Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

globalroot\device\svchost.exe trojan


  • This topic is locked This topic is locked
2 replies to this topic

#1 Davey G

Davey G

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:08:30 PM

Posted 27 July 2011 - 08:17 AM

Hello, My name is Dave and live in Long Island NY. At about 10:30 on Monday night I recieved a virus on my computer from a facebook chat message. Below are my logs. PLEASE HELP!

DDS LOG

.
DDS (Ver_2011-06-23.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by Dave at 16:15:45 on 2011-07-26
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1374 [GMT -4:00]
.
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
.
============== Running Processes ===============
.
"\\.\globalroot\Device\svchost.exe\svchost.exe"
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Google\Update\1.3.21.57\GoogleCrashHandler.exe
C:\WINDOWS\system32\ctfmon.exe
svchost.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\System32\snmp.exe
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\java.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\mqsvc.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
C:\WINDOWS\UMStor\Res.EXE
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe
C:\PROGRA~1\WI83E4~1\Datamngr\DATAMN~1.EXE
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
.
============== Pseudo HJT Report ===============
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uStart Page = hxxp://www.msn.com
uWindow Title = Internet Explorer, optimized for Bing and MSN
uDefault_Page_URL = hxxp://www.msn.com
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: jZip Toolbar: {1e48c56f-08cd-43aa-a6ef-c1ec891551ab} - c:\progra~1\wi83e4~1\datamngr\toolbar\jzipdtx.dll
BHO: UrlHelper Class: {41c4aa37-1ddd-4345-b8dc-734e4b38414d} - c:\progra~1\wi83e4~1\datamngr\IEBHO.dll
BHO: {8151A608-00FB-4D5C-8B8D-40E239E32A42} - No File
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Search Toolbar: {9d425283-d487-4337-bab6-ab8354a81457} - c:\program files\search toolbar\SearchToolbar.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\bae\BAE.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: Yontoo Layers: {fd72061e-9fde-484d-a58a-0bab4151cad8} - c:\program files\yontoo layers client\YontooIEClient.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Search Toolbar: {9d425283-d487-4337-bab6-ab8354a81457} - c:\program files\search toolbar\SearchToolbar.dll
TB: jZip Toolbar: {1e48c56f-08cd-43aa-a6ef-c1ec891551ab} - c:\progra~1\wi83e4~1\datamngr\toolbar\jzipdtx.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
TB: {DE9C389F-3316-41A7-809B-AA305ED9D922} - No File
TB: {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - No File
TB: {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - No File
TB: {7B13EC3E-999A-4B70-B9CB-2617B8323822} - No File
TB: {FD2FD708-1F6F-4B68-B141-C5778F0C19BB} - No File
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
TB: {49E47062-E81F-4758-892A-2373F9E0DB3B} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [AdobeBridge]
uRun: [googletalk] c:\documents and settings\dave\application data\google talk\googletalk.exe /autostart
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [SigmatelSysTrayApp] stsystra.exe
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\Iaanotif.exe
mRun: [DMXLauncher] c:\program files\dell\media experience\DMXLauncher.exe
mRun: [DLA] c:\windows\system32\dla\DLACTRLW.EXE
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [nmctxth] "c:\program files\common files\pure networks shared\platform\nmctxth.exe"
mRun: [USB Storage Toolbox] c:\windows\umstor\Res.EXE
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [AdobeCS4ServiceManager] "c:\program files\common files\adobe\cs4servicemanager\CS4ServiceManager.exe" -launchedbylogin
mRun: [Adobe Acrobat Speed Launcher] "c:\program files\adobe\acrobat 9.0\acrobat\Acrobat_sl.exe"
mRun: [<NO NAME>]
mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 9.0\acrobat\Acrotray.exe"
mRun: [Adobe_ID0ENQBO] c:\progra~1\common~1\adobe\adobev~1\server\bin\VERSIO~2.EXE
mRun: [DATAMNGR] c:\progra~1\wi83e4~1\datamngr\DATAMN~1.EXE
mRun: [tray_ico]
mRun: [tray_ico3]
mRun: [tray_ico4]
mRun: [892818.exe] "c:\windows\temp\892818.exe"
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpimag~1.lnk - c:\program files\hp\digital imaging\bin\hpqthb08.exe
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableSecureUIAPaths = 0 (0x0)
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_43C348BC2E93EB2B.dll/cmsidewiki.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
LSP: mswsock.dll
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/sites/production/ieawsdc32.cab
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://a1540.g.akamai.net/7/1540/52/20070501/qtinstall.info.apple.com/qtactivex/qtplugin.cab
