Jump to content

Redirect virus?


Recommended Posts

Surfing on the internet with firefox / Google Chrome work's just fine, but when i try run a few programs that uses a launcher before starting the actual program/game i get up a message;

"An error has occured in the script on this page"

"line: 1"

"Char: 1"

"Error: Syntax Error"

"Code: 0"

"url: http://fls.doubleclick.net/activityi;src=2796661;type=wowup275;cat=wowla690;ord=730753.5451850853?"

"Do you want to continue running scrips on this page?

"Yes/no"

No mather what option i choose, it blocks internet on that application/game (in this case, my world of warcraft launcher). So i cant update the game / launcher just stops cause of no connection to the tracker.

Malwarebytes' Anti-Malware 1.50.1.1100

www.malwarebytes.org

Database version: 6110

Windows 6.1.7601 Service Pack 1

Internet Explorer 8.0.7601.17514

20.03.2011 09:11:44

mbam-log-2011-03-20 (09-11-44).txt

Scan type: Quick scan

Objects scanned: 162713

Time elapsed: 3 minute(s), 3 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 1

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

c:\Users\tilmandra\AppData\Roaming\78646.exe (HackTool.Wpakill) -> Quarantined and deleted successfully.

----- Ran a scan after rebooting my computer also, it show's no infections --------

.

DDS (Ver_11-03-05.01) - NTFS_AMD64

Run by Tilmandra at 9:26:23,73 on 20.03.2011

Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 1.6.0_24

Microsoft Windows 7 Ultimate 6.1.7601.1.1252.47.1033.18.4094.2656 [GMT 1:00]

.

AV: AVG Internet Security 2011 *Enabled/Outdated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}

SP: AVG Internet Security 2011 *Enabled/Outdated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

FW: AVG Firewall *Disabled* {621CC794-9486-F902-D092-0484E8EA828B}

.

============== Running Processes ===============

.

C:\PROGRA~2\AVG\AVG10\avgchsva.exe

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\system32\atiesrxx.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\atieclxx.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe

C:\Program Files (x86)\AVG\AVG10\avgfws.exe

C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files (x86)\AVG\AVG10\avgam.exe

C:\Program Files (x86)\AVG\AVG10\avgnsa.exe

C:\Windows\System32\rundll32.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Program Files (x86)\AVG\AVG10\avgcsrva.exe

C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe

E:\Steam\Steam.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Users\Tilmandra\AppData\Local\Google\Update\1.2.183.39\GoogleCrashHandler.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\Program Files (x86)\AVG\AVG10\avgtray.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Program Files (x86)\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe

C:\Windows\system32\conhost.exe

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\PROGRA~2\Raptr\raptr.exe

C:\PROGRA~2\Raptr\raptr_im.exe

C:\Windows\system32\DllHost.exe

C:\Program Files (x86)\Raptr\raptr_ep32.exe

C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

C:\Program Files (x86)\Raptr\raptr_ep64.exe

C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

C:\Users\Tilmandra\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Tilmandra\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Windows\servicing\TrustedInstaller.exe

C:\PROGRA~2\AVG\AVG10\avgrsa.exe

C:\Program Files (x86)\AVG\AVG10\avgcsrva.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\AUDIODG.EXE

C:\Users\Tilmandra\Desktop\dds.scr

C:\Windows\system32\conhost.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uURLSearchHooks: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\tbuTor.dll

mURLSearchHooks: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\tbuTor.dll

mWinlogon: Userinit=userinit.exe,

BHO: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll

BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG10\avgssie.dll

BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

BHO: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\tbuTor.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

TB: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\tbuTor.dll

TB: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll

uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background

uRun: [Raptr] C:\PROGRA~2\Raptr\raptrstub.exe --startup

uRun: [steam] "E:\Steam\steam.exe" -silent

uRun: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

uRun: [Google Update] "C:\Users\Tilmandra\AppData\Local\Google\Update\GoogleUpdate.exe" /c

mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

mRun: [ATICustomerCare] "C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe"

