Jump to content

Please Help Malware Bytes wont run Browser Hijack: Gomeo?


Recommended Posts

Hi all.

I have been reading some of the excellent help people have been giving on the forums here. Thank you to those who volunteer their time to do this.

The reason ive been reading these forums is because i think i have a similair problem to some others where in the malware on my Win7 PC is preventing me from running any anti malware/anti viral software.

Most other Programs on Pc seem to be working fine (woth a couple exceptions).

By the way i recently upgraded to windows 7 ultimate about a week ago from vista (upgrade, not clean install) didnt really notice these problems till then.

If someone were able to help i would be most appreciative as much of the processes involved are well over my head. Thanks in advance!

---------------------------

1. downloaded malwarebytes and installed to desktop. Attempted quick scan but upon start of scan crashed to desktop; no Log received.

2. downloaded, installed and updated avira anit virus. Avira is installed but when i mouse over icon in systray it tells me "Free Anti virus guars -stopped". Am unable to start scan. ; no log

3. I ran Defogger and Didnt have Error msg but i dont know if it worked so am posting defogger_disable here:

---------------------------------------

defogger_disable by jpshortstuff (23.02.10.1)

Log created at 10:19 on 12/07/2011 (Joshua)

Checking for autostart values...

HKCU\~\Run values retrieved.

HKLM\~\Run values retrieved.

Checking for services/drivers...

-=E.O.F=-

----------------------------

4. ran DDS:-

.

DDS (Ver_2011-06-23.01) - NTFSx86

Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 1.6.0_26

Run by Joshua at 10:23:07 on 2011-07-12

Microsoft Windows 7 Ultimate 6.1.7601.1.1252.61.1033.18.3071.2062 [GMT 10:00]

.

AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

"\\.\globalroot\Device\svchost.exe\svchost.exe"

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\nvvsvc.exe

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe

C:\Windows\system32\nvvsvc.exe

C:\Windows\System32\spoolsv.exe

C:\Program Files\Avira\AntiVir Desktop\sched.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe

C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe

C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

C:\Program Files\NVIDIA Corporation\Display\nvtray.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe

C:\Program Files\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Windows\system32\rundll32.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Windows\servicing\TrustedInstaller.exe

C:\Windows\system32\SearchIndexer.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\WUDFHost.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Windows\system32\wuauclt.exe

C:\Windows\system32\notepad.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\NOTEPAD.EXE

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\conhost.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uSearch Bar = Preserve

uSearch Page = hxxp://www.google.com

uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2644243

uInternet Settings,ProxyOverride = *.local

mURLSearchHooks: Oryte Games 1.15 Toolbar: {d2f11d8b-3eb5-4b42-9511-370dbec707fb} - c:\program files\oryte_games_1.15\prxtbOry0.dll

mWinlogon: USERINIT=c:\windows\system32\userinit.exe

BHO: AutorunsDisabled - No File

BHO: ALOT Toolbar Helper: {14ceeaff-96dd-4101-ae37-d5ecdc23c3f6} - c:\program files\alot\bin\bho\alotBHO.dll

BHO: PriceGongBHO Class: {1631550f-191d-4826-b069-d9439253d926} - c:\program files\pricegong\2.1.0\PriceGongIE.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\programdata\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll

BHO: Conduit Engine : {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\prxConduitEngine.dll

BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.6406.1642\swg.dll

BHO: Oryte Games 1.15 Toolbar: {d2f11d8b-3eb5-4b42-9511-370dbec707fb} - c:\program files\oryte_games_1.15\prxtbOry0.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll

TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll

TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

TB: ALOT Toolbar: {5aa2ba46-9913-4dc7-9620-69ab0fa17ae7} - c:\program files\alot\bin\alot.dll

TB: Oryte Games 1.15 Toolbar: {d2f11d8b-3eb5-4b42-9511-370dbec707fb} - c:\program files\oryte_games_1.15\prxtbOry0.dll

TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File

TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File

uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe

uRun: [skype] "c:\users\joshua\appdata\roaming\skype\phone\Skype.exe" /nosplash /minimized

uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe

uRun: [Xvid] c:\program files\xvid\CheckUpdate.exe

uRun: [sUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe

mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"

mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe

mRun: [Monitor] "c:\program files\leapfrog\leapfrog connect\Monitor.exe"

mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot

mRun: [VirtualCloneDrive] "c:\program files\elaborate bytes\virtualclonedrive\VCDDaemon.exe" /s

mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe"

mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min

mRunOnce: [Malwarebytes' Anti-Malware] c:\users\zzzzzzzz\mbamgui.exe /install /silent

mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableLUA = 0 (0x0)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mif5ba~1\office12\REFIEBAR.DLL

