Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Wierd incoming/outgoing connections - asked for password


  • This topic is locked This topic is locked
2 replies to this topic

#1 vexedpsyc

vexedpsyc

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:11:48 PM

Posted 19 December 2010 - 01:03 PM

Dear BleepingComputer,

Thank you for taking your time to help me with these issues I am having with a new installation of Windows 7 Ultimate x64.
I installed approx 2 1/2 days ago on a formated drive. Everything was operating fine untill lastnight. WHen I noticed
firefox and ie alike were asking me to login to google-analytics and every stat based server for any website. Anything
that seems to collect data, I was asked to login to. WIth the normal popup windows asking for login/pass to a secure area.
I have also noticed by runing netstat a few times that I have a http server running on my computer i belive it goes by
"nginx" or something very similar. Aslo a lite SQL server seems to run randomly. Not sure where that came from. And tons of
errors within my event logs. :( Any and all help that you could give would be much appriciated. Once again thank you
for your time. I will post the logs as asked.

PS. gmer.exe ran but without any of the system, section, IAT/EAT, Devices, Modules, Proccesses, Threads, or Libraries checked.
they are greyed out. Reguardless of ran as an administrator or reg user. Thanks.


DDS (Ver_10-12-12.02) - NTFS_AMD64
Run by Vexed at 11:13:00.50 on Sun 12/19/2010
Internet Explorer: 8.0.7600.16385
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.3070.1862 [GMT -6:00]

AV: ESET NOD32 Antivirus 4.2 *Enabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
SP: ESET NOD32 Antivirus 4.2 *Enabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\STacSV64.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray64.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\Everything\Everything.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\taskmgr.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Users\Vexed\Desktop\dds.scr
C:\Windows\system32\conhost.exe

============== Pseudo HJT Report ===============

BHO: ContributeBHO Class: {074c1dc5-9320-4a9a-947d-c042949c6216} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
TB: Contribute Toolbar: {517bdde4-e3a7-4570-b21e-2b52b6139fc7} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll
uRun: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe"
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRun: [Everything] "C:\Program Files (x86)\Everything\Everything.exe" -startup
mRun: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.3.16.0.cab
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
mRun-x64: [SigmatelSysTrayApp] C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray64.exe
mRun-x64: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL

================= FIREFOX ===================

FF - ProfilePath - C:\Users\Vexed\AppData\Roaming\Mozilla\Firefox\Profiles\g08j3160.default\
FF - component: C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}\components\Contribute.dll
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Adobe Contribute Toolbar: {01A8CA0A-4C96-465b-A49B-65C46FAD54F9} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}
FF - Ext: Flagfox: {1018e4d6-728f-4b20-ad56-37578a4de76b} - %profile%\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}
FF - Ext: TinEye Reverse Image Search: tineye@ideeinc.com - %profile%\extensions\tineye@ideeinc.com
FF - Ext: Pixlr Grabber: {d47a9f51-8281-43fa-f450-f28ef8735e9a} - %profile%\extensions\{d47a9f51-8281-43fa-f450-f28ef8735e9a}
FF - Ext: StumbleUpon: {AE93811A-5C9A-4d34-8462-F7B864FC4696} - %profile%\extensions\{AE93811A-5C9A-4d34-8462-F7B864FC4696}
FF - Ext: FreePriceAlerts.com: extension@freepricealerts.com - %profile%\extensions\extension@freepricealerts.com

============= SERVICES / DRIVERS ===============

R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2010-12-15 55280]
R2 eamonm;eamonm;C:\Windows\System32\drivers\eamonm.sys [2010-9-3 170104]
R2 ekrn;ESET Service;C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [2010-11-4 810144]
R2 epfwwfpr;epfwwfpr;C:\Windows\System32\drivers\epfwwfpr.sys [2010-7-29 126320]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2010-12-18 363344]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2010-12-18 24152]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 cpudrv64;cpudrv64;C:\Program Files (x86)\SystemRequirementsLab\cpudrv64.sys [2009-12-18 17864]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2010-3-25 30969208]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-12-18 1255736]

