It seems I am infected...

[Hyouten]

Hello!

Last night while trying to watch an anime episode hosted at a website called tu.tv, I got attacked by malware. A random software called Guard Online started installing itself. AVG Resident Shield quickly reacted and "removed the threat" although the fake installation continued. I ran Rkill to stop the installation so I can proceed to run Mbam and Spybot. Both of them picked up malicious items and had the programs delete whatever they picked up. I have had instances of these before so I thought I was done, called it a night and went to sleep.

This morning, when I started my computer, I noticed through my cpu/ram gauge desktop widget that the cpu usage is being consistently 100% and the ram usage is around 80-ish percent. I checked task manager and initially didn't find any process running with 90+ percent usage. I opened firefox to do my daily routine (check email, facebook, etc) and did not encounter any problems. When I went to search IMDB on google, I got redirected to a random website instead of going to imdb.com. At this point the cpu usage was still at 100% so I decided to run mbam and spybot again. Mbam picked nothing, spybot got one, so I had spybot take care of the problem. I also cleared my cookies thinking that it would solve the redirecting problem. It did not. At this point, the cpu usage is still at 100% so I opened task manager again, clicked on "Show processes from all users", and I saw that ping.exe is using about 98% of my cpu. Every now and then, avg would block a threat generated by this ping.exe from the sysWOW64 folder (I attached a screenshot of an instance of this happening). I ran AVG's antivirus and anti-rootkit scans and they picked up nothing.

So now I am here seeking assistance for this problem. I will be attaching the initial mbam log from last night (right after the attack happened) since any other mbam scans after that does not pick up anything anymore. Also in the zipfile will be the dds and gmer logs.

Thank you in advance for the help!

~Franceen

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft Windows 7 Home Premium

Boot Device: \Device\HarddiskVolume2

Install Date: 2/18/2010 7:21:24 PM

System Uptime: 10/9/2011 11:09:21 AM (2 hours ago)

.

Motherboard: Dell Inc. | | 0G848F

Processor: Pentium® Dual-Core CPU T4400 @ 2.20GHz | Microprocessor | 2200/200mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 218 GiB total, 138.121 GiB free.

D: is CDROM ()

.

==== Disabled Device Manager Items =============

.

Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}

Description: Windows Firewall Authorization Driver

Device ID: ROOT\LEGACY_MPSDRV\0000

Manufacturer:

Name: Windows Firewall Authorization Driver

PNP Device ID: ROOT\LEGACY_MPSDRV\0000

Service: mpsdrv

.

==== System Restore Points ===================

.

RP204: 9/25/2011 1:24:10 PM - Scheduled Checkpoint

RP205: 9/28/2011 1:05:13 AM - Windows Update

RP206: 9/29/2011 6:44:27 PM - Windows Update

RP207: 10/6/2011 8:46:21 PM - Scheduled Checkpoint

RP208: 10/8/2011 11:43:16 AM - Installed AVG 2012

RP209: 10/8/2011 11:44:18 AM - Installed AVG 2012

.

==== Installed Programs ======================

.

Update for Microsoft Office 2007 (KB2508958)

ABBYY FineReader 6.0 Sprint

Adobe AIR

Adobe Download Manager

Adobe Flash Player 10 ActiveX

Adobe Flash Player 10 Plugin

Adobe Media Player

Adobe Reader 9.3

Advanced Audio FX Engine

Akamai NetSession Interface

Apple Application Support

Apple Software Update

Audacity 1.2.6

Auslogics Disk Defrag

Cisco EAP-FAST Module

Cisco LEAP Module

Cisco PEAP Module

Citrix online plug-in (Web)

Compatibility Pack for the 2007 Office system

Dell Communications (Support Software)

Dell DataSafe Local Backup

Dell DataSafe Local Backup - Support Software

Dell Getting Started Guide

Dell Support Center (Support Software)

Dell Webcam Central

Dev-C++ 5 beta 9 release (4.9.9.2)

