Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Virus infected my system...


  • This topic is locked This topic is locked
2 replies to this topic

#1 ultra1437

ultra1437

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:11:14 PM

Posted 27 September 2011 - 08:06 PM

So, after getting this virus two days ago, wiping my computer last night, and reloading windows, i've got it again.

This virus is, according to my antivirus, the trojan: "win32:inject-do" virus.

I have currently running: firefox, HBCD (Hiren's Boot CD), Process Explorer, and Hijack This.

----
Hijack this log:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 8:40:04 PM, on 9/27/2011
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v8.00 (8.00.7601.17514)
Boot mode: Normal

Running processes:
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
F:\Program Files (x86)\Impulse\Now\ImpulseNow.exe
C:\Windows\syswow64\MsiExec.exe
D:\HBCD\HBCDMenu.exe
C:\Windows\SysWOW64\cmd.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Users\David\AppData\Local\Temp\HBCD\HijackThis.exe
C:\Windows\SysWOW64\DllHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [ATICustomerCare] "C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe"
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Steam] "F:\Program Files (x86)\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [RESTART_STICKY_NOTES] C:\Windows\system32\StikyNot.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - S-1-5-21-2602215588-2934359965-2317459712-1000 Startup: Impulse Now.lnk = F:\Program Files (x86)\Impulse\Now\ImpulseNow.exe (User 'ultra1437')
O4 - S-1-5-21-2602215588-2934359965-2317459712-1000 User Startup: Impulse Now.lnk = F:\Program Files (x86)\Impulse\Now\ImpulseNow.exe (User 'ultra1437')
O4 - Startup: Impulse Now.lnk = F:\Program Files (x86)\Impulse\Now\ImpulseNow.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O12 - Plugin for .spop: C:\Program Files (x86)\Internet Explorer\Plugins\NPDocBox.dll
O17 - HKLM\System\CS2\Services\Tcpip\..\{0D2DF183-1358-4162-83CE-8F55EDF21B8B}: NameServer = 156.154.70.22,156.154.71.22
O20 - AppInit_DLLs: C:\Windows\SysWOW64\guard32.dll
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: AMD FUEL Service - Advanced Micro Devices, Inc. - C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
O23 - Service: AMD Reservation Manager - Advanced Micro Devices - C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 7007 bytes

---

Personally, after fighting this virus, i can tell this: initially programs will start normally, after two/three (still unsure) attempts, the virus then only allows windows to allocate between 110kb and 150kb of RAM to the program, a process explorer restart (right click process, restart process) will bypass this problem and let the program restart. Avast has found and 'eliminated' the virus so far, but from my previous attempt to fix it, restarting my comp is a bad idea, since it will not allow fences.exe (http://www.stardock.com/products/fences/) to start, nor will it allow process explorer, avast!, or anything other than task manager, cmd, and notepad to start. I believe the virus is residing in my windows/system32 folder, but am unsure how to clean it. It's also in my explorer.exe file, and i've killed that process for now.

Any help eliminating this virus would be appreciated.

Thanks,

ultra1437

P.S. I am currently on the affected computer, but firefox seems okay at the moment, will not attach uploads due to possible infection.


edit- operating system is Win7 Pro x64.

NEW INFO just in- The virus 'suspends' or pauses the programs, mid launch, restarting them via process explorer, or just resuming them, achieves the same effect.

