Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Search Redirects + Constantly Disabling Security Center


  • This topic is locked This topic is locked
2 replies to this topic

#1 rabbleroust

rabbleroust

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:06:17 AM

Posted 03 March 2011 - 03:24 PM

the other day i got a nasty explosion of viruses on my x64 windows 7 machine - fake anti-spyware programs, browser redirects, etc... i immediately tried to fix it w/antimalwarebytes, AVGFree, search and destroy, etc.. each of those found SOME problems, and "fixed" them, but now even though the computer has a supposedly clean bill of health, it is still infected.

symptoms are :

browser redirects on google/bing searches

windows security center is constantly being disabled (takes about 2 seconds to re-disable itself when i enable it), same with windows defender and windows anti-malware service.

all my antivirus stuff comes up clean, but these problems remain. help me please! you are awesome :)

thank you
rabbleroust


DDS (Ver_10-12-12.02) - NTFS_AMD64
Run by rafter at 11:53:25.07 on Thu 03/03/2011
Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 1.6.0_24
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.12279.10722 [GMT -8:00]

AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\taskeng.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe
C:\Windows\system32\rundll32.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\explorer.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\rafter\Desktop\dds.scr
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uInternet Settings,ProxyOverride = <local>
mWinlogon: Userinit=userinit.exe,
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRunOnce: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/en-us/wlscctrl2.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
Hosts: 127.0.0.1 www.spywareinfo.com

================= FIREFOX ===================

FF - ProfilePath - C:\Users\rafter\AppData\Roaming\Mozilla\Firefox\Profiles\8fz39mza.default\
FF - prefs.js: browser.startup.homepage - hxxp://mail.google.com/a/singingserpent.com/?account_id=rafter@singingserpent.com#inbox
FF - prefs.js: network.proxy.type - 0
FF - component: C:\Users\rafter\AppData\Roaming\Mozilla\Firefox\Profiles\8fz39mza.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\qscanff.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Users\rafter\AppData\Roaming\Mozilla\Firefox\Profiles\8fz39mza.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: BitDefender QuickScan: {e001c731-5e37-4538-a5cb-8168736a2360} - %profile%\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}

============= SERVICES / DRIVERS ===============

R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2011-2-9 55856]
R1 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2010-10-24 188928]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\System32\drivers\vwififlt.sys [2009-7-13 59904]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2011-1-26 203776]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-2-9 13336]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-3-3 363344]
R2 NIHardwareService;NIHardwareService;C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe [2010-9-16 5018624]
R3 amdkmdag;amdkmdag;C:\Windows\System32\drivers\atikmdag.sys [2011-1-26 9085952]
R3 amdkmdap;amdkmdap;C:\Windows\System32\drivers\atikmpag.sys [2011-1-26 299520]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2010-11-17 115216]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2011-3-1 24152]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2011-2-9 242720]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-2-9 295424]
S3 MpNWMon;Microsoft Malware Protection Network Driver;C:\Windows\System32\drivers\MpNWMon.sys [2010-10-24 40832]
S3 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2010-10-24 72064]
S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [2010-11-11 282616]
S3 RDID1046;UA-25;C:\Windows\System32\drivers\Rdwm1046.sys [2011-2-22 199296]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-3-2 59392]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-2-16 1255736]

