Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Still infected with some spyware/malware. Help!


  • Please log in to reply
1 reply to this topic

#1 g3nX

g3nX

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:08:42 AM

Posted 25 October 2010 - 06:09 PM

Hello. After scanning this computer in safe mode with Nod32, Makwarebytes, SuperAntiSpyware, and TFC I got rid of around ~700 infections. But still I believe that there is something left because malwarebytes sometimes finds some folders infected. I scanned again with all those programs and non of them found anything. Can you please make sure that this computer is clean now?




DDS (Ver_10-10-21.02) - NTFS_AMD64
Run by UMID at 14:53:56.61 on 10/25/2010
Internet Explorer: 8.0.6001.18975
Microsoft Windows Vista Home Premium 6.0.6002.2.1252.1.1033.18.3962.2118 [GMT -7:00]

AV: Windows Live OneCare *On-access scanning disabled* (Outdated) {427ADFC3-B354-4A51-BE34-A9D4218E45C4}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
SP: Windows Live OneCare *disabled* (Outdated) {CC7E50BA-BA8C-4DDE-B5AC-EA53BC38D01B}
FW: Windows Live OneCare Firewall *disabled* {A3899D22-27E6-4A7E-AE4E-2C106646DAAB}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files (x86)\Microsoft Windows OneCare Live\OcHealthMon.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Sony\VAIO Update 5\VAIOUpdt.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\Microsoft Windows OneCare Live\winss.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\SysWOW64\DllHost.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\System32\mobsync.exe
C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe
C:\Program Files (x86)\Sony\VAIO Event Service\VESGfxMgr.exe
C:\Windows\system32\igfxext.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\SysWOW64\DllHost.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Sony\VAIO Power Management\SPMService.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
C:\Windows\system32\wuauclt.exe
C:\Users\UMID\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\UMID\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\UMID\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\UMID\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\UMID\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\SysWOW64\conime.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\SysWOW64\notepad.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\DllHost.exe
C:\Users\UMID\Downloads\dds.scr

============== Pseudo HJT Report ===============

uSearch Bar = Preserve
uStart Page = hxxp://www.GOOGLE.COM
mDefault_Search_URL = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
mSearch Page = hxxp://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com
uInternet Settings,ProxyOverride = *.local
mSearchAssistant =
mCustomizeSearch = hxxp://toolbar.inbox.com/help/sa_customize.aspx?tbid=80126
mURLSearchHooks: myBabylon English Toolbar: {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - C:\Program Files (x86)\myBabylon_English\tbmyBa.dll
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: PlaySushi: {21608b66-026f-4dcb-9244-0daca328dced} - C:\Program Files (x86)\PlaySushi\PSText.dll
BHO: MailRuBHO Class: {8984b388-a5bb-4df7-b274-77b879e179db} - c:\program files (x86)\mail.ru\sputnik\MailRuSputnik.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Babylon IE plugin: {9cfaccb6-2f3f-4177-94ea-0d2b72d384c1} - C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll
BHO: myBabylon English Toolbar: {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - C:\Program Files (x86)\myBabylon_English\tbmyBa.dll
BHO: Updater For My.Freeze.com Toolbar: {c26cd490-5f01-41e3-b150-eb29f19da056} - C:\Program Files (x86)\myfreezetoolbar\auxi\myfreezetoolbAu.dll
TB: @Mail.Ru: {09900de8-1dca-443f-9243-26ff581438af} - c:\program files (x86)\mail.ru\sputnik\MailRuSputnik.dll
TB: myBabylon English Toolbar: {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - C:\Program Files (x86)\myBabylon_English\tbmyBa.dll
TB: {A26503FE-B3B8-4910-A9DC-9CBD25C6B8D6} - No File
TB: {EEE6C35B-6118-11DC-9C72-001320C79847} - No File
TB: {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - No File
TB: {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - No File
uRun: [<NO NAME>]
uRun: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
uRun: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe
mRun: [<NO NAME>]
mRun: [MultiLex 6]
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {53F6FCCD-9E22-4d71-86EA-6E43136192AB}
IE: {7558B7E5-7B26-4201-BEDB-00D5FF534523} - C:\Program Files (x86)\Mail.Ru\Agent\magent.exe
IE: {925DAB62-F9AC-4221-806A-057BFB1014AA}
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - res://C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~2\OFFICE11\REFIEBAR.DLL
IE: {EBD24BD3-E272-4FA3-A8BA-C5D709757CAB} - {EBD24BD3-E272-4FA3-A8BA-C5D709757CAB} - C:\Program Files (x86)\PlaySushi\PSText.dll
DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} - hxxp://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework/microsoft/wrc32.ocx
DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.3.1.0.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Notify: VESWinlogon - VESWinlogon.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
TB-X64: {09900DE8-1DCA-443F-9243-26FF581438AF} - No File
TB-X64: {A26503FE-B3B8-4910-A9DC-9CBD25C6B8D6} - No File
TB-X64: {EEE6C35B-6118-11DC-9C72-001320C79847} - No File
TB-X64: {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - No File
TB-X64: {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - No File
TB-X64: {B2E293EE-FD7E-4C71-A714-5F4750D8D7B7} - No File
mRun-x64: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun-x64: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
mRun-x64: [IgfxTray] C:\Windows\system32\igfxtray.exe
mRun-x64: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
mRun-x64: [Persistence] C:\Windows\system32\igfxpers.exe
IE-X64: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

