Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

logan estudos - keygen autostart


  • This topic is locked This topic is locked
6 replies to this topic

#1 agentone

agentone

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:01:51 AM

Posted 05 May 2010 - 01:36 PM

Hello, i am new to this site and i have a problem for a very long time now.
It al started when i downloaded a keygen called rld-s3wk.
Every time i start up my pc it pops up and in msconfig i have tried to disable logan estudos but it keeps comming back.
i have done some research on previous topics but nothing could help me.
I also noticed when i start up my pc in task manager firefox is opened while it is not displayed.
when i end the proccess it automatically comes back after 5 seconds and the keygen starts up as well again !

i have downloaded,registered, and updated my Malwarebytes' Anti-Malware and here is the log:

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4069

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

05/05/2010 18:55:16
mbam-log-2010-05-05 (18-55-16).txt

Scan type: Quick scan
Objects scanned: 126397
Time elapsed: 4 minute(s), 19 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 7

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\hkcu (Backdoor.Bot) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Users\Mohammed\AppData\Local\Temp\xxxyyyzzz.dat (Malware.Trace) -> Quarantined and deleted successfully.
C:\Users\Mohammed\AppData\Local\Temp\IELOGIN.abc (Malware.Trace) -> Quarantined and deleted successfully.
C:\Users\Mohammed\AppData\Local\Temp\MSN.abc (Malware.Trace) -> Quarantined and deleted successfully.
C:\Users\Mohammed\AppData\Roaming\spynet\explorer.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Users\Mohammed\AppData\Roaming\logs.dat (Bifrose.Trace) -> Quarantined and deleted successfully.
C:\Users\Mohammed\AppData\Local\Temp\UuU.uUu (Malware.Trace) -> Quarantined and deleted successfully.
C:\Users\Mohammed\AppData\Local\Temp\XxX.xXx (Malware.Trace) -> Quarantined and deleted successfully.




ALSO this is the protection log:



19:01:11 Mohammed MESSAGE Protection started successfully
19:01:15 Mohammed MESSAGE IP Protection started successfully
19:02:12 Mohammed DETECTION C:\Users\Mohammed\AppData\Local\Temp\XxX.xXx Malware.Trace QUARANTINE
19:02:27 Mohammed DETECTION C:\Users\Mohammed\AppData\Local\Temp\XxX.xXx Malware.Trace DENY
19:14:00 Mohammed MESSAGE IP Protection stopped
19:14:00 Mohammed MESSAGE IP Protection started successfully
19:14:35 Mohammed MESSAGE IP Protection stopped
19:14:36 Mohammed MESSAGE IP Protection started successfully
19:19:43 Mohammed DETECTION C:\Users\Mohammed\AppData\Local\Temp\XxX.xXx Malware.Trace DENY
19:19:45 Mohammed DETECTION C:\Users\Mohammed\AppData\Local\Temp\XxX.xXx Malware.Trace DENY
19:19:47 Mohammed DETECTION C:\Users\Mohammed\AppData\Local\Temp\XxX.xXx Malware.Trace DENY
19:29:18 Mohammed DETECTION C:\Users\Mohammed\AppData\Local\Temp\XxX.xXx Malware.Trace DENY

And here is the DDS.txt i did right after i restarted my pc:
DDS (Ver_10-03-17.01) - NTFSx86
Run by Mohammed at 21:21:29.25 on 05/05/2010
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_17
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.44.1033.18.3071.2370 [GMT 1:00]


============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\PnkBstrA.exe
C:\Windows\system32\sppsvc.exe
C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Uniblue\DiskRescue\UBDiskRescueSrv.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Mohammed\Desktop\dds.scr
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://google.co.uk/
uInternet Settings,ProxyOverride = local
BHO: IDMIEHlprObj Class: {0055c089-8582-441b-a0bf-17b458c2a3a8} - c:\program files\internet download manager\IDMIECC.dll
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [HKCU] c:\users\mohammed\appdata\roaming\spynet\explorer.exe
mRun: [egui] "c:\program files\eset\eset smart security\egui.exe" /hide /waitservice
mRun: [<NO NAME>]
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Download all links with IDM - c:\program files\internet download manager\IEGetAll.htm
IE: Download FLV video content with IDM - c:\program files\internet download manager\IEGetVL.htm
IE: Download with IDM - c:\program files\internet download manager\IEExt.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} - hxxp://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} - hxxp://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