=============== Created Last 30 ================

2010-12-19 16:54:21 -------- d-sh--w- C:\$RECYCLE.BIN
2010-12-19 16:35:28 -------- d-----w- C:\Users\Vexed\AppData\Local\ESET
2010-12-19 16:34:36 -------- d-----w- C:\ComboFix
2010-12-19 05:13:56 -------- d-----w- C:\Program Files (x86)\SuperScan
2010-12-19 04:23:40 -------- d-----w- C:\Users\Vexed\AppData\Local\ElevatedDiagnostics
2010-12-19 02:43:48 98816 ----a-w- C:\Windows\sed.exe
2010-12-19 02:43:48 89088 ----a-w- C:\Windows\MBR.exe
2010-12-19 02:43:48 256512 ----a-w- C:\Windows\PEV.exe
2010-12-19 02:43:48 161792 ----a-w- C:\Windows\SWREG.exe
2010-12-19 00:28:17 521448 ----a-w- C:\Windows\System32\deployJava1.dll
2010-12-18 23:51:18 -------- d-----w- C:\Users\Vexed\AppData\Roaming\Malwarebytes
2010-12-18 23:50:55 38224 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
2010-12-18 23:50:54 -------- d-----w- C:\PROGRA~3\Malwarebytes
2010-12-18 23:50:51 24152 ----a-w- C:\Windows\System32\drivers\mbam.sys
2010-12-18 23:50:50 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2010-12-18 19:26:40 -------- d-----w- C:\Program Files\Defraggler
2010-12-18 18:43:02 -------- d-----w- C:\Program Files (x86)\Aiprosoft
2010-12-18 18:25:52 14336 ----a-w- C:\Windows\System32\drivers\sffp_sd.sys
2010-12-18 16:45:19 -------- d-----w- C:\Program Files\CCleaner
2010-12-18 15:50:52 1603584 ----a-w- C:\Windows\System32\stlang64.dll
2010-12-18 15:50:52 112128 ----a-w- C:\Windows\System32\stacsv64.exe
2010-12-18 15:47:20 -------- d-----w- C:\Program Files (x86)\Realtek
2010-12-18 15:47:17 1247776 ----a-w- C:\Windows\RtlExUpd.dll
2010-12-18 15:47:17 -------- d--h--w- C:\Program Files (x86)\Temp
2010-12-18 15:47:14 757760 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iKernel.dll
2010-12-18 15:47:14 69715 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\ctor.dll
2010-12-18 15:47:14 65024 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\ISBEW64.exe
2010-12-18 15:47:14 5632 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\DotNetInstaller.exe
2010-12-18 15:47:14 274432 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iscript.dll
2010-12-18 15:47:14 204800 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iuser.dll
2010-12-18 15:47:11 331908 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\setup.dll
2010-12-18 15:47:11 200836 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iGdi.dll
2010-12-18 15:40:00 388096 ----a-w- C:\Windows\System32\drivers\stwrt64.sys
2010-12-18 15:40:00 344576 ----a-w- C:\Windows\System32\stcplx64.dll
2010-12-18 15:39:59 646656 ----a-w- C:\Windows\System32\stapo64.dll
2010-12-18 15:39:59 600064 ----a-w- C:\Windows\System32\ctapo64.dll
2010-12-18 15:39:59 45568 ----a-w- C:\Windows\System32\ctppld.dll
2010-12-18 15:39:59 295424 ----a-w- C:\Windows\System32\stapi64.dll
2010-12-18 15:39:59 -------- d-----w- C:\Program Files (x86)\SigmaTel
2010-12-18 15:34:30 311808 ----a-w- C:\Windows\System32\msv1_0.dll
2010-12-18 15:34:30 257024 ----a-w- C:\Windows\SysWow64\msv1_0.dll
2010-12-18 15:19:13 -------- d-----w- C:\Windows\SysWow64\Wat
2010-12-18 15:19:13 -------- d-----w- C:\Windows\System32\Wat
2010-12-18 15:11:48 -------- d-----w- C:\Program Files\SigmaTel
2010-12-18 15:11:12 99176 ----a-w- C:\Windows\SysWow64\PresentationHostProxy.dll
2010-12-18 15:11:12 49472 ----a-w- C:\Windows\SysWow64\netfxperf.dll
2010-12-18 15:11:12 48960 ----a-w- C:\Windows\System32\netfxperf.dll
