Jump to content

iexplore running embedded on its own / browser redirect malware


Recommended Posts

Hi, I have a couple of symptoms of malware:

1. The iexplore.exe process starts up on its own, uses increasingly more memory and uses the internet.

- I used Process Explorer (http://technet.microsoft.com/en-us/sysinternals/bb896653) to have a look at it and saw that it was being run under an svchost.exe process (post-99338-0-87168700-1320809439.jpg)

- Process Explorer also showed me that it's being run embedded, and from my desktop (post-99338-0-09747200-1320809441.jpg)

- I can also see what IPs it's accessing (post-99338-0-02243300-1320809442.jpg)

2. Using any browser (IE, Firefox or Google Chrome), I experience redirecting to ad sites and other crap.

I've tried a few things including aswMBR, MalwareBytes Anti Malware, Spybot S&D, TDSS Killer and ComboFix but nothing has gotten rid of the damn thing!

I've worked around the problem temporarily by renaming firefox.exe to firefox1.exe, this prevents the redirecting issue. I've also renamed iexplore.exe to iexplore1.exe and this has stopped it from starting up on its own, but IE won't work with a renamed exe so I haven't been able to use IE. This is far from a fix though as the malware is definitely still there.

Hopefully someone here can help me.

Here is my DDS Log:

.

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_29

Run by Adamidis at 13:11:14 on 2011-11-09

Microsoft Windows 7 Ultimate 6.1.7601.1.1252.61.1033.18.4094.2189 [GMT 11:00]

.

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\nvvsvc.exe

C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\svchost.exe -k apphost

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files (x86)\Symantec AntiVirus\DefWatch.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\system32\hasplms.exe

C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe

C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneService.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files (x86)\Symantec AntiVirus\Rtvscan.exe

C:\Windows\system32\svchost.exe -k iissvcs

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe

C:\Windows\system32\nvvsvc.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files (x86)\WhatPulse\WhatPulse.exe

C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe

C:\Program Files\NVIDIA Corporation\Display\nvtray.exe

C:\Program Files (x86)\Symantec AntiVirus\VPTray.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Windows\system32\DllHost.exe

C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe

C:\Windows\System32\svchost.exe -k secsvcs

C:\Windows\system32\wuauclt.exe

C:\Program Files (x86)\Mozilla Firefox\firefox1.exe

C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\conhost.exe

C:\Windows\SysWOW64\cscript.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = about:Tabs

uInternet Settings,ProxyOverride = *.local;<local>

BHO: QuickStores-Toolbar: {10edb994-47f8-43f7-ae96-f2ea63e9f90f} - mscoree.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL

BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

TB: QuickStores-Toolbar: {10edb994-47f8-43f7-ae96-f2ea63e9f90f} - mscoree.dll

uRun: [NVIDIA nTune] "C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneCmd.exe" clear

uRun: [WhatPulse] C:\Program Files (x86)\WhatPulse\WhatPulse.exe

mRun: [ccApp] "C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe"

mRun: [vptray] C:\PROGRA~2\SYMANT~1\VPTray.exe

mRun: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableLUA = 0 (0x0)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

mPolicies-system: PromptOnSecureDesktop = 0 (0x0)

mPolicies-system: SoftwareSASGeneration = 1 (0x1)

IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

TCP: DhcpNameServer = 192.168.1.1

TCP: Interfaces\{6998D207-41D5-464E-A85B-0837915BBE7E} : DhcpNameServer = 198.142.0.51 61.88.88.88 8.8.8.8

TCP: Interfaces\{7EFFFE3C-E3CB-4AC4-AC3C-808D7767D71F} : DhcpNameServer = 192.168.1.1

TCP: Interfaces\{BDFA4018-4080-4524-85ED-38BEA3E153C0} : DhcpNameServer = 192.168.1.1

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL

Handler: saphtmlp - {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - c:\Program Files (x86)\SAP\FrontEnd\SAPgui\SAPHTMLP.DLL

Handler: sapr3 - {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - c:\Program Files (x86)\SAP\FrontEnd\SAPgui\SAPHTMLP.DLL

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL

mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"

BHO-X64: QuickStores-Toolbar: {10EDB994-47F8-43F7-AE96-F2EA63E9F90F} - mscoree.dll

BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO-X64: AcroIEHelperStub - No File

BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL

BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO-X64: Skype Plug-In: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

BHO-X64: SkypeIEPluginBHO - No File

BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL

BHO-X64: URLRedirectionBHO - No File

BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

TB-X64: QuickStores-Toolbar: {10EDB994-47F8-43F7-AE96-F2EA63E9F90F} - mscoree.dll

mRun-x64: [ccApp] "C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe"

mRun-x64: [vptray] C:\PROGRA~2\SYMANT~1\VPTray.exe

mRun-x64: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe

mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL

.

