Jump to content

Malware will not go away!


Recommended Posts

1st run ---

Malwarebytes' Anti-Malware 1.51.0.1200

www.malwarebytes.org

Database version: 6887

Windows 6.1.7601 Service Pack 1

Internet Explorer 9.0.8112.16421

6/18/2011 1:43:31 PM

mbam-log-2011-06-18 (13-43-31).txt

Scan type: Full scan (C:\|E:\|)

Objects scanned: 567737

Time elapsed: 1 hour(s), 43 minute(s), 38 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 3

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

c:\Windows\System32\config\systemprofile\AppData\Roaming\microsoft\Windows\start menu\Programs\security shield.lnk (Rogue.SecurityShield) -> Quarantined and deleted successfully.

c:\Windows\Tasks\{22116563-108c-42c0-a7ce-60161b75e508}.job (Trojan.Downloader) -> Quarantined and deleted successfully.

c:\Windows\Tasks\{810401e2-dde0-454e-b0e2-aa89c9e5967c}.job (Trojan.FraudPack) -> Quarantined and deleted successfully.

=================================================================================================================================================

2nd run ----

Malwarebytes' Anti-Malware 1.51.0.1200

www.malwarebytes.org

Database version: 6705

Windows 6.1.7601 Service Pack 1 (Safe Mode)

Internet Explorer 9.0.8112.16421

6/18/2011 3:34:07 PM

mbam-log-2011-06-18 (15-34-06).txt

Scan type: Full scan (C:\|E:\|)

Objects scanned: 564312

Time elapsed: 47 minute(s), 35 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 2

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

c:\Windows\Tasks\{22116563-108c-42c0-a7ce-60161b75e508}.job (Trojan.Downloader) -> Quarantined and deleted successfully.

c:\Windows\Tasks\{810401e2-dde0-454e-b0e2-aa89c9e5967c}.job (Trojan.FraudPack) -> Quarantined and deleted successfully.

==========================================================================================================================================

3rd run ---

Malwarebytes' Anti-Malware 1.51.0.1200

www.malwarebytes.org

Database version: 6889

Windows 6.1.7601 Service Pack 1

Internet Explorer 9.0.8112.16421

6/18/2011 3:53:21 PM

mbam-log-2011-06-18 (15-53-21).txt

Scan type: Quick scan

Objects scanned: 196027

Time elapsed: 11 minute(s), 28 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

==============================================================================================================================================

.

DDS (Ver_2011-06-12.02) - NTFSx86

Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_26

Run by Andy at 15:55:04 on 2011-06-18

Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.3326.1440 [GMT -5:00]

.

AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}

SP: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\PROGRA~1\AVG\AVG10\avgchsvx.exe

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\nvvsvc.exe

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\nvvsvc.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\AVG\AVG10\avgwdsvc.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe

C:\Program Files\AVG\AVG10\avgnsx.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\WUDFHost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe

C:\Windows\System32\spool\drivers\w32x86\3\EKIJ5000MUI.exe

C:\Program Files\AVG\AVG10\avgtray.exe

C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

C:\Program Files\Microsoft IntelliPoint\ipoint.exe

C:\Program Files\DivX\DivX Update\DivXUpdate.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Google\Gmail Notifier\gnotify.exe

C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\Skype\Phone\Skype.exe

C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Users\Andy\AppData\Local\Google\Update\1.3.21.57\GoogleCrashHandler.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Windows\system32\DllHost.exe

C:\Program Files\CleanMyPC\Registry Cleaner\RCHelper.exe

C:\PROGRA~1\AVG\AVG10\avgrsx.exe

C:\Program Files\AVG\AVG10\avgcsrvx.exe

C:\Windows\system32\svchost.exe -k SDRSVC

C:\Program Files\AVG\AVG10\avgsrmax.exe

C:\Users\Andy\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Andy\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Andy\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Andy\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Andy\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Andy\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Andy\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Andy\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Andy\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Andy\AppData\Local\Google\Chrome\Application\chrome.exe

E:\Downloads\Defogger.exe

C:\Windows\system32\conhost.exe

C:\Windows\system32\taskeng.exe

E:\Downloads\t7m9q3ys.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\conhost.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uSearch Page = hxxp://www.google.com

uSearch Bar = hxxp://www.google.com/ie

uDefault_Search_URL = hxxp://www.google.com/ie

uInternet Settings,ProxyOverride = *.local

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

BHO: vShare Plugin: {043c5167-00bb-4324-af7e-62013faedacf} - c:\program files\vshare\vshare_toolbar.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex

\AcroIEHelperShim.dll

BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - c:\program files\divx\divx plus web

player\npdivx32.dll

BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg10\avgssie.dll

BHO: DivX HiQ: {593ddec6-7468-4cdd-90e1-42dadaa222e9} - c:\program files\divx\divx plus web player\npdivx32.dll

BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~3\office14\GROOVEEX.DLL

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft

shared\windows live\WindowsLiveLogin.dll

BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~3\office14\URLREDIR.DLL

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

TB: vShare Plugin: {043c5167-00bb-4324-af7e-62013faedacf} - c:\program files\vshare\vshare_toolbar.dll

uRun: [Registry Cleaner Scheduler] "c:\program files\cleanmypc\registry cleaner\RCHelper.exe" /startup

uRun: [Google Update] "c:\users\andy\appdata\local\google\update\GoogleUpdate.exe" /c

uRun: [skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized

mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe -s

mRun: [AdobeCS4ServiceManager] "c:\program files\common files\adobe\cs4servicemanager\CS4ServiceManager.exe" -

launchedbylogin

mRun: [EKIJ5000StatusMonitor] c:\windows\system32\spool\drivers\w32x86\3\EKIJ5000MUI.exe

mRun: [bCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServices

mRun: [AVG_TRAY] c:\program files\avg\avg10\avgtray.exe

mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime

mRun: [iSUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start

mRun: [intelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"

mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRun: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] c:\program files\google\gmail notifier\gnotify.exe

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

StartupFolder: c:\users\andy\appdata\roaming\micros~1\windows\startm~1\programs\startup\pictur~1.lnk - c:\program files

\sony\sony picture utility\volumewatcher\SPUVolumeWatcher.exe

mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableLUA = 0 (0x0)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

mPolicies-system: PromptOnSecureDesktop = 0 (0x0)

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - c:\progra~1\micros~3\office14\ONBttnIE.dll/105

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office

\office14\ONBttnIE.dll

IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office

\office14\ONBttnIELinkedNotes.dll

Trusted Zone: clonewarsadventures.com

Trusted Zone: freerealms.com

Trusted Zone: soe.com

Trusted Zone: sony.com

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -

TCP: DhcpNameServer = 156.154.70.11 156.154.71.11

TCP: Interfaces\{6AD0FF56-1229-4D05-B733-68116346B1C1} : DhcpNameServer = 156.154.70.11 156.154.71.11

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared

\office14\MSOXMLMF.DLL

Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg10\avgpp.dll

Handler: vsharechrome - {3F3A4B8A-86FC-43A4-BB00-6D7EBE9D4484} - c:\program files\vshare\vshare_toolbar.dll

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery

\AlbumDownloadProtocolHandler.dll

SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~3\office14\GROOVEEX.DLL

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\users\andy\appdata\roaming\mozilla\firefox\profiles\gboedavr.default\

FF - prefs.js: network.proxy.type - 0

FF - component: c:\program files\avg\avg10\firefox4\components\avgssff4.dll

FF - plugin: c:\progra~1\micros~3\office14\NPAUTHZ.DLL

FF - plugin: c:\progra~1\micros~3\office14\NPSPWRAP.DLL

FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll

FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll

FF - plugin: c:\program files\google\picasa3\npPicasa3.dll

FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\microsoft\office live\npOLW.dll

FF - plugin: c:\program files\screen sharing plug-in\npcnwplugin.dll

FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll

FF - plugin: c:\users\andy\appdata\local\google\update\1.3.21.57\npGoogleUpdate3.dll

FF - plugin: c:\users\andy\appdata\roaming\mozilla\plugins\npgoogletalk.dll

FF - plugin: c:\users\andy\appdata\roaming\mozilla\plugins\npgtpo3dautoplugin.dll

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-

4474-a285-3208198ce6fd}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-

0016-0000-0023-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-

0016-0000-0024-ABCDEFFEDCBA}

FF - Ext: z: {d94af2cb-1ce9-61e1-ff1c-3d564a6523de} - c:\program files\mozilla firefox\extensions\{d94af2cb-1ce9-61e1-

ff1c-3d564a6523de}

FF - Ext: AVG Safe Search: {1E73965B-8B48-48be-9C8D-68B920ABC1C4} - c:\program files\avg\avg10\Firefox4

FF - Ext: DivX Plus Web Player HTML5 <video>: {23fcfd51-4958-4f00-80a3-ae97e717ed8b} - c:\program files\divx\divx

plus web player\firefox\html5video

FF - Ext: DivX HiQ: {6904342A-8307-11DF-A508-4AE2DFD72085} - c:\program files\divx\divx plus web player\firefox\wpa

.