2010-12-18 15:11:12 444752 ----a-w- C:\Windows\System32\mscoree.dll
2010-12-18 15:11:12 320352 ----a-w- C:\Windows\System32\PresentationHost.exe
2010-12-18 15:11:12 297808 ----a-w- C:\Windows\SysWow64\mscoree.dll
2010-12-18 15:11:12 295264 ----a-w- C:\Windows\SysWow64\PresentationHost.exe
2010-12-18 15:11:12 1942856 ----a-w- C:\Windows\System32\dfshim.dll
2010-12-18 15:11:12 1130824 ----a-w- C:\Windows\SysWow64\dfshim.dll
2010-12-18 15:11:12 109912 ----a-w- C:\Windows\System32\PresentationHostProxy.dll
2010-12-18 15:08:07 1052672 ----a-w- C:\Windows\SysWow64\stlang.dll
2010-12-18 15:01:02 -------- d-----w- C:\PROGRA~3\NVIDIA Corporation
2010-12-18 15:00:45 -------- d-----w- C:\Program Files\NVIDIA Corporation
2010-12-18 14:47:29 53248 ----a-w- C:\Windows\SysWow64\CSVer.dll
2010-12-18 14:47:08 -------- d-----w- C:\Intel
2010-12-18 14:45:43 -------- d-----w- C:\Program Files (x86)\SystemRequirementsLab
2010-12-18 14:25:55 -------- d-----w- C:\Program Files (x86)\Microsoft ASP.NET
2010-12-18 14:22:46 -------- d-----w- C:\Program Files (x86)\Altiris
2010-12-18 02:02:11 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2010-12-18 02:02:08 2048 ----a-w- C:\Windows\System32\tzres.dll
2010-12-18 01:33:07 -------- d-----w- C:\Windows\fr-FR
2010-12-18 01:33:05 -------- d-----w- C:\Windows\SysWow64\fr
2010-12-18 01:33:05 -------- d-----w- C:\Windows\SysWow64\drivers\UMDF\fr-FR
2010-12-18 01:33:05 -------- d-----w- C:\Windows\SysWow64\drivers\fr-FR
2010-12-18 01:33:05 -------- d-----w- C:\Windows\SysWow64\drivers\ar-SA
2010-12-18 01:33:05 -------- d-----w- C:\Windows\SysWow64\ar
2010-12-18 01:33:05 -------- d-----w- C:\Windows\SysWow64\040C
2010-12-18 01:31:58 -------- d-----w- C:\Windows\System32\drivers\sr-Latn-CS
2010-12-18 01:31:57 -------- d-----w- C:\Windows\System32\wbem\sr-Latn-CS
2010-12-18 01:31:49 -------- d-----w- C:\Windows\SysWow64\wbem\sk-SK
2010-12-18 01:31:49 -------- d-----w- C:\Windows\SysWow64\drivers\sk-SK
2010-12-18 01:31:49 -------- d-----w- C:\Windows\sk-SK
2010-12-18 01:31:46 -------- d-----w- C:\Windows\System32\drivers\sk-SK
2010-12-18 01:31:45 -------- d-----w- C:\Windows\System32\wbem\sk-SK
2010-12-18 01:10:38 -------- d-----w- C:\Users\Vexed\AppData\Local\sec4app.com
2010-12-18 01:03:42 8199504 ----a-w- C:\PROGRA~3\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2010-12-18 01:03:38 8199504 ----a-w- C:\PROGRA~3\Microsoft\Windows Defender\Definition Updates\{71331F51-4FBD-43CF-9B4D-26D860372FF5}\mpengine.dll
2010-12-18 01:03:36 270720 ------w- C:\Windows\System32\MpSigStub.exe
2010-12-18 00:42:56 5120 ----a-w- C:\Windows\System32\drivers\fr-FR\rdbss.sys.mui
2010-12-18 00:21:52 6144 ----a-w- C:\Windows\System32\drivers\UMDF\ar-SA\WUDFUsbccidDriver.dll.mui
2010-12-18 00:20:59 5120 ----a-w- C:\Windows\System32\drivers\ar-SA\IPMIDrv.sys.mui
2010-12-18 00:08:32 -------- d-----w- C:\Users\Vexed\AppData\Roaming\FlashFXP
2010-12-18 00:03:59 2560 ----a-w- C:\Windows\System32\drivers\hu-HU\mountmgr.sys.mui
2010-12-17 23:51:16 3584 ----a-w- C:\Windows\System32\drivers\sr-Latn-CS\portcls.sys.mui
2010-12-17 23:51:16 2560 ----a-w- C:\Windows\System32\drivers\sr-Latn-CS\serscan.sys.mui
2010-12-17 23:51:11 3072 ----a-w- C:\Windows\System32\drivers\sr-Latn-CS\ataport.sys.mui
2010-12-17 23:51:11 2048 ----a-w- C:\Windows\System32\drivers\sr-Latn-CS\amdide.sys.mui
2010-12-17 23:51:08 47104 ----a-w- C:\Windows\System32\drivers\sr-Latn-CS\tcpip.sys.mui