================= FIREFOX ===================

FF - ProfilePath - c:\users\mohammed\appdata\roaming\mozilla\firefox\profiles\tdt2kwky.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2260173&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Swag Bucks Customized Web Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/
FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpClipBook.dll
FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpClipBookDB.dll
FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpNeoLogger.dll
FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpSaturn.dll
FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpSeymour.dll
FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpSmartSelect.dll
FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpSmartWebPrinting.dll
FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpSWPOperation.dll
FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpXPLogging.dll
FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpXPMTC.dll
FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpXPMTL.dll
FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpXREStub.dll
FF - component: c:\users\mohammed\appdata\roaming\idm\idmmzcc3\components\idmmzcc.dll
FF - component: c:\users\mohammed\appdata\roaming\mozilla\firefox\profiles\tdt2kwky.default\extensions\{8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}\components\FFExternalAlert.dll
FF - component: c:\users\mohammed\appdata\roaming\mozilla\firefox\profiles\tdt2kwky.default\extensions\{8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}\components\RadioWMPCore.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\plugins\nphpclipbook.dll
FF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dv.dll

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox 3.6 beta 3\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox 3.6 beta 3\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox 3.6 beta 3\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox 3.6 beta 3\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox 3.6 beta 3\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox 3.6 beta 3\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox 3.6 beta 3\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox 3.6 beta 3\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox 3.6 beta 3\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox 3.6 beta 3\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox 3.6 beta 3\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox 3.6 beta 3\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox 3.6 beta 3\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox 3.6 beta 3\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox 3.6 beta 3\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox 3.6 beta 3\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox 3.6 beta 3\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox 3.6 beta 3\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox 3.6 beta 3\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox 3.6 beta 3\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox 3.6 beta 3\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox 3.6 beta 3\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox 3.6 beta 3\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox 3.6 beta 3\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox 3.6 beta 3\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox 3.6 beta 3\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox 3.6 beta 3\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox 3.6 beta 3\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox 3.6 beta 3\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R2 ekrn;ESET Service;c:\program files\eset\eset smart security\ekrn.exe [2009-11-16 735960]
R2 epfwwfp;epfwwfp;c:\windows\system32\drivers\epfwwfp.sys [2009-11-16 38240]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\nvidia corporation\3d vision\nvSCPAPISvr.exe [2010-4-3 240232]
R2 Uniblue DiskRescue;Uniblue DiskRescue;c:\program files\uniblue\diskrescue\UBDiskRescueSrv.exe [2008-9-10 229648]
S2 .EsetTrialReset;Eset Trial Reset;c:\windows\reset.exe [2009-3-13 357182]
S2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2010-5-5 304464]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-5-5 20952]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [2010-2-26 137344]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [2010-2-26 8320]

=============== Created Last 30 ================

2010-05-05 17:49:04 0 d-----w- c:\users\mohammed\appdata\roaming\Malwarebytes
2010-05-05 17:48:51 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-05-05 17:48:50 0 d-----w- c:\programdata\Malwarebytes
2010-05-05 17:48:49 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-05-05 17:48:48 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-05-03 13:28:53 0 d-----w- c:\program files\Science cd
2010-04-28 20:31:45 293376 ----a-w- c:\windows\system32\browserchoice.exe
2010-04-27 18:30:22 194488 ----a-w- c:\windows\system32\drivers\fvevol.sys
2010-04-27 18:30:15 1037312 ----a-w- c:\windows\system32\lsasrv.dll
2010-04-27 18:30:14 133720 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2010-04-20 17:27:44 0 d-----w- c:\users\mohammed\appdata\roaming\EurekaLog
2010-04-19 17:43:14 0 d-----w- c:\programdata\Zbshareware Lab
2010-04-19 17:40:59 0 d-----w- c:\program files\USB Disk Security
2010-04-15 19:05:08 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01009.Wdf
2010-04-15 19:04:15 0 d-----w- c:\programdata\Nokia
2010-04-15 17:58:41 18816 ----a-w- c:\windows\system32\drivers\pccsmcfd.sys
2010-04-15 17:58:32 0 d-----w- c:\program files\PC Connectivity Solution
2010-04-15 17:57:28 0 d-----w- c:\programdata\OviInstallerCache
2010-04-14 12:21:16 3899280 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-04-14 12:21:15 3954568 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-04-14 12:21:14 427520 ----a-w- c:\windows\system32\vbscript.dll
2010-04-14 12:21:12 221696 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2010-04-14 12:21:11 95744 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2010-04-14 12:21:11 123392 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-04-14 12:20:45 132608 ----a-w- c:\windows\system32\cabview.dll
2010-04-14 12:20:44 172032 ----a-w- c:\windows\system32\wintrust.dll

