Jump to content

BradGordon


Recommended Posts

Same problem here.

I had Bitdefender 2010 and Malwarebytes on my PC.

I upgraded to Bitdefender 2012 but Bitdefender requires uninstall of older version and also does uninstall of Malwarebytes.

Once all protection was removed NEW Virus and malware software programs do not work with either...

1. will not install from "error" or lack of "permission"

2. install and just shut off and vanish while in progress and will not run again until restart then do the same.

3. Will run then pronounce an error usually indicating they do not have permission to run software.

THE Irony: I was able to get the Bitdefender online scanner to run. It does not repair the problems but tells me to "Buy protection immediately!!"

I also ran the dds. The dds.txt and attach.txt are attached.

Any suggestions are greatly appreciated.

Cheers, Brad

Link to post
Share on other sites

Malwarebytes Quik scan starts then program vanishes without error message.

When I try to restart it provides the attached message...

"Windows cannot access the specified path, or file. You may not have the appropriate permissions to access the item."

I can Restart the computer and do it again.: )

THis malware is preventing all of my attempts at virus/malware protection from running.

In addition to MWB it blocks Bitdefender, Microsoft msert, Kasperky,and AVG (both free and paid)

Wondering if Malwarebytes will be the first to figure this out as I see many other posters (here sand elsewere) with simular issue?

I ran dds and can provides the scans if interested.

Your ideas are greatly appreciated. Cheers, -Brad

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 7.0.6001.18000

Run by BradAdmin at 12:51:07 on 2011-09-20

Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.3069.1158 [GMT -5:00]

.

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k rpcss

C:\Windows\System32\svchost.exe -k secsvcs

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\SLsvc.exe

C:\Windows\system32\svchost.exe -k LocalService

C:\Program Files\Dell\DellDock\DockLogin.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\1689575893:706628507.exe

C:\Windows\system32\WLANExt.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\aestsrv.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Windows\system32\svchost.exe -k bthsvcs

C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe

C:\Windows\system32\CTsvcCDA.exe

C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe

C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\PSIService.exe

C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

C:\Windows\system32\STacSV.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Windows\System32\svchost.exe -k WerSvcGroup

C:\Program Files\Dell\QuickSet\NicConfigSvc.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\Dwm.exe

C:\Program Files\Dell\DellDock\DellDock.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\taskeng.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files\Windows Defender\MSASCui.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Windows\OEM02Mon.exe

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe

C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe

C:\Program Files\Common Files\Logitech\LCD Manager\LCDMon.exe

C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

C:\Program Files\Dell\MediaDirect\PCMService.exe

C:\Program Files\Dell DataSafe Online\DataSafeOnline.exe

C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe

C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

C:\Windows\System32\WDBtnMgr.exe

C:\Program Files\PowerISO\PWRISOVM.EXE

C:\Windows\System32\rundll32.exe

C:\Program Files\Boingo\Boingo Wi-Fi\Boingo Wi-Fi.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

C:\Program Files\Dell\QuickSet\quickset.exe

C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe

C:\Program Files\Common Files\Logitech\LCD Manager\Applets\LCDPOP3.exe

C:\Program Files\Common Files\Logitech\LCD Manager\Applets\LCDClock.exe

C:\Program Files\Common Files\Logitech\LCD Manager\Applets\LCDMedia.exe

C:\Program Files\Common Files\Logitech\LCD Manager\Applets\LCDCountdown.exe

c:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe

C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe

C:\Windows\system32\wuauclt.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Opera\opera.exe

C:\Windows\system32\vssvc.exe

C:\Windows\System32\svchost.exe -k swprv

C:\Windows\system32\rundll32.exe

C:\Program Files\Windows NT\Accessories\WORDPAD.EXE

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=4080917

uWindow Title = Internet Explorer provided by Dell

uDefault_Page_URL = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=4080917

mDefault_Page_URL = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=4080917

BHO: ContributeBHO Class: {074c1dc5-9320-4a9a-947d-c042949c6216} - c:\program files\adobe\/Adobe Contribute CS3/contributeieplugin.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: BitComet Helper: {39f7e362-828a-4b5a-bcaf-5b79bfdfea60} - c:\program files\bitcomet\tools\BitCometBHO_1.2.8.7.dll

BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_05\bin\ssv.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Easy Gif Animator Toolbar Helper: {96372ab6-15eb-4316-b497-71c741bc548c} - c:\program files\easy gif animator extension\v3.3.0.2\EasyGifAnimator_Toolbar.dll

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll

BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.6406.1642\swg.dll

TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll

TB: Contribute Toolbar: {517bdde4-e3a7-4570-b21e-2b52b6139fc7} - c:\program files\adobe\/Adobe Contribute CS3/contributeieplugin.dll

TB: Easy Gif Animator Toolbar: {35065594-9169-4a34-b167-fc4865038e53} - c:\program files\easy gif animator extension\v3.3.0.2\EasyGifAnimator_Toolbar.dll

TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll

uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"

mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

mRun: [ECenter] c:\dell\e-center\EULALauncher.exe

mRun: [synTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe

mRun: [OEM02Mon.exe] c:\windows\OEM02Mon.exe

mRun: [NvSvc] RUNDLL32.EXE c:\windows\system32\nvsvc.dll,nvsvcStart

mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit

mRun: [NVHotkey] rundll32.exe c:\windows\system32\nvHotkey.dll,Start

mRun: [updReg] c:\windows\UpdReg.EXE

mRun: [iAAnotif] "c:\program files\intel\intel matrix storage manager\Iaanotif.exe"

mRun: [Launch LCDMon] "c:\program files\common files\logitech\lcd manager\LCDMon.exe"

mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup

mRun: [PCMService] "c:\program files\dell\mediadirect\PCMService.exe"

mRun: [Dell DataSafe Online] "c:\program files\dell datasafe online\DataSafeOnline.exe" /m

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"

mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 8.0\acrobat\Acrotray.exe"

mRun: [<NO NAME>]

mRun: [Adobe_ID0EYTHM] c:\progra~1\common~1\adobe\adobev~1\server\bin\VERSIO~2.EXE

mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"

mRun: [WD Button Manager] WDBtnMgr.exe

mRun: [PWRISOVM.EXE] c:\program files\poweriso\PWRISOVM.EXE

mRun: [boingo Wi-Fi] "c:\program files\boingo\boingo wi-fi\Boingo.lnk"

mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript

mRun: [conhost] c:\users\brad\appdata\roaming\microsoft\conhost.exe

StartupFolder: c:\users\bradad~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\delldo~1.lnk - c:\program files\dell\delldock\DellDock.exe

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\camtas~1.lnk - c:\program files\techsmith\camtasia\CamRec.exe

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\quickset.lnk - c:\program files\dell\quickset\quickset.exe

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\servic~1.lnk - c:\program files\microsoft sql server\80\tools\binn\sqlmangr.exe

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: &D&ownload &with BitComet - c:\program files\bitcomet\BitComet.exe/AddLink.htm

IE: &D&ownload all video with BitComet - c:\program files\bitcomet\BitComet.exe/AddVideo.htm

IE: &D&ownload all with BitComet - c:\program files\bitcomet\BitComet.exe/AddAllLink.htm

IE: Append to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html

IE: Send image to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm

IE: Send page to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie.htm

IE: {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe

IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm

IE: {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://c:\program files\bitcomet\tools\BitCometBHO_1.2.8.7.dll/206

IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_05\bin\ssv.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL

LSP: mswsock.dll

DPF: Web-Based Email Tools - hxxp://email.secureserver.net/Download.CAB

DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

DPF: {459E93B6-150E-45D5-8D4B-45C66FC035FE} - hxxp://apps.corel.com/nos_dl_manager_dev/plugin/IEGetPlugin.ocx

DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} - hxxp://quickscan.bitdefender.com/qsax/qsax.cab

DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab

DPF: {C7DEDA04-2FFF-4B81-AE66-0A0E0EF4AD2F} - hxxp://pephoto.lifepics.com/net/Uploader/LPUploader57.cab

DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab

DPF: {FE92D9C3-4A69-4EC7-8651-1DC8531D0075} - hxxp://webcam.loras.edu/user/TSBnwCam.CAB

TCP: DhcpNameServer = 192.168.1.1

TCP: Interfaces\{A80ADAB3-473E-45BC-B6B4-FFC9E1EBF94F} : DhcpNameServer = 192.168.1.1

Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL

SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\users\bradadmin\appdata\roaming\mozilla\firefox\profiles\h8afoje2.default\

FF - component: c:\program files\bitdefender\bitdefender 2010\bdaphffext\components\bdaphff2.dll

FF - component: c:\program files\bitdefender\bitdefender 2010\bdaphffext\components\bdaphff3.6.dll

FF - component: c:\program files\bitdefender\bitdefender 2010\bdaphffext\components\bdaphff3.dll

FF - component: c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll

FF - plugin: c:\program files\google\update\1.3.21.65\npGoogleUpdate3.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npDXStudioPlugin.dll

FF - plugin: c:\program files\unity\webplayer\loader\npUnity3D32.dll

FF - plugin: c:\users\bradadmin\appdata\roaming\mozilla\firefox\profiles\h8afoje2.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll

.

============= SERVICES / DRIVERS ===============

.

R2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\AEstSrv.exe [2008-9-17 73728]

R2 DockLoginService;Dock Login Service;c:\program files\dell\delldock\DockLogin.exe [2008-5-2 161048]

R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2008-9-17 179712]

R4 MBAMService;MBAMService;"c:\program files\malwarebytes' anti-malware\mbamservice.exe" --> c:\program files\malwarebytes' anti-malware\mbamservice.exe [?]

R4 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2011-9-20 41272]

RUnknown 4230966drv;4230966drv; [x]

RUnknown 61601602;61601602; [x]

RUnknown 66333421;66333421; [x]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-2-3 135664]

S3 CH341ENUM;CH341ENUM;c:\windows\system32\drivers\CH34Enum.sys [2011-4-26 17664]

S3 CH341SER;CH341SER;c:\windows\system32\drivers\CH341SER.SYS [2011-4-26 39632]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-2-3 135664]

S3 SUSTUCAM;Susteen USB Cable Modem Driver;c:\windows\system32\drivers\sustucam.sys [2009-1-7 47360]

S3 SUSTUCAP;Susteen USB Cable Port Driver;c:\windows\system32\drivers\sustucap.sys [2009-1-7 47360]

S3 SUSTUCAU;Susteen USB Cable USB Driver;c:\windows\system32\drivers\sustucau.sys [2009-1-7 28032]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

.

=============== Created Last 30 ================

.

2011-09-20 17:07:22 -------- d--h--w- c:\programdata\Common Files

2011-09-20 17:00:35 -------- d-----w- c:\programdata\MFAData

2011-09-20 16:26:52 -------- d-----w- c:\users\bradadmin\appdata\roaming\f-secure

2011-09-20 16:25:54 -------- d-----w- c:\programdata\F-Secure

2011-09-20 14:50:03 -------- d-----w- c:\programdata\Kaspersky Lab

2011-09-20 14:37:15 709968 ----a-w- c:\windows\isRS-000.tmp

2011-09-20 14:35:11 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-09-20 14:02:56 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-09-20 11:46:34 7152464 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{67f2d6df-8542-4081-9baa-91d56e6e5971}\mpengine.dll

