Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Is there a Trojan Hijacker on my rig?


  • This topic is locked This topic is locked
2 replies to this topic

#1 Geralt

Geralt

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:12:49 PM

Posted 20 January 2012 - 04:39 PM

Hello,
I visited a website for online TV streaming to watch some shows. Suddenly, my screen turned blue and the computer was restarted. After the restart, I scanned my system with Yahoo-Anti Toolbar and it found the following object: Trojan Win32.StartPage.fw Homepage Hijacker: C:\\Windows\\System32\\mfplay.dll, which could not be removed. I also used Spyware Doctor and Kaspersky AV 9.0 to detect any possible threats but nothing has been quarantined yet. Is the Trojan Hijacker message a false alert? Here is my log:

DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_29
Run by User at 23:21:53 on 2012-01-20
Microsoft Windows 7 Ultimate 6.1.7601.1.1251.359.1033.18.2987.1587 [GMT 2:00]
.
AV: Kaspersky Anti-Virus *Enabled/Updated* {56547CC9-C9B2-849D-8FEF-A496150D6A06}
AV: Internet Security Anti-Virus *Disabled/Updated* {2F668A56-D5E0-2DF1-A0AE-CB1284F42AB2}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Internet Security Anti-Spyware *Disabled/Updated* {94076BB2-F3DA-227F-9A1E-F060FF73600F}
SP: Kaspersky Anti-Virus *Enabled/Updated* {ED359D2D-EF88-8B13-B55F-9FE46E8A20BB}
FW: Internet Security Firewall *Disabled* {175D0B73-9F8F-2CA9-8BF1-62277A276DC9}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe
C:\Program Files\PC Tools Security\BDT\BDTUpdateService.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\XFastUsb\XFastUsb.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\PC Tools Security\BDT\FGuard.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\DAEMON Tools Lite\DTLite.exe
C:\Program Files\NETGATE\Registry Cleaner\RegistryCleaner.exe
C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\NETGATE\Registry Cleaner\RegistryCleanerSrv.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Yahoo!\YPSR\ypsr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
C:\Windows\system32\sppsvc.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.yahoo.com/?.home=ytie
mDefault_Page_URL = hxxp://www.yahoo.com/?.home=ytie
mStart Page = hxxp://www.yahoo.com/?.home=ytie
uURLSearchHooks: PC Tools Browser Guard: {472734ea-242a-422b-adf8-83d1e48cc825} - c:\program files\pc tools security\bdt\PCTBrowserDefender.dll
BHO: ContributeBHO Class: {074c1dc5-9320-4a9a-947d-c042949c6216} - c:\program files\adobe\adobe contribute cs5\plugins\ieplugin\contributeieplugin.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: PC Tools Browser Guard BHO: {2a0f3d1b-0909-4ff4-b272-609cce6054e7} - c:\program files\pc tools security\bdt\PCTBrowserDefender.dll
BHO: IEVkbdBHO Class: {59273ab4-e7d3-40f9-a1a8-6fa9cca1862c} - c:\program files\kaspersky lab\kaspersky anti-virus 2010\ievkbd.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~2\office14\GROOVEEX.DLL
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~2\office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: FilterBHO Class: {e33cf602-d945-461a-83f0-819f76a199f8} - c:\program files\kaspersky lab\kaspersky anti-virus 2010\klwtbbho.dll
TB: Contribute Toolbar: {517bdde4-e3a7-4570-b21e-2b52b6139fc7} - c:\program files\adobe\adobe contribute cs5\plugins\ieplugin\contributeieplugin.dll
TB: PC Tools Browser Guard: {472734ea-242a-422b-adf8-83d1e48cc825} - c:\program files\pc tools security\bdt\PCTBrowserDefender.dll
TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
uRun: [ASRockXTU]
uRun: [zASRockInstantBoot]
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\DTLite.exe" -autorun
uRun: [KiesHelper] c:\program files\samsung\kies\KiesHelper.exe /s
uRun: [NETGATERegistryCleaner] c:\program files\netgate\registry cleaner\RegistryCleaner.exe
mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe -s
mRun: [XFastUsb] c:\program files\xfastusb\XFastUsb.exe
mRun: [AVP] "c:\program files\kaspersky lab\kaspersky anti-virus 2010\avp.exe"
mRun: [BCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServices
mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe"
mRun: [AdobeCS5ServiceManager] "c:\program files\common files\adobe\cs5servicemanager\CS5ServiceManager.exe" -launchedbylogin
mRun: [SwitchBoard] c:\program files\common files\adobe\switchboard\SwitchBoard.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [KiesTrayAgent] c:\program files\samsung\kies\KiesTrayAgent.exe