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/C/B/F/CBF23A2C-3E55-4664-BC5C-762780D79BA0/OGAControl.cab
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://www1.snapfish.com/SnapfishActivia.cab
DPF: {48DD0448-9209-4F81-9F6D-D83562940134} - hxxp://lads.myspace.com/upload/MySpaceUploader.cab
DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} - hxxp://www.linkedin.com/cab/LinkedInContactFinderControl.cab
DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} - hxxp://upload.facebook.com/controls/FacebookPhotoUploader3.cab
DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} - hxxp://cdn.smugmug.com/photos/activex/ImageUploader5-5.5.1.0-082608.cab
DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} - hxxp://upload.facebook.com/controls/FacebookPhotoUploader.cab
DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} - hxxps://webdl.symantec.com/activex/symdlmgr.cab
DPF: {6D2EF4B4-CB62-4C0B-85F3-B79C236D702C} - hxxp://www.facebook.com/controls/contactx.dll
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1192454124539
DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} - hxxp://www.winkflash.com/photo/loaders/ImageUploader4.cab
DPF: {6F750202-1362-4815-A476-88533DE61D0C} - hxxp://www.kodakgallery.com/downloads/BUM/BUM_WIN_IE_2/axofupld.cab
DPF: {6F750203-1362-4815-A476-88533DE61D0C} - hxxp://www.kodakgallery.com/downloads/BUM/BUM_WIN_IE_2/axofupld.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} - hxxp://70.168.1.90/activex/AxisCamControl.cab
DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} - hxxp://web1.shutterfly.com/downloads/Uploader.cab
DPF: {C2B78FF1-6E5A-4854-AC24-E09A0E2411BA} - hxxp://static1.meetupstatic.com/applet/MeetUploader5.cab
DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697514} - hxxp://www.nullsoft.com/nsv/embed/nsvplayx_vp3_mp3.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} - hxxp://webcam.atomicmods.com/activex/AMC.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} - hxxp://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab
DPF: {FF1CD9A3-00CD-45C1-8182-4EEC229A182D} - hxxps://www.plaxo.com/activex/plx_upldr-2k-xp.cab
TCP: DhcpNameServer = 167.206.254.2 167.206.254.1
TCP: Interfaces\{E9ACEF16-55E9-4849-8F62-89423C24D057} : DhcpNameServer = 167.206.254.2 167.206.254.1
Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - c:\program files\common files\pure networks shared\platform\puresp3.dll
AppInit_DLLs: c:\progra~1\wi83e4~1\datamngr\datamngr.dll c:\progra~1\wi83e4~1\datamngr\IEBHO.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\wifd1f~1\MpShHook.dll
LSA: Notification Packages = :\windows\syste
mASetup: {A509B1FF-37FF-4bFF-8CFF-4F3A747040FF} - c:\windows\system32\rundll32.exe c:\windows\system32\advpack.dll,launchinfsectionex c:\program files\internet explorer\clrtour.inf,DefaultInstall.ResetTour,,12
.
============= SERVICES / DRIVERS ===============
.
R1 hwinterface;hwinterface;c:\windows\system32\drivers\hwinterface.sys [2010-8-5 3026]
R2 LinksysUpdater;Linksys Updater;c:\program files\linksys\linksys updater\bin\LinksysUpdater.exe [2008-4-18 204800]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2008-2-6 24652]
R4 MBAMProtector;MBAMProtector;\??\c:\windows\system32\drivers\mbam.sys --> c:\windows\system32\drivers\mbam.sys [?]
R4 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-7-26 366640]
S1 MpKsl08f60430;MpKsl08f60430;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{2155273c-3686-4ea5-bf69-17d4c74abcdc}\mpksl08f60430.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{2155273c-3686-4ea5-bf69-17d4c74abcdc}\MpKsl08f60430.sys [?]
S1 MpKsl4dee32f8;MpKsl4dee32f8;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{5567ccc9-eb97-45bb-94a3-b1bfa596a465}\mpksl4dee32f8.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{5567ccc9-eb97-45bb-94a3-b1bfa596a465}\MpKsl4dee32f8.sys [?]
S1 MpKsl58ca9867;MpKsl58ca9867;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{acc3cd0e-bd2e-4457-959e-493f5ffdbf56}\mpksl58ca9867.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{acc3cd0e-bd2e-4457-959e-493f5ffdbf56}\MpKsl58ca9867.sys [?]
S1 MpKsl68ab6ec6;MpKsl68ab6ec6;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{546868ed-d853-4903-bf87-efc8c68374c1}\mpksl68ab6ec6.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{546868ed-d853-4903-bf87-efc8c68374c1}\MpKsl68ab6ec6.sys [?]
S1 MpKsl8132a9e1;MpKsl8132a9e1;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{d8292fe9-8611-4bc3-84df-a69954d8195f}\mpksl8132a9e1.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{d8292fe9-8611-4bc3-84df-a69954d8195f}\MpKsl8132a9e1.sys [?]
