Jump to content

Am I infected or just paranoid?


Recommended Posts

Hello all,

I picked up a redirect virus about a week or so ago, and believe that I successfully removed it (I'm not using Firefox anymore, which seems to have been the target, so I may still have it, but none of my scans pick anything up anymore). In the process, I also picked up or found the Tracur trojan on my system (I had both Y and B varieties; it seems to have been reinstalling itself before I finally got rid of it.

Long story short: part of the solution to the aforementioned problems was installing Malwarebytes. It's the only thing I kept on my system since then besides my MSE antivirus. The problem is that it keeps notifying me that it is blocking incoming (usually) and outgoing (sometimes) IP addresses -- usually, a notification about every 5 minutes or so, it seems. The two that I've tracked have been located in Shanghai and Toronto. I'm concerned that I either still have a virus (that is trying to connect outside) or someone is trying to hack in. In any event, neither MSE nor Malwarebytes is finding anything on its scans. My system specifics are as follows:

I have windows XP, keep my firewall up all the time, and have MSE running with the default protections with automatic updates. I use no IM services, and the Malwarebytes alerts don't seem to sync with the opening of any webpages.

I have also run Malwarebytes, GMER, and DDS, and have posted the logs below. GMER seems to have found two things; I don't know if they're important. Any insight into my situation would be most appreciated.

Best regards,

Orple

Malwarebytes' Anti-Malware 1.51.1.1800

www.malwarebytes.org

Database version: 7576

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

8/26/2011 10:27:13 AM

mbam-log-2011-08-26 (10-27-13).txt

Scan type: Quick scan

Objects scanned: 165406

Time elapsed: 3 minute(s), 51 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

GMER 1.0.15.15641 - http://www.gmer.net

Rootkit scan 2011-08-26 15:36:15

Windows 5.1.2600 Service Pack 3 Harddisk1\DR1 -> \Device\00000063 ST3500418AS rev.CC34

Running: ew16xqsf.exe; Driver: C:\DOCUME~1\Robert\LOCALS~1\Temp\uxtdapow.sys

---- Kernel code sections - GMER 1.0.15 ----

.text C:\WINDOWS\system32\DRIVERS\ati2mtag.sys section is writeable [0xB7A97000, 0x230C27, 0xE8000020]

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Pando Networks\Media Booster\PMB.exe[2616] kernel32.dll!SetUnhandledExceptionFilter 7C84495D 5 Bytes [33, C0, C2, 04, 00] {XOR EAX, EAX; RET 0x4}

---- EOF - GMER 1.0.15 ----

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_22

Run by Robert at 15:37:14 on 2011-08-26

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3071.1857 [GMT -4:00]

.

AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}

AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}

.

============== Running Processes ===============

.

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

svchost.exe

svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\Ati2evxx.exe

svchost.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

C:\WINDOWS\System32\svchost.exe -k imgsvc

C:\WINDOWS\Explorer.EXE

C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\Program Files\Razer\DeathAdder\razerhid.exe

C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\Microsoft Security Client\msseces.exe

C:\Program Files\Razer\DeathAdder\razertra.exe

C:\Program Files\Razer\DeathAdder\razerofa.exe

C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe

C:\Program Files\Logitech\GamePanel Software\LCD Manager\lcdmon.exe

C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Logitech\GamePanel Software\Applets\LCDCountdown.exe

C:\Program Files\Logitech\GamePanel Software\Applets\LCDMedia.exe

C:\Program Files\Pando Networks\Media Booster\PMB.exe

C:\Program Files\Logitech\GamePanel Software\Applets\LCDClock.exe

C:\Program Files\Logitech\GamePanel Software\Applets\LCDPop3.exe

C:\Program Files\Logitech\GamePanel Software\Applets\LCDRSS.exe

C:\Program Files\Gigabyte\Gigabyte WP01GS Wireless PCI Adapter SoftAP\Installer\WINXP\RaUI.exe

C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\Program Files\Logitech\SetPoint\SetPoint.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Documents and Settings\Robert\Local Settings\Apps\2.0\C18RX6DA.4YL\G9T4P2TE.O66\curs..tion_eee711038731a406_0004.0000_0d453ed5fea2fe48\CurseClient.exe

C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe

C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe

C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe

C:\Program Files\Common Files\Java\Java Update\jucheck.exe

C:\Program Files\Safari\Safari.exe

C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe

C:\WINDOWS\system32\NOTEPAD.EXE

.