================= FIREFOX ===================

FF - ProfilePath - C:\Users\UMID\AppData\Roaming\Mozilla\Firefox\Profiles\lockjgm0.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.babylon.com/web/{searchTerms}?babsrc=browsersearch&ai=14055
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
FF - prefs.js: keyword.URL - hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=Z1xdm015YYUS&ptb=SUdwy_dMKbAgwjm500Wn.w&psa=&ind=2010071314&ptnrS=Z1xdm015YYUS&si=33473&st=kwd&n=77cf4112&searchfor=
FF - component: C:\Users\UMID\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\textlinks@gamevance.com\components\gvtlf.dll
FF - component: C:\Users\UMID\AppData\Roaming\Mozilla\Firefox\Profiles\lockjgm0.default\extensions\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}\components\FFExternalAlert.dll
FF - component: C:\Users\UMID\AppData\Roaming\Mozilla\Firefox\Profiles\lockjgm0.default\extensions\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}\components\RadioWMPCore.dll
FF - component: C:\Users\UMID\AppData\Roaming\Mozilla\Firefox\Profiles\lockjgm0.default\extensions\textlinks@playsushi.com\components\PlaySushiFF.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox 3.1 Beta 3\plugins\npclntax_HotbarSA.dll
FF - plugin: C:\Users\UMID\AppData\Local\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: C:\Users\UMID\AppData\Local\Yahoo!\BrowserPlus\2.8.1\Plugins\npybrowserplus_2.8.1.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: yahoo.ytff.general.dontshowhpoffer - trueC:\Program Files (x86)\Mozilla Firefox 3.1 Beta 3\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
C:\Program Files (x86)\Mozilla Firefox 3.1 Beta 3\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional
C:\Program Files (x86)\Mozilla Firefox 3.1 Beta 3\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified
C:\Program Files (x86)\Mozilla Firefox 3.1 Beta 3\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);
C:\Program Files (x86)\Mozilla Firefox 3.1 Beta 3\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
C:\Program Files (x86)\Mozilla Firefox 3.1 Beta 3\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);
C:\Program Files (x86)\Mozilla Firefox 3.1 Beta 3\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);
C:\Program Files (x86)\Mozilla Firefox 3.1 Beta 3\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);
C:\Program Files (x86)\Mozilla Firefox 3.1 Beta 3\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional
C:\Program Files (x86)\Mozilla Firefox 3.1 Beta 3\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified

============= SERVICES / DRIVERS ===============

R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2009-2-3 55024]
R1 ehdrv;ehdrv;C:\Windows\System32\drivers\ehdrv.sys [2010-7-29 141264]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2010-2-17 14920]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2010-2-17 12360]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2010-6-29 128752]
R2 eamonm;eamonm;C:\Windows\System32\drivers\eamonm.sys [2010-7-29 168544]
R2 ekrn;ESET Service;C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [2010-8-12 810144]
R2 epfwwfpr;epfwwfpr;C:\Windows\System32\drivers\epfwwfpr.sys [2010-7-29 126320]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2010-10-24 304464]
R2 OcHealthMon;Windows Live OneCare Health Monitor;C:\Program Files (x86)\Microsoft Windows OneCare Live\OcHealthMon.exe [2009-3-22 24936]
R2 VAIO Power Management;VAIO Power Management;C:\Program Files\Sony\VAIO Power Management\SPMService.exe [2010-10-25 411496]
R3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;C:\Windows\System32\drivers\ArcSoftKsUFilter.sys [2009-2-3 19968]
R3 CAXHWAZL;CAXHWAZL;C:\Windows\System32\drivers\CAXHWAZL.sys [2008-11-12 293376]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2010-10-24 24664]
R3 NETw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\System32\drivers\NETw5v64.sys [2009-5-28 5437952]
R3 SFEP;Sony Firmware Extension Parser;C:\Windows\System32\drivers\SFEP.sys [2008-11-12 11392]
R3 yukonx64;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\System32\drivers\yk60x64.sys [2008-11-12 393728]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\System32\drivers\btwl2cap.sys [2008-11-12 36392]
S3 nmwcdcjx64;Nokia USB Port;C:\Windows\System32\drivers\nmwcdcjx64.sys [2007-2-22 17408]
S3 nmwcdcmx64;Nokia USB Modem;C:\Windows\System32\drivers\nmwcdcmx64.sys [2007-2-22 17408]
S3 nmwcdcx64;Nokia USB Generic;C:\Windows\System32\drivers\nmwcdcx64.sys [2007-2-22 12288]
S3 nmwcdx64;Nokia USB Phone Parent;C:\Windows\System32\drivers\nmwcdx64.sys [2007-2-22 173056]
S3 PerfHost;Performance Counter DLL Host;C:\Windows\SysWOW64\perfhost.exe [2008-1-20 19968]
S3 Revoflt;Revoflt;C:\Windows\System32\drivers\revoflt.sys [2010-10-24 31800]
S3 skfiltv;skfiltv;C:\Windows\System32\drivers\skfiltv.sys [2009-3-26 28160]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2009-10-16 50176]
S3 VUAgent;VUAgent;C:\Program Files\Sony\VAIO Update 5\VUAgent.exe [2010-10-25 1250160]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-3-18 1020768]
S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2010-3-17 89920]
S4 Creative ALchemy AL1 Licensing Service;Creative ALchemy AL1 Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL1Licensing.exe [2009-3-26 79360]
S4 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2009-3-26 79360]
S4 Creative HOAL Licensing Service;Creative HOAL Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTHOALLicensing.exe [2009-3-26 79360]
S4 Creative Media Toolbox 6 Licensing Service;Creative Media Toolbox 6 Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\MT6Licensing.exe [2009-3-26 79360]
S4 SOHCImp;VAIO Media plus Content Importer;C:\Program Files (x86)\Sony\VAIO Media plus\SOHCImp.exe [2009-2-3 103712]
S4 SOHDms;VAIO Media plus Digital Media Server;C:\Program Files (x86)\Sony\VAIO Media plus\SOHDms.exe [2009-2-3 353568]
S4 SOHDs;VAIO Media plus Device Searcher;C:\Program Files (x86)\Sony\VAIO Media plus\SOHDs.exe [2009-2-3 62752]
S4 uCamMonitor;CamMonitor;C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [2009-2-3 104960]
S4 VCFw;VAIO Content Folder Watcher;C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [2008-9-3 446464]
S4 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2009-2-3 369952]
S4 VcmXmlIfHelper;VAIO Content Metadata XML Interface;C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe [2009-2-3 108832]

