Jump to content

Infected with malware


Recommended Posts

Hi,

My computer got infected yesterday with a nasty malware. The malware disables Windows Security Center and Microsoft Security Essential can't be started. Also now my chrome redirects to some 'malware removal' program sites. It also randomly started Windows IE and displayed some ads (and some weird music at startup) but I ran MBAM and Superantispyware after rkill which got rid of those. But even after those Windows Security Center doesn't start and chrome redirects. MBAM found some new malware even after removing the previous ones. Here are the logs

MBAM

Database version: 7035

Windows 6.1.7600

Internet Explorer 9.0.8112.16421

1.8.2011 17:11:26

mbam-log-2011-08-01 (17-11-26).txt

Scan type: Quick scan

Objects scanned: 181728

Time elapsed: 5 minute(s), 12 second(s)

Memory Processes Infected: 3

Memory Modules Infected: 0

Registry Keys Infected: 2

Registry Values Infected: 3

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 4

Memory Processes Infected:

c:\Users\Admin\AppData\Roaming\microsoft\Windows\start menu\Programs\Startup\update tool

notifier.exe (Trojan.Agent) -> 3876 -> Unloaded process successfully.

c:\Users\Admin\AppData\Local\Temp\rtpmp.exe (Trojan.Agent) -> 3660 -> Unloaded process

successfully.

c:\Users\Admin\AppData\Local\Temp\Ft1.exe (Trojan.FakeAlert.SA) -> 2040 -> Unloaded process

successfully.

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

HKEY_CURRENT_USER\SOFTWARE\8DDYX0ZBPZ (Trojan.FakeAlert.SA) -> Quarantined and deleted

successfully.

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\

(Hijack.Zones) -> Quarantined and deleted successfully.

Registry Values Infected:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\windows updater

(Backdoor.IRCBot) -> Value: windows updater -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\java checksys

(Trojan.Agent) -> Value: java checksys -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\8DDYX0ZBPZ

(Trojan.FakeAlert.SA) -> Value: 8DDYX0ZBPZ -> Quarantined and deleted successfully.

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

c:\Users\Admin\AppData\Roaming\microsoft\Windows\start menu\Programs\Startup\update tool

notifier.exe (Trojan.Agent) -> Quarantined and deleted successfully.

c:\Windows\Tasks\{810401e2-dde0-454e-b0e2-aa89c9e5967c}.job (Trojan.FraudPack) ->

Quarantined and deleted successfully.

c:\Users\Admin\AppData\Local\Temp\rtpmp.exe (Trojan.Agent) -> Quarantined and deleted

successfully.

c:\Users\Admin\AppData\Local\Temp\Ft1.exe (Trojan.FakeAlert.SA) -> Quarantined and deleted

successfully.

----------------------------------

.

DDS (Ver_2011-06-23.01) - NTFSAMD64

Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_22

Run by Admin at 16:58:10 on 2011-08-01

Microsoft Windows 7 Home Premium 6.1.7600.0.1252.358.1033.18.4095.2269 [GMT 3:00]

.

AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}

AV: AntiVir Desktop *Enabled/Outdated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}

AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}

SP: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}

SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: AntiVir Desktop *Enabled/Outdated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}

.

============== Running Processes ===============

.

C:\PROGRA~2\AVG\AVG10\avgchsva.exe

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\nvvsvc.exe

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe

C:\Windows\system32\svchost.exe -k LocalService

C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe

C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe

C:\Windows\system32\nvvsvc.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Program Files\DisplayLink Core Software\DisplayLinkUserAgent.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\taskeng.exe

C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe

C:\Windows\system32\rundll32.exe

C:\Windows\SysWOW64\rundll32.exe

C:\Program Files\DisplayLink Core Software\DisplayLinkUI.exe

C:\Windows\system32\taskeng.exe

C:\Users\Admin\AppData\Local\Temp\Ft1.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE

C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe

C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe

C:\Windows\system32\conhost.exe

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe

C:\Program Files (x86)\Bonjour\mDNSResponder.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\SysWOW64\PnkBstrA.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Program Files (x86)\Steam\Steam.exe