2010-12-17 23:51:06 2560 ----a-w- C:\Windows\System32\drivers\sr-Latn-CS\scfilter.sys.mui
2010-12-17 23:50:39 7680 ----a-w- C:\Windows\System32\drivers\sr-Latn-CS\bthport.sys.mui
2010-12-17 23:50:39 3072 ----a-w- C:\Windows\System32\drivers\sr-Latn-CS\hidbth.sys.mui
2010-12-17 23:50:39 2560 ----a-w- C:\Windows\System32\drivers\sr-Latn-CS\BTHUSB.SYS.mui
2010-12-17 23:50:39 2048 ----a-w- C:\Windows\System32\drivers\sr-Latn-CS\bthenum.sys.mui
2010-12-17 23:43:26 3584 ----a-w- C:\Windows\System32\drivers\sk-SK\portcls.sys.mui
2010-12-17 23:43:25 2560 ----a-w- C:\Windows\System32\drivers\sk-SK\serscan.sys.mui
2010-12-17 23:43:21 3072 ----a-w- C:\Windows\System32\drivers\sk-SK\ataport.sys.mui
2010-12-17 23:43:21 2048 ----a-w- C:\Windows\System32\drivers\sk-SK\amdide.sys.mui
2010-12-17 23:43:18 47616 ----a-w- C:\Windows\System32\drivers\sk-SK\tcpip.sys.mui
2010-12-17 23:43:17 2560 ----a-w- C:\Windows\System32\drivers\sk-SK\scfilter.sys.mui
2010-12-17 23:42:44 3072 ----a-w- C:\Windows\System32\drivers\sk-SK\hidbth.sys.mui
2010-12-17 23:42:43 7680 ----a-w- C:\Windows\System32\drivers\sk-SK\bthport.sys.mui
2010-12-17 23:42:43 2560 ----a-w- C:\Windows\System32\drivers\sk-SK\BTHUSB.SYS.mui
2010-12-17 23:42:43 2048 ----a-w- C:\Windows\System32\drivers\sk-SK\bthenum.sys.mui
2010-12-17 23:40:52 243712 ----a-w- C:\Windows\System32\drivers\ks.sys
2010-12-17 23:38:55 -------- d-----w- C:\Windows\SysWow64\wbem\th-TH
2010-12-17 23:38:55 -------- d-----w- C:\Windows\SysWow64\drivers\th-TH
2010-12-17 23:38:51 -------- d-----w- C:\Windows\System32\drivers\th-TH
2010-12-17 23:38:50 -------- d-----w- C:\Windows\System32\wbem\th-TH
2010-12-17 23:38:45 -------- d-----w- C:\Windows\System32\appmgmt
2010-12-17 23:38:44 -------- d-----w- C:\Windows\th-TH
2010-12-17 23:31:42 3584 ----a-w- C:\Windows\System32\drivers\th-TH\portcls.sys.mui
2010-12-17 23:31:42 2560 ----a-w- C:\Windows\System32\drivers\th-TH\serscan.sys.mui
2010-12-17 23:31:37 3072 ----a-w- C:\Windows\System32\drivers\th-TH\ataport.sys.mui
2010-12-17 23:31:37 2048 ----a-w- C:\Windows\System32\drivers\th-TH\amdide.sys.mui
2010-12-17 23:31:34 46592 ----a-w- C:\Windows\System32\drivers\th-TH\tcpip.sys.mui
2010-12-17 23:31:32 2560 ----a-w- C:\Windows\System32\drivers\th-TH\scfilter.sys.mui
2010-12-17 23:31:01 3072 ----a-w- C:\Windows\System32\drivers\th-TH\hidbth.sys.mui
2010-12-17 23:31:00 7168 ----a-w- C:\Windows\System32\drivers\th-TH\bthport.sys.mui
2010-12-17 23:31:00 2560 ----a-w- C:\Windows\System32\drivers\th-TH\BTHUSB.SYS.mui
2010-12-17 23:31:00 2048 ----a-w- C:\Windows\System32\drivers\th-TH\bthenum.sys.mui
2010-12-17 23:26:55 -------- d-----w- C:\Windows\fi-FI
2010-12-17 23:26:46 -------- d-----w- C:\Windows\SysWow64\XPSViewer
2010-12-17 23:26:46 -------- d-----w- C:\Windows\SysWow64\fi
2010-12-17 23:26:46 -------- d-----w- C:\Windows\SysWow64\drivers\fi-FI
2010-12-17 23:26:45 -------- d-----w- C:\Windows\SysWow64\wbem\fi-FI
2010-12-17 23:26:27 -------- d-----w- C:\Windows\System32\fi
2010-12-17 23:26:27 -------- d-----w- C:\Windows\System32\drivers\UMDF\fi-FI
2010-12-17 23:26:27 -------- d-----w- C:\Windows\System32\drivers\fi-FI
2010-12-17 23:26:23 -------- d-----w- C:\Windows\System32\wbem\fi-FI
2010-12-17 23:13:57 2560 ----a-w- C:\Windows\System32\drivers\fi-FI\pnpmem.sys.mui
2010-12-17 23:01:18 -------- d-----w- C:\Users\Vexed\Excluded