=============== Created Last 30 ================

2011-03-03 19:29:41 38224 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
2011-03-03 19:29:37 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2011-03-03 11:00:14 -------- d-sh--w- C:\Windows\SysWow64\%APPDATA%
2011-03-03 02:50:38 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy
2011-03-03 02:50:38 -------- d-----w- C:\PROGRA~3\Spybot - Search & Destroy
2011-03-03 00:45:45 601424 ----a-w- C:\PROGRA~3\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2011-03-03 00:45:44 601424 ----a-w- C:\PROGRA~3\Microsoft\Microsoft Antimalware\Definition Updates\{F68C678C-D88C-46EB-880E-2CFF79271D77}\gapaengine.dll
2011-03-03 00:45:19 7947600 ------w- C:\PROGRA~3\Microsoft\Microsoft Antimalware\Definition Updates\{04A9603C-8B50-449D-AF14-66FC1A695712}\mpengine.dll
2011-03-02 23:15:20 -------- d-----w- C:\PROGRA~3\SUPERAntiSpyware.com
2011-03-02 22:49:10 -------- d-----w- C:\Windows\pss
2011-03-02 22:02:38 -------- d-----w- C:\Windows\System32\SPReview
2011-03-02 22:02:32 -------- d-----w- C:\Windows\System32\EventProviders
2011-03-02 22:02:22 870912 ----a-w- C:\Windows\SysWow64\XpsPrint.dll
2011-03-02 22:02:22 475648 ----a-w- C:\Windows\System32\XpsGdiConverter.dll
2011-03-02 22:02:22 288256 ----a-w- C:\Windows\SysWow64\XpsGdiConverter.dll
2011-03-02 22:02:22 214016 ----a-w- C:\Windows\System32\winsrv.dll
2011-03-02 22:02:22 1465344 ----a-w- C:\Windows\System32\XpsPrint.dll
2011-03-02 22:02:11 197120 ----a-w- C:\Windows\System32\d3d10_1.dll
2011-03-02 22:02:11 161792 ----a-w- C:\Windows\SysWow64\d3d10_1.dll
2011-03-02 21:57:04 -------- d-----w- C:\Program Files (x86)\Microsoft Security Client
2011-03-02 21:56:58 -------- d-----w- C:\Program Files\Microsoft Security Client
2011-03-02 21:50:59 902144 ----a-w- C:\Windows\System32\d2d1.dll
2011-03-02 21:49:59 850944 ----a-w- C:\Windows\System32\mmsys.cpl
2011-03-02 21:48:59 47104 ----a-w- C:\Windows\System32\wshbth.dll
2011-03-02 21:26:43 -------- d-----w- C:\Users\rafter\AppData\Roaming\QuickScan
2011-03-02 18:49:06 -------- d-----w- C:\Program Files\Common Files\ATI Technologies
2011-03-02 18:49:06 -------- d-----w- C:\Program Files (x86)\Common Files\ATI Technologies
2011-03-02 18:49:04 -------- d-----w- C:\Program Files (x86)\ATI Stream
2011-03-02 18:48:29 -------- d-----w- C:\Program Files\ATI
2011-03-02 18:48:02 -------- d-----w- C:\Program Files\ATI Technologies
2011-03-02 18:14:06 -------- d-----w- C:\ATI
2011-03-02 01:11:41 -------- d--h--w- C:\$AVG
2011-03-02 00:47:59 -------- d-----w- C:\Users\rafter\AppData\Roaming\AVG10
2011-03-02 00:46:57 -------- d--h--w- C:\PROGRA~3\Common Files
2011-03-02 00:46:41 -------- d-----w- C:\PROGRA~3\AVG10
2011-03-02 00:43:34 -------- d-----w- C:\PROGRA~3\MFAData
2011-03-02 00:32:32 -------- d-----w- C:\Users\rafter\AppData\Roaming\Malwarebytes
2011-03-02 00:32:30 -------- d-----w- C:\PROGRA~3\Malwarebytes
2011-03-02 00:32:27 24152 ----a-w- C:\Windows\System32\drivers\mbam.sys
2011-03-02 00:27:51 0 ----a-w- C:\Users\rafter\AppData\Local\Lzolaqoxisigiha.bin
2011-03-02 00:27:50 -------- d-----w- C:\Users\rafter\AppData\Local\{5CDC479A-D808-4E87-82D1-939F40FDF1DA}
2011-03-02 00:26:11 -------- d-----w- C:\PROGRA~3\jAaJmEj15400
2011-03-02 00:26:01 -------- d-----w- C:\Users\rafter\AppData\Roaming\SQL
2011-03-02 00:25:54 118784 --sha-r- C:\Windows\SysWow64\C_10079Z.dll
2011-03-01 07:52:52 7947600 ------w- C:\PROGRA~3\Microsoft\Windows Defender\Definition Updates\{4A63AF91-F1CD-42E8-B0E7-E7B8A8E03DFB}\mpengine.dll
2011-03-01 01:10:59 -------- d-----w- C:\Users\rafter\AppData\Roaming\Arturia
2011-03-01 01:06:15 -------- d-----w- C:\PROGRA~3\Arturia
2011-02-25 19:57:21 -------- d-----w- C:\Program Files (x86)\Magic Bullet Mojo Vegas
2011-02-25 19:40:15 90112 ----a-w- C:\Windows\unvise32.exe
2011-02-24 01:23:00 -------- dc-h--w- C:\PROGRA~3\{624294E5-E0E5-4EFD-A333-C1D4E7225D06}
2011-02-23 22:42:29 -------- d-----w- C:\Users\rafter\AppData\Roaming\Sony Creative Software
2011-02-23 22:34:27 -------- d-----w- C:\PROGRA~3\iZotope
2011-02-23 22:15:43 61440 ----a-w- C:\Windows\SysWow64\NI_DFD_1_4.dll
2011-02-23 22:15:43 393216 ----a-w- C:\Windows\SysWow64\NI_IRC_1_0_3.dll
2011-02-23 19:15:04 -------- d-----w- C:\PROGRA~3\Waves Audio
2011-02-23 19:12:31 143360 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
