Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

qooqlle as my default website + other rootkits


  • This topic is locked This topic is locked
9 replies to this topic

#1 Bumbar

Bumbar

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:08:39 PM

Posted 13 April 2011 - 12:51 PM

Every time I boot my computer qooqlle is set as homepage on all my browsers.

I also attached my gmer log as ark.txt file and the Attach.txt file.

Here's my DDS log:

.
DDS (Ver_11-03-05.01) - NTFSx86
Run by Jan at 18:55:50,25 on sre 13.04.2011
Internet Explorer: 9.0.8112.16421
Microsoft Windows 7 Professional 6.1.7601.1.1250.386.1060.18.3263.2388 [GMT 2:00]
.
AV: ESET NOD32 Antivirus 4.0 *Enabled/Updated* {CB0F8167-5331-BA19-698E-64816B6801A5}
SP: ESET NOD32 Antivirus 4.0 *Enabled/Updated* {706E6083-750B-B597-533E-5FF310EF4B18}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\FsUsbExService.Exe
C:\Windows\system32\PnkBstrA.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskhost.exe
C:\Windows\Explorer.EXE
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\ProgramData\csrs.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Opera\opera.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
C:\Windows\system32\sppsvc.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Users\Jan\AppData\Local\Opera\Opera\temporary_downloads\Defogger.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Users\Jan\AppData\Local\Opera\Opera\temporary_downloads\dds.scr
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.qooqlle.com/
uRun: [AutoStartNPSAgent] c:\program files\samsung\samsung new pc studio\NPSAgent.exe
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
mRun: [egui] "c:\program files\eset\eset nod32 antivirus\egui.exe" /hide /waitservice
mRun: [NPSStartup]
mRun: [PWRISOVM.EXE] c:\program files\poweriso\PWRISOVM.EXE
mRun: [csrs] %ALLUSERSPROFILE%\csrs.exe
mRun: [svhost] %COMMONPROGRAMFILES%\svhost.exe
mRun: [winloqon] %ALLUSERSPROFILE%\winloqon.exe
StartupFolder: c:\users\jan\appdata\roaming\micros~1\windows\startm~1\programs\startup\xfire.lnk - c:\program files\xfire\Xfire.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
.
============= SERVICES / DRIVERS ===============
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
R2 ekrn;ESET Service;c:\program files\eset\eset nod32 antivirus\ekrn.exe [2009-11-16 735960]
R2 epfwwfpr;epfwwfpr;c:\windows\system32\drivers\epfwwfpr.sys [2009-12-18 95896]
R2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [2011-4-8 238952]
R3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [2011-4-8 36608]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888]
S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 20992]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-4-8 52224]
S3 WatAdminSvc;Storitev tehnologije za aktiviranje sistema Windows;c:\windows\system32\wat\WatAdminSvc.exe [2011-4-7 1343400]
.
=============== Created Last 30 ================
.
2011-04-13 04:29:02 -------- d-----w- c:\users\jan\appdata\local\searchplugins
2011-04-12 16:02:26 -------- d-----w- c:\users\jan\appdata\local\PunkBuster
2011-04-12 10:33:39 -------- d-----w- c:\program files\Combined Community Codec Pack
2011-04-12 10:32:56 6855168 --sha-r- c:\program files\common files\svhost.exe
2011-04-12 10:32:56 339968 --sha-r- c:\progra~2\csrs.exe
2011-04-12 10:32:56 331776 --sha-r- c:\progra~2\winloqon.exe
2011-04-12 09:42:16 -------- d-----w- C:\xigncode_.rar
