Jump to content

Please help with possible infection


Recommended Posts

This is a result of the post I made <a href="http://forums.malwarebytes.org/index.php?showtopic=98124">here</a> yesterday. I have also noticed I couple of oddities while running Facebook (I only use it because of work!) where the computer slows down after about 15-20 minutes with a FB page open. Yesterday I noticed, when adding a comment to a photo, that there was strange hover text when I hovered the mouse over the comment field. That is also attached, and is what prompted me to start investigating a possible issue with my computer more. Thanks in advance.

Any input would be greatly appreciated. :)

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 8.0.6001.18702

Run by ergibbs at 8:28:16 on 2011-10-21

Microsoft® Windows Vista™ Ultimate 6.0.6000.0.1252.1.1033.18.3032.1158 [GMT -6:00]

.

.

============== Running Processes ===============

.

C:\PROGRA~1\AVG\AVG2012\avgrsx.exe

C:\Program Files\AVG\AVG2012\avgcsrvx.exe

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k rpcss

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_0145da1d\STacSV.exe

C:\Windows\system32\svchost.exe -k GPSvcGroup

C:\Windows\system32\SLsvc.exe

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\taskeng.exe

C:\Windows\system32\Dwm.exe

C:\Windows\system32\taskeng.exe

C:\Windows\Explorer.EXE

C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_0145da1d\aestsrv.exe

C:\Program Files\AVG\AVG2012\avgwdsvc.exe

C:\Windows\System32\svchost.exe -k LPDService

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Windows\system32\IoctlSvc.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\svchost.exe -k imgsvc

C:\Windows\system32\svchost.exe -k iissvcs

C:\Windows\System32\svchost.exe -k WerSvcGroup

C:\WINDOWS\System32\WLTRYSVC.EXE

C:\Windows\system32\SearchIndexer.exe

C:\WINDOWS\System32\bcmwltry.exe

C:\Windows\system32\RUNDLL32.EXE

C:\Program Files\DellTPad\Apoint.exe

C:\Windows\System32\WLTRAY.EXE

C:\Program Files\IDT\WDM\sttray.exe

C:\Windows\System32\igfxtray.exe

C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files\AVG\AVG2012\avgtray.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\Skype\Phone\Skype.exe

C:\Program Files\AVG\AVG2012\avgnsx.exe

C:\Windows\system32\igfxsrvc.exe

C:\Program Files\DellTPad\ApMsgFwd.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files\DellTPad\HidFind.exe

C:\Program Files\DellTPad\Apntex.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe

C:\Windows\system32\Macromed\Flash\FlashUtil10w_ActiveX.exe

C:\Program Files\Mozilla Thunderbird\thunderbird.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Google\Update\GoogleUpdate.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Windows\system32\conime.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.cnn.com/

uURLSearchHooks: H - No File

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg2012\avgssie.dll

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.6406.1642\swg.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

TB: {BA14329E-9550-4989-B3F2-9732E92D17CC} - No File

uRun: [sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun

uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"

uRun: [skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized

mRun: [Apoint] c:\program files\delltpad\Apoint.exe

mRun: [broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe

mRun: [sysTrayApp] c:\program files\idt\wdm\sttray.exe

mRun: [igfxTray] c:\windows\system32\igfxtray.exe

mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe

mRun: [Persistence] c:\windows\system32\igfxpers.exe

mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe"

mRun: [switchBoard] c:\program files\common files\adobe\switchboard\SwitchBoard.exe

mRun: [AdobeCS5ServiceManager] "c:\program files\common files\adobe\cs5servicemanager\CS5ServiceManager.exe" -launchedbylogin

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray

mRun: [AVG_TRAY] "c:\program files\avg\avg2012\avgtray.exe"

uPolicies-explorer: NoWinKeys = 1 (0x1)

IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL

DPF: {0B9E2AA8-7A58-45E2-B907-56F136DA1EA2} - hxxps://www.bnonline.fi.cr/wa/authmech/base/WebActiveX.cab

DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab

DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} - hxxps://support.dell.com/systemprofiler/SysProExe.CAB

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab

TCP: DhcpNameServer = 186.32.0.99 196.40.3.8

TCP: Interfaces\{090A9F90-0299-4403-B009-46F85187AA69} : DhcpNameServer = 186.32.0.99 196.40.3.8

TCP: Interfaces\{3D1416A0-9D0D-4E64-9F46-6BD13CB87809} : DhcpNameServer = 186.32.0.99 196.40.3.8

Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg2012\avgpp.dll

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

Notify: igfxcui - igfxdev.dll

.

