Jump to content

Don't think I'm affected


Recommended Posts

My original post is here: http://forums.malwarebytes.org/index.php?showtopic=97207

.

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 9.0.8112.16421

Run by God at 16:51:42 on 2011-10-07

Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.6142.3677 [GMT -5:00]

.

AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}

SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\nvvsvc.exe

C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

C:\Windows\system32\svchost.exe -k RPCSS

c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\Digidesign\Drivers\MMERefresh.exe

C:\Windows\SysWOW64\XSrvSetup.exe

C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe

C:\Windows\SysWOW64\PnkBstrA.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files (x86)\CheckPoint\Endpoint Connect\TracSrvWrapper.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe

C:\Windows\system32\nvvsvc.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe

C:\Windows\system32\SearchIndexer.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

C:\Windows\System32\M-AudioTaskBarIcon.exe

C:\Program Files\Microsoft Security Client\msseces.exe

C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe

C:\Program Files (x86)\Steam\Steam.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files (x86)\Unified Remote\RemoteServer.exe

C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe

C:\Program Files (x86)\CheckPoint\Endpoint Connect\TrGUI.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files\NVIDIA Corporation\Display\nvtray.exe

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\system32\DllHost.exe

C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe

C:\Riot Games\League of Legends\RADS\system\rads_user_kernel.exe

C:\Riot Games\League of Legends\RADS\projects\lol_launcher\releases\0.0.0.33\deploy\LoLLauncher.exe

C:\Riot Games\League of Legends\RADS\projects\lol_air_client\releases\0.0.0.87\deploy\LolClient.exe

C:\Program Files (x86)\Winamp\winamp.exe

C:\Windows\SysWOW64\NOTEPAD.EXE

C:\Users\God\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\God\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Windows\SysWOW64\rundll32.exe

C:\Users\God\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\God\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe

C:\Windows\SysWOW64\NOTEPAD.EXE

C:\Users\God\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Users\God\Desktop\mbam\Defogger.exe

C:\Windows\system32\conhost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\conhost.exe

C:\Windows\SysWOW64\cscript.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.com/

uWindow Title = Internet Explorer, optimized for Bing and MSN

mWinlogon: Userinit=userinit.exe,

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~4\Office14\URLREDIR.DLL

uRun: [Google Update] "C:\Users\God\AppData\Local\Google\Update\GoogleUpdate.exe" /c

uRun: [steam] "C:\Program Files (x86)\Steam\steam.exe" -silent

uRun: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

uRun: [unifiedRemoteServer] C:\Program Files (x86)\Relmtech\Unified Remote\UnifiedRemoteServer.exe

uRun: [unified Remote v2] C:\Program Files (x86)\Unified Remote\RemoteServer.exe

uRun: [NCsoft]

mRun: [NUSB3MON] "C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"

mRun: [AmazonGSDownloaderTray] C:\Program Files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderTray.exe

mRun: [DigidesignMMERefresh] C:\Program Files (x86)\Digidesign\Drivers\MMERefresh.exe

mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices

mRun: [Check Point Endpoint Connect] "C:\Program Files (x86)\CheckPoint\Endpoint Connect\TrGUI.exe"

mRun: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe

mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)

mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableLUA = 0 (0x0)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

mPolicies-system: PromptOnSecureDesktop = 0 (0x0)

IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~4\Office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~4\Office14\ONBttnIE.dll/105

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} - hxxp://support.asus.com/common/asusTek_sys_ctrl.cab

DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab

DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} - hxxp://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab

TCP: DhcpNameServer = 192.168.1.254

TCP: Interfaces\{AACB9946-0A1A-45C8-B6D2-969CBA80573B} : DhcpNameServer = 192.168.1.254

TCP: Interfaces\{E1556519-C646-4F86-BF95-73B8E0928AF7} : DhcpNameServer = 192.168.1.254

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL

BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO-X64: AcroIEHelperStub - No File

BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL

BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

BHO-X64: SkypeIEPluginBHO - No File

BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~4\Office14\URLREDIR.DLL

BHO-X64: URLRedirectionBHO - No File

mRun-x64: [NUSB3MON] "C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"

mRun-x64: [AmazonGSDownloaderTray] C:\Program Files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderTray.exe

mRun-x64: [DigidesignMMERefresh] C:\Program Files (x86)\Digidesign\Drivers\MMERefresh.exe

mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"

mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun-x64: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices

mRun-x64: [Check Point Endpoint Connect] "C:\Program Files (x86)\CheckPoint\Endpoint Connect\TrGUI.exe"

mRun-x64: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe

mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL

.