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"

mRun: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG10\avgtray.exe

StartupFolder: C:\Users\TILMAN~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Update.lnk - C:\Windows\System32\rundll32.exe

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)

mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableLUA = 0 (0x0)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

mPolicies-system: PromptOnSecureDesktop = 0 (0x0)

IE: E&ksporter til Microsoft Excel - C:\PROGRA~2\MICROS~4\Office12\EXCEL.EXE/3000

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~4\Office12\ONBttnIE.dll

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~4\Office12\REFIEBAR.DLL

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll

Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgpp.dll

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll

BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG10\avgssiea.dll

BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File

BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

TB-X64: {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - No File

mRun-x64: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\TILMAN~1\AppData\Roaming\Mozilla\Firefox\Profiles\crsrc59r.default\

FF - component: C:\Program Files (x86)\AVG\AVG10\Firefox\components\avgssff.dll

FF - component: C:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}\components\SkypeFfComponent.dll

FF - component: C:\Users\Tilmandra\AppData\Roaming\Mozilla\Firefox\Profiles\crsrc59r.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\components\RadioWMPCoreGecko19.dll

FF - component: C:\Users\Tilmandra\AppData\Roaming\Mozilla\Firefox\Profiles\crsrc59r.default\extensions\engine@conduit.com\components\RadioWMPCoreGecko19.dll

FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

FF - plugin: C:\Users\Tilmandra\AppData\Local\Google\Update\1.2.183.39\npGoogleOneClick8.dll

FF - plugin: C:\Windows\system32\Wat\npWatWeb.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Skype extension: {AB2CE124-6272-4b12-94A9-7303C7397BD1} - C:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}

FF - Ext: Conduit Engine : engine@conduit.com - %profile%\extensions\engine@conduit.com

FF - Ext: uTorrentBar Community Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - %profile%\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}

FF - Ext: AVG Safe Search: {3f963a5b-e555-4543-90e2-c3908898db71} - C:\Program Files (x86)\AVG\AVG10\Firefox

.

============= SERVICES / DRIVERS ===============

.

R0 AVGIDSEH;AVGIDSEH;C:\Windows\System32\drivers\AVGIDSEH.sys [2010-9-13 27216]

R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\drivers\avgrkx64.sys [2010-9-7 30288]

R1 Avgfwfd;AVG network filter service;C:\Windows\System32\drivers\avgfwd6a.sys [2010-7-12 57696]

R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\drivers\avgldx64.sys [2010-12-8 308304]

R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\drivers\avgmfx64.sys [2010-9-7 41040]

R1 Avgtdia;AVG TDI Driver;C:\Windows\System32\drivers\avgtdia.sys [2010-11-12 382032]

R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\System32\drivers\dtsoftbus01.sys [2011-3-7 254528]

R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2011-1-26 203776]

R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-1-26 354304]

R2 AMD Reservation Manager;AMD Reservation Manager;C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe [2010-6-17 194496]

R2 avgfws;AVG Firewall;C:\Program Files (x86)\AVG\AVG10\avgfws.exe [2010-11-22 3226632]

R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [2011-1-6 6128720]

R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe [2010-10-22 265400]

R3 amdiox64;AMD IO Driver;C:\Windows\System32\drivers\amdiox64.sys [2011-2-26 46136]

R3 amdkmdag;amdkmdag;C:\Windows\System32\drivers\atikmdag.sys [2011-1-27 9085952]

R3 amdkmdap;amdkmdap;C:\Windows\System32\drivers\atikmpag.sys [2011-1-26 299520]

R3 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\drivers\AVGIDSDriver.sys [2010-8-19 157264]

R3 AVGIDSFilter;AVGIDSFilter;C:\Windows\System32\drivers\AVGIDSFilter.sys [2010-8-19 35920]

R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2010-6-23 344680]

S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2010-11-17 115216]

S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2011-3-6 20992]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-3-6 59392]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-2-26 1255736]

.