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [PCTools FGuard] c:\program files\pc tools security\bdt\FGuard.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: &Експортиране към Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\micros~2\office14\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {4248FE82-7FCB-46AC-B270-339F08212110} - {4248FE82-7FCB-46AC-B270-339F08212110} - c:\program files\kaspersky lab\kaspersky anti-virus 2010\klwtbbho.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - c:\program files\kaspersky lab\kaspersky anti-virus 2010\klwtbbho.dll
LSP: c:\program files\common files\pc tools\lsp\PCTLsp.dll
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{6C28F882-00E7-44AA-A839-F7BDA205B93C} : DhcpNameServer = 192.168.1.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: igfxcui - igfxdev.dll
Notify: klogon - c:\windows\system32\klogon.dll
AppInit_DLLs: c:\progra~1\kasper~1\kasper~1\mzvkbd3.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~2\office14\GROOVEEX.DLL
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\user\appdata\roaming\mozilla\firefox\profiles\j773y1cl.default\
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\progra~1\micros~2\office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\micros~2\office14\NPSPWRAP.DLL
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60831.0\npctrlui.dll
FF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dv.dll
FF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dvstreaming.dll
FF - plugin: c:\program files\webzen\webzengamestarter\NPGameWebStarter.dll
.
============= SERVICES / DRIVERS ===============
.
R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2009-10-14 36880]
R0 mvs91xx;mvs91xx;c:\windows\system32\drivers\mvs91xx.sys [2011-3-14 274736]
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2012-1-20 326688]
R0 pctDS;PC Tools Data Store;c:\windows\system32\drivers\pctDS.sys [2012-1-20 338880]
R0 pctEFA;PC Tools Extended File Attributes;c:\windows\system32\drivers\pctEFA.sys [2012-1-20 656320]
R1 AsrAppCharger;AsrAppCharger;c:\windows\system32\drivers\AsrAppCharger.sys [2011-9-12 13832]
R1 FNETURPX;FNETURPX;c:\windows\system32\drivers\FNETURPX.SYS [2011-9-12 14656]
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\drivers\klim6.sys [2009-9-14 21520]
R1 pctgntdi;pctgntdi;c:\windows\system32\drivers\pctgntdi.sys [2012-1-20 252712]
R1 PCTSD;PC Tools Spyware Doctor Driver;c:\windows\system32\drivers\PCTSD.sys [2012-1-20 184536]
R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2011-6-6 64952]
R2 AVP;Kaspersky Anti-Virus;c:\program files\kaspersky lab\kaspersky anti-virus 2010\avp.exe [2009-10-20 340520]
R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\pc tools security\bdt\BDTUpdateService.exe [2012-1-20 337872]
R2 NGRegClnSrv;NETGATE Registry Cleaner Service;c:\program files\netgate\registry cleaner\RegistryCleanerSrv.exe [2012-1-20 464752]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\nvidia corporation\nvidia updatus\daemonu.exe [2011-12-11 2214504]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2011-12-3 1153368]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\nvidia corporation\3d vision\nvSCPAPISvr.exe [2011-1-7 378984]
R2 UNS;Intel® Management and Security Application User Notification Service;c:\program files\intel\intel® management engine components\uns\UNS.exe [2011-9-12 2656280]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\drivers\ssudbus.sys [2012-1-20 80184]
R3 EtronHub3;Etron USB 3.0 Extensible Hub Driver;c:\windows\system32\drivers\EtronHub3.sys [2011-2-8 32384]
R3 EtronXHCI;Etron USB 3.0 Extensible Host Controller Driver;c:\windows\system32\drivers\EtronXHCI.sys [2011-2-8 52352]
R3 k57nd60x;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\k57nd60x.sys [2011-2-14 350248]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [2009-10-2 19472]
R3 MEI;Intel® Management Engine Interface;c:\windows\system32\drivers\HECI.sys [2011-9-12 41088]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2011-9-12 122984]
R3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\drivers\ssudmdm.sys [2012-1-20 181432]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888]
S3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-21 62464]
