Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

HELP! Outgoing threat not determined by Malwarebyte´s


  • This topic is locked This topic is locked
2 replies to this topic

#1 dreamhouse

dreamhouse

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:01:40 AM

Posted 25 June 2011 - 09:29 AM

Hi there,

My site has been attacked constantly in my shared server 1and1 and despite me cleaning the scripts from some files in the server, strong passwording all my accounts (including email ones) and spending all day yesterday hunting the cause (online antivirus scanners, running full scans from Malwarebytes, Microsoft Security Essentials and System Protect from Advanced System Optimizer), I keep getting the following message from Malwarebytes: Successfully blocked access to a potentially malicious website: 93.125.99.4 (it´s a russian IP and it varies a bit, of course) type: outgoing, port:49690 (this also varies) and process: iexplore.exe or firefox.exe (depending on what browser I use). I run Windows 7 Ultimate x64, so GMER log came blank.

Please, DO help me find the problem inside my computer, PLEASE!!!!!

.
DDS (Ver_2011-06-23.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by Clarita Maia at 10:43:51 on 2011-06-25
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.55.1033.18.4096.2111 [GMT -3:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\svchost.exe -k apphost
C:\Program Files (x86)\Advanced System Optimizer 3\ASO3DefragSrv64.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Raxco\PerfectDisk10\PDAgent.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\Explorer.EXE
C:\Windows\system32\svchost.exe -k iissvcs
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
C:\Program Files\Raxco\PerfectDisk10\PDAgentS1.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files (x86)\network-indicator\NetworkIndicator.exe
C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\DllHost.exe
C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
C:\Program Files (x86)\Internet Download Manager\IDMan.exe
C:\Program Files (x86)\Internet Download Manager\IEMonitor.exe
C:\Windows\explorer.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\Windows Live\Mail\wlmail.exe
C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
uInternet Settings,ProxyOverride = local
mSearchAssistant = hxxp://start.facemoods.com/?a=ost&s={searchTerms}&f=4
BHO: IDM integration (IDMIEHlprObj Class): {0055c089-8582-441b-a0bf-17b458c2a3a8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: RoboForm: {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
BHO: Auxiliar de Conexăo do Windows Live ID: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL
BHO: GbIehObj Class: {c41a1c0e-ea6c-11d4-b1b8-444553540000} - C:\PROGRAM FILES (X86)\GBPLUGIN\gbieh.dll
BHO: FDMIECookiesBHO Class: {cc59e0f9-7e43-44fa-9faa-8377850bf205} - C:\Program Files (x86)\Free Download Manager\iefdm2.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: &RoboForm: {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
uRun: [network indicator] C:\Program Files (x86)\network-indicator\NetworkIndicator.exe
uRun: [RoboForm] "C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRunOnce: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
StartupFolder: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop (2).ini
StartupFolder: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop (2).ini
uPolicies-explorer: NoThumbnailCache = 1 (0x1)
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: + Offline &Explorer: Download the link - file://C:\Program Files (x86)\Offline Explorer Enterprise\Add_UrlO.htm
IE: + Offline E&xplorer: Download the current page - file://C:\Program Files (x86)\Offline Explorer Enterprise\Add_AllO.htm
IE: Add to Google Photos Screensa&ver - C:\Windows\system32\GPhotos.scr/200
