BleepingComputer.com: Unknown infection, slow computers

Jump to content

Forum Guidelines

Posted Image Read the following topic before creating a new topic in this forum. It contains instructions on the what we would like you to post, which will enable us to help you more quickly.

Preparation Guide For Use Before Using Malware Removal Tools and Requesting Help


Posted Image Unfortunately, with the amount of logs we receive per day, the average response time is 5 days. I want to assure you, though, that your topic will be looked at and responded to. So please be patient.


Posted Image DO NOT RUN ComboFix unless requested to.


Posted Image Only members of the Malware Response Team or Moderators are allowed to help people with logs. Anyone else should refrain from posting to another user's log.


Posted Image When posting a log please put the type of infection you have in the topic title. IE: Winfixer, Virtumonde, WinTools, WebSearch, Home Search Assistant, etc.


Posted Image Do not bump your topic. We try to resolve logs on a first come/first served basis. By bumping your log you will be pushed back in line due to the new date of your bump.
Page 1 of 1
  • You cannot start a new topic
  • This topic is locked

Unknown infection, slow computers Can't get anything to complete a scan successfully

#1 User is offline   Tofosho 

  • New Member
  • Pip
  • Find Topics
  • Group: Members
  • Posts: 1
  • Joined: 28-March 11

Posted 05 April 2011 - 02:33 PM

I have downloaded some movies recently and I fear that there has been some damaging malware to my system. I am a total newb as far as malware removal. I have tried running Superantispyware pro version and it found some minor threats and one trojan, but I am still having issues. Someone said i probably have a backdoor on my system? A friend tried helping me, but I think he is as clueless as I. I am following the instructions with an attached version as well as a pasted one. I go to school full time and am dependent on this computer for that. Guess i learned a lesson...don't dl torrents...hope someone can help me quick. Thanks in advance, Jen