2011-02-23 19:12:31 143360 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
2011-02-23 19:12:31 143360 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
2011-02-23 19:12:31 143360 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
2011-02-23 19:12:31 143360 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
2011-02-23 19:12:31 143360 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
2011-02-23 19:12:31 143360 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
2011-02-23 19:09:44 -------- d-----w- C:\Users\rafter\AppData\Roaming\SorensonMedia
2011-02-23 19:07:11 7680 ----a-w- C:\Windows\SysWow64\ff_vfw.dll
2011-02-23 19:07:11 60273 ----a-w- C:\Windows\SysWow64\pthreadGC2.dll
2011-02-23 19:07:09 -------- d-----w- C:\Program Files (x86)\ffdshow
2011-02-23 19:06:58 15664 ----a-w- C:\Windows\SysWow64\drivers\GEARAspiWDM.sys
2011-02-23 19:06:58 109360 ----a-w- C:\Windows\SysWow64\GEARAspi.dll
2011-02-23 19:06:42 -------- d-----w- C:\Program Files (x86)\Sorenson Media
2011-02-23 18:03:28 -------- d-----w- C:\Program Files (x86)\Fixed Noise
2011-02-23 17:11:01 1409 ----a-w- C:\Windows\SysWow64\QTFont.for
2011-02-23 16:31:04 -------- d-----w- C:\Program Files (x86)\VideoLAN
2011-02-23 00:28:24 -------- d-----w- C:\Users\rafter\AppData\Local\Apple Computer
2011-02-23 00:20:24 -------- d-----w- C:\Users\rafter\AppData\Local\Apple
2011-02-22 23:33:17 -------- d-----w- C:\Users\rafter\AppData\Roaming\Nomad Factory
2011-02-22 23:27:54 -------- d-----w- C:\Program Files\Nomad Factory
2011-02-22 21:06:29 -------- dc-h--w- C:\PROGRA~3\{D4A35D06-4ABB-4672-8A3A-DA19E6EB8CD6}
2011-02-22 17:55:11 -------- d-----w- C:\Program Files (x86)\Best Service
2011-02-22 17:39:35 56832 ----a-w- C:\Windows\System32\RDCP1046.CPL
2011-02-22 17:39:35 423424 ----a-w- C:\Windows\System32\RDDP1046.DAT
2011-02-22 17:39:35 275968 ----a-w- C:\Windows\SysWow64\RDAH1046.DAT
2011-02-22 17:39:35 199296 ----a-w- C:\Windows\System32\drivers\Rdwm1046.sys
2011-02-22 17:39:35 17920 ----a-w- C:\Windows\System32\RdCi1046.dll
2011-02-22 17:39:35 115712 ----a-w- C:\Windows\System32\rdas1046.dll
2011-02-22 17:39:35 102400 ----a-w- C:\Windows\SysWow64\RDAW1046.DLL
2011-02-22 17:39:35 -------- d-----w- C:\Program Files\RdDrv001
2011-02-21 22:43:53 -------- d-----w- C:\Program Files (x86)\Sonnox
2011-02-21 17:15:33 -------- d-----w- C:\Users\rafter\AppData\Roaming\4Front
2011-02-19 23:19:17 765952 ----a-w- C:\Windows\SysWow64\msvcp71d.dll
2011-02-19 23:19:17 544768 ----a-w- C:\Windows\SysWow64\msvcr71d.dll
2011-02-19 23:19:16 -------- d-----w- C:\Program Files (x86)\Nomad Factory
2011-02-19 22:50:38 45056 ----a-r- C:\Users\rafter\AppData\Roaming\Microsoft\Installer\{009AC76E-1A66-4682-82B7-417E77F3C648}\ARPPRODUCTICON.exe
2011-02-19 00:50:24 -------- d-----w- C:\Users\rafter\AppData\Roaming\iZotope
2011-02-19 00:49:34 -------- d-----w- C:\Program Files\Common Files\VST3
2011-02-19 00:49:33 -------- d-----w- C:\Program Files (x86)\iZotope
2011-02-19 00:34:30 -------- d-----w- C:\Users\rafter\AppData\Local\ElevatedDiagnostics
2011-02-18 23:51:31 -------- dc-h--w- C:\PROGRA~3\{E2CB91C4-F65B-43A3-AF20-333B2663A78A}
2011-02-18 23:50:43 -------- dc-h--w- C:\PROGRA~3\{84BD2490-E07B-459A-85CD-649AABFCE52D}
2011-02-18 23:49:17 -------- dc-h--w- C:\PROGRA~3\{A088C926-8EF0-4CFF-A473-EB879919E63A}
2011-02-18 23:49:13 -------- dc-h--w- C:\PROGRA~3\{FB9DCDD5-FDBE-4EED-A03A-BA8F086DC950}
2011-02-18 23:46:47 -------- d-----w- C:\Program Files\Common Files\Native Instruments
2011-02-18 23:46:30 -------- d-----w- C:\Program Files (x86)\Common Files\Native Instruments
2011-02-18 23:09:04 -------- dc-h--w- C:\PROGRA~3\{FA6F3C69-4678-4726-A75B-45C1A986CC24}
2011-02-18 23:04:00 -------- dc-h--w- C:\PROGRA~3\{4FF14FF4-C333-4311-BC51-88781D14A5AF}
2011-02-18 21:29:53 -------- d-----w- C:\Program Files\Old LA Scoring
2011-02-18 21:13:51 -------- dc-h--w- C:\PROGRA~3\{68043317-5F8A-4DA9-B49D-1A6337515B90}
2011-02-18 20:41:59 -------- d-----w- C:\Program Files\LA Scoring Strings Library
2011-02-18 20:25:03 -------- dc-h--w- C:\PROGRA~3\{FCB4E5DF-D134-4F71-861A-5EB315418DA1}
2011-02-18 20:23:36 -------- dc-h--w- C:\PROGRA~3\{A1CE61C9-A3B8-4E0E-ADEE-E237C381C954}
2011-02-18 20:22:11 -------- dc-h--w- C:\PROGRA~3\{13E67FA2-BFF0-4FB9-99FF-F2B7E480E626}
2011-02-18 20:21:29 -------- dc-h--w- C:\PROGRA~3\{1CF3FE7A-4381-41EA-A1FD-F70233A9A42E}
