Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Help with consrv.dll\Zeroaccess trojan


  • This topic is locked This topic is locked
1 reply to this topic

#1 Damain11

Damain11

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:02:50 AM

Posted 08 October 2011 - 12:19 PM

Hello,
I am trying to fix my neighbors laptop he got infected. When I got it, I could not do anything on it. The malware that was on it was using 100% cpu and memory resources. I used Malwarebytes to clean that all out until it reported that there were no more infections. I then uninstalled and expired version of McAfee antivirus and installed Microsoft Security Essentials (MSE). I let it scan and that is when I found consrv.dll and I let it delet it thinking all was good. Once I rebooted, all was not good. I could no longer get into windows. I tried windows repair and that didn't work. I finally used system restore to restore the machine to just before I installed MSE. All the malware that malwarebytes took care of was still gone, but this consrv.dll was still there. I did my research and found this thead here (http://www.bleepingcomputer.com/forums/topic34773.html) I followed that tread until the registry edit and that didn't not work for me, as consrv is still there. I have not used combo fix yet and am at a standstill. I would like to give this laptop back to my neighbor and get onto playing with my kids so ANY help would be GREATLY GREATLY appreciated. If there is anyting else please let me know.
Running:
Windows 7 Home Premium x64
Malwarebytes
-Have- Kaspersky Virus Remove Tool
-Have- SystemLook
-Have- DDS.scr (Log to long to post in this post)
-Have- Combofix.exe (Have NOT used this yet!)

Thanks to all who help.

