Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

System Security Virus


  • Please log in to reply
5 replies to this topic

#1 cre8it8

cre8it8

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:11:46 PM

Posted 16 July 2009 - 03:49 PM

My computer was severely infected by System Security and everything I did to fix it eventually led to a computer that would not work so I just reloaded Windows XP Professional. I have sense ran Malwarebytes, Superantispyware (both in safe mode and regular), AVG8.5 (both in safe mode and regular), Windows Defender. The first time I ran Malwarebytes after reloading Windows XP I got the following infection warnings (continued comments after log):

Malwarebytes' Anti-Malware 1.39
Database version: 2431
Windows 5.1.2600 Service Pack 2

7/14/2009 5:39:40 PM
mbam-log-2009-07-14 (17-39-40).txt

Scan type: Quick Scan
Objects scanned: 85872
Time elapsed: 2 minute(s), 38 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 7
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 3
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\TypeLib\{4d25f920-b9fe-4682-bf72-8ab8210d6d75} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{4d25f923-b9fe-4682-bf72-8ab8210d6d75} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{4d25f921-b9fe-4682-bf72-8ab8210d6d75} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{4d25f921-b9fe-4682-bf72-8ab8210d6d75} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4d25f921-b9fe-4682-bf72-8ab8210d6d75} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{4d25f924-b9fe-4682-bf72-8ab8210d6d75} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{4d25f926-b9fe-4682-bf72-8ab8210d6d75} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\{4d25f926-b9fe-4682-bf72-8ab8210d6d75} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Program Files\MyWaySA (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\MyWaySA\SrchAsDe (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\MyWaySA\SrchAsDe\1.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Files Infected:
C:\Program Files\MyWaySA\SrchAsDe\1.bin\deSrcAs.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.


So this made me a bit paranoid that I didn't get rid of the virus when I reloaded Windows XP, even though the other scans showed nothing wrong. Now when anything is acting strange I get worried that I missed some sort of backdoor Trojan and someone is stealing data off my computer. So this is why I am asking for your help. Can you tell me if everything is ok now with my computer? Your help is greatly appreciated. Thank you. Here's the DDS data:



DDS (Ver_09-06-26.01) - NTFSx86
Run by Robert at 16:39:58.48 on Thu 07/16/2009
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1451 [GMT -4:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Documents and Settings\Robert\My Documents\Downloads\dds.scr

============== Pseudo HJT Report ===============

uStart Page = msn.com
uDefault_Page_URL = hxxp://www.dell4me.com/mywaybiz
uSearch Bar = hxxp://bfc.myway.com/search/de_srchlft.html
uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
uURLSearchHooks: H - No File
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 6.0\reader\activex\AcroIEHelper.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {BA52B914-B692-46c4-B683-905236F6F655} - No File
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [Apoint] c:\program files\apoint\Apoint.exe
mRun: [<NO NAME>]
mRun: [ATIPTA] c:\program files\ati technologies\ati control panel\atiptaxx.exe
mRun: [Dell QuickSet] c:\program files\dell\quickset\quickset.exe
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - hxxp://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,90/mcinsctl.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1247611821350
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: AtiExtEvent - Ati2evxx.dll
Notify: avgrsstarter - avgrsstx.dll
Notify: IntelWireless - c:\program files\intel\wireless\bin\LgNotify.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\window~4\MpShHook.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\robert\applic~1\mozilla\firefox\profiles\njyfd6al.default\
FF - prefs.js: browser.startup.homepage - msn.com
FF - prefs.js: keyword.URL - hxxp://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_us&p=
FF - component: c:\program files\avg\avg8\firefox\components\avgssff.dll
FF - component: c:\program files\avg\avg8\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
FF - component: c:\program files\avg\avg8\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\avg\avg8\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\avg\avg8\toolbar\firefox\avg@igeared\components\xpavgtbapi.dll
FF - plugin: c:\documents and settings\robert\application data\mozilla\firefox\profiles\njyfd6al.default\extensions\moveplayer@movenetworks.com\platform\winnt_x86-msvc\plugins\npmnqmp071303000006.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npFoxitReaderPlugin.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPTURNMED.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\mozilla firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\mozilla firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");

============= SERVICES / DRIVERS ===============

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-7-14 327688]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-7-14 27784]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-7-14 108552]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-6-23 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-6-23 72944]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\avg\avg8\avgemc.exe [2009-7-14 906520]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-7-14 298776]
R2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-6-23 7408]

