Jump to content

Infected XP Pro Dell Laptop


Recommended Posts

Have some issues with this laptop and I'm sure as a mater of fact this is the place to come to for some expert help,I have had this problem for several days now and would like someone to give me some steps on what I should do to remove anymore bugs and maybe some redirecting of web pages and soforth and so on. I don't have a highjack this log but will run one later if asked to do so. I will continue to work on this myself along with alot of research and whatever else I can do to help my self. Some expert help will be just wonderful though and thanks to whomever would like to help me out here.

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 8.0.6001.18702

Run by Backup at 10:10:11 on 2011-10-08

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1555 [GMT -4:00]

.

AV: Avira Desktop *Enabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}

.

============== Running Processes ===============

.

C:\WINDOWS\system32\svchost -k DcomLaunch

C:\WINDOWS\system32\svchost -k rpcss

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

svchost.exe

svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe

C:\WINDOWS\Explorer.EXE

C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe

C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe

C:\WINDOWS\PixArt\PAC7302\Monitor.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Avira\AntiVir Desktop\avguard.exe

C:\WINDOWS\system32\svchost.exe -k hpdevmgmt

C:\WINDOWS\System32\svchost.exe -k HPZ12

C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe

C:\Program Files\CDBurnerXP\NMSAccessU.exe

C:\WINDOWS\System32\svchost.exe -k HPZ12

C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\Program Files\Avira\AntiVir Desktop\avshadow.exe

C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

C:\Program Files\Avira\AntiVir Desktop\sched.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

.

============== Pseudo HJT Report ===============

.

uDefault_Page_URL = hxxp://www.msn.com

uWindow Title = Internet Explorer, optimized for Bing and MSN

uURLSearchHooks: H - No File

BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File

BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll

BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: MSN Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn\toolbar\3.0.1125.0\msneshellx.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll

TB: MSN Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\program files\msn\toolbar\3.0.1125.0\msneshellx.dll

TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File

TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File

TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File

EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll

EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

mRun: [intelWireless] c:\program files\intel\wireless\bin\ifrmewrk.exe /tf Intel PROSet/Wireless

mRun: [PAC7302_Monitor] c:\windows\pixart\pac7302\Monitor.exe

mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min

dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t

IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office11\EXCEL.EXE/3000

IE: {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office11\REFIEBAR.DLL

IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll

IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll

LSP: mswsock.dll

DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab

DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab

DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab

DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1231283044828

DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} - hxxp://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab

DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab

DPF: {814EA0DA-E0D9-4AA4-833C-A1A6D38E79E9} - hxxp://das.microsoft.com/activate/cab/x86/i486/NTANSI/retail/DASAct.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab

TCP: DhcpNameServer = 209.18.47.61 209.18.47.62

TCP: Interfaces\{888D03B9-A843-41F5-A6B0-CD61DA206D06} : DhcpNameServer = 209.18.47.61 209.18.47.62

TCP: Interfaces\{9C87227F-D566-46C7-A232-398CC2149FF9} : DhcpNameServer = 209.18.47.61 209.18.47.62

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL

Notify: AtiExtEvent - Ati2evxx.dll

Notify: IntelWireless - c:\program files\intel\wireless\bin\LgNotify.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

mASetup: {A509B1FF-37FF-4bFF-8CFF-4F3A747040FF} - c:\windows\system32\rundll32.exe c:\windows\system32\advpack.dll,launchinfsectionex c:\program files\internet explorer\clrtour.inf,DefaultInstall.ResetTour,,12

.

============= SERVICES / DRIVERS ===============

.

R0 PzWDM;PzWDM;c:\windows\system32\drivers\PzWDM.sys [2009-5-8 15172]

R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [2011-10-4 36000]

R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [2010-12-21 115008]

R2 AntiVirSchedulerService;Avira Scheduler;c:\program files\avira\antivir desktop\sched.exe [2011-10-4 86224]

R2 AntiVirService;Avira Realtime Protection;c:\program files\avira\antivir desktop\avguard.exe [2011-10-4 110032]

R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2011-10-4 74640]

S2 ekrn;ESET Service;c:\program files\eset\eset smart security\ekrn.exe [2011-1-12 810144]

S3 MatSvc;Microsoft Automated Troubleshooting Service;c:\program files\microsoft fix it center\Matsvc.exe [2011-6-13 267568]

S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]

S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\46.tmp --> c:\windows\system32\46.tmp [?]