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_26
Run by Rich at 19:31:54 on 2011-10-15
.
============== Running Processes ===============
.
C:\Program Files\Dell\DellDock\DockLogin.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe
C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Program Files (x86)\DealRunner\DealRunner.exe
C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe
C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe
C:\Program Files (x86) (x86)\Lexmark 3400 Series\lxcymon.exe
C:\Program Files (x86) (x86)\Lexmark 3400 Series\ezprint.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe
C:\Program Files (x86)\HTC\HTC Sync\Application Launcher\Application Launcher.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\Common Files\Teleca Shared\CapabilityManager.exe
C:\Program Files (x86)\Common Files\Teleca Shared\logger.exe
C:\Program Files (x86)\Common Files\Teleca Shared\Generic.exe
C:\Program Files (x86)\HTC\HTC Sync\ClientInitiatedStarter\ClientInitiatedStarter.exe
C:\Program Files (x86)\HTC\HTC Sync\Mobile Phone Monitor\epmworker.exe
C:\Windows\SysWow64\Macromed\Flash\FlashUtil10e.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe
C:\Users\Rich\Desktop\dds.scr
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.search.yahoo.com/?fr=w3i&type=W3i_SP,204,0_0,StartPage,20110417,16898,0,8,0
uInternet Settings,ProxyOverride = *.local
mWinlogon: Userinit=userinit.exe,
BHO: Lexmark Toolbar: {1017a80c-6f09-4548-a84d-edd6ac9525f0} - C:\Program Files\Lexmark Toolbar\toolband.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20110917140100.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll
BHO: Shop to Win 13: {d071359c-30ad-4645-9b78-7a3283571f25} - C:\Program Files (x86)\Shop to Win 13\Shop to Win 13.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: Yontoo Layers: {fd72061e-9fde-484d-a58a-0bab4151cad8} - C:\Program Files (x86)\Yontoo Layers Client\YontooIEClient.dll
TB: Lexmark Toolbar: {1017a80c-6f09-4548-a84d-edd6ac9525f0} - C:\Program Files\Lexmark Toolbar\toolband.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
TB: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File
uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
uRun: [DealRunner] "C:\Program Files (x86)\DealRunner\DealRunner.exe"
uRun: [ctfmon.exe] "C:\WINDOWS\system32\ctfmon.exe"
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Dell DataSafe Online] "C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /m
mRun: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
mRun: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
mRun: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"
mRun: [DellSupportCenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
mRun: [lxcymon.exe] "C:\Program Files (x86) (x86)\Lexmark 3400 Series\lxcymon.exe"
mRun: [EzPrint] "C:\Program Files (x86) (x86)\Lexmark 3400 Series\ezprint.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [Monitor] "C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe"
mRun: [Mobile Connectivity Suite] "C:\Program Files (x86)\HTC\HTC Sync\Application Launcher\Application Launcher.exe" /startoptions
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRunOnce: [GrpConv] grpconv -o
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