============== Pseudo HJT Report ===============

.

uInternet Settings,ProxyOverride = *.local

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File

EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [PlayNC Launcher]

uRun: [Google Update] "c:\documents and settings\robert\local settings\application data\google\update\GoogleUpdate.exe" /c

uRun: [EPSON Stylus Photo R260 Series] c:\windows\system32\spool\drivers\w32x86\3\e_fatibna.exe /fu "c:\windows\temp\E_S487.tmp" /EF "HKCU"

uRun: [Pando Media Booster] c:\program files\pando networks\media booster\PMB.exe

mRun: [startCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun

mRun: [HPHUPD08] c:\program files\hp\digital imaging\{33d6cc28-9f75-4d1b-a11d-98895b3a3729}\hphupd08.exe

mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe

mRun: [<NO NAME>]

mRun: [soundMan] SOUNDMAN.EXE

mRun: [AdaptecDirectCD] "c:\program files\roxio\easy cd creator 5\directcd\DirectCD.exe"

mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE

mRun: [iMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32

mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC

mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC

mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName

mRun: [DeathAdder] c:\program files\razer\deathadder\razerhid.exe

mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey

mRun: [Launch LgDeviceAgent] "c:\program files\logitech\gamepanel software\LgDevAgt.exe"

mRun: [Launch LCDMon] "c:\program files\logitech\gamepanel software\lcd manager\LCDMon.exe"

mRun: [Launch LGDCore] "c:\program files\logitech\gamepanel software\g-series software\LGDCore.exe" /SHOWHIDE

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime

mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray

dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t

StartupFolder: c:\documents and settings\robert\start menu\programs\startup\CurseClientStartup.ccip

StartupFolder: c:\docume~1\robert\startm~1\programs\startup\produc~1.lnk - c:\program files\common files\logishared\ereg\setpoint\eReg.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\gn-wp0~1.lnk - c:\program files\gigabyte\gigabyte wp01gs wireless pci adapter softap\installer\winxp\RaUI.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpimag~1.lnk - c:\program files\hp\digital imaging\bin\hpqthb08.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\setpoint\SetPoint.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL

TCP: DhcpNameServer = 192.168.1.1

TCP: Interfaces\{8C26EB19-051D-4985-9CE1-4B7628176B6E} : DhcpNameServer = 192.168.1.1

TCP: Interfaces\{F201ACB7-DA1F-4E17-869F-3D675657FC89} : DhcpNameServer = 192.168.1.1

Notify: AtiExtEvent - Ati2evxx.dll

Notify: LBTWlgn - c:\program files\common files\logitech\bluetooth\LBTWlgn.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

STS: {EAA64D1E-7DF1-489A-86CE-0D5E601C0EC3} - No File

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\documents and settings\robert\application data\mozilla\firefox\profiles\kpb7e8ex.default\

FF - plugin: c:\documents and settings\robert\application data\mozilla\plugins\npgoogletalk.dll

FF - plugin: c:\documents and settings\robert\application data\mozilla\plugins\npgtpo3dautoplugin.dll

FF - plugin: c:\documents and settings\robert\local settings\application data\google\update\1.3.21.65\npGoogleUpdate3.dll

FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll

FF - plugin: c:\program files\google\update\1.2.183.23\npGoogleOneClick8.dll

FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll

FF - plugin: c:\program files\google\update\1.3.21.57\npGoogleUpdate3.dll

FF - plugin: c:\program files\google\update\1.3.21.65\npGoogleUpdate3.dll

FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll

FF - plugin: c:\program files\pando networks\media booster\npPandoWebPlugin.dll

.

============= SERVICES / DRIVERS ===============

.

R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2009-6-18 165648]

R1 MpKsl56728e8a;MpKsl56728e8a;c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{af50382a-50aa-4bf6-8343-4f753f335754}\MpKsl56728e8a.sys [2011-8-26 28752]

R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-8-16 366640]

R3 camfilt2;camfilt2;c:\windows\system32\drivers\camfilt2.sys [2009-9-12 94720]

R3 DAdderFltr;DeathAdder Mouse;c:\windows\system32\drivers\dadder.sys [2007-8-2 22784]

R3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys [2009-7-14 19720]

R3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys [2010-9-11 14856]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-8-16 22712]

S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-5-5 136176]

S3 CyUsb;Cypress Generic USB Driver;c:\windows\system32\drivers\CYUSB.sys [2009-9-12 31104]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-5-5 136176]

.