.

=============== Created Last 30 ================

.

2011-10-04 15:31:34 -------- d-----w- c:\documents and settings\backup.laptop.000\local settings\application data\FixItCenter

2011-10-04 15:25:27 -------- d-----w- c:\windows\MATS

2011-10-04 15:25:26 -------- d-----w- c:\program files\Microsoft Fix it Center

2011-10-04 14:51:04 -------- d-----w- c:\windows\system32\CatRoot2

2011-10-04 12:19:01 -------- d-----w- c:\documents and settings\backup.laptop.000\application data\Avira

2011-10-04 12:18:03 74640 ----a-w- c:\windows\system32\drivers\avgntflt.sys

2011-10-04 12:18:03 36000 ----a-w- c:\windows\system32\drivers\avkmgr.sys

2011-10-04 12:18:01 -------- d-----w- c:\program files\Avira

2011-10-04 12:18:01 -------- d-----w- c:\documents and settings\all users\application data\Avira

2011-10-04 09:58:20 22216 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-10-04 09:58:20 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-10-04 00:57:25 56400 ----a-w- c:\windows\system32\drivers\tmrkb.sys

2011-10-02 19:16:33 -------- d-----w- c:\program files\Trend Micro

2011-10-02 18:54:30 -------- d-----w- c:\documents and settings\all users\application data\Norton

2011-10-02 18:54:26 -------- d-----w- c:\documents and settings\all users\application data\NortonInstaller

2011-10-02 18:15:58 -------- d-----w- c:\program files\Microsoft ATS

2011-10-02 16:39:33 -------- d-----w- c:\program files\Sophos

2011-10-02 16:23:04 -------- d-----w- c:\documents and settings\backup.laptop.000\application data\f-secure

2011-10-02 16:22:42 -------- d-----w- c:\documents and settings\all users\application data\F-Secure

2011-10-02 15:43:19 -------- d-----w- c:\program files\Unlocker

2011-10-02 13:14:23 -------- d-----w- c:\documents and settings\backup.laptop.000\application data\Malwarebytes

2011-10-02 02:03:44 -------- d--h--w- c:\windows\system32\GroupPolicy

2011-10-02 02:02:40 -------- d-----w- c:\documents and settings\backup.laptop.000\local settings\application data\PCHealth

2011-10-02 01:39:18 -------- d-----w- C:\539e8e2e51e11ca3c47db889

2011-10-02 00:59:13 -------- d-----w- c:\documents and settings\backup.laptop.000\application data\ElevatedDiagnostics