LSP: mswsock.dll
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{302733DE-6373-42C2-8BCC-5B4A9263B5FC} : DhcpNameServer = 24.247.15.53 66.189.0.100 24.178.162.3
TCP: Interfaces\{DEAA26A5-334B-49FB-93B7-FD9768D1BB23} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{DEAA26A5-334B-49FB-93B7-FD9768D1BB23}\0596F6E6565627051627B6 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{DEAA26A5-334B-49FB-93B7-FD9768D1BB23}\25943484D20534F5E4564777F627B6 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{DEAA26A5-334B-49FB-93B7-FD9768D1BB23}\479636B65647765797 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{DEAA26A5-334B-49FB-93B7-FD9768D1BB23}\F4147425D27457563747 : DhcpNameServer = 4.2.2.2
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SubSystems: Windows = basesrv,1 winsrv:UserServerDllInitialization,3 consrv:ConServerDllInitialization,2 sxssrv,4
BHO-X64: Lexmark Toolbar: {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20110917140100.dll
BHO-X64: scriptproxy - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO-X64: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll
BHO-X64: Shop to Win 13: {D071359C-30AD-4645-9B78-7A3283571F25} - C:\Program Files (x86)\Shop to Win 13\Shop to Win 13.dll
BHO-X64: Freecause Shopping BHO - No File
BHO-X64: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: Yontoo Layers: {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo Layers Client\YontooIEClient.dll
BHO-X64: Yontoo Layers - No File
TB-X64: Lexmark Toolbar: {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
TB-X64: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
TB-X64: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [Dell DataSafe Online] "C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /m
mRun-x64: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
mRun-x64: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
mRun-x64: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"
mRun-x64: [DellSupportCenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
mRun-x64: [lxcymon.exe] "C:\Program Files (x86) (x86)\Lexmark 3400 Series\lxcymon.exe"
mRun-x64: [EzPrint] "C:\Program Files (x86) (x86)\Lexmark 3400 Series\ezprint.exe"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [Monitor] "C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe"
mRun-x64: [Mobile Connectivity Suite] "C:\Program Files (x86)\HTC\HTC Sync\Application Launcher\Application Launcher.exe" /startoptions
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRunOnce-x64: [GrpConv] grpconv -o
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Rich\AppData\Roaming\Mozilla\Firefox\Profiles\n3736x25.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.ticketmaster.com/section?tm_link=tm_header|http://webmail.aol.com/31423-111/aol-1/en-us/Suite.aspx
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Rich\AppData\Roaming\Mozilla\Firefox\Profiles\n3736x25.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
FF - Ext: Yontoo Layers: plugin@yontoo.com - %profile%\extensions\plugin@yontoo.com
FF - Ext: BitDefender QuickScan: {e001c731-5e37-4538-a5cb-8168736a2360} - %profile%\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}
.
============= SERVICES / DRIVERS ===============
.
R? BBSvc;Bing Bar Update Service
