Jump to content

Tracur Trojan - web site redirection, intrusion


Recommended Posts

I have run into some malware - tracur trojan. I hope you guys can help!

I am running XP sp3 with automatic updates. I am using Norton Security suite (not sure of the version, it comes with Comcast) and it says the definitions update happened today. I am also using MBAM with an updated DB (v7558).

Recently I noticed some google searches being redirected to bogus sites over the past several days. I get a notification from Norton that an intrusion attempt was blocked and my system is infected with the Tracur Trojan. In my Norton window it also mentions "the attack was resulted from /DEVICE/HARDDISKVOLUME2/WINDOWS/SYSTEM32/NPPTOOLS32.EXE"

I run the MBAM quickscan (no other programs or browsers are running) and it detects Tracur, and I remove the files + reboot. It does not seem to help, as Norton continues to report an intrusion detection and MBAM continues to find this malware every time I run it.

When I go to c:\windows\system32\ and look at npptools32.exe, the properties says it was created August 15, 2011 and description = Bulletstorm, Company = People Can Fly. I do not have this or any game on my PC. The creation date seems to be around the time we started having problems, but the Norton File Insight says the file seems OK when I right click on the file (FWIW).

FWIW, my wife and I use the system for email, web browsing, facebook, kids photos and writing the occasional letter. We don't do any file sharing, P2P stuff, etc.

Below is the dds.txt and attached is the zip of ark.txt and attach.txt per your instructions. Thanks so much for any help you can offer!!

-phil

.

DDS (Ver_2011-06-23.01) - NTFSx86

Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_22

Run by Phil at 21:21:13 on 2011-08-24

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1175 [GMT -4:00]

.

AV: Norton Security Suite *Enabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}

FW: Norton Security Suite *Enabled*

.

============== Running Processes ===============

.

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\Program Files\Windows Defender\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

svchost.exe

svchost.exe

C:\WINDOWS\system32\spoolsv.exe

svchost.exe

C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Juniper Networks\Common Files\dsNcService.exe

C:\WINDOWS\eHome\ehRecvr.exe

C:\WINDOWS\eHome\ehSched.exe

C:\Program Files\FileZilla Server\FileZilla Server.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\ehome\ehtray.exe

C:\WINDOWS\stsystra.exe

C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe

C:\Program Files\Windows Defender\MSASCui.exe

C:\Program Files\Canon\Memory Card Utility\iP6600D\PDUiP6600DMon.exe

C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe

C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe

C:\Program Files\Logitech\QuickCam\Quickcam.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe

C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe

C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe

C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac

C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe

C:\Program Files\QuickTime\QTTask.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Microsoft Location Finder\LocationFinder.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe

C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe

C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

C:\Program Files\Nikon\PictureProject\NkbMonitor.exe

C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\WINDOWS\system32\drivers\KodakCCS.exe

C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe

C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe

C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe

C:\Program Files\Norton Security Suite\Engine\4.3.0.5\ccSvcHst.exe

C:\WINDOWS\system32\npptools32.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe

C:\WINDOWS\system32\fdeploy32.exe

svchost.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\Program Files\Viewpoint\Common\ViewpointService.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Norton Security Suite\Engine\4.3.0.5\ccSvcHst.exe

C:\WINDOWS\system32\dllhost.exe

C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\WINDOWS\eHome\ehmsas.exe

C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\WINDOWS\System32\svchost.exe -k HTTPFilter

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.rushlimbaugh.com/home/today.member.html

uInternet Settings,ProxyOverride = *.local

mURLSearchHooks: AIM Toolbar Search Class: {03402f96-3dc7-4285-bc50-9e81fefafe43} - c:\program files\aim toolbar\aimtb.dll

BHO: {150e34f2-19da-4923-8b2f-ee8882b7a4e5} - c:\windows\system32\atkctrs32.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll

BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton security suite\engine\4.3.0.5\coIEPlg.dll

BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton security suite\engine\4.3.0.5\IPSBHO.DLL

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar.dll

BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5612.1312\swg.dll

BHO: AIM Toolbar Loader: {b0cda128-b425-4eef-a174-61a11ac5dbf8} - c:\program files\aim toolbar\aimtb.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

TB: Easy-WebPrint: {327c2873-e90d-4c37-aa9d-10ac9baba46c} - c:\program files\canon\easy-webprint\Toolband.dll

TB: &Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll

TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton security suite\engine\4.3.0.5\coIEPlg.dll

TB: AIM Toolbar: {61539ecd-cc67-4437-a03c-9aaccbd14326} - c:\program files\aim toolbar\aimtb.dll