2011-04-12 08:38:35 -------- d-----w- c:\users\jan\appdata\local\ESET
2011-04-12 05:41:56 6792528 ----a-w- c:\progra~2\microsoft\windows defender\definition updates\{c9bbaf37-3957-40df-b71c-72df8cc7512c}\mpengine.dll
2011-04-11 09:54:59 62744 ----a-w- c:\windows\system32\xinput1_2.dll
2011-04-11 09:53:53 103736 ----a-w- c:\windows\system32\PnkBstrB.exe
2011-04-11 09:53:50 66872 ----a-w- c:\windows\system32\PnkBstrA.exe
2011-04-11 09:47:28 -------- d-----w- c:\program files\Activision
2011-04-11 09:13:36 -------- d-----w- C:\COD4_Install
2011-04-11 09:05:32 -------- d-----w- c:\program files\PowerISO
2011-04-10 21:16:27 -------- d-----w- c:\users\jan\appdata\roaming\Azureus
2011-04-10 21:15:30 -------- d-----w- c:\program files\Vuze
2011-04-10 20:29:28 -------- d-----w- c:\users\jan\appdata\roaming\Xfire
2011-04-10 20:29:24 -------- d-----w- c:\progra~2\Xfire
2011-04-10 20:29:23 -------- d-----w- c:\program files\Xfire
2011-04-08 16:02:41 90624 ----a-w- c:\windows\system32\nmwcdcls.dll
2011-04-08 16:02:36 21632 ----a-w- c:\windows\system32\drivers\pccsmcfd.sys
2011-04-08 16:00:02 -------- d-----w- c:\windows\system32\Samsung_USB_Drivers
2011-04-08 15:59:49 36608 ----a-w- c:\windows\system32\FsUsbExDisk.Sys
2011-04-08 15:59:49 238952 ----a-w- c:\windows\system32\FsUsbExService.Exe
2011-04-08 15:59:49 110592 ----a-w- c:\windows\system32\FsUsbExDevice.Dll
2011-04-08 15:59:20 -------- d-----w- c:\users\jan\appdata\roaming\Samsung
2011-04-08 15:57:54 -------- d-----w- c:\program files\MarkAny
2011-04-08 15:57:50 -------- d-----w- c:\program files\PC Connectivity Solution
2011-04-08 15:56:49 -------- d-----w- c:\program files\Samsung
2011-04-08 15:55:09 -------- d-----w- c:\users\jan\appdata\local\Downloaded Installations
2011-04-08 14:33:42 -------- d-----w- c:\windows\WinRAR
2011-04-08 14:29:06 -------- d-----w- c:\program files\Winrar + Power ISO
2011-04-08 13:08:04 6792528 ----a-w- c:\progra~2\microsoft\windows defender\definition updates\backup\mpengine.dll
2011-04-08 12:57:59 -------- d-----w- c:\windows\system32\SPReview
2011-04-08 12:57:35 -------- d-----w- c:\windows\system32\EventProviders
2011-04-08 12:49:59 3207680 ----a-w- c:\windows\system32\mf.dll
2011-04-08 12:48:59 712576 ----a-w- c:\windows\system32\drivers\ndis.sys
2011-04-08 12:47:59 1003008 ----a-w- c:\windows\system32\WMNetMgr.dll
2011-04-08 12:46:59 80896 ----a-w- c:\windows\system32\QUTIL.DLL
2011-04-08 12:45:43 780288 ----a-w- c:\windows\system32\wbem\wbemcore.dll
2011-04-08 12:45:43 606208 ----a-w- c:\windows\system32\wbem\fastprox.dll
2011-04-08 12:45:43 363008 ----a-w- c:\windows\system32\wbemcomn.dll
2011-04-08 12:45:43 351232 ----a-w- c:\windows\system32\wmicmiplugin.dll
2011-04-08 12:45:34 697344 ----a-w- c:\windows\system32\SmiEngine.dll
2011-04-08 12:45:29 209920 ----a-w- c:\windows\system32\PkgMgr.exe
2011-04-08 12:45:29 189952 ----a-w- c:\windows\system32\wdscore.dll
2011-04-08 12:45:07 323072 ----a-w- c:\windows\system32\drvstore.dll
2011-04-08 12:45:06 257024 ----a-w- c:\windows\system32\dpx.dll
2011-04-08 12:16:54 -------- d-----w- c:\program files\GameHi_USA
2011-04-08 12:16:23 69715 ----a-w- c:\program files\common files\installshield\professional\runtime\11\50\intel32\ctor.dll
2011-04-08 12:16:23 32768 ----a-w- c:\program files\common files\installshield\professional\runtime\Objectps.dll
2011-04-08 12:16:23 274432 ----a-w- c:\program files\common files\installshield\professional\runtime\11\50\intel32\iscript.dll