=============== Created Last 30 ================

.

2011-08-26 19:36:57 28752 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{af50382a-50aa-4bf6-8343-4f753f335754}\MpKsl56728e8a.sys

2011-08-26 19:36:52 7152464 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{af50382a-50aa-4bf6-8343-4f753f335754}\mpengine.dll

2011-08-23 04:53:43 -------- d-----w- c:\program files\Spybot - Search & Destroy

2011-08-23 04:53:43 -------- d-----w- c:\documents and settings\all users\application data\Spybot - Search & Destroy

2011-08-16 21:13:06 23624 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys

2011-08-16 21:12:33 -------- d-----w- c:\documents and settings\all users\application data\Hitman Pro

2011-08-16 21:10:37 6394688 ----a-w- C:\HitmanPro35.exe

2011-08-16 20:57:51 -------- d-----w- c:\documents and settings\robert\local settings\application data\NPE

2011-08-16 20:57:51 -------- d-----w- c:\documents and settings\all users\application data\Norton

2011-08-16 20:49:49 2558968 ----a-w- C:\NPE.exe

2011-08-16 13:29:29 -------- d-----w- c:\documents and settings\robert\application data\Malwarebytes

2011-08-16 13:29:19 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-08-16 13:29:17 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes

2011-08-16 13:29:14 22712 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-08-16 13:29:14 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-08-16 12:55:05 0 ---ha-w- c:\documents and settings\robert\bzanfbguch.tmp

2011-08-10 18:48:24 139656 -c----w- c:\windows\system32\dllcache\rdpwd.sys

2011-08-10 18:47:58 10496 -c----w- c:\windows\system32\dllcache\ndistapi.sys

2011-08-10 18:44:06 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-07-30 18:45:59 -------- d-----w- c:\program files\iPod

2011-07-30 18:45:55 -------- d-----w- c:\program files\iTunes

2011-07-30 18:42:55 -------- d-----w- c:\program files\Bonjour

2011-07-29 06:51:45 6881616 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\updates\mpengine.dll

.

==================== Find3M ====================

.

2011-07-15 13:29:31 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys

2011-07-12 15:20:54 83816 ----a-w- c:\windows\system32\dns-sd.exe

2011-07-12 15:20:54 73064 ----a-w- c:\windows\system32\dnssd.dll

2011-07-08 14:02:00 10496 ----a-w- c:\windows\system32\drivers\ndistapi.sys

2011-07-05 22:37:00 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx

2011-07-05 22:37:00 69632 ----a-w- c:\windows\system32\QuickTime.qts

2011-06-24 14:10:36 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys

2011-06-23 18:36:30 916480 ----a-w- c:\windows\system32\wininet.dll

2011-06-23 18:36:30 43520 ----a-w- c:\windows\system32\licmgr10.dll

2011-06-23 18:36:30 1469440 ----a-w- c:\windows\system32\inetcpl.cpl

2011-06-23 12:05:13 385024 ----a-w- c:\windows\system32\html.iec

2011-06-20 17:44:52 293376 ----a-w- c:\windows\system32\winsrv.dll

2011-06-02 14:02:05 1858944 ----a-w- c:\windows\system32\win32k.sys

.

============= FINISH: 15:37:33.76 ===============

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft Windows XP Professional

Boot Device: \Device\HarddiskVolume2

Install Date: 9/12/2009 4:23:30 PM

System Uptime: 8/23/2011 8:33:59 PM (67 hours ago)

.

Motherboard: MSI | | MS-7325

Processor: AMD Athlon 64 X2 Dual Core Processor 4600+ | | 2412/200mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 466 GiB total, 359.355 GiB free.

D: is CDROM ()

F: is FIXED (NTFS) - 149 GiB total, 68.138 GiB free.

.

==== Disabled Device Manager Items =============

.

Class GUID: {4D36E96F-E325-11CE-BFC1-08002BE10318}

Description: PS/2 Compatible Mouse

Device ID: ACPI\PNP0F03\4&2FF81D47&0

Manufacturer: Logitech

Name: PS/2 Compatible Mouse

PNP Device ID: ACPI\PNP0F03\4&2FF81D47&0

Service: i8042prt

.

==== System Restore Points ===================

.

