Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with - Email-Worm:MSIL/Agent.MXK


  • This topic is locked This topic is locked
7 replies to this topic

#1 EGJason

EGJason

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:01:46 PM

Posted 28 August 2011 - 09:49 PM

--DDS LOG--
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_27
Run by Jason at 21:44:11 on 2011-08-28
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3070.1498 [GMT -5:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\PnkBstrA.exe
C:\Windows\system32\PnkBstrB.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Everything\Everything.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\HP\HP Color LaserJet CM1312 MFP Series\hppfaxprintersrv.exe
C:\Program Files\Zune\ZuneLauncher.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
G:\Steam\Steam.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\DAEMON Tools Lite\DTLite.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Users\Jason\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files\Stardock\Impulse\Now\ImpulseNow.exe
C:\Program Files\ageye\VLC play! Server\VLCplayServer.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Mozilla Firefox 4.0 Beta 11\firefox.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
C:\Program Files\Mozilla Firefox 4.0 Beta 11\plugin-container.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Zune\zune.exe
C:\Program Files\Zune\WMZuneComm.exe
C:\Program Files\Zune\ZuneWlanCfgSvc.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.ask.com?o=102806&l=dis&gct=hp
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - c:\program files\divx\divx plus web player\npdivx32.dll
BHO: DivX HiQ: {593ddec6-7468-4cdd-90e1-42dadaa222e9} - c:\program files\divx\divx plus web player\npdivx32.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\mif5ba~1\office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: DAEMON Tools Toolbar: {32099aac-c132-4136-9e9a-4e364a424e17} - c:\program files\daemon tools toolbar\DTToolbar.dll
uRun: [Steam] "g:\steam\steam.exe" -silent
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\DTLite.exe" -autorun
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
mRun: [Everything] "c:\program files\everything\Everything.exe" -startup
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [itype] "c:\program files\microsoft intellitype pro\itype.exe"
mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"
mRun: [LifeCam] "c:\program files\microsoft lifecam\LifeExp.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 10.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [HP Color LaserJet CM1312 MFP Series Fax] c:\program files\hp\hp color laserjet cm1312 mfp series\hppfaxprintersrv.exe "HP Color LaserJet CM1312 MFP Series Fax"
mRun: [<NO NAME>]
mRun: [HPUsageTracking] "c:\program files\hp\hp ut\bin\hppusg.exe" "c:\program files\hp\hp ut\"
mRun: [Windows Phone Device Manager] %SystemRoot%\WPDeviceManager\WPDeviceManager.exe /Minimized
mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe"
mRun: [SwitchBoard] c:\program files\common files\adobe\switchboard\SwitchBoard.exe
mRun: [AdobeCS5.5ServiceManager] "c:\program files\common files\adobe\cs5.5servicemanager\CS5.5ServiceManager.exe" -launchedbylogin
mRun: [Zune Launcher] "c:\program files\zune\ZuneLauncher.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
StartupFolder: c:\users\jason\appdata\roaming\micros~1\windows\startm~1\programs\startup\dropbox.lnk - c:\users\jason\appdata\roaming\dropbox\bin\Dropbox.exe
StartupFolder: c:\users\jason\appdata\roaming\micros~1\windows\startm~1\programs\startup\impuls~1.lnk - c:\program files\stardock\impulse\now\ImpulseNow.exe
StartupFolder: c:\users\jason\appdata\roaming\micros~1\windows\startm~1\programs\startup\vlcpla~1.lnk - c:\program files\ageye\vlc play! server\VLCplayServer.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
uPolicies-explorer: NoViewOnDrive = 4 (0x4)
uPolicies-explorer: DisallowRun = 1 (0x1)
uPolicies-explorer: NoClose = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\mif5ba~1\office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\mif5ba~1\office14\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Trusted Zone: kuaiche.com\software
DPF: {140E4DF8-9E14-4A34-9577-C77561ED7883} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_client_4.4.21.0.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