============= SERVICES / DRIVERS ===============

.

R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2011-7-11 23120]

R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2011-9-13 32592]

R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2011-7-11 229840]

R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-8-8 40016]

R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2011-7-11 295248]

R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2011-6-6 64952]

R2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\driverstore\filerepository\stwrt.inf_0145da1d\AEstSrv.exe [2011-9-13 81920]

R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2012\AVGIDSAgent.exe [2011-9-12 5265248]

R2 avgwd;AVG WatchDog;c:\program files\avg\avg2012\avgwdsvc.exe [2011-8-2 192776]

R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-10-18 366152]

R2 yksvc;Marvell Yukon Service;RUNDLL32.EXE ykx32coinst,serviceStartProc --> RUNDLL32.EXE ykx32coinst,serviceStartProc [?]

R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2011-7-11 134736]

R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2011-7-11 24272]

R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2011-7-11 16720]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-10-18 22216]

R3 OA009Ufd;Creative Camera OA009 Upper Filter Driver;c:\windows\system32\drivers\OA009Ufd.sys [2009-3-6 133632]

R3 OA009Vid;Creative Camera OA009 Function Driver;c:\windows\system32\drivers\OA009Vid.sys [2009-3-19 271552]

R3 RSUSBSTOR;RTS5121.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RTS5121.sys [2011-9-13 160256]

S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-9-13 136176]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-9-13 136176]

S3 SwitchBoard;Adobe SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]

.

=============== Created Last 30 ================

.

2011-10-20 19:38:23 -------- d-----w- c:\program files\MALWAREBYTES ANTI-MALWARE

2011-10-20 16:10:27 -------- d--h--w- C:\$AVG

2011-10-20 15:05:08 -------- d-----w- c:\users\ergibbs\appdata\roaming\AVG2012

2011-10-20 15:04:30 -------- d--h--w- c:\programdata\Common Files

2011-10-20 15:03:21 -------- d-----w- c:\windows\system32\drivers\AVG

2011-10-20 15:03:21 -------- d-----w- c:\programdata\AVG2012

2011-10-20 15:02:24 -------- d-----w- c:\program files\AVG

2011-10-20 14:58:04 -------- d-----w- c:\programdata\MFAData

2011-10-18 19:20:20 -------- d-----w- c:\users\ergibbs\appdata\roaming\Malwarebytes

2011-10-18 19:20:12 -------- d-----w- c:\programdata\Malwarebytes

2011-10-18 19:20:09 22216 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-10-18 19:20:09 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-10-17 18:21:27 -------- d---a-w- C:\win7

2011-10-07 16:44:45 -------- d-----w- c:\program files\VideoLAN

2011-10-06 20:16:14 -------- d-----w- C:\OutputFolder

2011-10-06 20:16:06 -------- d-----w- c:\program files\Digiarty

2011-10-05 15:41:13 472808 ----a-w- c:\windows\system32\deployJava1.dll

2011-10-04 16:39:21 -------- d-----w- c:\users\ergibbs\appdata\roaming\GetRightToGo