RP727: 5/29/2011 8:43:22 AM - System Checkpoint

RP728: 5/30/2011 9:43:22 AM - System Checkpoint

RP729: 5/31/2011 9:46:25 AM - System Checkpoint

RP730: 6/1/2011 12:48:33 AM - Software Distribution Service 3.0

RP731: 6/2/2011 2:02:44 AM - System Checkpoint

RP732: 6/2/2011 11:35:29 PM - Software Distribution Service 3.0

RP733: 6/3/2011 11:34:55 PM - Software Distribution Service 3.0

RP734: 6/4/2011 11:35:23 PM - Software Distribution Service 3.0

RP735: 6/6/2011 2:58:51 AM - System Checkpoint

RP736: 6/6/2011 10:12:50 PM - Software Distribution Service 3.0

RP737: 6/7/2011 10:12:53 PM - Software Distribution Service 3.0

RP738: 6/8/2011 10:12:32 PM - Software Distribution Service 3.0

RP739: 6/10/2011 2:43:09 AM - System Checkpoint

RP740: 6/10/2011 9:18:36 PM - Software Distribution Service 3.0

RP741: 6/11/2011 9:18:34 PM - Software Distribution Service 3.0

RP742: 6/13/2011 6:05:43 AM - Software Distribution Service 3.0

RP743: 6/14/2011 8:54:11 PM - Software Distribution Service 3.0

RP744: 6/14/2011 11:07:17 PM - Software Distribution Service 3.0

RP745: 6/16/2011 6:19:59 AM - Software Distribution Service 3.0

RP746: 6/17/2011 6:46:05 AM - Software Distribution Service 3.0

RP747: 6/18/2011 6:52:28 AM - System Checkpoint

RP748: 6/18/2011 9:24:32 PM - Software Distribution Service 3.0

RP749: 6/20/2011 1:47:55 AM - System Checkpoint

RP750: 6/20/2011 8:07:17 AM - Software Distribution Service 3.0

RP751: 6/21/2011 8:07:33 AM - Software Distribution Service 3.0

RP752: 6/22/2011 8:06:50 AM - Software Distribution Service 3.0

RP753: 6/23/2011 8:06:34 AM - Software Distribution Service 3.0

RP754: 6/24/2011 8:07:15 AM - Software Distribution Service 3.0

RP755: 6/25/2011 8:17:47 AM - System Checkpoint

RP756: 6/25/2011 1:21:23 PM - Software Distribution Service 3.0

RP757: 6/26/2011 2:06:48 AM - Software Distribution Service 3.0

RP758: 6/26/2011 1:19:35 PM - Software Distribution Service 3.0

RP759: 6/27/2011 1:20:10 PM - Software Distribution Service 3.0

RP760: 6/28/2011 1:20:12 PM - Software Distribution Service 3.0

RP761: 6/29/2011 3:00:14 AM - Software Distribution Service 3.0

RP762: 6/30/2011 3:20:35 AM - System Checkpoint

RP763: 6/30/2011 3:23:14 AM - Software Distribution Service 3.0

RP764: 7/1/2011 3:22:54 AM - Software Distribution Service 3.0

RP765: 7/2/2011 3:39:20 AM - System Checkpoint

RP766: 7/2/2011 1:41:50 PM - Software Distribution Service 3.0

RP767: 7/3/2011 2:12:17 AM - Software Distribution Service 3.0

RP768: 7/3/2011 1:41:32 PM - Software Distribution Service 3.0

RP769: 7/4/2011 1:41:06 PM - Software Distribution Service 3.0

RP770: 7/5/2011 2:09:26 PM - System Checkpoint

RP771: 7/6/2011 1:23:26 PM - Software Distribution Service 3.0

RP772: 7/7/2011 1:23:10 PM - Software Distribution Service 3.0

RP773: 7/8/2011 1:22:40 PM - Software Distribution Service 3.0

RP774: 7/9/2011 1:23:14 PM - Software Distribution Service 3.0

RP775: 7/10/2011 2:08:48 AM - Software Distribution Service 3.0

RP776: 7/10/2011 1:23:10 PM - Software Distribution Service 3.0

RP777: 7/11/2011 1:23:12 PM - Software Distribution Service 3.0

RP778: 7/29/2011 2:46:39 AM - Software Distribution Service 3.0

RP779: 7/29/2011 2:49:50 AM - Software Distribution Service 3.0

RP780: 7/30/2011 3:13:35 AM - System Checkpoint

RP781: 7/30/2011 2:55:11 PM - Software Distribution Service 3.0

RP782: 7/31/2011 2:53:35 PM - Software Distribution Service 3.0

RP783: 8/1/2011 2:53:54 PM - Software Distribution Service 3.0