LSP: mswsock.dll

DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} - hxxp://www.systemrequirementslab.com/srl_bin/sysreqlab_srl.cab

DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - hxxp://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.9.113.cab

DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} - hxxp://www.acclaim.com/cabs/acclaim_v4.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab

DPF: {A3256902-51FA-45A0-8A97-FC1143C169D9} - hxxp://support.microsoft.com/mats/DiagWebControl.cab

DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab

TCP: DhcpNameServer = 61.9.211.33 61.9.211.1

TCP: Interfaces\{7DF79819-D714-4909-8577-CA9C3BFA66B4} : DhcpNameServer = 61.9.211.33 61.9.211.1

TCP: Interfaces\{AD0AA8DC-6ED6-4B72-B499-DFACA1706E06} : DhcpNameServer = 61.9.211.33 61.9.211.1

.

================= FIREFOX ===================

.

FF - ProfilePath -

.

============= SERVICES / DRIVERS ===============

.

R1 c2scsi;c2scsi;c:\windows\system32\drivers\C2SCSI.SYS [2008-6-23 254320]

R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-18 12872]

R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-11 67656]

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2011-7-11 136360]

R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2011-7-11 61960]

R2 NVIDIA Performance Driver Service;NVIDIA Performance Driver Service;c:\program files\nvidia corporation\performance drivers\nvPDsvc.exe [2008-12-11 3579904]

R3 1238095961;Virtual Bus for Microsoft ACPI-Compliant System;c:\windows\system32\drivers\1238095961.sys [2011-7-8 15872]

R3 DGUSBAP;Service for Digidesign Mbox2 (WDM);c:\windows\system32\drivers\dgmbx2.sys [2011-2-13 131120]

R3 MBX2DFU;Digidesign Mbox 2 Firmware Updater;c:\windows\system32\drivers\dgmbx2fu.sys [2011-2-13 23472]

R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2010-6-23 275048]

R4 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2011-7-12 39984]

S2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2011-7-11 269480]

S2 ASO3DiskOptimizer;ASO3DiskOptimizer;c:\program files\advanced system optimizer 3\aso3defragsrv.exe --> c:\program files\advanced system optimizer 3\ASO3DefragSrv.exe [?]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 gupdate1ca0d0246e366fe;Google Update Service (gupdate1ca0d0246e366fe);c:\program files\google\update\GoogleUpdate.exe [2009-7-25 133104]

S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\nvidia corporation\nvidia updatus\daemonu.exe [2011-7-10 2214504]

S2 Roxio Upnp Server 10;Roxio Upnp Server 10;c:\program files\roxio\digital home 10\RoxioUpnpService10.exe [2008-6-23 362992]

S2 RoxLiveShare10;LiveShare P2P Server 10;c:\program files\common files\roxio shared\10.0\sharedcom\RoxLiveShare10.exe [2008-6-23 309744]

S2 RoxWatch10;Roxio Hard Drive Watcher 10;c:\program files\common files\roxio shared\10.0\sharedcom\RoxWatch10.exe [2008-6-23 166384]

S2 rtpMIDIService;rtpMIDIService;c:\program files\tobias erichsen\rtpmidi\rtpMIDISvc.exe [2010-11-27 1128448]

S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888]

S3 cpuz132;cpuz132;c:\windows\system32\drivers\cpuz132_x32.sys [2010-4-4 12672]

S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;c:\program files\dragon age\bin_ship\daupdatersvc.service.exe [2009-12-16 25832]

S3 fssfltr;fssfltr;c:\windows\system32\drivers\fssfltr.sys [2009-11-11 54632]

S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2009-8-5 704864]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2009-7-25 133104]

S3 pbfilter;pbfilter;c:\program files\peerblock\pbfilter.sys [2011-7-8 20080]

S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2011-7-10 15872]

S3 Roxio UPnP Renderer 10;Roxio UPnP Renderer 10;c:\program files\roxio\digital home 10\RoxioUPnPRenderer10.exe [2008-6-23 313840]

S3 RoxMediaDB10;RoxMediaDB10;c:\program files\common files\roxio shared\10.0\sharedcom\RoxMediaDB10.exe [2008-6-23 1120752]

S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-7-10 52224]

S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2011-7-10 1343400]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\wpffontcache_v0400.exe --> c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [?]