============= SERVICES / DRIVERS ===============

.

R2 aksdf;aksdf;\??\C:\Windows\system32\drivers\aksdf.sys --> C:\Windows\system32\drivers\aksdf.sys [?]

R2 hasplms;Sentinel HASP License Manager;C:\Windows\system32\hasplms.exe -run --> C:\Windows\system32\hasplms.exe -run [?]

R2 LMIGuardianSvc;LMIGuardianSvc;C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [2011-9-26 375176]

R2 LMIInfo;LogMeIn Kernel Information Provider;C:\Program Files (x86)\LogMeIn\x64\rainfo.sys [2011-9-16 15928]

R2 LMIRfsDriver;LogMeIn Remote File System Driver;\??\C:\Windows\system32\drivers\LMIRfsDriver.sys --> C:\Windows\system32\drivers\LMIRfsDriver.sys [?]

R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-8-6 2253120]

R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-10-15 381248]

R2 Symantec AntiVirus;Symantec AntiVirus;C:\Program Files (x86)\Symantec AntiVirus\Rtvscan.exe [2006-12-13 1962136]

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2011-9-19 136824]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S3 epmntdrv;epmntdrv;C:\Windows\System32\epmntdrv.sys [2011-9-21 14216]

S3 EuGdiDrv;EuGdiDrv;C:\Windows\System32\EuGdiDrv.sys [2011-9-21 8456]

S3 EverestDriver;Lavalys EVEREST Kernel Driver;C:\Program Files (x86)\Lavalys\EVEREST Ultimate Edition\kerneld.amd64 [2011-10-11 26752]

S3 iTeleportService;iTeleportService;C:\Program Files (x86)\iTeleport\iTeleport Connect\iTeleportService.exe [2011-9-1 23040]

S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files\Microsoft Office\Office14\GROOVE.EXE [2011-6-12 51740536]

S3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;C:\Windows\system32\DRIVERS\MijXfilt.sys --> C:\Windows\system32\DRIVERS\MijXfilt.sys [?]

S3 Netaapl;Apple Mobile Device Ethernet Service;C:\Windows\system32\DRIVERS\netaapl64.sys --> C:\Windows\system32\DRIVERS\netaapl64.sys [?]

S3 nmwcdnsux64;Nokia USB Flashing Phone Parent;C:\Windows\system32\drivers\nmwcdnsux64.sys --> C:\Windows\system32\drivers\nmwcdnsux64.sys [?]

S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-1-9 174440]

S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]

S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\system32\drivers\rdpvideominiport.sys --> C:\Windows\system32\drivers\rdpvideominiport.sys [?]

S3 SwitchBoard;SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]

S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]

S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\system32\DRIVERS\wdcsam64.sys --> C:\Windows\system32\DRIVERS\wdcsam64.sys [?]

S4 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-6-6 64952]

S4 MySQL55;MySQL55;"C:\Program Files\MySQL\MySQL Server 5.5\bin\mysqld" --defaults-file="C:\ProgramData\MySQL\MySQL Server 5.5\my.ini" MySQL55 --> C:\Program Files\MySQL\MySQL Server 5.5\bin\mysqld [?]

.

=============== Created Last 30 ================

.

2011-11-09 01:55:24 69000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{8D726AE6-F20F-43A5-8452-553A1F9008C5}\offreg.dll

2011-11-09 01:23:02 8570192 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{8D726AE6-F20F-43A5-8452-553A1F9008C5}\mpengine.dll

2011-11-09 01:22:23 886784 ----a-w- C:\Program Files\Common Files\System\wab32.dll

2011-11-09 01:22:23 708608 ----a-w- C:\Program Files (x86)\Common Files\System\wab32.dll

2011-11-09 01:22:21 1923952 ----a-w- C:\Windows\System32\drivers\tcpip.sys

2011-11-09 01:22:20 3144704 ----a-w- C:\Windows\System32\win32k.sys

2011-11-08 03:39:36 -------- d-----w- C:\Users\Adamidis\AppData\Roaming\QuickStoresToolbar