C:\Program Files\MotioninJoy\ds3\DS3_Tool.exe

C:\Program Files (x86)\AVG\AVG10\avgnsa.exe

C:\Program Files\NVIDIA Corporation\Display\nvtray.exe

C:\Program Files (x86)\AVG\AVG10\avgemca.exe

C:\Windows\system32\conhost.exe

C:\Users\Admin\Local Settings\Apps\F.lux\flux.exe

C:\Users\Admin\AppData\Local\Temp\rtpmp.exe

C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

C:\Users\Admin\AppData\Roaming\Dropbox\bin\Dropbox.exe

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Update Tool Notifier.exe

C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe

C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin

C:\Windows\system32\SearchIndexer.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Windows\system32\DllHost.exe

C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe

C:\Windows\SysWOW64\rundll32.exe

C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Windows\system32\wuauclt.exe

C:\Windows\servicing\TrustedInstaller.exe

C:\PROGRA~2\AVG\AVG10\avgrsa.exe

C:\Program Files (x86)\AVG\AVG10\avgcsrva.exe

C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\conhost.exe

C:\Windows\SysWOW64\cscript.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

mWinlogon: Userinit=userinit.exe,

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG10\avgssie.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

uRun: [Google Update] "C:\Users\Admin\AppData\Local\Google\Update\GoogleUpdate.exe" /c

uRun: [steam] "C:\Program Files (x86)\Steam\steam.exe" -silent

uRun: [AdobeBridge]

uRun: [DS3 Tool] C:\Program Files\MotioninJoy\ds3\DS3_Tool.exe -mini

uRun: [EADM] "C:\Program Files (x86)\Electronic Arts\EADM\EADMUI.exe"

uRun: [F.lux] "C:\Users\Admin\Local Settings\Apps\F.lux\flux.exe" /noshow

uRun: [windows updater] %TEMP%\gaspci.exe

uRun: [java checksys] %TEMP%\rtpmp.exe

uRun: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

uRun: [8DDYX0ZBPZ] C:\Users\Admin\AppData\Local\Temp\Ft1.exe

mRun: [CTxfiHlp] CTXFIHLP.EXE

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun: [switchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

mRun: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin

mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

mRun: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min

mRun: [Malwarebytes' Anti-Malware (reboot)] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript

mRun: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG10\avgtray.exe

StartupFolder: C:\Users\Admin\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Admin\AppData\Roaming\Dropbox\bin\Dropbox.exe

StartupFolder: C:\Users\Admin\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\OPENOF~1.LNK - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe

StartupFolder: C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Update Tool Notifier.exe

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableLUA = 0 (0x0)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

mPolicies-system: PromptOnSecureDesktop = 0 (0x0)

IE: {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Users\Admin\Desktop\PartyPoker.lnk

Trusted Zone: clonewarsadventures.com

Trusted Zone: freerealms.com

Trusted Zone: soe.com

Trusted Zone: sony.com

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab

DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab

DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPID.cab

TCP: DhcpNameServer = 213.243.153.172 213.243.153.136

TCP: Interfaces\{E743CE8B-97A7-4379-9402-E280A099950B} : DhcpNameServer = 213.243.153.172 213.243.153.136

Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgpp.dll

SSODL: IconPackager Repair - {1799460C-0BC8-4865-B9DF-4A36CD703FF0} - C:\Program Files (x86)\Stardock\Object Desktop\IconPackager\iprepair.dll

BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO-X64: AcroIEHelperStub - No File

BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG10\avgssie.dll

BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File

BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

mRun-x64: [CTxfiHlp] CTXFIHLP.EXE

mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun-x64: [switchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

mRun-x64: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin

mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"

mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

mRun-x64: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min

mRun-x64: [Malwarebytes' Anti-Malware (reboot)] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript

mRun-x64: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG10\avgtray.exe

IE-X64: {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Users\Admin\Desktop\PartyPoker.lnk

SSODL-X64: IconPackager Repair - {1799460C-0BC8-4865-B9DF-4A36CD703FF0} - C:\Program Files (x86)\Stardock\Object Desktop\IconPackager\iprepair.dll

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i9qkuvix.default\

FF - prefs.js: network.proxy.http - 127.0.0.1

FF - prefs.js: network.proxy.http_port - 60384

FF - prefs.js: network.proxy.type - 1

FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrlui.dll

FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll

FF - plugin: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll

FF - plugin: C:\Users\Admin\AppData\Local\Google\Update\1.3.21.57\npGoogleUpdate3.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll

.