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [Microsoft Location Finder] "c:\program files\microsoft location finder\LocationFinder.exe"

uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"

uRun: [HomingBeacon Client] "c:\program files\homingbeacon.net\hb3gui.exe" /minimized

mRun: [ehTray] c:\windows\ehome\ehtray.exe

mRun: [sigmatelSysTrayApp] stsystra.exe

mRun: [iAAnotif] c:\program files\intel\intel matrix storage manager\Iaanotif.exe

mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide

mRun: [PDUiP6600DMon] c:\program files\canon\memory card utility\ip6600d\PDUiP6600DMon.exe

mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

mRun: [Nikon Transfer Monitor] c:\program files\common files\nikon\monitor\NkMonitor.exe

mRun: [FileZilla Server Interface] "c:\program files\filezilla server\FileZilla Server Interface.exe"

mRun: [LogitechCommunicationsManager] "c:\program files\common files\logishrd\lcommgr\Communications_Helper.exe"

mRun: [LogitechQuickCamRibbon] "c:\program files\logitech\quickcam\Quickcam.exe" /hide

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [Monitor] "c:\program files\leapfrog\leapfrog connect\Monitor.exe"

mRun: [ArcSoft Connection Service] c:\program files\common files\arcsoft\connection service\bin\ACDaemon.exe

mRun: [PMBVolumeWatcher] c:\program files\sony\pmb\PMBVolumeWatcher.exe

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\kodake~1.lnk - c:\program files\kodak\kodak easyshare software\bin\EasyShare.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\kodaks~1.lnk - c:\program files\kodak\kodak software updater\7288971\program\Kodak Software Updater.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\desktop messenger\8876480\program\LogitechDesktopMessenger.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\nkbmon~1.lnk - c:\program files\nikon\pictureproject\NkbMonitor.exe

IE: Easy-WebPrint Add To Print List - c:\program files\canon\easy-webprint\Resource.dll/RC_AddToList.html

IE: Easy-WebPrint High Speed Print - c:\program files\canon\easy-webprint\Resource.dll/RC_HSPrint.html

IE: Easy-WebPrint Preview - c:\program files\canon\easy-webprint\Resource.dll/RC_Preview.html

IE: Easy-WebPrint Print - c:\program files\canon\easy-webprint\Resource.dll/RC_Print.html

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll

IE: {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - {552781AF-37E4-4FEE-920A-CED9E648EADD} - c:\program files\common files\microsoft shared\encarta search bar\ENCSBAR.DLL

Trusted Zone: internet

Trusted Zone: mcafee.com

DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab

DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://vmware.webex.com/client/T26L/ra/ieatgpc.cab

TCP: DhcpNameServer = 68.87.71.230 68.87.73.246

TCP: Interfaces\{4838A7FE-757C-46DE-880D-0CA4257BB604} : DhcpNameServer = 68.87.71.230 68.87.73.246

Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\logitech\desktop messenger\8876480\program\GAPlugProtocol-8876480.dll

Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL

AppInit_DLLs: c:\windows\system32\lfgif13s32.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\wifd1f~1\MpShHook.dll

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\documents and settings\phil\application data\mozilla\firefox\profiles\eabgfqud.default\

FF - prefs.js: browser.startup.homepage - hxxp://my.yahoo.com/

FF - component: c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.0.0.127\coffplgn_2010_9_0_6\components\coFFPlgn.dll

FF - component: c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.0.0.127\ipsffplgn\components\IPSFFPl.dll

FF - plugin: c:\documents and settings\phil\application data\facebook\npfbplugin_1_0_3.dll

FF - plugin: c:\documents and settings\phil\application data\mozilla\firefox\profiles\eabgfqud.default\extensions\{195a3098-0bd5-4e90-ae22-ba1c540afd1e}\plugins\npGarmin.dll

FF - plugin: c:\documents and settings\phil\local settings\application data\yahoo!\browserplus\2.9.2\plugins\npybrowserplus_2.9.2.dll

FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll

FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll

FF - plugin: c:\program files\google\update\1.3.21.65\npGoogleUpdate3.dll

FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\mozilla firefox\plugins\NPcol400.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npdnupdater2.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npMozCouponPrinter.dll

FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}

FF - Ext: Garmin Communicator: {195A3098-0BD5-4e90-AE22-BA1C540AFD1E} - %profile%\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}

FF - Ext: XUL Cache: {b5c3d475-73be-4bb1-bb8b-e65e4e92c08b} - %profile%\extensions\{b5c3d475-73be-4bb1-bb8b-e65e4e92c08b}

FF - Ext: XUL Cache: {c4b97e4e-6bc9-40c4-96cd-5811526774a1} - %profile%\extensions\{c4b97e4e-6bc9-40c4-96cd-5811526774a1}

FF - Ext: XUL Cache: {0cae20ff-6077-4276-b845-7c1d17238d68} - %profile%\extensions\{0cae20ff-6077-4276-b845-7c1d17238d68}

FF - Ext: XUL Cache: {e4ca5e80-53a2-4450-bf4b-ba1f5dccab5c} - %profile%\extensions\{e4ca5e80-53a2-4450-bf4b-ba1f5dccab5c}

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension

FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff

FF - Ext: Norton IPS: {BBDA0591-3099-440a-AA10-41764D9DB4DB} - c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.0.0.127\IPSFFPlgn

FF - Ext: Norton Toolbar: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62} - c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.0.0.127\coFFPlgn_2010_9_0_6

.