---

DDS logs-

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7601.17514
Run by David at 21:10:52 on 2011-09-27
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.6143.4474 [GMT -4:00]
.
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: COMODO Defense+ *Enabled/Updated* {CE351521-78FA-2048-BB22-B68A4A5CA7EC}
FW: COMODO Firewall *Enabled* {4D6F75E0-14AF-2E9E-AACD-24CDCF08AA2A}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe
C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Core Temp\Core Temp.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\StikyNot.exe
F:\Program Files (x86)\Impulse\Now\ImpulseNow.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Users\David\Downloads\ProcessExplorer\procexp64.exe
C:\Windows\syswow64\MsiExec.exe
D:\HBCD\HBCDMenu.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Users\David\AppData\Local\Temp\HBCD\HijackThis.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\explorer.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
mWinlogon: Userinit=userinit.exe
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - C:\Program Files (x86)\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [Steam] "F:\Program Files (x86)\Steam\Steam.exe" -silent
uRun: [RESTART_STICKY_NOTES] C:\Windows\system32\StikyNot.exe
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [ATICustomerCare] "C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe"
mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
StartupFolder: C:\Users\David\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\IMPULS~1.LNK - F:\Program Files (x86)\Impulse\Now\ImpulseNow.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{0D2DF183-1358-4162-83CE-8F55EDF21B8B} : DhcpNameServer = 192.168.1.254
AppInit_DLLs: C:\Windows\SysWOW64\guard32.dll
BHO-X64: AcroIEHlprObj Class: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
BHO-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
TB-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [ATICustomerCare] "C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe"
mRun-x64: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
AppInit_DLLs-X64: C:\Windows\SysWOW64\guard32.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\gi74wgaw.default\
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
============= SERVICES / DRIVERS ===============
.
R1 aswSnx;aswSnx;C:\Windows\system32\drivers\aswSnx.sys --> C:\Windows\system32\drivers\aswSnx.sys [?]
R1 aswSP;aswSP;C:\Windows\system32\drivers\aswSP.sys --> C:\Windows\system32\drivers\aswSP.sys [?]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;C:\Windows\system32\DRIVERS\cmdguard.sys --> C:\Windows\system32\DRIVERS\cmdguard.sys [?]
R1 cmdHlp;COMODO Internet Security Helper Driver;C:\Windows\system32\DRIVERS\cmdhlp.sys --> C:\Windows\system32\DRIVERS\cmdhlp.sys [?]
R2 aswFsBlk;aswFsBlk;C:\Windows\system32\drivers\aswFsBlk.sys --> C:\Windows\system32\drivers\aswFsBlk.sys [?]
R2 aswMonFlt;aswMonFlt;\??\C:\Windows\system32\drivers\aswMonFlt.sys --> C:\Windows\system32\drivers\aswMonFlt.sys [?]
R3 amdiox64;AMD IO Driver;C:\Windows\system32\DRIVERS\amdiox64.sys --> C:\Windows\system32\DRIVERS\amdiox64.sys [?]
R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;C:\Windows\system32\drivers\AtihdW76.sys --> C:\Windows\system32\drivers\AtihdW76.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
R3 usbfilter;AMD USB Filter Driver;C:\Windows\system32\DRIVERS\usbfilter.sys --> C:\Windows\system32\DRIVERS\usbfilter.sys [?]
RUnknown DwProt;DwProt; [x]
S3 dmvsc;dmvsc;C:\Windows\system32\drivers\dmvsc.sys --> C:\Windows\system32\drivers\dmvsc.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]
.
=============== Created Last 30 ================
.
2011-09-27 23:34:37 -------- d-----w- C:\Users\David\DoctorWeb
2011-09-27 22:16:01 9049936 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{ABE5BCAC-A149-4349-8018-CF3267EF3B38}\mpengine.dll
2011-09-27 22:16:01 69000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{ABE5BCAC-A149-4349-8018-CF3267EF3B38}\offreg.dll