2011-09-26 22:08:20 -------- d-----w- c:\users\ergibbs\appdata\roaming\TeraCopy

2011-09-26 22:08:17 -------- d-----w- c:\program files\TeraCopy

2011-09-22 16:24:23 212240 ----a-w- c:\windows\system32\Richtx32.ocx

2011-09-22 16:24:23 196608 ----a-w- c:\windows\system32\Utility.dll

2011-09-22 16:24:23 117507 ----a-w- c:\windows\system32\msinet.ocx

2011-09-22 16:24:14 -------- d-----w- c:\programdata\123PDF

2011-09-22 16:24:13 348160 ----a-w- c:\windows\system32\MSVCR71.DLL

2011-09-22 16:14:36 -------- d--h--w- c:\programdata\QPOCRTemp

2011-09-22 16:14:35 -------- d-----w- C:\QuickPDFConverterSuite

2011-09-22 16:14:35 -------- d-----w- c:\programdata\QuickPDFSuite

2011-09-22 16:03:31 139264 ----a-w- c:\windows\system32\gswin32c.exe

2011-09-22 16:03:29 2309120 ----a-w- c:\windows\system32\pdftk.exe

2011-09-22 16:03:29 -------- d--h--w- c:\programdata\OCRTemp

2011-09-22 16:03:29 -------- d-----w- c:\windows\system32\gs

2011-09-22 16:03:28 1497936 ----a-w- c:\windows\system32\msvcr100d.dll

2011-09-22 16:03:26 -------- d-----w- c:\programdata\DocSmartz

2011-09-22 16:03:26 -------- d-----w- C:\DocSmartzPlatinum

2011-09-22 16:03:25 368912 ----a-w- c:\windows\system32\vbar332.dll

2011-09-22 16:03:25 140288 ----a-w- c:\windows\system32\COMDLG32.OCX

2011-09-21 18:40:13 -------- d-----w- c:\program files\Tracker Software

.

==================== Find3M ====================

.

2011-10-07 21:38:43 60 ----a-w- c:\windows\wpd99.drv

2011-09-16 20:31:15 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-09-14 19:19:47 445008 ----a-w- c:\windows\system32\drivers\Wdf01000.sys

2011-09-14 19:19:47 38480 ----a-w- c:\windows\system32\drivers\WdfLdr.sys

2011-09-14 19:19:47 2560 ----a-w- c:\windows\system32\drivers\en-us\wdf01000.sys.mui

2011-09-14 18:22:03 378368 ----a-w- c:\windows\system32\winhttp.dll

2011-09-14 18:18:56 268800 ----a-w- c:\windows\system32\es.dll

2011-09-14 18:17:04 229888 ----a-w- c:\windows\system32\msshsq.dll

2011-09-14 18:15:59 4164096 ----a-w- c:\windows\system32\NlsLexicons0002.dll

2011-09-14 18:13:53 1585664 ----a-w- c:\windows\system32\setupapi.dll

2011-09-14 18:12:15 36864 ----a-w- c:\windows\system32\drivers\en-us\http.sys.mui

2011-09-14 18:11:19 320000 ----a-w- c:\windows\system32\drivers\csc.sys

2011-09-14 18:11:19 105984 ----a-w- c:\windows\system32\CscMig.dll

2011-09-14 18:11:13 61440 ----a-w- c:\windows\system32\ntprint.exe

2011-09-14 18:11:13 220160 ----a-w- c:\windows\system32\ntprint.dll

2011-09-14 18:11:13 10240 ----a-w- c:\windows\system32\dhcpcmonitor.dll

2011-09-14 18:11:12 1984512 ----a-w- c:\windows\system32\authui.dll

2011-09-14 18:11:12 120320 ----a-w- c:\windows\system32\dhcpcsvc6.dll

2011-09-14 18:11:10 8138240 ----a-w- c:\windows\system32\ssBranded.scr

2011-09-14 18:11:10 69632 ----a-w- c:\windows\system32\sendmail.dll

2011-09-14 18:07:07 97800 ----a-w- c:\windows\system32\infocardapi.dll

2011-09-14 18:07:07 622080 ----a-w- c:\windows\system32\icardagt.exe

2011-09-14 18:07:07 37384 ----a-w- c:\windows\system32\infocardcpl.cpl

2011-09-14 18:07:07 11264 ----a-w- c:\windows\system32\icardres.dll

2011-09-14 18:07:02 105016 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll

2011-09-14 18:06:56 781344 ----a-w- c:\windows\system32\PresentationNative_v0300.dll