S1 MpKsl88562844;MpKsl88562844;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{a82aae24-f4ef-429b-aa7f-cfb1abd710e4}\mpksl88562844.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{a82aae24-f4ef-429b-aa7f-cfb1abd710e4}\MpKsl88562844.sys [?]
S1 MpKsl95480a0f;MpKsl95480a0f;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{8ed6c597-514e-4949-8a9c-26183185b5cd}\mpksl95480a0f.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{8ed6c597-514e-4949-8a9c-26183185b5cd}\MpKsl95480a0f.sys [?]
S1 MpKslaaf689e9;MpKslaaf689e9;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{c0c70a4a-b0f5-4000-a9d2-fcaa4385d241}\mpkslaaf689e9.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{c0c70a4a-b0f5-4000-a9d2-fcaa4385d241}\MpKslaaf689e9.sys [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-12-24 136176]
S2 WinDefend;Windows Defender;"c:\program files\windows defender\msmpeng.exe" --> c:\program files\windows defender\MsMpEng.exe [?]
S3 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files\common files\adobe\adobe version cue cs4\server\bin\VersionCueCS4.exe [2008-8-15 284016]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-12-24 136176]
.
=============== Created Last 30 ================
.
2011-07-26 19:51:18 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-07-26 19:13:09 -------- d-----w- c:\documents and settings\dave\application data\webex
2011-07-26 18:30:47 -------- d-----w- c:\documents and settings\all users\application data\Ask
2011-07-26 18:30:34 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-07-26 18:30:34 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-07-26 16:15:32 -------- d-----w- c:\documents and settings\dave\application data\Malwarebytes
2011-07-26 15:32:06 -------- dc----w- C:\3ad70d7f321520be30456f
2011-07-26 14:07:56 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2011-07-26 13:16:08 -------- d-----w- c:\program files\ATI
2011-07-26 12:36:16 -------- d--h--w- c:\windows\update.tray-7-0-lnk
2011-07-26 12:36:16 -------- d--h--w- c:\windows\update.tray-7-0
2011-07-26 12:33:40 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-07-26 12:33:27 40112 ----a-w- c:\windows\avastSS.scr
2011-07-26 03:16:03 -------- d-----w- c:\windows\system32\wbem\repository\FS
2011-07-26 03:16:03 -------- d-----w- c:\windows\system32\wbem\Repository
2011-07-26 02:59:42 -------- dc----w- C:\ATI
2011-07-26 02:54:13 -------- d-----w- c:\windows\ufa
2011-07-26 02:54:13 -------- d-----w- c:\windows\phoenix
2011-07-26 02:53:17 -------- d--h--w- c:\windows\update.2
2011-07-26 02:51:57 -------- d--h--w- c:\windows\update.3
2011-07-26 02:51:40 -------- d--h--w- c:\windows\update.5.0
2011-07-26 02:51:37 246272 ----a-w- c:\windows\unrar.exe
2011-07-26 02:37:07 -------- d-----w- c:\windows\av_ico
2011-07-26 02:32:15 -------- dc----w- C:\dd84e7d8a32c9c0d67f41dc158ea
2011-07-26 02:20:12 -------- d--h--w- c:\windows\update.1
2011-07-26 02:20:11 -------- d--h--w- c:\windows\update.tray-15-0-lnk
2011-07-26 02:20:11 -------- d--h--w- c:\windows\update.tray-15-0
2011-07-26 02:20:10 -------- d--h--w- c:\windows\update.tray-14-0-lnk
2011-07-26 02:20:10 -------- d--h--w- c:\windows\update.tray-14-0
2011-07-13 22:57:08 -------- d-----w- c:\documents and settings\dave\AppData
2011-07-13 22:47:06 -------- d-----w- c:\documents and settings\dave\application data\jziptoolbar
2011-07-13 22:47:02 -------- d-----w- c:\documents and settings\dave\local settings\application data\jZip
2011-07-13 22:46:59 -------- d-----w- c:\program files\Windows jZip Toolbar
2011-07-13 22:46:52 -------- d-----w- c:\program files\jZip
2011-06-27 18:48:44 -------- d-----w- c:\documents and settings\dave\application data\searchquband
2011-06-27 18:48:36 -------- d-----w- c:\documents and settings\dave\local settings\application data\Ilivid Player
2011-06-27 18:47:56 -------- d-----w- c:\program files\iLivid
2011-06-27 18:47:43 -------- d-----w- c:\program files\Windows iLivid Toolbar
2011-06-27 18:47:31 -------- d-----w- c:\documents and settings\dave\local settings\application data\PackageAware
2011-06-27 18:43:21 -------- d-----w- c:\documents and settings\dave\application data\Google Talk
.
==================== Find3M ====================
.
2011-07-19 13:54:31 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-06-02 14:02:05 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-05-11 22:56:05 398760 ----a-r- c:\windows\system32\cpnprt2.cid
2011-05-02 15:31:52 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-04-29 17:25:27 151552 ----a-w- c:\windows\system32\schannel.dll
2011-04-29 16:19:43 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2009-09-02 15:51:57 5918488 ----a-w- c:\program files\jZipV1c.exe
2009-05-03 22:02:19 1606064 ----a-w- c:\program files\googletalk-setup.exe
2008-07-06 23:14:08 224264 ----a-w- c:\program files\YouTubeUploaderSetup.exe
.
============= FINISH: 16:16:35.42 ===============