2010-12-17 22:57:51 -------- d-----w- C:\Users\Vexed\Everything Databases
2010-12-17 22:57:19 -------- d-----w- C:\Program Files (x86)\Everything
2010-12-17 22:41:07 -------- d-----w- C:\PROGRA~3\FlashFXP
2010-12-17 22:41:04 -------- d-----w- C:\Program Files (x86)\FlashFXP 4
2010-12-17 02:41:38 -------- d-----w- C:\Users\Vexed\AppData\Roaming\EditPlus 3
2010-12-17 02:41:38 -------- d-----w- C:\Program Files (x86)\EditPlus 3
2010-12-17 02:34:38 -------- d-----w- C:\Program Files (x86)\Growler Guncam
2010-12-17 02:33:35 -------- d-----w- C:\Program Files (x86)\Common Files\GC Install
2010-12-17 02:33:29 -------- d-----w- C:\Program Files (x86)\XviD
2010-12-17 01:16:57 -------- d-----w- C:\Program Files (x86)\Microsoft Synchronization Services
2010-12-17 01:16:22 -------- d-----w- C:\Windows\PCHEALTH
2010-12-17 01:16:22 -------- d-----w- C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2010-12-17 01:13:24 -------- d-----w- C:\Program Files (x86)\Microsoft Visual Studio 8
2010-12-17 01:12:31 -------- d-----w- C:\Program Files (x86)\Microsoft Analysis Services
2010-12-17 01:12:04 -------- d-----w- C:\Users\Vexed\AppData\Local\Microsoft Help
2010-12-17 00:31:57 -------- d-----w- C:\Program Files (x86)\DAMN NFO Viewer
2010-12-16 23:19:12 -------- d-----w- C:\Program Files (x86)\uTorrent
2010-12-16 23:18:37 -------- d-----w- C:\Users\Vexed\AppData\Roaming\uTorrent
2010-12-16 17:58:11 84992 ----a-w- C:\Windows\System32\asycfilt.dll
2010-12-16 17:58:11 67584 ----a-w- C:\Windows\SysWow64\asycfilt.dll
2010-12-16 17:55:54 558592 ----a-w- C:\Windows\System32\spoolsv.exe
2010-12-16 14:36:32 220672 ----a-w- C:\Windows\System32\wintrust.dll
2010-12-16 14:36:32 172032 ----a-w- C:\Windows\SysWow64\wintrust.dll
2010-12-16 14:36:31 139264 ----a-w- C:\Windows\System32\cabview.dll
2010-12-16 14:36:31 132608 ----a-w- C:\Windows\SysWow64\cabview.dll
2010-12-16 05:01:22 -------- d-----w- C:\Dell
2010-12-16 02:49:32 -------- d-----w- C:\Users\Vexed\AppData\Local\Mozilla
2010-12-16 01:11:10 -------- d-----w- C:\Program Files\ESET
2010-12-16 00:25:24 -------- d-----w- C:\Program Files\Ventrilo
2010-12-16 00:24:36 -------- d-----w- C:\Program Files (x86)\Common Files\Wise Installation Wizard
2010-12-16 00:10:24 -------- d-----w- C:\Users\Vexed\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
2010-12-16 00:08:36 -------- d-----w- C:\Perfect World Entertainment
2010-12-16 00:06:15 -------- d-----w- C:\PROGRA~3\regid.1986-12.com.adobe
2010-12-16 00:04:43 258352 ----a-w- C:\Windows\SysWow64\unicows.dll
2010-12-15 22:45:43 -------- d-----w- C:\Windows\Panther
2010-12-15 22:45:28 -------- d-----w- C:\Boot
2010-12-15 21:37:44 -------- d-----w- C:\PROGRA~3\ALM
2010-12-15 21:33:29 -------- d-----w- C:\Users\Vexed\Adobe Flash Builder 4
2010-12-15 21:26:46 55280 ------w- C:\Windows\System32\drivers\PxHlpa64.sys
2010-12-15 21:26:46 10224 ------w- C:\Windows\System32\drivers\cdralw2k.sys
2010-12-15 21:26:46 10224 ------w- C:\Windows\System32\drivers\cdr4_xp.sys
2010-12-15 21:26:46 -------- d-----w- C:\Program Files (x86)\My Company Name
2010-12-15 21:26:46 -------- d-----w- C:\Program Files (x86)\Common Files\Sonic Shared
2010-12-15 21:26:46 -------- d-----w- C:\Program Files (x86)\Common Files\PX Storage Engine
2010-12-15 21:20:17 -------- d-sh--w- C:\Windows\Installer
2010-12-15 21:17:50 -------- d-----w- C:\Users\Vexed\AppData\Local\Adobe
2010-12-15 21:13:53 -------- d-----w- C:\Recovery