=============== Created Last 30 ================

.

2011-03-20 08:15:02 -------- d-----w- C:\Users\TILMAN~1\AppData\Local\{6F2EF8EF-1F3F-4FC5-93E9-AC196C529806}

2011-03-20 08:05:31 -------- d-----w- C:\Users\TILMAN~1\AppData\Roaming\Malwarebytes

2011-03-20 08:05:23 38224 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys

2011-03-20 08:05:22 -------- d-----w- C:\PROGRA~3\Malwarebytes

2011-03-20 08:05:19 24152 ----a-w- C:\Windows\System32\drivers\mbam.sys

2011-03-20 08:05:19 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2011-03-20 07:35:40 -------- d-----w- C:\Users\TILMAN~1\AppData\Local\Apps

2011-03-19 12:14:04 1139200 ----a-w- C:\Windows\System32\FntCache.dll

2011-03-19 12:14:03 902656 ----a-w- C:\Windows\System32\d2d1.dll

2011-03-19 12:14:03 739840 ----a-w- C:\Windows\SysWow64\d2d1.dll

2011-03-19 12:14:03 1544192 ----a-w- C:\Windows\System32\DWrite.dll

2011-03-19 12:14:03 1076736 ----a-w- C:\Windows\SysWow64\DWrite.dll

2011-03-19 12:14:01 870912 ----a-w- C:\Windows\SysWow64\XpsPrint.dll

2011-03-19 12:14:01 475648 ----a-w- C:\Windows\System32\XpsGdiConverter.dll

2011-03-19 12:14:01 288256 ----a-w- C:\Windows\SysWow64\XpsGdiConverter.dll

2011-03-19 12:14:01 1465344 ----a-w- C:\Windows\System32\XpsPrint.dll

2011-03-19 12:13:41 197120 ----a-w- C:\Windows\System32\d3d10_1.dll

2011-03-19 12:13:41 161792 ----a-w- C:\Windows\SysWow64\d3d10_1.dll

2011-03-18 15:44:11 -------- d-----w- C:\Users\TILMAN~1\AppData\Local\{D605F005-DC39-4227-94AD-12B8ABBE90ED}

2011-03-18 14:38:42 -------- d-----w- C:\Program Files (x86)\Common Files\Blizzard Entertainment

2011-03-15 13:53:38 -------- d-----w- C:\Users\TILMAN~1\AppData\Roaming\Spotify

2011-03-15 13:53:38 -------- d-----w- C:\Users\TILMAN~1\AppData\Local\Spotify

2011-03-15 13:53:34 -------- d-----w- C:\Program Files (x86)\Spotify

2011-03-14 00:15:35 -------- d-----w- C:\Users\TILMAN~1\AppData\Local\{2A490790-89C2-484A-9B52-F9E6EBA281BF}

2011-03-13 22:31:40 -------- d-----w- C:\Users\TILMAN~1\AppData\Local\Google

2011-03-11 21:14:45 -------- d-----w- C:\Users\TILMAN~1\AppData\Local\{BFA0D9EE-8F1C-4D64-B9C3-2E8D254AA0AC}

2011-03-11 07:38:20 -------- d--h--w- C:\$AVG

2011-03-10 21:06:10 -------- d-----w- C:\Users\TILMAN~1\AppData\Roaming\AVG

2011-03-10 20:43:48 -------- d-----w- C:\Users\TILMAN~1\AppData\Roaming\AVG10

2011-03-10 20:23:13 -------- d--h--w- C:\PROGRA~3\Common Files

2011-03-10 20:22:58 -------- d-----w- C:\Windows\SysWow64\drivers\AVG

2011-03-10 20:22:14 -------- d-----w- C:\Windows\System32\drivers\AVG

2011-03-10 20:22:14 -------- d-----w- C:\PROGRA~3\AVG10

2011-03-10 20:22:00 -------- d-----w- C:\Program Files (x86)\AVG

2011-03-10 20:19:42 65536 ----a-w- C:\Program Files (x86)\win64checkKBDK.exe

2011-03-10 19:30:49 -------- d-----w- C:\PROGRA~3\MFAData

2011-03-10 19:22:33 -------- d-----w- C:\Users\TILMAN~1\AppData\Local\{6900DBD5-546A-4996-8906-D41D9C0E7AB4}