S3 FNETTBOH_305;FNETTBOH_305;c:\windows\system32\drivers\FNETTBOH_305.SYS [2011-9-12 29248]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\microsoft office\office14\GROOVE.EXE [2011-6-12 31125880]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 pctplsg;pctplsg;c:\windows\system32\drivers\pctplsg.sys [2012-1-20 70664]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 15872]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\pc tools security\pctsAuxs.exe [2012-1-20 371472]
S3 sdCoreService;PC Tools Security Service;c:\program files\pc tools security\pctsSvc.exe [2012-1-20 1117144]
S3 SwitchBoard;Adobe SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]
S3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\Synth3dVsc.sys [2010-11-21 77184]
S3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [2010-11-21 25600]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2010-11-20 52224]
S3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264]
S3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [2010-11-21 112640]
S3 VSPerfDrv100;Performance Tools Driver 10.0;c:\program files\microsoft visual studio 10.0\team tools\performance tools\VSPerfDrv100.sys [2009-12-8 48128]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\microsoft sql server\100\shared\sqladhlp.exe [2009-7-23 47128]
S4 RsFx0105;RsFx0105 Driver;c:\windows\system32\drivers\RsFx0105.sys [2011-9-22 238696]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\microsoft sql server\mssql10.sqlexpress\mssql\binn\SQLAGENT.EXE [2011-9-22 370024]
.
=============== Created Last 30 ================
.
2012-01-20 21:11:11 -------- d-----w- c:\users\user\appdata\roaming\NETGATE Registry Cleaner
2012-01-20 21:11:10 -------- d-----w- c:\program files\NETGATE
2012-01-20 20:56:48 767952 ----a-w- c:\windows\BDTSupport.dll
2012-01-20 20:56:48 2189264 ----a-w- c:\windows\PCTBDCore.dll
2012-01-20 20:56:48 1533904 ----a-w- c:\windows\PCTBDRes.dll
2012-01-20 20:56:48 149456 ----a-w- c:\windows\SGDetectionTool.dll
2012-01-20 20:55:24 656320 ----a-w- c:\windows\system32\drivers\pctEFA.sys
2012-01-20 20:55:24 338880 ----a-w- c:\windows\system32\drivers\pctDS.sys
2012-01-20 20:55:22 252712 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2012-01-20 20:55:22 107864 ----a-w- c:\windows\system32\drivers\pctwfpfilter.sys
2012-01-20 20:55:18 326688 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2012-01-20 20:55:18 162200 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2012-01-20 20:55:17 184536 ----a-w- c:\windows\system32\drivers\PCTSD.sys
2012-01-20 20:55:14 70664 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2012-01-20 20:55:05 -------- d-----w- c:\programdata\PC Tools
2012-01-20 20:55:05 -------- d-----w- c:\program files\PC Tools Security
2012-01-20 20:55:05 -------- d-----w- c:\program files\common files\PC Tools
2012-01-20 20:33:38 -------- d-----w- c:\program files\common files\Scanner
2012-01-20 20:33:32 -------- d-----w- c:\program files\Yahoo!
2012-01-20 19:36:27 89960 ----a-w- c:\windows\system32\SQSRVRES.DLL
2012-01-20 19:36:27 73064 ----a-w- c:\windows\system32\perf-MSSQL$SQLEXPRESS-sqlctr10.3.5500.0.dll
2012-01-20 19:36:11 80184 ----a-w- c:\windows\system32\drivers\ssudbus.sys
2012-01-20 19:36:11 181432 ----a-w- c:\windows\system32\drivers\ssudmdm.sys
2012-01-20 19:35:05 -------- d-----w- c:\windows\system32\System32
2012-01-20 19:27:57 6557240 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{bbf2d486-327f-4475-b374-f62ecce473e8}\mpengine.dll
2012-01-20 18:55:19 121816 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2012-01-14 13:55:50 67440 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-01-14 13:55:50 369352 ----a-w- c:\windows\system32\drivers\cng.sys
2012-01-14 13:55:50 314880 ----a-w- c:\windows\system32\webio.dll
2012-01-14 13:55:50 22528 ----a-w- c:\windows\system32\lsass.exe
2012-01-14 13:55:50 224768 ----a-w- c:\windows\system32\schannel.dll
2012-01-14 13:55:50 22016 ----a-w- c:\windows\system32\secur32.dll
2012-01-14 13:55:50 15872 ----a-w- c:\windows\system32\sspisrv.dll
2012-01-14 13:55:50 134000 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2012-01-14 13:55:50 1038848 ----a-w- c:\windows\system32\lsasrv.dll
2012-01-14 13:55:50 100352 ----a-w- c:\windows\system32\sspicli.dll
2012-01-11 20:32:09 1288472 ----a-w- c:\windows\system32\ntdll.dll
2012-01-11 20:32:08 514560 ----a-w- c:\windows\system32\qdvd.dll