============= SERVICES / DRIVERS ===============

.

R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2011-2-22 22992]

R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2011-3-16 32592]

R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2011-1-7 248656]

R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-3-1 34896]

R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2011-4-5 297168]

R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2011-6-6 64952]

R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg10\identity protection\agent\bin\AVGIDSAgent.exe [2011-4-18 7398752]

R2 avgwd;AVG WatchDog;c:\program files\avg\avg10\avgwdsvc.exe [2011-2-8 269520]

R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2011-4-14 134480]

R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2011-2-10 24144]

R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2011-2-10 21968]

R3 rt61x86;Wireless-G PCI Adapter with RangeBooster for Windows Vista;c:\windows\system32\drivers\WMP54GRx86.sys [2007-3-

12 286208]

R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\drivers\yk62x86.sys [2009-9-

28 315392]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework

\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]

S3 HitmanPro35Crusader;Hitman Pro 3.5 Crusader;"e:\downloads\hitman pro v3.5.5 build 98 (32-bit) + crack [rh]\hitman pro

v3.5.5 build 98 (32-bit)\hitmanpro35.exe" /crusader --> e:\downloads\hitman pro v3.5.5 build 98 (32-bit) + crack

[rh]\hitman pro v3.5.5 build 98 (32-bit)\HitmanPro35.exe [?]

S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\microsoft

office\office14\GROOVE.EXE [2010-1-21 30963576]

S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared

\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]

S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2011-5-8 15872]

S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-5-8 52224]

.

=============== Created Last 30 ================

.

2011-06-18 19:23:43 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-06-18 19:23:39 22712 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-06-18 16:42:21 -------- d-----w- c:\users\andy\appdata\roaming\Malwarebytes

2011-06-18 16:42:16 -------- d-----w- c:\programdata\Malwarebytes

2011-06-18 16:42:13 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-06-18 04:34:02 15944 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys

2011-06-18 04:31:19 -------- d-----w- c:\programdata\Hitman Pro

2011-06-17 14:44:06 729950 ----a-w- c:\windows\unins000.exe

2011-06-17 14:44:06 61440 ----a-w- c:\windows\system32\easyDeskShare.ax

2011-06-17 14:44:06 414720 ----a-w- c:\windows\Deskshare.exe

2011-06-17 05:21:49 -------- d-----w- c:\users\andy\appdata\roaming\TalkFusion.FusionBooster

2011-06-17 05:20:26 -------- d-----w- c:\program files\FusionBooster 2.0

2011-06-16 22:03:56 -------- d-----r- c:\program files\Skype

2011-06-16 21:54:48 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-06-16 09:59:51 311808 ----a-w- c:\windows\system32\drivers\srv.sys

2011-06-16 09:59:51 310272 ----a-w- c:\windows\system32\drivers\srv2.sys

2011-06-16 09:59:51 114688 ----a-w- c:\windows\system32\drivers\srvnet.sys

2011-06-16 09:59:50 571904 ----a-w- c:\windows\system32\oleaut32.dll

2011-06-16 09:59:50 338944 ----a-w- c:\windows\system32\drivers\afd.sys

2011-06-16 09:59:50 1290624 ----a-w- c:\windows\system32\drivers\tcpip.sys

2011-06-16 09:59:49 741376 ----a-w- c:\windows\system32\inetcomm.dll

2011-06-16 09:59:42 96768 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys

2011-06-16 09:59:42 223744 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys

2011-06-16 09:59:42 123904 ----a-w- c:\windows\system32\drivers\mrxsmb.sys

2011-06-12 15:47:28 -------- d-----w- c:\program files\iPod

2011-06-12 15:47:27 -------- d-----w- c:\program files\iTunes

2011-06-06 17:55:30 183696 ----a-w- c:\program files\mozilla firefox\plugins\nppdf32.dll