DPF: {E6F480FC-BD44-4CBA-B74A-89AF7842937D} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.4.26.0.cab
TCP: DhcpNameServer = 192.168.7.254 134.56.112.12
TCP: Interfaces\{0C5E0165-1ED7-4B6B-BCE2-3CA76251486C} : DhcpNameServer = 192.168.7.254 134.56.112.12
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\jason\appdata\roaming\mozilla\firefox\profiles\cq3eyb81.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.soldiersofdesolation.com/mainframe
FF - plugin: c:\progra~1\mif5ba~1\office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\mif5ba~1\office14\NPSPWRAP.DLL
FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\google\update\1.3.21.65\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60531.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox 4.0 beta 11\plugins\npdeployJava1.dll
FF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dv.dll
FF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dvstreaming.dll
FF - plugin: c:\users\jason\appdata\local\huludesktop\instances\0.9.14.1\nphdplg.dll
.
============= SERVICES / DRIVERS ===============
.
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [2011-3-11 218688]
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-10-24 165648]
R1 MpKsl285932ad;MpKsl285932ad;c:\programdata\microsoft\microsoft antimalware\definition updates\{76ad9915-cacf-48d3-8b8b-c31f2c8392e0}\MpKsl285932ad.sys [2011-8-28 28752]
R1 MpKsl58e50174;MpKsl58e50174;c:\programdata\microsoft\microsoft antimalware\definition updates\{76ad9915-cacf-48d3-8b8b-c31f2c8392e0}\MpKsl58e50174.sys [2011-8-28 28752]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2011-8-11 116608]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-3-23 363344]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\nvidia corporation\nvidia updatus\daemonu.exe [2011-8-2 2255464]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\nvidia corporation\3d vision\nvSCPAPISvr.exe [2011-8-3 379496]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-3-23 20952]
R3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;c:\windows\system32\drivers\nx6000.sys [2010-5-20 30576]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2010-10-24 65024]
R3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\antimalware\NisSrv.exe [2011-4-27 208944]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2011-6-14 139368]
R3 VST_DPV;VST_DPV;c:\windows\system32\drivers\VSTDPV3.SYS [2009-7-13 980992]
R3 VSTHWBS2;VSTHWBS2;c:\windows\system32\drivers\VSTBS23.SYS [2009-7-13 266752]
R3 WMZuneComm;Zune Windows Mobile Connectivity Service;c:\program files\zune\WMZuneComm.exe [2011-5-23 268528]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-3-28 136176]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;g:\steam\steamapps\common\dragon age ultimate edition\bin_ship\DAUpdaterSvc.Service.exe [2011-7-4 25832]
S3 Desura Install Service;Desura Install Service;c:\program files\common files\desura\desura_service.exe [2011-4-3 128832]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-3-28 136176]
S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\drivers\MpNWMon.sys [2010-10-24 43392]
S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
S3 RTCore32;RTCore32;c:\program files\evga precision\RTCore32.sys [2005-5-25 4608]
S3 SwitchBoard;Adobe SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2011-2-21 1343400]
S3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\drivers\WSDPrint.sys [2009-7-13 17920]
.
=============== Created Last 30 ================
.
2011-08-28 21:19:08 28752 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{76ad9915-cacf-48d3-8b8b-c31f2c8392e0}\MpKsl285932ad.sys
2011-08-28 06:33:58 28752 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{76ad9915-cacf-48d3-8b8b-c31f2c8392e0}\MpKsl58e50174.sys
2011-08-28 06:33:33 7152464 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{76ad9915-cacf-48d3-8b8b-c31f2c8392e0}\mpengine.dll
2011-08-28 05:10:50 -------- d-sh--w- c:\programdata\SecuROM
2011-08-26 19:25:01 -------- d-----w- c:\users\jason\appdata\roaming\SUPERAntiSpyware.com
2011-08-26 18:50:27 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2011-08-26 18:50:27 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-08-26 03:17:49 -------- d-----w- c:\users\jason\appdata\roaming\Origin
2011-08-26 03:17:14 -------- d-----w- c:\users\jason\appdata\local\Origin
2011-08-26 03:16:59 -------- d-----w- c:\programdata\Origin