2011-11-08 03:39:36 -------- d-----w- C:\Program Files (x86)\Unlocker

2011-11-08 03:32:20 3888 ----a-w- C:\Windows\SysWow64\drivers\NTHANDLE.SYS

2011-11-07 13:07:50 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll

2011-11-06 03:02:51 -------- d-----w- C:\Users\Adamidis\AppData\Local\LogMeIn

2011-11-06 03:02:47 59776 ----a-w- C:\Windows\System32\Spool\prtprocs\x64\LMIproc.dll

2011-11-06 03:02:47 34688 ----a-w- C:\Windows\System32\LMIport.dll

2011-11-06 03:02:46 87456 ----a-w- C:\Windows\System32\LMIRfsClientNP.dll.000.bak

2011-11-06 03:02:46 87456 ----a-w- C:\Windows\System32\LMIRfsClientNP.dll

2011-11-06 03:02:46 72216 ----a-w- C:\Windows\System32\drivers\LMIRfsDriver.sys

2011-11-06 03:02:39 80768 ----a-w- C:\Windows\System32\LMIinit.dll

2011-11-06 03:02:30 -------- d-----w- C:\ProgramData\LogMeIn

2011-11-06 03:02:12 -------- d-----w- C:\Program Files (x86)\LogMeIn

2011-11-05 09:06:08 -------- d-----w- C:\Users\Adamidis\AppData\Roaming\Resource Tuner

2011-11-05 09:06:04 -------- d-----w- C:\Program Files (x86)\Resource Tuner

2011-11-04 14:57:34 -------- d-----w- C:\Program Files (x86)\ESET

2011-11-03 08:40:27 -------- d-----w- C:\$RECYCLE.BIN

2011-11-03 07:40:48 98816 ----a-w- C:\Windows\sed.exe

2011-11-03 07:40:48 518144 ----a-w- C:\Windows\SWREG.exe

2011-11-03 07:40:48 256000 ----a-w- C:\Windows\PEV.exe

2011-11-03 07:40:48 208896 ----a-w- C:\Windows\MBR.exe

2011-11-03 07:39:33 -------- d-----w- C:\ComboFix

2011-11-03 06:07:58 2 --shatr- C:\Windows\winstart.bat

2011-11-03 05:56:26 55384 ----a-w- C:\Windows\System32\drivers\SBREDrv.sys

2011-11-03 05:50:54 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy

2011-11-03 05:50:54 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy

2011-11-03 05:12:20 -------- d-----w- C:\TDSSKiller_Quarantine

2011-11-03 04:13:20 -------- d-----w- C:\Users\Adamidis\AppData\Roaming\SUPERAntiSpyware.com

2011-11-03 04:13:20 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com

2011-11-03 01:46:41 -------- d-----w- C:\Users\Adamidis\AppData\Roaming\Malwarebytes

2011-11-03 01:46:31 -------- d-----w- C:\ProgramData\Malwarebytes

2011-11-03 01:46:26 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2011-11-03 01:10:17 -------- d-----w- C:\Program Files (x86)\Trend Micro

2011-11-01 01:44:17 -------- d-----w- C:\Program Files (x86)\Common Files\Wise Installation Wizard

2011-11-01 01:33:48 -------- d-----w- C:\Program Files (x86)\Eidos

2011-10-30 08:01:04 -------- d-----w- C:\Users\Adamidis\AppData\Roaming\NetMedia Providers

2011-10-30 07:58:08 -------- d-----w- C:\Program Files (x86)\Sony

2011-10-30 07:56:13 -------- d-----w- C:\Program Files (x86)\Sony Setup

2011-10-16 08:10:50 24270208 ----a-w- C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSO.DLL

2011-10-16 07:55:32 18139008 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSO.DLL