=============== Created Last 30 ================

2009-07-16 16:10 <DIR> --d----- c:\docume~1\robert\applic~1\ZipGenius
2009-07-16 16:09 <DIR> --d----- c:\program files\ZipGenius 6
2009-07-15 18:00 <DIR> --d----- c:\windows\system32\NtmsData
2009-07-15 16:03 268,648 a------- c:\windows\system32\mucltui.dll
2009-07-15 16:03 27,496 a------- c:\windows\system32\mucltui.dll.mui
2009-07-15 04:04 1,089,593 -------- c:\windows\system32\dllcache\ntprint.cat
2009-07-15 03:30 <DIR> --d----- c:\program files\Foxit Software
2009-07-15 03:30 <DIR> --d----- c:\docume~1\robert\applic~1\Foxit
2009-07-15 00:13 26,368 a------- c:\windows\system32\dllcache\usbstor.sys
2009-07-14 23:54 <DIR> --d----- c:\program files\NinjaTrader 6.5
2009-07-14 23:40 <DIR> --d----- C:\f8bde89d7e9081d084
2009-07-14 23:40 <DIR> --d----- c:\windows\SxsCaPendDel
2009-07-14 23:32 <DIR> --d----- c:\windows\system32\XPSViewer
2009-07-14 23:31 14,048 -------- c:\windows\system32\spmsg2.dll
2009-07-14 22:20 <DIR> --d----- c:\windows\system32\appmgmt
2009-07-14 20:57 6,066,176 -------- c:\windows\system32\dllcache\ieframe.dll
2009-07-14 20:57 991,232 -------- c:\windows\system32\dllcache\ieframe.dll.mui
2009-07-14 20:57 459,264 -------- c:\windows\system32\dllcache\msfeeds.dll
2009-07-14 20:57 268,288 -------- c:\windows\system32\dllcache\iertutil.dll
2009-07-14 20:57 52,224 -------- c:\windows\system32\dllcache\msfeedsbs.dll
2009-07-14 20:57 13,824 -------- c:\windows\system32\dllcache\ieudinit.exe
2009-07-14 20:57 2,455,488 -------- c:\windows\system32\dllcache\ieapfltr.dat
2009-07-14 20:57 383,488 -------- c:\windows\system32\dllcache\ieapfltr.dll
2009-07-14 20:57 63,488 -------- c:\windows\system32\dllcache\icardie.dll
2009-07-14 20:29 <DIR> --d----- c:\program files\MSXML 4.0
2009-07-14 20:12 272,128 -------- c:\windows\system32\dllcache\bthport.sys
2009-07-14 20:10 203,136 -------- c:\windows\system32\dllcache\rmcast.sys
2009-07-14 20:10 455,296 -------- c:\windows\system32\dllcache\mrxsmb.sys
2009-07-14 20:10 333,952 -------- c:\windows\system32\dllcache\srv.sys
2009-07-14 20:10 331,776 -------- c:\windows\system32\dllcache\msadce.dll
2009-07-14 20:10 691,712 -------- c:\windows\system32\dllcache\inetcomm.dll
2009-07-14 20:09 247,326 -------- c:\windows\system32\dllcache\strmdll.dll
2009-07-14 20:09 337,408 -------- c:\windows\system32\dllcache\netapi32.dll
2009-07-14 20:09 1,106,944 -------- c:\windows\system32\dllcache\msxml3.dll
2009-07-14 20:08 1,203,922 -------- c:\windows\system32\dllcache\sysmain.sdb
2009-07-14 20:08 2,560 -------- c:\windows\system32\xpsp4res.dll
2009-07-14 20:08 215,552 -------- c:\windows\system32\dllcache\wordpad.exe
2009-07-14 19:44 <DIR> --d----- c:\windows\system32\scripting
2009-07-14 19:44 <DIR> --d----- c:\windows\l2schemas
2009-07-14 19:44 <DIR> --d----- c:\windows\system32\en
2009-07-14 19:43 <DIR> --d----- c:\windows\system32\bits
2009-07-14 19:36 <DIR> --d----- c:\windows\ServicePackFiles
2009-07-14 19:31 <DIR> --d----- c:\windows\network diagnostic
2009-07-14 19:13 1,041,536 -------- c:\windows\system32\drivers\hsfdpsp2.sys
2009-07-14 19:13 685,056 -------- c:\windows\system32\drivers\hsfcxts2.sys
2009-07-14 19:13 220,032 -------- c:\windows\system32\drivers\hsfbs2s2.sys
2009-07-14 19:13 129,045 -------- c:\windows\system32\drivers\cxthsfs2.cty
2009-07-14 18:58 8,192 a------- c:\windows\REGLOCS.OLD
2009-07-14 18:55 26,488 a------- c:\windows\system32\spupdsvc.exe
2009-07-14 18:55 <DIR> --d----- c:\windows\system32\PreInstall
2009-07-14 18:49 <DIR> --dsh--- c:\documents and settings\robert\UserData
2009-07-14 18:48 12,160 a------- c:\windows\system32\drivers\mouhid.sys
2009-07-14 18:48 12,160 a------- c:\windows\system32\dllcache\mouhid.sys
2009-07-14 18:48 10,368 a------- c:\windows\system32\drivers\hidusb.sys
2009-07-14 17:57 11,952 a------- c:\windows\system32\avgrsstx.dll
2009-07-14 17:57 108,552 a------- c:\windows\system32\drivers\avgtdix.sys
2009-07-14 17:57 327,688 a------- c:\windows\system32\drivers\avgldx86.sys
2009-07-14 17:57 <DIR> --d----- c:\windows\system32\drivers\Avg
2009-07-14 17:57 <DIR> --d----- c:\docume~1\alluse~1\applic~1\AVG Security Toolbar
2009-07-14 17:56 <DIR> --d----- c:\program files\AVG
2009-07-14 17:56 <DIR> --d----- c:\docume~1\alluse~1\applic~1\avg8
2009-07-14 17:49 <DIR> --d----- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2009-07-14 17:49 <DIR> --d----- c:\program files\SUPERAntiSpyware
2009-07-14 17:49 <DIR> --d----- c:\docume~1\robert\applic~1\SUPERAntiSpyware.com
2009-07-14 17:49 <DIR> --d----- c:\program files\common files\Wise Installation Wizard
2009-07-14 17:47 <DIR> --d----- c:\program files\Trend Micro
2009-07-14 17:34 <DIR> --d----- c:\docume~1\robert\applic~1\Malwarebytes
2009-07-14 17:34 38,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-14 17:34 19,096 a------- c:\windows\system32\drivers\mbam.sys
2009-07-14 17:34 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-07-14 17:34 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-07-14 17:17 410,984 a------- c:\windows\system32\deploytk.dll
2009-07-14 17:17 73,728 a------- c:\windows\system32\javacpl.cpl
2009-07-14 17:07 <DIR> --d----- c:\docume~1\robert\applic~1\McAfee.com Personal Firewall
2009-07-14 17:06 <DIR> --d----- c:\windows\system32\LogFiles
2009-07-14 17:05 <DIR> --d----- c:\docume~1\robert\applic~1\Intel
2009-07-14 17:05 <DIR> --d----- c:\documents and settings\Robert
2009-07-14 17:01 <DIR> --d----- c:\windows\system32\SoftwareDistribution

