Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trojan://DOS alureon.e


  • This topic is locked This topic is locked
8 replies to this topic

#1 Laddie

Laddie

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:02:53 PM

Posted 04 December 2011 - 06:59 PM

I had a virus earlier and during the removal my computer locked up and I wound up having to do a clean install of my OS (Win7). After the install MSE came up with this alureon infection and isn't able to remove it. Help would be appreciated.

DDS

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by Laddie at 18:27:10 on 2011-12-04
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.1978.1001 [GMT -5:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Launch Manager\dsiwmis.exe
C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
C:\Program Files\Acer\Acer Updater\UpdaterService.exe
c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\rundll32.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Elantech\ETDCtrl.exe
C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Launch Manager\LManager.exe
C:\Windows\system32\igfxext.exe
C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe
C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Elantech\ETDCtrlHelper.exe
C:\Program Files (x86)\Launch Manager\LMworker.exe
C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Windows\system32\SearchProtocolHost.exe
c:\Program Files\Microsoft Security Client\Antimalware\MpCmdRun.exe
c:\Program Files\Microsoft Security Client\Antimalware\MpCmdRun.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=aspire_5736z&r=27361111f605l04e4z165v48924612
uDefault_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=aspire_5736z&r=27361111f605l04e4z165v48924612
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=aspire_5736z&r=27361111f605l04e4z165v48924612
mWinlogon: Userinit=userinit.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Partner BHO Class: {83ff80f4-8c74-4b80-b5ba-c8ddd434e5c4} - C:\ProgramData\Partner\Partner.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
mRun: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe
mRun: [SuiteTray] "C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe"
mRun: [EgisUpdate] "C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe" -d
mRun: [EgisTecPMMUpdate] "C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe"
mRun: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [BackupManagerTray] "C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" -h -k
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: McAfee Phishing Filter: {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\progra~1\mcafee\msk\mskapbho.dll
BHO-X64: McAfee Phishing Filter - No File
BHO-X64: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO-X64: Partner BHO Class: {83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4} - C:\ProgramData\Partner\Partner.dll
BHO-X64: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
mRun-x64: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
mRun-x64: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe
mRun-x64: [SuiteTray] "C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe"
mRun-x64: [EgisUpdate] "C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe" -d
mRun-x64: [EgisTecPMMUpdate] "C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe"
mRun-x64: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [BackupManagerTray] "C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" -h -k
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Laddie\AppData\Roaming\Mozilla\Firefox\Profiles\p4unqz4z.default\
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
.
============= SERVICES / DRIVERS ===============
.
R1 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]
R1 mwlPSDFilter;mwlPSDFilter;C:\Windows\system32\DRIVERS\mwlPSDFilter.sys --> C:\Windows\system32\DRIVERS\mwlPSDFilter.sys [?]
R1 mwlPSDNServ;mwlPSDNServ;C:\Windows\system32\DRIVERS\mwlPSDNServ.sys --> C:\Windows\system32\DRIVERS\mwlPSDNServ.sys [?]
R1 mwlPSDVDisk;mwlPSDVDisk;C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys --> C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
R2 DsiWMIService;Dritek WMI Service;C:\Program Files (x86)\Launch Manager\dsiwmis.exe [2010-7-23 321104]
R2 ePowerSvc;Acer ePower Service;C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe [2011-11-29 868896]
R2 GREGService;GREGService;C:\Program Files (x86)\Acer\Registration\GREGsvc.exe [2010-1-8 23584]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-7-23 13336]