.

=============== Created Last 30 ================

.

2011-07-12 00:17:37 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-07-12 00:17:34 22712 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-07-11 13:56:32 -------- d-----w- c:\users\joshua\appdata\roaming\Avira

2011-07-11 13:41:23 61960 ----a-w- c:\windows\system32\drivers\avgntflt.sys

2011-07-11 13:41:22 -------- d-----w- c:\programdata\Avira

2011-07-11 13:41:22 -------- d-----w- c:\program files\Avira

2011-07-11 12:36:40 -------- d-----w- c:\users\joshua\I'm infected - What do I do now_files

2011-07-11 06:14:44 83456 ----a-w- c:\windows\system32\drivers\serial.sys

2011-07-10 11:05:41 -------- d-----w- c:\users\joshua\appdata\roaming\SUPERAntiSpyware.com

2011-07-10 11:05:41 -------- d-----w- c:\programdata\SUPERAntiSpyware.com

2011-07-10 11:05:30 -------- d-----w- c:\program files\SUPERAntiSpyware

2011-07-10 11:03:54 -------- d-----w- c:\users\joshua\appdata\roaming\Malwarebytes

2011-07-10 11:03:48 -------- d-----w- c:\programdata\Malwarebytes

2011-07-10 11:03:46 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-07-10 04:47:55 -------- d-----w- c:\windows\system32\SPReview

2011-07-10 04:41:09 266240 ----a-w- c:\windows\system32\lzhfldr2.dll

2011-07-10 04:39:59 21504 ----a-w- c:\windows\system32\wsdchngr.dll

2011-07-10 04:38:59 46592 ----a-w- c:\windows\system32\WavDest.dll

2011-07-10 04:37:58 373248 ----a-w- c:\program files\internet explorer\ieinstal.exe

2011-07-10 00:54:47 -------- d-----w- c:\windows\system32\Wat

2011-07-09 23:17:42 -------- d-----w- c:\windows\ja-JP

2011-07-09 23:17:30 -------- d-----w- c:\windows\system32\ja

2011-07-09 23:17:30 -------- d-----w- c:\windows\system32\0411

2011-07-09 23:17:29 -------- d-----w- c:\windows\system32\drivers\umdf\ja-JP

2011-07-09 23:17:29 -------- d-----w- c:\windows\system32\drivers\ja-JP

2011-07-09 23:17:26 -------- d-----w- c:\windows\system32\wbem\ja-JP

2011-07-09 23:17:11 -------- d-----w- c:\windows\zh-TW

2011-07-09 23:17:10 -------- d-----w- c:\windows\system32\zh-CHT

2011-07-09 23:17:00 -------- d-----w- c:\windows\system32\drivers\zh-TW

2011-07-09 23:17:00 -------- d-----w- c:\windows\system32\drivers\zh-HK

2011-07-09 23:17:00 -------- d-----w- c:\windows\system32\drivers\umdf\zh-TW

2011-07-09 23:16:57 -------- d-----w- c:\windows\system32\wbem\zh-TW

2011-07-09 23:16:57 -------- d-----w- c:\windows\system32\wbem\zh-HK

2011-07-09 23:16:45 -------- d-----w- c:\windows\ko-KR

2011-07-09 23:16:43 -------- d-----w- c:\windows\system32\drivers\umdf\ko-KR

2011-07-09 23:16:43 -------- d-----w- c:\windows\system32\drivers\ko-KR

2011-07-09 23:16:29 -------- d-----w- c:\windows\system32\ko

2011-07-09 23:16:26 -------- d-----w- c:\windows\system32\wbem\ko-KR

2011-07-09 23:16:12 -------- d-----w- c:\windows\fr-FR

2011-07-09 23:15:58 -------- d-----w- c:\windows\system32\040C

2011-07-09 23:15:57 -------- d-----w- c:\windows\system32\fr

2011-07-09 23:15:57 -------- d-----w- c:\windows\system32\drivers\umdf\fr-FR

2011-07-09 23:15:57 -------- d-----w- c:\windows\system32\drivers\fr-FR

2011-07-09 23:15:50 -------- d-----w- c:\windows\system32\wbem\fr-FR

2011-07-09 23:10:01 3072 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\ja-jp\LXKPTPRC.DLL.mui

2011-07-09 23:09:50 9728 ----a-w- c:\program files\common files\microsoft shared\ink\dicjp.dll

