Jump to content

Recommended Posts

At boot time, UAC found dialup.exe and data.txt in users\me\appdata\local\temp. After I denied it permission, Panda Cloud neutrilizes passwordfox.exe from the same directory. iepv.txt has my email username and password. This is from the mbam protection log:

21:45:30 c DETECTION C:\Users\c\AppData\Local\Temp\dialup.exe Hacktool.Dialupass QUARANTINE

21:45:34 c DETECTION C:\USERS\C\APPDATA\LOCAL\TEMP\DIALUP.EXE Hacktool.Dialupass DENY

I deleted all files in the temp folder. The longalphanumericstring.tmp files and the WPDNSE folder had to be deleted in safe mode. When I reboot, the files are back. I know ChromePass, iepv and mspass are Nirsoft files but why are they being replaced after deletion? I changed my email password (on another machine) but I havent logged into it from this machine since. I use VPNs and RDP for work, I dont know if I should be concerned about those either.

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 8:13:08 PM, on 5/15/2011

Platform: Windows 7 SP1 (WinNT 6.00.3505)

MSIE: Internet Explorer v8.00 (8.00.7601.17514)

Boot mode: Normal

Running processes:

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Program Files\TeamViewer\Version6\TeamViewer.exe

C:\Windows\Explorer.EXE

C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

C:\Program Files\Google\Gmail Notifier\gnotify.exe

C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUNMain.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files\Internet Download Manager\IDMan.exe

C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

C:\Program Files\MozyHome\mozystat.exe

C:\Program Files\UltraMon\UltraMon.exe

C:\Program Files\UltraMon\UltraMonTaskbar.exe

C:\Windows\system32\wuauclt.exe

C:\Program Files\UltraMon\UltraMonUiAcc.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Mozilla Firefox\plugin-container.exe

C:\Program Files\Adobe\Adobe Photoshop CS5\Photoshop.exe

C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\taskmgr.exe

C:\Windows\system32\taskhost.exe

C:\Users\b\Desktop\ALL\DOWNLOAD\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX

\AcroIEFavClient.dll

O2 - BHO: Java

Link to post
Share on other sites

  • Staff

Hi,

Hi and welcome to Malwarebytes.

Please update MBAM, run a Quick Scan, and post its log.

Next, download DDS by sUBs and save it to your Desktop.

Double-click on the DDS icon and let the scan run. When it has run two logs will be produced, please post only DDS.txt directly into your reply.

Link to post
Share on other sites

I think Im good, but you guys are the experts.

DDS (Ver_11-03-05.01) - NTFSx86

Run by b at 19:45:16.20 on Thu 05/26/2011

Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 1.6.0_20

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.2558.1724 [GMT -4:00]

.

AV: Panda Cloud Antivirus *Enabled/Updated* {86971480-9989-6750-B122-681A86518D59}

SP: Panda Cloud Antivirus *Enabled/Updated* {3DF6F564-BFB3-68DE-8B92-5368FDD6C7E4}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe

C:\Program Files\LogMeIn\x86\RaMaint.exe

C:\Program Files\LogMeIn\x86\LogMeIn.exe

C:\Program Files\Panda Security\Panda Cloud Antivirus\PSANHost.exe

C:\Windows\System32\svchost.exe -k HPZ12

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Program Files\TeamViewer\Version6\TeamViewer.exe

C:\Windows\Explorer.EXE

C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

C:\Program Files\Google\Gmail Notifier\gnotify.exe

C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUNMain.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

C:\Program Files\MozyHome\mozystat.exe

C:\Program Files\UltraMon\UltraMon.exe

C:\Program Files\UltraMon\UltraMonTaskbar.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Windows\system32\taskmgr.exe

C:\Program Files\UltraMon\UltraMonUiAcc.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files\MozyHome\mozybackup.exe