============= SERVICES / DRIVERS ===============

.

R0 AVGIDSEH;AVGIDSEH;C:\Windows\system32\DRIVERS\AVGIDSEH.Sys --> C:\Windows\system32\DRIVERS\AVGIDSEH.Sys [?]

R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\system32\DRIVERS\avgrkx64.sys --> C:\Windows\system32\DRIVERS\avgrkx64.sys [?]

R0 dlkmdldr;dlkmdldr;C:\Windows\system32\drivers\dlkmdldr.sys --> C:\Windows\system32\drivers\dlkmdldr.sys [?]

R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\system32\DRIVERS\avgldx64.sys --> C:\Windows\system32\DRIVERS\avgldx64.sys [?]

R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\system32\DRIVERS\avgmfx64.sys --> C:\Windows\system32\DRIVERS\avgmfx64.sys [?]

R1 Avgtdia;AVG TDI Driver;C:\Windows\system32\DRIVERS\avgtdia.sys --> C:\Windows\system32\DRIVERS\avgtdia.sys [?]

R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\system32\DRIVERS\dtsoftbus01.sys --> C:\Windows\system32\DRIVERS\dtsoftbus01.sys [?]

R1 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]

R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-13 14928]

R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-13 12368]

R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2011-5-4 128384]

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [2011-7-31 136360]

R2 AntiVirService;Avira AntiVir Guard;C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2011-7-31 269480]

R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [2011-4-18 7398752]

R2 avgntflt;avgntflt;C:\Windows\system32\DRIVERS\avgntflt.sys --> C:\Windows\system32\DRIVERS\avgntflt.sys [?]

R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe [2011-2-8 269520]

R2 DisplayLinkService;DisplayLinkManager;C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe [2011-2-28 9603432]

R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-5-19 2218600]

R3 AVGIDSDriver;AVGIDSDriver;C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys --> C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys [?]

R3 AVGIDSFilter;AVGIDSFilter;C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys --> C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys [?]

R3 CT20XUT.SYS;CT20XUT.SYS;C:\Windows\system32\drivers\CT20XUT.SYS --> C:\Windows\system32\drivers\CT20XUT.SYS [?]

R3 CTEXFIFX.SYS;CTEXFIFX.SYS;C:\Windows\system32\drivers\CTEXFIFX.SYS --> C:\Windows\system32\drivers\CTEXFIFX.SYS [?]

R3 CTHWIUT.SYS;CTHWIUT.SYS;C:\Windows\system32\drivers\CTHWIUT.SYS --> C:\Windows\system32\drivers\CTHWIUT.SYS [?]

R3 dlkmd;dlkmd;C:\Windows\system32\drivers\dlkmd.sys --> C:\Windows\system32\drivers\dlkmd.sys [?]

R3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;C:\Windows\system32\DRIVERS\MijXfilt.sys --> C:\Windows\system32\DRIVERS\MijXfilt.sys [?]

R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys --> C:\Windows\system32\drivers\nvhda64v.sys [?]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2011-2-1 79360]

S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2010-11-21 79360]

S3 CT20XUT;CT20XUT;C:\Windows\system32\drivers\CT20XUT.SYS --> C:\Windows\system32\drivers\CT20XUT.SYS [?]

S3 CTEXFIFX;CTEXFIFX;C:\Windows\system32\drivers\CTEXFIFX.SYS --> C:\Windows\system32\drivers\CTEXFIFX.SYS [?]

S3 CTHWIUT;CTHWIUT;C:\Windows\system32\drivers\CTHWIUT.SYS --> C:\Windows\system32\drivers\CTHWIUT.SYS [?]

S3 MpNWMon;Microsoft Malware Protection Network Driver;C:\Windows\system32\DRIVERS\MpNWMon.sys --> C:\Windows\system32\DRIVERS\MpNWMon.sys [?]

S3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]

S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-4-27 288272]

S3 SwitchBoard;SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]

S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]

.

=============== Created Last 30 ================

.