2011-07-09 23:09:50 377856 ----a-w- c:\program files\common files\microsoft shared\ink\mshwjpn.dll

2011-07-09 23:09:50 1179136 ----a-w- c:\program files\common files\microsoft shared\ink\imjplm.dll

2011-07-09 23:09:50 11507712 ----a-w- c:\program files\common files\microsoft shared\ink\mshwjpnr.dll

2011-07-09 22:58:56 3072 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\zh-tw\LXKPTPRC.DLL.mui

2011-07-09 22:58:45 27136 ----a-w- c:\program files\common files\microsoft shared\ink\imchxlm.dll

2011-07-09 22:58:44 424448 ----a-w- c:\program files\common files\microsoft shared\ink\mshwcht.dll

2011-07-09 22:58:44 15720448 ----a-w- c:\program files\common files\microsoft shared\ink\mshwchtr.dll

2011-07-09 22:53:57 3072 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\ko-kr\LXKPTPRC.DLL.mui

2011-07-09 22:53:52 377856 ----a-w- c:\program files\common files\microsoft shared\ink\mshwkor.dll

2011-07-09 22:53:52 13579776 ----a-w- c:\program files\common files\microsoft shared\ink\mshwkorr.dll

2011-07-09 22:48:31 3584 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\fr-fr\LXKPTPRC.DLL.mui

2011-07-09 22:44:55 543336 ----a-w- c:\windows\system32\easyupdatusapiu.dll

2011-07-09 22:44:11 -------- d-----w- c:\programdata\NVIDIA Corporation

2011-07-09 22:40:24 805376 ----a-w- c:\windows\system32\FntCache.dll

2011-07-09 22:40:24 739840 ----a-w- c:\windows\system32\d2d1.dll

2011-07-09 22:40:24 1076736 ----a-w- c:\windows\system32\DWrite.dll

2011-07-09 00:35:41 -------- d--h--w- c:\windows\PIF

2011-07-08 22:59:33 1836 ----a-w- c:\windows\system32\ASOROSet.bin

2011-07-08 12:39:17 15872 ----a-w- c:\windows\system32\drivers\1238095961.sys

2011-07-08 12:22:58 -------- d-----w- c:\program files\PeerBlock

2011-07-08 12:16:01 7074640 ----a-w- c:\programdata\microsoft\windows defender\definition updates\backup\mpengine.dll

2011-07-08 12:15:56 7074640 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{885a75e7-91e2-45fa-997a-41a08928f7c5}\mpengine.dll

