--w- C:\Recovery

.

==================== Find3M ====================

.

2010-12-21 01:11:32 307712 ----a-w- C:\Windows\UltraMon.scr

2010-12-21 01:05:24 360448 ----a-w- C:\Windows\SysWow64\UltraMon.dll

2010-12-21 01:05:02 89600 ----a-w- C:\Windows\SysWow64\UltraMonHook.dll

.

============= FINISH: 19:11:06.02 ===============

Attach.zip

Link to post
Share on other sites

  • Staff

Hi,

Are you running a router currently?

Please update MBAM, run a Quick Scan, and post its log.

Please visit this webpage for instructions for running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

  • When the tool is finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt along with a new DDS log so we may continue cleaning the system.

-screen317

Link to post
Share on other sites

  • Staff

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.