2011-10-01 23:58:53 116224 -c--a-w- c:\windows\system32\dllcache\xrxwiadr.dll

2011-10-01 23:58:49 23040 -c--a-w- c:\windows\system32\dllcache\xrxwbtmp.dll

2011-10-01 23:58:47 18944 -c--a-w- c:\windows\system32\dllcache\xrxscnui.dll

2011-10-01 23:58:43 27648 -c--a-w- c:\windows\system32\dllcache\xrxftplt.exe

2011-10-01 23:58:38 4608 -c--a-w- c:\windows\system32\dllcache\xrxflnch.exe

2011-10-01 23:58:12 99865 -c--a-w- c:\windows\system32\dllcache\xlog.exe

2011-10-01 23:58:01 16970 -c--a-w- c:\windows\system32\dllcache\xem336n5.sys

2011-10-01 23:58:00 19455 -c--a-w- c:\windows\system32\dllcache\wvchntxx.sys

2011-10-01 23:57:55 12063 -c--a-w- c:\windows\system32\dllcache\wsiintxx.sys

2011-10-01 23:57:53 8192 -c--a-w- c:\windows\system32\dllcache\wshirda.dll

2011-10-01 23:57:31 8832 -c--a-w- c:\windows\system32\dllcache\wmiacpi.sys

2011-10-01 23:57:28 154624 -c--a-w- c:\windows\system32\dllcache\wlluc48.sys

2011-10-01 23:57:23 34890 -c--a-w- c:\windows\system32\dllcache\wlandrv2.sys

2011-10-01 23:57:12 771581 -c--a-w- c:\windows\system32\dllcache\winacisa.sys

2011-10-01 23:57:05 53760 -c--a-w- c:\windows\system32\dllcache\wiamsmud.dll

2011-10-01 23:55:56 249402 -c--a-w- c:\windows\system32\dllcache\vinwm.sys

2011-10-01 23:55:51 24576 -c--a-w- c:\windows\system32\dllcache\viairda.sys

2011-10-01 23:55:44 687999 -c--a-w- c:\windows\system32\dllcache\usrwdxjs.sys

2011-10-01 23:55:39 765884 -c--a-w- c:\windows\system32\dllcache\usrti.sys

2011-10-01 23:55:35 113762 -c--a-w- c:\windows\system32\dllcache\usrpda.sys

2011-10-01 23:55:30 7556 -c--a-w- c:\windows\system32\dllcache\usroslba.sys

2011-10-01 23:55:25 224802 -c--a-w- c:\windows\system32\dllcache\usr1807a.sys

2011-10-01 23:55:21 794399 -c--a-w- c:\windows\system32\dllcache\usr1806v.sys

2011-10-01 23:55:16 793598 -c--a-w- c:\windows\system32\dllcache\usr1806.sys

2011-10-01 23:55:12 794654 -c--a-w- c:\windows\system32\dllcache\usr1801.sys

2011-10-01 23:55:09 26112 -c--a-w- c:\windows\system32\dllcache\usbser.sys

2011-10-01 23:55:07 17152 -c--a-w- c:\windows\system32\dllcache\usbohci.sys

2011-10-01 23:55:05 32384 -c--a-w- c:\windows\system32\dllcache\usb101et.sys

2011-10-01 23:54:58 94720 -c--a-w- c:\windows\system32\dllcache\umaxud32.dll

2011-10-01 23:54:54 28160 -c--a-w- c:\windows\system32\dllcache\umaxu40.dll

2011-10-01 23:54:50 26624 -c--a-w- c:\windows\system32\dllcache\umaxu22.dll

2011-10-01 23:54:45 69632 -c--a-w- c:\windows\system32\dllcache\umaxu12.dll

2011-10-01 23:54:41 50688 -c--a-w- c:\windows\system32\dllcache\umaxscan.dll

2011-10-01 23:54:37 22912 -c--a-w- c:\windows\system32\dllcache\umaxpcls.sys

2011-10-01 23:54:32 50176 -c--a-w- c:\windows\system32\dllcache\umaxp60.dll

2011-10-01 23:54:28 47616 -c--a-w- c:\windows\system32\dllcache\umaxcam.dll

2011-10-01 23:54:24 211968 -c--a-w- c:\windows\system32\dllcache\um54scan.dll

2011-10-01 23:54:19 216064 -c--a-w- c:\windows\system32\dllcache\um34scan.dll

2011-10-01 23:54:13 11520 -c--a-w- c:\windows\system32\dllcache\twotrack.sys

2011-10-01 23:54:00 166784 -c--a-w- c:\windows\system32\dllcache\tridxpm.sys

2011-10-01 23:52:56 138528 -c--a-w- c:\windows\system32\dllcache\tgiulnt5.sys

2011-10-01 23:52:52 81408 -c--a-w- c:\windows\system32\dllcache\tgiul50.dll

2011-10-01 23:52:50 149376 -c--a-w- c:\windows\system32\dllcache\tffsport.sys

2011-10-01 23:52:45 17129 -c--a-w- c:\windows\system32\dllcache\tdkcd31.sys

2011-10-01 23:52:41 37961 -c--a-w- c:\windows\system32\dllcache\tdk100b.sys