2011-02-18 20:20:18 -------- dc-h--w- C:\PROGRA~3\{458F3F08-8039-46F2-BF3A-F5115518ED16}
2011-02-18 20:18:18 -------- dc-h--w- C:\PROGRA~3\{D60B3BBC-C177-4D7A-B4F6-13B5AF452E04}
2011-02-18 20:16:56 -------- dc-h--w- C:\PROGRA~3\{DCB3384C-CF87-4E37-8561-DAD854BEBFCD}
2011-02-18 20:15:12 -------- dc-h--w- C:\PROGRA~3\{F72E3A60-3111-406A-B539-69D64E8BF25B}
2011-02-18 20:14:23 -------- dc-h--w- C:\PROGRA~3\{6BA6A5D8-137C-4CEA-8BBE-6AE00E2D8863}
2011-02-18 20:13:43 -------- dc-h--w- C:\PROGRA~3\{86190A21-318C-4B3A-9297-DC38C1C465BC}
2011-02-18 18:22:17 -------- dc-h--w- C:\PROGRA~3\{07D9EF15-1E96-4C9C-911C-4C7AAC443789}
2011-02-18 09:12:08 7947600 ------w- C:\PROGRA~3\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2011-02-18 01:24:22 -------- d-----w- C:\Program Files (x86)\MagicISO
2011-02-18 00:57:01 61440 ----a-w- C:\Windows\SysWow64\NI_DFD_1_5.dll
2011-02-18 00:57:01 393216 ----a-w- C:\Windows\SysWow64\NI_IRC_1_2.dll
2011-02-18 00:56:53 -------- d-----w- C:\Program Files (x86)\Heavyocity
2011-02-18 00:00:15 -------- d-----w- C:\Program Files\Synthogy
2011-02-17 23:53:25 -------- d-----w- C:\Program Files\Common Files\Digidesign
2011-02-17 22:50:59 -------- d-----w- C:\Program Files\SampleTron_library
2011-02-17 21:05:35 -------- d-----w- C:\Program Files (x86)\URS
2011-02-17 20:58:28 -------- d-----w- C:\Program Files (x86)\EMI
2011-02-17 20:56:42 -------- d-----w- C:\Program Files (x86)\elysia
2011-02-17 20:39:09 208 ----a-w- C:\Windows\SysWow64\msvcsv60.dll
2011-02-17 20:34:29 -------- d-----w- C:\Program Files (x86)\IK Multimedia
2011-02-17 20:14:19 -------- d-----w- C:\Program Files (x86)\GForce
2011-02-17 20:00:07 -------- dc-h--w- C:\PROGRA~3\{21417309-FCEF-4E16-8B00-1113850DF126}
2011-02-17 19:47:43 -------- d-----w- C:\Program Files (x86)\Softube
2011-02-17 19:18:30 2892 ----a-w- C:\Windows\SysWow64\audcon.sys
2011-02-17 19:18:15 -------- d-----w- C:\Program Files (x86)\Common Files\Intel
2011-02-17 18:36:50 -------- d-----w- C:\Users\rafter\AppData\Local\Native Instruments
2011-02-17 18:33:12 -------- dc-h--w- C:\PROGRA~3\{AE681438-D566-42AE-BBB8-7141C47E0985}
2011-02-17 00:26:46 -------- dc----w- C:\PROGRA~3\{E7D4E1BB-A8A8-4E3B-BEA6-38DD8E4522DF}
2011-02-17 00:26:22 -------- dc----w- C:\PROGRA~3\{DFE2E7B1-6B2C-4104-9C65-82A52ECA8CB8}
2011-02-17 00:07:19 684313 ----a-w- C:\Windows\unins000.exe
2011-02-17 00:00:46 -------- d-----w- C:\Program Files (x86)\XLN Audio
2011-02-16 23:58:22 -------- d-----w- C:\Program Files (x86)\Native Instruments
2011-02-16 23:57:58 69632 ----a-w- C:\Windows\SysWow64\NI_DFD_KOMPAKT.dll
2011-02-16 23:57:58 69632 ----a-w- C:\Windows\SysWow64\NI_DFD_1_2_9.dll
2011-02-16 23:57:58 69632 ----a-w- C:\Windows\SysWow64\NI_DFD_1_2_7.dll
2011-02-16 23:57:58 69632 ----a-w- C:\Windows\SysWow64\NI_DFD_1_2_4.dll
2011-02-16 23:57:58 69632 ----a-w- C:\Windows\SysWow64\NI_DFD.dll
2011-02-16 23:57:58 65536 ----a-w- C:\Windows\SysWow64\NI_DFD_1_2_8.dll
2011-02-16 23:38:19 -------- d-----w- C:\Program Files (x86)\East West
2011-02-16 23:33:35 -------- d-----w- C:\Program Files (x86)\Arturia
2011-02-16 23:31:50 -------- d-----w- C:\PROGRA~3\Syncrosoft
2011-02-16 23:30:21 1695232 ----a-w- C:\Windows\System32\synsoacc.dll
2011-02-16 23:30:21 -------- d-----w- C:\Program Files (x86)\Syncrosoft
2011-02-16 23:30:21 -------- d-----w- C:\Program Files (x86)\eLicenser
2011-02-16 23:30:21 -------- d-----w- C:\PROGRA~3\eLicenser
2011-02-16 23:30:20 86016 ----a-w- C:\Windows\SysWow64\SYNSOPOS.exe
2011-02-16 23:30:20 1261568 ----a-w- C:\Windows\SysWow64\SYNSOACC.dll
2011-02-16 23:29:08 -------- d-----w- C:\Program Files\Arturia
2011-02-16 23:23:32 -------- d-----w- C:\Users\rafter\AppData\Roaming\Antares
2011-02-16 23:23:31 -------- d-----w- C:\Program Files (x86)\Antares Audio Technologies
2011-02-16 23:16:15 -------- d-----w- C:\Program Files (x86)\Zero-G
2011-02-16 23:10:56 -------- d-----w- C:\Users\rafter\AppData\Roaming\Applied Acoustics Systems
2011-02-16 23:10:55 -------- d-----w- C:\Program Files (x86)\AAS
2011-02-16 23:04:14 6062080 ----a-w- C:\Windows\SysWow64\PSP oldTimer.dll
2011-02-16 22:58:35 -------- d-----w- C:\Users\rafter\AppData\Roaming\Toontrack
2011-02-16 22:57:12 -------- d-----w- C:\PROGRA~3\Toontrack
2011-02-16 22:57:11 -------- d-----w- C:\Program Files (x86)\Toontrack
2011-02-16 22:53:03 -------- d-----w- C:\PROGRA~3\Note
2011-02-16 21:52:50 -------- d-----w- C:\Trilian