============= SERVICES / DRIVERS ===============

.

R1 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]

R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]

R2 DigiNet;Digidesign Ethernet Support;C:\Windows\system32\DRIVERS\diginet.sys --> C:\Windows\system32\DRIVERS\diginet.sys [?]

R2 JMB36X;JMB36X;C:\Windows\SysWOW64\XSrvSetup.exe [2010-12-4 72304]

R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-10-6 366152]

R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-10-1 2253120]

R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-9-10 381248]

R2 TracSrvWrapper;Check Point Endpoint Connect;C:\Program Files (x86)\CheckPoint\Endpoint Connect\TracSrvWrapper.exe [2011-2-7 3487256]

R3 lvpopf64;Logitech POP Suppression Filter;C:\Windows\system32\DRIVERS\lvpopf64.sys --> C:\Windows\system32\DRIVERS\lvpopf64.sys [?]

R3 LVUSBS64;Logitech USB Monitor Filter;C:\Windows\system32\drivers\LVUSBS64.sys --> C:\Windows\system32\drivers\LVUSBS64.sys [?]

R3 LVUVC64;Logitech QuickCam Fusion(UVC);C:\Windows\system32\DRIVERS\lvuvc64.sys --> C:\Windows\system32\DRIVERS\lvuvc64.sys [?]

R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]

R3 MpNWMon;Microsoft Malware Protection Network Driver;C:\Windows\system32\DRIVERS\MpNWMon.sys --> C:\Windows\system32\DRIVERS\MpNWMon.sys [?]

R3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]

R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-4-27 288272]

R3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;C:\Windows\system32\DRIVERS\nusb3hub.sys --> C:\Windows\system32\DRIVERS\nusb3hub.sys [?]

R3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;C:\Windows\system32\DRIVERS\nusb3xhc.sys --> C:\Windows\system32\DRIVERS\nusb3xhc.sys [?]

R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys --> C:\Windows\system32\drivers\nvhda64v.sys [?]

R3 Razerlow;Razer Pro|Solutions;C:\Windows\system32\drivers\DB3G.sys --> C:\Windows\system32\drivers\DB3G.sys [?]

R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]

R3 vna_ap;Check Point Virtual Network Adapter - Apollo;C:\Windows\system32\DRIVERS\vnaap.sys --> C:\Windows\system32\DRIVERS\vnaap.sys [?]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-7-30 136176]

S3 Amazon Download Agent;Amazon Download Agent;C:\Program Files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe [2010-12-25 401920]

S3 androidusb;ADB Interface Driver;C:\Windows\system32\Drivers\androidusb.sys --> C:\Windows\system32\Drivers\androidusb.sys [?]

S3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;C:\Program Files (x86)\Common Files\Futuremark Shared\Futuremark SystemInfo\FMSISvc.exe [2010-12-7 128928]

S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-7-30 136176]

S3 iLokDrvr;Usb Driver;C:\Windows\system32\DRIVERS\iLokDrvr.sys --> C:\Windows\system32\DRIVERS\iLokDrvr.sys [?]

S3 MAUSBFASTTRACKULTRA8R;Service for M-Audio Fast Track Ultra 8R;C:\Windows\system32\DRIVERS\MAudioFastTrackUltra8R.sys --> C:\Windows\system32\DRIVERS\MAudioFastTrackUltra8R.sys [?]

S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-6-12 31125880]

S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]

S3 RTL8192su;%RTL8192su.DeviceDesc.DispName%;C:\Windows\system32\DRIVERS\RTL8192su.sys --> C:\Windows\system32\DRIVERS\RTL8192su.sys [?]

