Jump to content

OpenCloud and Malwarebytes problems


Recommended Posts

One of our laptops got gunked with OpenCloud Security. I was cocky, because I cleared up a similar infection on a friend's netbook a few months ago using Malwarebytes. So I removed the OpenCloud files, and downloaded Malwarebytes. OpenCloud still apparently has a presence, because it won't let me open the user interface for either Malwarebytes, McAfee OAS, or AVG (which I downloaded on the chance that McAfee was broken). Malwarebytes runs in the background, because see the icon in the system tray, and occasionally gets messages that it blocks outgoing IP addresses.

I downloaded rkill and ran it, then reinstalled Malwarebytes; didn't take care of it. I tried starting from Safe Mode with Networking--no dice. I also tried renaming Malwarebytes and running it that way. Still didn't work. So I figured I'd post here and get some help. I'm attaching the dds log, and am happy to run other programs and provide whatever info you need.

Thanks in advance! dds.txt

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_22

Run by Rob Spirko at 21:27:13 on 2011-09-30

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1014.219 [GMT -4:00]

.

AV: AVG Internet Security 2012 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}

AV: McAfee VirusScan Enterprise *Disabled/Updated* {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}

FW: AVG Firewall *Enabled*

.

============== Running Processes ===============

.

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

svchost.exe

svchost.exe

C:\WINDOWS\System32\WLTRYSVC.EXE

C:\WINDOWS\System32\bcmwltry.exe

C:\WINDOWS\system32\spoolsv.exe

svchost.exe

C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\WINDOWS\80616103:1491415547.exe

C:\Program Files\AVG\AVG2012\avgfws.exe

C:\Program Files\AVG\AVG2012\avgwdsvc.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\WINDOWS\system32\svchost.exe -k hpdevmgmt

C:\Program Files\Google\Update\1.3.21.69\GoogleCrashHandler.exe

C:\WINDOWS\system32\svchost.exe -k HPService

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\McAfee\Common Framework\FrameworkService.exe

C:\Program Files\AVG\AVG2012\avgnsx.exe

C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe

C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe

C:\Documents and Settings\All Users\Application Data\OfficeGuardianV2N35\Reminder\SacNetAgent.exe

C:\Program Files\Dell Support Center\bin\sprtsvc.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\8.0.1\ToolbarUpdater.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Hanes T-ShirtMaker Lite\new\mbamservice.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\WINDOWS\system32\igfxsrvc.exe

C:\Program Files\Dell\MediaDirect\PCMService.exe

C:\Program Files\McAfee\Common Framework\udaterui.exe

C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE

C:\Program Files\Dell Support Center\bin\sprtcmd.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

C:\Program Files\McAfee\Common Framework\McTray.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\AVG\AVG2012\avgtray.exe

C:\Program Files\AVG Secure Search\vprot.exe

C:\Program Files\Hanes T-ShirtMaker Lite\new\mbamgui.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Mozilla Firefox\firefox.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=4080210

uSearch Page = hxxp://www.google.com/hws/sb/dell-usuk-rel/en/side.html?channel=us

uDefault_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=4080210

uSearch Bar = hxxp://www.google.com/hws/sb/dell-usuk-rel/en/side.html?channel=us

mDefault_Page_URL = hxxp://www.dell.com

mDefault_Search_URL = hxxp://www.google.com/ie

mSearch Page = hxxp://www.google.com

mStart Page = hxxp://www.dell.com

mSearch Bar = hxxp://www.google.com/ie

uInternet Connection Wizard,ShellNext = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=4080210

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

mSearchAssistant = hxxp://www.google.com/hws/sb/dell-usuk-rel/en/side.html?channel=us

uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll

mURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll

mWinlogon: Userinit=c:\windows\system32\userinit.exe,c:\windows\system32\sdra64.exe,