2011-04-08 12:16:23 204800 ----a-w- c:\program files\common files\installshield\professional\runtime\11\50\intel32\iuser.dll
2011-04-08 12:16:22 757760 ----a-w- c:\program files\common files\installshield\professional\runtime\11\50\intel32\iKernel.dll
2011-04-08 12:16:22 5632 ----a-w- c:\program files\common files\installshield\professional\runtime\11\50\intel32\DotNetInstaller.exe
2011-04-08 12:16:22 200836 ----a-w- c:\program files\common files\installshield\professional\runtime\11\50\intel32\iGdi.dll
2011-04-08 12:16:21 331908 ----a-w- c:\program files\common files\installshield\professional\runtime\11\50\intel32\setup.dll
2011-04-08 11:28:58 41872 ----a-w- c:\windows\system32\xfcodec.dll
2011-04-07 17:16:29 219136 ----a-w- c:\windows\system32\d3d10_1core.dll
2011-04-07 17:16:29 161792 ----a-w- c:\windows\system32\d3d10_1.dll
2011-04-07 17:16:26 1076736 ----a-w- c:\windows\system32\DWrite.dll
2011-04-07 17:16:25 805376 ----a-w- c:\windows\system32\FntCache.dll
2011-04-07 17:16:24 739840 ----a-w- c:\windows\system32\d2d1.dll
2011-04-07 16:59:31 -------- d-----w- C:\Download
2011-04-07 16:58:06 -------- d-----w- c:\users\jan\appdata\local\Kamuse
2011-04-07 16:41:24 -------- d-----w- c:\windows\system32\Wat
2011-04-07 16:34:36 -------- d-----w- c:\users\jan\appdata\local\Opera
2011-04-07 16:13:32 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-04-07 16:12:36 -------- d-----w- c:\windows\Panther
2011-04-07 16:12:20 -------- d-----w- c:\program files\ESET
2011-04-07 16:01:44 293376 ----a-w- c:\windows\system32\browserchoice.exe
2011-04-07 16:00:15 -------- d-sh--w- c:\windows\Installer
2011-04-07 16:00:13 -------- d-----w- c:\users\jan\appdata\local\Adobe
2011-04-07 15:58:14 850944 ----a-w- c:\windows\system32\sbe.dll
2011-04-07 15:58:14 642048 ----a-w- c:\windows\system32\CPFilters.dll
2011-04-07 15:58:14 534528 ----a-w- c:\windows\system32\EncDec.dll
2011-04-07 15:58:14 199680 ----a-w- c:\windows\system32\mpg2splt.ax
2011-04-07 15:58:13 870912 ----a-w- c:\windows\system32\XpsPrint.dll
2011-04-07 15:58:13 288256 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-04-07 15:58:08 70656 ----a-w- c:\windows\system32\fontsub.dll
2011-04-07 15:58:03 542208 ----a-w- c:\windows\system32\kerberos.dll
2011-04-07 15:53:43 728448 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2011-04-07 15:53:43 219008 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
2011-04-07 15:53:43 107520 ----a-w- c:\windows\system32\cdd.dll
2011-04-07 15:53:07 -------- d-----w- c:\windows\system32\wbem\Performance
2011-04-07 15:22:15 0 ----a-w- c:\windows\ativpsrm.bin
.
==================== Find3M ====================
.
2011-04-11 09:54:12 22328 ----a-w- c:\users\jan\appdata\roaming\PnkBstrK.sys
2011-04-08 13:06:23 152576 ----a-w- c:\windows\system32\msclmd.dll
2011-03-11 05:33:59 1164288 ----a-w- c:\windows\system32\mfc42u.dll
2011-03-11 05:33:59 1137664 ----a-w- c:\windows\system32\mfc42.dll
2011-03-08 05:28:29 741376 ----a-w- c:\windows\system32\inetcomm.dll
2011-03-03 05:38:01 132608 ----a-w- c:\windows\system32\dnsrslvr.dll
2011-03-03 05:36:16 28672 ----a-w- c:\windows\system32\dnscacheugc.exe
2011-03-03 03:42:34 2333184 ----a-w- c:\windows\system32\win32k.sys
2011-02-19 06:30:46 34304 ----a-w- c:\windows\system32\atmlib.dll
2011-02-19 04:34:54 294912 ----a-w- c:\windows\system32\atmfd.dll
2011-02-12 05:35:31 191488 ----a-w- c:\windows\system32\FXSCOVER.exe
.
============= FINISH: 18:56:58,98 ===============