IE: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Barra de Ferramentas do RF - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
IE: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Download all links with IDM - C:\Program Files (x86)\Internet Download Manager\IEGetAll.htm
IE: Download all with Free Download Manager - file://C:\Program Files (x86)\Free Download Manager\dlall.htm
IE: Download FLV video content with IDM - C:\Program Files (x86)\Internet Download Manager\IEGetVL.htm
IE: Download selected with Free Download Manager - file://C:\Program Files (x86)\Free Download Manager\dlselected.htm
IE: Download video with Free Download Manager - file://C:\Program Files (x86)\Free Download Manager\dlfvideo.htm
IE: Download with Free Download Manager - file://C:\Program Files (x86)\Free Download Manager\dllink.htm
IE: Download with IDM - C:\Program Files (x86)\Internet Download Manager\IEExt.htm
IE: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~3\Office14\EXCEL.EXE/3000
IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html
IE: Personalizar Menu - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
IE: Preencher - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html
IE: Salvar Formulários - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html
IE: Se&nd to OneNote - C:\PROGRA~1\MICROS~3\Office14\ONBttnIE.dll/105
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html
IE: {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Trusted Zone: bancobrasil.com.br\www
Trusted Zone: bancobrasil.com.br\www14
Trusted Zone: bancobrasil.com.br\www2
Trusted Zone: bb.com.br\www
DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/player/DivXBrowserPlugin.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: DhcpNameServer = 8.8.8.8 8.8.4.4
TCP: Interfaces\{5865561F-6189-47D3-BA2F-282A9BD863CE} : DhcpNameServer = 8.8.8.8 8.8.4.4
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
Notify: GbPluginBb - C:\Program Files (x86)\GbPlugin\gbieh.dll
SEH: GbPluginObj Class: {e37cb5f0-51f5-4395-a808-5fa49e399f83} - C:\PROGRAM FILES (X86)\GBPLUGIN\gbieh.dll
{0055C089-8582-441B-A0BF-17B458C2A3A8}
{18DF081C-E8AD-4283-A596-FA578C2EBDC3}
{9030D464-4C02-4ABF-8ECC-5164760863C6}
{AA58ED58-01DD-4d91-8333-CF10577473F7}
{AE7CD045-E861-484f-8273-0445EE161910}
{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
{B4F3A835-0E21-4959-BA22-42B3008E02FF}
{C41A1C0E-EA6C-11D4-B1B8-444553540000}
{CC59E0F9-7E43-44FA-9FAA-8377850BF205}
{DBC80044-A445-435b-BC74-9C25C1C588A9}
{F4971EE7-DAA0-4053-9964-665D8EE6A077}
{47833539-D0C5-4125-9FA8-0819E2EAAC93}
{724d43a0-0d85-11d4-9908-00400523e39a}
{2318C2B1-4965-11d4-9B18-009027A5CD4F}
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRunOnce-x64: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
IE-X64: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html
IE-X64: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html
IE-X64: {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
SEH-X64: {E37CB5F0-51F5-4395-A808-5FA49E399F83}: GbPlugin ShlObj
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Clarita Maia\AppData\Roaming\Mozilla\Firefox\Profiles\j6dvnkqw.default\
FF - prefs.js: browser.search.selectedEngine - IMDB
FF - prefs.js: browser.startup.homepage - about:blank
FF - prefs.js: network.proxy.http - localhost
FF - prefs.js: network.proxy.http_port - 9666
FF - prefs.js: network.proxy.socks - localhost
FF - prefs.js: network.proxy.socks_port - 9050
FF - prefs.js: network.proxy.ssl - localhost
FF - prefs.js: network.proxy.ssl_port - 9666
FF - prefs.js: network.proxy.type - 0
FF - component: C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\components\SkypeFfComponent.dll
FF - component: C:\Users\Clarita Maia\AppData\Roaming\IDM\idmmzcc3\components\idmmzcc.dll