S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]

.

=============== Created Last 30 ================

.

2011-10-07 21:47:44 41272 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys

2011-10-07 20:17:16 69000 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{B372AA14-D40F-48EA-93C8-FC322ED262A0}\offreg.dll

2011-10-07 04:16:02 -------- d-----w- C:\Users\God\AppData\Roaming\Malwarebytes

2011-10-07 04:15:57 -------- d-----w- C:\ProgramData\Malwarebytes

2011-10-07 04:15:54 25416 ----a-w- C:\Windows\System32\drivers\mbam.sys

2011-10-07 04:15:54 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2011-10-07 01:14:49 9049936 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{B372AA14-D40F-48EA-93C8-FC322ED262A0}\mpengine.dll

2011-10-01 22:32:38 837952 ----a-w- C:\Windows\System32\easyupdatusapiu64.dll

2011-10-01 22:32:01 1426536 ----a-w- C:\Windows\System32\nvhdagenco642040.dll

2011-10-01 22:31:55 1533248 ----a-w- C:\Windows\System32\nvdispco64.dll

2011-10-01 22:31:55 1454400 ----a-w- C:\Windows\System32\nvgenco64.dll

2011-10-01 21:43:22 -------- d-----w- C:\Program Files (x86)\SystemRequirementsLab

2011-10-01 21:42:26 280904 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr

2011-10-01 21:41:43 -------- d-----w- C:\Program Files (x86)\Battlelog Web Plugins

2011-10-01 21:40:25 -------- d-----w- C:\ProgramData\EA Core

2011-10-01 21:28:39 -------- d--h--w- C:\Program Files (x86)\Common Files\EAInstaller

2011-10-01 20:34:34 -------- d-----w- C:\Users\God\AppData\Roaming\Origin

2011-10-01 20:34:14 -------- d-----w- C:\Users\God\AppData\Local\Origin

2011-10-01 20:34:06 -------- d-----w- C:\ProgramData\Origin

2011-10-01 20:34:06 -------- d-----w- C:\ProgramData\Electronic Arts

2011-10-01 20:34:06 -------- d-----w- C:\Program Files (x86)\Origin Games

2011-10-01 20:33:56 -------- d-----w- C:\Program Files (x86)\Origin

2011-10-01 19:56:07 -------- d-----w- C:\Program Files (x86)\TeamFortress Arcade

2011-09-28 02:55:20 -------- d-----w- C:\Users\God\AppData\Local\NCSoft

2011-09-28 02:46:01 -------- d-----w- C:\Users\God\AppData\Local\assembly

2011-09-28 02:45:32 -------- d-----w- C:\Program Files (x86)\NCSoft

2011-09-28 02:44:16 -------- d-----w- C:\Users\God\AppData\Roaming\GetRightToGo

2011-09-15 04:12:11 -------- d-----w- C:\Program Files (x86)\Super Smash Land

2011-09-12 03:40:53 -------- d-----w- C:\Users\God\AppData\Roaming\com.amazon.music.uploader

2011-09-12 03:40:08 -------- d-----w- C:\Users\God\AppData\Local\Adobe

2011-09-10 09:47:40 321856 ----a-w- C:\Windows\SysWow64\nvStreaming.exe

2011-09-08 23:49:11 601424 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{3051BF52-D03F-4A87-AF0D-22D2BB4E152B}\gapaengine.dll

.

==================== Find3M ====================

.

2011-10-02 18:17:32 404640 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2011-10-01 23:20:13 280904 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe

2011-10-01 23:01:28 280904 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0

2011-10-01 21:28:08 75136 ----a-w- C:\Windows\SysWow64\PnkBstrA.exe

2011-07-22 05:42:23 2303488 ----a-w- C:\Windows\System32\jscript9.dll

2011-07-22 05:36:16 1389056 ----a-w- C:\Windows\System32\wininet.dll

2011-07-22 05:32:40 2382848 ----a-w- C:\Windows\System32\mshtml.tlb

2011-07-22 02:54:43 1797632 ----a-w- C:\Windows\SysWow64\jscript9.dll

2011-07-22 02:48:26 1126912 ----a-w- C:\Windows\SysWow64\wininet.dll

2011-07-22 02:44:36 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2011-07-16 05:41:50 362496 ----a-w- C:\Windows\System32\wow64win.dll