2011-03-10 19:07:32 961024 ----a-w- C:\Windows\System32\CPFilters.dll

2011-03-10 19:07:32 723968 ----a-w- C:\Windows\System32\EncDec.dll

2011-03-10 19:07:31 642048 ----a-w- C:\Windows\SysWow64\CPFilters.dll

2011-03-10 19:07:31 534528 ----a-w- C:\Windows\SysWow64\EncDec.dll

2011-03-10 19:07:31 259072 ----a-w- C:\Windows\System32\mpg2splt.ax

2011-03-10 19:07:31 1118720 ----a-w- C:\Windows\System32\sbe.dll

2011-03-10 19:07:30 850944 ----a-w- C:\Windows\SysWow64\sbe.dll

2011-03-10 19:07:30 199680 ----a-w- C:\Windows\SysWow64\mpg2splt.ax

2011-03-10 06:59:28 -------- d-----w- C:\Users\TILMAN~1\AppData\Local\{48846C0E-07FC-42BA-B3AA-91EA6A60081C}

2011-03-09 16:57:38 -------- d-----w- C:\Program Files (x86)\Common Files\Steam

2011-03-07 13:01:26 -------- d-----w- C:\Program Files (x86)\Microsoft Visual Studio 8

2011-03-07 13:00:56 -------- d-----w- C:\Users\TILMAN~1\AppData\Local\Microsoft Help

2011-03-07 12:56:19 254528 ----a-w- C:\Windows\System32\drivers\dtsoftbus01.sys

2011-03-07 12:56:11 -------- d-----w- C:\Program Files (x86)\DAEMON Tools Lite

2011-03-07 12:55:45 -------- d-----w- C:\Users\TILMAN~1\AppData\Roaming\DAEMON Tools Lite

2011-03-07 12:55:45 -------- d-----w- C:\PROGRA~3\DAEMON Tools Lite

2011-03-06 11:24:07 419840 ----a-w- C:\Windows\System32\systemcplx64.dll

2011-03-06 11:24:07 14848 ----a-w- C:\Windows\System32\slwga.dll

2011-03-06 11:24:07 13824 ----a-w- C:\Windows\slwga32.dll

2011-03-06 10:02:46 -------- d-----w- C:\Program Files (x86)\VideoLAN

2011-03-06 09:58:03 -------- d-----w- C:\Windows\System32\SPReview

2011-03-06 09:57:17 -------- d-----w- C:\Windows\System32\EventProviders

2011-03-06 09:54:59 428032 ----a-w- C:\Windows\SysWow64\secproc.dll

2011-03-06 09:53:59 551936 ----a-w- C:\Windows\System32\localsec.dll

2011-03-06 09:52:59 54272 ----a-w- C:\Windows\System32\iyuv_32.dll

2011-03-06 09:51:54 6144 ----a-w- C:\Windows\System32\drivers\en-US\IPMIDrv.sys.mui

2011-03-06 09:51:54 4608 ----a-w- C:\Windows\System32\drivers\en-US\kbdclass.sys.mui

