Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Help me find our if my computer is infected


  • Please log in to reply
1 reply to this topic

#1 roadto

roadto

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:01:13 AM

Posted 30 January 2012 - 12:04 PM

Hi
My website was hacked over the weekend and someone from the hosting company who helped to restore it back to normal, advised that I need to scan and clean up all local machines. He said that in 9 out of 10 cases malware on a local machine steals the ftp access details from a computer. He also suggested running Microsoft Security Essentials, which is what I am currently doing.
My search on Google brought me to this forum and I would like to kindly request your help with identifying if there is any trojans or other malware on my computer. I have Windows 7 64 bit installed on a Dell laptop. As far as I can tell there are no particular symptoms to suggest it is infected but I need to be 100% sure. Microsoft Security Essentials have found and removed 2 potential threats so far and it is still running.
I have to admit that I always disable the Windows Firewall as I find it blocks absolutely everything! I have followed your instructions and the firewall is now enabled, as a result I can't even send an email! Is there a link to a guide on how to set up a firewall to do its job without blocking all my activities?

Please find my DDS log below and many thanks in advance:
.
DDS (Ver_2011-06-23.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_29
Run by dell at 16:18:04 on 2012-01-30
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.44.1033.18.6007.1835 [GMT 0:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\IDT\WDM\STacSV64.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE
C:\Windows\system32\conhost.exe
C:\Program Files\Dell\DW WLAN Card\bcmwltry.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files\IDT\WDM\AESTSr64.exe
C:\Windows\system32\svchost.exe -k apphost
C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\msftesql.exe
c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
c:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe
C:\Windows\system32\svchost.exe -k iissvcs
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Dell\DW WLAN Card\WLTRAY.EXE
C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files\desksware\Desktop iCalendar Lite\Desktop iCalendar Lite.exe
C:\Program Files (x86)\Veedid\Desktop To-do List\freeTodoList.exe
C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files (x86)\Skype\SkyHistory\SkyHistoryService.exe
C:\Program Files (x86)\ArcSoft\TotalMedia Backup\uBBMonitor.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\AmazonMTU\Utilities\amtu_daemon_w.exe
C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe
C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\splwow64.exe
C:\Program Files\Intel\TurboBoost\TurboBoost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Dell\DW WLAN Card\WLTRAY.EXE
C:\Program Files\IDT\WDM\sttray64.exe
C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files (x86)\Skype\SkyHistory\SkyHistoryService.exe
C:\Program Files (x86)\BBC iPlayer Desktop\BBC iPlayer Desktop.exe
C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE
C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Windows\splwow64.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
C:\Users\Berry\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Berry\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Berry\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Berry\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Berry\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Berry\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Berry\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Berry\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Berry\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Berry\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Berry\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Berry\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Berry\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Berry\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Berry\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Berry\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Berry\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Berry\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Berry\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Berry\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Berry\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Users\Berry\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Berry\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Berry\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Ask.com\Updater\Updater.exe
C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
C:\Users\Berry\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Berry\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Berry\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Berry\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Berry\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE
C:\Users\Berry\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Reader.exe
C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe
C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe
C:\Program Files (x86)\Evernote\Evernote\Evernote.exe
C:\Program Files (x86)\Evernote\Evernote\EvernoteTray.exe
C:\Users\Berry\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Berry\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Berry\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Berry\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Berry\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Berry\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Berry\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Berry\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Berry\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Berry\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Berry\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Berry\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Users\Berry\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe
C:\Windows\SysWOW64\NOTEPAD.EXE
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Program Files (x86)\Linn Systems\Linnworks\finawareStockControl.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\wbengine.exe
C:\Windows\System32\vds.exe
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\system32\taskeng.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
mURLSearchHooks: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\prxtbuTo0.dll
mWinlogon: Userinit=userinit.exe
BHO: Canon Easy-WebPrint EX BHO: {3785d0ad-bfff-47f6-bf5b-a587c162fed9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL
BHO: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\prxtbuTo0.dll