If you could post the solution to my problems as quickly as possibly, that would be extremely helpful to me ... I thank you in advance.

Edit: Moved topic from Win 7 to the more appropriate forum. ~ Animal

Attached Files



BC AdBot (Login to Remove)

 


#2 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:09:39 PM

Posted 14 April 2011 - 03:12 AM

Hi,

* Please download Malwarebytes' Anti-Malware from Here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • In case you already used MBAM previously, please update it before proceeding with the scan. To do this, click the "Update" tab and click the "Check For updates" button.
  • Once the program has loaded and updates were downloaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply along with a fresh HijackThis log.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#3 Bumbar

Bumbar
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:08:39 PM

Posted 14 April 2011 - 12:08 PM

There's a problem ... Is it possible that some rootkits are preventing me from accessing MBAM. every time I open it's folder or click on a shortcut it just crashes immediately. any other suggestions?

#4 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:09:39 PM

Posted 14 April 2011 - 12:13 PM

Hi,

Please try from Windows Safe mode.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#5 Bumbar

Bumbar
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:08:39 PM

Posted 16 April 2011 - 09:37 AM

Hello again ... I used a program named RKill from this website and it effectively got rid of that malware which was blocking MBAM. Running MBAM got rid of the rest. I'm very thankful for your help. Keep up the good work. Because of people like you the Internet is a safer place and you should expect a donation from me ;)

#6 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:09:39 PM

Posted 16 April 2011 - 12:33 PM

Good to hear that solved the issue. :)

Glad I could help. :)

Please read my Prevention page with lots of info and tips how to prevent this in the future.
And if you want to improve speed/system performance after malware removal, take a look here.
Extra note: Make sure your programs are up to date - because older versions may contain Security Leaks. To find out what programs need to be updated, please run the Secunia Software Inspector Scan.

Happy Surfing again!
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#7 Bumbar

Bumbar
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:08:39 PM

Posted 17 April 2011 - 04:18 AM

oh ... I forgot about the last step x) Here's my new Attach, DDS and ark files.


