Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Go away, malware I've tried to remove that keep coming back


  • This topic is locked This topic is locked
2 replies to this topic

#1 malwarefortheholiday

malwarefortheholiday

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:03:22 AM

Posted 18 January 2012 - 07:02 PM

I'm running Vista 32-bit.

I got hit with Vista Security 2012 a couple of weeks ago, and thought I had successfully removed it. However, I've recently noticed problems that it's not quite gone - I occasionally get pop-up advertisements on sites that don't have pop-ups historically, Explorer would crash & reboot itself "mysteriously," and for a time Windows Firewall and Windows Security Center were disabled. I've been using MSE, Rkill & Malwarebytes Antimalware to try and clean this up. MSE points towards Java exploits and FakeRean. I ran a few scans with TDSSkiller while trying to treat it as well, but it turned up nothing the last time I ran it.

Rkill terminated these programs the last time I used it:

\\?\C:\Windows\system32\wbem\WMIADAP.EXE
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe

I've used DeFogger to disable any CD emulation software. I've attached the DDS logs below. I unfortunately do not have a GMER log, since my laptop either crashed while that was running or when it went into hibernation. I will get one posted as soon as I can get a log.

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_24
Run by Fred at 13:13:40 on 2012-01-18
Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.1.1033.18.2549.1423 [GMT -5:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_ae0b52e0\STacSV.exe
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Dell\DellDock\DockLogin.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\WLTRYSVC.EXE
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\bcmwltry.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_ae0b52e0\aestsrv.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Windows\runservice.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Secunia\PSI\PSIA.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\WLTRAY.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe
C:\Program Files\Secunia\PSI\psi_tray.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\SearchProtocolHost.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Secunia\PSI\sua.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
mURLSearchHooks: H - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SearchHelper.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
uRun: [Spotify] "c:\users\fred\appdata\roaming\spotify\Spotify.exe" /uri spotify:autostart
uRun: [TomTomHOME.exe] "c:\program files\tomtom home 2\TomTomHOMERunner.exe"
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [IAAnotif] "c:\program files\intel\intel matrix storage manager\Iaanotif.exe"
mRun: [Microsoft Default Manager] "c:\program files\microsoft\search enhancement pack\default manager\DefMgr.exe" -resume
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] c:\program files\google\gmail notifier\gnotify.exe
mRun: [dellsupportcenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P dellsupportcenter
mRun: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-appf?lic=OQBBAFYARgBSAEUARQAtAFYASwBQAEMAQgAtADYAQgBXAEYATQAtAFQAUgBMAFEAUgAtAEIAUgBVAEgAUAAtAEMAUAA4ADYARwA"&"inst=NwA3AC0AMwA5ADAAOAA1ADAAMgAzADUALQBYAEwAKwAxAC0AVAA0AC0ARgBQADkAKwA2AC0AQgBBAFIAOQBHACsAMQAtAFQAQgA5ACsAMgAtAEYATAArADkALQBYAE8AMwA2ACsAMQAtAEYAOQBNADcAQwArADUALQBGADkATQAxADAAQgArADEA"&"prod=90"&"ver=9.0.872
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\secuni~1.lnk - c:\program files\secunia\psi\psi_tray.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
LSP: mswsock.dll
DPF: ActiveGS.cab - hxxp://activegs.freetoolsassociation.com/ActiveGS.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {9B479D7B-916A-45B0-B042-D42865A60E21} - hxxp://192.168.1.68/DvrOcx.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://juniper.net/dana-cached/sc/JuniperSetupClient.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{B91F0E2F-BCAB-4C88-ACED-ED3F5258D32B} : DhcpNameServer = 66.76.227.40 208.180.42.68
TCP: Interfaces\{F407C477-D3F9-458D-A63A-A3815BAEF977} : DhcpNameServer = 192.168.1.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Notify: GoToAssist - c:\program files\citrix\gotoassist\514\G2AWinLogon.dll
Notify: igfxcui - igfxdev.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\fred\appdata\roaming\mozilla\firefox\profiles\w3fc5lll.default\
FF - prefs.js: browser.startup.homepage - about:blank
FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\amazon\mp3 downloader\npAmazonMP3DownloaderPlugin.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60831.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnupdater2.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npstrlnk.dll