============== File Associations ===============

JSEFile=C:\Windows\SysWOW64\WScript.exe "%1" %*

=============== Created Last 30 ================

2010-10-25 20:14:04 -------- d-----w- C:\Program Files\Common Files\Intel
2010-10-25 20:14:03 -------- d-----w- C:\Program Files (x86)\Cisco
2010-10-25 18:52:37 -------- d-----w- C:\Update
2010-10-25 04:35:22 691 ----a-w- C:\Users\UMID\AppData\Roaming\GetValue.vbs
2010-10-25 04:35:22 35 ----a-w- C:\Users\UMID\AppData\Roaming\SetValue.bat
2010-10-25 04:35:22 1410 ----a-w- C:\Windows\SysWow64\tmp.reg
2010-10-25 04:06:33 -------- d-----w- C:\Users\UMID\AppData\Local\ESET
2010-10-25 03:10:40 -------- d-----w- C:\Users\UMID\AppData\Roaming\SUPERAntiSpyware.com
2010-10-25 03:10:40 -------- d-----w- C:\PROGRA~3\SUPERAntiSpyware.com
2010-10-25 03:10:22 -------- d-----w- C:\PROGRA~3\!SASCORE
2010-10-25 03:10:06 -------- d-----w- C:\Program Files\SUPERAntiSpyware
2010-10-25 02:43:23 -------- d-----w- C:\Program Files\ESET
2010-10-25 02:31:31 -------- d-----w- C:\Program Files (x86)\SystemRequirementsLab
2010-10-25 02:07:41 -------- d-----w- C:\Program Files (x86)\CCleaner
2010-10-25 01:57:44 -------- d-----w- C:\Program Files (x86)\Common Files\Windows Live
2010-10-25 01:56:01 -------- d-----w- C:\Users\UMID\AppData\Local\VS Revo Group
2010-10-25 01:55:34 31800 ----a-w- C:\Windows\System32\drivers\revoflt.sys
2010-10-25 01:55:31 -------- d-----w- C:\Program Files\VS Revo Group
2010-10-24 23:10:18 -------- d-----w- C:\Users\UMID\AppData\Roaming\Malwarebytes
2010-10-24 23:09:47 38224 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
2010-10-24 23:09:46 24664 ----a-w- C:\Windows\System32\drivers\mbam.sys
2010-10-24 23:09:46 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2010-10-24 23:09:46 -------- d-----w- C:\PROGRA~3\Malwarebytes
2010-10-24 23:05:33 -------- d-----w- C:\Users\UMID\AppData\Local\Microsoft Help
2010-10-24 23:00:09 92672 ----a-w- C:\Windows\SysWow64\UIAnimation.dll
2010-10-24 23:00:09 103424 ----a-w- C:\Windows\System32\UIAnimation.dll
2010-10-24 23:00:08 1164800 ----a-w- C:\Windows\SysWow64\UIRibbonRes.dll
2010-10-24 23:00:08 1164800 ----a-w- C:\Windows\System32\UIRibbonRes.dll
2010-10-24 23:00:07 3815424 ----a-w- C:\Windows\System32\UIRibbon.dll
2010-10-24 23:00:07 3023360 ----a-w- C:\Windows\SysWow64\UIRibbon.dll
2010-10-24 22:57:05 2048 ----a-w- C:\Windows\SysWow64\winrsmgr.dll
2010-10-24 22:57:05 2048 ----a-w- C:\Windows\System32\winrsmgr.dll
2010-10-24 22:57:02 13312 ----a-w- C:\Windows\System32\wsmplpxy.dll
2010-10-24 22:57:02 13312 ----a-w- C:\Windows\System32\winrssrv.dll
2010-10-24 22:47:22 471552 ----a-w- C:\Windows\SysWow64\secproc_isv.dll
2010-10-24 22:46:15 1927680 ----a-w- C:\Windows\System32\gameux.dll
2010-10-24 22:45:29 880640 ----a-w- C:\Windows\System32\timedate.cpl
2010-10-24 22:45:28 714240 ----a-w- C:\Windows\SysWow64\timedate.cpl
2010-10-24 22:45:27 2409784 ----a-w- C:\Program Files\Windows Mail\OESpamFilter.dat
2010-10-24 22:45:27 2409784 ----a-w- C:\Program Files (x86)\Windows Mail\OESpamFilter.dat
2010-10-24 22:45:27 13312 ----a-w- C:\Program Files\Internet Explorer\iecompat.dll
2010-10-24 22:45:27 13312 ----a-w- C:\Program Files (x86)\Internet Explorer\iecompat.dll
2010-10-24 22:32:10 -------- d-----w- C:\Windows\pss
2010-10-23 01:41:58 8006480 ----a-w- C:\PROGRA~3\Microsoft\Windows Defender\Definition Updates\{246E1C6E-398E-4F94-91E0-A236B207F2A3}\mpengine.dll
2010-10-16 02:29:33 -------- d-----w- C:\Users\UMID\AppData\Roaming\Uniblue
2010-10-16 02:29:07 -------- d-----w- C:\Program Files (x86)\Uniblue
2010-09-29 02:22:49 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2010-09-29 02:22:49 2048 ----a-w- C:\Windows\System32\tzres.dll