FF - component: C:\Users\Clarita Maia\AppData\Roaming\Mozilla\Firefox\Profiles\j6dvnkqw.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - component: C:\Users\Clarita Maia\AppData\Roaming\Mozilla\Firefox\Profiles\j6dvnkqw.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbar-ff3.dll
FF - component: C:\Users\Clarita Maia\AppData\Roaming\Mozilla\Firefox\Profiles\j6dvnkqw.default\extensions\{87F8774F-B485-47E2-A755-A40A8A5E886C}\components\GbMzhBb.dll
FF - plugin: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.57\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Clarita Maia\AppData\Roaming\Mozilla\Firefox\Profiles\j6dvnkqw.default\extensions\{4D144BC3-23FB-47de-90C5-63CCB0139CCF}\plugins\npww.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
============= SERVICES / DRIVERS ===============
.
R0 hotcore3;hc3ServiceName;C:\Windows\system32\DRIVERS\hotcore3.sys --> C:\Windows\system32\DRIVERS\hotcore3.sys [?]
R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
R1 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-6-6 64952]
R2 ASO3DiskOptimizer;ASO3DiskOptimizer;C:\Program Files (x86)\Advanced System Optimizer 3\ASO3DefragSrv64.exe [2011-3-5 263480]
R2 IDMWFP;IDMWFP;C:\Windows\system32\DRIVERS\idmwfp.sys --> C:\Windows\system32\DRIVERS\idmwfp.sys [?]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-6-25 366640]
R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-5-22 2218600]
R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
R3 MpNWMon;Microsoft Malware Protection Network Driver;C:\Windows\system32\DRIVERS\MpNWMon.sys --> C:\Windows\system32\DRIVERS\MpNWMon.sys [?]
R3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [2010-11-11 282616]
R3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-2-1 135664]
S3 gupdatem;Serviço do Google Update (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-2-1 135664]
S3 MEMSWEEP2;MEMSWEEP2;\??\C:\Windows\system32\A28E.tmp --> C:\Windows\system32\A28E.tmp [?]
S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-1-9 174440]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\system32\drivers\rdpvideominiport.sys --> C:\Windows\system32\drivers\rdpvideominiport.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
.
=============== Created Last 30 ================
.
2011-06-25 11:54:19 -------- d-----w- C:\Users\Clarita Maia\AppData\Local\{8674AC19-AB7C-4885-B3AD-2C3D73426736}
2011-06-25 11:47:55 -------- d-----w- C:\Users\Clarita Maia\AppData\Roaming\Malwarebytes
2011-06-25 11:46:34 39984 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
2011-06-25 11:46:33 -------- d-----w- C:\ProgramData\Malwarebytes
2011-06-25 11:46:29 25912 ----a-w- C:\Windows\System32\drivers\mbam.sys
2011-06-25 11:46:29 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2011-06-24 22:39:16 8873296 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{DA7F822F-2931-4174-BB62-16DC68F142E1}\mpengine.dll
2011-06-24 16:41:35 -------- d-----w- C:\Users\Clarita Maia\AppData\Local\{8E0286DF-986E-4651-9766-B3C3C782FC68}
2011-06-24 01:37:29 -------- d-----w- C:\Users\Clarita Maia\AppData\Roaming\TortoiseSVN
2011-06-24 01:16:37 -------- d-----w- C:\Program Files\TortoiseSVN
2011-06-24 01:16:37 -------- d-----w- C:\Program Files\Common Files\TortoiseOverlays
2011-06-23 16:22:44 -------- d-----w- C:\Users\Clarita Maia\AppData\Local\{8AB4CE45-6C1F-4633-BC24-D0DF08F22060}
2011-06-23 02:44:57 -------- d-----w- C:\Users\Clarita Maia\AppData\Local\{16DE3943-53A0-4BF0-B8E8-68CE2F1A44EE}
2011-06-15 23:16:15 1923968 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2011-06-15 23:16:14 499200 ----a-w- C:\Windows\System32\drivers\afd.sys
2011-06-15 23:16:08 289280 ----a-w- C:\Windows\System32\drivers\mrxsmb10.sys
2011-06-15 23:16:08 158208 ----a-w- C:\Windows\System32\drivers\mrxsmb.sys
2011-06-15 23:16:08 128000 ----a-w- C:\Windows\System32\drivers\mrxsmb20.sys
2011-06-15 23:11:25 3135488 ----a-w- C:\Windows\System32\win32k.sys