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\users\fred\appdata\roaming\move networks\plugins\npqmp071503000010.dll
.
---- FIREFOX POLICIES ----
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false
============= SERVICES / DRIVERS ===============
.
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-10-24 165648]
R1 MpKsla315d75b;MpKsla315d75b;c:\programdata\microsoft\microsoft antimalware\definition updates\{3b0d0483-0e95-4d8c-ab4b-dce8544c011c}\MpKsla315d75b.sys [2012-1-18 29904]
R2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\driverstore\filerepository\stwrt.inf_ae0b52e0\AEstSrv.exe [2009-8-12 81920]
R2 DockLoginService;Dock Login Service;c:\program files\dell\delldock\DockLogin.exe [2008-12-18 155648]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
R2 LicCtrlService;LicCtrl Service;c:\windows\Runservice.exe [2009-9-1 2560]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2009-12-25 652872]
R2 Secunia PSI Agent;Secunia PSI Agent;c:\program files\secunia\psi\psia.exe [2011-10-14 994360]
R2 Secunia Update Agent;Secunia Update Agent;c:\program files\secunia\psi\sua.exe [2011-10-14 399416]
R2 TomTomHOMEService;TomTomHOMEService;c:\program files\tomtom home 2\TomTomHOMEService.exe [2011-4-22 92592]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2009-8-15 24652]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-8-12 183808]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2009-12-25 20464]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2010-10-24 65024]
R3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\antimalware\NisSrv.exe [2011-4-27 208944]
R3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [2010-9-1 15544]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\drivers\MpNWMon.sys [2010-10-24 43392]
S3 NWUSBCDFIL;Novatel Wireless Installation CD;c:\windows\system32\drivers\NwUsbCdFil.sys [2010-7-8 20480]
S3 NWUSBModem_000;Novatel Wireless USB Modem Driver (vGEN);c:\windows\system32\drivers\nwusbmdm_000.sys [2010-7-8 176384]
S3 NWUSBPort_000;Novatel Wireless USB Status Port Driver (vGEN);c:\windows\system32\drivers\nwusbser_000.sys [2010-7-8 176384]
S3 NWUSBPort2_000;Novatel Wireless USB Status2 Port Driver (vGEN);c:\windows\system32\drivers\nwusbser2_000.sys [2010-7-8 176384]
S3 PTDLBus;PANTECH UM175AL Composite Device Driver;c:\windows\system32\drivers\PTDLBus.sys [2009-8-14 32256]
S3 PTDLMdm;PANTECH UM175AL Drivers;c:\windows\system32\drivers\PTDLMdm.sys [2009-8-14 41344]
S3 PTDLVsp;PANTECH UM175AL Diagnostic Port;c:\windows\system32\drivers\PTDLVsp.sys [2009-8-14 39936]
S3 PTDLWWAN;PANTECH UM175AL WWAN Driver;c:\windows\system32\drivers\PTDLWWAN.sys [2009-8-14 59776]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2012-01-18 17:58:40 29904 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{3b0d0483-0e95-4d8c-ab4b-dce8544c011c}\MpKsla315d75b.sys
2012-01-18 17:58:36 56200 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{3b0d0483-0e95-4d8c-ab4b-dce8544c011c}\offreg.dll
2012-01-18 17:48:01 -------- d-----w- c:\windows\system32\wbem\repository
2012-01-18 06:39:08 347136 ----a-w- c:\users\fred\appdata\local\zilalsb.exe
2012-01-18 06:21:07 -------- d-----w- c:\program files\CCleaner
2012-01-17 19:44:19 6823496 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{3b0d0483-0e95-4d8c-ab4b-dce8544c011c}\mpengine.dll
2012-01-17 18:14:00 -------- d-----w- c:\users\fred\appdata\local\Secunia PSI
2012-01-17 18:13:48 -------- d-----w- c:\program files\Secunia
2012-01-16 14:00:17 2409784 ----a-w- c:\program files\windows mail\OESpamFilter.dat
2012-01-13 01:48:08 1314816 ----a-w- c:\windows\system32\quartz.dll
2012-01-13 01:48:07 497152 ----a-w- c:\windows\system32\qdvd.dll
2012-01-13 01:46:45 278528 ----a-w- c:\windows\system32\schannel.dll
2012-01-13 01:46:44 72704 ----a-w- c:\windows\system32\secur32.dll
2012-01-13 01:46:44 440192 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-01-13 01:46:44 377344 ----a-w- c:\windows\system32\winhttp.dll
2012-01-13 01:46:44 1259008 ----a-w- c:\windows\system32\lsasrv.dll
2012-01-13 01:46:43 9728 ----a-w- c:\windows\system32\lsass.exe
2012-01-13 01:46:36 1205064 ----a-w- c:\windows\system32\ntdll.dll
2012-01-13 01:46:23 23552 ----a-w- c:\windows\system32\mciseq.dll
2012-01-13 01:46:23 189952 ----a-w- c:\windows\system32\winmm.dll
2012-01-13 01:46:13 376320 ----a-w- c:\windows\system32\winsrv.dll
2012-01-13 01:46:11 66560 ----a-w- c:\windows\system32\packager.dll
2012-01-13 01:46:10 876032 ----a-w- c:\windows\system32\XpsPrint.dll
2012-01-09 21:16:24 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2012-01-09 21:16:24 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2012-01-09 20:52:45 -------- d-----w- c:\program files\Windows Portable Devices