RP784: 8/2/2011 2:53:57 PM - Software Distribution Service 3.0

RP785: 8/3/2011 2:54:09 PM - Software Distribution Service 3.0

RP786: 8/4/2011 2:54:16 PM - Software Distribution Service 3.0

RP787: 8/5/2011 2:53:30 PM - Software Distribution Service 3.0

RP788: 8/6/2011 2:54:02 PM - Software Distribution Service 3.0

RP789: 8/7/2011 1:48:02 AM - Software Distribution Service 3.0

RP790: 8/7/2011 2:53:58 PM - Software Distribution Service 3.0

RP791: 8/8/2011 2:54:01 PM - Software Distribution Service 3.0

RP792: 8/9/2011 2:53:25 PM - Software Distribution Service 3.0

RP793: 8/10/2011 3:38:13 PM - System Checkpoint

RP794: 8/11/2011 3:00:15 AM - Software Distribution Service 3.0

RP795: 8/11/2011 3:32:33 AM - Software Distribution Service 3.0

RP796: 8/12/2011 3:26:52 AM - Software Distribution Service 3.0

RP797: 8/13/2011 3:52:32 AM - System Checkpoint

RP798: 8/13/2011 9:54:54 PM - Software Distribution Service 3.0

RP799: 8/14/2011 2:20:35 AM - Software Distribution Service 3.0

RP800: 8/14/2011 9:54:20 PM - Software Distribution Service 3.0

RP801: 8/15/2011 9:55:25 PM - Software Distribution Service 3.0

RP802: 8/15/2011 9:59:20 PM - Software Distribution Service 3.0

RP803: 8/16/2011 9:46:53 AM - Software Distribution Service 3.0

RP804: 8/16/2011 10:35:27 AM - Software Distribution Service 3.0

RP805: 8/16/2011 10:53:18 AM - Software Distribution Service 3.0

RP806: 8/16/2011 11:35:48 AM - Software Distribution Service 3.0

RP807: 8/16/2011 3:11:50 PM - Software Distribution Service 3.0

RP808: 8/16/2011 4:16:42 PM - Software Distribution Service 3.0

RP809: 8/16/2011 4:17:13 PM - Software Distribution Service 3.0

RP810: 8/16/2011 4:17:31 PM - Software Distribution Service 3.0

RP811: 8/16/2011 4:19:37 PM - Software Distribution Service 3.0

RP812: 8/16/2011 5:06:00 PM - Norton_Power_Eraser_20110816170558437

RP813: 8/16/2011 5:12:23 PM - Software Distribution Service 3.0

RP814: 8/17/2011 3:00:14 AM - Software Distribution Service 3.0

RP815: 8/17/2011 8:35:00 PM - Software Distribution Service 3.0

RP816: 8/18/2011 8:39:54 PM - Software Distribution Service 3.0

RP817: 8/23/2011 12:58:36 AM - Software Distribution Service 3.0

RP818: 8/23/2011 1:53:56 AM - Software Distribution Service 3.0

RP819: 8/24/2011 2:37:18 AM - System Checkpoint

RP820: 8/24/2011 3:00:13 AM - Software Distribution Service 3.0

RP821: 8/24/2011 8:40:47 PM - Software Distribution Service 3.0

RP822: 8/25/2011 8:40:20 PM - Software Distribution Service 3.0

.

==== Installed Programs ======================

.

AC3Filter (remove only)

Acrobat.com

Adobe AIR

Adobe Flash Player 10 ActiveX

Adobe Flash Player 10 Plugin

Adobe Reader 9.4.3

Aion

Apple Application Support

Apple Mobile Device Support

Apple Software Update

ArcSoft PhotoImpression 5

ATI - Software Uninstall Utility

ATI AVIVO Codecs

ATI Catalyst Control Center

ATI Catalyst Install Manager

ATI Display Driver

ATI HYDRAVISION

ATI Parental Control & Encoder

Audacity 1.2.6

Bass Audio Decoder (remove only)

Bonjour

BufferChm

CameraDrivers

Catalyst Control Center - Branding

Catalyst Control Center Core Implementation

Catalyst Control Center Graphics Full Existing

Catalyst Control Center Graphics Full New

Catalyst Control Center Graphics Light

Catalyst Control Center Graphics Previews Common

Catalyst Control Center HydraVision Full

Catalyst Control Center InstallProxy

ccc-core-preinstall

ccc-core-static

ccc-utility

CCC Help English

CD Audio Reader Filter (remove only)