.
DDS (Ver_11-03-05.01) - NTFSx86
Run by Jan at 10:57:01,92 on ned 17.04.2011
Internet Explorer: 9.0.8112.16421
Microsoft Windows 7 Professional 6.1.7601.1.1250.386.1060.18.3263.2215 [GMT 2:00]
.
AV: ESET NOD32 Antivirus 4.0 *Enabled/Updated* {CB0F8167-5331-BA19-698E-64816B6801A5}
SP: ESET NOD32 Antivirus 4.0 *Enabled/Updated* {706E6083-750B-B597-533E-5FF310EF4B18}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\FsUsbExService.Exe
C:\Windows\system32\PnkBstrA.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Opera\opera.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Users\Jan\AppData\Local\Opera\Opera\temporary_downloads\Defogger.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Jan\AppData\Local\Opera\Opera\temporary_downloads\dds.scr
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uRun: [AutoStartNPSAgent] c:\program files\samsung\samsung new pc studio\NPSAgent.exe
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
mRun: [egui] "c:\program files\eset\eset nod32 antivirus\egui.exe" /hide /waitservice
mRun: [NPSStartup]
mRun: [PWRISOVM.EXE] c:\program files\poweriso\PWRISOVM.EXE
StartupFolder: c:\users\jan\appdata\roaming\micros~1\windows\startm~1\programs\startup\xfire.lnk - c:\program files\xfire\Xfire.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
.
============= SERVICES / DRIVERS ===============
.
R2 ekrn;ESET Service;c:\program files\eset\eset nod32 antivirus\ekrn.exe [2009-11-16 735960]
R2 epfwwfpr;epfwwfpr;c:\windows\system32\drivers\epfwwfpr.sys [2009-12-18 95896]
R2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [2011-4-8 238952]
R3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [2011-4-8 36608]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888]
S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 20992]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-4-8 52224]
S3 WatAdminSvc;Storitev tehnologije za aktiviranje sistema Windows;c:\windows\system32\wat\WatAdminSvc.exe [2011-4-7 1343400]
.
=============== Created Last 30 ================
.
2011-04-16 14:06:01 -------- d-----w- c:\progra~2\PC Tools
2011-04-15 18:56:24 -------- d-----w- c:\users\jan\appdata\local\ElevatedDiagnostics
2011-04-15 18:53:59 6792528 ----a-w- c:\progra~2\microsoft\windows defender\definition updates\{b470427e-bb80-41e2-9bd2-8ad13488494a}\mpengine.dll
2011-04-15 18:53:14 288256 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-04-14 18:00:52 -------- d-----w- c:\windows\system32\appmgmt
2011-04-14 17:05:29 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-04-14 17:05:25 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-04-14 15:45:44 -------- d-----w- c:\program files\GameHi_USA
2011-04-13 17:27:12 -------- d-----w- c:\users\jan\appdata\roaming\Malwarebytes
2011-04-13 17:27:06 -------- d-----w- c:\progra~2\Malwarebytes
2011-04-13 17:27:03 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-04-13 04:29:02 -------- d-----w- c:\users\jan\appdata\local\searchplugins
2011-04-12 16:02:26 -------- d-----w- c:\users\jan\appdata\local\PunkBuster
2011-04-12 09:42:16 -------- d-----w- C:\xigncode_.rar
2011-04-12 08:38:35 -------- d-----w- c:\users\jan\appdata\local\ESET
2011-04-11 09:54:59 62744 ----a-w- c:\windows\system32\xinput1_2.dll
2011-04-11 09:53:53 103736 ----a-w- c:\windows\system32\PnkBstrB.exe
2011-04-11 09:53:50 66872 ----a-w- c:\windows\system32\PnkBstrA.exe
2011-04-11 09:47:28 -------- d-----w- c:\program files\Activision