Facebook Plug-In

Google Toolbar for Internet Explorer

Google Update Helper

GoToAssist 8.0.0.514

Hotfix for Microsoft Visual C++ 2010 Express - ENU (KB2455033)

IVI Shared Component

IVI Shared Components

Java Auto Updater

Java 6 Update 26

Juniper Networks Cache Cleaner 6.4.0

Juniper Networks Host Checker

Juniper Networks, Inc. Setup Client

Junk Mail filter update

La Tale

LAME v3.98.3 for Audacity

Lexmark Skin: Helix

Lexmark Skin: Machine1

Lexmark Skin: PotatoSkin

Live! Cam Avatar Creator

Mabinogi

Magic DVD Ripper V5.5.0

Malwarebytes' Anti-Malware version 1.51.2.1300

Matrix PPP v3.9

Media Go

Media Go Video Playback Engine 1.64.104.02270

Microsoft .NET Framework 4 Multi-Targeting Pack

Microsoft Application Error Reporting

Microsoft Choice Guard

Microsoft Office 2007 Service Pack 2 (SP2)

Microsoft Office Access MUI (English) 2007

Microsoft Office Access Setup Metadata MUI (English) 2007

Microsoft Office Enterprise 2007

Microsoft Office Excel MUI (English) 2007

Microsoft Office File Validation Add-In

Microsoft Office Groove MUI (English) 2007

Microsoft Office Groove Setup Metadata MUI (English) 2007

Microsoft Office InfoPath MUI (English) 2007

Microsoft Office OneNote MUI (English) 2007

Microsoft Office Outlook MUI (English) 2007

Microsoft Office PowerPoint MUI (English) 2007

Microsoft Office Proof (English) 2007

Microsoft Office Proof (French) 2007

Microsoft Office Proof (Spanish) 2007

Microsoft Office Proofing (English) 2007

Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

Microsoft Office Publisher MUI (English) 2007

Microsoft Office Shared MUI (English) 2007

Microsoft Office Shared Setup Metadata MUI (English) 2007

Microsoft Office Suite Activation Assistant

Microsoft Office Word MUI (English) 2007

Microsoft Search Enhancement Pack

Microsoft Silverlight

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft SQL Server Compact 3.5 SP2 ENU

Microsoft Sync Framework Runtime Native v1.0 (x86)

Microsoft Sync Framework Services Native v1.0 (x86)

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Visual C++ 2010 Express - ENU

Microsoft Works

Mozilla Firefox 7.0.1 (x86 en-US)