.
DDS (Ver_11-03-05.01) - NTFS_AMD64
Run by Jen at 15:24:09.05 on Tue 04/05/2011
Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 1.6.0_24
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.7934.5575 [GMT -4:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE
C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE
C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\SysWOW64\SAgent4.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\System32\mobsync.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avscan.exe
C:\Windows\system32\LogonUI.exe
C:\Windows\system32\taskhost.exe
C:\Windows\explorer.exe
C:\Program Files\Logitech\SetPointP\SetPoint.exe
C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\TestOut\Orbis\OrbisClient.exe
C:\Program Files (x86)\TestOut\Orbis\OrbisClient.Troubleshooting.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files\Microsoft Security Client\Antimalware\MpCmdRun.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Jen\Desktop\dds.scr
C:\Windows\system32\conhost.exe
.
============== Pseudo HJT Report ===============
.
mWinlogon: Userinit=userinit.exe,
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: LastPass Browser Helper Object: {95d9ecf5-2a4d-4550-be49-70d42f71296e} - C:\Program Files (x86)\LastPass\LPBar.dll
BHO: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: LastPass Toolbar: {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPBar.dll
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
TB: {BA14329E-9550-4989-B3F2-9732E92D17CC} - No File
TB: {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - No File
TB: {30F9B915-B755-4826-820B-08FBA6BD249D} - No File
uRunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10n_Plugin.exe -update plugin
mRun: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
StartupFolder: C:\Users\Jen\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\LOGITE~1.LNK - C:\Program Files (x86)\Common Files\LogiShrd\eReg\SetPoint\eReg.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: LastPass - file://C:\Program Files (x86)\LastPass\context.html?cmd=lastpass
IE: LastPass Fill Forms - file://C:\Program Files (x86)\LastPass\context.html?cmd=fillforms
IE: {43699cd0-e34f-11de-8a39-0800200c9a66} - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPBar.dll
LSP: C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
BHO-X64: LastPass Browser Helper Object: {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPBar64.dll
BHO-X64: LastPass Browser Helper Object - No File
TB-X64: LastPass Toolbar: {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPBar64.dll
TB-X64: {BA14329E-9550-4989-B3F2-9732E92D17CC} - No File
TB-X64: {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - No File
TB-X64: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
TB-X64: {30F9B915-B755-4826-820B-08FBA6BD249D} - No File
mRun-x64: [Logitech Download Assistant] C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
mRun-x64: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Jen\AppData\Roaming\Mozilla\Firefox\Profiles\fkcbeznh.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxps://www.owens.edu/
FF - component: C:\Users\Jen\AppData\Roaming\Mozilla\Firefox\Profiles\fkcbeznh.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}\components\FFExternalAlert.dll
FF - component: C:\Users\Jen\AppData\Roaming\Mozilla\Firefox\Profiles\fkcbeznh.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}\components\RadioWMPCore.dll
FF - component: C:\Users\Jen\AppData\Roaming\Mozilla\Firefox\Profiles\fkcbeznh.default\extensions\support@lastpass.com\platform\WINNT_x86-msvc\components\lpxpcom.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\4.0.60129.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npclntax_ClickPotatoLiteSA.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
============= SERVICES / DRIVERS ===============
.
R1 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2010-10-24 188928]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\System32\drivers\vwififlt.sys [2009-7-13 59904]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2009-6-14 203264]