2011-06-15 23:11:23 197120 ----a-w- C:\Windows\System32\d3d10_1.dll
2011-06-15 23:11:23 161792 ----a-w- C:\Windows\SysWow64\d3d10_1.dll
2011-06-15 23:11:22 467456 ----a-w- C:\Windows\System32\drivers\srv.sys
2011-06-15 23:11:22 410112 ----a-w- C:\Windows\System32\drivers\srv2.sys
2011-06-15 23:11:22 168448 ----a-w- C:\Windows\System32\drivers\srvnet.sys
2011-06-15 23:06:22 861696 ----a-w- C:\Windows\System32\oleaut32.dll
2011-06-15 23:06:22 571904 ----a-w- C:\Windows\SysWow64\oleaut32.dll
2011-06-15 23:06:21 976896 ----a-w- C:\Windows\System32\inetcomm.dll
2011-06-15 23:06:21 741376 ----a-w- C:\Windows\SysWow64\inetcomm.dll
2011-06-15 20:51:54 -------- d-----w- C:\Users\Clarita Maia\AppData\Local\{5319DC61-6ABF-42D0-9D1E-C24F97B6BA49}
2011-06-15 20:50:57 -------- d-----w- C:\Users\Clarita Maia\AppData\Local\{3001CB78-0D6B-4EF4-B645-FD03DD9B0AFB}
2011-06-15 20:41:30 -------- d-----w- C:\Users\Clarita Maia\AppData\Local\{6B8D89D8-C8F9-41C2-905A-66588FA12B54}
2011-06-15 20:40:46 -------- d-----w- C:\Users\Clarita Maia\AppData\Local\{7D2D9CD0-0EFD-4D47-934A-576A5F077A20}
2011-06-15 20:39:44 -------- d-----w- C:\Users\Clarita Maia\AppData\Local\{1C817F30-7EB6-47E2-AAE0-3068FDE3340B}
2011-06-15 20:31:49 -------- d-----w- C:\Users\Clarita Maia\AppData\Local\{8C8F85C5-9873-48E9-832E-4C34A3FC760D}
2011-06-15 20:30:34 -------- d-----w- C:\Users\Clarita Maia\AppData\Local\{1D89F89E-7441-41A4-B6ED-5C9C2AACC6C3}
2011-06-15 20:29:44 -------- d-----w- C:\Users\Clarita Maia\AppData\Local\{53137FC6-4FA8-4EA7-9D03-0C01F2874FFA}
2011-06-08 10:29:24 -------- d-----w- C:\Users\Clarita Maia\AppData\Local\{D1BD08C1-BC11-4E9B-9D13-A1C05F9FB325}
2011-06-07 11:37:25 -------- d-----w- C:\Users\Clarita Maia\AppData\Local\{6B039C87-8110-459D-BB3F-934064577CB8}
2011-06-06 23:37:01 -------- d-----w- C:\Users\Clarita Maia\AppData\Local\{E6DF70DA-5348-468C-A067-07ECA822F3E0}
2011-06-06 15:55:30 183696 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\nppdf32.dll
2011-06-06 11:36:36 -------- d-----w- C:\Users\Clarita Maia\AppData\Local\{6D8CBCC8-6849-4C97-9F30-CDA0FBCF832B}
2011-06-05 22:54:36 -------- d-----w- C:\Users\Clarita Maia\AppData\Local\{3E44E35D-346E-40D3-9421-A5757CA9289B}
2011-06-05 10:54:12 -------- d-----w- C:\Users\Clarita Maia\AppData\Local\{03AC6780-F594-4C44-8BB8-3BAAC75E3BA4}
2011-06-05 01:09:41 -------- d-----w- C:\Users\Clarita Maia\recovered
2011-06-04 22:40:26 -------- d-----w- C:\Users\Clarita Maia\AppData\Local\{5748731C-7A18-4E9C-8C20-BD05626D9869}
2011-06-04 10:40:02 -------- d-----w- C:\Users\Clarita Maia\AppData\Local\{D8472D72-2400-4739-B8E0-112B14A0DAD4}
2011-06-03 22:26:49 -------- d-----w- C:\Users\Clarita Maia\AppData\Local\{2E11BF66-C253-489C-AC65-B893D2BAF295}
2011-06-03 10:26:24 -------- d-----w- C:\Users\Clarita Maia\AppData\Local\{4FF16397-9B1A-4232-93E8-20B5FA1897D0}
2011-06-02 12:09:40 -------- d-----w- C:\Users\Clarita Maia\AppData\Local\{27E095FA-DB9F-4711-AC89-693B3F8BBB6F}
2011-06-01 22:54:01 -------- d-----w- C:\Users\Clarita Maia\AppData\Local\{EEFE75E2-BFF7-48DB-AC77-3F6BC1AAAAB3}
2011-06-01 10:53:35 -------- d-----w- C:\Users\Clarita Maia\AppData\Local\{26D584BF-7AA4-47C0-A4BF-7E213A6E048B}
2011-05-31 22:53:08 -------- d-----w- C:\Users\Clarita Maia\AppData\Local\{13F8E24F-1E7D-4838-A8F2-1E9FBF64586C}
2011-05-31 17:39:27 -------- d-----w- C:\ProcAlyzer Dumps
2011-05-31 17:24:07 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy 2
2011-05-31 15:01:39 521448 ----a-w- C:\Windows\System32\deployJava1.dll
2011-05-31 10:39:41 -------- d-----w- C:\Users\Clarita Maia\AppData\Local\{4CA711DB-2670-430F-B957-44043B17DCDD}
2011-05-30 14:08:59 -------- d-----w- C:\Users\Clarita Maia\AppData\Local\{61635730-BA97-4B01-A612-A5615C41079F}
2011-05-29 23:31:23 -------- d-----w- C:\Users\Clarita Maia\AppData\Local\{6E2BE3AD-7352-47F2-8DBF-8997EE86B409}