2011-09-27 18:35:29 -------- d-----w- C:\Users\David\AppData\Roaming\Need for Speed World
2011-09-27 15:42:54 159080 ----a-w- C:\ProgramData\Microsoft\Windows\Sqm\Manifest\Sqm10138.bin
2011-09-27 15:34:36 -------- d-----w- C:\Users\David\AppData\Local\Electronic_Arts_Inc
2011-09-27 15:23:29 9049936 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2011-09-27 02:09:23 78680 ----a-w- C:\Windows\System32\XAPOFX1_4.dll
2011-09-27 02:08:58 68104 ----a-w- C:\Windows\System32\XAPOFX1_0.dll
2011-09-27 02:07:27 81768 ----a-w- C:\Windows\SysWow64\xinput1_3.dll
2011-09-27 02:07:27 517448 ----a-w- C:\Windows\SysWow64\XAudio2_4.dll
2011-09-27 02:07:27 235352 ----a-w- C:\Windows\SysWow64\xactengine3_4.dll
2011-09-27 02:07:27 22360 ----a-w- C:\Windows\SysWow64\X3DAudio1_6.dll
2011-09-27 02:07:26 3495784 ----a-w- C:\Windows\SysWow64\d3dx9_33.dll
2011-09-27 02:07:08 -------- d-----w- C:\Program Files (x86)\Microsoft XNA
2011-09-27 00:23:38 1892184 ----a-w- C:\Windows\SysWow64\D3DX9_42.dll
2011-09-27 00:23:37 2414360 ----a-w- C:\Windows\SysWow64\d3dx9_31.dll
2011-09-27 00:23:02 -------- d-----w- C:\Program Files (x86)\Winamp Detect
2011-09-27 00:22:51 -------- d-----w- C:\Program Files (x86)\Common Files\PX Storage Engine
2011-09-27 00:00:36 -------- d-----w- C:\Program Files (x86)\Common Files\Stardock
2011-09-27 00:00:33 -------- d-----w- C:\Program Files (x86)\Stardock
2011-09-26 23:54:57 -------- d-----w- C:\Users\David\AppData\Roaming\Stardock
2011-09-26 23:54:42 -------- d-----w- C:\ProgramData\Gibraltar
2011-09-26 23:54:32 -------- d-----w- C:\ProgramData\Stardock
2011-09-26 23:54:19 -------- dc-h--w- C:\ProgramData\{F17D9C21-2BB9-4DE6-A952-721D90A7029A}
2011-09-26 23:53:11 -------- d-----w- C:\Users\David\AppData\Local\{F17D9C21-2BB9-4DE6-A952-721D90A7029A}
2011-09-26 23:52:51 -------- d-----w- C:\Users\David\AppData\Local\PackageAware
2011-09-26 23:52:27 -------- d-----w- C:\Program Files (x86)\Common Files\Steam
2011-09-26 23:47:04 -------- d-----w- C:\Windows\PCHEALTH
2011-09-26 23:44:37 -------- d-----w- C:\Program Files (x86)\Microsoft Visual Studio 8
2011-09-26 23:42:47 -------- d-----w- C:\Users\David\AppData\Roaming\TS3Client
2011-09-26 23:31:52 -------- d-----w- C:\Users\David\Backgrounds
2011-09-26 23:26:23 -------- d--h--w- C:\VritualRoot
2011-09-26 23:13:27 -------- d-----w- C:\Program Files\TeamSpeak 3 Client
2011-09-26 23:13:16 404640 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2011-09-26 23:04:17 -------- d-----w- C:\Program Files\COMODO
2011-09-26 23:03:25 -------- d-----w- C:\ProgramData\Comodo
2011-09-26 23:02:48 -------- d-----w- C:\ProgramData\Comodo Downloader
2011-09-26 22:53:45 601944 ----a-w- C:\Windows\System32\drivers\aswSnx.sys
2011-09-26 22:53:43 65368 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
2011-09-26 22:53:03 41184 ----a-w- C:\Windows\avastSS.scr
2011-09-26 22:52:56 -------- d-----w- C:\ProgramData\AVAST Software
2011-09-26 22:52:56 -------- d-----w- C:\Program Files\AVAST Software
2011-09-26 22:42:18 -------- d-----w- C:\Program Files\Core Temp
2011-09-26 22:41:46 34872 ----a-w- C:\Windows\System32\drivers\usbfilter.sys
2011-09-26 22:41:46 -------- d-----w- C:\Program Files (x86)\AMD
2011-09-26 22:40:00 16440 ----a-w- C:\Windows\System32\drivers\AtiPcie.sys
2011-09-26 22:35:30 1284712 ----a-w- C:\Windows\RtlExUpd.dll
2011-09-26 22:35:30 -------- d--h--w- C:\Program Files (x86)\Temp
2011-09-26 22:35:28 65024 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\ISBEW64.exe
2011-09-26 22:35:28 32768 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\Objectps.dll
2011-09-26 22:35:27 757760 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iKernel.dll
2011-09-26 22:35:27 69715 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\ctor.dll
2011-09-26 22:35:27 5632 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\DotNetInstaller.exe
2011-09-26 22:35:27 274432 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iscript.dll