2011-06-06 17:55:30 183696 ----a-w- c:\program files\internet explorer\plugins\nppdf32.dll

2011-05-31 06:26:12 -------- d-----w- c:\windows\7104189AC5924A56AC9E7C0CA135DA3C.TMP

2011-05-30 20:19:18 -------- d-----w- C:\Games

2011-05-28 21:04:37 -------- d-----w- c:\users\andy\appdata\local\DDMSettings

2011-05-25 00:15:05 27008 ----a-w- c:\windows\system32\drivers\Diskdump.sys

.

==================== Find3M ====================

.

2011-05-31 18:23:42 4608 ----a-w- c:\windows\system32\w95inf32.dll

2011-05-31 18:23:42 2272 ----a-w- c:\windows\system32\w95inf16.dll

2011-05-10 13:06:08 4517664 ----a-w- c:\windows\system32\usbaaplrc.dll

2011-05-10 13:06:08 42496 ----a-w- c:\windows\system32\drivers\usbaapl.sys

2011-05-09 04:54:08 152576 ----a-w- c:\windows\system32\msclmd.dll

2011-05-04 09:52:22 472808 ----a-w- c:\windows\system32\deployJava1.dll

2011-05-04 03:55:29 0 ----a-w- c:\windows\system32\fa43a064.exe

2011-04-19 20:14:11 21840 ----a-w- c:\windows\system32\SIntfNT.dll

2011-04-19 20:14:11 17212 ----a-w- c:\windows\system32\SIntf32.dll

2011-04-19 20:14:11 12067 ----a-w- c:\windows\system32\SIntf16.dll

2011-04-19 20:06:09 94208 ----a-w- c:\windows\DIIUnin.exe

2011-04-19 20:06:09 2829 ----a-w- c:\windows\DIIUnin.pif

2011-04-15 02:28:30 134480 ----a-w- c:\windows\system32\drivers\AVGIDSDriver.sys

2011-04-13 22:40:10 4284416 ----a-w- c:\windows\system32\GPhotos.scr

2011-04-13 20:02:36 40984 ----a-w- c:\windows\system32\drivers\point32.sys

2011-04-09 23:55:44 15453336 ----a-w- c:\windows\system32\xlive.dll

2011-04-09 23:55:42 13642904 ----a-w- c:\windows\system32\xlivefnt.dll

2011-04-09 06:02:25 3967872 ----a-w- c:\windows\system32\ntkrnlpa.exe

2011-04-09 06:02:25 3912576 ----a-w- c:\windows\system32\ntoskrnl.exe

2011-04-09 05:56:38 123904 ----a-w- c:\windows\system32\poqexec.exe

2011-04-09 04:02:04 390656 ----a-w- c:\windows\system32\ipcoin815.dll

2011-04-09 04:01:54 40448 ----a-w- c:\windows\system32\drivers\dc3d.sys

2011-04-06 21:20:16 91424 ----a-w- c:\windows\system32\dnssd.dll

2011-04-06 21:20:16 107808 ----a-w- c:\windows\system32\dns-sd.exe

2011-04-05 05:59:56 297168 ----a-w- c:\windows\system32\drivers\avgtdix.sys

2011-03-25 02:58:37 258560 ----a-w- c:\windows\system32\drivers\usbhub.sys

2011-03-25 02:58:07 284672 ----a-w- c:\windows\system32\drivers\usbport.sys

2011-03-25 02:58:06 75776 ----a-w- c:\windows\system32\drivers\usbccgp.sys

2011-03-25 02:57:58 43008 ----a-w- c:\windows\system32\drivers\usbehci.sys

2011-03-25 02:57:56 24064 ----a-w- c:\windows\system32\drivers\usbuhci.sys

2011-03-25 02:57:53 5888 ----a-w- c:\windows\system32\drivers\usbd.sys

.

============= FINISH: 15:57:25.54 ===============

ark.zip

Link to post
Share on other sites

Hello and :welcome:

It looks like you might have a rootkit infection there. Lets verify that first.

Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!

  • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • If TDSSKiller does not run, try renaming it.
  • To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
  • Click the Start Scan button.
  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
  • A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.

Link to post
Share on other sites

  • 2 weeks later...
  • Staff

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.