R? BVRPMPR5a64;BVRPMPR5a64 NDIS Protocol Driver
R? cfwids;McAfee Inc. cfwids
R? clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86
R? clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64
R? FlyUsb;FLY Fusion
R? gupdate;Google Update Service (gupdate)
R? gupdatem;Google Update Service (gupdatem)
R? HTCAND64;HTC Device Driver
R? McShield;McShield
R? mfefire;McAfee Firewall Core Service
R? mferkdet;McAfee Inc. mferkdet
R? RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader
R? TsUsbFlt;TsUsbFlt
R? WatAdminSvc;Windows Activation Technologies Service
S? 14660766;14660766
S? 5197232drv;5197232drv
S? AESTFilters;Andrea ST Filters Service
S? CtClsFlt;Creative Camera Class Upper Filter Driver
S? DockLoginService;Dock Login Service
S? lxcy_device;lxcy_device
S? MBAMProtector;MBAMProtector
S? MBAMService;MBAMService
S? mfeavfk;McAfee Inc. mfeavfk
S? mfefirek;McAfee Inc. mfefirek
S? mfehidk;McAfee Inc. mfehidk
S? mfenlfk;McAfee NDIS Light Filter
S? mfevtp;McAfee Validation Trust Protection Service
S? mfewfpk;McAfee Inc. mfewfpk
S? pavboot;pavboot
S? PxHlpa64;PxHlpa64
S? RTL8167;Realtek 8167 NT Driver
S? SftService;SoftThinks Agent Service
S? vwififlt;Virtual WiFi Filter Driver
S? vwifimp;Microsoft Virtual WiFi Miniport Service
.
=============== Created Last 30 ================
.
2011-10-15 17:43:11 -------- d-----w- C:\Users\Rich\AppData\Local\{35E2657E-6DFF-4C94-A53D-1F886A537B70}
2011-10-15 17:42:58 -------- d-----w- C:\Users\Rich\AppData\Local\{FAE97F49-A205-4FD9-85CA-13662C6138F3}
2011-10-15 17:01:00 -------- d-----w- C:\Emergency
2011-10-15 16:23:57 -------- d-----w- C:\Users\Rich\AppData\Local\{6EBC2BDA-8EFB-4C5E-8BDC-C8A4806DDDF5}
2011-10-15 14:06:00 -------- d-----w- C:\Users\Rich\AppData\Local\{83E437AD-DD0D-4C4B-A4C3-4A78E1621615}
2011-10-15 12:25:54 -------- d-----w- C:\ProgramData\Kaspersky Lab
2011-10-15 12:05:46 -------- d-----w- C:\Users\Rich\AppData\Local\{80AE63CE-03BD-4530-B9C2-7A8B58E9B552}
2011-10-15 03:54:33 -------- d-----w- C:\Program Files (x86)\Common Files\Symantec Shared
2011-10-15 03:53:41 -------- d-----w- C:\Users\Rich\AppData\Local\{D1ABAC03-FA4C-4D0D-9A79-405B916A660D}
2011-10-15 03:44:15 -------- d-----w- C:\Program Files\Symantec
2011-10-15 03:43:22 -------- d-----w- C:\Windows\System32\drivers\NAVx64\1301010.003
2011-10-15 03:43:22 -------- d-----w- C:\Windows\System32\drivers\NAVx64
2011-10-15 03:43:20 -------- d-----w- C:\Program Files (x86)\Norton AntiVirus
2011-10-15 03:43:19 -------- d-----w- C:\ProgramData\Norton
2011-10-15 03:42:56 -------- d-----w- C:\ProgramData\NortonInstaller
2011-10-15 03:42:56 -------- d-----w- C:\Program Files (x86)\NortonInstaller
2011-10-15 03:42:24 -------- d-----w- C:\Users\Rich\AppData\Local\{CD8FD8FB-63D9-4CE3-8D14-E1EF1DB40785}
2011-10-08 05:55:31 33800 ----a-w- C:\Windows\System32\drivers\pavboot64.sys
2011-10-08 05:55:08 -------- d-----w- C:\Program Files (x86)\Panda Security
2011-10-08 05:50:36 -------- d-----w- C:\Users\Rich\AppData\Roaming\QuickScan
2011-10-08 05:46:48 -------- d-----w- C:\Users\Rich\AppData\Local\{A0ED3091-5DC6-4CAE-8545-7FB56CBEB5F0}
2011-10-08 05:43:41 -------- d-----w- C:\Users\Rich\AppData\Local\{4733C514-E7F2-44D3-ACEE-F7E2D11B419D}
2011-10-08 05:32:17 -------- d-----w- C:\Users\Rich\AppData\Local\{9C8E0C89-00D2-4F81-AE2E-266C06E6F03A}