C:\Windows\system32\svchost.exe -k WindowsMobile

C:\Windows\System32\svchost.exe -k secsvcs

C:\Program Files\MozyHome\mozybackup.exe

C:\Windows\system32\wuauclt.exe

C:\Windows\system32\AUDIODG.EXE

C:\Users\b\Desktop\infection\dds.scr

C:\Windows\system32\conhost.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = www.google.com

uInternet Settings,ProxyServer = http=

BHO: IDMIEHlprObj Class: {0055c089-8582-441b-a0bf-17b458c2a3a8} - c:\program files\internet download manager\IDMIECC.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll

TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll

uRun: [AdobeBridge]

uRun: [sUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe

mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup

mRun: [<NO NAME>]

mRun: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] c:\program files\google\gmail notifier\gnotify.exe

mRun: [PSUNMain] "c:\program files\panda security\panda cloud antivirus\PSUNMain.exe" /Traybar

mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray

mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\mozyho~1.lnk - c:\program files\mozyhome\mozystat.exe

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\ultramon.lnk - c:\windows\installer\{b49673f8-7ab6-4a14-8213-

c8a7be370010}\IcoUltraMon.ico

uPolicies-explorer: MaxRecentDocs = 32 (0x20)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html

IE: Download all links with IDM - c:\program files\internet download manager\IEGetAll.htm

IE: Download FLV video content with IDM - c:\program files\internet download manager\IEGetVL.htm

IE: Download with IDM - c:\program files\internet download manager\IEExt.htm

IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000

IE: Se&nd to OneNote - c:\progra~1\micros~3\office14\ONBttnIE.dll/105

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll

IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll

IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://ciscosupport.webex.com/client/T27L10NSP11EP19/support/ieatgpc1.cab

Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll

AppInit_DLLs: c:\progra~1\google\google~1\GO36F4~1.DLL acaptuser32.dll

SSODL: GrooveChat - {196a8ddc-07c7-4ecf-a81a-8cb52f4a7d2a} - c:\program files\common files\commonlayoutmodifier\CommonLayoutModifier.dll

SSODL: CommonLayoutModifier - {196a8ddc-07c7-4ecf-a81a-8cb52f4a7d2a} - c:\program files\common files\commonlayoutmodifier\CommonLayoutModifier.dll

SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

mASetup: {481975DE-442F-492E-BC22-696F699A804D} - reg add "HKCU\Software\Microsoft\Terminal Server Client\Default\AddIns\ThinPrint" /v Name /t reg_sz /d "c:

\windows\system32\TPClnRDP.dll" /f

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\users\b\appdata\roaming\mozilla\firefox\profiles\co6in0d7.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/

FF - component: c:\users\b\appdata\roaming\mozilla\firefox\profiles\co6in0d7.default\extensions\mozilla_cc@internetdownloadmanager.com\components\idmmzcc.dll

FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\users\b\appdata\roaming\mozilla\firefox\profiles\co6in0d7.default\extensions\{e2883e8f-472f-4fb0-9522-ac9bf37916a7}\plugins\np_gp.dll

FF - plugin: c:\users\b\appdata\roaming\mozilla\firefox\profiles\co6in0d7.default\extensions\logmeinclient@logmein.com\plugins\npRACtrl.dll

FF - plugin: c:\users\b\appdata\roaming\mozilla\plugins\npatgpc.dll

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}

FF - Ext: New Tab Homepage: {66E978CD-981F-47DF-AC42-E3CF417C1467} - %profile%\extensions\{66E978CD-981F-47DF-AC42-E3CF417C1467}

FF - Ext: dragdropupload: {CB56AAF9-68C8-41bd-8E5C-7B53232CF7B9} - %profile%\extensions\{CB56AAF9-68C8-41bd-8E5C-7B53232CF7B9}

FF - Ext: WebMail Notifier: {37fa1426-b82d-11db-8314-0800200c9a66} - %profile%\extensions\{37fa1426-b82d-11db-8314-0800200c9a66}

FF - Ext: Webmail Ad Blocker: gmailnoads@mywebber.com - %profile%\extensions\gmailnoads@mywebber.com

FF - Ext: Stylish: {46551EC9-40F0-4e47-8E18-8E5CF550CFB8} - %profile%\extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8}

FF - Ext: Download Statusbar: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389} - %profile%\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}