2011-02-16 21:48:08 -------- d-----w- C:\PROGRA~3\Spectrasonics
2011-02-16 21:44:23 -------- d-----w- C:\Program Files (x86)\PSPaudioware
2011-02-16 21:42:16 -------- d-----w- C:\Program Files\64bit VST Plugs
2011-02-16 21:20:46 -------- d-----w- C:\Program Files\PSPaudioware
2011-02-16 21:17:32 491520 ----a-w- C:\Windows\SysWow64\libencdec.dll
2011-02-16 21:17:32 -------- d-----w- C:\Users\rafter\AppData\Roaming\Audio Ease
2011-02-16 21:17:31 -------- d-----w- C:\Program Files (x86)\Audio Ease
2011-02-16 21:17:31 -------- d-----w- C:\PROGRA~3\Audio Ease
2011-02-16 20:49:53 -------- d-----w- C:\Users\rafter\AppData\Local\Spectrasonics
2011-02-16 20:07:37 -------- d-----w- C:\Program Files\Spectrasonics
2011-02-16 20:07:08 -------- d-----w- C:\Program Files (x86)\steinberg
2011-02-16 20:07:08 -------- d-----w- C:\Program Files (x86)\Spectrasonics
2011-02-16 20:03:21 -------- d-----w- C:\Users\rafter\AppData\Roaming\Waves Audio
2011-02-16 20:03:14 -------- d-----w- C:\PROGRA~3\Audio Damage
2011-02-16 20:02:40 -------- d-----w- C:\Program Files\Common Files\Steinberg
2011-02-16 19:58:45 1700352 ----a-w- C:\Windows\SysWow64\gdiplus.dll
2011-02-16 19:43:32 106575 ----a-w- C:\Windows\Ratshack Ratverb Uninstaller.exe
2011-02-16 19:40:26 406528 ----a-w- C:\Windows\SysWow64\ReWire.dll
2011-02-16 19:38:41 -------- d-----w- C:\Users\rafter\AppData\Roaming\Propellerhead Software
2011-02-16 19:38:41 -------- d-----w- C:\PROGRA~3\Propellerhead Software
2011-02-16 19:37:17 -------- d-----w- C:\Program Files (x86)\Propellerhead
2011-02-16 19:34:11 -------- d-----w- C:\Program Files (x86)\Common Files\SoundToys
2011-02-16 19:34:02 -------- d-----w- C:\Program Files (x86)\SoundToys
2011-02-16 19:32:29 -------- d-----w- C:\Program Files (x86)\WinPcap
2011-02-16 19:31:39 -------- d-----w- C:\Program Files (x86)\Common Files\VST3
2011-02-16 19:30:36 -------- d-----w- C:\Program Files (x86)\Waves
2011-02-16 19:27:03 -------- d-----w- C:\Program Files (x86)\Common Files\Digidesign
2011-02-16 19:23:29 -------- d-----w- C:\Users\rafter\TruePianos Settings
2011-02-16 19:23:04 -------- d-----w- C:\Users\rafter\AppData\Roaming\Cakewalk
2011-02-16 19:19:11 -------- d-----w- C:\Program Files (x86)\Vstplugins
2011-02-16 19:18:43 -------- d-----w- C:\Multisamples
2011-02-16 19:18:21 722680 ----a-w- C:\Program Files (x86)\unins000.exe
2011-02-16 19:08:12 -------- d-----w- C:\PROGRA~3\Native Instruments
2011-02-16 19:08:06 -------- d-----w- C:\Program Files\Native Instruments
2011-02-16 19:06:33 -------- d-----w- C:\Cakewalk Projects
2011-02-16 19:03:10 487424 ----a-w- C:\Windows\SysWow64\msvcp70.dll
2011-02-16 18:58:05 -------- d-----w- C:\Cakewalk Content
2011-02-16 18:56:07 -------- d-----w- C:\Program Files (x86)\Cakewalk
2011-02-16 18:55:02 -------- d-----w- C:\Program Files\Cakewalk
2011-02-16 18:55:02 -------- d-----w- C:\PROGRA~3\Cakewalk
2011-02-16 18:42:50 -------- d-----w- C:\Program Files\Sony
2011-02-16 18:33:42 -------- d-----w- C:\Users\rafter\AppData\Local\Adobe
2011-02-16 18:20:00 -------- d-----w- C:\Windows\SysWow64\Wat
2011-02-16 18:20:00 -------- d-----w- C:\Windows\System32\Wat
2011-02-16 18:02:24 -------- d-----w- C:\Users\rafter\AppData\Roaming\NetMedia Providers
2011-02-16 17:58:39 -------- d-----w- C:\Program Files (x86)\Sony
2011-02-16 17:58:16 -------- d-----w- C:\Program Files (x86)\Sony Setup
2011-02-16 17:48:13 -------- d-----w- C:\Users\rafter\AppData\Local\Sony
2011-02-16 17:34:54 -------- d-----w- C:\Singing Serpent
2011-02-16 17:26:10 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2011-02-16 17:26:10 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
2011-02-16 17:26:07 715776 ----a-w- C:\Windows\System32\kerberos.dll
2011-02-16 17:26:06 542208 ----a-w- C:\Windows\SysWow64\kerberos.dll
2011-02-16 17:25:58 3129344 ----a-w- C:\Windows\System32\win32k.sys
2011-02-16 17:25:55 612864 ----a-w- C:\Windows\System32\vbscript.dll
2011-02-16 17:25:55 428032 ----a-w- C:\Windows\SysWow64\vbscript.dll
2011-02-16 17:25:52 70656 ----a-w- C:\Windows\SysWow64\fontsub.dll
2011-02-16 17:25:52 46080 ----a-w- C:\Windows\System32\atmlib.dll
2011-02-16 17:25:52 366592 ----a-w- C:\Windows\System32\atmfd.dll
2011-02-16 17:25:52 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
2011-02-16 17:25:52 294400 ----a-w- C:\Windows\SysWow64\atmfd.dll
2011-02-16 17:25:52 100864 ----a-w- C:\Windows\System32\fontsub.dll