2011-03-06 09:51:48 209920 ----a-w- C:\Windows\SysWow64\PkgMgr.exe

2011-03-06 09:51:48 189952 ----a-w- C:\Windows\SysWow64\wdscore.dll

2011-03-06 09:51:42 323072 ----a-w- C:\Windows\SysWow64\drvstore.dll

2011-03-06 09:51:42 257024 ----a-w- C:\Windows\SysWow64\dpx.dll

2011-03-06 09:51:40 606208 ----a-w- C:\Windows\SysWow64\wbem\fastprox.dll

2011-03-06 09:51:40 363008 ----a-w- C:\Windows\SysWow64\wbemcomn.dll

2011-03-06 09:50:05 529408 ----a-w- C:\Windows\System32\wbemcomn.dll

2011-03-06 09:50:05 524288 ----a-w- C:\Windows\System32\wmicmiplugin.dll

2011-03-06 09:50:05 1225216 ----a-w- C:\Windows\System32\wbem\wbemcore.dll

2011-03-06 09:49:54 933376 ----a-w- C:\Windows\System32\SmiEngine.dll

2011-03-06 09:49:49 199168 ----a-w- C:\Windows\System32\PkgMgr.exe

2011-03-06 09:49:27 422912 ----a-w- C:\Windows\System32\drvstore.dll

2011-03-06 09:49:27 399872 ----a-w- C:\Windows\System32\dpx.dll

2011-03-06 09:29:56 -------- d-----w- C:\Users\TILMAN~1\AppData\Local\{BCE1DA38-7A9D-4AA8-BEBF-197196D734FB}

2011-03-05 09:25:01 -------- d-----w- C:\Users\TILMAN~1\AppData\Local\{61FF3BC2-C1B8-45DC-8413-4B16AE02E4C7}

2011-03-01 00:47:27 -------- d-----w- C:\Program Files\Ventrilo

2011-03-01 00:47:02 -------- d-----w- C:\Program Files (x86)\Common Files\Wise Installation Wizard

2011-03-01 00:19:21 -------- d-----w- C:\Users\TILMAN~1\AppData\Local\{227C5280-E6DC-4B14-93EA-5C5E9EC6C039}

2011-03-01 00:19:20 -------- d-----w- C:\Users\TILMAN~1\AppData\Local\{46872397-E0D2-4CBD-ADA3-1EB885D04B23}

2011-02-28 18:55:00 -------- d-----w- C:\Users\TILMAN~1\AppData\Roaming\Raptr

2011-02-28 18:55:00 -------- d-----w- C:\Program Files (x86)\Raptr

2011-02-28 11:03:30 -------- d-----w- C:\Users\TILMAN~1\AppData\Local\{004B5545-A4BD-4B49-A85D-FEB3EBC15524}

2011-02-27 20:27:05 -------- d-----w- C:\Users\TILMAN~1\AppData\Local\{3F2B4AC1-EB26-4EA9-994D-95E4428C72C3}

2011-02-26 23:30:18 -------- d-----w- C:\Program Files (x86)\Western Digital Corporation

2011-02-26 20:26:31 -------- d-----w- C:\Users\TILMAN~1\AppData\Local\{38902CB2-2CED-4D6F-8F9F-F3BB133C0FF8}

2011-02-26 20:26:16 -------- d-----w- C:\Users\Tilmandra\Tracing

2011-02-26 20:09:22 -------- d-----w- C:\Windows\no

2011-02-26 20:09:01 -------- d-----w- C:\Windows\en

2011-02-26 20:08:28 -------- d-----w- C:\Program Files (x86)\Microsoft SQL Server Compact Edition

2011-02-26 20:06:28 -------- d-----w- C:\Windows\PCHEALTH

2011-02-26 20:02:47 94040 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\2223bdfb1cbd5f007\DSETUP.dll

2011-02-26 20:02:47 525656 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\2223bdfb1cbd5f007\DXSETUP.exe

2011-02-26 20:02:47 1691480 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\2223bdfb1cbd5f007\dsetup32.dll

2011-02-26 20:02:42 525656 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\1eb387d11cbd5f006\DXSETUP.exe

2011-02-26 20:02:42 1691480 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\1eb387d11cbd5f006\dsetup32.dll