==================== Find3M ====================

2009-07-14 19:52 88,375 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2009-06-16 10:36 119,808 a------- c:\windows\system32\t2embed.dll
2009-06-16 10:36 81,920 a------- c:\windows\system32\fontsub.dll
2009-06-16 10:36 119,808 -------- c:\windows\system32\dllcache\t2embed.dll
2009-06-16 10:36 81,920 -------- c:\windows\system32\dllcache\fontsub.dll
2009-06-15 16:10 98,304 a------- c:\windows\system32\NtDirect.dll
2009-06-03 15:09 1,291,264 a------- c:\windows\system32\quartz.dll
2009-06-03 15:09 1,291,264 -------- c:\windows\system32\dllcache\quartz.dll
2009-05-07 11:32 345,600 a------- c:\windows\system32\localspl.dll
2009-05-07 11:32 345,600 -------- c:\windows\system32\dllcache\localspl.dll
2009-04-29 00:56 827,392 a------- c:\windows\system32\wininet.dll
2009-04-29 00:56 827,392 -------- c:\windows\system32\dllcache\wininet.dll
2009-04-29 00:56 233,472 -------- c:\windows\system32\dllcache\webcheck.dll
2009-04-29 00:56 1,159,680 -------- c:\windows\system32\dllcache\urlmon.dll
2009-04-29 00:56 671,232 -------- c:\windows\system32\dllcache\mstime.dll
2009-04-29 00:56 105,984 -------- c:\windows\system32\dllcache\url.dll
2009-04-29 00:56 102,912 -------- c:\windows\system32\dllcache\occache.dll
2009-04-29 00:56 44,544 -------- c:\windows\system32\dllcache\pngfilt.dll
2009-04-29 00:56 3,596,288 -------- c:\windows\system32\dllcache\mshtml.dll
2009-04-29 00:56 477,696 -------- c:\windows\system32\dllcache\mshtmled.dll
2009-04-29 00:56 193,024 -------- c:\windows\system32\dllcache\msrating.dll
2009-04-29 00:55 27,648 -------- c:\windows\system32\dllcache\jsproxy.dll
2009-04-29 00:55 44,544 -------- c:\windows\system32\dllcache\iernonce.dll
2009-04-29 00:55 78,336 a------- c:\windows\system32\ieencode.dll
2009-04-29 00:55 385,024 -------- c:\windows\system32\dllcache\iedkcs32.dll
2009-04-29 00:55 230,400 -------- c:\windows\system32\dllcache\ieaksie.dll
2009-04-29 00:55 214,528 -------- c:\windows\system32\dllcache\dxtrans.dll
2009-04-29 00:55 153,088 -------- c:\windows\system32\dllcache\ieakeng.dll
2009-04-29 00:55 133,120 -------- c:\windows\system32\dllcache\extmgr.dll
2009-04-29 00:55 78,336 -------- c:\windows\system32\dllcache\ieencode.dll
2009-04-29 00:55 347,136 -------- c:\windows\system32\dllcache\dxtmsft.dll
2009-04-29 00:55 124,928 -------- c:\windows\system32\dllcache\advpack.dll
2009-04-29 00:46 1,499,136 -------- c:\windows\system32\dllcache\shdocvw.dll
2009-04-28 05:05 70,656 -------- c:\windows\system32\dllcache\ie4uinit.exe
2009-04-25 01:27 636,088 -------- c:\windows\system32\dllcache\iexplore.exe
2009-04-25 01:26 161,792 -------- c:\windows\system32\dllcache\ieakui.dll