2011-07-16 05:41:49 243200 ----a-w- C:\Windows\System32\wow64.dll

2011-07-16 05:41:49 13312 ----a-w- C:\Windows\System32\wow64cpu.dll

2011-07-16 05:39:10 16384 ----a-w- C:\Windows\System32\ntvdm64.dll

2011-07-16 05:37:12 421888 ----a-w- C:\Windows\System32\KernelBase.dll

2011-07-16 04:29:19 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll

2011-07-16 04:26:00 44032 ----a-w- C:\Windows\apppatch\acwow64.dll

2011-07-16 04:25:37 25600 ----a-w- C:\Windows\SysWow64\setup16.exe

2011-07-16 04:24:23 5120 ----a-w- C:\Windows\SysWow64\wow32.dll

2011-07-16 04:24:22 272384 ----a-w- C:\Windows\SysWow64\KernelBase.dll

2011-07-16 02:21:44 7680 ----a-w- C:\Windows\SysWow64\instnm.exe

2011-07-16 02:21:41 2048 ----a-w- C:\Windows\SysWow64\user.exe

2011-07-16 02:17:19 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll

2011-07-16 02:17:19 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll

2011-07-16 02:17:19 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll

2011-07-16 02:17:19 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll

.

============= FINISH: 16:52:12.09 ===============

Malwarebytes' Anti-Malware 1.51.2.1300

www.malwarebytes.org

Database version: 7891

Windows 6.1.7601 Service Pack 1

Internet Explorer 9.0.8112.16421

10/7/2011 12:58:26 AM

mbam-log-2011-10-07 (00-58-26).txt

Scan type: Full scan (C:\|)

Objects scanned: 617907

Time elapsed: 1 hour(s), 40 minute(s), 47 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

a sample from the IP protection log (bc post too long otherwise, i deleted about 500 or so lines of the same IP block from winamp):

15:17:37 God MESSAGE Protection started successfully

15:17:41 God MESSAGE IP Protection started successfully

15:18:39 God MESSAGE Scheduled update executed successfully

15:19:04 God MESSAGE IP Protection stopped

15:19:05 God MESSAGE Database updated successfully

15:19:05 God MESSAGE IP Protection started successfully

15:49:39 God IP-BLOCK 80.82.79.70 (Type: outgoing, Port: 8086, Process: winamp.exe)

15:49:39 God IP-BLOCK 80.82.79.70 (Type: outgoing, Port: 8086, Process: winamp.exe)

16:01:43 God IP-BLOCK 80.82.79.70 (Type: outgoing, Port: 8086, Process: winamp.exe)

16:01:51 God IP-BLOCK 80.82.79.70 (Type: outgoing, Port: 8086, Process: winamp.exe)

16:01:51 God IP-BLOCK 80.82.79.70 (Type: outgoing, Port: 8086, Process: winamp.exe)

16:01:51 God IP-BLOCK 80.82.79.70 (Type: outgoing, Port: 8086, Process: winamp.exe)

16:01:51 God IP-BLOCK 80.82.79.70 (Type: outgoing, Port: 8086, Process: winamp.exe)

16:01:51 God IP-BLOCK 80.82.79.70 (Type: outgoing, Port: 8086, Process: winamp.exe)

16:01:51 God IP-BLOCK 80.82.79.70 (Type: outgoing, Port: 8086, Process: winamp.exe)

16:01:51 God IP-BLOCK 80.82.79.70 (Type: outgoing, Port: 8086, Process: winamp.exe)

16:01:51 God IP-BLOCK 80.82.79.70 (Type: outgoing, Port: 8086, Process: winamp.exe)

16:02:00 God IP-BLOCK 80.82.79.70 (Type: outgoing, Port: 8086, Process: winamp.exe)