MSVCRT

MSVCRT Redists

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

MyScribe

National Instruments IVI Specific Drivers

National Instruments Software

NI-DIM 1.7.0f0

NI-IVI Provider for MAX

NI-ORB 1.7.0f0

NI-PAL 2.1.0f1

NI-RPC 3.4.0f1

NI-RPC 3.4.0f1 for Phar Lap ETS

NI-VISA Runtime 4.2

NI AFW Channel Configuration Tool

NI Assistant Framework

NI Assistant Framework LabVIEW Code Generator 6.1

NI Assistant Framework LabVIEW Code Generator 7.0

NI Assistant Framework LabVIEW Code Generator 7.1

NI Assistant Framework LabVIEW Code Generator 8.0

NI Assistant Framework LabVIEW Code Generator 8.2

NI Assistant Framework LabVIEW Code Generator 8.5

NI Certificates Deployment Support

NI EULA Depot

NI Help Assistant

NI IVI Class Drivers

NI IVI Class Simulation Drivers

NI IVI Compliance Package 3.1

NI IVI Engine

NI IVI Online Help

NI IVI Specific Driver OEM ARP

NI LabVIEW Broker

NI LabVIEW EWB DeviceHandler 251

NI LabVIEW Real-Time Error Dialog

NI LabVIEW Real-Time FIFO for Runtime

NI LabVIEW Run-Time Engine 7.1.1

NI LabVIEW Run-Time Engine 8.0.1

NI LabVIEW Run-Time Engine 8.2.1

NI LabVIEW Run-Time Engine 8.5

NI LabVIEW SignalExpress 2.5.1

NI LabVIEW SignalExpress 2.5.1 Core

NI LabVIEW SignalExpress 2.5.1 Datatypes

NI LabVIEW SignalExpress 2.5.1 Licenses

NI LabVIEW SignalExpress 2.5.1 Steps

NI LabVIEW SignalExpress 2.5.1 Tektronix Edition

NI LabVIEW SignalExpress 2.5.1 Tools

NI LabVIEW SignalExpress Tektronix Edition 2.5 Licenses

NI LabWindows/CVI Code Generator

NI License Manager

NI Logos 4.9

NI Logos XT Support

NI LVBrokerAux 8.2.1

NI LVBrokerAux 8.5.0

NI LVBrokerAux71

NI LVBrokerAux8.0

NI Math Kernel Libraries

NI MDF Support

NI Measurement & Automation Explorer 4.3

NI Measurement Studio 8.1 Enterprise RunTime for VS2005

NI Measurement Studio Common .NET Language Assemblies for the .NET Framework 2.0

NI Measurement Studio Recipe Processor

NI MXS

NI OPC Support

NI Portable Configuration

NI Registration Wizard

NI Remote Provider for MAX

NI Remote PXI Provider for MAX

NI Service Locator

NI Software Provider for MAX

NI Spy 2.6.0

NI TDMS

NI tkafg3k CVI part

NI tkafg3k IVI Specific Driver

NI tkdpo2k CVI part

NI tkdpo2k IVI Specific Driver

NI tkdpo4k CVI part

NI tkdpo4k IVI Specific Driver

NI tkds30xx CVI part

NI tkds30xx IVI Specific Driver

NI tkds5000 CVI part

NI tkds5000 IVI Specific Driver

NI tktds1k2k CVI part

NI tktds1k2k IVI Specific Driver

NI Uninstaller

NI Variable Engine

NI VC2005MSMs x86

Octoshape add-in for Adobe Flash Player

OGPlanet Game Launcher

OpenChoice PC Communication Software

OpenChoice TekVISA

PlayStation®Network Downloader

PlayStation®Store

Pokemon Online 1.0.20

PowerDVD DX

Print to Fax

Puzzle Pirates

Puzzle Pirates Automated OCR 5.0.30

QuickTime

Roxio Burn

Security Task Manager 1.8d

Security Update for 2007 Microsoft Office System (KB2288621)

Security Update for 2007 Microsoft Office System (KB2288931)

Security Update for 2007 Microsoft Office System (KB2345043)

Security Update for 2007 Microsoft Office System (KB2553074)

Security Update for 2007 Microsoft Office System (KB2553089)

Security Update for 2007 Microsoft Office System (KB2553090)

Security Update for 2007 Microsoft Office System (KB2584063)

Security Update for 2007 Microsoft Office System (KB969559)

Security Update for 2007 Microsoft Office System (KB976321)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Extended (KB2416472)

Security Update for Microsoft .NET Framework 4 Extended (KB2487367)

Security Update for Microsoft Office Access 2007 (KB979440)

Security Update for Microsoft Office Excel 2007 (KB2553073)

Security Update for Microsoft Office Groove 2007 (KB2552997)

Security Update for Microsoft Office InfoPath 2007 (KB2510061)

Security Update for Microsoft Office InfoPath 2007 (KB979441)

Security Update for Microsoft Office PowerPoint 2007 (KB2535818)

Security Update for Microsoft Office PowerPoint Viewer 2007 (KB2464623)

Security Update for Microsoft Office Publisher 2007 (KB2284697)

Security Update for Microsoft Office system 2007 (972581)

Security Update for Microsoft Office system 2007 (KB974234)

Security Update for Microsoft Office Visio Viewer 2007 (KB973709)

Security Update for Microsoft Office Word 2007 (KB2344993)

Security Update for Microsoft Visual C++ 2010 Express - ENU (KB2251489)