2011-07-08 11:28:25 -------- d-----w- c:\program files\POCALOID2

2011-07-08 10:56:56 -------- d-----w- c:\programdata\Systweak

2011-07-08 10:52:05 -------- d-----w- c:\windows\Repair

2011-07-08 08:55:54 -------- d-----w- c:\users\joshua\appdata\local\MediaMonkey

2011-07-08 08:55:53 -------- d-----w- c:\program files\MediaMonkey

2011-07-08 08:38:00 -------- d-----w- c:\users\joshua\appdata\roaming\Systweak

2011-07-08 08:37:48 15080 ----a-w- c:\windows\system32\ROBoot.exe

2011-07-08 08:37:46 -------- d-----w- c:\program files\RegClean Pro

2011-07-08 03:50:20 -------- d-----w- c:\windows\Panther

2011-07-08 03:38:29 -------- d--h--w- C:\$WINDOWS.~Q

2011-07-08 03:02:14 -------- d--h--w- C:\$INPLACE.~TR

2011-07-08 00:19:45 129024 ----a-w- c:\windows\UNWISE.EXE

2011-07-07 22:22:12 2616320 ----a-w- c:\windows\explorer.exe

2011-07-07 22:20:40 293376 ----a-w- c:\windows\system32\umpnpmgr.dll

2011-07-07 22:20:40 145920 ----a-w- c:\windows\system32\cfgmgr32.dll

2011-07-07 22:19:26 542208 ----a-w- c:\windows\system32\kerberos.dll

2011-07-07 22:19:07 741376 ----a-w- c:\windows\system32\inetcomm.dll

2011-07-07 22:18:09 2333184 ----a-w- c:\windows\system32\win32k.sys

2011-07-07 22:18:04 1549312 ----a-w- c:\windows\system32\tquery.dll

2011-07-07 22:18:03 86528 ----a-w- c:\windows\system32\SearchFilterHost.exe

2011-07-07 22:18:03 666624 ----a-w- c:\windows\system32\mssvp.dll

2011-07-07 22:18:03 59392 ----a-w- c:\windows\system32\msscntrs.dll

2011-07-07 22:18:03 427520 ----a-w- c:\windows\system32\SearchIndexer.exe

2011-07-07 22:18:03 337408 ----a-w- c:\windows\system32\mssph.dll

2011-07-07 22:18:03 197120 ----a-w- c:\windows\system32\mssphtb.dll

2011-07-07 22:18:03 164352 ----a-w- c:\windows\system32\SearchProtocolHost.exe

2011-07-07 22:18:03 1401344 ----a-w- c:\windows\system32\mssrch.dll

2011-07-07 22:17:53 802304 ----a-w- c:\windows\system32\WFS.exe

2011-07-07 22:17:53 191488 ----a-w- c:\windows\system32\FXSCOVER.exe

2011-07-07 22:17:48 870912 ----a-w- c:\windows\system32\XpsPrint.dll

2011-07-07 22:17:37 288256 ----a-w- c:\windows\system32\XpsGdiConverter.dll

2011-07-07 22:17:34 850944 ----a-w- c:\windows\system32\sbe.dll

2011-07-07 22:17:34 642048 ----a-w- c:\windows\system32\CPFilters.dll

2011-07-07 22:17:34 534528 ----a-w- c:\windows\system32\EncDec.dll

2011-07-07 22:17:34 199680 ----a-w- c:\windows\system32\mpg2splt.ax

2011-07-07 22:16:52 219136 ----a-w- c:\windows\system32\d3d10_1core.dll

2011-07-07 22:16:52 161792 ----a-w- c:\windows\system32\d3d10_1.dll

2011-07-07 22:16:11 3967872 ----a-w- c:\windows\system32\ntkrnlpa.exe

2011-07-07 22:16:11 3912576 ----a-w- c:\windows\system32\ntoskrnl.exe

2011-07-07 22:07:38 728448 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys

2011-07-07 22:07:38 219008 ----a-w- c:\windows\system32\drivers\dxgmms1.sys

2011-07-07 22:07:38 107520 ----a-w- c:\windows\system32\cdd.dll

2011-07-07 13:54:09 -------- d-----w- c:\windows\system32\appmgmt

2011-07-07 13:24:20 -------- d-----w- c:\users\joshua\appdata\roaming\Waves Audio

2011-07-07 13:20:09 -------- d-----w- c:\program files\WinPcap

2011-07-07 13:16:59 -------- d-----w- c:\program files\Waves

2011-07-07 12:31:59 -------- d-sh--w- C:\Recovery

2011-07-07 12:24:48 -------- d-----w- c:\windows\system32\wbem\Performance

2011-07-07 09:58:36 -------- d-----w- c:\windows\system32\URTTEMP

2011-07-07 09:57:33 -------- d-----w- c:\program files\common files\Digidesign

2011-07-07 09:55:53 -------- d-sh--w- c:\windows\Installer

2011-07-07 09:55:38 -------- d-----w- c:\program files\NVIDIA Corporation

2011-07-07 09:55:25 -------- d-----w- c:\windows\system32\RTCOM

2011-07-07 09:55:25 -------- d-----w- c:\program files\Realtek

2011-07-07 04:58:05 -------- d-----w- c:\users\joshua\appdata\local\Microsoft Corporation

2011-07-07 04:53:20 -------- d-----w- c:\program files\Microsoft Windows 7 Upgrade Advisor

2011-07-07 00:56:53 9078960 ----a-w- c:\windows\system32\mkl_p4p.dll

2011-07-07 00:56:52 9410736 ----a-w- c:\windows\system32\mkl_p4m.dll

2011-07-07 00:56:52 9210032 ----a-w- c:\windows\system32\mkl_p4.dll

2011-07-07 00:56:52 9033904 ----a-w- c:\windows\system32\mkl_p4m3.dll

2011-07-07 00:56:51 6944944 ----a-w- c:\windows\system32\mkl_core.dll

2011-07-07 00:56:51 530608 ----a-w- c:\windows\system32\libiomp5md.dll

2011-07-07 00:56:51 499712 ----a-w- c:\windows\msvcp71.dll

2011-07-07 00:56:51 3868848 ----a-w- c:\windows\system32\mkl_intel_thread.dll

2011-07-07 00:56:51 348160 ----a-w- c:\windows\msvcr71.dll

2011-07-07 00:11:40 0 ----a-w- c:\windows\system32\ConduitEngine.tmp

2011-07-07 00:11:39 -------- d-----w- c:\program files\ConduitEngine

2011-07-06 13:03:37 -------- d-----w- c:\program files\String Studio 1.0

2011-07-06 12:57:49 -------- d-----w- c:\users\joshua\appdata\roaming\DDMF

2011-07-06 10:45:19 -------- d-----w- c:\users\joshua\appdata\roaming\IK Multimedia