R2 AntiVirMailService;Avira AntiVir MailGuard;C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe [2011-3-19 339624]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [2011-3-19 135336]
R2 AntiVirService;Avira AntiVir Guard;C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2011-3-19 269480]
R2 AntiVirWebService;Avira AntiVir WebGuard;C:\Program Files (x86)\Avira\AntiVir Desktop\avwebgrd.exe [2011-3-19 421032]
R2 AsSysCtrlService;ASUS System Control Service;C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe [2010-11-30 90112]
R2 avgntflt;avgntflt;C:\Windows\System32\drivers\avgntflt.sys [2011-3-19 83120]
R2 OrbisClient.Services;LabSim Configuration and Security;C:\Program Files (x86)\TestOut\Orbis\OrbisClient.Services.exe [2011-3-11 52736]
R3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;C:\Windows\System32\drivers\LEqdUsb.sys [2010-8-24 74320]
R3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;C:\Windows\System32\drivers\LHidEqd.sys [2010-8-24 13392]
R3 MpNWMon;Microsoft Malware Protection Network Driver;C:\Windows\System32\drivers\MpNWMon.sys [2010-10-24 40832]
R3 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2010-10-24 72064]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [2010-11-11 282616]
R3 RTL8187B;NETGEAR WG111v3 Wireless-G USB Adapter Win7 Driver;C:\Windows\System32\drivers\wg111v3.sys [2011-1-28 446976]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\System32\drivers\vwifimp.sys [2009-7-13 17920]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-3-5 59392]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2010-9-28 51712]
S3 VBoxUSB;VirtualBox USB;C:\Windows\System32\drivers\VBoxUSB.sys [2011-1-18 43792]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-3-4 1255736]
S3 WSDPrintDevice;WSD Print Support via UMB;C:\Windows\System32\drivers\WSDPrint.sys [2009-7-13 23040]
S3 WSDScan;WSD Scan Support via UMB;C:\Windows\System32\drivers\WSDScan.sys [2009-7-13 25088]
.
=============== Created Last 30 ================
.
2011-04-05 17:15:19 1465344 ----a-w- C:\Windows\System32\XpsPrint.dll
2011-04-05 17:15:18 870912 ----a-w- C:\Windows\SysWow64\XpsPrint.dll
2011-04-05 17:15:18 475648 ----a-w- C:\Windows\System32\XpsGdiConverter.dll
2011-04-05 17:15:18 288256 ----a-w- C:\Windows\SysWow64\XpsGdiConverter.dll
2011-04-05 13:45:02 53248 ----a-r- C:\Users\Jen\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
2011-04-05 13:44:50 18960 ----a-w- C:\Windows\System32\drivers\LNonPnP.sys
2011-04-05 13:43:31 -------- d-----w- C:\Users\Jen\AppData\Roaming\Logishrd
2011-04-05 13:28:53 601424 ----a-w- C:\PROGRA~3\Microsoft\Microsoft Antimalware\Definition Updates\{3860CEDB-5F3D-476F-84E6-D3D14EB77FD1}\gapaengine.dll
2011-04-05 13:28:48 8424784 ----a-w- C:\PROGRA~3\Microsoft\Microsoft Antimalware\Definition Updates\{F8419055-33FF-4FDA-A8E9-CB674FBD1066}\mpengine.dll
2011-03-28 15:17:12 4277016 ----a-w- C:\PROGRA~3\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-3\markup.dll
2011-03-28 15:16:15 42776 ----a-w- C:\PROGRA~3\Microsoft\eHome\Packages\MCEClientUX\dSM-3\StartResources.dll
2011-03-27 17:44:46 131072 ----a-w- C:\Windows\SysWow64\SAgent4.exe
2011-03-26 23:19:32 781272 ----a-w- C:\Program Files (x86)\Mozilla Firefox\mozsqlite3.dll
2011-03-26 23:19:32 1874904 ----a-w- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2011-03-26 23:19:32 142296 ----a-w- C:\Program Files (x86)\Mozilla Firefox\components\browsercomps.dll
2011-03-26 23:19:31 728024 ----a-w- C:\Program Files (x86)\Mozilla Firefox\libGLESv2.dll
2011-03-26 23:19:31 1975768 ----a-w- C:\Program Files (x86)\Mozilla Firefox\D3DCompiler_42.dll
2011-03-26 23:19:31 1893336 ----a-w- C:\Program Files (x86)\Mozilla Firefox\d3dx9_42.dll
2011-03-26 23:19:31 15832 ----a-w- C:\Program Files (x86)\Mozilla Firefox\mozalloc.dll
2011-03-26 23:19:31 142296 ----a-w- C:\Program Files (x86)\Mozilla Firefox\libEGL.dll