2011-02-15 23:06:53 -------- d-----w- C:\Program Files (x86)\uTorrent
2011-02-15 23:06:28 -------- d-----w- C:\Users\rafter\AppData\Roaming\uTorrent
2011-02-15 22:48:35 -------- d-----w- C:\Program Files (x86)\Elaborate Bytes
2011-02-15 22:45:42 -------- d-----w- C:\Users\rafter\AppData\Local\Diagnostics
2011-02-15 22:41:56 -------- d-----w- C:\Users\rafter\AppData\Local\sabnzbd
2011-02-15 22:41:49 -------- d-----w- C:\Program Files (x86)\SABnzbd
2011-02-15 22:39:25 270720 ------w- C:\Windows\System32\MpSigStub.exe
2011-02-15 22:14:32 472808 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
2011-02-15 21:53:35 -------- d-----w- C:\PROGRA~3\PCDr
2011-02-15 21:50:04 -------- d-----w- C:\Users\rafter\AppData\Roaming\Roxio Log Files
2011-02-15 21:33:57 -------- d-----w- C:\Users\rafter\AppData\Roaming\Intel Corporation
2011-02-15 21:33:57 -------- d-----w- C:\Users\rafter\AppData\Local\ATI
2011-02-15 21:33:55 -------- d-----w- C:\Users\rafter\AppData\Roaming\Dell Touch Zone
2011-02-15 21:33:35 -------- d-----w- C:\Users\rafter\AppData\Local\VirtualStore
2011-02-09 22:06:59 -------- d-----w- C:\Program Files\Realtek
2011-02-09 22:06:58 -------- d-----w- C:\Windows\SysWow64\RTCOM
2011-02-09 22:06:17 0 ----a-w- C:\Windows\ativpsrm.bin
2011-02-09 21:57:48 52224 ----a-w- C:\Windows\System32\drivers\usbehci.sys
2011-02-09 21:57:48 324608 ----a-w- C:\Windows\System32\drivers\usbport.sys
2011-02-09 21:55:36 -------- d-----w- C:\Apps
2011-02-09 21:49:18 -------- d-----w- C:\Windows\System32\oem
2011-02-09 21:49:16 -------- d-----w- C:\Windows\Panther
2011-02-09 21:49:16 -------- d-----w- C:\Drivers
2011-02-09 21:45:17 -------- d-----w- C:\dell
2011-02-09 20:34:35 -------- d-----w- C:\Program Files\dell stage
2011-02-09 20:33:50 -------- d-----w- C:\Program Files (x86)\Microsoft
2011-02-09 20:31:51 55856 ------w- C:\Windows\System32\drivers\PxHlpa64.sys
2011-02-09 20:31:51 10224 ------w- C:\Windows\System32\drivers\cdralw2k.sys
2011-02-09 20:31:51 10224 ------w- C:\Windows\System32\drivers\cdr4_xp.sys
2011-02-09 20:31:07 -------- d-----w- C:\Program Files (x86)\Roxio
2011-02-09 20:28:07 -------- d-----w- C:\Program Files (x86)\Common Files\mcafee
2011-02-09 20:25:46 69464 ------w- C:\Windows\SysWow64\XAPOFX1_3.dll
2011-02-09 20:25:46 523088 ----a-w- C:\Windows\System32\d3dx10_42.dll
2011-02-09 20:25:46 515416 ------w- C:\Windows\SysWow64\XAudio2_5.dll
2011-02-09 20:25:46 453456 ------w- C:\Windows\SysWow64\d3dx10_42.dll
2011-02-09 20:24:52 4398360 ----a-w- C:\Windows\System32\d3dx9_32.dll
2011-02-09 20:24:52 3426072 ------w- C:\Windows\SysWow64\d3dx9_32.dll
2011-02-09 20:22:43 15712 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\1b1122a01cbc89706\MeshBetaRemover.exe
2011-02-09 20:22:42 94040 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\1aeb0c9b1cbc89705\DSETUP.dll
2011-02-09 20:22:42 94040 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\1ac757f71cbc89704\DSETUP.dll
2011-02-09 20:22:42 6260088 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\1a9098511cbc89703\Silverlight.4.0.exe
2011-02-09 20:22:42 525656 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\1aeb0c9b1cbc89705\DXSETUP.exe
2011-02-09 20:22:42 525656 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\1ac757f71cbc89704\DXSETUP.exe
2011-02-09 20:22:42 1691480 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\1aeb0c9b1cbc89705\dsetup32.dll
2011-02-09 20:22:42 1691480 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\1ac757f71cbc89704\dsetup32.dll
2011-02-09 20:22:41 -------- d-----w- C:\Program Files (x86)\Common Files\Windows Live
2011-02-09 20:22:37 -------- d--h--w- C:\Windows\msdownld.tmp
2011-02-09 20:19:38 -------- d-----w- C:\Program Files (x86)\Common Files\Macrovision Shared
2011-02-09 20:18:36 151656 ----a-w- C:\Windows\System32\drivers\WimFltr.sys
2011-02-09 20:16:52 -------- d-----w- C:\Program Files (x86)\Citrix
2011-02-09 20:12:59 540696 ----a-w- C:\Windows\System32\drivers\iaStor.sys
2011-02-09 20:12:59 -------- d-----w- C:\Intel
2011-02-09 20:11:38 -------- d-----w- C:\Program Files (x86)\ATI Technologies
2011-02-09 20:11:33 521448 ----a-w- C:\Windows\System32\deployJava1.dll
2011-02-09 20:11:05 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2011-02-09 20:10:27 -------- d-----w- C:\Program Files\Dell Inc
2011-02-09 20:10:26 -------- d-sh--w- C:\Windows\Installer