==================== Find3M ====================

2010-11-04 06:35:53 1194496 ----a-w- C:\Windows\System32\wininet.dll
2010-11-04 06:31:34 57856 ----a-w- C:\Windows\System32\licmgr10.dll
2010-11-04 05:52:17 978944 ----a-w- C:\Windows\SysWow64\wininet.dll
2010-11-04 05:48:36 44544 ----a-w- C:\Windows\SysWow64\licmgr10.dll
2010-11-04 05:16:14 482816 ----a-w- C:\Windows\System32\html.iec
2010-11-04 04:41:26 386048 ----a-w- C:\Windows\SysWow64\html.iec
2010-11-04 04:35:37 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
2010-11-04 04:08:54 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2010-11-02 05:18:17 524288 ----a-w- C:\Windows\System32\wmicmiplugin.dll
2010-11-02 05:17:38 473600 ----a-w- C:\Windows\System32\taskcomp.dll
2010-11-02 05:17:38 1169408 ----a-w- C:\Windows\System32\taskschd.dll
2010-11-02 05:16:53 1114624 ----a-w- C:\Windows\System32\schedsvc.dll
2010-11-02 05:10:47 464384 ----a-w- C:\Windows\System32\taskeng.exe
2010-11-02 05:10:32 285696 ----a-w- C:\Windows\System32\schtasks.exe
2010-11-02 04:40:36 496128 ----a-w- C:\Windows\SysWow64\taskschd.dll
2010-11-02 04:40:36 305152 ----a-w- C:\Windows\SysWow64\taskcomp.dll
2010-11-02 04:34:44 192000 ----a-w- C:\Windows\SysWow64\taskeng.exe
2010-11-02 04:34:33 179712 ----a-w- C:\Windows\SysWow64\schtasks.exe
2010-10-20 05:20:01 46080 ----a-w- C:\Windows\System32\atmlib.dll
2010-10-20 04:54:18 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
2010-10-20 03:09:15 3124224 ----a-w- C:\Windows\System32\win32k.sys
2010-10-20 03:05:46 367104 ----a-w- C:\Windows\System32\atmfd.dll
2010-10-20 02:58:41 294400 ----a-w- C:\Windows\SysWow64\atmfd.dll
2010-10-16 05:23:13 112000 ----a-w- C:\Windows\System32\consent.exe
2010-10-16 05:19:41 395776 ----a-w- C:\Windows\System32\webio.dll
2010-10-16 04:36:10 314368 ----a-w- C:\Windows\SysWow64\webio.dll

============= FINISH: 11:13:36.97 ===============

Gmer did not post any log.

Attached Files



BC AdBot (Login to Remove)

 


#2 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:05:48 AM

Posted 29 December 2010 - 09:08 PM

Hi,

Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.
  • Please subscribe to this topic, if you haven't already. You can subscribe by clicking the Options box to the right of your topic title and selecting Track This Topic.

  • Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.

  • Please reply to this post so I know you are there.
The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.

Once I receive a reply then I will return with your first instructions.

Thanks :thumbup2:
Posted Image
m0le is a proud member of UNITE

#3 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:05:48 AM

Posted 03 January 2011 - 08:44 PM

Due to the lack of feedback, this topic is now closed.In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.
Posted Image
m0le is a proud member of UNITE




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users