2011-07-06 10:31:31 208 ----a-w- c:\windows\system32\msvcsv60.dll

2011-07-06 10:31:31 208 ----a-w- c:\users\joshua\appdata\roaming\msregsvv.dll

2011-07-06 10:18:55 -------- d-----w- c:\program files\IK Multimedia

2011-07-06 10:16:17 -------- d-----w- c:\program files\eaReckon

2011-07-02 14:15:40 -------- dc-h--w- c:\programdata\{D4A35D06-4ABB-4672-8A3A-DA19E6EB8CD6}

2011-07-02 14:13:04 -------- dc-h--w- c:\programdata\{E7D4E1BB-A8A8-4E3B-BEA6-38DD8E4522DF}

2011-07-02 14:06:08 -------- dc-h--w- c:\programdata\{BF329843-149E-4A5A-82A1-0250286442D0}

2011-07-02 13:30:51 -------- dc-h--w- c:\programdata\{9EA9F3B6-4422-49A7-8BC0-B8C3C310B956}

2011-07-02 13:11:58 -------- dc-h--w- c:\programdata\{FCB4E5DF-D134-4F71-861A-5EB315418DA1}

2011-07-02 13:06:46 -------- dc-h--w- c:\programdata\{A1CE61C9-A3B8-4E0E-ADEE-E237C381C954}

2011-07-02 13:02:32 -------- dc-h--w- c:\programdata\{13E67FA2-BFF0-4FB9-99FF-F2B7E480E626}

2011-07-02 13:00:47 -------- dc-h--w- c:\programdata\{1CF3FE7A-4381-41EA-A1FD-F70233A9A42E}

2011-07-02 12:57:38 -------- dc-h--w- c:\programdata\{458F3F08-8039-46F2-BF3A-F5115518ED16}

2011-07-02 12:53:47 -------- dc-h--w- c:\programdata\{D60B3BBC-C177-4D7A-B4F6-13B5AF452E04}

2011-07-02 12:50:08 -------- dc-h--w- c:\programdata\{DCB3384C-CF87-4E37-8561-DAD854BEBFCD}

2011-07-02 12:45:33 -------- dc-h--w- c:\programdata\{F72E3A60-3111-406A-B539-69D64E8BF25B}

2011-07-02 12:43:56 -------- dc-h--w- c:\programdata\{6BA6A5D8-137C-4CEA-8BBE-6AE00E2D8863}

2011-07-02 12:42:07 -------- dc-h--w- c:\programdata\{86190A21-318C-4B3A-9297-DC38C1C465BC}

2011-07-02 10:11:01 -------- dc-h--w- c:\programdata\{07D9EF15-1E96-4C9C-911C-4C7AAC443789}

2011-07-02 09:33:18 -------- dc-h--w- c:\programdata\{AE681438-D566-42AE-BBB8-7141C47E0985}

2011-07-01 03:14:46 -------- d-----w- c:\program files\Steinberg

2011-06-25 00:33:02 -------- d-----w- c:\users\joshua\appdata\roaming\REAPER

2011-06-25 00:31:12 -------- d-----w- c:\program files\REAPER

2011-06-22 04:59:47 411520 ----a-r- c:\users\joshua\appdata\roaming\microsoft\installer\{f9242d4e-09e7-45c7-a53a-83375d0fad42}\ARPPRODUCTICON.exe

2011-06-22 04:53:59 -------- d-----w- c:\program files\Digidesign

2011-06-22 04:18:11 630784 ----a-w- c:\windows\system32\ilinet.dll

2011-06-17 00:35:25 -------- dc----w- c:\programdata\{2BA49ADF-BEB3-49BD-A34B-AD95439D351B}

2011-06-16 22:57:28 -------- d-----w- c:\users\joshua\appdata\roaming\Antares

2011-06-16 22:57:27 -------- d-----w- c:\program files\Antares Audio Technologies

2011-06-16 13:51:45 -------- dc-h--w- c:\programdata\{7116F3B8-F7A5-4000-8246-F396F274C452}