Skype Toolbars

Skype™ 4.2

Spybot - Search & Destroy

System Requirements Lab for Intel

Update for 2007 Microsoft Office System (KB2284654)

Update for 2007 Microsoft Office System (KB967642)

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2473228)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Extended (KB2468871)

Update for Microsoft .NET Framework 4 Extended (KB2533523)

Update for Microsoft Office 2007 Help for Common Features (KB963673)

Update for Microsoft Office 2007 System (KB2539530)

Update for Microsoft Office Access 2007 Help (KB963663)

Update for Microsoft Office Excel 2007 Help (KB963678)

Update for Microsoft Office Infopath 2007 Help (KB963662)

Update for Microsoft Office OneNote 2007 (KB980729)

Update for Microsoft Office OneNote 2007 Help (KB963670)

Update for Microsoft Office Outlook 2007 (KB2583910)

Update for Microsoft Office Outlook 2007 Help (KB963677)

Update for Microsoft Office Powerpoint 2007 Help (KB963669)

Update for Microsoft Office Publisher 2007 Help (KB963667)

Update for Microsoft Office Script Editor Help (KB963671)

Update for Microsoft Office Word 2007 Help (KB963665)

Update for Outlook 2007 Junk Email Filter (KB2553110)

Vegas Pro 10.0

Ventrilo Client

Visual C++ 8.0 Runtime Setup Package (x64)

Visual Studio 2008 x64 Redistributables

VitalSource Bookshelf

Windows Live Call

Windows Live Communications Platform

Windows Live Essentials

Windows Live Mail

Windows Live Messenger

Windows Live Movie Maker

Windows Live Photo Gallery

Windows Live Sign-in Assistant

Windows Live Sync

Windows Live Toolbar

Windows Live Upload Tool

Windows Live Writer

Windows Media Player Firefox Plugin

.

==== Event Viewer Messages From Past Week ========

.

10/9/2011 11:17:39 AM, Error: Service Control Manager [7024] - The HomeGroup Listener service terminated with service-specific error %%-2147023143.

10/9/2011 11:09:59 AM, Error: Service Control Manager [7000] - The NTPort Library Driver service failed to start due to the following error: The system cannot find the file specified.

10/9/2011 11:09:57 AM, Error: Service Control Manager [7003] - The SBSD Security Center Service service depends the following service: wscsvc. This service might not be installed.

10/9/2011 11:09:47 AM, Error: Service Control Manager [7001] - The Windows Firewall service depends on the Windows Firewall Authorization Driver service which failed to start because of the following error: Cannot create a file when that file already exists.

10/9/2011 11:09:47 AM, Error: Service Control Manager [7000] - The Windows Firewall Authorization Driver service failed to start due to the following error: Cannot create a file when that file already exists.

10/9/2011 11:09:47 AM, Error: Service Control Manager [7000] - The cvintdrv service failed to start due to the following error: This driver has been blocked from loading

10/9/2011 11:09:47 AM, Error: Application Popup [1060] - \SystemRoot\SysWow64\Drivers\cvintdrv.SYS has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

.

==== End Of File ===========================

mbam-log-2011-10-09 (03-19-54).txt

DDS Logs.zip

[Hyouten]

Kindly bumping the topic since it has been 48 hours.

While we're at the topic, I just want to ask something. In the past 2 days I have looked in other threads as well, just observing how problems similar to mine are dealt with. I noticed that since my problem could be possible be a rootkit infection, it's clear that computer can't be trusted again. If this is the case, a clean wipe of the drive would be recommended. My questions is, what is the probability of the rootkit (the variant that infected me) surviving the wipe? If it won't survive, what is the best way to do the wipe to make sure there is no remnants left behind? I have no qualms about reformatting and/or reinstalling Windows considering how I have done this on two different computers in the past.

Thanks in advance!

[LDTate]

If you're sure you have a RootKit infection reformatting and reinstalling Windows is the way to go.

[Hyouten]

Hi Larry,

Thanks for the confirmation. I will just go ahead then and reformat/reinstall to play it safe.

This thread can be closed.

[LDTate]

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!