==================== Find3M ====================

2010-10-19 18:41:44 270720 ------w- C:\Windows\System32\MpSigStub.exe
2010-09-13 14:32:37 8147968 ----a-w- C:\Windows\System32\wmploc.DLL
2010-09-13 13:56:41 8147456 ----a-w- C:\Windows\SysWow64\wmploc.DLL
2010-09-08 06:41:05 1147904 ----a-w- C:\Windows\System32\wininet.dll
2010-09-08 06:36:53 56832 ----a-w- C:\Windows\System32\licmgr10.dll
2010-09-08 06:36:38 1538560 ----a-w- C:\Windows\System32\inetcpl.cpl
2010-09-08 06:36:24 132096 ----a-w- C:\Windows\System32\iesysprep.dll
2010-09-08 06:36:23 77312 ----a-w- C:\Windows\System32\iesetup.dll
2010-09-08 06:01:28 916480 ----a-w- C:\Windows\SysWow64\wininet.dll
2010-09-08 05:57:18 43520 ----a-w- C:\Windows\SysWow64\licmgr10.dll
2010-09-08 05:57:05 1469440 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2010-09-08 05:56:53 71680 ----a-w- C:\Windows\SysWow64\iesetup.dll
2010-09-08 05:56:53 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll
2010-09-08 05:36:07 479232 ----a-w- C:\Windows\System32\html.iec
2010-09-08 05:04:36 385024 ----a-w- C:\Windows\SysWow64\html.iec
2010-09-08 04:51:18 162816 ----a-w- C:\Windows\System32\ieUnatt.exe
2010-09-08 04:49:56 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
2010-09-08 04:26:46 133632 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2010-09-08 04:25:15 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2010-09-06 18:28:38 179712 ----a-w- C:\Windows\System32\srvsvc.dll
2010-09-06 18:28:38 12288 ----a-w- C:\Windows\System32\sscore.dll
2010-09-06 18:27:03 17920 ----a-w- C:\Windows\System32\netevent.dll
2010-09-06 16:20:29 9728 ----a-w- C:\Windows\SysWow64\sscore.dll
2010-09-06 16:19:06 17920 ----a-w- C:\Windows\SysWow64\netevent.dll
2010-09-06 15:34:14 451584 ----a-w- C:\Windows\System32\drivers\srv.sys
2010-09-06 15:33:51 175104 ----a-w- C:\Windows\System32\drivers\srv2.sys
2010-09-06 15:33:49 145920 ----a-w- C:\Windows\System32\drivers\srvnet.sys
2010-08-31 17:27:07 633856 ----a-w- C:\Windows\System32\comctl32.dll
2010-08-31 15:46:37 954752 ----a-w- C:\Windows\SysWow64\mfc40.dll
2010-08-31 15:46:37 954288 ----a-w- C:\Windows\SysWow64\mfc40u.dll
2010-08-31 15:44:31 531968 ----a-w- C:\Windows\SysWow64\comctl32.dll
2010-08-31 14:57:39 2753024 ----a-w- C:\Windows\System32\win32k.sys
2010-08-26 17:46:52 189952 ----a-w- C:\Windows\System32\t2embed.dll
2010-08-26 16:37:45 157184 ----a-w- C:\Windows\SysWow64\t2embed.dll
2010-08-25 19:45:04 161304 ----a-w- C:\Windows\System32\igfxtray.exe
2010-08-25 19:45:00 508952 ----a-w- C:\Windows\System32\SET3E8B.tmp
2010-08-25 19:45:00 508952 ----a-w- C:\Windows\System32\igfxsrvc.exe
2010-08-25 19:45:00 415256 ----a-w- C:\Windows\System32\SET489F.tmp
2010-08-25 19:45:00 415256 ----a-w- C:\Windows\System32\igfxpers.exe
2010-08-25 19:44:56 223768 ----a-w- C:\Windows\System32\igfxext.exe
2010-08-25 19:44:54 386584 ----a-w- C:\Windows\System32\SET44E0.tmp
2010-08-25 19:44:54 386584 ----a-w- C:\Windows\System32\hkcmd.exe