FF - Ext: Greasemonkey: {e4a8a97b-f2ed-450b-b12d-ee082ba24781} - %profile%\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}

FF - Ext: Flagfox: {1018e4d6-728f-4b20-ad56-37578a4de76b} - %profile%\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}

FF - Ext: ReloadEvery: {888d99e7-e8b5-46a3-851e-1ec45da1e644} - %profile%\extensions\{888d99e7-e8b5-46a3-851e-1ec45da1e644}

FF - Ext: LogMeIn, Inc. Remote Access Plugin: LogMeInClient@logmein.com - %profile%\extensions\LogMeInClient@logmein.com

FF - Ext: Adobe DLM (powered by getPlus®): {E2883E8F-472F-4fb0-9522-AC9BF37916A7} - %profile%\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}

FF - Ext: Check4Change: check4change-owner@mozdev.org - %profile%\extensions\check4change-owner@mozdev.org

FF - Ext: SortPlaces: sortplaces@andyhalford.com - %profile%\extensions\sortplaces@andyhalford.com

FF - Ext: MeasureIt: {75CEEE46-9B64-46f8-94BF-54012DE155F0} - %profile%\extensions\{75CEEE46-9B64-46f8-94BF-54012DE155F0}

FF - Ext: Open With Photoshop: {f3f219f9-cbce-467e-b8fe-6e076d29665c} - %profile%\extensions\{f3f219f9-cbce-467e-b8fe-6e076d29665c}

FF - Ext: IDM CC: mozilla_cc@internetdownloadmanager.com - %profile%\extensions\mozilla_cc@internetdownloadmanager.com

FF - Ext: IDM CC: mozilla_cc@internetdownloadmanager.com - c:\users\b\appdata\roaming\idm\idmmzcc3

.

============= SERVICES / DRIVERS ===============

.

R1 PSINKNC;PSINKNC;c:\windows\system32\drivers\PSINKNC.sys [2010-12-16 126536]

R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]

R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]

R2 IDMWFP;IDMWFP;c:\windows\system32\drivers\idmwfp.sys [2010-11-13 83184]

R2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\logmein\x86\LMIGuardianSvc.exe [2011-3-1 374152]

R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\logmein\x86\rainfo.sys [2010-9-17 12856]

R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2011-5-23 47640]

R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2010-12-27 363344]

R2 NanoServiceMain;Panda Cloud Antivirus Service;c:\program files\panda security\panda cloud antivirus\PSANHost.exe [2010-12-16 140608]

R2 PSINAflt;PSINAflt;c:\windows\system32\drivers\PSINAflt.sys [2010-12-16 141384]

R2 PSINFile;PSINFile;c:\windows\system32\drivers\PSINFile.sys [2010-12-16 99400]

R2 PSINProc;PSINProc;c:\windows\system32\drivers\PSINProc.sys [2010-12-16 111176]

R2 PSINProt;PSINProt;c:\windows\system32\drivers\PSINProt.sys [2010-12-16 113736]

R2 TeamViewer6;TeamViewer 6;c:\program files\teamviewer\version6\TeamViewer_Service.exe [2011-1-27 2253688]

R2 UltraMonUtility;UltraMon Utility Driver;c:\program files\common files\realtime soft\ultramonmirrordrv\x32\UltraMonUtility.sys [2008-11-14 17184]

R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-12-16 20952]

S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\google\google desktop search\GoogleDesktop.exe [2010-7-10 30192]

S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [2011-3-16 27192]

S3 SwitchBoard;Adobe SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]

S3 teamviewervpn;TeamViewer VPN Adapter;c:\windows\system32\drivers\teamviewervpn.sys [2010-3-11 25088]

S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-2-26 52224]

S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2011-4-1 1343400]

.

=============== Created Last 30 ================

.