2012-01-11 20:32:08 1328128 ----a-w- c:\windows\system32\quartz.dll
2012-01-11 20:32:03 67072 ----a-w- c:\windows\system32\packager.dll
2012-01-11 15:15:36 626688 ----a-w- c:\program files\mozilla firefox\msvcr80.dll
2012-01-11 15:15:36 548864 ----a-w- c:\program files\mozilla firefox\msvcp80.dll
2012-01-11 15:15:36 479232 ----a-w- c:\program files\mozilla firefox\msvcm80.dll
2012-01-11 15:15:36 43992 ----a-w- c:\program files\mozilla firefox\mozutils.dll
2012-01-04 10:24:06 -------- d-----w- c:\users\user\appdata\roaming\codeblocks
2012-01-04 10:00:53 -------- d-----w- c:\users\user\appdata\roaming\oald7
2011-12-29 14:09:52 -------- d-----w- c:\users\user\appdata\local\PreEmptive Solutions
2011-12-27 15:54:08 50200 ----a-w- c:\windows\system32\perf-SQLAgent$SQLEXPRESS-sqlagtctr10.1.2531.0.dll
2011-12-27 15:53:33 -------- d-----w- c:\windows\system32\RsFx
2011-12-27 15:50:28 -------- d-----w- c:\program files\Microsoft SQL Server
2011-12-27 15:48:44 -------- d-----w- c:\programdata\PreEmptive Solutions
2011-12-27 15:46:01 -------- d-----w- c:\program files\Microsoft ASP.NET
2011-12-27 15:45:49 -------- d-----w- c:\program files\IIS
2011-12-27 15:44:54 2420672 ----a-w- c:\programdata\microsoft\visualstudio\10.0\1033\ResourceCache.dll
2011-12-27 15:33:30 -------- d-----w- c:\windows\system32\1033
2011-12-27 15:33:02 -------- d-----w- c:\program files\Microsoft F#
2011-12-27 15:33:02 -------- d-----w- c:\program files\HTML Help Workshop
2011-12-27 15:33:01 -------- d-----w- c:\program files\Microsoft Visual Studio 10.0
2011-12-27 15:33:01 -------- d-----w- c:\program files\Microsoft Help Viewer
2011-12-27 15:33:01 -------- d-----w- c:\program files\common files\Merge Modules
2011-12-26 18:02:53 -------- d-----w- c:\users\user\appdata\roaming\Temp
2011-12-26 17:59:55 821824 ----a-w- c:\windows\system32\dgderapi.dll
2011-12-26 13:47:35 -------- d-----w- C:\Temp
2011-12-26 13:47:13 -------- d-----w- c:\users\user\appdata\local\Samsung
2011-12-26 13:47:08 -------- d-----w- c:\users\user\appdata\roaming\Samsung
2011-12-26 13:45:24 4659712 ----a-w- c:\windows\system32\Redemption.dll
2011-12-26 13:45:15 -------- d-----w- c:\program files\MarkAny
2011-12-26 13:44:42 -------- d-----w- c:\program files\Samsung
2011-12-26 13:44:02 -------- d-----w- c:\users\user\appdata\local\Downloaded Installations
2011-12-23 10:20:41 -------- d-----w- c:\windows\ko-KR
2011-12-23 10:20:40 -------- d-----w- c:\windows\system32\XPSViewer
2011-12-23 10:20:39 -------- d-----w- c:\windows\system32\drivers\umdf\ko-KR
2011-12-23 10:20:39 -------- d-----w- c:\windows\system32\drivers\ko-KR
2011-12-23 10:20:26 -------- d-----w- c:\windows\system32\ko
2011-12-23 10:20:25 -------- d-----w- c:\windows\system32\wbem\ko-KR
2011-12-23 10:16:28 3072 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\ko-kr\LXKPTPRC.DLL.mui
2011-12-23 10:16:26 377856 ----a-w- c:\program files\common files\microsoft shared\ink\mshwkor.dll
2011-12-23 10:16:26 13579776 ----a-w- c:\program files\common files\microsoft shared\ink\mshwkorr.dll
2011-12-23 10:15:48 -------- d-----w- c:\programdata\Samsung
2011-12-23 10:15:44 24576 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\ssp4mpc.dll
2011-12-23 09:27:05 2048 ----a-w- c:\windows\system32\tzres.dll
2011-12-23 09:27:03 2342912 ----a-w- c:\windows\system32\win32k.sys
2011-12-23 09:26:55 534528 ----a-w- c:\windows\system32\EncDec.dll
2011-12-23 09:26:54 38912 ----a-w- c:\windows\system32\csrsrv.dll
2011-12-23 09:26:50 3912560 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-12-23 09:26:49 3967856 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-12-22 19:27:51 -------- d-----w- c:\users\user\appdata\local\oald8
2011-12-22 19:27:50 -------- d-----w- c:\users\user\appdata\roaming\oald8
2011-12-22 19:26:20 -------- d-----w- c:\program files\Oxford
.
==================== Find3M ====================
.
2011-12-07 17:13:02 614400 ----a-w- c:\windows\AutoKMS.exe
2011-12-05 17:37:07 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-11-15 12:29:56 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-11-03 22:47:42 1798144 ----a-w- c:\windows\system32\jscript9.dll
2011-11-03 22:40:21 1427456 ----a-w- c:\windows\system32\inetcpl.cpl
2011-11-03 22:39:47 1127424 ----a-w- c:\windows\system32\wininet.dll
2011-11-03 22:31:57 2382848 ----a-w- c:\windows\system32\mshtml.tlb
.
============= FINISH: 23:23:05,01 ===============