16:02:00 God IP-BLOCK 80.82.79.70 (Type: outgoing, Port: 8086, Process: winamp.exe)

16:02:00 God IP-BLOCK 80.82.79.70 (Type: outgoing, Port: 8086, Process: winamp.exe)

16:02:00 God IP-BLOCK 80.82.79.70 (Type: outgoing, Port: 8086, Process: winamp.exe)

16:02:00 God IP-BLOCK 80.82.79.70 (Type: outgoing, Port: 8086, Process: winamp.exe)

16:02:00 God IP-BLOCK 80.82.79.70 (Type: outgoing, Port: 8086, Process: winamp.exe)

16:02:00 God IP-BLOCK 80.82.79.70 (Type: outgoing, Port: 8086, Process: winamp.exe)

16:02:00 God IP-BLOCK 80.82.79.70 (Type: outgoing, Port: 8086, Process: winamp.exe)

16:02:08 God IP-BLOCK 80.82.79.70 (Type: outgoing, Port: 8086, Process: winamp.exe)

16:02:08 God IP-BLOCK 80.82.79.70 (Type: outgoing, Port: 8086, Process: winamp.exe)

16:02:08 God IP-BLOCK 80.82.79.70 (Type: outgoing, Port: 8086, Process: winamp.exe)

16:02:08 God IP-BLOCK 80.82.79.70 (Type: outgoing, Port: 8086, Process: winamp.exe)

16:02:08 God IP-BLOCK 80.82.79.70 (Type: outgoing, Port: 8086, Process: winamp.exe)

16:02:08 God IP-BLOCK 80.82.79.70 (Type: outgoing, Port: 8086, Process: winamp.exe)

16:02:08 God IP-BLOCK 80.82.79.70 (Type: outgoing, Port: 8086, Process: winamp.exe)

16:02:08 God IP-BLOCK 80.82.79.70 (Type: outgoing, Port: 8086, Process: winamp.exe)

16:02:16 God IP-BLOCK 80.82.79.70 (Type: outgoing, Port: 8086, Process: winamp.exe)

16:02:16 God IP-BLOCK 80.82.79.70 (Type: outgoing, Port: 8086, Process: winamp.exe)

16:02:16 God IP-BLOCK 80.82.79.70 (Type: outgoing, Port: 8086, Process: winamp.exe)

16:02:16 God IP-BLOCK 80.82.79.70 (Type: outgoing, Port: 8086, Process: winamp.exe)

16:02:16 God IP-BLOCK 80.82.79.70 (Type: outgoing, Port: 8086, Process: winamp.exe)

16:02:16 God IP-BLOCK 80.82.79.70 (Type: outgoing, Port: 8086, Process: winamp.exe)

16:02:16 God IP-BLOCK 80.82.79.70 (Type: outgoing, Port: 8086, Process: winamp.exe)

16:02:16 God IP-BLOCK 80.82.79.70 (Type: outgoing, Port: 8086, Process: winamp.exe)

16:02:24 God IP-BLOCK 80.82.79.70 (Type: outgoing, Port: 8086, Process: winamp.exe)

16:02:24 God IP-BLOCK 80.82.79.70 (Type: outgoing, Port: 8086, Process: winamp.exe)

16:02:24 God IP-BLOCK 80.82.79.70 (Type: outgoing, Port: 8086, Process: winamp.exe)

16:02:24 God IP-BLOCK 80.82.79.70 (Type: outgoing, Port: 8086, Process: winamp.exe)

16:02:24 God IP-BLOCK 80.82.79.70 (Type: outgoing, Port: 8086, Process: winamp.exe)

16:02:24 God IP-BLOCK 80.82.79.70 (Type: outgoing, Port: 8086, Process: winamp.exe)

16:02:24 God IP-BLOCK 80.82.79.70 (Type: outgoing, Port: 8086, Process: winamp.exe)

16:02:24 God IP-BLOCK 80.82.79.70 (Type: outgoing, Port: 8086, Process: winamp.exe)

16:02:32 God IP-BLOCK 80.82.79.70 (Type: outgoing, Port: 8086, Process: winamp.exe)

