zumataru Posted September 25, 2011 ID:479078 Share Posted September 25, 2011 Malwarebytes' Anti-Malware 1.51.2.1300www.malwarebytes.orgDatabase version: 7793Windows 6.1.7600Internet Explorer 8.0.7600.163859/24/2011 7:30:40 PMmbam-log-2011-09-24 (19-30-40).txtScan type: Quick scanObjects scanned: 175087Time elapsed: 3 minute(s), 46 second(s)Memory Processes Infected: 0Memory Modules Infected: 0Registry Keys Infected: 0Registry Values Infected: 0Registry Data Items Infected: 0Folders Infected: 0Files Infected: 0Memory Processes Infected:(No malicious items detected)Memory Modules Infected:(No malicious items detected)Registry Keys Infected:(No malicious items detected)Registry Values Infected:(No malicious items detected)Registry Data Items Infected:(No malicious items detected)Folders Infected:(No malicious items detected)Files Infected:(No malicious items detected).DDS (Ver_2011-08-26.01) - NTFSAMD64 Internet Explorer: 8.0.7600.16385Run by Toy at 19:19:13 on 2011-09-24Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3895.2439 [GMT -7:00].AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}.============== Running Processes ===============.C:\windows\system32\wininit.exeC:\windows\system32\lsm.exeC:\windows\system32\svchost.exe -k DcomLaunchC:\windows\system32\svchost.exe -k RPCSSC:\windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\windows\System32\svchost.exe -k LocalSystemNetworkRestrictedC:\windows\system32\svchost.exe -k netsvcsC:\windows\system32\svchost.exe -k LocalServiceC:\windows\system32\svchost.exe -k NetworkServiceC:\windows\system32\WLANExt.exeC:\windows\system32\conhost.exeC:\windows\System32\spoolsv.exeC:\windows\system32\svchost.exe -k LocalServiceNoNetworkC:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exeC:\Program Files (x86)\Bonjour\mDNSResponder.exeC:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exeC:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exeC:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exeC:\Program Files (x86)\DDNi\Oasis2Service 1.0\Oasis2Service.exeC:\windows\system32\rundll32.exeC:\windows\SysWOW64\rundll32.exeC:\windows\system32\taskhost.exeC:\windows\system32\Dwm.exeC:\windows\Explorer.EXEC:\Program Files (x86)\Office Depot PC Support Agent\esService.exeC:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXEC:\Program Files\Common Files\McAfee\SystemCore\mcshield.exeC:\Windows\System32\igfxtray.exeC:\Windows\System32\hkcmd.exeC:\Windows\System32\igfxpers.exeC:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exeC:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exeC:\Program Files\Synaptics\SynTP\SynTPEnh.exeC:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exeC:\Program Files (x86)\Lenovo\Energy Management\utility.exeC:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exeC:\Program Files (x86)\Pando Networks\Media Booster\PMB.exeC:\Program Files (x86)\Lenovo\Onekey Theater\OnekeySupport.exeC:\Program Files (x86)\Office Depot PC Support Agent\escont.exeC:\Program Files\Common Files\McAfee\SystemCore\mfefire.exeC:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exeC:\Program Files (x86)\USB Camera\VM331_STI.EXEC:\windows\system32\SearchIndexer.exeC:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exeC:\Program Files\McAfee.com\Agent\mcagent.exeC:\windows\system32\svchost.exe -k NetworkServiceNetworkRestrictedC:\Program Files (x86)\iTunes\iTunesHelper.exeC:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonationC:\Program