2011-10-08 04:42:24 -------- d-----w- C:\Users\Rich\AppData\Local\{02E5BAE7-68B2-4FEC-AECB-6AC74286E52A}
2011-10-08 04:21:58 25416 ----a-w- C:\Windows\System32\drivers\mbam.sys
2011-10-07 18:17:13 -------- d-----w- C:\Users\Rich\AppData\Local\{334E5D61-3CD3-42B7-BD60-6D2EBEF2CA86}
2011-10-07 18:05:06 -------- d-----w- C:\Program Files\Microsoft Security Client
2011-10-07 18:01:32 -------- d-----w- C:\Users\Rich\AppData\Local\{74564E03-FCF3-4CEE-BD49-75263869B9D3}
2011-10-07 18:01:18 -------- d-----w- C:\Users\Rich\AppData\Local\{088BBBE2-882F-4F9D-8E2A-83C0C8668709}
2011-10-07 16:39:12 -------- d-----w- C:\Users\Rich\AppData\Local\{6861E851-3835-48B8-95A1-288EB67C7F60}
2011-10-07 14:27:17 -------- d-----w- C:\Users\Rich\AppData\Roaming\Malwarebytes
2011-10-07 14:25:55 -------- d-----w- C:\ProgramData\Malwarebytes
2011-10-07 14:25:52 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2011-10-07 13:34:49 -------- d-----w- C:\Users\Rich\AppData\Local\{6142871E-56A1-47CA-A78A-AA30CEE703CF}
2011-10-07 13:31:23 -------- d-----w- C:\Users\Rich\AppData\Local\{8C439729-AED7-4437-B075-D6B0E906EC49}
2011-10-07 11:27:13 2397696 ----a-w- C:\Windows\SysWow64\dlllOOBtxP0y.exe
2011-10-07 02:02:17 2397696 ----a-w- C:\Windows\SysWow64\DllIIBtzzPycAu.exe
2011-10-07 01:45:44 -------- d-----w- C:\Users\Rich\AppData\Local\{9BF73998-103B-49F1-9C75-340B6DC830A9}
2011-10-07 01:45:31 -------- d-----w- C:\Users\Rich\AppData\Local\{98CF079F-1592-4E9D-9456-A86C56AF893F}
2011-10-06 23:42:21 -------- d-----w- C:\Users\Rich\AppData\Local\{01513B2F-6565-4AE7-89E1-0EC6AB36AC26}
2011-10-06 23:42:09 -------- d-----w- C:\Users\Rich\AppData\Local\{60DC8F3E-0408-4FD6-86E1-1A5A8D5F8169}
2011-10-06 23:19:46 92896 ----a-w- C:\Windows\System32\drivers\pctplsg64.sys
2011-10-06 23:19:43 233488 ----a-w- C:\Windows\System32\drivers\PCTCore64.sys
2011-10-06 23:09:56 -------- d--h--w- C:\ProgramData\Common Files
2011-10-06 23:09:12 -------- d-----w- C:\ProgramData\MFAData
2011-10-06 22:58:39 -------- d-----w- C:\Program Files (x86)\Spyware Doctor
2011-10-06 22:40:56 476904 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
2011-10-06 22:33:34 -------- d-----w- C:\Users\Rich\AppData\Local\{7FE7AE8C-9FE2-4729-9D1A-59580CF35ABD}
2011-10-06 22:33:20 -------- d-----w- C:\Users\Rich\AppData\Local\{169A5B47-55BD-4954-8253-AC69538C54F1}
2011-10-06 21:33:57 -------- d-----w- C:\Users\Rich\AppData\Local\{BE27E5F7-3FDB-4855-8CC1-557DC6AD9035}
2011-10-06 21:33:34 -------- d-----w- C:\Users\Rich\AppData\Local\{910E6054-30AC-49E0-99AC-FC866B1EF3A4}
2011-10-06 14:22:59 -------- d-----w- C:\Users\Rich\AppData\Local\{F1F600DE-F930-49BC-9856-6EB3628F5000}
2011-10-06 14:22:42 -------- d-----w- C:\Users\Rich\AppData\Local\{62B7B55B-E5CB-4DCE-A15E-FE0359DAA746}
2011-10-06 11:22:21 -------- d-----w- C:\Users\Rich\AppData\Local\{09A1C271-64F5-44B7-9A5D-2B3D78A23EDB}
2011-10-06 11:22:05 -------- d-----w- C:\Users\Rich\AppData\Local\{FCA652C7-A1A6-4CE7-8CA6-80FE5C9406DC}
2011-10-06 10:31:35 -------- d-----w- C:\Users\Rich\AppData\Local\{D486D2A1-0E47-4967-9154-B78A5A6109E9}
2011-10-06 10:31:22 -------- d-----w- C:\Users\Rich\AppData\Local\{94247258-C3B6-4D9D-BFD7-335163F36932}
2011-10-06 02:37:15 -------- d-----w- C:\Users\Rich\AppData\Local\{EAA5E1FB-F206-40EB-B61C-2AA43AA12612}