2010-08-25 19:44:52 3156504 ----a-w- C:\Windows\System32\GfxUI.exe
2010-08-25 19:44:48 152600 ----a-w- C:\Windows\System32\difx64.exe
2010-08-25 19:40:48 90112 ----a-w- C:\Windows\System32\igfxCoIn_v2202.dll
2010-08-25 19:36:04 10611552 ----a-w- C:\Windows\System32\drivers\igdkmd64.sys
2010-08-25 19:36:02 6547968 ----a-w- C:\Windows\System32\igdumd64.dll
2010-08-25 19:34:30 982240 ----a-w- C:\Windows\SysWow64\igkrng500.bin
2010-08-25 19:34:30 982240 ----a-w- C:\Windows\System32\igkrng500.bin
2010-08-25 19:34:30 92356 ----a-w- C:\Windows\SysWow64\igfcg500m.bin
2010-08-25 19:34:30 92356 ----a-w- C:\Windows\System32\igfcg500m.bin
2010-08-25 19:34:30 439308 ----a-w- C:\Windows\SysWow64\igcompkrng500.bin
2010-08-25 19:34:30 439308 ----a-w- C:\Windows\System32\igcompkrng500.bin
2010-08-25 19:31:30 4967424 ----a-w- C:\Windows\SysWow64\igdumd32.dll
2010-08-25 19:28:22 571904 ----a-w- C:\Windows\SysWow64\igdumdx32.dll
2010-08-25 19:26:32 4720128 ----a-w- C:\Windows\System32\igd10umd64.dll
2010-08-25 19:23:14 4411904 ----a-w- C:\Windows\SysWow64\igd10umd32.dll
2010-08-25 19:17:38 15032832 ----a-w- C:\Windows\System32\ig4icd64.dll
2010-08-25 19:09:34 11040256 ----a-w- C:\Windows\SysWow64\ig4icd32.dll
2010-08-25 19:04:48 380416 ----a-w- C:\Windows\System32\igfxTMM.dll
2010-08-25 19:04:48 243200 ----a-w- C:\Windows\System32\igfxpph.dll
2010-08-25 19:04:40 27648 ----a-w- C:\Windows\System32\igfxexps.dll
2010-08-25 19:04:28 61952 ----a-w- C:\Windows\System32\igfxsrvc.dll
2010-08-25 19:04:00 108032 ----a-w- C:\Windows\System32\hccutils.dll
2010-08-25 19:03:50 4096 ----a-w- C:\Windows\System32\IGFXDEVLib.dll
2010-08-25 19:03:50 271360 ----a-w- C:\Windows\System32\igfxdev.dll
2010-08-25 19:03:50 119808 ----a-w- C:\Windows\System32\gfxSrvc.dll
2010-08-25 19:03:24 87552 ----a-w- C:\Windows\System32\SET5427.tmp
2010-08-25 19:03:24 87552 ----a-w- C:\Windows\System32\igfxrenu.lrc
2010-08-25 19:03:18 830464 ----a-w- C:\Windows\System32\igfxress.dll
2010-08-25 19:03:18 142336 ----a-w- C:\Windows\System32\igfxdo.dll
2010-08-25 19:00:00 23552 ----a-w- C:\Windows\SysWow64\igfxexps32.dll
2010-08-25 18:59:06 228864 ----a-w- C:\Windows\SysWow64\igfxdv32.dll
2010-08-25 18:52:00 208896 ----a-w- C:\Windows\SysWow64\iglhsip32.dll
2010-08-25 18:52:00 205824 ----a-w- C:\Windows\System32\iglhsip64.dll
2010-08-25 18:52:00 187392 ----a-w- C:\Windows\System32\iglhcp64.dll
2010-08-25 18:52:00 143360 ----a-w- C:\Windows\SysWow64\iglhcp32.dll
2010-08-20 16:57:50 1090048 ----a-w- C:\Windows\System32\wmpmde.dll
2010-08-20 16:05:07 867328 ----a-w- C:\Windows\SysWow64\wmpmde.dll
2010-08-17 14:54:20 273920 ----a-w- C:\Windows\System32\spoolsv.exe
2010-08-10 16:14:20 343040 ----a-w- C:\Windows\System32\schannel.dll
2010-08-10 15:53:15 274944 ----a-w- C:\Windows\SysWow64\schannel.dll
2010-07-29 20:31:26 168544 ----a-w- C:\Windows\System32\drivers\eamonm.sys
2010-07-29 20:31:26 141264 ----a-w- C:\Windows\System32\drivers\ehdrv.sys
2010-07-29 20:31:26 126320 ----a-w- C:\Windows\System32\drivers\epfwwfpr.sys