Files\iPod\bin\iPodService.exeC:\Users\Toy\AppData\Local\Google\Chrome\Application\chrome.exeC:\Users\Toy\AppData\Local\Google\Chrome\Application\chrome.exeC:\Users\Toy\AppData\Local\Google\Chrome\Application\chrome.exeC:\Users\Toy\AppData\Local\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exeC:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exeC:\Users\Toy\Desktop\u16zs821.exeC:\Program Files\Synaptics\SynTP\SynTPHelper.exeC:\windows\SysWOW64\rundll32.exeC:\Users\Toy\AppData\Local\Google\Chrome\Application\chrome.exeC:\windows\system32\msiexec.exeC:\windows\System32\svchost.exe -k secsvcsC:\windows\SysWOW64\cmd.exeC:\windows\system32\conhost.exeC:\windows\SysWOW64\cscript.exeC:\windows\system32\wbem\wmiprvse.exe.============== Pseudo HJT Report ===============.uStart Page = hxxp://sciencedaily.com/mStart Page = hxxp://lenovo.msn.comuInternet Settings,ProxyOverride = *.localuURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dllmWinlogon: Userinit=userinit.exeBHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dllBHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20110913111727.dllBHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dllBHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dllTB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dlluRun: [Google Update] "C:\Users\Toy\AppData\Local\Google\Update\GoogleUpdate.exe" /cuRun: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exemRun: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exemRun: [331BigDog] C:\Program Files (x86)\USB Camera\VM331_STI.EXEmRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"mRun: [uCam_Menu] "C:\Program Files (x86)\Lenovo\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Lenovo\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\3.0"mRun: [YouCam Mirror Tray icon] "C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe" /smRun: [updateP2GShortCut] "C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Lenovo\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\5.0"mRun: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkeymRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottimemRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"mPolicies-explorer: NoActiveDesktop = 1 (0x1)mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)mPolicies-system: EnableUIADesktopToggle = 0 (0x0)IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dllDPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cabTCP: DhcpNameServer = 192.168.0.1TCP: Interfaces\{A856C417-232F-43E0-BB77-34ED01263526} : DhcpNameServer = 192.168.0.1Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\PROGRA~2\McAfee\MSC\McSnIePl.dllHandler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\McAfee\SITEAD~1\McIEPlg.dllHandler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\McAfee\SITEAD~1\McIEPlg.dllHandler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dllBHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dllBHO-X64: AcroIEHelperStub - No FileBHO-X64: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20110913111727.dllBHO-X64: scriptproxy - No FileBHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dllBHO-X64: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dllTB-X64: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dllmRun-x64: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exemRun-x64: [331BigDog] C:\Program Files (x86)\USB Camera\VM331_STI.EXEmRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"mRun-x64: [uCam_Menu] "C:\Program Files (x86)\Lenovo\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Lenovo\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\3.0"mRun-x64: [YouCam Mirror Tray icon] "C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe" /smRun-x64: [updateP2GShortCut] "C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Lenovo\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\5.0"mRun-x64: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkeymRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottimemRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe".================= FIREFOX ===================.FF - ProfilePath - C:\Users\Toy\AppData\Roaming\Mozilla\Firefox\Profiles\y5kqsf93.default\FF - prefs.js: browser.search.selectedEngine - Secure SearchFF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=mcafee&p=FF - plugin: c:\progra~2\mcafee\msc\npMcSnFFPl.dllFF - plugin: C:\Program Files (x86)\McAfee\SiteAdvisor\NPMcFFPlg32.dllFF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrlui.dllFF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dllFF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dllFF - plugin: C:\Users\Toy\AppData\Local\Google\Update\1.3.21.69\npGoogleUpdate3.dll.============= SERVICES / DRIVERS ===============.R0 mfehidk;McAfee Inc. mfehidk;C:\windows\system32\drivers\mfehidk.sys --> C:\windows\system32\drivers\mfehidk.sys [?]R0 mfewfpk;McAfee Inc. mfewfpk;C:\windows\system32\drivers\mfewfpk.sys --> C:\windows\system32\drivers\mfewfpk.sys [?]R1 mfenlfk;McAfee NDIS Light Filter;C:\windows\system32\DRIVERS\mfenlfk.sys --> C:\windows\system32\DRIVERS\mfenlfk.sys [?]R1 vwififlt;Virtual WiFi Filter Driver;C:\windows\system32\DRIVERS\vwififlt.sys --> C:\windows\system32\DRIVERS\vwififlt.sys [?]R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-4-29 13336]R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-8-30 249936]R2 McMPFSvc;McAfee Personal Firewall Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-8-30 249936]R2 McNaiAnn;McAfee VirusScan Announcer;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-8-30 249936]R2 McProxy;McAfee Proxy Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-8-30 249936]R2 McShield;McAfee McShield;C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe [2011-6-9 199008]R2 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe [2011-6-9 208272]R2 mfevtp;McAfee Validation Trust Protection Service;C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe [2011-6-9 158832]R2 Oasis2Service;Oasis2Service;C:\Program Files (x86)\DDNi\Oasis2Service 1.0\Oasis2Service.exe [2010-6-22 46080]R2 Office Depot PC Support Agent;Office Depot PC Support Agent;C:\Program Files (x86)\Office Depot PC Support Agent\esService.exe [2011-9-7 918424]R2 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-4-29 2320920]R3 ACPIVPC;Lenovo Virtual Power Controller Driver;C:\windows\system32\DRIVERS\AcpiVpc.sys --> C:\windows\system32\DRIVERS\AcpiVpc.sys [?]R3 cfwids;McAfee Inc. cfwids;C:\windows\system32\drivers\cfwids.sys --> C:\windows\system32\drivers\cfwids.sys [?]R3 HECIx64;Intel® Management Engine Interface;C:\windows\system32\DRIVERS\HECIx64.sys --> C:\windows\system32\DRIVERS\HECIx64.sys [?]R3 Impcd;Impcd;C:\windows\system32\DRIVERS\Impcd.sys --> C:\windows\system32\DRIVERS\Impcd.sys [?]R3 IntcDAud;Intel® Display Audio;C:\windows\system32\DRIVERS\IntcDAud.sys --> C:\windows\system32\DRIVERS\IntcDAud.sys [?]R3 mfeavfk;McAfee Inc. mfeavfk;C:\windows\system32\drivers\mfeavfk.sys --> C:\windows\system32\drivers\mfeavfk.sys [?]R3 mfefirek;McAfee Inc. mfefirek;C:\windows\system32\drivers\mfefirek.sys --> C:\windows\system32\drivers\mfefirek.sys [?]R3 RTL8167;Realtek 8167 NT Driver;C:\windows\system32\DRIVERS\Rt64win7.sys --> C:\windows\system32\DRIVERS\Rt64win7.sys [?]R3 vm331avs;Digital Camera 1;C:\windows\system32\Drivers\vm331avs.sys --> C:\windows\system32\Drivers\vm331avs.sys [?]R3 vmuvcflt;Vimicro USB Camera Filter;C:\windows\system32\Drivers\vmuvcflt.sys --> C:\windows\system32\Drivers\vmuvcflt.sys [?]S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]S3 k57nd60a;Broadcom NetLink Gigabit Ethernet - NDIS 6.0;C:\windows\system32\DRIVERS\k57nd60a.sys --> C:\windows\system32\DRIVERS\k57nd60a.sys [?]S3 mferkdet;McAfee Inc. mferkdet;C:\windows\system32\drivers\mferkdet.sys --> C:\windows\system32\drivers\mferkdet.sys [?]S3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\windows\system32\DRIVERS\netw5v64.sys --> C:\windows\system32\DRIVERS\netw5v64.sys [?]S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\windows\system32\Drivers\RtsUStor.sys --> C:\windows\system32\Drivers\RtsUStor.sys [?]S3 ssmirrdr;ssmirrdr;C:\windows\system32\DRIVERS\ssmirrdr.sys --> C:\windows\system32\DRIVERS\ssmirrdr.sys [?]S3 USBAAPL64;Apple Mobile USB Driver;C:\windows\system32\Drivers\usbaapl64.sys --> C:\windows\system32\Drivers\usbaapl64.sys [?]S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\system32\Wat\WatAdminSvc.exe --> C:\windows\system32\Wat\WatAdminSvc.exe [?]S3 wsvd;wsvd;C:\windows\system32\DRIVERS\wsvd.sys --> C:\windows\system32\DRIVERS\wsvd.sys [?]S4 McOobeSv;McAfee OOBE Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-8-30 249936]S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184].=============== Created Last 30 ================.2011-09-22 18:01:16 -------- d-----w- C:\windows\pss2011-09-21 20:52:25 374664 ----a-w- C:\windows\System32\drivers\netio.sys2011-09-21 20:40:16 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware2011-09-21 20:05:12 8862544 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{335FCCF6-67D4-4E5E-8067-CD013F383946}\mpengine.dll2011-09-20 06:05:28 -------- d-----w- C:\Program Files\CCleaner2011-09-20 05:38:06 -------- d-----w- C:\Users\Toy\AppData\Roaming\ParetoLogic2011-09-20 05:38:06 -------- d-----w- C:\Users\Toy\AppData\Roaming\DriverCure2011-09-20 05:37:57 -------- d-----w- C:\ProgramData\ParetoLogic2011-09-19 08:21:36 -------- d-----w- C:\Users\Toy\AppData\Roaming\Malwarebytes2011-09-19 08:21:24 -------- d-----w- C:\ProgramData\Malwarebytes2011-09-19 08:21:19 25416 ----a-w- C:\windows\System32\drivers\mbam.sys2011-09-18 08:55:00 -------- d-----w- C:\Program Files (x86)\WinMend2011-09-18 08:42:56 -------- d-----w- C:\Users\Toy\AppData\Roaming\Registry Mechanic2011-08-28 21:06:38 -------- d-----w- C:\Program Files\iPod2011-08-28 21:06:36 -------- d-----w- C:\Program Files\iTunes2011-08-28 21:06:36 -------- d-----w- C:\Program Files (x86)\iTunes2011-08-28 21:03:35 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin7.dll2011-08-28 21:03:35 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin6.dll2011-08-28 21:03:35 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin5.dll2011-08-28 21:03:35 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin4.dll2011-08-28 21:03:35 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin3.dll2011-08-28 21:03:34 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin2.dll2011-08-28 21:03:34 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin.dll.==================== Find3M ====================.2011-08-15 17:00:06 9984 ----a-w- C:\windows\System32\drivers\mfeclnk.sys2011-08-15 17:00:06 75672 ----a-w- C:\windows\System32\drivers\mfenlfk.sys2011-08-15 17:00:06 65128 ----a-w- C:\windows\System32\drivers\cfwids.sys2011-08-15 17:00:06 642824 ----a-w- C:\windows\System32\drivers\mfehidk.sys2011-08-15 17:00:06 481504 ----a-w- C:\windows\System32\drivers\mfefirek.sys2011-08-15 17:00:06 283744 ----a-w- C:\windows\System32\drivers\mfewfpk.sys2011-08-15 17:00:06 228752 ----a-w- C:\windows\System32\drivers\mfeavfk.sys2011-08-15 17:00:06 158584 ----a-w- C:\windows\System32\drivers\mfeapfk.sys2011-08-15 