2011-02-26 20:02:41 94040 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\1eb387d11cbd5f006\DSETUP.dll

2011-02-26 20:01:50 -------- d-----w- C:\Users\TILMAN~1\AppData\Local\Windows Live

2011-02-26 20:01:49 -------- d-----w- C:\Program Files (x86)\Common Files\Windows Live

2011-02-26 12:52:19 -------- d-----w- C:\PROGRA~3\Blizzard Entertainment

2011-02-26 11:30:59 469264 ----a-w- C:\Windows\System32\d3dx10.dll

2011-02-26 11:28:37 -------- d-----w- C:\Windows\SysWow64\directx

2011-02-26 11:27:37 -------- d-----w- C:\Users\TILMAN~1\AppData\Roaming\Rift

2011-02-26 11:25:49 -------- d-----w- C:\Windows\SysWow64\Wat

2011-02-26 11:25:49 -------- d-----w- C:\Windows\System32\Wat

2011-02-26 10:17:23 -------- d-----w- C:\Windows\Panther

2011-02-26 03:36:30 -------- d-----w- C:\Program Files (x86)\Conduit

2011-02-26 03:36:28 -------- d-----w- C:\Program Files (x86)\ConduitEngine

2011-02-26 03:36:26 -------- d-----w- C:\Program Files (x86)\uTorrentBar

2011-02-26 03:36:21 -------- d-----w- C:\Program Files (x86)\uTorrent

2011-02-26 03:35:51 -------- d-----w- C:\Users\TILMAN~1\AppData\Roaming\uTorrent

2011-02-26 03:34:55 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll

2011-02-26 03:34:55 472808 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll

2011-02-26 03:28:18 294912 ----a-w- C:\Windows\System32\browserchoice.exe

2011-02-26 02:36:28 -------- d-----w- C:\Program Files (x86)\GIGABYTE

2011-02-26 02:35:58 69714 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\ctor.dll

2011-02-26 02:35:58 63488 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\ISBEW64.exe

2011-02-26 02:35:58 5632 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\DotNetInstaller.exe

2011-02-26 02:35:58 274432 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iscript.dll

2011-02-26 02:35:58 25640 ----a-w- C:\Windows\gdrv.sys

2011-02-26 02:35:58 184320 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iuser.dll

2011-02-26 02:35:57 753664 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iKernel.dll

2011-02-26 02:35:57 331908 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\setup.dll

2011-02-26 02:35:57 200836 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iGdi.dll

2011-02-26 02:29:19 -------- d-----r- C:\Program Files (x86)\Skype

2011-02-26 02:20:08 -------- d-----w- C:\Users\TILMAN~1\AppData\Local\AMD

2011-02-26 02:20:03 -------- d-----w- C:\Users\TILMAN~1\AppData\Local\Mozilla

2011-02-26 02:19:55 -------- d-----w- C:\Users\TILMAN~1\AppData\Local\ATI

2011-02-26 02:17:39 0 ----a-w- C:\Windows\ativpsrm.bin

2011-02-26 02:15:08 -------- d-----w- C:\Program Files\Common Files\ATI Technologies

2011-02-26 02:15:08 -------- d-----w- C:\Program Files (x86)\Common Files\ATI Technologies

2011-02-26 02:15:05 -------- d-----w- C:\Program Files (x86)\ATI Stream

2011-02-26 02:15:03 -------- d-----w- C:\Program Files (x86)\ATI

2011-02-26 02:14:55 -------- d-----w- C:\PROGRA~3\AMD

2011-02-26 02:14:52 46136 ----a-w- C:\Windows\System32\drivers\amdiox64.sys

2011-02-26 02:14:22 -------- d-----w- C:\Program Files (x86)\ATI Technologies

2011-02-26 02:14:19 -------- d-sh--w- C:\Windows\Installer

2011-02-26 02:14:19 -------- d-----w- C:\Program Files\ATI

2011-02-26 02:13:48 -------- d-----w- C:\Program Files\ATI Technologies

2011-02-26 01:50:43 -------- d-sh--w- C:\Recovery

2011-02-26 01:36:42 7947600 ----a-w- C:\PROGRA~3\Microsoft\Windows Defender\Definition Updates\{1312F7F6-CA1B-45F2-A334-7F91AE68303A}\mpengine.dll

2011-02-26 01:36:40 270720 ------w- C:\Windows\System32\MpSigStub.exe

.