2011-10-01 23:52:29 30464 -c--a-w- c:\windows\system32\dllcache\tbatm155.sys

2011-10-01 23:52:24 7040 -c--a-w- c:\windows\system32\dllcache\tandqic.sys

2011-10-01 23:52:20 36640 -c--a-w- c:\windows\system32\dllcache\t2r4mini.sys

2011-10-01 23:52:16 172768 -c--a-w- c:\windows\system32\dllcache\t2r4disp.dll

2011-10-01 23:52:09 94293 -c--a-w- c:\windows\system32\dllcache\sxports.dll

2011-10-01 23:52:05 103936 -c--a-w- c:\windows\system32\dllcache\sx.sys

2011-10-01 23:52:01 3968 -c--a-w- c:\windows\system32\dllcache\swusbflt.sys

2011-10-01 23:51:57 10240 -c--a-w- c:\windows\system32\dllcache\swpidflt.dll

2011-10-01 23:51:53 10240 -c--a-w- c:\windows\system32\dllcache\swpdflt2.dll

2011-10-01 23:51:49 53760 -c--a-w- c:\windows\system32\dllcache\sw_wheel.dll

2011-10-01 23:51:45 41472 -c--a-w- c:\windows\system32\dllcache\sw_effct.dll

2011-10-01 23:51:40 155648 -c--a-w- c:\windows\system32\dllcache\stlnprop.dll

2011-10-01 23:51:36 53248 -c--a-w- c:\windows\system32\dllcache\stlncoin.dll

2011-10-01 23:51:31 285760 -c--a-w- c:\windows\system32\dllcache\stlnata.sys

2011-10-01 23:51:27 16896 -c--a-w- c:\windows\system32\dllcache\stcusb.sys

2011-10-01 23:51:20 48736 -c--a-w- c:\windows\system32\dllcache\srwlnd5.sys

2011-10-01 23:51:15 99328 -c--a-w- c:\windows\system32\dllcache\srusd.dll

2011-10-01 23:51:04 24660 -c--a-w- c:\windows\system32\dllcache\spxupchk.dll

2011-10-01 23:49:59 24576 -c--a-w- c:\windows\system32\dllcache\smc8000n.sys

2011-10-01 23:48:57 68608 -c--a-w- c:\windows\system32\dllcache\sis6306p.sys

2011-10-01 23:48:52 252032 -c--a-w- c:\windows\system32\dllcache\sis300iv.dll

2011-10-01 23:48:48 101760 -c--a-w- c:\windows\system32\dllcache\sis300ip.sys

2011-10-01 23:48:32 161568 -c--a-w- c:\windows\system32\dllcache\sgsmusb.sys

2011-10-01 23:48:28 18400 -c--a-w- c:\windows\system32\dllcache\sgsmld.sys

2011-10-01 23:48:24 98080 -c--a-w- c:\windows\system32\dllcache\sgiulnt5.sys

2011-10-01 23:48:20 386560 -c--a-w- c:\windows\system32\dllcache\sgiul50.dll

2011-10-01 23:48:16 36480 -c--a-w- c:\windows\system32\dllcache\sfmanm.sys

2011-10-01 23:48:10 6784 -c--a-w- c:\windows\system32\dllcache\serscan.sys

2011-10-01 23:48:06 17664 -c--a-w- c:\windows\system32\dllcache\sermouse.sys

2011-10-01 23:46:59 210496 -c--a-w- c:\windows\system32\dllcache\s3mvirge.dll

2011-10-01 23:45:56 37563 -c--a-w- c:\windows\system32\dllcache\rlnet5.sys

2011-10-01 23:45:51 86097 -c--a-w- c:\windows\system32\dllcache\reslog32.dll

2011-10-01 23:45:38 19584 -c--a-w- c:\windows\system32\dllcache\rasirda.sys

2011-10-01 23:45:32 714762 -c--a-w- c:\windows\system32\dllcache\r2mdmkxx.sys

2011-10-01 23:45:29 899146 -c--a-w- c:\windows\system32\dllcache\r2mdkxga.sys

2011-10-01 23:45:24 41472 -c--a-w- c:\windows\system32\dllcache\qvusd.dll

2011-10-01 23:45:21 3328 -c--a-w- c:\windows\system32\dllcache\qv2kux.sys

2011-10-01 23:45:12 6016 -c--a-w- c:\windows\system32\dllcache\qic157.sys

2011-10-01 23:45:06 130942 -c--a-w- c:\windows\system32\dllcache\ptserlv.sys

2011-10-01 23:45:03 112574 -c--a-w- c:\windows\system32\dllcache\ptserlp.sys

2011-10-01 23:43:51 259328 -c--a-w- c:\windows\system32\dllcache\perm3dd.dll

2011-10-01 23:42:58 39424 -c--a-w- c:\windows\system32\dllcache\ovcoms.exe

2011-10-01 23:41:53 51552 -c--a-w- c:\windows\system32\dllcache\ntgrip.sys

2011-10-01 23:41:47 9344 -c--a-w- c:\windows\system32\dllcache\ntapm.sys

2011-10-01 23:41:44 7552 -c--a-w- c:\windows\system32\dllcache\nsmmc.sys