2011-10-06 02:37:02 -------- d-----w- C:\Users\Rich\AppData\Local\{7B647C03-161D-4203-AA5D-C4A70DC6F4BB}
2011-10-06 01:22:07 -------- d-----w- C:\Users\Rich\AppData\Local\{E1BF62B7-6B63-49C5-B1AD-C6BCCC5F6FC2}
2011-10-06 01:21:55 -------- d-----w- C:\Users\Rich\AppData\Local\{0D7F8201-0BFA-4751-ADD5-288A9D769AAB}
2011-10-05 17:05:52 -------- d-----w- C:\Users\Rich\AppData\Local\{116AD84E-5657-4009-85D4-0A4A4884F556}
2011-10-05 17:05:37 -------- d-----w- C:\Users\Rich\AppData\Local\{0749BCEF-8E3A-4D82-BC3D-A4759A56FB0E}
2011-10-04 15:31:11 -------- d-----w- C:\Users\Rich\AppData\Local\{AA611C72-33CA-49BE-AEC3-5E42FA3DA755}
2011-10-04 15:30:57 -------- d-----w- C:\Users\Rich\AppData\Local\{2492F04E-DD81-4934-AFFD-8F150A6F96BC}
2011-10-04 14:28:02 -------- d-----w- C:\Users\Rich\AppData\Local\{D75B2006-C55A-44C6-BCC9-B52791DB1110}
2011-10-04 14:27:47 -------- d-----w- C:\Users\Rich\AppData\Local\{52E5E6C4-36A1-4848-91B7-A87A3B534D4D}
2011-10-03 18:25:26 -------- d-----w- C:\Users\Rich\AppData\Local\{830E5E6A-63A7-4C33-AA15-FBAB29397C12}
2011-10-03 18:25:12 -------- d-----w- C:\Users\Rich\AppData\Local\{2D917114-A2C5-4CDF-A2D1-C56E95071104}
2011-10-03 11:09:12 -------- d-----w- C:\Users\Rich\AppData\Local\{74F8A886-5101-4035-8CE0-31F258E0D0F2}
2011-10-03 11:08:57 -------- d-----w- C:\Users\Rich\AppData\Local\{4AEC8E9A-C8FA-462A-8124-D6D4D5709705}
2011-10-02 23:45:59 -------- d-----w- C:\Users\Rich\AppData\Local\{F9E2968B-8496-449A-B9F9-4669F4C40E94}
2011-10-02 22:33:32 -------- d-----w- C:\Users\Rich\AppData\Local\{36446440-5678-4321-BD42-52249FE21842}
2011-10-02 22:33:19 -------- d-----w- C:\Users\Rich\AppData\Local\{9AE41550-BA37-496E-990C-DAD8947DD625}
2011-10-02 22:11:06 -------- d-----w- C:\Users\Rich\AppData\Local\{973B14C8-9DB2-403A-BE05-55117E2547F7}
2011-10-02 22:10:49 -------- d-----w- C:\Users\Rich\AppData\Local\{0E7771F1-56FB-448C-9D64-0AA82C15F6DD}
2011-10-02 20:40:09 -------- d-----w- C:\Users\Rich\AppData\Local\{76133539-081D-4712-9E78-97EBC00714F4}
2011-10-02 20:39:52 -------- d-----w- C:\Users\Rich\AppData\Local\{BF929103-A721-4C85-A2F7-75BAECB94C3B}
2011-10-02 14:52:41 -------- d-----w- C:\Users\Rich\AppData\Local\{8FFEB75E-13D3-4271-833A-A355A1D24654}
2011-10-02 14:52:27 -------- d-----w- C:\Users\Rich\AppData\Local\{70B38AD6-B828-4054-910C-CC4A507A7B6E}
2011-10-02 12:35:22 -------- d-----w- C:\Users\Rich\AppData\Local\{E76E57D9-EEA3-4CF0-A6FA-80D251991D33}
2011-10-02 12:35:06 -------- d-----w- C:\Users\Rich\AppData\Local\{EC70EA2B-996F-4941-B3D5-F5B03AEA7C82}
2011-10-01 19:40:58 -------- d-----w- C:\Users\Rich\AppData\Local\{5E2F3988-BAFE-4B7A-A7F4-B9197976CA5D}
2011-10-01 19:40:44 -------- d-----w- C:\Users\Rich\AppData\Local\{2025AC68-C546-4E73-A475-8D0A74E2099A}
2011-10-01 13:17:26 -------- d-----w- C:\Users\Rich\AppData\Local\{76D88D52-AB2B-420E-8E73-5B08246B00D9}
2011-10-01 13:17:14 -------- d-----w- C:\Users\Rich\AppData\Local\{109CD3B3-31C6-4FCF-BE3C-476FD2DD2E85}
2011-09-30 19:20:31 -------- d-----w- C:\Users\Rich\AppData\Local\{8435D2ED-5E2F-4F61-A084-5E3CADEDBFF7}
2011-09-30 19:20:18 -------- d-----w- C:\Users\Rich\AppData\Local\{F3833D8A-7E81-4BDA-B9F7-C909C5BCC6E1}
2011-09-30 15:37:08 -------- d-----w- C:\Users\Rich\AppData\Local\{BD36710D-DF10-4A73-BBD5-5B1C7DA5C3B7}