2011-06-16 13:30:14 -------- dc-h--w- c:\programdata\{C78336EC-F2EB-4640-99A4-DFE96581B90B}

2011-06-16 13:23:31 -------- dc-h--w- c:\programdata\{C5A0D307-9319-4B00-9734-C0F4B0454A7B}

2011-06-16 11:46:23 -------- d-----w- c:\program files\ComPlete Komplete

2011-06-16 03:10:22 -------- dc-h--w- c:\programdata\{29CF7310-A1F2-43D3-9CA5-BAF68DCAEDC1}

2011-06-16 00:59:07 -------- d-----w- c:\program files\PSP N2O

2011-06-16 00:57:06 8324096 ----a-w- c:\windows\system32\PSP N2O.dll

2011-06-16 00:48:17 -------- d-----w- c:\program files\DDMF

2011-06-16 00:42:30 -------- d-----w- c:\users\joshua\appdata\roaming\AudioMulch

2011-06-16 00:42:19 -------- d-----w- c:\program files\AudioMulch 2.1.0

2011-06-15 06:07:15 -------- d-----w- c:\users\joshua\appdata\roaming\Waldorf

2011-06-15 06:07:09 -------- d-----w- c:\users\joshua\appdata\roaming\Celemony Software GmbH

2011-06-15 06:07:02 -------- d-----w- c:\users\joshua\appdata\roaming\KORG

2011-06-15 06:06:39 -------- d-----w- c:\users\joshua\appdata\roaming\Nomad Factory

2011-06-15 06:06:32 -------- d-----w- c:\program files\Nomad Factory

2011-06-15 06:06:11 -------- d-----w- c:\users\joshua\appdata\local\Native Instruments

2011-06-15 06:06:10 -------- d-----w- c:\users\joshua\appdata\roaming\Drumagog 5

.

==================== Find3M ====================

.

2011-07-10 04:55:59 152576 ----a-w- c:\windows\system32\msclmd.dll

2011-05-30 13:42:51 240640 ----a-w- c:\windows\system32\xvidvfw.dll

2011-05-28 02:53:58 1638912 ----a-w- c:\windows\system32\mshtml.tlb

2011-05-24 09:14:10 222080 ----a-w- c:\windows\system32\MpSigStub.exe

2011-05-23 09:52:08 153088 ----a-w- c:\windows\system32\xvid.ax

2011-05-23 07:46:31 645632 ----a-w- c:\windows\system32\xvidcore.dll

2011-05-03 18:52:22 472808 ----a-w- c:\windows\system32\deployJava1.dll

2011-04-29 02:46:33 311808 ----a-w- c:\windows\system32\drivers\srv.sys

2011-04-29 02:46:15 310272 ----a-w- c:\windows\system32\drivers\srv2.sys

2011-04-29 02:46:10 114688 ----a-w- c:\windows\system32\drivers\srvnet.sys

2011-04-27 02:17:36 223744 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys

2011-04-27 02:17:28 96768 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys

2011-04-27 02:17:22 123904 ----a-w- c:\windows\system32\drivers\mrxsmb.sys

2011-04-25 04:31:30 1290624 ----a-w- c:\windows\system32\drivers\tcpip.sys

2011-04-25 02:18:03 338944 ----a-w- c:\windows\system32\drivers\afd.sys

2011-04-22 19:14:16 27008 ----a-w- c:\windows\system32\drivers\Diskdump.sys

2011-04-22 19:10:01 981504 ----a-w- c:\windows\system32\wininet.dll

2011-01-02 23:01:07 722680 ----a-w- c:\program files\unins000.exe

2010-03-30 17:13:01 5160448 ----a-r- c:\program files\mb_warband.exe

2010-03-30 17:13:01 41984 ----a-r- c:\program files\SKIDROW.exe

2009-11-10 06:11:04 423184930 ----a-w- c:\program files\SWTFU_PC_EF_1.1_Update.exe

.

=================== ROOTKIT ====================

.

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net

Windows 6.1.7601 Disk: SAMSUNG_HD753LJ rev.1AA01114 -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-2

.

device: opened successfully

user: MBR read successfully

.