2011-10-01 23:41:42 28672 -c--a-w- c:\windows\system32\dllcache\nscirda.sys

2011-10-01 23:41:37 87040 -c--a-w- c:\windows\system32\dllcache\nm6wdm.sys

2011-10-01 23:41:34 126080 -c--a-w- c:\windows\system32\dllcache\nm5a2wdm.sys

2011-10-01 23:41:28 32840 -c--a-w- c:\windows\system32\dllcache\ngrpci.sys

2011-10-01 23:41:21 132695 -c--a-w- c:\windows\system32\dllcache\netwlan5.sys

2011-10-01 23:41:15 65278 -c--a-w- c:\windows\system32\dllcache\netflx3.sys

2011-10-01 23:41:11 39264 -c--a-w- c:\windows\system32\dllcache\neo20xx.sys

2011-10-01 23:41:08 60480 -c--a-w- c:\windows\system32\dllcache\neo20xx.dll

2011-10-01 23:41:04 15872 -c--a-w- c:\windows\system32\dllcache\ne2000.sys

2011-10-01 23:39:59 49024 -c--a-w- c:\windows\system32\dllcache\mstape.sys

2011-10-01 23:39:53 12416 -c--a-w- c:\windows\system32\dllcache\msriffwv.sys

2011-10-01 23:39:44 2944 -c--a-w- c:\windows\system32\dllcache\msmpu401.sys

2011-10-01 23:39:42 22016 -c--a-w- c:\windows\system32\dllcache\msircomm.sys

2011-10-01 23:39:26 35200 -c--a-w- c:\windows\system32\dllcache\msgame.sys

2011-10-01 23:39:22 6016 -c--a-w- c:\windows\system32\dllcache\msfsio.sys

2011-10-01 23:39:20 51200 -c--a-w- c:\windows\system32\dllcache\msdv.sys

2011-10-01 23:38:55 15232 -c--a-w- c:\windows\system32\dllcache\mpe.sys

2011-10-01 23:38:49 16128 -c--a-w- c:\windows\system32\dllcache\modemcsa.sys

2011-10-01 23:38:42 6528 -c--a-w- c:\windows\system32\dllcache\miniqic.sys

2011-10-01 23:38:36 320384 -c--a-w- c:\windows\system32\dllcache\mgaum.sys

2011-10-01 23:38:32 235648 -c--a-w- c:\windows\system32\dllcache\mgaud.dll

2011-10-01 23:38:30 26112 -c--a-w- c:\windows\system32\dllcache\memstpci.sys

2011-10-01 23:38:26 47616 -c--a-w- c:\windows\system32\dllcache\memgrp.dll

2011-10-01 23:38:23 8320 -c--a-w- c:\windows\system32\dllcache\memcard.sys

2011-10-01 23:38:13 164586 -c--a-w- c:\windows\system32\dllcache\mdgndis5.sys

2011-10-01 23:38:07 7424 -c--a-w- c:\windows\system32\dllcache\mammoth.sys

2011-10-01 23:38:02 48768 -c--a-w- c:\windows\system32\dllcache\maestro.sys

2011-10-01 23:36:57 48640 -c--a-w- c:\windows\system32\dllcache\kdsui.dll

2011-10-01 23:36:57 253952 -c--a-w- c:\windows\system32\dllcache\kdsusd.dll

2011-10-01 23:36:43 8192 -c--a-w- c:\windows\system32\dllcache\kbdkor.dll

2011-10-01 23:36:40 8704 -c--a-w- c:\windows\system32\dllcache\kbdjpn.dll

2011-10-01 23:36:26 6144 -c--a-w- c:\windows\system32\dllcache\kbd106.dll

2011-10-01 23:36:23 5632 -c--a-w- c:\windows\system32\dllcache\kbd103.dll

2011-10-01 23:36:19 6144 -c--a-w- c:\windows\system32\dllcache\kbd101c.dll

2011-10-01 23:36:16 6144 -c--a-w- c:\windows\system32\dllcache\kbd101b.dll

2011-10-01 23:36:07 26624 -c--a-w- c:\windows\system32\dllcache\irstusb.sys

2011-10-01 23:36:04 18688 -c--a-w- c:\windows\system32\dllcache\irsir.sys

2011-10-01 23:36:03 28160 -c--a-w- c:\windows\system32\dllcache\irmon.dll

2011-10-01 23:36:00 23552 -c--a-w- c:\windows\system32\dllcache\irmk7.sys

2011-10-01 23:36:00 151552 -c--a-w- c:\windows\system32\dllcache\irftp.exe

2011-10-01 23:35:59 88192 -c--a-w- c:\windows\system32\dllcache\irda.sys

2011-10-01 23:35:53 45632 -c--a-w- c:\windows\system32\dllcache\ip5515.sys

2011-10-01 23:35:50 90200 -c--a-w- c:\windows\system32\dllcache\io8ports.dll

2011-10-01 23:35:46 38784 -c--a-w- c:\windows\system32\dllcache\io8.sys

2011-10-01 23:35:43 13056 -c--a-w- c:\windows\system32\dllcache\inport.sys