2011-03-26 04:38:49 601424 ----a-w- C:\PROGRA~3\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2011-03-26 04:38:48 601424 ------w- C:\PROGRA~3\Microsoft\Microsoft Antimalware\Definition Updates\{EF8442A0-E78E-4AAA-A2E1-B5C07215EEA6}\gapaengine.dll
2011-03-19 06:21:52 -------- d-----w- C:\Users\Jen\AppData\Roaming\Avira
2011-03-19 06:18:07 83120 ----a-w- C:\Windows\System32\drivers\avgntflt.sys
2011-03-19 06:18:05 -------- d-----w- C:\Program Files (x86)\Avira
2011-03-19 06:18:05 -------- d-----w- C:\PROGRA~3\Avira
2011-03-19 06:05:37 -------- d-----w- C:\Windows\pss
2011-03-19 05:32:59 189520 ----a-w- C:\Windows\SysWow64\drivers\tmcomm.sys
2011-03-19 04:36:31 388096 ----a-r- C:\Users\Jen\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-03-19 04:36:31 -------- d-----w- C:\Program Files (x86)\Trend Micro
2011-03-09 19:53:19 723968 ----a-w- C:\Windows\System32\EncDec.dll
2011-03-09 19:53:18 961024 ----a-w- C:\Windows\System32\CPFilters.dll
2011-03-09 19:53:18 642048 ----a-w- C:\Windows\SysWow64\CPFilters.dll
2011-03-09 19:53:18 534528 ----a-w- C:\Windows\SysWow64\EncDec.dll
2011-03-09 19:53:18 259072 ----a-w- C:\Windows\System32\mpg2splt.ax
2011-03-09 19:53:18 1118720 ----a-w- C:\Windows\System32\sbe.dll
2011-03-09 19:53:17 850944 ----a-w- C:\Windows\SysWow64\sbe.dll
2011-03-09 19:53:17 199680 ----a-w- C:\Windows\SysWow64\mpg2splt.ax
2011-03-07 15:40:09 77824 ----a-w- C:\Windows\SysWow64\EBAPI.dll
2011-03-07 15:40:09 65536 ----a-w- C:\Windows\SysWow64\EEBUtil.dll
2011-03-07 15:40:09 55808 ----a-w- C:\Windows\SysWow64\EEBSDKIF.dll
2011-03-07 15:40:09 135168 ----a-w- C:\Windows\SysWow64\EEBAPI.dll
2011-03-07 15:40:09 110592 ----a-w- C:\Windows\SysWow64\EEBDSCVR.dll
2011-03-07 15:10:37 -------- d-----w- C:\Program Files (x86)\EpsonNet
2011-03-07 15:09:48 558592 ----a-w- C:\Windows\System32\ensppmon.dll
2011-03-07 15:09:48 558592 ----a-w- C:\Windows\System32\enppmon.dll
2011-03-07 15:09:48 538112 ----a-w- C:\Windows\System32\ensppui.dll
2011-03-07 15:09:48 538112 ----a-w- C:\Windows\System32\enppui.dll
2011-03-07 15:09:48 250880 ----a-w- C:\Windows\System32\enspres.dll
2011-03-07 15:09:48 250880 ----a-w- C:\Windows\System32\enpres.dll
2011-03-07 15:09:47 -------- d-----w- C:\Program Files\EpsonNet
2011-03-07 15:08:58 -------- d-----w- C:\Program Files (x86)\Common Files\EPSON
2011-03-07 15:07:44 282624 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\UpdateService\agent.exe
2011-03-07 15:05:50 459776 ----a-w- C:\Windows\System32\esxwiaud.dll
2011-03-07 15:05:50 17408 ----a-w- C:\Windows\System32\esxcdev.dll
2011-03-07 15:05:50 128392 ----a-w- C:\Windows\System32\esdevapp.exe
2011-03-07 15:05:49 -------- d-----w- C:\Program Files (x86)\epson
.
==================== Find3M ====================
.
2011-03-05 23:09:30 152576 ----a-w- C:\Windows\SysWow64\msclmd.dll
2011-03-05 23:09:29 175616 ----a-w- C:\Windows\System32\msclmd.dll
2011-02-03 01:40:23 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2011-01-23 02:39:10 99384 ----a-w- C:\Users\Jen\AppData\Roaming\inst.exe
2011-01-23 02:39:10 82816 ----a-w- C:\Windows\System32\drivers\pcouffin.sys
2011-01-23 02:39:10 82816 ----a-w- C:\Users\Jen\AppData\Roaming\pcouffin.sys
2011-01-18 22:05:48 54864 ----a-w- C:\Windows\System32\drivers\VBoxUSBMon.sys
2011-01-18 22:05:48 43792 ----a-w- C:\Windows\System32\drivers\VBoxUSB.sys
2011-01-18 22:05:48 226448 ----a-w- C:\Windows\System32\drivers\VBoxDrv.sys
2011-01-18 22:05:48 154256 ----a-w- C:\Windows\System32\drivers\VBoxNetAdp.sys
2011-01-18 22:05:46 318992 ----a-w- C:\Windows\System32\VBoxNetFltNotify.dll
2011-01-18 22:05:46 173840 ----a-w- C:\Windows\System32\drivers\VBoxNetFlt.sys
2011-01-07 12:14:11 46080 ----a-w- C:\Windows\System32\atmlib.dll
2011-01-07 09:51:01 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
2011-01-07 09:20:44 366592 ----a-w- C:\Windows\System32\atmfd.dll
2011-01-07 07:45:57 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
2011-01-07 06:01:22 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2011-01-07 05:43:36 294400 ----a-w- C:\Windows\SysWow64\atmfd.dll
.
============= FINISH: 15:24:25.23 ===============