==================== Find3M ====================

2011-03-02 22:07:02 175616 ----a-w- C:\Windows\System32\msclmd.dll
2011-03-02 22:07:02 152576 ----a-w- C:\Windows\SysWow64\msclmd.dll
2011-01-26 23:37:20 9085952 ----a-w- C:\Windows\System32\drivers\atikmdag.sys
2011-01-26 23:22:18 22295040 ----a-w- C:\Windows\System32\atio6axx.dll
2011-01-26 23:00:44 143360 ----a-w- C:\Windows\System32\atiapfxx.exe
2011-01-26 23:00:30 596480 ----a-w- C:\Windows\SysWow64\aticfx32.dll
2011-01-26 22:59:46 17204736 ----a-w- C:\Windows\SysWow64\atioglxx.dll
2011-01-26 22:59:10 708608 ----a-w- C:\Windows\System32\aticfx64.dll
2011-01-26 22:56:30 462848 ----a-w- C:\Windows\System32\ATIDEMGX.dll
2011-01-26 22:56:14 479232 ----a-w- C:\Windows\System32\atieclxx.exe
2011-01-26 22:55:36 203776 ----a-w- C:\Windows\System32\atiesrxx.exe
2011-01-26 22:54:20 120320 ----a-w- C:\Windows\System32\atitmm64.dll
2011-01-26 22:54:00 423424 ----a-w- C:\Windows\System32\atipdl64.dll
2011-01-26 22:53:54 356352 ----a-w- C:\Windows\SysWow64\atipdlxx.dll
2011-01-26 22:53:42 278528 ----a-w- C:\Windows\SysWow64\Oemdspif.dll
2011-01-26 22:53:36 16384 ----a-w- C:\Windows\System32\atimuixx.dll
2011-01-26 22:53:32 59392 ----a-w- C:\Windows\System32\atiedu64.dll
2011-01-26 22:53:26 43520 ----a-w- C:\Windows\SysWow64\ati2edxx.dll
2011-01-26 22:49:44 4105728 ----a-w- C:\Windows\SysWow64\atidxx32.dll
2011-01-26 22:40:02 4847616 ----a-w- C:\Windows\System32\atidxx64.dll
2011-01-26 22:32:46 1208320 ----a-w- C:\Windows\System32\atiumd6v.dll
2011-01-26 22:32:12 1912832 ----a-w- C:\Windows\SysWow64\atiumdmv.dll
2011-01-26 22:32:00 3222016 ----a-w- C:\Windows\System32\atiumd6a.dll
2011-01-26 22:28:52 4170752 ----a-w- C:\Windows\SysWow64\atiumdag.dll
2011-01-26 22:27:52 51200 ----a-w- C:\Windows\System32\aticalrt64.dll
2011-01-26 22:27:50 46080 ----a-w- C:\Windows\SysWow64\aticalrt.dll
2011-01-26 22:27:42 44544 ----a-w- C:\Windows\System32\aticalcl64.dll
2011-01-26 22:27:40 44032 ----a-w- C:\Windows\SysWow64\aticalcl.dll
2011-01-26 22:27:30 6982144 ----a-w- C:\Windows\System32\aticaldd64.dll
2011-01-26 22:25:50 5580800 ----a-w- C:\Windows\SysWow64\aticaldd.dll
2011-01-26 22:24:18 3463680 ----a-w- C:\Windows\SysWow64\atiumdva.dll
2011-01-26 22:21:58 5316096 ----a-w- C:\Windows\System32\atiumd64.dll
2011-01-26 22:20:46 58880 ----a-w- C:\Windows\System32\coinst.dll
2011-01-26 22:14:14 354304 ----a-w- C:\Windows\System32\atiadlxx.dll
2011-01-26 22:14:08 249856 ----a-w- C:\Windows\SysWow64\atiadlxy.dll
2011-01-26 22:13:56 14848 ----a-w- C:\Windows\System32\atig6pxx.dll
2011-01-26 22:13:52 12800 ----a-w- C:\Windows\SysWow64\atiglpxx.dll
2011-01-26 22:13:52 12800 ----a-w- C:\Windows\System32\atiglpxx.dll
2011-01-26 22:13:50 39936 ----a-w- C:\Windows\System32\atig6txx.dll
2011-01-26 22:13:42 32768 ----a-w- C:\Windows\SysWow64\atigktxx.dll
2011-01-26 22:13:32 299520 ----a-w- C:\Windows\System32\drivers\atikmpag.sys
2011-01-26 22:12:46 39936 ----a-w- C:\Windows\System32\atiuxp64.dll
2011-01-26 22:12:40 30720 ----a-w- C:\Windows\SysWow64\atiuxpag.dll
2011-01-26 22:12:32 38400 ----a-w- C:\Windows\System32\atiu9p64.dll
2011-01-26 22:12:24 28672 ----a-w- C:\Windows\SysWow64\atiu9pag.dll
2011-01-26 22:11:46 53248 ----a-w- C:\Windows\System32\drivers\ati2erec.dll
2011-01-26 22:08:46 53760 ----a-w- C:\Windows\System32\atimpc64.dll
2011-01-26 22:08:46 53760 ----a-w- C:\Windows\System32\amdpcom64.dll
2011-01-26 22:08:40 52736 ----a-w- C:\Windows\SysWow64\atimpc32.dll
2011-01-26 22:08:40 52736 ----a-w- C:\Windows\SysWow64\amdpcom32.dll
2010-12-07 20:17:20 51200 ----a-w- C:\Windows\SysWow64\OpenCL.dll
2010-12-07 20:15:30 52736 ----a-w- C:\Windows\System32\OpenCL.dll

============= FINISH: 11:54:12.30 ===============

oh, here's the attach.txt!Attached File  Attach.txt   24.11KB   1 downloads

EDIT: Posts merged ~BP

Edited by Budapest, 03 March 2011 - 04:28 PM.


BC AdBot (Login to Remove)

 


#2 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:07:17 AM

Posted 06 March 2011 - 02:12 PM

Hello and welcome to the forums!

My secret agent name on the forums is SweetTech (you can call me ST for short), it's a pleasure to meet you. :)

I would be glad to take a look at your log and help you with solving any malware problems.

If you have since resolved the issues you were originally experiencing, or have received help elsewhere, please inform me so that this topic can be closed.