2011-05-29 01:06:23 -------- d-----w- C:\Users\Clarita Maia\AppData\Local\{1C6B9BE4-0BDB-45F6-AE50-C5F7A10D69A1}
2011-05-28 11:01:47 -------- d-----w- C:\Users\Clarita Maia\AppData\Local\{C5FDCAEF-FBF5-4DD7-9E18-D8AFA280FE4B}
2011-05-27 22:49:40 -------- d-----w- C:\Users\Clarita Maia\AppData\Local\{B321D025-DA65-4B2E-BC79-5A210FCC1D38}
2011-05-27 10:49:28 -------- d-----w- C:\Users\Clarita Maia\AppData\Local\{5F161FD6-5BB1-4E52-BF61-2F71ADB703D4}
2011-05-26 22:49:03 -------- d-----w- C:\Users\Clarita Maia\AppData\Local\{00B6BA41-FCB1-41C7-A455-2DD30BC420D7}
.
==================== Find3M ====================
.
2011-06-23 16:22:10 404640 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2011-05-03 19:33:46 2854504 ----a-w- C:\Windows\System32\drivers\RTKVHD64.sys
2011-05-02 21:03:32 88680 ----a-w- C:\Windows\System32\RCoInst64.dll
2011-05-02 18:28:04 1004544 ----a-w- C:\Windows\System32\RCoRes64.dat
2011-04-23 01:29:25 2303488 ----a-w- C:\Windows\System32\jscript9.dll
2011-04-23 01:19:19 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2011-04-22 23:35:56 1797632 ----a-w- C:\Windows\SysWow64\jscript9.dll
2011-04-22 23:25:54 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2011-04-22 22:15:29 27520 ----a-w- C:\Windows\System32\drivers\Diskdump.sys
2011-04-20 17:34:30 3049064 ----a-w- C:\Windows\System32\RtkAPO64.dll
2011-04-20 17:34:30 2393192 ----a-w- C:\Windows\System32\RtPgEx64.dll
2011-04-18 21:50:00 2601816 ----a-w- C:\Windows\System32\WavesGUILib.dll
2011-04-18 21:50:00 2238296 ----a-w- C:\Windows\System32\MaxxAudioRealtek.dll
2011-04-15 19:00:36 53248 ----a-w- C:\Windows\SysWow64\CSVer.dll
2011-04-13 22:40:10 4284416 ----a-w- C:\Windows\SysWow64\GPhotos.scr
2011-04-09 07:02:55 5562240 ----a-w- C:\Windows\System32\ntoskrnl.exe
2011-04-09 06:58:56 142336 ----a-w- C:\Windows\System32\poqexec.exe
2011-04-09 06:02:25 3967872 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2011-04-09 06:02:25 3912576 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2011-04-09 05:56:38 123904 ----a-w- C:\Windows\SysWow64\poqexec.exe
2011-04-08 02:19:16 2582120 ----a-w- C:\Windows\System32\nvsvcr.dll
2011-04-08 02:19:16 117864 ----a-w- C:\Windows\System32\nvmctray.dll
2011-04-08 02:19:16 1012328 ----a-w- C:\Windows\System32\nvvsvc.exe
2011-04-08 02:19:14 797288 ----a-w- C:\Windows\System32\easyUpdatusAPIU64.dll
2011-04-08 02:19:06 6338152 ----a-w- C:\Windows\System32\nvcpl.dll
2011-04-08 02:18:42 3041384 ----a-w- C:\Windows\System32\nvsvc64.dll
2011-03-28 17:46:40 146568 ----a-w- C:\Windows\System32\drivers\idmwfp.sys
.
============= FINISH: 10:44:40,06 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 dreamhouse

dreamhouse
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:01:40 AM

Posted 28 June 2011 - 11:51 AM

I am sorry but I unknowngly posted in other forum for the same problem. I got an answer yesterday (http://forums.malwarebytes.org/index.php?showtopic=88055&st=0&p=446409&fromsearch=1&#entry446409)...so I guess this disqualifies me from your help, which I most looked forward to. He has not answered my answer to his post since yesterday....if I get no answers from him at Malwarebytes forum, may I count on you? Thank you so much for your great and generous work and again I´m very sorry for not having thought well before posting at different forums. And of course this is a necessary bump.

Edited by dreamhouse, 28 June 2011 - 11:53 AM.


#3 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,573 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:40 PM

Posted 28 June 2011 - 05:01 PM

I will close this topic but if you get no more help at the other forum send me a personal message (or contact one of the other Moderators) and we will re-open this topic for you.
The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users