BHO: Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll

BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll

BHO: ADC PlugIn: {19090308-636d-4e9b-a1ce-a647b6f794bf} - c:\documents and settings\hannah spirko\application data\tkkk7ffrl9hxquc\sysl32.dll

BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll

BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg2012\avgssie.dll

BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan enterprise\scriptcl.dll

BHO: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - c:\program files\avg secure search\8.0.0.34\AVG Secure Search_toolbar.dll

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.6406.1642\swg.dll

BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\dell\bae\BAE.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll

TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

TB: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - c:\program files\avg secure search\8.0.0.34\AVG Secure Search_toolbar.dll

uRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter

uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"

mRun: [synTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe

mRun: [igfxTray] c:\windows\system32\igfxtray.exe

mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe

mRun: [Persistence] c:\windows\system32\igfxpers.exe

mRun: [DELL Webcam Manager] "c:\program files\dell\dell webcam manager\DellWMgr.exe" /s

mRun: [PCMService] "c:\program files\dell\mediadirect\PCMService.exe"

mRun: [PdxRegCl] "c:\program files\paradox\programs\PdxRegCl.exe" /s /c

mRun: [QuickFinder Scheduler] "c:\program files\wordperfect office x3\programs\QFSCHD130.EXE"

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"

mRun: [McAfeeUpdaterUI] "c:\program files\mcafee\common framework\udaterui.exe" /StartedFromRunKey

mRun: [shStatEXE] "c:\program files\mcafee\virusscan enterprise\SHSTAT.EXE" /STANDALONE

mRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe

mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime

mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRun: [AVG_TRAY] "c:\program files\avg\avg2012\avgtray.exe"

mRun: [vProt] "c:\program files\avg secure search\vprot.exe"

mRun: [Malwarebytes' Anti-Malware] "c:\program files\hanes t-shirtmaker lite\new\mbamgui.exe" /starttray

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe

mPolicies-system: EnableLinkedConnections = 1 (0x1)

IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html

IE: Open with WordPerfect - c:\program files\wordperfect office x3\programs\WPLauncher.hta

IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://c:\program files\evernote\evernote\EvernoteIE.dll/204

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL

LSP: mswsock.dll

DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\yinsthelper.dll

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} - hxxp://office.microsoft.com/officeupdate/content/opuc4.cab

DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

TCP: DhcpNameServer = 192.168.0.1

TCP: Interfaces\{F299D118-8A8F-4396-934B-96ECE5CE9231} : DhcpNameServer = 192.168.0.1

Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg2012\avgpp.dll

Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\common files\avg secure search\viprotocolinstaller\8.0.1\ViProtocol.dll

Notify: igfxcui - igfxdev.dll

Notify: kbupdate - kbupdate.dll

AppInit_DLLs: c:\progra~1\google\google~2\GOEC62~1.DLL

LSA: Notification Packages = scecli EModor40.dll

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\documents and settings\rob spirko\application data\mozilla\firefox\profiles\hkobbimf.default\

FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7B0a317be2-b117-4b16-9c25-f891123dd759%7D&mid=5818800cdc5547d19505d15f02944c7b-aecfcc6a0260c2b71d0763d3b26e7f610ebb1ebf&ds=AVG&v=8.0.0.34.1〈=en&pr=pr&d=2011-09-29%2000%3A07%3A41&sap=ku&q=

FF - prefs.js: network.proxy.http - localhost

FF - prefs.js: network.proxy.http_port - 7171

FF - prefs.js: network.proxy.type - 0

FF - component: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordext.dll

FF - component: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordlegacyext.dll

FF - component: c:\documents and settings\rob spirko\application data\mozilla\firefox\profiles\hkobbimf.default\extensions\avg@toolbar\components\toolbarhomewmp.dll