Thank you in advance for any assistance you can provide

DAVEY G

Attached Files



BC AdBot (Login to Remove)

 


#2 sempai

sempai

    noypi


  • Malware Response Team
  • 5,288 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:3 stars and a sun
  • Local time:09:30 AM

Posted 02 August 2011 - 11:00 PM

Hello Davey G and welcome to BC. :)

Sorry about the delay, do you still need help?

~Semp

btn_donate_LG.gif
You can help me continue the fight against malware by making a donation, Thank you.

If I am helping you and I didn't reply within 48 hours... Please send me a private message.
Topics that are not replied within 5 days will be close. Please don't PM asking for support, post on the Forums instead.

Member of UNITE (Unified Network of Instructors and Trained Eliminators) 


#3 sempai

sempai

    noypi


  • Malware Response Team
  • 5,288 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:3 stars and a sun
  • Local time:09:30 AM

Posted 08 August 2011 - 07:39 AM

Due to the lack of feedback, this topic is now closed.In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.

~Semp

btn_donate_LG.gif
You can help me continue the fight against malware by making a donation, Thank you.

If I am helping you and I didn't reply within 48 hours... Please send me a private message.
Topics that are not replied within 5 days will be close. Please don't PM asking for support, post on the Forums instead.

Member of UNITE (Unified Network of Instructors and Trained Eliminators) 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users