2011-04-11 09:13:36 -------- d-----w- C:\COD4_Install
2011-04-11 09:05:32 -------- d-----w- c:\program files\PowerISO
2011-04-10 21:16:27 -------- d-----w- c:\users\jan\appdata\roaming\Azureus
2011-04-10 21:15:30 -------- d-----w- c:\program files\Vuze
2011-04-10 20:29:28 -------- d-----w- c:\users\jan\appdata\roaming\Xfire
2011-04-10 20:29:24 -------- d-----w- c:\progra~2\Xfire
2011-04-10 20:29:23 -------- d-----w- c:\program files\Xfire
2011-04-08 16:02:41 90624 ----a-w- c:\windows\system32\nmwcdcls.dll
2011-04-08 16:02:36 21632 ----a-w- c:\windows\system32\drivers\pccsmcfd.sys
2011-04-08 16:00:02 -------- d-----w- c:\windows\system32\Samsung_USB_Drivers
2011-04-08 15:59:49 36608 ----a-w- c:\windows\system32\FsUsbExDisk.Sys
2011-04-08 15:59:49 238952 ----a-w- c:\windows\system32\FsUsbExService.Exe
2011-04-08 15:59:49 110592 ----a-w- c:\windows\system32\FsUsbExDevice.Dll
2011-04-08 15:59:20 -------- d-----w- c:\users\jan\appdata\roaming\Samsung
2011-04-08 15:57:54 -------- d-----w- c:\program files\MarkAny
2011-04-08 15:57:50 -------- d-----w- c:\program files\PC Connectivity Solution
2011-04-08 15:56:49 -------- d-----w- c:\program files\Samsung
2011-04-08 15:55:09 -------- d-----w- c:\users\jan\appdata\local\Downloaded Installations
2011-04-08 14:33:42 -------- d-----w- c:\windows\WinRAR
2011-04-08 14:29:06 -------- d-----w- c:\program files\Winrar + Power ISO
2011-04-08 13:08:04 6792528 ----a-w- c:\progra~2\microsoft\windows defender\definition updates\backup\mpengine.dll
2011-04-08 12:57:59 -------- d-----w- c:\windows\system32\SPReview
2011-04-08 12:57:35 -------- d-----w- c:\windows\system32\EventProviders
2011-04-08 12:49:59 3207680 ----a-w- c:\windows\system32\mf.dll
2011-04-08 12:48:59 712576 ----a-w- c:\windows\system32\drivers\ndis.sys
2011-04-08 12:47:59 1003008 ----a-w- c:\windows\system32\WMNetMgr.dll
2011-04-08 12:46:59 80896 ----a-w- c:\windows\system32\QUTIL.DLL
2011-04-08 12:45:43 780288 ----a-w- c:\windows\system32\wbem\wbemcore.dll
2011-04-08 12:45:43 606208 ----a-w- c:\windows\system32\wbem\fastprox.dll
2011-04-08 12:45:43 363008 ----a-w- c:\windows\system32\wbemcomn.dll
2011-04-08 12:45:43 351232 ----a-w- c:\windows\system32\wmicmiplugin.dll
2011-04-08 12:45:34 697344 ----a-w- c:\windows\system32\SmiEngine.dll
2011-04-08 12:45:29 209920 ----a-w- c:\windows\system32\PkgMgr.exe
2011-04-08 12:45:29 189952 ----a-w- c:\windows\system32\wdscore.dll
2011-04-08 12:45:07 323072 ----a-w- c:\windows\system32\drvstore.dll
2011-04-08 12:45:06 257024 ----a-w- c:\windows\system32\dpx.dll
2011-04-08 12:16:23 69715 ----a-w- c:\program files\common files\installshield\professional\runtime\11\50\intel32\ctor.dll
2011-04-08 12:16:23 32768 ----a-w- c:\program files\common files\installshield\professional\runtime\Objectps.dll
2011-04-08 12:16:23 274432 ----a-w- c:\program files\common files\installshield\professional\runtime\11\50\intel32\iscript.dll
2011-04-08 12:16:23 204800 ----a-w- c:\program files\common files\installshield\professional\runtime\11\50\intel32\iuser.dll
2011-04-08 12:16:22 757760 ----a-w- c:\program files\common files\installshield\professional\runtime\11\50\intel32\iKernel.dll
2011-04-08 12:16:22 5632 ----a-w- c:\program files\common files\installshield\professional\runtime\11\50\intel32\DotNetInstaller.exe
2011-04-08 12:16:22 200836 ----a-w- c:\program files\common files\installshield\professional\runtime\11\50\intel32\iGdi.dll