2011-09-14 18:06:56 43544 ----a-w- c:\windows\system32\PresentationHostProxy.dll

2011-09-14 18:06:56 326160 ----a-w- c:\windows\system32\PresentationHost.exe

2011-09-14 17:51:29 96760 ----a-w- c:\windows\system32\dfshim.dll

2011-09-14 17:51:28 41984 ----a-w- c:\windows\system32\netfxperf.dll

2011-09-14 17:51:26 83968 ----a-w- c:\windows\system32\mscories.dll

2011-09-14 17:51:26 282112 ----a-w- c:\windows\system32\mscoree.dll

2011-09-14 17:51:26 158720 ----a-w- c:\windows\system32\mscorier.dll

2011-09-14 17:23:08 51716 ----a-w- c:\windows\system32\pdf995mon.dll

2011-09-14 17:23:08 249856 ----a-w- c:\windows\system32\pdfmona.dll

2011-09-14 14:26:08 2421760 ----a-w- c:\windows\system32\wucltux.dll

2011-09-14 14:25:08 33792 ----a-w- c:\windows\system32\wuapp.exe

2011-09-14 14:25:08 171608 ----a-w- c:\windows\system32\wuwebv.dll

2011-09-13 23:28:24 72704 ----a-w- c:\windows\system32\fontsub.dll

2011-09-13 23:28:24 34304 ----a-w- c:\windows\system32\atmlib.dll

2011-09-13 23:28:24 289792 ----a-w- c:\windows\system32\atmfd.dll

2011-09-13 23:28:24 24064 ----a-w- c:\windows\system32\lpk.dll

2011-09-13 23:28:24 156672 ----a-w- c:\windows\system32\t2embed.dll

2011-09-13 23:28:24 10240 ----a-w- c:\windows\system32\dciman32.dll

2011-09-13 23:26:42 52736 ----a-w- c:\windows\apppatch\iebrshim.dll

2011-09-13 23:24:40 61440 ----a-w- c:\windows\system32\winipsec.dll

2011-09-13 23:24:40 361984 ----a-w- c:\windows\system32\IPSECSVC.DLL

2011-09-13 23:24:40 28672 ----a-w- c:\windows\system32\FwRemoteSvr.dll

2011-09-13 23:24:39 272896 ----a-w- c:\windows\system32\polstore.dll

2011-09-13 23:23:48 84992 ----a-w- c:\windows\system32\drivers\srvnet.sys

2011-09-13 23:23:48 306688 ----a-w- c:\windows\system32\drivers\srv.sys

2011-09-13 23:22:56 95232 ----a-w- c:\windows\system32\PortableDeviceClassExtension.dll