============= FINISH: 14:54:39.03 ===============

Just scanned again, but only SuperAntiSpyware found this. Here is the log:



SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 10/25/2010 at 05:09 PM

Application Version : 4.44.1000

Core Rules Database Version : 5745
Trace Rules Database Version: 3557

Scan type : Quick Scan
Total Scan Time : 00:52:40

Memory items scanned : 539
Memory threats detected : 0
Registry items scanned : 2721
Registry threats detected : 0
File items scanned : 16848
File threats detected : 19

Adware.Tracking Cookie
C:\Users\UMID\AppData\Roaming\Microsoft\Windows\Cookies\umid@ad.yieldmanager[1].txt
C:\Users\UMID\AppData\Roaming\Microsoft\Windows\Cookies\umid@2o7[2].txt
C:\Users\UMID\AppData\Roaming\Microsoft\Windows\Cookies\umid@sonyelectronicssupportus.112.2o7[3].txt
C:\Users\UMID\AppData\Roaming\Microsoft\Windows\Cookies\umid@doubleclick[1].txt
C:\Users\UMID\AppData\Roaming\Microsoft\Windows\Cookies\umid@invitemedia[3].txt
.collective-media.net [ C:\Users\UMID\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.collective-media.net [ C:\Users\UMID\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.collective-media.net [ C:\Users\UMID\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.collective-media.net [ C:\Users\UMID\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.doubleclick.net [ C:\Users\UMID\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.doubleclick.net [ C:\Users\UMID\AppData\Roaming\Mozilla\Firefox\Profiles\lockjgm0.default\cookies.sqlite ]
.sonyelectronicssupportus.112.2o7.net [ C:\Users\UMID\AppData\Roaming\Mozilla\Firefox\Profiles\lockjgm0.default\cookies.sqlite ]
.invitemedia.com [ C:\Users\UMID\AppData\Roaming\Mozilla\Firefox\Profiles\lockjgm0.default\cookies.sqlite ]
.invitemedia.com [ C:\Users\UMID\AppData\Roaming\Mozilla\Firefox\Profiles\lockjgm0.default\cookies.sqlite ]
.invitemedia.com [ C:\Users\UMID\AppData\Roaming\Mozilla\Firefox\Profiles\lockjgm0.default\cookies.sqlite ]
ad.yieldmanager.com [ C:\Users\UMID\AppData\Roaming\Mozilla\Firefox\Profiles\lockjgm0.default\cookies.sqlite ]
ad.yieldmanager.com [ C:\Users\UMID\AppData\Roaming\Mozilla\Firefox\Profiles\lockjgm0.default\cookies.sqlite ]
counter.surfcounters.com [ C:\Users\UMID\AppData\Roaming\Mozilla\Firefox\Profiles\lockjgm0.default\cookies.sqlite ]

Trojan.Agent/Gen
C:\USERS\UMID\DESKTOP\GMER.EXE




Disregard GMER.EXE




Just got a pop up from malwarebytes saying "a malicious process attempting to start and has blocked the execution attempt." C:\PROGRAM FILES (X86)\CUSTOMIZED PLATFORM ADVANCER\4.1.0.1960\LRI.DLL
Weird thing is that CUSTOMIZED PLATFOR ADVANCER folder does not exist in program files (x86).....
EDIT: Posts merged ~BP

again got a pop up from malwarebytes saying the same thing :angry:

EDIT: Posts merged ~BP

Attached Files


Edited by Budapest, 26 October 2010 - 03:55 PM.


BC AdBot (Login to Remove)

 


#2 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:08:42 AM

Posted 03 November 2010 - 06:19 PM

Hello g3nX

Welcome to BleepingComputer :)
==========================
  • Download OTL to your desktop.
  • Double click on OTL to run it.
  • Under the custom scans and fixes area paste in the following.

    C:\PROGRAM FILES (X86)\CUSTOMIZED PLATFORM ADVANCER\4.1.0.1960\*.*
    /md5start
    explorer.exe
    winlogon.exe
    /md5stop

  • Check the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.
====================
Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users