============= FINISH: 16:40:09.36 ===============

BC AdBot (Login to Remove)

 


#2 shelf life

shelf life

  • Malware Response Team
  • 2,651 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:11:46 PM

Posted 26 July 2009 - 11:34 AM

Sorry for delay, no shortage of posters. If you still need help, reply to post.

FYI: only a reformat of your hard drive followed by a reinstall of Windows will be a guarantee to remove malware, not a "reload"

How Can I Reduce My Risk to Malware?


#3 cre8it8

cre8it8
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:11:46 PM

Posted 26 July 2009 - 07:22 PM

Hi shelf life.

No worries on the delay I totally understand.

I would still like you to check out my Hijack This or DDS info if you could. I have sense added some of the recommended security programs from this site and did more scans and everything has been coming up negative. Would you like me to do a new DDS/Highjack because of the changes? Also, I did just do the reload of Windows not a reformat.

Thanks for any help.

#4 shelf life

shelf life

  • Malware Response Team
  • 2,651 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:11:46 PM

Posted 27 July 2009 - 06:05 PM

hi,

Log looks ok to me. MyWebSearch is really just annoying adware, nothing like a backdoor trojan or anything. Its easily removed. If (updated) MBAM, SAS and defender are coming up clean then i would say it all is good. Always check MBAM for updates before scanning with it. If all is good, here are some tips for reducing your risk to malware;



10 Tips for Reducing Your Risk To Malware:


1) It is essential to Keep your OS,(Windows) browser (IE, FireFox) and other software up to date to "patch" vulnerabilities that could be exploited. This is also true for web based applications like Java, Adobe Flash/Reader, QuickTime etc. Check there version status here.

2) Know what you are installing to your computer. Alot of software can come bundled with unwanted add-ons, like adware, toolbars and malware. Do not install any files from ads, popups or random links. Do not fall for fake warnings about virus and trojans being found on your computer and your then prompted to install software to remedy this. See also the signs that you may have malware on your computer.

3) Install and keep updated: one antivirus and two or three anti-malware applications. If not updated they will soon be worthless. Scanning frequency is a function of your computer habits.

4) Refrain from clicking on links or attachments you receive via E-Mail, IM, IRC, Chat Rooms or Social Networking Sites, no matter how tempting or legitimate the message may seem.

5) Don't click on ads/pop ups or offers from websites requesting that you need to install software, media players or codecs to your computer--for any reason.

6) Don't click on offers to "scan" your computer. Install ActiveX Objects with care. Do you trust the website?

7) Set up and use limited (non-privileged) accounts for everyday use, rather than administrator accounts. Limited accounts can help prevent *malware from installing.*

8) Install and understand the limitations of a software firewall.

9) Consider using an alternate browser and E-mail client. Internet Explorer and OutLook Express are popular targets for malicious code because they are widely used. All browsers can have vulnerabilities but statistically it is the most commonly used browser that will tend to be targeted the most. See also: Hardening or Securing Internet Explorer.

10) Warez, cracks etc are very popular for carrying malware payloads. Avoid. If you install files via p2p networks then you are much more likely to encounter malicious code. Do you trust the source? Do you really need another malware source?

A longer version in link below.

Happy Safe Surfing.

How Can I Reduce My Risk to Malware?


#5 cre8it8

cre8it8
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:11:46 PM

Posted 27 July 2009 - 07:45 PM

Thanks for the help shelf life!

I am applying the tips you sent also.

Edited by cre8it8, 27 July 2009 - 07:46 PM.


#6 shelf life

shelf life

  • Malware Response Team
  • 2,651 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:11:46 PM

Posted 28 July 2009 - 06:31 PM

ok your welcome, happy safe surfing out there.

How Can I Reduce My Risk to Malware?





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users