R2 NOBU;Norton Online Backup;C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2010-6-1 2804568]
R2 NTI IScheduleSvc;NTI IScheduleSvc;C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [2010-6-28 255744]
R2 Updater Service;Updater Service;C:\Program Files\Acer\Acer Updater\UpdaterService.exe [2010-7-23 243232]
R3 ETD;ELAN PS/2 Port Input Device;C:\Windows\system32\DRIVERS\ETD.sys --> C:\Windows\system32\DRIVERS\ETD.sys [?]
R3 IntcHdmiAddService;Intel® High Definition Audio HDMI;C:\Windows\system32\drivers\IntcHdmi.sys --> C:\Windows\system32\drivers\IntcHdmi.sys [?]
R3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;C:\Windows\system32\DRIVERS\k57nd60a.sys --> C:\Windows\system32\DRIVERS\k57nd60a.sys [?]
R3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-4-27 288272]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-11-30 135664]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-11-30 135664]
S3 MpNWMon;Microsoft Malware Protection Network Driver;C:\Windows\system32\DRIVERS\MpNWMon.sys --> C:\Windows\system32\DRIVERS\MpNWMon.sys [?]
S3 MWLService;MyWinLocker Service;C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe [2010-5-26 305520]
S3 Partner Service;Partner Service;C:\ProgramData\Partner\Partner.exe [2010-7-23 332272]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\system32\Drivers\RtsUStor.sys --> C:\Windows\system32\Drivers\RtsUStor.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
.
=============== Created Last 30 ================
.
2011-12-04 23:16:52 69000 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{62EB2122-713A-4376-9AA1-1C763D7065B5}\offreg.dll
2011-12-04 11:23:14 -------- d-----w- C:\Users\Laddie\AppData\Local\Adobe
2011-12-02 17:38:18 8570192 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-12-02 17:38:05 8822856 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{62EB2122-713A-4376-9AA1-1C763D7065B5}\mpengine.dll
2011-11-30 17:41:15 917840 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{1C412A63-FAD1-475E-9510-B62D9FCA45A8}\gapaengine.dll
2011-11-30 17:41:03 270720 ------w- C:\Windows\System32\MpSigStub.exe
2011-11-30 17:32:33 -------- d-----w- C:\Program Files (x86)\Microsoft Security Client
2011-11-30 17:32:24 -------- d-----w- C:\Program Files\Microsoft Security Client
2011-11-30 15:53:38 995328 ----a-w- C:\Program Files\Common Files\Microsoft Shared\VGX\VGX.dll
2011-11-30 15:38:38 -------- d-----w- C:\Windows\System32\SPReview
2011-11-30 15:37:56 -------- d-----w- C:\Windows\System32\EventProviders
2011-11-30 15:19:59 297808 ----a-w- C:\Windows\SysWow64\mscoree.dll
2011-11-30 15:18:59 934912 ----a-w- C:\Windows\System32\FirewallControlPanel.dll
2011-11-30 15:17:59 89600 ----a-w- C:\Windows\SysWow64\wbem\WmiApRpl.dll
2011-11-30 15:16:59 8192 ----a-w- C:\Windows\System32\KBDTUF.DLL
2011-11-30 15:13:25 529408 ----a-w- C:\Windows\System32\wbemcomn.dll
2011-11-30 15:13:25 244736 ----a-w- C:\Program Files\Windows Portable Devices\sqmapi.dll
2011-11-30 15:13:10 244736 ----a-w- C:\Windows\System32\sqmapi.dll
2011-11-30 14:27:50 52736 ----a-w- C:\Windows\System32\drivers\usbehci.sys
2011-11-30 14:27:49 98816 ----a-w- C:\Windows\System32\drivers\usbccgp.sys
2011-11-30 14:27:49 343040 ----a-w- C:\Windows\System32\drivers\usbhub.sys
2011-11-30 14:27:49 325120 ----a-w- C:\Windows\System32\drivers\usbport.sys
2011-11-30 14:27:48 7936 ----a-w- C:\Windows\System32\drivers\usbd.sys
2011-11-30 14:27:48 30720 ----a-w- C:\Windows\System32\drivers\usbuhci.sys
2011-11-30 14:27:48 25600 ----a-w- C:\Windows\System32\drivers\usbohci.sys
2011-11-30 05:59:56 -------- d-----w- C:\Windows\SysWow64\Wat
2011-11-30 05:59:55 -------- d-----w- C:\Windows\System32\Wat
2011-11-30 05:58:29 1544192 ----a-w- C:\Windows\System32\DWrite.dll
2011-11-30 05:58:29 1139200 ----a-w- C:\Windows\System32\FntCache.dll
2011-11-30 05:58:28 902656 ----a-w- C:\Windows\System32\d2d1.dll
2011-11-30 05:58:28 739840 ----a-w- C:\Windows\SysWow64\d2d1.dll
2011-11-30 05:58:28 1076736 ----a-w- C:\Windows\SysWow64\DWrite.dll
2011-11-30 03:25:33 4398360 ----a-w- C:\Windows\System32\d3dx9_32.dll
2011-11-30 03:25:33 3426072 ----a-w- C:\Windows\SysWow64\d3dx9_32.dll
2011-11-30 03:25:30 -------- d-----w- C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2011-11-30 03:24:51 -------- d-----w- C:\Program Files (x86)\Microsoft
2011-11-30 03:24:38 -------- d-----w- C:\Program Files (x86)\Windows Live SkyDrive
2011-11-30 03:24:13 -------- d-----w- C:\Windows\PCHEALTH
2011-11-30 03:24:01 74520 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\814d544c1ccaf0f\DSETUP.dll