CDDRV_Installer

CmsemitaPsb

Compatibility Pack for the 2007 Office system

CP_AtenaShokunin1Config

CP_CalendarTemplates1

CP_Package_Basic1

CP_Package_Variety1

CP_Package_Variety2

CP_Package_Variety3

CP_Panorama1Config

CueTour

Curse Client

CustomerResearchQFolder

DCoder Image Source (remove only)

Destinations

DeviceFunctionQFolder

DeviceManagementQFolder

DivX Web Player

DScaler 5 Mpeg Decoders

Easy CD Creator 5 Basic

Easy Grade Pro

EPSON Print CD

EPSON Printer Software

EPSON Stylus Photo R260 User's Guide

eSupportQFolder

FullDPAppQFolder

Gabest MPEG Splitter (remove only)

Gigabyte GN-WP01GS

Google Chrome

Google Earth Plug-in

Google Talk Plugin

Google Update Helper

Hercules Classic Silver Webcam

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

Hotfix for Windows Media Format 11 SDK (KB929399)

Hotfix for Windows XP (KB2158563)

Hotfix for Windows XP (KB2443685)

Hotfix for Windows XP (KB2570791)

Hotfix for Windows XP (KB952287)

Hotfix for Windows XP (KB954550-v5)

Hotfix for Windows XP (KB961118)

Hotfix for Windows XP (KB970653-v3)

Hotfix for Windows XP (KB976098-v2)

Hotfix for Windows XP (KB979306)

Hotfix for Windows XP (KB981793)

HP Extended Capabilities 5.3

HP Image Zone 5.3

HP Imaging Device Functions 5.3

HP Photosmart 330,380,420,470,7800,8000,8200 Series

HP Product Assistant

HP Solution Center & Imaging Support Tools 5.3

HP Update

HPProductAssistant

InstantShareDevices

iTunes

Java Auto Updater

Java 6 Update 22

KhalInstallWrapper

Logitech GamePanel Software 3.06.109

Logitech Registration

Logitech SetPoint

Malwarebytes' Anti-Malware version 1.51.1.1800

MarketResearch

Microsoft .NET Framework 1.1

Microsoft .NET Framework 1.1 Security Update (KB2416447)

Microsoft .NET Framework 1.1 Security Update (KB979906)

Microsoft .NET Framework 2.0 Service Pack 2

Microsoft .NET Framework 3.0 Service Pack 2

Microsoft .NET Framework 3.5 SP1

Microsoft Antimalware

Microsoft Application Error Reporting

Microsoft Office Outlook 2003

Microsoft Office Word Viewer 2003

Microsoft PowerPoint Viewer

Microsoft Security Client

Microsoft Security Essentials

Microsoft User-Mode Driver Framework Feature Pack 1.0

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Word 2002

Microsoft Works 2003 Setup Launcher

Microsoft Works 7.0

Microsoft Works Suite Add-in for Microsoft Word

MobileMe Control Panel

MONOGRAM AMR Splitter/Decoder (remove only)

Mozilla Firefox 5.0 (x86 en-US)

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

Mumble and Murmur

NCsoft Launcher

NVIDIA Drivers

OGA Notifier 2.0.0048.0

OpenOffice.org 3.2

OpenSource DTS/AC3/DD+ Source Filter (remove only)

Pando Media Booster

Pandora

PanoStandAlone

PhotoGallery

PS8000

PSPrinters08

PSTAPlugin

QuickTime

RandMap

Razer DeathAdder Mouse

RealMedia (remove only)

Realtek AC'97 Audio

Safari

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)

Security Update for Windows Internet Explorer 8 (KB2183461)

Security Update for Windows Internet Explorer 8 (KB2360131)

Security Update for Windows Internet Explorer 8 (KB2416400)

Security Update for Windows Internet Explorer 8 (KB2482017)

Security Update for Windows Internet Explorer 8 (KB2497640)

Security Update for Windows Internet Explorer 8 (KB2510531)

Security Update for Windows Internet Explorer 8 (KB2530548)

Security Update for Windows Internet Explorer 8 (KB2544521)

Security Update for Windows Internet Explorer 8 (KB2559049)

Security Update for Windows Internet Explorer 8 (KB971961)

Security Update for Windows Internet Explorer 8 (KB972260)

Security Update for Windows Internet Explorer 8 (KB974455)

Security Update for Windows Internet Explorer 8 (KB976325)