I am looking forward to hearing from you. Thank you for your time and kind cooperation in advance.

Can someone help me, please?

EDIT: Please be patient. There are over 110 unanswered topics in this forum at present and the current average wait time to receive help is 5-6 days. ~Budapest

Edited by Budapest, 22 January 2012 - 05:29 PM.


BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 40,169 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:49 PM

Posted 26 January 2012 - 10:37 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.
===

Looking at this article you may have a false/positive.
http://answers.microsoft.com/en-us/windows/forum/windows_7-security/windows-7-ca-anti-spy-trojanwin32startpagefw/f122aa8e-7b33-4c65-913f-5183f7d98ad6

Scan the file for infection at:

>>> Run Jotti's malware scan: Please copy this line (in bold):
C:\\Windows\\System32\\mfplay.dll <- check the location of the file and make sure the path is correct. Not sure if you need the double \\ (back slash)
  • Go to Jotti's malware scan and click the Browse button,
  • A window will open, right-click in the File name field and choose Paste.
  • Click the Submit button and let the scan run uninterrupted.
  • At the end right-click the Permalink button and choose "Copy the link". Posted Image
  • Open Notepad (Start => All Programs => Accessories) and click "Edition" => "Paste".
Please copy and paste these Permalink in your next reply.
If Jotti is busy, please go to http://www.virustotal.com
===

Third party programs if not up to date can be the cause infiltration of an infection.

Please run this security check for my review.

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
===

Please let me know of any issues with this computer.

#3 nasdaq

nasdaq

  • Malware Response Team
  • 40,169 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:49 PM

Posted 02 February 2012 - 11:43 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users