2011-11-30 03:24:01 484632 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\814d544c1ccaf0f\DXSETUP.exe
2011-11-30 03:24:01 1670936 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\814d544c1ccaf0f\dsetup32.dll
2011-11-30 03:23:39 141402440 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\wlc45D5.tmp
2011-11-30 03:23:35 -------- d-----w- C:\Program Files (x86)\Common Files\Windows Live
2011-11-30 03:21:02 -------- d-----w- C:\Program Files (x86)\Common Files\CyberLink
2011-11-30 03:19:53 505128 ----a-w- C:\Windows\SysWow64\msvcp71.dll
2011-11-30 03:19:53 353576 ----a-w- C:\Windows\SysWow64\msvcr71.dll
2011-11-30 03:19:53 29480 ----a-w- C:\Windows\SysWow64\msxml3a.dll
2011-11-30 03:18:44 51712 ----a-w- C:\Windows\AutosetFrequency.exe
2011-11-30 03:18:44 214400 ----a-w- C:\Windows\SysWow64\snpropwp.dll
2011-11-30 03:18:44 206208 ----a-w- C:\Windows\PLFSetI.exe
2011-11-30 03:18:44 -------- d-----w- C:\Program Files (x86)\AcerCrystalEye
2011-11-30 03:18:00 -------- d-----w- C:\Program Files\Elantech
2011-11-30 03:17:08 -------- d---a-w- C:\book
2011-11-30 03:15:12 3 ----a-w- C:\Windows\System32\PLD_Framework.cmd
2011-11-30 03:13:34 -------- d-----w- C:\Windows\SysWow64\Lang
2011-11-30 03:13:33 -------- d-----w- C:\Windows\SysWow64\x64
2011-11-30 03:13:32 1002008 ----a-w- C:\Windows\SysWow64\igxpun.exe
2011-11-30 03:09:30 -------- d-----w- C:\Windows\NAPP_Dism_Log
2011-11-30 02:19:52 -------- d-----w- C:\Users\Laddie\AppData\Local\Google
2011-11-30 00:59:09 31232 ----a-w- C:\Windows\System32\prevhost.exe
2011-11-30 00:59:08 31232 ----a-w- C:\Windows\SysWow64\prevhost.exe
2011-11-30 00:56:40 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2011-11-30 00:56:40 2048 ----a-w- C:\Windows\System32\tzres.dll
2011-11-30 00:56:02 642944 ----a-w- C:\Windows\System32\winload.efi
2011-11-30 00:56:02 605552 ----a-w- C:\Windows\System32\winload.exe
2011-11-30 00:56:02 566208 ----a-w- C:\Windows\System32\winresume.efi
2011-11-30 00:56:02 518672 ----a-w- C:\Windows\System32\winresume.exe
2011-11-30 00:56:01 63488 ----a-w- C:\Windows\System32\setbcdlocale.dll
2011-11-30 00:56:01 20352 ----a-w- C:\Windows\System32\kdusb.dll
2011-11-30 00:56:01 19328 ----a-w- C:\Windows\System32\kd1394.dll
2011-11-30 00:56:01 17792 ----a-w- C:\Windows\System32\kdcom.dll
2011-11-30 00:54:57 961024 ----a-w- C:\Windows\System32\CPFilters.dll
2011-11-30 00:53:58 27520 ----a-w- C:\Windows\System32\drivers\Diskdump.sys
2011-11-30 00:53:54 886784 ----a-w- C:\Program Files\Common Files\System\wab32.dll
2011-11-30 00:53:54 708608 ----a-w- C:\Program Files (x86)\Common Files\System\wab32.dll
2011-11-30 00:53:48 974336 ----a-w- C:\Windows\System32\WFS.exe
2011-11-30 00:53:48 267776 ----a-w- C:\Windows\System32\FXSCOVER.exe
2011-11-30 00:51:46 5561216 ----a-w- C:\Windows\System32\ntoskrnl.exe
2011-11-30 00:51:45 3912576 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2011-11-30 00:51:44 3967872 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2011-11-30 00:50:44 30208 ----a-w- C:\Windows\System32\dnscacheugc.exe
2011-11-30 00:50:44 28672 ----a-w- C:\Windows\SysWow64\dnscacheugc.exe
2011-11-30 00:50:44 183296 ----a-w- C:\Windows\System32\dnsrslvr.dll
2011-11-30 00:46:07 861696 ----a-w- C:\Windows\System32\oleaut32.dll
2011-11-30 00:46:07 571904 ----a-w- C:\Windows\SysWow64\oleaut32.dll
2011-11-30 00:46:07 331776 ----a-w- C:\Windows\System32\oleacc.dll
2011-11-30 00:46:07 233472 ----a-w- C:\Windows\SysWow64\oleacc.dll
2011-11-30 00:46:05 976896 ----a-w- C:\Windows\System32\inetcomm.dll
2011-11-30 00:46:05 741376 ----a-w- C:\Windows\SysWow64\inetcomm.dll
2011-11-30 00:46:01 90624 ----a-w- C:\Windows\System32\drivers\bowser.sys
2011-11-30 00:43:05 -------- d-----w- C:\Users\Laddie\AppData\Roaming\Intel Corporation
2011-11-30 00:42:58 -------- d-----w- C:\Users\Laddie\AppData\Local\EgisTec IPS
2011-11-30 00:42:20 -------- d-----w- C:\Users\Laddie\AppData\Local\VirtualStore
2011-11-30 00:41:38 -------- d-----w- C:\Program Files (x86)\OEM
2011-11-30 00:41:33 -------- d-----w- C:\ProgramData\OEM_E471269A730D
2011-11-30 00:41:22 -------- d-----w- C:\Program Files (x86)\Times Reader
.
==================== Find3M ====================
.
2011-11-30 16:50:39 175616 ----a-w- C:\Windows\System32\msclmd.dll
2011-11-30 16:50:39 152576 ----a-w- C:\Windows\SysWow64\msclmd.dll
2011-09-29 16:29:28 1923952 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2011-09-29 04:03:32 3144704 ----a-w- C:\Windows\System32\win32k.sys
.
============= FINISH: 18:28:21.67 ===============