Security Update for Windows Internet Explorer 8 (KB978207)

Security Update for Windows Internet Explorer 8 (KB981332)

Security Update for Windows Internet Explorer 8 (KB982381)

Security Update for Windows Media Player (KB2378111)

Security Update for Windows Media Player (KB952069)

Security Update for Windows Media Player (KB954155)

Security Update for Windows Media Player (KB968816)

Security Update for Windows Media Player (KB973540)

Security Update for Windows Media Player (KB975558)

Security Update for Windows Media Player (KB978695)

Security Update for Windows Media Player (KB979402)

Security Update for Windows XP (KB2079403)

Security Update for Windows XP (KB2115168)

Security Update for Windows XP (KB2121546)

Security Update for Windows XP (KB2160329)

Security Update for Windows XP (KB2229593)

Security Update for Windows XP (KB2259922)

Security Update for Windows XP (KB2279986)

Security Update for Windows XP (KB2286198)

Security Update for Windows XP (KB2296011)

Security Update for Windows XP (KB2296199)

Security Update for Windows XP (KB2347290)

Security Update for Windows XP (KB2360937)

Security Update for Windows XP (KB2387149)

Security Update for Windows XP (KB2393802)

Security Update for Windows XP (KB2412687)

Security Update for Windows XP (KB2419632)

Security Update for Windows XP (KB2423089)

Security Update for Windows XP (KB2436673)

Security Update for Windows XP (KB2440591)

Security Update for Windows XP (KB2443105)

Security Update for Windows XP (KB2476490)

Security Update for Windows XP (KB2476687)

Security Update for Windows XP (KB2478960)

Security Update for Windows XP (KB2478971)

Security Update for Windows XP (KB2479628)

Security Update for Windows XP (KB2479943)

Security Update for Windows XP (KB2481109)

Security Update for Windows XP (KB2483185)

Security Update for Windows XP (KB2485376)

Security Update for Windows XP (KB2485663)

Security Update for Windows XP (KB2503658)

Security Update for Windows XP (KB2503665)

Security Update for Windows XP (KB2506212)

Security Update for Windows XP (KB2506223)

Security Update for Windows XP (KB2507618)

Security Update for Windows XP (KB2507938)

Security Update for Windows XP (KB2508272)

Security Update for Windows XP (KB2508429)

Security Update for Windows XP (KB2509553)

Security Update for Windows XP (KB2511455)

Security Update for Windows XP (KB2524375)

Security Update for Windows XP (KB2535512)

Security Update for Windows XP (KB2536276-v2)

Security Update for Windows XP (KB2536276)

Security Update for Windows XP (KB2544893)

Security Update for Windows XP (KB2555917)

Security Update for Windows XP (KB2562937)

Security Update for Windows XP (KB2566454)

Security Update for Windows XP (KB2567680)

Security Update for Windows XP (KB2570222)

Security Update for Windows XP (KB923561)

Security Update for Windows XP (KB923789)

Security Update for Windows XP (KB938464-v2)

Security Update for Windows XP (KB941569)

Security Update for Windows XP (KB946648)

Security Update for Windows XP (KB950762)

Security Update for Windows XP (KB950974)

Security Update for Windows XP (KB951066)

Security Update for Windows XP (KB951376-v2)

Security Update for Windows XP (KB951748)

Security Update for Windows XP (KB952004)

Security Update for Windows XP (KB952954)

Security Update for Windows XP (KB954459)

Security Update for Windows XP (KB954600)

Security Update for Windows XP (KB955069)

Security Update for Windows XP (KB956572)

Security Update for Windows XP (KB956744)

Security Update for Windows XP (KB956802)

Security Update for Windows XP (KB956803)

Security Update for Windows XP (KB956844)

Security Update for Windows XP (KB957097)

Security Update for Windows XP (KB958644)

Security Update for Windows XP (KB958687)

Security Update for Windows XP (KB958869)

Security Update for Windows XP (KB959426)

Security Update for Windows XP (KB960225)

Security Update for Windows XP (KB960803)

Security Update for Windows XP (KB960859)

Security Update for Windows XP (KB961371-v2)

Security Update for Windows XP (KB961501)

Security Update for Windows XP (KB968537)

Security Update for Windows XP (KB969059)

Security Update for Windows XP (KB969947)

Security Update for Windows XP (KB970238)

Security Update for Windows XP (KB970430)

Security Update for Windows XP (KB971468)

Security Update for Windows XP (KB971486)

Security Update for Windows XP (KB971557)