2011-09-30 15:36:55 -------- d-----w- C:\Users\Rich\AppData\Local\{C0369B85-DCBF-442A-B3EE-5415DEAA203F}
2011-09-30 11:23:01 -------- d-----w- C:\Users\Rich\AppData\Local\{888768B1-604E-40D5-B6F8-7E9063768DE1}
2011-09-30 11:22:43 -------- d-----w- C:\Users\Rich\AppData\Local\{EB346927-52AE-4CA5-8900-E2DDA5321814}
2011-09-30 00:25:47 -------- d-----w- C:\Users\Rich\AppData\Local\{59C6530C-CBDD-4548-B258-2A4C63F644F0}
2011-09-30 00:25:28 -------- d-----w- C:\Users\Rich\AppData\Local\{5CE75052-AF89-48F5-98B6-F258562E9A7D}
2011-09-29 20:49:04 -------- d-----w- C:\Users\Rich\AppData\Local\{A5D24031-62E7-433C-84EE-6FA2F0972F89}
2011-09-29 20:48:50 -------- d-----w- C:\Users\Rich\AppData\Local\{A4E178DD-472E-4F6E-A72F-CB409C9092E8}
2011-09-29 16:45:54 -------- d-----w- C:\Users\Rich\AppData\Local\{88684215-C762-4B3E-9EC4-39A90B6675D0}
2011-09-29 16:45:36 -------- d-----w- C:\Users\Rich\AppData\Local\{81AA24A5-F76A-4E80-B238-DC0FB1C58F04}
2011-09-29 02:20:29 -------- d-----w- C:\Users\Rich\AppData\Local\{B9F16354-F910-4B82-B1E1-788E5BFFEFC8}
2011-09-29 02:20:15 -------- d-----w- C:\Users\Rich\AppData\Local\{5D61DF76-DB29-437C-B6AB-801823E60743}
2011-09-28 20:17:54 -------- d-----w- C:\Users\Rich\AppData\Local\{845D42B5-F9F6-4568-B328-D21158E415A3}
2011-09-28 20:17:30 -------- d-----w- C:\Users\Rich\AppData\Local\{5240679D-1BC4-4941-A605-927B9E15AB2F}
2011-09-28 11:30:18 16856 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
2011-09-28 11:30:16 719832 ----a-w- C:\Program Files (x86)\Mozilla Firefox\mozcpp19.dll
2011-09-28 00:02:59 -------- d-----w- C:\Users\Rich\AppData\Local\{6A7B094F-98A9-47CC-B435-BD7F396FCB83}
2011-09-28 00:02:35 -------- d-----w- C:\Users\Rich\AppData\Local\{FE5DD1FA-BA76-4E13-9A87-7A35FEFCB8B6}
2011-09-27 23:44:43 -------- d-----w- C:\Users\Rich\AppData\Local\{775C59E3-6B9E-40D2-89DD-C3F6FC783087}
2011-09-27 23:44:31 -------- d-----w- C:\Users\Rich\AppData\Local\{1EDD9A72-D738-481D-9ED9-DC1790861D0B}
2011-09-27 20:43:14 -------- d-----w- C:\Users\Rich\AppData\Local\{D357F908-7322-422D-A7E9-694E4B6A14C4}
2011-09-27 20:42:57 -------- d-----w- C:\Users\Rich\AppData\Local\{86865F02-3DE4-463D-A682-D33DBF5931B9}
2011-09-27 16:35:17 -------- d-----w- C:\Users\Rich\AppData\Local\{47051353-04C3-4B7C-88B0-8FEE32566E96}
2011-09-27 16:34:50 -------- d-----w- C:\Users\Rich\AppData\Local\{7EA5CEA9-6E07-4ABD-A915-2E1CF071DE8B}
2011-09-27 11:38:46 -------- d-----w- C:\Users\Rich\AppData\Local\{B02E4503-B115-41D8-8322-C64079AD9260}
2011-09-27 11:38:25 -------- d-----w- C:\Users\Rich\AppData\Local\{20CA786B-220A-4286-8DBE-151B9C7D6BB4}
2011-09-26 21:49:16 -------- d-----w- C:\Users\Rich\AppData\Local\{222D8BFB-D293-455C-B854-548B74E17A56}
2011-09-26 21:49:03 -------- d-----w- C:\Users\Rich\AppData\Local\{C5EB9F6B-BB2B-4701-B490-3CEE6C3B855C}
2011-09-26 18:20:22 -------- d-----w- C:\Users\Rich\AppData\Local\{424EEB4C-E12C-492E-BF74-5A59FCEF9A91}
2011-09-26 18:20:04 -------- d-----w- C:\Users\Rich\AppData\Local\{3C4C4E45-223A-47A4-851C-2562D3127F91}
2011-09-26 17:01:25 -------- d-----w- C:\Users\Rich\AppData\Local\{09917202-6173-49E0-A29B-D54596E84F6A}
2011-09-26 17:01:09 -------- d-----w- C:\Users\Rich\AppData\Local\{C3D4B686-BC8A-4C17-AA9B-6A8D528E3EA5}