==================== Find3M ====================

2010-05-05 18:40:25 22328 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2010-05-05 18:40:16 103736 ----a-w- c:\windows\system32\PnkBstrB.exe
2010-05-05 18:03:38 79984 ----a-w- c:\windows\system32\perfc001.dat
2010-05-05 18:03:38 693372 ----a-w- c:\windows\system32\perfh013.dat
2010-05-05 18:03:38 641878 ----a-w- c:\windows\system32\perfh00C.dat
2010-05-05 18:03:38 439034 ----a-w- c:\windows\system32\perfh001.dat
2010-05-05 18:03:38 133428 ----a-w- c:\windows\system32\perfc013.dat
2010-05-05 18:03:38 111542 ----a-w- c:\windows\system32\perfc00C.dat
2010-04-03 17:27:00 985704 ----a-w- c:\windows\system32\nvsvc.dll
2010-04-03 17:27:00 13683816 ----a-w- c:\windows\system32\nvcpl.dll
2010-04-03 17:27:00 129640 ----a-w- c:\windows\system32\nvvsvc.exe
2010-04-03 17:27:00 110696 ----a-w- c:\windows\system32\nvmctray.dll
2010-04-02 15:54:38 600680 ----a-w- c:\windows\system32\NVUNINST.EXE
2010-03-31 21:33:33 43068 ----a-w- c:\windows\system32\perfd013.dat
2010-03-31 21:33:33 43068 ----a-w- c:\windows\inf\perflib\0413\perfd.dat
2010-03-31 21:33:33 43068 ----a-w- c:\windows\inf\perflib\0413\perfc.dat
2010-03-31 21:33:33 341322 ----a-w- c:\windows\system32\perfi013.dat
2010-03-31 21:33:33 341322 ----a-w- c:\windows\inf\perflib\0413\perfi.dat
2010-03-31 21:33:33 341322 ----a-w- c:\windows\inf\perflib\0413\perfh.dat
2010-03-31 21:27:48 42056 ----a-w- c:\windows\system32\perfd001.dat
2010-03-31 21:27:48 42056 ----a-w- c:\windows\inf\perflib\0401\perfd.dat
2010-03-31 21:27:48 42056 ----a-w- c:\windows\inf\perflib\0401\perfc.dat
2010-03-31 21:27:48 38160 ----a-w- c:\windows\system32\perfd00C.dat
2010-03-31 21:27:48 38160 ----a-w- c:\windows\inf\perflib\040c\perfd.dat
2010-03-31 21:27:48 38160 ----a-w- c:\windows\inf\perflib\040c\perfc.dat
2010-03-31 21:27:48 344522 ----a-w- c:\windows\system32\perfi00C.dat
2010-03-31 21:27:48 344522 ----a-w- c:\windows\inf\perflib\040c\perfi.dat
2010-03-31 21:27:48 344522 ----a-w- c:\windows\inf\perflib\040c\perfh.dat
2010-03-31 21:27:48 289060 ----a-w- c:\windows\system32\perfi001.dat
2010-03-31 21:27:48 289060 ----a-w- c:\windows\inf\perflib\0401\perfi.dat
2010-03-31 21:27:48 289060 ----a-w- c:\windows\inf\perflib\0401\perfh.dat
2010-03-23 21:39:04 34429 ----a-w- c:\users\mohammed\appdata\roaming\SQLite3.dll
2010-02-26 12:32:52 662016 ----a-w- c:\windows\system32\nmwcdcocls.dll
2010-02-26 12:32:50 92672 ----a-w- c:\windows\system32\nmwcdcls.dll
2010-02-26 12:19:00 1461992 ----a-w- c:\windows\system32\wdfcoinstaller01009.dll
2010-02-24 09:16:06 181632 ------w- c:\windows\system32\MpSigStub.exe
2010-02-23 07:56:00 977920 ----a-w- c:\windows\system32\wininet.dll
2010-02-19 23:47:50 3604480 ----a-w- c:\windows\system32\GPhotos.scr
2010-02-19 21:20:25 75064 ----a-w- c:\windows\system32\PnkBstrA.exe
2010-02-19 00:37:14 22328 ----a-w- c:\users\mohammed\appdata\roaming\PnkBstrK.sys
2010-02-14 16:49:37 56 ---ha-w- c:\programdata\ezsidmv.dat
2009-07-14 04:56:42 31548 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2009-07-14 04:56:42 31548 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2009-07-14 04:56:42 291294 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2009-07-14 04:56:42 291294 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2009-07-14 04:41:57 174 --sha-w- c:\program files\desktop.ini
2009-07-14 00:34:40 291294 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2009-07-14 00:34:40 291294 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2009-07-14 00:34:38 31548 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2009-07-14 00:34:38 31548 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2009-06-10 21:26:35 9633792 --sha-r- c:\windows\fonts\StaticCache.dat
2009-12-03 18:46:59 245760 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\ietldcache\index.dat
2010-01-23 20:09:27 245760 --sha-w- c:\windows\system32\config\systemprofile\appdata\roaming\microsoft\windows\ietldcache\index.dat
2009-07-14 01:14:45 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe

============= FINISH: 21:22:48.80 ===============



Also in msconfig after scanning with Malware bytes and rebooting ... logan estudios dissappeard and HCKU came up already ticked instead which wasnt there before...

Can someone please help me out I really appreciate it smile.gif

Thank you

Edited by agentone, 05 May 2010 - 03:27 PM.


BC AdBot (Login to Remove)

 


#2 agentone

agentone
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:01:51 AM

Posted 07 May 2010 - 02:18 PM

sad.gif

nobody that can help me ??

#3 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:01:51 AM

Posted 07 May 2010 - 07:23 PM

Hi,

Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.
  • Please subscribe to this topic, if you haven't already. You can subscribe by clicking the Options box to the right of your topic title and selecting Track This Topic.

  • Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.

  • Please reply to this post so I know you are there.
The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.

Once I receive a reply then I will return with your first instructions.

Thanks thumbup2.gif
Posted Image
m0le is a proud member of UNITE

#4 agentone

agentone
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:01:51 AM

Posted 10 May 2010 - 02:59 PM

Oke thank you i will be waiting for your response

#5 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:01:51 AM

Posted 10 May 2010 - 03:05 PM

We should start by running Combofix, there are some not-nice items appearing on MBAM

Please download ComboFix from one of these locations:* IMPORTANT !!! Save ComboFix.exe to your Desktop making sure you rename it comfix.exe
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Comfix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:



Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
Posted Image
m0le is a proud member of UNITE

#6 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:01:51 AM

Posted 12 May 2010 - 07:15 PM

Hi,

I have not had a reply from you for 3 days. Can you please tell me if you still need help with your computer as I am unable to help other members with their problems while I have your topic still open. The time taken between posts can also change the situation with your PC making it more difficult to help you.

If you like you can PM me.

Thanks,


m0le
Posted Image
m0le is a proud member of UNITE

#7 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:01:51 AM

Posted 16 May 2010 - 06:45 PM

This topic has been closed.

If you're the topic starter, and need this topic reopened, please contact me via pm with the address of the thread.

Everyone else please begin a New Topic.
Posted Image
m0le is a proud member of UNITE




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users