2011-08-01 13:57:56 607017 ------r- C:\dds.scr

2011-08-01 13:56:36 50477 ----a-w- C:\Defogger.exe

2011-08-01 13:55:41 388608 ----a-w- C:\HijackThis.exe

2011-07-31 19:18:57 -------- d-----w- C:\Windows\SysWow64\drivers\AVG

2011-07-31 19:18:09 -------- d-----w- C:\Windows\System32\drivers\AVG

2011-07-31 17:53:27 -------- d-----w- C:\Users\Admin\AppData\Roaming\SUPERAntiSpyware.com

2011-07-31 17:53:27 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com

2011-07-31 17:53:23 -------- d-----w- C:\ProgramData\!SASCORE

2011-07-31 17:53:21 -------- d-----w- C:\Program Files\SUPERAntiSpyware

2011-07-31 16:07:04 -------- d-----w- C:\Users\Admin\AppData\Roaming\Malwarebytes

2011-07-31 16:06:42 41272 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys

2011-07-31 16:06:41 -------- d-----w- C:\ProgramData\Malwarebytes

2011-07-31 16:06:38 25912 ----a-w- C:\Windows\System32\drivers\mbam.sys

2011-07-31 16:06:38 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2011-07-31 16:02:18 -------- d-----w- C:\woire

2011-07-31 15:54:49 5256 ----a-w- C:\wscsvc.reg

2011-07-31 15:41:17 1404208 ----a-w- C:\TDSSKiller.exe

2011-07-31 15:39:16 -------- d-----w- C:\Windows\pss

2011-07-31 15:36:26 601424 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{B47B6710-FA9E-48EB-AA33-4A688E3D657B}\gapaengine.dll

2011-07-31 15:36:20 8578896 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{18F1F83C-2BEB-4706-8A73-83F3FF58B100}\mpengine.dll

2011-07-31 15:35:38 -------- d-----w- C:\Users\Admin\AppData\Roaming\Avira

2011-07-31 15:35:31 -------- d-----w- C:\Program Files (x86)\Microsoft Security Client

2011-07-31 15:35:21 -------- d-----w- C:\Program Files\Microsoft Security Client

2011-07-31 15:22:21 83120 ----a-w- C:\Windows\System32\drivers\avgntflt.sys

2011-07-31 15:22:21 -------- d-----w- C:\ProgramData\Avira

2011-07-31 15:22:21 -------- d-----w- C:\Program Files (x86)\Avira

2011-07-31 14:43:18 75776 --sha-r- C:\Windows\SysWow64\KBDBULG0.dll

2011-07-31 14:08:45 -------- d-----w- C:\Users\Admin\AppData\Local\PMB Files

2011-07-31 14:08:40 -------- d-----w- C:\ProgramData\PMB Files

2011-07-28 21:09:34 -------- d-----w- C:\me_save

2011-07-27 21:50:36 -------- d-----w- C:\Dolphin

2011-07-27 11:13:48 -------- d-----w- C:\Users\Admin\AppData\Roaming\Lazy 8 Studios

2011-07-27 11:12:01 -------- d-----w- C:\Users\Admin\AppData\Local\Lazy 8 Studios

2011-07-26 16:57:27 -------- d-----w- C:\Program Files\iTunes

2011-07-26 16:57:27 -------- d-----w- C:\Program Files\iPod

2011-07-26 16:55:49 -------- d-----w- C:\Program Files\Bonjour

2011-07-26 16:55:49 -------- d-----w- C:\Program Files (x86)\Bonjour

2011-07-15 19:06:23 -------- d-sh--w- C:\ProgramData\SecuROM

2011-07-15 19:05:35 -------- d-----w- C:\Users\Admin\AppData\Local\Rockstar Games

2011-07-15 19:05:21 178800 ----a-w- C:\Windows\SysWow64\CmdLineExt_x64.dll

2011-07-13 13:46:01 422400 ----a-w- C:\Windows\System32\KernelBase.dll

2011-07-13 13:46:01 272384 ----a-w- C:\Windows\SysWow64\KernelBase.dll

2011-07-13 13:46:00 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll

2011-07-13 13:46:00 3584 ---ha-w- C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll

2011-07-12 08:34:00 96104 ----a-w- C:\Windows\System32\dns-sd.exe

2011-07-12 08:34:00 85864 ----a-w- C:\Windows\System32\dnssd.dll

2011-07-12 08:34:00 61288 ----a-w- C:\Windows\System32\jdns_sd.dll

2011-07-12 08:34:00 212840 ----a-w- C:\Windows\System32\dnssdX.dll

2011-07-12 08:20:54 83816 ----a-w- C:\Windows\SysWow64\dns-sd.exe

2011-07-12 08:20:54 73064 ----a-w- C:\Windows\SysWow64\dnssd.dll

2011-07-12 08:20:54 50536 ----a-w- C:\Windows\SysWow64\jdns_sd.dll

2011-07-12 08:20:54 178536 ----a-w- C:\Windows\SysWow64\dnssdX.dll

2011-07-10 13:25:33 -------- d-----w- C:\ProgramData\ALM

2011-07-07 12:47:25 -------- d-----w- C:\Users\Admin\AppData\Roaming\Mozilla-Cache

2011-07-07 12:46:40 -------- d-----w- C:\Programs

2011-07-07 09:17:57 -------- d-----w- C:\Users\Admin\AppData\Roaming\Brawsome

2011-07-07 09:17:57 -------- d-----w- C:\ProgramData\Brawsome

2011-07-07 06:24:34 -------- d-----w- C:\Users\Admin\AppData\Local\Pando_Temp

2011-07-06 19:53:05 -------- d-----w- C:\Users\Admin\AppData\Local\Two Tribes

2011-07-06 14:59:56 -------- d-----w- C:\Windows\3F5C371F8EA24F259D3DD0B4526E3AEA.TMP

2011-07-05 19:31:48 -------- d-----w- C:\Users\Admin\AppData\Roaming\Beat Hazard

2011-07-04 17:12:11 -------- d-----w- C:\Users\Admin\AppData\Local\Two Worlds II

2011-07-04 13:54:10 540688 ----a-w- C:\Windows\System32\d3dx10_39.dll

2011-07-04 13:54:10 467984 ----a-w- C:\Windows\SysWow64\d3dx10_39.dll

2011-07-04 13:54:10 1942552 ----a-w- C:\Windows\System32\D3DCompiler_39.dll

2011-07-04 13:54:10 1493528 ----a-w- C:\Windows\SysWow64\D3DCompiler_39.dll

2011-07-04 13:54:09 4992520 ----a-w- C:\Windows\System32\D3DX9_39.dll

2011-07-04 13:54:03 -------- d-----w- C:\Windows\D56B0E274A3E46C9B5C1D93D580C099C.TMP

.

==================== Find3M ====================

.

2011-07-08 20:28:28 466456 ----a-w- C:\Windows\System32\wrap_oal.dll

2011-07-08 20:28:28 122904 ----a-w- C:\Windows\System32\OpenAL32.dll

2011-07-08 20:28:27 444952 ----a-w- C:\Windows\SysWow64\wrap_oal.dll

2011-07-08 20:28:27 109080 ----a-w- C:\Windows\SysWow64\OpenAL32.dll

2011-06-30 15:33:51 281200 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr

2011-06-30 15:33:51 281200 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe

2011-06-30 15:31:08 281200 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0

2011-06-28 17:27:55 75136 ----a-w- C:\Windows\SysWow64\PnkBstrA.exe

2011-06-18 16:02:21 404640 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2011-06-11 02:56:44 3134464 ----a-w- C:\Windows\System32\win32k.sys

