Jump to content

Infected Malwarebytes cannot remove


Recommended Posts

Malwarebytes detected a backdoor trojan in my system, but cannot remove it. Here is the MBAM log and the DDS logs are attachedDDS.txt Attach.txt: Thank you for your help!

Malwarebytes' Anti-Malware 1.51.2.1300

www.malwarebytes.org

Database version: 8025

Windows 6.1.7601 Service Pack 1 (Safe Mode)

Internet Explorer 9.0.8112.16421

10/26/2011 4:04:00 PM

mbam-log-2011-10-26 (16-04-00).txt

Scan type: Quick scan

Objects scanned: 192709

Time elapsed: 10 minute(s), 45 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 1

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell (Backdoor.Agent) -> Value: Shell -> Delete on reboot.

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

.

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_29

Run by Amy at 16:49:49 on 2011-10-26

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.5941.4580 [GMT -7:00]

.

AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}

SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\WLANExt.exe

C:\Windows\system32\conhost.exe

C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE

C:\Program Files\Dell\DW WLAN Card\bcmwltry.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\explorer.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe

C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe

C:\Windows\system32\conhost.exe

C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

C:\WINDOWS\System32\hkcmd.exe

C:\Program Files\Dell\DW WLAN Card\WLTRAY.EXE

C:\Program Files\Microsoft Security Client\msseces.exe

C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Windows\System32\vds.exe

C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

C:\Windows\servicing\TrustedInstaller.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\conhost.exe

C:\Windows\SysWOW64\cscript.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

mWinlogon: Userinit=userinit.exe,

uWinlogon: Shell=C:\Users\Amy\AppData\Local\7f725c16\X

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll

BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~4\Office14\URLREDIR.DLL

BHO: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

TB: @C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll

mRun: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume

mRun: [Adobe Reader Speed Launcher] "c:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

mRun: [RemoteControl9] "C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe"

mRun: [PDVD9LanguageShortcut] "C:\Program Files (x86)\CyberLink\PowerDVD9\Language\Language.exe"

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRunOnce: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe

mRunOnce: [DSUpdateLauncher] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe" /NOCONSOLE /D="C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate" /RUNAS "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe"

mRunOnce: [sTToasterLauncher] C:\Program Files (x86)\Dell DataSafe Local Backup\toasterLauncher.exe

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~4\Office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~4\Office14\ONBttnIE.dll/105

IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

TCP: DhcpNameServer = 192.168.2.1 192.168.2.1

TCP: Interfaces\{03395C00-C19C-4C29-811E-C0E4D52916B6} : DhcpNameServer = 13.36.0.1 13.36.0.2

TCP: Interfaces\{5803BDDA-2AEA-43E8-B49D-39DFFD8982AE} : DhcpNameServer = 192.168.2.1 192.168.2.1

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO-X64: AcroIEHelperStub - No File

BHO-X64: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll

BHO-X64: Search Helper - No File

BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO-X64: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll

BHO-X64: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

BHO-X64: SkypeIEPluginBHO - No File

BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~4\Office14\URLREDIR.DLL

BHO-X64: URLRedirectionBHO - No File

BHO-X64: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll

BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

TB-X64: @C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll

mRun-x64: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume

mRun-x64: [Adobe Reader Speed Launcher] "c:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

mRun-x64: [RemoteControl9] "C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe"

mRun-x64: [PDVD9LanguageShortcut] "C:\Program Files (x86)\CyberLink\PowerDVD9\Language\Language.exe"

mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRunOnce-x64: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe

mRunOnce-x64: [DSUpdateLauncher] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe" /NOCONSOLE /D="C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate" /RUNAS "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe"

mRunOnce-x64: [sTToasterLauncher] C:\Program Files (x86)\Dell DataSafe Local Backup\toasterLauncher.exe

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\Amy\AppData\Roaming\Mozilla\Firefox\Profiles\fe6aihw1.default\

FF - prefs.js: browser.startup.homepage - hxxp://us.lrd.yahoo.com/_ylt=AgqBKJvzKV5NilZoglOJleCxulI6/SIG=119hhd4pk/EXP=1319673310/**http%3A//www.yahoo.com/

FF - plugin: C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL

FF - plugin: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL

FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrlui.dll

FF - plugin: C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll

FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll

.

============= SERVICES / DRIVERS ===============

.

R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]

R1 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]

R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]

R2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2011-3-15 98208]

R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2011-3-15 689472]

R2 TurboB;Turbo Boost UI Monitor driver;C:\Windows\system32\DRIVERS\TurboB.sys --> C:\Windows\system32\DRIVERS\TurboB.sys [?]