==================== Find3M ====================

.

2011-03-06 17:57:09 833024 ----a-w- C:\Windows\SysWow64\user32.dll

2011-03-06 17:57:09 1008640 ----a-w- C:\Windows\System32\user32.dll

2011-03-06 11:14:47 419840 ----a-w- C:\Windows\System32\systemcpl.dll

2011-03-06 11:14:47 13824 ----a-w- C:\Windows\SysWow64\slwga.dll

2011-03-06 10:04:27 175616 ----a-w- C:\Windows\System32\msclmd.dll

2011-03-06 10:04:27 152576 ----a-w- C:\Windows\SysWow64\msclmd.dll

2011-01-26 23:37:20 9085952 ----a-w- C:\Windows\System32\drivers\atikmdag.sys

2011-01-26 23:22:18 22295040 ----a-w- C:\Windows\System32\atio6axx.dll

2011-01-26 23:00:44 143360 ----a-w- C:\Windows\System32\atiapfxx.exe

2011-01-26 23:00:30 596480 ----a-w- C:\Windows\SysWow64\aticfx32.dll

2011-01-26 22:59:46 17204736 ----a-w- C:\Windows\SysWow64\atioglxx.dll

2011-01-26 22:59:10 708608 ----a-w- C:\Windows\System32\aticfx64.dll

2011-01-26 22:56:30 462848 ----a-w- C:\Windows\System32\ATIDEMGX.dll

2011-01-26 22:56:14 479232 ----a-w- C:\Windows\System32\atieclxx.exe

2011-01-26 22:55:36 203776 ----a-w- C:\Windows\System32\atiesrxx.exe

2011-01-26 22:54:20 120320 ----a-w- C:\Windows\System32\atitmm64.dll

2011-01-26 22:54:00 423424 ----a-w- C:\Windows\System32\atipdl64.dll

2011-01-26 22:53:54 356352 ----a-w- C:\Windows\SysWow64\atipdlxx.dll

2011-01-26 22:53:42 278528 ----a-w- C:\Windows\SysWow64\Oemdspif.dll

2011-01-26 22:53:36 16384 ----a-w- C:\Windows\System32\atimuixx.dll

2011-01-26 22:53:32 59392 ----a-w- C:\Windows\System32\atiedu64.dll

2011-01-26 22:53:26 43520 ----a-w- C:\Windows\SysWow64\ati2edxx.dll

2011-01-26 22:49:44 4105728 ----a-w- C:\Windows\SysWow64\atidxx32.dll

2011-01-26 22:40:02 4847616 ----a-w- C:\Windows\System32\atidxx64.dll

2011-01-26 22:32:46 1208320 ----a-w- C:\Windows\System32\atiumd6v.dll

2011-01-26 22:32:12 1912832 ----a-w- C:\Windows\SysWow64\atiumdmv.dll

2011-01-26 22:32:00 3222016 ----a-w- C:\Windows\System32\atiumd6a.dll

2011-01-26 22:28:52 4170752 ----a-w- C:\Windows\SysWow64\atiumdag.dll

2011-01-26 22:27:52 51200 ----a-w- C:\Windows\System32\aticalrt64.dll

2011-01-26 22:27:50 46080 ----a-w- C:\Windows\SysWow64\aticalrt.dll

2011-01-26 22:27:42 44544 ----a-w- C:\Windows\System32\aticalcl64.dll

2011-01-26 22:27:40 44032 ----a-w- C:\Windows\SysWow64\aticalcl.dll

2011-01-26 22:27:30 6982144 ----a-w- C:\Windows\System32\aticaldd64.dll

2011-01-26 22:25:50 5580800 ----a-w- C:\Windows\SysWow64\aticaldd.dll

2011-01-26 22:24:18 3463680 ----a-w- C:\Windows\SysWow64\atiumdva.dll

2011-01-26 22:21:58 5316096 ----a-w- C:\Windows\System32\atiumd64.dll

2011-01-26 22:20:46 58880 ----a-w- C:\Windows\System32\coinst.dll