If you have not, please adhere to the guidelines below and then follow instructions as outlined further below:

  • Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post. Please remember, I am a volunteer, and I do have a life outside of these forums.
  • Please make sure to carefully read any instruction that I give you. Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
  • If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
  • These instructions have been specifically tailored to your computer and the issues you are experiencing with your computer. It's important to note that these instructions are not suitable for any other computer, even if the issues are fairly similar.
  • Do not do things I do not ask for, such as running a spyware scan on your computer. The one thing that you should always do, is to make sure sure that your anti-virus definitions are up-to-date!
  • Please do not use the Attachment feature for any log file. Do a Copy/Paste of the entire contents of the log file and submit it inside your post.
  • I am going to stick with you until ALL malware is gone from your system. I would appreciate it if you would do the same. From this point, we're in this together ;)
    Because of this, you must reply within three days
    failure to reply will result in the topic being closed!
  • Please do not PM me directly for help. If you have any questions, post them in this topic.
  • Lastly, I am no magician. I will try very hard to fix your issues, but no promises can be made. Also be aware that some infections are so severe that you might need to resort to reformatting and reinstalling your operating system.
    Don't worry, this only happens in severe cases, but it sadly does happen. Be prepared to back up your data. Have means of backing up your data available.
____________________________________________________


Running OTM

We need to execute an OTM script
  • Please download OTM by OldTimer and save it to your desktop.
  • Double click the Posted Image icon on your desktop.
  • Paste the following code under the Posted Image area. Do not include the word "Code".
    :Processes
    :Services
    :Reg
    :Files
    C:\Windows\SysWow64\%APPDATA%
    C:\Users\rafter\AppData\Local\Lzolaqoxisigiha.bin
    C:\Users\rafter\AppData\Local\{5CDC479A-D808-4E87-82D1-939F40FDF1DA}
    C:\PROGRA~3\jAaJmEj15400
    C:\Windows\SysWow64\C_10079Z.dll
    C:\PROGRA~3\{624294E5-E0E5-4EFD-A333-C1D4E7225D06}
    C:\PROGRA~3\{D4A35D06-4ABB-4672-8A3A-DA19E6EB8CD6}
    C:\PROGRA~3\{E2CB91C4-F65B-43A3-AF20-333B2663A78A}
    C:\PROGRA~3\{84BD2490-E07B-459A-85CD-649AABFCE52D}
    C:\PROGRA~3\{A088C926-8EF0-4CFF-A473-EB879919E63A}
    C:\PROGRA~3\{FB9DCDD5-FDBE-4EED-A03A-BA8F086DC950}
    C:\PROGRA~3\{FA6F3C69-4678-4726-A75B-45C1A986CC24}
    C:\PROGRA~3\{4FF14FF4-C333-4311-BC51-88781D14A5AF}
    C:\PROGRA~3\{68043317-5F8A-4DA9-B49D-1A6337515B90}
    C:\PROGRA~3\{FCB4E5DF-D134-4F71-861A-5EB315418DA1}
    C:\PROGRA~3\{A1CE61C9-A3B8-4E0E-ADEE-E237C381C954}
    C:\PROGRA~3\{13E67FA2-BFF0-4FB9-99FF-F2B7E480E626}
    C:\PROGRA~3\{1CF3FE7A-4381-41EA-A1FD-F70233A9A42E}
    C:\PROGRA~3\{458F3F08-8039-46F2-BF3A-F5115518ED16}
    C:\PROGRA~3\{D60B3BBC-C177-4D7A-B4F6-13B5AF452E04}
    C:\PROGRA~3\{DCB3384C-CF87-4E37-8561-DAD854BEBFCD}
    C:\PROGRA~3\{F72E3A60-3111-406A-B539-69D64E8BF25B}
    C:\PROGRA~3\{6BA6A5D8-137C-4CEA-8BBE-6AE00E2D8863}
    C:\PROGRA~3\{86190A21-318C-4B3A-9297-DC38C1C465BC}
    C:\PROGRA~3\{07D9EF15-1E96-4C9C-911C-4C7AAC443789}
    C:\PROGRA~3\{21417309-FCEF-4E16-8B00-1113850DF126}
    C:\PROGRA~3\{AE681438-D566-42AE-BBB8-7141C47E0985}
    C:\PROGRA~3\{E7D4E1BB-A8A8-4E3B-BEA6-38DD8E4522DF}
    C:\PROGRA~3\{DFE2E7B1-6B2C-4104-9C65-82A52ECA8CB8}
    echo,Y|cacls "%WinDir%\system32\drivers\etc\hosts" /G everyone:f /c
    ipconfig /flushdns /c
    :Commands
    [purity]
    [emptytemp]
    [EMPTYFLASH]
    [resethosts]
    [createrestorepoint]
    
  • Push the large Posted Image button.
  • OTM may ask to reboot the machine. Please do so if asked.
  • Copy/Paste the contents under the Posted Image line here in your next reply.
  • If you are unable to copy/paste from this window (as will be the case if the machine was rebooted), open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTM\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.


NEXT:


Malwarebytes' Anti-Malware

I see that you have Malwarebytes' Anti-Malware installed on your computer could you please do a scan using these settings:

  • Open Malwarebytes' Anti-Malware
  • Select the Update tab
  • Click Check for Updates
  • After the update have been completed, Select the Scanner tab.
  • Select Perform quick scan, then click on Scan
  • Leave the default options as it is and click on Start Scan
  • When done, you will be prompted. Click OK, then click on Show Results
  • Checked (ticked) all items and click on Remove Selected
  • After it has removed the items, Notepad will open. Please post this log in your next reply. You can also find the log in the Logs tab. The bottom most log is the latest
Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.



NEXT:



Running OTL

We need to create an OTL Report
  • Please download OTL from one of the following mirrors:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt <-- Will be minimized


NEXT:



Please be sure to include an update on how things are running in your next reply.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#3 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:07:17 AM

Posted 09 March 2011 - 10:40 AM

Due to the lack of feedback, this topic is now closed.In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users