GMER didn't come up with anything so I have no log to post from that.

Attached Files



BC AdBot (Login to Remove)

 


#2 sundavis

sundavis

  • Malware Response Team
  • 2,708 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:02:53 PM

Posted 05 December 2011 - 11:46 PM

Hi Laddie,



Welcome to BleepingComputer Virus, Trojan, Spyware, and Malware Removal Logs Forum. :welcome:
My name is sundavis, I will be helping you to deal with your Malware problems today.

Over Win7 Start logo > type diskmgmt.msc in search box and press enter > Disk Management should prompt.

Take a whole Disk Management Window screenshot, make sure we can see all columns after Disk 0 and attach that picture in your next reply. For more info:This thread . We will start from that. Thanks

#3 Laddie

Laddie
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:02:53 PM

Posted 06 December 2011 - 08:19 AM

The wee column on the end of Disk 0 is the second in the list above it (1 MB).

Attached Files



#4 sundavis

sundavis

  • Malware Response Team
  • 2,708 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:02:53 PM

Posted 06 December 2011 - 08:33 AM

Hi Laddie,




Do you have any idea about that odd partition which has only 1 MB capacity? If not, it seemed to be created by the variant malware.

Lets try to remove it with the normal way as instructed in this thread. If not working, we will take another approach. Give me a fresh screenshot in your next reply. After that, please proceed the following:



Step1

  • Download TDSSKiller and save it to your Desktop.
  • Extract its contents to your desktop.
  • Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\TDSSKiller folder). Please copy and paste the contents of that file here.


In your next reply, please post back:

1.New screenshot
2.TDSSKiller log

Let me know if you have any remaining issues on your pc.

#5 Laddie

Laddie
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:02:53 PM

Posted 06 December 2011 - 12:26 PM

TDSSKiller didn't find anything to report. MSE didn't pop up with it either after reboot.

Attached Files


Edited by Laddie, 06 December 2011 - 12:28 PM.


#6 sundavis

sundavis

  • Malware Response Team
  • 2,708 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:02:53 PM

Posted 06 December 2011 - 04:55 PM

Hi Laddie,



That sounds good. :thumbup2: Since the main culprit is removed, your system appears to be clean now. :thumbsup: If you have no remaining isssues, lets do some tidy up and you should be good to go.

Please delete all the logs or tools we have used and insatll java from Here . Now that your system is clean, kindly follow these simple steps in order to keep your computer clean and secure:


  • Update your antivirus programs

    Update your Antivirus programs and other security products regularly to avoid new threats that could infect your system. You can use one of these sites to check if any updates are needed for your pc.
    Secunia Software Inspector
    F-secure Health Check

  • Update all programs regularly - Make sure you update all the programs regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.

  • Backup your valid registry -ERUNT (Emergency Recovery Utility NT) allows you to store a complete backup of your registry and restore if needed. Due to malware affects, a corrupt registry can prevent a system from booting. You're well advised to backup your valid registry while the system is clean now. For more info: Here and Here .


Please check out Tony Klein's article "How did I get infected in the first place?"
Read some information Here how to prevent Malware.


Glad to be of help. Safe surfing!!

#7 Laddie

Laddie
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:02:53 PM

Posted 06 December 2011 - 06:21 PM

Thank you very much!

#8 sundavis

sundavis

  • Malware Response Team
  • 2,708 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:02:53 PM

Posted 08 December 2011 - 09:52 AM

Since this issue appears resolved ... this Topic is closed. Glad to have helped. Everyone else please begin a New Topic.

Edited by sundavis, 08 December 2011 - 09:53 AM.


#9 sundavis

sundavis

  • Malware Response Team
  • 2,708 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:02:53 PM

Posted 08 December 2011 - 09:53 AM

Since this issue appears resolved ... this Topic is closed. Glad to have helped. Everyone else please begin a New Topic.

Edited by sundavis, 08 December 2011 - 09:53 AM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users