2011-09-26 12:59:48 -------- d-----w- C:\Users\Rich\AppData\Local\{BCAFB199-79E5-4DAB-B31D-E5E4ED6CCB9C}
2011-09-26 12:59:32 -------- d-----w- C:\Users\Rich\AppData\Local\{ADD3F453-08AD-48CE-B14D-C5C57467D510}
2011-09-24 16:34:56 -------- d-----w- C:\Users\Rich\AppData\Local\{D6FE30AC-6B85-4272-A820-370336C32031}
2011-09-24 16:34:40 -------- d-----w- C:\Users\Rich\AppData\Local\{BFD51DFF-DD79-48FD-9A5D-E694C5125ECA}
2011-09-23 21:07:52 -------- d-----w- C:\Users\Rich\AppData\Local\{D06712BD-62E7-4437-80FD-A2460180B2F8}
2011-09-23 21:07:37 -------- d-----w- C:\Users\Rich\AppData\Local\{7F1E8605-B143-45DF-A29D-BA7FE1B51B51}
2011-09-22 16:41:09 -------- d-----w- C:\Users\Rich\AppData\Local\{EFBD71F7-961F-4A4E-85C6-D017106212C2}
2011-09-22 16:40:54 -------- d-----w- C:\Users\Rich\AppData\Local\{4E90BD62-DA46-4584-BC9E-3FC2DD8A716F}
2011-09-22 15:12:38 -------- d-----w- C:\Users\Rich\AppData\Local\{CCAF9DB7-9CD9-421F-8465-7F809E55BBCD}
2011-09-22 15:12:23 -------- d-----w- C:\Users\Rich\AppData\Local\{C5A87054-DABA-45B4-A562-84D1E21D834B}
2011-09-22 12:01:05 -------- d-----w- C:\Users\Rich\AppData\Local\{649C2333-393F-4526-974C-7B0F918898C4}
2011-09-22 12:00:52 -------- d-----w- C:\Users\Rich\AppData\Local\{B8936209-9FCC-426A-B666-CCE0F76A6845}
2011-09-22 00:27:42 -------- d-----w- C:\Users\Rich\AppData\Local\{2BFC7A47-33E5-4420-9741-B54A5F825155}
2011-09-21 10:20:18 -------- d-----w- C:\Users\Rich\AppData\Local\{2A9B4175-66AD-49A9-A971-A40F6A0EE6FE}
2011-09-21 10:20:06 -------- d-----w- C:\Users\Rich\AppData\Local\{0C8F2A63-EDEB-473F-8C7F-270550337B36}
2011-09-17 18:01:00 24376 ----a-w- C:\Program Files (x86)\Mozilla Firefox\components\Scriptff.dll
2011-09-17 18:00:58 9984 ----a-w- C:\Windows\System32\drivers\mfeclnk.sys
2011-09-17 18:00:08 149032 ----a-w- C:\Windows\System32\mfevtps.exe
2011-09-17 18:00:06 94992 ----a-w- C:\Windows\System32\drivers\mferkdet.sys
2011-09-17 18:00:06 75160 ----a-w- C:\Windows\System32\drivers\mfenlfk.sys
2011-09-17 18:00:06 530304 ----a-w- C:\Windows\System32\drivers\mfehidk.sys
2011-09-17 18:00:06 441840 ----a-w- C:\Windows\System32\drivers\mfefirek.sys
2011-09-17 18:00:06 283744 ----a-w- C:\Windows\System32\drivers\mfewfpk.sys
2011-09-17 18:00:06 190520 ----a-w- C:\Windows\System32\drivers\mfeavfk.sys
2011-09-17 18:00:06 121376 ----a-w- C:\Windows\System32\drivers\mfeapfk.sys
2011-09-17 18:00:05 63056 ----a-w- C:\Windows\System32\drivers\cfwids.sys
.
==================== Find3M ====================
.
2011-07-23 15:33:00 152576 ----a-w- C:\Windows\SysWow64\msclmd.dll
2011-07-23 15:32:59 175616 ----a-w- C:\Windows\System32\msclmd.dll
.
============= FINISH: 19:32:31.46 ===============

Edited by Damain11, 08 October 2011 - 05:16 PM.


BC AdBot (Login to Remove)

 


#2 Damain11

Damain11
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:02:50 AM

Posted 12 October 2011 - 09:35 AM

I'm sorry for this, but for a topic that has been viewed 107 times and doesn't garner a response from anyone is kinda disappointing... I was really hopeful I would get some help here, but I guess not. Moderator, please close my thread as it has been 4 days since I pleaded for some help and no one would... I have since reformatted the machine and moved on. Thanks for nothing...




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users