2011-09-20 08:30:15 200976 ----a-w- c:\windows\system32\drivers\tmcomm.sys

2011-09-20 07:33:01 459 ----a-w- c:\programdata\1316503978.4452.bin

2011-09-20 07:33:01 446 ----a-w- c:\programdata\1316503978.4448.bin

2011-09-20 07:32:58 656 ----a-w- c:\programdata\1316503978.4304.bin

2011-09-20 07:32:58 462 ----a-w- c:\programdata\1316503978.4392.bin

2011-09-20 07:32:58 24075 ----a-w- c:\programdata\1316503978.4388.bin

2011-09-20 07:25:03 13856 ----a-w- c:\programdata\1316503498.bdinstall.bin

2011-09-20 07:14:45 507 ----a-w- c:\programdata\1316502880.4256.bin

2011-09-20 07:14:45 406 ----a-w- c:\programdata\1316502880.4248.bin

2011-09-20 07:14:45 2998 ----a-w- c:\programdata\1316502880.4244.bin

2011-09-20 07:14:45 2931 ----a-w- c:\programdata\1316502880.4724.bin

2011-09-20 07:14:45 1940 ----a-w- c:\programdata\1316502880.1716.bin

2011-09-20 07:14:41 1276 ----a-w- c:\programdata\1316502880.3672.bin

2011-09-20 07:14:41 1035 ----a-w- c:\programdata\1316502880.3572.bin

2011-09-20 07:14:40 24075 ----a-w- c:\programdata\1316502880.3096.bin

2011-09-20 04:30:24 459 ----a-w- c:\programdata\1316493020.3860.bin

2011-09-20 04:30:24 396 ----a-w- c:\programdata\1316493020.3856.bin

2011-09-20 04:30:20 656 ----a-w- c:\programdata\1316493020.5096.bin

2011-09-20 04:30:20 462 ----a-w- c:\programdata\1316493020.3900.bin

2011-09-20 04:30:20 25482 ----a-w- c:\programdata\1316493020.3108.bin

2011-09-19 16:33:52 -------- d-----w- C:\temp_dvd

2011-09-19 16:17:17 58 ----a-w- c:\windows\system32\msadio.dll

2011-09-19 16:17:10 -------- d-----w- c:\program files\DVD-Cloner Platinum

2011-09-08 03:58:50 -------- d-----w- c:\users\bradadmin\appdata\roaming\Malwarebytes

2011-09-08 03:51:19 -------- d-----w- c:\users\bradadmin\appdata\roaming\Ableton

2011-09-07 07:21:59 -------- d-----w- c:\users\bradadmin\appdata\roaming\QuickScan

2011-09-07 07:11:24 -------- d-----w- c:\users\bradadmin\appdata\local\Opera

2011-09-07 07:10:39 -------- d-----w- c:\users\bradadmin\appdata\local\Mozilla

.

==================== Find3M ====================

.

2011-07-06 14:56:47 213504 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys

.

============= FINISH: 12:51:29.28 ===============

post-94754-0-33924800-1316546246.jpg

dds.txt

attach.txt

Link to post
Share on other sites

post-32477-1261866970.gif

Logs will be closed if you haven't replied within 3 days

Please do not attach the scan results from Combofx. Use copy/paste.

DO NOT use any TOOLS such as Combofix, or HijackThis fixes without supervision.

Doing so could make your pc inoperatible and could require a full reinstall of your OS, losing all your programs and data.

Whether you wish to continue with cleaning or not, you should be aware that you may have been infected by a backdoor trojan. This type of program has the ability to steal passwords and other information from your system. If you are using your computer for sensitive purposes such as internet banking then I recommend you take the following steps immediately:

  • Use another, uninfected computer to change all your internet passwords, especially ones with financial implications such as banks, paypal, ebay, etc. You should also change the passwords for any other site you use.
  • Call your bank(s), credit card company or any other institution which may be affected and advise them that your login/password or credit card information may have been stolen and ask what steps to take with regard to your account.
  • Consider what other private information could possibly have been taken from your computer and take appropriate steps

This infection can almost certainly be cleaned, but as the malware could be configured to run any program a remote attacker requires, it will be impossible to be 100% sure that the machine is clean, if this is unacceptable to you then you should consider reformatting the system partition and reinstalling Windows as this is the only 100% sure answer.

Please post back to let me know how you wish to proceed.

Link to post
Share on other sites

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.