Security Update for Windows XP (KB971633)

Security Update for Windows XP (KB971657)

Security Update for Windows XP (KB971961)

Security Update for Windows XP (KB972260)

Security Update for Windows XP (KB972270)

Security Update for Windows XP (KB973346)

Security Update for Windows XP (KB973354)

Security Update for Windows XP (KB973507)

Security Update for Windows XP (KB973525)

Security Update for Windows XP (KB973869)

Security Update for Windows XP (KB973904)

Security Update for Windows XP (KB974112)

Security Update for Windows XP (KB974318)

Security Update for Windows XP (KB974392)

Security Update for Windows XP (KB974571)

Security Update for Windows XP (KB975025)

Security Update for Windows XP (KB975467)

Security Update for Windows XP (KB975560)

Security Update for Windows XP (KB975561)

Security Update for Windows XP (KB975562)

Security Update for Windows XP (KB975713)

Security Update for Windows XP (KB977165)

Security Update for Windows XP (KB977816)

Security Update for Windows XP (KB977914)

Security Update for Windows XP (KB978037)

Security Update for Windows XP (KB978251)

Security Update for Windows XP (KB978262)

Security Update for Windows XP (KB978338)

Security Update for Windows XP (KB978542)

Security Update for Windows XP (KB978601)

Security Update for Windows XP (KB978706)

Security Update for Windows XP (KB979309)

Security Update for Windows XP (KB979482)

Security Update for Windows XP (KB979559)

Security Update for Windows XP (KB979683)

Security Update for Windows XP (KB979687)

Security Update for Windows XP (KB980195)

Security Update for Windows XP (KB980218)

Security Update for Windows XP (KB980232)

Security Update for Windows XP (KB980436)

Security Update for Windows XP (KB981322)

Security Update for Windows XP (KB981852)

Security Update for Windows XP (KB981957)

Security Update for Windows XP (KB981997)

Security Update for Windows XP (KB982132)

Security Update for Windows XP (KB982214)

Security Update for Windows XP (KB982665)

Security Update for Windows XP (KB982802)

SHOUTcast Source (remove only)

SkinsHP1

SolutionCenter

Sonic_PrimoSDK

Spybot - Search & Destroy

Status

TeacherWorks

TestGen

The Lord of the Rings Online™ v03.02.03.8013

TrayApp

Unload

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)

Update for Windows Internet Explorer 8 (KB973874)

Update for Windows Internet Explorer 8 (KB976662)

Update for Windows Internet Explorer 8 (KB976749)

Update for Windows Internet Explorer 8 (KB980182)

Update for Windows XP (KB2141007)

Update for Windows XP (KB2345886)

Update for Windows XP (KB2467659)

Update for Windows XP (KB2541763)

Update for Windows XP (KB951978)

Update for Windows XP (KB955759)

Update for Windows XP (KB967715)

Update for Windows XP (KB968389)

Update for Windows XP (KB971029)

Update for Windows XP (KB971737)

Update for Windows XP (KB973687)

Update for Windows XP (KB973815)

VC80CRTRedist - 8.0.50727.762

Ventrilo Client

VLC media player 1.0.3

WebFldrs XP

WebReg

Windows Driver Package - Advanced Micro Devices (AmdK8) Processor (05/27/2006 1.3.2.0)

Windows Driver Package - Cypress (CyUsb) USB

Windows Driver Package - Cypress (CYUSB) USB (06/05/2009 3.4.1.20)

Windows Driver Package - Razer (HidUsb) HIDClass (02/02/2007 1.0.5.0)

Windows Driver Package - Razer (HidUsb) HIDClass (04/04/2009 1.0.5.0)

Windows Essentials Media Codec Pack 2.3d

Windows Genuine Advantage Notifications (KB905474)

Windows Genuine Advantage Validation Tool (KB892130)

Windows Internet Explorer 8

Windows Media Format 11 runtime

Windows XP Service Pack 3

Works Suite OS Pack

World of Warcraft

.

==== End Of File ===========================

Link to post
Share on other sites

  • Staff

Hi and welcome to Malwarebytes.

Please update MBAM, run a Quick Scan, and post its log.

Next, please visit this webpage for instructions for running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

  • When the tool is finished, it will produce a report for you.
  • Please post the contents of C:\ComboFix.txt along with a new DDS log so we may continue cleaning the system.

Link to post
Share on other sites

  • 3 weeks later...
  • 3 weeks later...
  • Staff

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.