R2 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-3-15 2533400]

R3 BcmVWL;Broadcom Virtual Wireless;C:\Windows\system32\DRIVERS\bcmvwl64.sys --> C:\Windows\system32\DRIVERS\bcmvwl64.sys [?]

R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\system32\DRIVERS\CtClsFlt.sys --> C:\Windows\system32\DRIVERS\CtClsFlt.sys [?]

R3 HECIx64;Intel® Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]

R3 Impcd;Impcd;C:\Windows\system32\DRIVERS\Impcd.sys --> C:\Windows\system32\DRIVERS\Impcd.sys [?]

R3 IntcDAud;Intel® Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys --> C:\Windows\system32\DRIVERS\IntcDAud.sys [?]

R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\Windows\system32\DRIVERS\L1C62x64.sys --> C:\Windows\system32\DRIVERS\L1C62x64.sys [?]

R3 WSDPrintDevice;WSD Print Support via UMB;C:\Windows\system32\DRIVERS\WSDPrint.sys --> C:\Windows\system32\DRIVERS\WSDPrint.sys [?]

R3 WSDScan;WSD Scan Support via UMB;C:\Windows\system32\DRIVERS\WSDScan.sys --> C:\Windows\system32\DRIVERS\WSDScan.sys [?]

S2 CLKMSVC10_9EC60124;CyberLink Product - 2011/03/15 12:34:09;C:\Program Files (x86)\CyberLink\PowerDVD9\NavFilter\kmsvc.exe [2010-10-26 236016]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]

S3 MpNWMon;Microsoft Malware Protection Network Driver;C:\Windows\system32\DRIVERS\MpNWMon.sys --> C:\Windows\system32\DRIVERS\MpNWMon.sys [?]

S3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]

S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-4-27 288272]

S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]

S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\system32\Drivers\RtsUStor.sys --> C:\Windows\system32\Drivers\RtsUStor.sys [?]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]

S3 TurboBoost;TurboBoost;C:\Program Files\Intel\TurboBoost\TurboBoost.exe [2009-11-2 126352]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]

S4 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-10-14 366152]

S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]

.

=============== Created Last 30 ================

.

2011-10-26 23:04:45 69000 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{757A73BE-F6ED-4FDB-9054-542AC7B21FDB}\offreg.dll

2011-10-26 01:48:05 8570192 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{757A73BE-F6ED-4FDB-9054-542AC7B21FDB}\mpengine.dll

2011-10-25 01:19:58 -------- d-----w- C:\Users\Amy\Tracing

2011-10-25 01:07:22 -------- d-----w- C:\Program Files\Dell Support Center

2011-10-22 04:43:24 -------- d-----w- C:\Windows\System32\SPReview

2011-10-22 04:41:58 -------- d-----w- C:\Windows\System32\EventProviders

2011-10-20 05:07:16 -------- d-----w- C:\Users\Amy\AppData\Local\{FAEB8693-A419-431B-BE83-6BF6F3CF9CB4}

2011-10-20 05:07:07 -------- d-----w- C:\Users\Amy\AppData\Local\{5D134E3B-3103-45F9-80CE-81B7246B5E11}

2011-10-20 05:06:28 -------- d-----w- C:\Users\Amy\AppData\Local\{EAF212ED-C080-4F4E-9A09-37F992DB775F}

2011-10-20 05:06:18 -------- d-----w- C:\Users\Amy\AppData\Local\{EEECAD1B-2236-424D-AEE4-BD2EDD1BF286}

2011-10-20 05:00:16 -------- d-----w- C:\Users\Amy\AppData\Local\{5BB7ADFA-2E69-4779-8D0F-5D6869D80A63}

2011-10-20 05:00:03 -------- d-----w- C:\Users\Amy\AppData\Roaming\Windows Live Writer

2011-10-20 05:00:03 -------- d-----w- C:\Users\Amy\AppData\Local\Windows Live Writer

2011-10-20 04:57:32 -------- d-----w- C:\Users\Amy\AppData\Local\{8E90E03E-090B-4744-8EF1-4570D0F6179E}

2011-10-20 04:55:23 -------- d-----w- C:\Users\Amy\AppData\Local\{E2CE7162-89D2-45EA-BEEE-FCA33F71FB5B}

2011-10-20 04:50:00 -------- d-----w- C:\Users\Amy\AppData\Local\{C84AFA7B-0CBE-4FA6-AA6F-301CE898FB5E}

2011-10-20 04:10:55 -------- d-----w- C:\Users\Amy\AppData\Local\{50984E34-9BD5-411A-8EE7-A63096ADB58D}

2011-10-20 03:31:43 -------- d-----w- C:\Users\Amy\AppData\Local\{E47CCE77-B8D0-43F6-9B13-2829BC6335B3}