2012-01-09 20:36:10 92672 ----a-w- c:\windows\system32\UIAnimation.dll
2012-01-09 20:36:08 3023360 ----a-w- c:\windows\system32\UIRibbon.dll
2012-01-09 20:36:08 1164800 ----a-w- c:\windows\system32\UIRibbonRes.dll
2012-01-09 20:28:59 386560 ----a-w- c:\program files\internet explorer\jsdbgui.dll
2012-01-09 20:28:59 22016 ----a-w- c:\program files\internet explorer\ExtExport.exe
2012-01-09 20:28:59 149504 ----a-w- c:\program files\internet explorer\jsprofilerui.dll
2012-01-09 20:28:59 110592 ----a-w- c:\windows\system32\IEAdvpack.dll
2012-01-09 20:26:32 369664 ----a-w- c:\windows\system32\WMPhoto.dll
2012-01-09 20:26:32 195584 ----a-w- c:\windows\system32\dxdiagn.dll
2012-01-09 20:26:31 519680 ----a-w- c:\windows\system32\d3d11.dll
2012-01-09 20:26:31 321024 ----a-w- c:\windows\system32\PhotoMetadataHandler.dll
2012-01-09 20:26:31 252928 ----a-w- c:\windows\system32\dxdiag.exe
2012-01-09 20:26:31 189440 ----a-w- c:\windows\system32\WindowsCodecsExt.dll
2012-01-09 20:26:30 974848 ----a-w- c:\windows\system32\WindowsCodecs.dll
2012-01-09 19:18:28 -------- d-----w- c:\program files\MSXML 4.0
2012-01-08 18:34:03 6823496 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\updates\mpengine.dll
2012-01-08 18:33:37 79872 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2012-01-08 18:33:37 214016 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2012-01-08 18:33:37 106496 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2012-01-08 18:33:31 273408 ----a-w- c:\windows\system32\drivers\afd.sys
2012-01-08 18:27:57 563712 ----a-w- c:\windows\system32\oleaut32.dll
2012-01-08 18:21:14 707584 ----a-w- c:\program files\common files\system\wab32.dll
2012-01-07 17:46:22 43992 ----a-w- c:\program files\mozilla firefox\mozutils.dll
2012-01-07 17:46:21 626688 ----a-w- c:\program files\mozilla firefox\msvcr80.dll
2012-01-07 17:46:21 548864 ----a-w- c:\program files\mozilla firefox\msvcp80.dll
2012-01-07 17:46:21 479232 ----a-w- c:\program files\mozilla firefox\msvcm80.dll
2012-01-03 15:29:14 -------- d-----w- c:\users\fred\appdata\local\IsolatedStorage
2012-01-03 06:26:31 -------- d-----w- c:\users\fred\appdata\roaming\Academagia
2012-01-03 06:26:31 -------- d-----w- c:\programdata\Academagia
2012-01-03 06:23:40 -------- d-----w- c:\program files\Academagia
2012-01-03 04:20:10 -------- d-----w- c:\users\fred\appdata\local\Xenocode
2012-01-03 04:20:10 -------- d-----w- c:\users\fred\appdata\local\Spoon
2011-12-27 05:12:09 -------- d-----w- c:\programdata\TomTom
2011-12-27 05:10:56 -------- d-----w- c:\users\fred\appdata\roaming\TomTom
2011-12-27 05:10:56 -------- d-----w- c:\users\fred\appdata\local\TomTom
2011-12-27 05:10:36 -------- d-----w- c:\program files\TomTom International B.V
2011-12-27 05:09:36 -------- d-----w- c:\program files\TomTom HOME 2
2011-12-27 05:02:35 -------- d-----w- c:\program files\TomTom DesktopSuite
2011-12-26 05:56:43 -------- d-----w- C:\Sports Mogul
2011-12-26 05:28:19 94208 ----a-r- c:\users\fred\appdata\roaming\microsoft\installer\{84adf5b4-9de7-4d4b-b66f-1ca01cd68ce7}\_8F4D8201FAB6_4F1F_A289_80DA3CB6979A.exe
.
==================== Find3M ====================
.
2012-01-18 17:58:45 8993 --sha-w- c:\windows\system32\mmf.sys
2012-01-09 20:27:27 979456 ----a-w- c:\windows\system32\MFH264Dec.dll
2012-01-09 20:26:33 4096 ----a-w- c:\windows\system32\drivers\en-us\dxgkrnl.sys.mui
2012-01-08 18:08:31 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-12-30 17:00:43 185856 ----a-w- c:\windows\system32\drivers\netbt.sys
2011-12-19 01:48:40 72192 ----a-w- c:\windows\system32\drivers\tdx.sys
2011-12-10 20:24:06 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-11-23 13:37:27 2043904 ----a-w- c:\windows\system32\win32k.sys
2011-11-08 14:42:19 2048 ----a-w- c:\windows\system32\tzres.dll
2011-10-27 08:01:53 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-10-27 08:01:53 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-10-25 15:56:04 49152 ----a-w- c:\windows\system32\csrsrv.dll
.
============= FINISH: 13:15:30.60 ===============

Attached Files


Edited by malwarefortheholiday, 19 January 2012 - 09:39 AM.


BC AdBot (Login to Remove)

 


#2 malwarefortheholiday

malwarefortheholiday
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:03:22 AM

Posted 21 January 2012 - 04:23 PM

I managed to sit down and get this worked out earlier today, so you can just disregard this. Thanks!

#3 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,579 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:22 PM

Posted 22 January 2012 - 05:27 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.
The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users