2011-10-14 13:54:52 321856 ----a-w- C:\Windows\SysWow64\nvStreaming.exe

2011-10-12 08:05:59 -------- d-----w- C:\Program Files\iPod

2011-10-12 08:05:58 -------- d-----w- C:\Program Files\iTunes

2011-10-12 08:05:58 -------- d-----w- C:\Program Files (x86)\iTunes

2011-10-12 08:03:23 -------- d-----w- C:\Program Files\Bonjour

2011-10-12 08:03:23 -------- d-----w- C:\Program Files (x86)\Bonjour

2011-10-12 02:55:44 75776 ----a-w- C:\Windows\SysWow64\psisrndr.ax

2011-10-12 02:55:44 613888 ----a-w- C:\Windows\System32\psisdecd.dll

2011-10-12 02:55:44 465408 ----a-w- C:\Windows\SysWow64\psisdecd.dll

2011-10-12 02:55:44 108032 ----a-w- C:\Windows\System32\psisrndr.ax

2011-10-12 02:55:24 861696 ----a-w- C:\Windows\System32\oleaut32.dll

2011-10-12 02:55:24 571904 ----a-w- C:\Windows\SysWow64\oleaut32.dll

2011-10-12 02:55:24 331776 ----a-w- C:\Windows\System32\oleacc.dll

2011-10-12 02:55:24 233472 ----a-w- C:\Windows\SysWow64\oleacc.dll

2011-10-10 13:23:43 -------- d-----w- C:\Program Files (x86)\Lavalys

2011-10-10 13:18:54 -------- d-----w- C:\Windows\System32\wbem\Framework\root\CPUThermometer

2011-10-10 13:18:54 -------- d-----w- C:\Windows\System32\wbem\Framework\root

2011-10-10 13:18:54 -------- d-----w- C:\Windows\System32\wbem\Framework

.

==================== Find3M ====================

.

2011-10-09 01:25:30 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2011-10-02 08:10:32 280904 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr

2011-10-02 08:10:32 280904 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe

2011-10-02 08:07:08 280904 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0

2011-09-30 16:15:57 75136 ----a-w- C:\Windows\SysWow64\PnkBstrA.exe

2011-09-16 04:10:24 35616 ----a-w- C:\Windows\System32\lmimirr.dll

2011-09-16 04:10:24 14624 ----a-w- C:\Windows\System32\lmimirr2.dll

2011-09-16 04:10:24 11552 ----a-w- C:\Windows\System32\drivers\lmimirr.sys

2011-09-09 08:23:34 2469760 ----a-w- C:\Windows\SysWow64\BootMan.exe

2011-09-07 07:06:40 3321728 ----a-w- C:\Windows\System32\BootMan.exe

2011-09-01 05:24:07 2309120 ----a-w- C:\Windows\System32\jscript9.dll

2011-09-01 05:17:57 1389056 ----a-w- C:\Windows\System32\wininet.dll

2011-09-01 05:12:04 2382848 ----a-w- C:\Windows\System32\mshtml.tlb

2011-09-01 02:35:59 1798144 ----a-w- C:\Windows\SysWow64\jscript9.dll

2011-09-01 02:28:15 1126912 ----a-w- C:\Windows\SysWow64\wininet.dll

2011-09-01 02:22:54 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2011-08-30 12:05:32 96104 ----a-w- C:\Windows\System32\dns-sd.exe

2011-08-30 12:05:32 85864 ----a-w- C:\Windows\System32\dnssd.dll

2011-08-30 12:05:32 61288 ----a-w- C:\Windows\System32\jdns_sd.dll

2011-08-30 12:05:32 212840 ----a-w- C:\Windows\System32\dnssdX.dll

2011-08-30 12:05:04 83816 ----a-w- C:\Windows\SysWow64\dns-sd.exe

2011-08-30 12:05:04 73064 ----a-w- C:\Windows\SysWow64\dnssd.dll

2011-08-30 12:05:04 50536 ----a-w- C:\Windows\SysWow64\jdns_sd.dll

2011-08-30 12:05:04 178536 ----a-w- C:\Windows\SysWow64\dnssdX.dll

2011-08-29 14:54:28 117520 ----a-w- C:\Windows\System32\drivers\MijXfilt.sys

2006-12-29 04:15:42 3100672 ----a-w- C:\Program Files (x86)\Common Files\sapxlhelper.dll

2006-12-29 04:15:40 626688 ----a-w- C:\Program Files (x86)\Common Files\sapconsaccess.dll

2006-12-29 04:15:40 40960 ----a-w- C:\Program Files (x86)\Common Files\DigitalSignature.ocx

2006-12-29 04:15:40 192512 ----a-w- C:\Program Files (x86)\Common Files\sapconsr3.dll

.

============= FINISH: 13:21:45.37 ===============

Link to post
Share on other sites

  • Staff

Hi and welcome to Malwarebytes.

Please update MBAM, run a Quick Scan, and post its log.

Next, please visit this webpage for instructions for running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

  • When the tool is finished, it will produce a report for you.
  • Please post the contents of C:\ComboFix.txt along with a new DDS log so we may continue cleaning the system.

Link to post
Share on other sites

  • 3 weeks later...
  • Staff

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.