2011-08-26 03:16:59 -------- d-----w- c:\program files\Origin Games
2011-08-26 03:16:30 -------- d-----w- c:\program files\Origin
2011-08-24 09:51:19 2048 ----a-w- c:\windows\system32\tzres.dll
2011-08-23 08:01:08 7152464 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\updates\mpengine.dll
2011-08-18 16:28:43 2434856 ----a-w- c:\windows\system32\pbsvc_bc2.exe
2011-08-12 23:45:29 -------- d-----w- c:\users\jason\appdata\roaming\Tropico 3
2011-08-12 01:14:01 439632 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\{668968fc-444f-424d-8abb-301af54f9c96}\gapaengine.dll
2011-08-11 02:25:34 57960 ----a-w- c:\windows\system32\OpenCL.dll
2011-08-11 02:25:33 5404776 ----a-w- c:\windows\system32\nvcuda.dll
2011-08-11 02:25:33 2391656 ----a-w- c:\windows\system32\nvcuvid.dll
2011-08-11 02:25:33 2090088 ----a-w- c:\windows\system32\nvcuvenc.dll
2011-08-11 02:25:33 17193576 ----a-w- c:\windows\system32\nvcompiler.dll
2011-08-11 02:25:33 16595560 ----a-w- c:\windows\system32\nvoglv32.dll
2011-08-11 02:25:33 10304104 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2011-08-08 05:42:57 -------- d-----w- c:\users\jason\appdata\roaming\BITS
2011-08-08 05:42:56 -------- d-----w- c:\users\jason\appdata\roaming\FlashGet
2011-08-08 05:42:44 -------- d-----w- c:\users\jason\appdata\roaming\FlashGetBHO
2011-08-08 05:42:42 -------- d-----w- c:\program files\FlashGet Network
2011-08-03 08:31:54 311912 ----a-w- c:\windows\system32\nvStreaming.exe
2011-08-02 05:51:07 875112 ----a-w- c:\windows\system32\nvgenco32.dll
2011-08-02 05:51:06 914024 ----a-w- c:\windows\system32\nvdispco32.dll
2011-08-02 05:40:23 -------- d-----w- C:\NVIDIA
.
==================== Find3M ====================
.
2011-08-18 16:29:27 138056 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2011-08-18 16:29:27 138056 ----a-w- c:\users\jason\appdata\roaming\PnkBstrK.sys
2011-08-18 16:29:07 189248 ----a-w- c:\windows\system32\PnkBstrB.exe
2011-08-18 16:28:57 189248 ----a-w- c:\windows\system32\PnkBstrB.ex0
2011-08-03 11:50:00 66664 ----a-w- c:\windows\system32\nvshext.dll
2011-08-03 11:50:00 6613096 ----a-w- c:\windows\system32\nvwgf2um.dll
2011-08-03 11:50:00 600680 ----a-w- c:\windows\system32\easyupdatusapiu.dll
2011-08-03 11:50:00 599144 ----a-w- c:\windows\system32\nvvsvc.exe
2011-08-03 11:50:00 3730024 ----a-w- c:\windows\system32\nvcpl.dll
2011-08-03 11:50:00 2558568 ----a-w- c:\windows\system32\nvsvc.dll
2011-08-03 11:50:00 2412136 ----a-w- c:\windows\system32\nvapi.dll
2011-08-03 11:50:00 12636776 ----a-w- c:\windows\system32\nvd3dum.dll
2011-08-03 11:50:00 111208 ----a-w- c:\windows\system32\nvmctray.dll
2011-08-03 04:21:37 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-07-22 02:54:43 1797632 ----a-w- c:\windows\system32\jscript9.dll
2011-07-22 02:48:26 1126912 ----a-w- c:\windows\system32\wininet.dll
2011-07-22 02:44:36 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2011-07-19 10:05:24 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-07-16 04:37:32 169984 ----a-w- c:\windows\system32\winsrv.dll
2011-07-16 04:34:28 290816 ----a-w- c:\windows\system32\KernelBase.dll
2011-07-16 04:31:12 271360 ----a-w- c:\windows\system32\conhost.exe
2011-07-16 02:21:47 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2011-07-16 02:21:47 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2011-07-16 02:21:47 3584 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2011-07-16 02:21:47 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2011-07-09 02:26:10 222720 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-06-23 04:38:05 3957120 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-06-23 04:38:04 3902336 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-06-21 05:39:53 1286016 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-06-15 09:04:46 86016 ----a-w- c:\windows\system32\odbccu32.dll
2011-06-15 09:04:46 81920 ----a-w- c:\windows\system32\odbccr32.dll
2011-06-15 09:04:46 319488 ----a-w- c:\windows\system32\odbcjt32.dll
2011-06-15 09:04:46 163840 ----a-w- c:\windows\system32\odbctrac.dll
2011-06-15 09:04:46 122880 ----a-w- c:\windows\system32\odbccp32.dll
2011-06-11 02:37:19 2332672 ----a-w- c:\windows\system32\win32k.sys
2011-06-09 16:14:28 230248 ----a-w- c:\windows\system32\drivers\VMM.sys
2011-06-07 04:51:49 444952 ----a-w- c:\windows\system32\wrap_oal.dll
2011-06-07 04:51:49 109080 ----a-w- c:\windows\system32\OpenAL32.dll
.
============= FINISH: 21:45:21.98 ===============