2011-05-24 16:23:10 11 ----a-w- c:\progra~2\userlib.dll

2011-05-24 16:22:34 -------- d-----w- c:\program files\PaulMarv Software

2011-05-23 20:43:58 -------- d-----w- c:\users\b\appdata\local\LogMeIn

2011-05-23 20:43:49 53632 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\LMIproc.dll

2011-05-23 20:43:49 29568 ----a-w- c:\windows\system32\LMIport.dll

2011-05-23 20:43:48 83360 ----a-w- c:\windows\system32\LMIRfsClientNP.dll

2011-05-23 20:43:48 47640 ----a-w- c:\windows\system32\drivers\LMIRfsDriver.sys

2011-05-23 20:43:44 87424 ----a-w- c:\windows\system32\LMIinit.dll

2011-05-23 20:43:35 -------- d-----w- c:\progra~2\LogMeIn

2011-05-23 20:43:21 -------- d-----w- c:\program files\LogMeIn

2011-05-23 14:41:04 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-05-22 19:52:44 6962000 ----a-w- c:\progra~2\microsoft\windows defender\definition updates\{37890045-4d07-4166-9b95-3894eae99a61}\mpengine.dll

2011-05-18 15:31:01 3967872 ----a-w- c:\windows\system32\ntkrnlpa.exe

2011-05-18 15:31:01 3912576 ----a-w- c:\windows\system32\ntoskrnl.exe

2011-05-18 15:30:58 123904 ----a-w- c:\windows\system32\poqexec.exe

2011-05-07 06:43:55 -------- d-----w- c:\progra~2\SUPERAntiSpyware.com

2011-05-07 06:43:41 -------- d-----w- c:\program files\SUPERAntiSpyware

2011-05-07 06:07:17 -------- d-----w- c:\users\b\appdata\local\Orzeszek

2011-05-07 03:05:26 -------- d-----w- c:\program files\FreeCountdownTimer

2011-05-01 05:57:11 -------- d-----w- c:\users\b\appdata\roaming\GRLevel3

2011-05-01 05:56:52 -------- d-----w- c:\program files\GRLevelX

.

==================== Find3M ====================

.

2011-04-01 08:47:01 409088 ----a-w- c:\windows\system32\systemcpl.dll

2011-04-01 08:47:01 13824 ----a-w- c:\windows\system32\slwga.dll

2011-04-01 08:46:58 811520 ----a-w- c:\windows\system32\user32.dll

2011-03-11 05:33:59 1164288 ----a-w- c:\windows\system32\mfc42u.dll

2011-03-11 05:33:59 1137664 ----a-w- c:\windows\system32\mfc42.dll

2011-03-08 05:28:29 741376 ----a-w- c:\windows\system32\inetcomm.dll

2011-03-07 05:33:13 981504 ----a-w- c:\windows\system32\wininet.dll

2011-03-07 03:52:25 1638912 ----a-w- c:\windows\system32\mshtml.tlb

2011-03-03 05:38:01 132608 ----a-w- c:\windows\system32\dnsrslvr.dll

2011-03-03 05:36:16 28672 ----a-w- c:\windows\system32\dnscacheugc.exe

2011-03-03 03:42:34 2333184 ----a-w- c:\windows\system32\win32k.sys

2011-02-27 00:43:21 152576 ----a-w- c:\windows\system32\msclmd.dll

2010-10-01 06:27:25 2048 --sha-w- c:\windows\actofvl\clip.exe

.

============= FINISH: 19:46:09.80 ===============

Link to post
Share on other sites

  • Staff

Great!

I highly recommend the PRO version of MBAM to prevent future issues.

Now that your computer seems to be in proper working order, please take the following steps to help prevent infection:

1) Download and install Javacool's SpywareBlaster, which will prevent malware from being installed on your computer. A tutorial on it can be found here.

2) Go to Windows Update frequently to get all of the latest updates (security or otherwise) for Windows.

3) Make sure your programs are up to date! Older versions may contain security risks. To find out what programs need to be updated, please run Secunia's Software Inspector.

4) WOT, Web of Trust, warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:

  • Green to go
  • Yellow for caution
  • Red to stop

WOT has an addon available for both Firefox and IE.

5) Be sure to update your Antivirus and Antispyware programs often!

Finally, please also take the time to read Tony Klein's excellent article on: So How Did I Get Infected in the First Place?

Safe surfing,

-screen317

Link to post
Share on other sites

  • Staff

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.