Well i kept researching after i posted and i found a thread about the eset scanner, so i did that, and I am waiting on the results....

The Eset scan was going when i left yesterday, and i know it had at least one infection, because it showed 1 within like 2 minutes, but i had installed windows updates and the computer rebooted...so it deleted the results of the scan....hopefully the eset scan fixed the problems...I ran another one today and it was fine, no threats.

Attached File(s)


This post has been edited by Tofosho: 06 April 2011 - 09:12 AM

#2 User is offline   SweetTech 

  • Agent ST
  • PipPipPipPipPipPip
  • Find Topics
  • Group: Malware Response Team
  • Posts: 12,662
  • Joined: 15-March 09
  • Gender:Male
  • Location:Antarctica

Posted 13 April 2011 - 10:02 AM

Hello and welcome to the forums!

My secret agent name on the forums is SweetTech (you can call me ST for short), it's a pleasure to meet you. :)

I am very sorry for the delay in responding, but as you can see we are at the moment being flooded with logs which, when paired with the never-ending shortage of helpers, resulted in the delayed responding to your thread.

I would be glad to take a look at your log and help you with solving any malware problems.

If you have since resolved the issues you were originally experiencing, or have received help elsewhere, please inform me so that this topic can be closed.

If you have not, please adhere to the guidelines below and then follow instructions as outlined further below:

  • Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post. Please remember, I am a volunteer, and I do have a life outside of these forums.

  • Please make sure to carefully read any instruction that I give you. Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.

  • If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!

  • In Windows Vista and Windows 7, all tools need to be started by right clicking and selecting Run as Administrator!

  • Do not do things I do not ask for, such as running a spyware scan on your computer. The one thing that you should always do, is to make sure sure that your anti-virus definitions are up-to-date!

  • Please do not use the Attachment feature for any log file. Do a Copy/Paste of the entire contents of the log file and submit it inside your post.

  • I am going to stick with you until ALL malware is gone from your system. I would appreciate it if you would do the same. From this point, we're in this together ;)
    Because of this, you must reply within three days     failure to reply will result in the topic being closed!

  • Please do not PM me directly for help. If you have any questions, post them in this topic.

  • Lastly, I am no magician. I will try very hard to fix your issues, but no promises can be made. Also be aware that some infections are so severe that you might need to resort to reformatting and reinstalling your operating system.
    Don't worry, this only happens in severe cases, but it sadly does happen. Be prepared to back up your data. Have means of backing up your data available.


____________________________________________________

Running OTL

We need to create an OTL Report
  • Please download OTL from one of the following mirrors:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt <-- Will be minimized



NEXT:


What issues are you currently experiencing with your computer?
Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.

#3 User is offline   SweetTech 

  • Agent ST
  • PipPipPipPipPipPip
  • Find Topics
  • Group: Malware Response Team
  • Posts: 12,662
  • Joined: 15-March 09
  • Gender:Male
  • Location:Antarctica

Posted 16 April 2011 - 05:40 PM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.
Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.

#4 User is offline   SweetTech 

  • Agent ST
  • PipPipPipPipPipPip
  • Find Topics
  • Group: Malware Response Team
  • Posts: 12,662
  • Joined: 15-March 09
  • Gender:Male
  • Location:Antarctica

Posted 17 April 2011 - 02:43 PM

This topic has been re-opened at the request of the person who originally posted.
Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.

#5 User is offline   SweetTech 

  • Agent ST
  • PipPipPipPipPipPip
  • Find Topics
  • Group: Malware Response Team
  • Posts: 12,662
  • Joined: 15-March 09
  • Gender:Male
  • Location:Antarctica

Posted 21 April 2011 - 08:33 PM

Do you still require assistance?
Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.

#6 User is offline   SweetTech 

  • Agent ST
  • PipPipPipPipPipPip
  • Find Topics
  • Group: Malware Response Team
  • Posts: 12,662
  • Joined: 15-March 09
  • Gender:Male
  • Location:Antarctica

Posted 25 April 2011 - 12:15 PM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.
Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.

Share this topic:


Page 1 of 1
  • You cannot start a new topic
  • This topic is locked

1 User(s) are reading this topic
0 members, 1 guests, 0 anonymous users