2011-10-20 02:45:13 -------- d-----w- C:\Users\Amy\AppData\Local\Windows Live

2011-10-20 02:44:58 -------- d-----w- C:\Users\Amy\AppData\Local\{3853D79C-6C3D-4D65-87DF-EB59C1EFBC77}

2011-10-19 06:53:01 -------- d-----w- C:\LB Logs

2011-10-19 00:48:25 -------- d-----w- C:\Users\Amy\AppData\Local\Cyberlink

2011-10-15 16:55:03 48976 ----a-w- C:\Windows\System32\netfxperf.dll

2011-10-15 16:55:03 1942856 ----a-w- C:\Windows\System32\dfshim.dll

2011-10-15 16:53:59 81920 ----a-w- C:\Windows\SysWow64\userenv.dll

2011-10-15 16:52:59 71680 ----a-w- C:\Windows\System32\CertPolEng.dll

2011-10-15 16:50:57 529408 ----a-w- C:\Windows\System32\wbemcomn.dll

2011-10-15 16:50:57 524288 ----a-w- C:\Windows\System32\wmicmiplugin.dll

2011-10-15 16:50:57 244736 ----a-w- C:\Program Files\Windows Portable Devices\sqmapi.dll

2011-10-15 16:50:57 1225216 ----a-w- C:\Windows\System32\wbem\wbemcore.dll

2011-10-15 16:50:49 933376 ----a-w- C:\Windows\System32\SmiEngine.dll

2011-10-15 16:50:49 244736 ----a-w- C:\Windows\System32\sqmapi.dll

2011-10-15 16:50:45 199168 ----a-w- C:\Windows\System32\PkgMgr.exe

2011-10-15 16:50:24 422912 ----a-w- C:\Windows\System32\drvstore.dll

2011-10-15 16:50:24 399872 ----a-w- C:\Windows\System32\dpx.dll

2011-10-15 07:14:26 -------- d-----w- C:\Windows\System32\Wat

2011-10-15 04:52:03 -------- d-sh--w- C:\Users\Amy\AppData\Local\7f725c16

2011-10-15 00:06:50 -------- d-----w- C:\Users\Amy\AppData\Roaming\PCDr

2011-10-14 23:47:02 -------- d-----w- C:\ProgramData\PCDr

2011-10-14 22:19:08 8570192 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2011-10-14 22:18:12 917840 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{0166631F-2CD9-4BDF-9165-D28B4FCE719F}\gapaengine.dll

2011-10-14 22:17:31 -------- d-----w- C:\Program Files (x86)\Microsoft Security Client

2011-10-14 22:17:28 -------- d-----w- C:\Program Files\Microsoft Security Client

2011-10-14 22:07:57 25416 ----a-w- C:\Windows\System32\drivers\mbam.sys

2011-10-14 21:41:54 -------- d-----w- C:\Users\Amy\AppData\Roaming\Malwarebytes

2011-10-14 21:41:49 -------- d-----w- C:\ProgramData\Malwarebytes

2011-10-14 21:41:46 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2011-10-14 21:22:22 -------- d-----w- C:\Windows\SysWow64\Wat

2011-10-14 05:42:16 -------- d-----w- C:\Program Files (x86)\Microsoft Analysis Services

2011-10-14 05:41:39 -------- d-----w- C:\Users\Amy\AppData\Local\Microsoft Help

2011-10-14 00:59:52 87040 ----a-w- C:\Windows\System32\Spool\prtprocs\x64\CNMPPAE.DLL

2011-10-14 00:59:52 28672 ----a-w- C:\Windows\System32\Spool\prtprocs\x64\CNMPDAE.DLL

2011-10-14 00:59:35 361472 ----a-w- C:\Windows\System32\CNMLMAE.DLL

2011-10-13 04:01:35 -------- d-----w- C:\Users\Amy\AppData\Local\Adobe

2011-10-13 02:41:41 9049936 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{B62CBF7A-9C8A-4761-B142-A7389762CC7C}\mpengine.dll

2011-10-13 02:41:38 270720 ------w- C:\Windows\System32\MpSigStub.exe

2011-10-13 02:35:37 2048 ----a-w- C:\Windows\SysWow64\tzres.dll

2011-10-13 02:35:37 2048 ----a-w- C:\Windows\System32\tzres.dll

2011-10-13 02:35:08 5561216 ----a-w- C:\Windows\System32\ntoskrnl.exe

2011-10-13 02:35:07 3967872 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe

2011-10-13 02:35:07 3912576 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe

2011-10-13 02:35:06 31232 ----a-w- C:\Windows\SysWow64\prevhost.exe

2011-10-13 02:35:06 31232 ----a-w- C:\Windows\System32\prevhost.exe

2011-10-13 02:33:41 476160 ----a-w- C:\Windows\System32\XpsGdiConverter.dll

2011-10-13 02:32:54 870912 ----a-w- C:\Windows\SysWow64\XpsPrint.dll

2011-10-13 02:32:54 1465344 ----a-w- C:\Windows\System32\XpsPrint.dll

2011-10-13 02:32:53 321024 ----a-w- C:\Windows\System32\d3d10_1core.dll

2011-10-13 02:32:53 219136 ----a-w- C:\Windows\SysWow64\d3d10_1core.dll

2011-10-13 02:32:53 197120 ----a-w- C:\Windows\System32\d3d10_1.dll

2011-10-13 02:32:53 161792 ----a-w- C:\Windows\SysWow64\d3d10_1.dll

2011-10-13 02:26:53 -------- d-----w- C:\Program Files (x86)\LB Task Control

2011-10-13 02:24:32 -------- d-----w- C:\Users\Amy\AppData\Local\SkinSoft

2011-10-13 02:24:31 -------- d-----w- C:\Users\Amy\AppData\Local\http___www.lbtaskcontrol

2011-10-13 02:16:05 -------- d-----w- C:\Users\Amy\AppData\Roaming\Roxio Log Files

2011-10-13 02:08:38 -------- d-----w- C:\Users\Amy\AppData\Roaming\Fingertapps

2011-10-13 00:29:39 -------- d-----w- C:\Users\Amy\AppData\Local\ArcSoft

2011-10-13 00:00:15 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2011-10-12 23:48:56 -------- d-----w- C:\Program Files (x86)\Dell Touch Software Suite

2011-10-12 23:48:56 -------- d-----w- C:\FIND_EULA_PATH

2011-10-12 23:47:21 -------- d-----w- C:\Users\Amy\AppData\Local\Dell

2011-10-12 23:46:47 -------- d-----w- C:\Users\Amy\AppData\Roaming\Dell

2011-10-12 23:46:43 -------- d-----w- C:\Users\Amy\AppData\Roaming\Dell Touch Zone

2011-10-12 23:45:48 -------- d-sh--w- C:\$RECYCLE.BIN

2011-10-12 23:45:47 -------- d-----w- C:\Users\Amy\AppData\Local\VirtualStore

2011-10-12 20:53:37 -------- d-----w- C:\Emergency

2011-10-12 20:37:24 -------- d-----w- C:\Windows\SMINST

.

==================== Find3M ====================

.

2011-10-22 04:52:05 175616 ----a-w- C:\Windows\System32\msclmd.dll

2011-10-22 04:52:05 152576 ----a-w- C:\Windows\SysWow64\msclmd.dll

2011-10-03 12:06:03 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll

2011-09-06 03:03:17 3138048 ----a-w- C:\Windows\System32\win32k.sys

2011-08-27 05:37:49 861696 ----a-w- C:\Windows\System32\oleaut32.dll

2011-08-27 05:37:48 331776 ----a-w- C:\Windows\System32\oleacc.dll

2011-08-27 04:26:27 571904 ----a-w- C:\Windows\SysWow64\oleaut32.dll

2011-08-27 04:26:27 233472 ----a-w- C:\Windows\SysWow64\oleacc.dll

2011-08-17 05:26:46 613888 ----a-w- C:\Windows\System32\psisdecd.dll

2011-08-17 05:25:08 108032 ----a-w- C:\Windows\System32\psisrndr.ax

2011-08-17 04:24:12 465408 ----a-w- C:\Windows\SysWow64\psisdecd.dll

2011-08-17 04:19:27 75776 ----a-w- C:\Windows\SysWow64\psisrndr.ax

.

============= FINISH: 16:50:24.92 ===============

Link to post
Share on other sites

:welcome:

Whether you wish to continue with cleaning or not, you should be aware that you may have been infected by a backdoor trojan. This type of program has the ability to steal passwords and other information from your system. If you are using your computer for sensitive purposes such as internet banking then I recommend you take the following steps immediately:

  • Use another, uninfected computer to change all your internet passwords, especially ones with financial implications such as banks, paypal, ebay, etc. You should also change the passwords for any other site you use.
  • Call your bank(s), credit card company or any other institution which may be affected and advise them that your login/password or credit card information may have been stolen and ask what steps to take with regard to your account.
  • Consider what other private information could possibly have been taken from your computer and take appropriate steps
  • Removing this infection can also disable the ability to connect to the internet.

This infection can almost certainly be cleaned, but as the malware could be configured to run any program a remote attacker requires, it will be impossible to be 100% sure that the machine is clean, if this is unacceptable to you then you should consider reformatting the system partition and reinstalling Windows as this is the only 100% sure answer.

Please post back to let me know how you wish to proceed.

Link to post
Share on other sites

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.