2011-01-26 22:14:14 354304 ----a-w- C:\Windows\System32\atiadlxx.dll

2011-01-26 22:14:08 249856 ----a-w- C:\Windows\SysWow64\atiadlxy.dll

2011-01-26 22:13:56 14848 ----a-w- C:\Windows\System32\atig6pxx.dll

2011-01-26 22:13:52 12800 ----a-w- C:\Windows\SysWow64\atiglpxx.dll

2011-01-26 22:13:52 12800 ----a-w- C:\Windows\System32\atiglpxx.dll

2011-01-26 22:13:50 39936 ----a-w- C:\Windows\System32\atig6txx.dll

2011-01-26 22:13:42 32768 ----a-w- C:\Windows\SysWow64\atigktxx.dll

2011-01-26 22:13:32 299520 ----a-w- C:\Windows\System32\drivers\atikmpag.sys

2011-01-26 22:12:46 39936 ----a-w- C:\Windows\System32\atiuxp64.dll

2011-01-26 22:12:40 30720 ----a-w- C:\Windows\SysWow64\atiuxpag.dll

2011-01-26 22:12:32 38400 ----a-w- C:\Windows\System32\atiu9p64.dll

2011-01-26 22:12:24 28672 ----a-w- C:\Windows\SysWow64\atiu9pag.dll

2011-01-26 22:11:46 53248 ----a-w- C:\Windows\System32\drivers\ati2erec.dll

2011-01-26 22:08:46 53760 ----a-w- C:\Windows\System32\atimpc64.dll

2011-01-26 22:08:46 53760 ----a-w- C:\Windows\System32\amdpcom64.dll

2011-01-26 22:08:40 52736 ----a-w- C:\Windows\SysWow64\atimpc32.dll

2011-01-26 22:08:40 52736 ----a-w- C:\Windows\SysWow64\amdpcom32.dll

2011-01-07 12:14:11 46080 ----a-w- C:\Windows\System32\atmlib.dll

2011-01-07 09:51:01 1638912 ----a-w- C:\Windows\System32\mshtml.tlb

2011-01-07 09:20:44 366592 ----a-w- C:\Windows\System32\atmfd.dll

2011-01-07 07:45:57 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll

2011-01-07 06:01:22 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2011-01-07 05:43:36 294400 ----a-w- C:\Windows\SysWow64\atmfd.dll

2011-01-05 10:34:00 612864 ----a-w- C:\Windows\System32\vbscript.dll

2011-01-05 06:56:24 3129344 ----a-w- C:\Windows\System32\win32k.sys

2011-01-05 05:55:55 428032 ----a-w- C:\Windows\SysWow64\vbscript.dll

.

============= FINISH: 9:26:54,88 ===============

I cant post a GMER log because of the application freezing up on me (have made a seperate thread for that in the right section, waiting for answer on how to fix it).

Link to post
Share on other sites

  • Staff

Hi and welcome to Malwarebytes.

This doesn't really look like malware to me, but let's rule that out first.

Please update MBAM, run a Quick Scan, and post its log.

Next, please visit this webpage for instructions for running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

  • When the tool is finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt along with a new DDS log so we may continue cleaning the system.

-screen317

Link to post
Share on other sites

  • 1 month later...
  • Staff

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.