============= SERVICES / DRIVERS ===============

.

R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\n360\0403000.005\symds.sys [2010-10-26 328752]

R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\n360\0403000.005\symefa.sys [2010-10-26 173104]

R1 BHDrvx86;BHDrvx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.0.0.127\definitions\bashdefs\20110812.001\BHDrvx86.sys [2011-8-15 815736]

R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\n360\0403000.005\cchpx86.sys [2010-10-26 501888]

R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\n360\0403000.005\ironx86.sys [2010-10-26 116784]

R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]

R2 N360;Norton Security Suite;c:\program files\norton security suite\engine\4.3.0.5\ccsvchst.exe [2010-10-26 126392]

R2 NetDDEdsdm32;Network DDE DSDM ;c:\windows\system32\npptools32.exe [2011-8-15 715776]

R2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files\sony\pmb\PMBDeviceInfoProvider.exe [2010-11-27 398176]

R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2009-1-27 24652]

R2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2011-8-3 105592]

R3 IDSxpx86;IDSxpx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.0.0.127\definitions\ipsdefs\20110822.031\IDSXpx86.sys [2011-8-23 356280]

R3 NAVENG;NAVENG;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.0.0.127\definitions\virusdefs\20110824.003\NAVENG.SYS [2011-8-24 86136]

R3 NAVEX15;NAVEX15;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.0.0.127\definitions\virusdefs\20110824.003\NAVEX15.SYS [2011-8-24 1576312]

S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-9-16 136176]

S2 HomingBeacon;HomingBeacon Dynamic DNS;c:\program files\homingbeacon.net\hb3svc.exe [2008-12-29 68096]

S3 FlyUsb;FLY Fusion;c:\windows\system32\drivers\FlyUsb.sys [2011-1-9 18560]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-9-16 136176]

S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2011-8-22 41272]

.

=============== Created Last 30 ================

.

2011-08-25 00:40:54 331776 ----a-w- c:\windows\system32\atkctrs32.dll

2011-08-23 21:08:38 7152464 ----a-w- c:\documents and settings\all users\application data\microsoft\windows defender\definition updates\{309bdc62-6f2b-4977-86ca-ad06a664a022}\mpengine.dll

2011-08-22 21:05:49 -------- d-----w- c:\documents and settings\phil\application data\Malwarebytes

2011-08-22 21:05:20 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-08-22 21:05:02 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes

2011-08-22 21:04:52 22712 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-08-22 21:04:50 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-08-22 18:39:27 0 ---ha-w- c:\documents and settings\phil\pwsjravhpf.tmp

2011-08-15 22:54:23 715776 ----a-w- c:\windows\system32\fdeploy32.exe

2011-08-15 22:54:22 157184 ----a-w- c:\windows\system32\lfgif13s32.dll

2011-08-15 22:54:20 715776 ----a-w- c:\windows\system32\npptools32.exe

2011-08-10 23:13:53 139656 -c----w- c:\windows\system32\dllcache\rdpwd.sys

2011-08-10 23:13:52 10496 -c----w- c:\windows\system32\dllcache\ndistapi.sys

.

==================== Find3M ====================

.

2011-08-11 12:49:08 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-07-15 13:29:31 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys

2011-07-08 14:02:00 10496 ----a-w- c:\windows\system32\drivers\ndistapi.sys

2011-06-24 14:10:36 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys

2011-06-21 18:45:58 832512 ----a-w- c:\windows\system32\wininet.dll

2011-06-21 18:45:57 78336 ----a-w- c:\windows\system32\ieencode.dll

2011-06-21 18:45:57 1830912 ------w- c:\windows\system32\inetcpl.cpl

2011-06-21 18:45:57 17408 ----a-w- c:\windows\system32\corpol.dll

2011-06-21 11:47:20 389120 ----a-w- c:\windows\system32\html.iec

2011-06-20 17:44:52 293376 ----a-w- c:\windows\system32\winsrv.dll

2011-06-02 14:02:05 1858944 ----a-w- c:\windows\system32\win32k.sys

.

============= FINISH: 21:27:58.40 ===============

ark.zip

Link to post
Share on other sites

  • Staff

Hi and welcome to Malwarebytes.

Please update MBAM, run a Quick Scan, and post its log.

Next, please visit this webpage for instructions for running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

  • When the tool is finished, it will produce a report for you.
  • Please post the contents of C:\ComboFix.txt along with a new DDS log so we may continue cleaning the system.

Link to post
Share on other sites

  • 3 weeks later...
  • 4 weeks later...
  • Staff

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.