GMER - Would slow my Computer to a crawl, then crash about 10 minutes in. So, I really don't have a GMER log.

Thanks,
EGJason

BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 39,215 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:46 PM

Posted 02 September 2011 - 07:08 PM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

Please download ComboFix from any of the links below, and save it to your desktop. For information regarding this download, please visit this web page: http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Link 1
Link 2


* IMPORTANT !!! Save ComboFix.exe to your Desktop

IMPORTANT....

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Do not install any other programs until this if fixed.


How to : Disable Anti-virus and Firewall...
http://www.bleepingcomputer.com/forums/topic114351.html

Double click on ComboFix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt
Note:
Do not mouse click ComboFix's window while it's running. That may cause it to stall


Note: If you have difficulty properly disabling your protective programs, refer to this link --> http://www.bleepingcomputer.com/forums/topic114351.html

Please let me know what problem persists.

#3 EGJason

EGJason
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:01:46 PM

Posted 14 September 2011 - 02:15 PM

Sorry about the delay, I have been quite busy.

ComboFix has seemed to alleviate access issues. Additionally, I received an e-mail from Impulse about me purchasing Dead Island (Which I didn't) it said purchase method was Paypal but, upon checking both Paypal and my Bank, no transaction was reported. But, the game still showed up in my Impulse Account.


Thanks,
EGJason

Attached Files


Edited by EGJason, 14 September 2011 - 11:01 PM.


#4 nasdaq

nasdaq

  • Malware Response Team
  • 39,215 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:46 PM

Posted 15 September 2011 - 07:39 AM

no transaction was reported. But, the game still showed up in my Impulse Account.


Delete this folder in bold.

c:\programdata\Dead Island

Any other issues with your Impulse Account should be taken with them.

Other wise you ComboFix is clean.

===

Third party programs if not up to date can be the cause infiltration of an infection.

Please run this security check for my review.

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
===

#5 EGJason

EGJason
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:01:46 PM

Posted 15 September 2011 - 09:23 AM

Done. What was that whole Dead Island folder about?

Anyway, that's good that ComboFix is showing up clean.

EGJason

Attached Files



#6 nasdaq

nasdaq

  • Malware Response Team
  • 39,215 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:46 PM

Posted 15 September 2011 - 10:08 AM

What was that whole Dead Island folder about?

If you do not know I surely do not know.

The program may have been installed without your knowledge when you installed some other program.
===


Get the latest version of the Adobe Reader.
http://get.adobe.com/reader/
Before your download I suggest you unckeck the box on the top right "Include in your download" this is not required. While the installation is in progress you can also deny the installation of any other programs that may be suggested.

When installed remove your old version of the Reader using the Add/Remove Programs applet if present.

===

An important vulnerability has been identified in Adobe Flash Player 10.3.181.16 and earlier versions for Windows, Macintosh, Linux and Solaris, and Adobe Flash Player 10.3.185.22 and earlier versions for Android.Adobe recommends... update to Adobe Flash Player 10.3.181.22

Direct download current version - executable Flash Player installer... to your Desktop, then double-click to install.

Download for Internet Explorer

Download for Firefox and other browsers
<<<>>>

Time for some housekeeping

The following will implement some cleanup procedures as well as reset System Restore points:

Click Start > Run and copy/paste the following bold text into the Run box and click OK:

ComboFix /Uninstall
===

Delete the other tools used to clean this computer.

Surf Safely, and Think Prevention!
===

#7 EGJason

EGJason
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:01:46 PM

Posted 15 September 2011 - 10:57 PM

Alright. Thanks for all your help Nasdaq!

EGJason

#8 nasdaq

nasdaq

  • Malware Response Team
  • 39,215 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:46 PM

Posted 22 September 2011 - 07:35 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users