2011-09-13 23:22:56 241152 ----a-w- c:\windows\system32\PortableDeviceApi.dll

2011-09-13 23:22:56 160768 ----a-w- c:\windows\system32\PortableDeviceTypes.dll

2011-09-13 23:22:05 87040 ----a-w- c:\windows\system32\msoert2.dll

2011-09-13 23:22:05 39424 ----a-w- c:\windows\system32\ACCTRES.dll

2011-09-13 23:22:05 205824 ----a-w- c:\windows\system32\msoeacct.dll

2011-09-13 23:20:51 9728 ----a-w- c:\windows\system32\TCPSVCS.EXE

2011-09-13 23:20:51 8704 ----a-w- c:\windows\system32\HOSTNAME.EXE

2011-09-13 23:20:51 27136 ----a-w- c:\windows\system32\NETSTAT.EXE

2011-09-13 23:20:51 19968 ----a-w- c:\windows\system32\ARP.EXE

2011-09-13 23:20:51 17920 ----a-w- c:\windows\system32\ROUTE.EXE

2011-09-13 23:20:51 15360 ----a-w- c:\windows\system32\netevent.dll

2011-09-13 23:20:51 11264 ----a-w- c:\windows\system32\MRINFO.EXE

2011-09-13 23:20:51 103936 ----a-w- c:\windows\system32\netiohlp.dll

2011-09-13 23:20:51 10240 ----a-w- c:\windows\system32\finger.exe

2011-09-13 23:19:38 704000 ----a-w- c:\windows\system32\PhotoScreensaver.scr

2011-09-13 23:19:38 356352 ----a-w- c:\windows\system32\wbem\wbemcomn.dll

2011-09-13 23:19:37 28344 ----a-w- c:\windows\system32\drivers\battc.sys

2011-09-13 23:19:37 258232 ----a-w- c:\windows\system32\drivers\acpi.sys

2011-09-13 23:19:37 24064 ----a-w- c:\windows\system32\wtsapi32.dll

2011-09-13 23:19:37 20920 ----a-w- c:\windows\system32\drivers\compbatt.sys

2011-09-13 23:19:37 14208 ----a-w- c:\windows\system32\drivers\CmBatt.sys

2011-09-13 23:19:37 11264 ----a-w- c:\windows\system32\drivers\wmiacpi.sys

2011-09-13 23:19:36 542720 ----a-w- c:\windows\system32\sysmain.dll

2011-09-13 23:18:50 194560 ----a-w- c:\windows\system32\WebClnt.dll

2011-09-13 23:18:50 110080 ----a-w- c:\windows\system32\drivers\mrxdav.sys

2011-09-13 23:18:03 123904 ----a-w- c:\windows\system32\L2SecHC.dll

2011-09-13 23:18:02 67584 ----a-w- c:\windows\system32\wlanhlp.dll

2011-09-13 23:18:02 502272 ----a-w- c:\windows\system32\wlansvc.dll

2011-09-13 23:18:02 47104 ----a-w- c:\windows\system32\wlanapi.dll

2011-09-13 23:18:02 297984 ----a-w- c:\windows\system32\wlansec.dll

2011-09-13 23:18:02 290816 ----a-w- c:\windows\system32\wlanmsm.dll

2011-09-13 23:17:03 2048 ----a-w- c:\windows\system32\msxml3r.dll

2011-09-13 23:17:03 1260032 ----a-w- c:\windows\system32\msxml3.dll

2011-09-13 23:17:02 2048 ----a-w- c:\windows\system32\msxml6r.dll

2011-09-13 23:17:02 1406464 ----a-w- c:\windows\system32\msxml6.dll

2011-09-13 23:16:06 216576 ----a-w- c:\windows\system32\msv1_0.dll

2011-09-13 23:15:13 211968 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys

2011-09-13 23:15:12 58368 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys

2011-09-13 23:15:12 102400 ----a-w- c:\windows\system32\drivers\mrxsmb.sys

2011-09-13 23:14:30 49664 ----a-w- c:\windows\system32\csrsrv.dll

2011-09-13 23:14:30 376320 ----a-w- c:\windows\system32\winsrv.dll

2011-09-13 23:13:42 98816 ----a-w- c:\windows\system32\mfps.dll

2011-09-13 23:13:42 52736 ----a-w- c:\windows\system32\rrinstaller.exe

2011-09-13 23:13:42 2855424 ----a-w- c:\windows\system32\mf.dll

2011-09-13 23:13:42 24576 ----a-w- c:\windows\system32\mfpmp.exe

2011-09-13 23:13:42 2048 ----a-w- c:\windows\system32\mferror.dll

2011-09-13 23:12:45 3504008 ----a-w- c:\windows\system32\ntkrnlpa.exe

2011-09-13 23:12:45 3470216 ----a-w- c:\windows\system32\ntoskrnl.exe

.

============= FINISH: 8:28:38.08 ===============

Attach.txt

DDS.txt

post-97701-0-20410700-1319207800.jpg

Link to post
Share on other sites

  • Staff

Hi and welcome to Malwarebytes.

Please update MBAM, run a Quick Scan, and post its log.

Next, please visit this webpage for instructions for running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

  • When the tool is finished, it will produce a report for you.
  • Please post the contents of C:\ComboFix.txt along with a new DDS log so we may continue cleaning the system.

Link to post
Share on other sites

  • 2 weeks later...
  • Staff

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.