2011-06-02 06:45:22 362496 ----a-w- C:\Windows\System32\wow64win.dll

2011-06-02 06:45:22 243200 ----a-w- C:\Windows\System32\wow64.dll

2011-06-02 06:45:22 13312 ----a-w- C:\Windows\System32\wow64cpu.dll

2011-06-02 06:44:54 214528 ----a-w- C:\Windows\System32\winsrv.dll

2011-06-02 06:42:37 16384 ----a-w- C:\Windows\System32\ntvdm64.dll

2011-06-02 06:35:56 338944 ----a-w- C:\Windows\System32\conhost.exe

2011-06-02 05:59:44 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll

2011-06-02 05:56:28 44032 ----a-w- C:\Windows\apppatch\acwow64.dll

2011-06-02 05:56:06 25600 ----a-w- C:\Windows\SysWow64\setup16.exe

2011-06-02 05:54:51 5120 ----a-w- C:\Windows\SysWow64\wow32.dll

2011-06-02 03:51:00 7680 ----a-w- C:\Windows\SysWow64\instnm.exe

2011-06-02 03:50:59 2048 ----a-w- C:\Windows\SysWow64\user.exe

2011-06-02 03:45:49 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll

2011-06-02 03:45:49 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll

2011-06-02 03:45:49 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll

2011-06-02 03:45:49 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll

2011-05-24 11:21:59 404992 ----a-w- C:\Windows\System32\umpnpmgr.dll

2011-05-24 10:34:20 64512 ----a-w- C:\Windows\SysWow64\devobj.dll

2011-05-24 10:34:20 44544 ----a-w- C:\Windows\SysWow64\devrtl.dll

2011-05-24 10:34:00 145920 ----a-w- C:\Windows\SysWow64\cfgmgr32.dll

2011-05-24 10:32:46 252928 ----a-w- C:\Windows\SysWow64\drvinst.exe

2011-05-04 05:30:38 2326016 ----a-w- C:\Windows\System32\tquery.dll

2011-05-04 05:28:07 779264 ----a-w- C:\Windows\System32\mssvp.dll

2011-05-04 05:28:07 2228224 ----a-w- C:\Windows\System32\mssrch.dll

2011-05-04 05:28:06 75264 ----a-w- C:\Windows\System32\msscntrs.dll

2011-05-04 05:28:06 491520 ----a-w- C:\Windows\System32\mssph.dll

2011-05-04 05:28:06 288256 ----a-w- C:\Windows\System32\mssphtb.dll

2011-05-04 05:24:09 593408 ----a-w- C:\Windows\System32\SearchIndexer.exe

2011-05-04 05:24:09 249856 ----a-w- C:\Windows\System32\SearchProtocolHost.exe

2011-05-04 05:24:09 113664 ----a-w- C:\Windows\System32\SearchFilterHost.exe

2011-05-04 04:53:10 1553920 ----a-w- C:\Windows\SysWow64\tquery.dll

2011-05-04 04:52:59 666624 ----a-w- C:\Windows\SysWow64\mssvp.dll

2011-05-04 04:52:59 59392 ----a-w- C:\Windows\SysWow64\msscntrs.dll

2011-05-04 04:52:59 337408 ----a-w- C:\Windows\SysWow64\mssph.dll

2011-05-04 04:52:59 197120 ----a-w- C:\Windows\SysWow64\mssphtb.dll

2011-05-04 04:52:59 1401856 ----a-w- C:\Windows\SysWow64\mssrch.dll

2011-05-04 04:52:12 86528 ----a-w- C:\Windows\SysWow64\SearchFilterHost.exe

2011-05-04 04:52:12 428032 ----a-w- C:\Windows\SysWow64\SearchIndexer.exe

2011-05-04 04:52:12 164352 ----a-w- C:\Windows\SysWow64\SearchProtocolHost.exe

2011-05-04 02:51:08 287744 ----a-w- C:\Windows\System32\drivers\mrxsmb10.sys

2011-05-04 02:51:08 157696 ----a-w- C:\Windows\System32\drivers\mrxsmb.sys

2011-05-04 02:51:05 126464 ----a-w- C:\Windows\System32\drivers\mrxsmb20.sys

.

============= FINISH: 16:59:22,06 ===============

---------------------------------

Attach.zip

Link to post
Share on other sites

  • Staff

Hi and welcome to Malwarebytes.

I notice that you are using more than one antivirus program (Antivir, AVG and Microsoft). This is very dangerous, as multiple AVs can interfere with one another and actually allow MORE viruses to get through. I strongly suggest you go to Start -> Control Panel -> Add or Remove Programs and uninstall all but one antivirus program.

Please update MBAM, run a Quick Scan, and post its log.

Next, please visit this webpage for instructions for running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

  • When the tool is finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt along with a new DDS log so we may continue cleaning the system.

-screen317

Link to post
Share on other sites

  • Staff

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.