17:00:06 100904 ----a-w- C:\windows\System32\drivers\mferkdet.sys2011-07-22 05:35:08 1638912 ----a-w- C:\windows\System32\mshtml.tlb2011-07-22 04:56:17 1638912 ----a-w- C:\windows\SysWow64\mshtml.tlb2011-07-16 05:26:54 362496 ----a-w- C:\windows\System32\wow64win.dll2011-07-16 05:26:53 243200 ----a-w- C:\windows\System32\wow64.dll2011-07-16 05:26:53 13312 ----a-w- C:\windows\System32\wow64cpu.dll2011-07-16 05:26:18 214528 ----a-w- C:\windows\System32\winsrv.dll2011-07-16 05:24:09 16384 ----a-w- C:\windows\System32\ntvdm64.dll2011-07-16 05:21:32 422400 ----a-w- C:\windows\System32\KernelBase.dll2011-07-16 05:17:46 338432 ----a-w- C:\windows\System32\conhost.exe2011-07-16 04:36:09 14336 ----a-w- C:\windows\SysWow64\ntvdm64.dll2011-07-16 04:32:14 44032 ----a-w- C:\windows\apppatch\acwow64.dll2011-07-16 04:31:50 25600 ----a-w- C:\windows\SysWow64\setup16.exe2011-07-16 04:30:29 5120 ----a-w- C:\windows\SysWow64\wow32.dll2011-07-16 04:30:27 272384 ----a-w- C:\windows\SysWow64\KernelBase.dll2011-07-16 02:26:12 7680 ----a-w- C:\windows\SysWow64\instnm.exe2011-07-16 02:26:11 2048 ----a-w- C:\windows\SysWow64\user.exe2011-07-16 02:21:47 6144 ---ha-w- C:\windows\SysWow64\api-ms-win-security-base-l1-1-0.dll2011-07-16 02:21:47 4608 ---ha-w- C:\windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll2011-07-16 02:21:47 3584 ---ha-w- C:\windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll2011-07-16 02:21:47 3072 ---ha-w- C:\windows\SysWow64\api-ms-win-core-util-l1-1-0.dll2011-07-12 18:34:00 96104 ----a-w- C:\windows\System32\dns-sd.exe2011-07-12 18:34:00 85864 ----a-w- C:\windows\System32\dnssd.dll2011-07-12 18:34:00 61288 ----a-w- C:\windows\System32\jdns_sd.dll2011-07-12 18:34:00 212840 ----a-w- C:\windows\System32\dnssdX.dll2011-07-12 18:20:54 83816 ----a-w- C:\windows\SysWow64\dns-sd.exe2011-07-12 18:20:54 73064 ----a-w- C:\windows\SysWow64\dnssd.dll2011-07-12 18:20:54 50536 ----a-w- C:\windows\SysWow64\jdns_sd.dll2011-07-12 18:20:54 178536 ----a-w- C:\windows\SysWow64\dnssdX.dll2011-07-09 05:14:10 2048 ----a-w- C:\windows\System32\tzres.dll2011-07-09 04:30:52 2048 ----a-w- C:\windows\SysWow64\tzres.dll2011-07-09 02:44:55 287744 ----a-w- C:\windows\System32\drivers\mrxsmb10.sys2011-07-06 01:37:00 94208 ----a-w- C:\windows\SysWow64\QuickTimeVR.qtx2011-07-06 01:37:00 69632 ----a-w- C:\windows\SysWow64\QuickTime.qts.============= FINISH: 19:20:18.79 ===============attach.zip Link to post Share on other sites More sharing options...
Elise Posted September 25, 2011 ID:479108 Share Posted September 25, 2011 Hello, could you please include a description of your problem?Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!Double-click on TDSSKiller.exe to run the tool for known TDSS variants.Vista/Windows 7 users right-click and select Run As Administrator.If TDSSKiller does not run, try renaming it. To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.Click the Start Scan button.Do not use the computer during the scanIf the scan completes with nothing found, click Close to exit.If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).Copy and paste the contents of that file in your next reply. Link to post Share on other sites More sharing options...
Staff screen317 Posted October 10, 2011 Staff ID:484063 Share Posted October 10, 2011 Are you still with us? This topic will be closed in a few days if we do not hear back from you. Link to post Share on other sites More sharing options...
Staff screen317 Posted October 14, 2011 Staff ID:485600 Share Posted October 14, 2011 Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread. Thanks! Link to post Share on other sites More sharing options...
Recommended Posts