16:02:32 God IP-BLOCK 80.82.79.70 (Type: outgoing, Port: 8086, Process: winamp.exe)

16:02:32 God IP-BLOCK 80.82.79.70 (Type: outgoing, Port: 8086, Process: winamp.exe)

16:02:32 God IP-BLOCK 80.82.79.70 (Type: outgoing, Port: 8086, Process: winamp.exe)

16:02:32 God IP-BLOCK 80.82.79.70 (Type: outgoing, Port: 8086, Process: winamp.exe)

16:02:32 God IP-BLOCK 80.82.79.70 (Type: outgoing, Port: 8086, Process: winamp.exe)

16:02:32 God IP-BLOCK 80.82.79.70 (Type: outgoing, Port: 8086, Process: winamp.exe)

16:02:32 God IP-BLOCK 80.82.79.70 (Type: outgoing, Port: 8086, Process: winamp.exe)

16:02:40 God IP-BLOCK 80.82.79.70 (Type: outgoing, Port: 8086, Process: winamp.exe)

16:02:40 God IP-BLOCK 80.82.79.70 (Type: outgoing, Port: 8086, Process: winamp.exe)

16:02:40 God IP-BLOCK 80.82.79.70 (Type: outgoing, Port: 8086, Process: winamp.exe)

16:02:40 God IP-BLOCK 80.82.79.70 (Type: outgoing, Port: 8086, Process: winamp.exe)

16:02:40 God IP-BLOCK 80.82.79.70 (Type: outgoing, Port: 8086, Process: winamp.exe)

16:02:40 God IP-BLOCK 80.82.79.70 (Type: outgoing, Port: 8086, Process: winamp.exe)

16:02:40 God IP-BLOCK 80.82.79.70 (Type: outgoing, Port: 8086, Process: winamp.exe)

16:02:40 God IP-BLOCK 80.82.79.70 (Type: outgoing, Port: 8086, Process: winamp.exe)

16:02:48 God IP-BLOCK 80.82.79.70 (Type: outgoing, Port: 50183, Process: chrome.exe)

16:02:48 God IP-BLOCK 80.82.79.70 (Type: outgoing, Port: 50184, Process: chrome.exe)

16:02:48 God IP-BLOCK 80.82.79.70 (Type: outgoing, Port: 50185, Process: chrome.exe)

16:05:46 God IP-BLOCK 80.82.79.70 (Type: outgoing, Port: 8086, Process: winamp.exe)

16:05:46 God IP-BLOCK 80.82.79.70 (Type: outgoing, Port: 8086, Process: winamp.exe)

16:05:46 God IP-BLOCK 80.82.79.70 (Type: outgoing, Port: 8086, Process: winamp.exe)

16:05:46 God IP-BLOCK 80.82.79.70 (Type: outgoing, Port: 8086, Process: winamp.exe)

16:05:46 God IP-BLOCK 80.82.79.70 (Type: outgoing, Port: 8086, Process: winamp.exe)

16:05:46 God IP-BLOCK 80.82.79.70 (Type: outgoing, Port: 8086, Process: winamp.exe)

16:05:46 God IP-BLOCK 80.82.79.70 (Type: outgoing, Port: 8086, Process: winamp.exe)

16:05:46 God IP-BLOCK 80.82.79.70 (Type: outgoing, Port: 8086, Process: winamp.exe)

16:05:54 God IP-BLOCK 80.82.79.70 (Type: outgoing, Port: 8086, Process: winamp.exe)

16:05:54 God IP-BLOCK 80.82.79.70 (Type: outgoing, Port: 50294, Process: chrome.exe)

16:05:54 God IP-BLOCK 80.82.79.70 (Type: outgoing, Port: 50295, Process: chrome.exe)

16:05:54 God IP-BLOCK 80.82.79.70 (Type: outgoing, Port: 50296, Process: chrome.exe)

16:05:54 God IP-BLOCK 80.82.79.70 (Type: outgoing, Port: 8086, Process: winamp.exe)

16:05:54 God IP-BLOCK 80.82.79.70 (Type: outgoing, Port: 8086, Process: winamp.exe)