2011-04-08 12:16:21 331908 ----a-w- c:\program files\common files\installshield\professional\runtime\11\50\intel32\setup.dll
2011-04-08 11:28:58 41872 ----a-w- c:\windows\system32\xfcodec.dll
2011-04-07 17:16:29 219136 ----a-w- c:\windows\system32\d3d10_1core.dll
2011-04-07 17:16:29 161792 ----a-w- c:\windows\system32\d3d10_1.dll
2011-04-07 17:16:26 1076736 ----a-w- c:\windows\system32\DWrite.dll
2011-04-07 17:16:25 805376 ----a-w- c:\windows\system32\FntCache.dll
2011-04-07 17:16:24 739840 ----a-w- c:\windows\system32\d2d1.dll
2011-04-07 16:59:31 -------- d-----w- C:\Download
2011-04-07 16:58:06 -------- d-----w- c:\users\jan\appdata\local\Kamuse
2011-04-07 16:41:24 -------- d-----w- c:\windows\system32\Wat
2011-04-07 16:34:36 -------- d-----w- c:\users\jan\appdata\local\Opera
2011-04-07 16:13:32 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-04-07 16:12:36 -------- d-----w- c:\windows\Panther
2011-04-07 16:12:20 -------- d-----w- c:\program files\ESET
2011-04-07 16:01:44 293376 ----a-w- c:\windows\system32\browserchoice.exe
2011-04-07 16:00:15 -------- d-sh--w- c:\windows\Installer
2011-04-07 16:00:13 -------- d-----w- c:\users\jan\appdata\local\Adobe
2011-04-07 15:58:14 850944 ----a-w- c:\windows\system32\sbe.dll
2011-04-07 15:58:14 642048 ----a-w- c:\windows\system32\CPFilters.dll
2011-04-07 15:58:14 534528 ----a-w- c:\windows\system32\EncDec.dll
2011-04-07 15:58:14 199680 ----a-w- c:\windows\system32\mpg2splt.ax
2011-04-07 15:58:13 870912 ----a-w- c:\windows\system32\XpsPrint.dll
2011-04-07 15:58:08 70656 ----a-w- c:\windows\system32\fontsub.dll
2011-04-07 15:58:03 542208 ----a-w- c:\windows\system32\kerberos.dll
2011-04-07 15:53:43 728448 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2011-04-07 15:53:43 219008 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
2011-04-07 15:53:43 107520 ----a-w- c:\windows\system32\cdd.dll
2011-04-07 15:53:07 -------- d-----w- c:\windows\system32\wbem\Performance
2011-04-07 15:22:15 0 ----a-w- c:\windows\ativpsrm.bin
.
==================== Find3M ====================
.
2011-04-11 09:54:12 22328 ----a-w- c:\users\jan\appdata\roaming\PnkBstrK.sys
2011-04-08 13:06:23 152576 ----a-w- c:\windows\system32\msclmd.dll
2011-03-11 05:33:59 1164288 ----a-w- c:\windows\system32\mfc42u.dll
2011-03-11 05:33:59 1137664 ----a-w- c:\windows\system32\mfc42.dll
2011-03-08 05:28:29 741376 ----a-w- c:\windows\system32\inetcomm.dll
2011-03-03 05:38:01 132608 ----a-w- c:\windows\system32\dnsrslvr.dll
2011-03-03 05:36:16 28672 ----a-w- c:\windows\system32\dnscacheugc.exe
2011-03-03 03:42:34 2333184 ----a-w- c:\windows\system32\win32k.sys
2011-02-19 06:30:46 34304 ----a-w- c:\windows\system32\atmlib.dll
2011-02-19 04:34:54 294912 ----a-w- c:\windows\system32\atmfd.dll
2011-02-12 05:35:31 191488 ----a-w- c:\windows\system32\FXSCOVER.exe
.
============= FINISH: 10:57:40,74 ===============

Attached Files



#8 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:09:39 PM

Posted 17 April 2011 - 04:22 AM

Hi,

Your latest DDS log looks OK :)
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#9 Bumbar

Bumbar
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:08:39 PM

Posted 17 April 2011 - 05:39 AM

I'm so glad to hear that :)

#10 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:09:39 PM

Posted 21 April 2011 - 12:50 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users