FF - component: c:\program files\avg\avg2012\firefox4\components\avgssff4.dll

FF - component: c:\program files\avg\avg2012\firefox4\components\avgssff5.dll

FF - component: c:\program files\avg\avg2012\firefox4\components\avgssff6.dll

FF - component: c:\program files\avg\avg2012\firefox4\components\avgssff7.dll

FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll

FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll

FF - plugin: c:\program files\google\google updater\2.4.2432.1652\npCIDetect14.dll

FF - plugin: c:\program files\google\update\1.3.21.69\npGoogleUpdate3.dll

FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}

FF - Ext: XULRunner: {A0DDCF64-DB93-40E8-BA4A-D0A7196A71F1} - c:\documents and settings\jennifer spirko\local settings\application data\{A0DDCF64-DB93-40E8-BA4A-D0A7196A71F1}

FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff

FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\firefox\Ext

FF - Ext: AVG Safe Search: {1E73965B-8B48-48be-9C8D-68B920ABC1C4} - c:\program files\avg\avg2012\Firefox4

FF - Ext: AVG Security Toolbar: avg@toolbar - %profile%\extensions\avg@toolbar

.

============= SERVICES / DRIVERS ===============

.

R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2011-7-11 23120]

R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2011-7-11 32464]

R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2011-7-11 229840]

R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-8-8 40016]

R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2011-7-11 295248]

R1 mferkdk;VSCore mferkdk;c:\program files\mcafee\virusscan enterprise\mferkdk.sys [2008-7-16 31816]

R2 AdobeActiveFileMonitor;Adobe Active File Monitor;c:\program files\adobe\photoshop elements 3.0\PhotoshopElementsFileAgent.exe [2004-10-4 98304]

R2 avgfws;AVG Firewall;c:\program files\avg\avg2012\avgfws.exe [2011-8-19 2399560]

R2 avgwd;AVG WatchDog;c:\program files\avg\avg2012\avgwdsvc.exe [2011-8-2 192776]

R2 MBAMService;MBAMService;c:\program files\hanes t-shirtmaker lite\new\mbamservice.exe [2011-9-29 366152]

R2 McAfeeFramework;McAfee Framework Service;c:\program files\mcafee\common framework\FrameworkService.exe [2008-3-14 103744]

R2 McTaskManager;McAfee Task Manager;c:\program files\mcafee\virusscan enterprise\VsTskMgr.exe [2008-7-16 54608]

R2 PhotoshopElementsDeviceConnect;Photoshop Elements Device Connect;c:\program files\adobe\photoshop elements 3.0\PhotoshopElementsDeviceConnect.exe [2004-10-4 118784]

R2 SacNetAgentService_C57C4F854F53;SacNetAgentService_C57C4F854F53;c:\documents and settings\all users\application data\officeguardianv2n35\reminder\SacNetAgent.exe [2010-12-30 163664]

R2 vToolbarUpdater;vToolbarUpdater;c:\program files\common files\avg secure search\vtoolbarupdater\8.0.1\ToolbarUpdater.exe [2011-9-29 246600]

R3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [2011-5-23 30944]

R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2011-7-11 134608]

R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2011-7-11 24272]

R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2011-7-11 16720]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-9-29 22216]

S2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2012\AVGIDSAgent.exe [2011-9-1 5265248]

S2 gupdate1ca67bcf05d8eba;Google Update Service (gupdate1ca67bcf05d8eba);c:\program files\google\update\GoogleUpdate.exe [2009-11-17 133104]

S2 McShield;McAfee McShield;c:\program files\mcafee\virusscan enterprise\Mcshield.exe [2008-7-16 144704]

S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [2011-5-23 30944]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2009-11-17 133104]

S3 mfeavfk;McAfee Inc.;c:\windows\system32\drivers\mfeavfk.sys [2008-3-22 72936]

S3 mfebopk;McAfee Inc.;c:\windows\system32\drivers\mfebopk.sys [2008-3-22 33960]

S3 mfehidk;McAfee Inc.;c:\windows\system32\drivers\mfehidk.sys [2008-3-22 174952]

.