16:05:54 God IP-BLOCK 80.82.79.70 (Type: outgoing, Port: 8086, Process: winamp.exe)

16:05:54 God IP-BLOCK 80.82.79.70 (Type: outgoing, Port: 8086, Process: winamp.exe)

16:05:54 God IP-BLOCK 80.82.79.70 (Type: outgoing, Port: 8086, Process: winamp.exe)

16:05:54 God IP-BLOCK 80.82.79.70 (Type: outgoing, Port: 8086, Process: winamp.exe)

16:05:54 God IP-BLOCK 80.82.79.70 (Type: outgoing, Port: 8086, Process: winamp.exe)

16:06:02 God IP-BLOCK 80.82.79.70 (Type: outgoing, Port: 8086, Process: winamp.exe)

16:06:02 God IP-BLOCK 80.82.79.70 (Type: outgoing, Port: 8086, Process: winamp.exe)

16:06:02 God IP-BLOCK 80.82.79.70 (Type: outgoing, Port: 8086, Process: winamp.exe)

16:06:02 God IP-BLOCK 80.82.79.70 (Type: outgoing, Port: 8086, Process: winamp.exe)

16:06:02 God IP-BLOCK 80.82.79.70 (Type: outgoing, Port: 8086, Process: winamp.exe)

16:06:02 God IP-BLOCK 80.82.79.70 (Type: outgoing, Port: 8086, Process: winamp.exe)

16:06:02 God IP-BLOCK 80.82.79.70 (Type: outgoing, Port: 8086, Process: winamp.exe)

16:06:02 God IP-BLOCK 80.82.79.70 (Type: outgoing, Port: 8086, Process: winamp.exe)

16:06:10 God IP-BLOCK 80.82.79.70 (Type: outgoing, Port: 8086, Process: winamp.exe)

16:06:10 God IP-BLOCK 80.82.79.70 (Type: outgoing, Port: 8086, Process: winamp.exe)

16:06:10 God IP-BLOCK 80.82.79.70 (Type: outgoing, Port: 8)

16:06:10 God IP-BLOCK 80.82.79.70 (Type: outgoing, Port: 8086, Process: winamp.exe)

16:06:10 God IP-BLOCK 80.82.79.70 (Type: outgoing, Port: 8)

16:06:10 God IP-BLOCK 80.82.79.70 (Type: outgoing, Port: 8086, Process: winamp.exe)

16:06:10 God IP-BLOCK 80.82.79.70 (Type: outgoing, Port: 8)

16:06:10 God IP-BLOCK 80.82.79.70 (Type: outgoing, Port: 8086, Process: winamp.exe)

16:06:10 God IP-BLOCK 80.82.79.70 (Type: outgoing, Port: 8)

16:06:10 God IP-BLOCK 80.82.79.70 (Type: outgoing, Port: 8086, Process: winamp.exe)

16:25:01 God IP-BLOCK 80.82.79.70 (Type: outgoing, Port: 8086, Process: winamp.exe)

16:25:01 God IP-BLOCK 80.82.79.70 (Type: outgoing, Port: 8086, Process: winamp.exe)

16:25:01 God IP-BLOCK 80.82.79.70 (Type: outgoing, Port: 8086, Process: winamp.exe)

16:54:02 God IP-BLOCK 62.45.129.84 (Type: outgoing, Port: 51001, Process: pmb.exe)

17:11:47 God IP-BLOCK 62.45.129.84 (Type: outgoing, Port: 56277, Process: pmb.exe)

17:40:11 God IP-BLOCK 62.45.199.8 (Type: outgoing, Port: 62957, Process: pmb.exe)

Thanks!

-MH

Link to post
Share on other sites

  • Staff

Hi and welcome to Malwarebytes.

Please update MBAM, run a Quick Scan, and post its log.

Next, please visit this webpage for instructions for running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

  • When the tool is finished, it will produce a report for you.
  • Please post the contents of C:\ComboFix.txt along with a new DDS log so we may continue cleaning the system.

Link to post
Share on other sites

  • 3 weeks later...
  • Staff

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.