2011-10-01 23:35:11 372824 -c--a-w- c:\windows\system32\dllcache\iconf32.dll

2011-10-01 23:35:08 100992 -c--a-w- c:\windows\system32\dllcache\icam5usb.sys

2011-10-01 23:35:05 20480 -c--a-w- c:\windows\system32\dllcache\icam5ext.dll

2011-10-01 23:35:02 45056 -c--a-w- c:\windows\system32\dllcache\icam5com.dll

2011-10-01 23:33:58 488383 -c--a-w- c:\windows\system32\dllcache\hsf_v124.sys

2011-10-01 23:32:58 93696 -c--a-w- c:\windows\system32\dllcache\hpgt42.dll

2011-10-01 23:31:59 454912 -c--a-w- c:\windows\system32\dllcache\fxusbase.sys

2011-10-01 23:30:57 34816 -c--a-w- c:\windows\system32\dllcache\esuimg.dll

2011-10-01 23:29:59 66591 -c--a-w- c:\windows\system32\dllcache\el90xbc5.sys

2011-10-01 23:28:59 102484 -c--a-w- c:\windows\system32\dllcache\digiinf.dll

2011-10-01 23:27:59 175104 -c--a-w- c:\windows\system32\dllcache\csamsp.dll

2011-10-01 23:26:43 13824 -c--a-w- c:\windows\system32\dllcache\bulltlp3.sys

2011-10-01 23:25:59 96128 -c--a-w- c:\windows\system32\dllcache\ati.dll

2011-10-01 23:24:56 66048 -c--a-w- c:\windows\system32\dllcache\s3legacy.dll

2011-10-01 21:57:09 -------- d--h--w- c:\windows\PIF

2011-10-01 20:54:25 -------- d-----w- c:\documents and settings\backup.laptop.000\application data\WinPatrol

2011-10-01 02:44:14 -------- d-----w- c:\documents and settings\backup.laptop.000\local settings\application data\ESET

2011-10-01 02:44:14 -------- d-----w- c:\documents and settings\backup.laptop.000\application data\ESET

2011-10-01 02:42:48 -------- d-----w- c:\program files\ESET

2011-10-01 02:05:17 -------- d-----w- c:\documents and settings\backup.laptop.000\local settings\application data\Temp

2011-10-01 02:05:17 -------- d-----w- c:\documents and settings\backup.laptop.000\local settings\application data\Adobe

2011-09-30 00:34:10 -------- d-----w- c:\documents and settings\all users\application data\InstallMate

2011-09-29 11:01:05 -------- d-sh--w- c:\documents and settings\backup.laptop.000\IECompatCache

2011-09-29 10:50:24 -------- d-sh--w- c:\documents and settings\backup.laptop.000\PrivacIE

2011-09-29 10:48:20 -------- d-sh--w- c:\documents and settings\backup.laptop.000\IETldCache

2011-09-29 10:35:38 -------- d-----w- c:\program files\CCleaner

2011-09-24 18:16:25 -------- d-----w- c:\windows\system32\wbem\repository\FS

2011-09-24 18:16:25 -------- d-----w- c:\windows\system32\wbem\Repository

2011-09-22 00:17:22 -------- d-----w- c:\program files\FMS(2)

2011-09-13 22:53:54 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

.

==================== Find3M ====================

.

2011-09-09 09:12:13 599040 ----a-w- c:\windows\system32\crypt32.dll

2011-09-03 10:17:37 599040 ----a-w- c:\windows\system32\crypt32(3).dll

2011-07-19 09:05:24 472808 ----a-w- c:\windows\system32\deployJava1.dll

2011-07-19 06:40:05 73728 ----a-w- c:\windows\system32\javacpl.cpl

2011-07-15 13:29:31 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys

.

============= FINISH: 10:12:28.20 ===============

attach.zip

ark.zip

Link to post
Share on other sites

  • Staff

Hi and welcome to Malwarebytes.

Please update MBAM, run a Quick Scan, and post its log.

Next, please visit this webpage for instructions for running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

  • When the tool is finished, it will produce a report for you.
  • Please post the contents of C:\ComboFix.txt along with a new DDS log so we may continue cleaning the system.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.