=============== Created Last 30 ================

.

2011-09-30 03:14:48 22216 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-09-29 04:08:43 -------- d-----w- c:\documents and settings\rob spirko\application data\AVG2012

2011-09-29 04:07:42 -------- d-----w- c:\documents and settings\rob spirko\application data\AVG Secure Search

2011-09-29 04:07:37 -------- d-----w- c:\program files\common files\AVG Secure Search

2011-09-29 04:07:37 -------- d-----w- c:\program files\AVG Secure Search

2011-09-29 04:06:03 -------- d-----w- c:\windows\system32\drivers\AVG

2011-09-29 04:06:03 -------- d-----w- c:\documents and settings\all users\application data\AVG2012

2011-09-29 04:05:07 -------- d-----w- c:\program files\AVG

2011-09-29 03:56:44 -------- d--h--w- c:\documents and settings\all users\application data\Common Files

2011-09-29 03:56:26 -------- d-----w- c:\documents and settings\all users\application data\MFAData

2011-09-29 01:52:14 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-09-29 01:30:25 -------- d-----w- c:\documents and settings\rob spirko\application data\J1uvD2obFpHs

2011-09-29 00:11:08 -------- d-----w- c:\documents and settings\rob spirko\application data\Malwarebytes

2011-09-29 00:11:01 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes

2011-09-28 20:49:11 -------- d-----w- c:\documents and settings\rob spirko\local settings\application data\Apple Computer

2011-09-28 20:49:07 -------- d-----w- c:\documents and settings\rob spirko\application data\YsQJ7dEK8RqYwUr

2011-09-28 20:49:07 -------- d-----w- c:\documents and settings\rob spirko\application data\NivD3onG4m6W7E9

2011-09-03 10:17:37 599040 ------w- c:\windows\system32\dllcache\crypt32.dll

.

==================== Find3M ====================

.

2011-09-09 09:12:13 599040 ----a-w- c:\windows\system32\crypt32.dll

2011-08-17 01:52:06 5642 --sha-w- c:\windows\system32\KGyGaAvL.sys

2011-07-15 13:29:31 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys

2011-07-11 05:14:38 295248 ----a-w- c:\windows\system32\drivers\avgtdix.sys

2011-07-11 05:14:30 16720 ----a-w- c:\windows\system32\drivers\AVGIDSShim.sys

2011-07-11 05:14:28 24272 ----a-w- c:\windows\system32\drivers\AVGIDSFilter.sys

2011-07-11 05:14:28 23120 ----a-w- c:\windows\system32\drivers\AVGIDSEH.sys

2011-07-11 05:14:26 134608 ----a-w- c:\windows\system32\drivers\AVGIDSDriver.sys

2011-07-11 05:13:46 229840 ----a-w- c:\windows\system32\drivers\avgldx86.sys

2011-07-11 05:13:42 32464 ----a-w- c:\windows\system32\drivers\avgrkx86.sys

2011-07-08 14:02:00 10496 ----a-w- c:\windows\system32\drivers\ndistapi.sys

2009-02-12 03:00:14 149353184 ----a-w- c:\program files\OOo_3.0.1_Win32Intel_install_wJRE_en-US.exe

2008-06-29 04:16:06 21379762 ----a-w- c:\program files\scribus-1.3.3.12-win32-install.exe

2008-06-29 04:08:18 14275584 ----a-w- c:\program files\gs862w32.exe

.

============= FINISH: 21:28:50.73 ===============

Link to post
Share on other sites

  • Root Admin

Okay, please see option #4 here in the FAQ: http://forums.malwarebytes.org/index.php?showtopic=10138

Basically update MBAM on a clean computer and then copy the latest RULES.REF to the infected computer and then try to run a Quick Scan and remove anything found and then post back the scan log please.

If you have any questions or MBAM won't run let me know.

Link to post
Share on other sites

  • Root Admin

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.