Disk trace:

called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x92E0C890]<<

_asm { PUSH ECX; MOV EAX, [ESP+0x8]; PUSH EBX; PUSH EBP; PUSH ESI; PUSH EDI; CMP EAX, [0x92e12964]; JNZ 0x22; MOV EBX, [ESP+0x1c]; CALL 0xfffffffffffffcc0; }

1 nt!IofCallDriver[0x82C70003] -> \Device\Harddisk0\DR0[0x8609D030]

3 CLASSPNP[0x8C28559E] -> nt!IofCallDriver[0x82C70003] -> [0x866F5D78]

\Driver\Disk[0x869AE030] -> IRP_MJ_CREATE -> 0x92E0C890

kernel: MBR read successfully

_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; MOV ES, AX; MOV DS, AX; MOV SI, 0x7c00; MOV DI, 0x600; MOV CX, 0x200; CLD ; REP MOVSB ; PUSH AX; PUSH 0x61c; RETF ; STI ; MOV CX, 0x4; MOV BP, 0x7be; CMP BYTE [bP+0x0], 0x0; }

user & kernel MBR OK

.

============= FINISH: 10:24:31.22 ===============

-------------

4. Ran GMER - have attached ark.txt in zip file...

--------

i realise i may have to reformat hard drive and do a fresh install of windows 7 but i thought i'd try this first :) Thank you for your time.

Attach.zip

Link to post
Share on other sites

Hello Cubby and welcome to Malwarebytes! :welcome:

I am D-FRED-BROWN and I will be helping you. :)

Please print or save this topic: it will make it easier for you to follow the instructions and complete all of the necessary steps.

-------------

Please download maxhandle.exe by noahdfear to your desktop

  • Double click and run the application
  • An active internet connection is required so that maxhandle.exe may download a tool from SysInternals (every time it is run).
  • Log is saved to c:\maxhandle.txt
  • If Max++ is not found Nothing found! is echoed to the screen - no log is produced.

Please post the results for my review

-------------

Windows7

First, you must verify that you can access the Windows7 Recovery Environment.

To do so, restart your computer and begin tapping the F8 key to enable the Advanced Start menu.

If the option 'Repair your computer' is available, select it.

If not available, you will need to insert your Windows7 installation dvd and restart, then press any key when prompted to boot from the cd.

At the Install Windows screen, select Repair your computer. (image below)

4.gif

Before you run the look.bat command in the Recovery Environment, make sure you run Maxlook.exe first in Normal Mode.

Next, please download maxlook, saving the file to your desktop.

Double click maxlook.exe to run it. Note - you must run it only once!

As instructed when the tool runs, restart the computer and logon to the Recovery Environment.

Once you get to the System Recovery Options screen, first take note of the drive letter assigned to the operating system, then select Command Prompt.

2.gif

Type the following bolded command at the x:\sources> prompt (or x:\windows\system32>) then hit Enter.

cd /d x:\windows <--- the red x represents your operating system drive letter, as shown in the image below

look7.gif

At the D:\Windows> prompt type the following command then hit Enter

look.bat

You will see many files copied then return to the x:\windows> prompt.

Type Exit then restart your computer and logon in normal mode.

Please run maxlook.exe again now. Note - you must run it only once!

It will produce looklog.txt on the desktop and open it.

Please post the results here.

-------------

Please download to your Desktop:

  • TDSSKiller.zip from here and extract it (right click on it => "Extract here").

>>> TDSSKiller: Double-click on TDSSKiller.exe to run the application.

  • Click on the Start Scan button and wait for the scan and disinfection process to be over.
  • If an infected file is detected, the default action will be Cure, click on Continue tdsskiller2.png
  • If a suspicious file is detected, the default action will be Skip, click on Continue tdsskiller3.png
  • If you are asked to reboot the computer to complete the process, click on the Reboot Now button. A report will be automatically saved at the root of the System drive ((usually C:\) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt" (for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt). Please copy and paste the contents of that file here.
  • If no reboot is required, click on Report. A log file will appear. Please copy and paste the contents of that file in your next reply.

In your next reply, please include the following (you may need to use two posts to get it all in):

  • TDSSKiller_log.txt
how the PC is running now?
-------------
Please download ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix
***IMPORTANT: save ComboFix to your Desktop***
* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
Please go here to see a list of programs that should be disabled.
**Note: Do not mouseclick ComboFix's window while it's running. That may cause it to stall**
Please include the C:\ComboFix.txt in your next reply for further review.
Also, please let me know if any problems still remain.
-------------
In your next reply, please include:
  • Maxhandle log (if one is created)
  • Maxlook looklog.txt
  • TDSSKiller log
  • C:\ComboFix.txt

How is your computer running now?

Link to post
Share on other sites

  • 2 weeks later...

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.