2011-09-26 22:35:27 204800 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iuser.dll
2011-09-26 22:35:25 331908 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\setup.dll
2011-09-26 22:35:25 200836 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iGdi.dll
2011-09-26 22:33:03 74272 ----a-w- C:\Windows\System32\RtNicProp64.dll
2011-09-26 22:33:03 346144 ----a-w- C:\Windows\System32\drivers\Rt64win7.sys
2011-09-26 22:33:03 107552 ----a-w- C:\Windows\System32\RTNUninst64.dll
2011-09-26 22:33:00 -------- d-----w- C:\Program Files (x86)\Realtek
2011-09-26 22:21:38 -------- d-----w- C:\Users\David\AppData\Local\Diagnostics
2011-09-26 22:20:44 103344 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\nppdf32.dll
2011-09-26 22:20:43 270336 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\NPDocBox.dll
2011-09-26 22:20:43 103344 ------w- C:\Program Files (x86)\Internet Explorer\Plugins\nppdf32.dll
2011-09-26 22:20:43 -------- d-----w- C:\Windows\SysWow64\Adobe
2011-09-26 22:20:43 -------- d-----w- C:\Windows\Profiles
2011-09-26 22:20:40 306688 ----a-w- C:\Windows\IsUninst.exe
2011-09-26 22:17:16 -------- d-----w- C:\Users\David\AppData\Local\Mozilla
2011-09-26 22:11:20 38224 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
2011-09-26 22:11:20 -------- d-----w- C:\ProgramData\Malwarebytes
2011-09-26 22:11:17 24152 ----a-w- C:\Windows\System32\drivers\mbam.sys
2011-09-26 22:11:17 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2011-09-26 22:10:52 -------- d-----w- C:\ProgramData\DivX
2011-09-26 21:59:09 -------- d-----w- C:\Users\David\AppData\Local\AMD
2011-09-26 21:43:07 -------- d-----w- C:\Program Files\Common Files\ATI Technologies
2011-09-26 21:43:07 -------- d-----w- C:\Program Files (x86)\Common Files\ATI Technologies
2011-09-26 21:43:02 -------- d-----w- C:\Program Files (x86)\ATI Stream
2011-09-26 21:43:00 -------- d-----w- C:\Program Files (x86)\ATI
2011-09-26 21:42:48 -------- d-----w- C:\ProgramData\AMD
2011-09-26 21:42:45 46136 ----a-w- C:\Windows\System32\drivers\amdiox64.sys
2011-09-26 21:42:02 -------- d-----w- C:\Program Files (x86)\ATI Technologies
2011-09-26 21:41:59 -------- d-sh--w- C:\Windows\Installer
2011-09-26 21:41:58 -------- d-----w- C:\Program Files\ATI
2011-09-26 21:41:23 -------- d-----w- C:\Program Files\ATI Technologies
2011-09-26 21:40:01 -------- d-----w- C:\ATI
2011-09-26 21:24:14 -------- d-sh--w- C:\Recovery
2011-09-26 21:16:23 -------- d-----w- C:\Windows\Panther
2011-09-26 20:18:37 0 ----a-w- C:\Windows\ativpsrm.bin
.
==================== Find3M ====================
.
2011-07-31 06:51:12 71680 ----a-w- C:\Windows\System32\frapsv64.dll
2011-07-31 06:51:08 65536 ----a-w- C:\Windows\SysWow64\frapsvid.dll
2011-06-30 13:38:10 41712 ----a-w- C:\Windows\System32\drivers\cmdhlp.sys
2011-06-30 13:38:08 252344 ----a-w- C:\Windows\System32\drivers\cmdGuard.sys
2011-06-30 13:38:08 16016 ----a-w- C:\Windows\System32\drivers\cmderd.sys
2011-06-30 13:37:26 363560 ----a-w- C:\Windows\System32\guard64.dll
2011-06-30 13:37:26 285256 ----a-w- C:\Windows\SysWow64\guard32.dll
.
============= FINISH: 21:13:45.78 ===============

---

I have attach.txt, but won't attach it unless asked to.

Edited by ultra1437, 27 September 2011 - 08:17 PM.


BC AdBot (Login to Remove)

 


#2 ultra1437

ultra1437
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:11:14 PM

Posted 27 September 2011 - 10:06 PM

Actually, nevermind, i managed to get rid of the virus on my own with HBCD, thanks for looking if you have, but i've taken care of it.

This topic can be closed / deleted as necessary.

#3 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 37,046 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:10:14 PM

Posted 28 September 2011 - 08:57 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.

Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.


Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Internet Security, NoScript Firefox ext.

animinionsmalltext.gif

 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users