BHO: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
BHO: CutePDF Form Filler Helper: {d41289f2-69c6-417b-897e-c653d677cbaf} - C:\Program Files (x86)\Acro Software\CutePDF Pro\CPFillerCo.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: FreeRIP Toolbar: {e634228a-03cf-4bc8-b0ab-668257f1fd8c} - C:\Program Files (x86)\FreeRIP Toolbar\IE\4.9\freeripToolbarIE.dll
TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
TB: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\prxtbuTo0.dll
TB: Canon Easy-WebPrint EX: {759d9886-0c6f-4498-bab6-4a5f47c6c72f} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
TB: FreeRIP Toolbar: {e634228a-03cf-4bc8-b0ab-668257f1fd8c} - C:\Program Files (x86)\FreeRIP Toolbar\IE\4.9\freeripToolbarIE.dll
EB: Canon Easy-WebPrint EX: {21347690-ec41-4f9a-8887-1f4aee672439} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized
uRun: [Desktop iCalendar Lite.exe] "C:\Program Files\desksware\Desktop iCalendar Lite\Desktop iCalendar Lite.exe"
uRun: [Veedid Desktop To-Do List] C:\Program Files (x86)\Veedid\Desktop To-do List\freeTodoList.exe
uRun: [Google Update] "C:\Users\dell\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRunOnce: [Microsoft Security Client] C:\Program Files\Microsoft Security Client\msseces.exe /UpdateAndQuickScan /OpenWebPageOnClose
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun: [CanonSolutionMenuEx] C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE /logon
mRun: [IJNetworkScanUtility] C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe
mRun: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [<NO NAME>]
mRun: [SearchSettings] "C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe"
StartupFolder: C:\Users\dell\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\EVERNO~1.LNK - C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files (x86)\WIDCOMM\Bluetooth Software\BTTray.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SKYHIS~1.LNK - C:\Program Files (x86)\Skype\SkyHistory\SkyHistoryService.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\TOTALM~1.LNK - C:\Program Files (x86)\ArcSoft\TotalMedia Backup\uBBMonitor.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Add to Evernote 4.0 - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105
IE: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Trusted Zone: alipay.com
Trusted Zone: alisoft.com
Trusted Zone: taobao.com
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{7651E2DF-C777-416E-85B6-C258F114DB42} : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{7651E2DF-C777-416E-85B6-C258F114DB42}\45563686E6F607F6C696370264255454 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{7651E2DF-C777-416E-85B6-C258F114DB42}\84F6D656F5E4564777F627B6 : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{7651E2DF-C777-416E-85B6-C258F114DB42}\A5978554C4F5537373232716B6 : DhcpNameServer = 192.168.1.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Skype\SkyHistory\Skype4COM.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL
BHO-X64: Canon Easy-WebPrint EX BHO: {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll
BHO-X64: Canon Easy-WebPrint EX BHO - No File
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL
BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
BHO-X64: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\prxtbuTo0.dll
BHO-X64: uTorrentBar - No File
BHO-X64: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
BHO-X64: Ask Toolbar BHO - No File
BHO-X64: CutePDF Form Filler Helper: {D41289F2-69C6-417B-897E-C653D677CBAF} - C:\Program Files (x86)\Acro Software\CutePDF Pro\CPFillerCo.dll
BHO-X64: CutePDF Form Filler - No File
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: FreeRIP Toolbar: {E634228A-03CF-4BC8-B0AB-668257F1FD8C} - C:\Program Files (x86)\FreeRIP Toolbar\IE\4.9\freeripToolbarIE.dll
TB-X64: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
TB-X64: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\prxtbuTo0.dll
TB-X64: Canon Easy-WebPrint EX: {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
TB-X64: FreeRIP Toolbar: {E634228A-03CF-4BC8-B0AB-668257F1FD8C} - C:\Program Files (x86)\FreeRIP Toolbar\IE\4.9\freeripToolbarIE.dll
EB-X64: {21347690-EC41-4F9A-8887-1F4AEE672439} - No File
mRun-x64: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun-x64: [CanonSolutionMenuEx] C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE /logon
mRun-x64: [IJNetworkScanUtility] C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe
mRun-x64: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [(Default)]
mRun-x64: [SearchSettings] "C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe"
IE-X64: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204
IE-X64: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\dell\AppData\Roaming\Mozilla\Firefox\Profiles\v9nqvf3z.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: keyword.URL - hxxp://uk.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=386496&p=
FF - plugin: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL
FF - plugin: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrlui.dll
FF - plugin: C:\Program Files\Microsoft\Web Platform Installer\NPWPIDetector.dll
FF - plugin: C:\Users\dell\AppData\Local\Alibaba\AliSetup\0.1.0.51\npAliSetupOneClick.dll
FF - plugin: C:\Windows\system32\Wat\npWatWeb.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
============= SERVICES / DRIVERS ===============
.
R1 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AESTFilters;Andrea ST Filters Service;C:\Program Files\IDT\WDM\AESTSr64.exe [2011-4-24 89600]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-4-24 13336]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-11-30 366152]
R2 msftesql$SQLEXPRESS;SQL Server FullText Search (SQLEXPRESS);C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\msftesql.exe [2010-3-26 91992]
R2 TurboB;Turbo Boost UI Monitor driver;C:\Windows\system32\DRIVERS\TurboB.sys --> C:\Windows\system32\DRIVERS\TurboB.sys [?]
R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
R3 BcmVWL;Broadcom Virtual Wireless;C:\Windows\system32\DRIVERS\bcmvwl64.sys --> C:\Windows\system32\DRIVERS\bcmvwl64.sys [?]
R3 btusbflt;Bluetooth USB Filter;C:\Windows\system32\drivers\btusbflt.sys --> C:\Windows\system32\drivers\btusbflt.sys [?]
R3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\system32\DRIVERS\btwl2cap.sys --> C:\Windows\system32\DRIVERS\btwl2cap.sys [?]
R3 HECIx64;Intel® Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
R3 Impcd;Impcd;C:\Windows\system32\DRIVERS\Impcd.sys --> C:\Windows\system32\DRIVERS\Impcd.sys [?]
R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
R3 MpNWMon;Microsoft Malware Protection Network Driver;C:\Windows\system32\DRIVERS\MpNWMon.sys --> C:\Windows\system32\DRIVERS\MpNWMon.sys [?]
R3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 BVRPMPR5a64;BVRPMPR5a64 NDIS Protocol Driver;\??\C:\Windows\system32\drivers\BVRPMPR5a64.SYS --> C:\Windows\system32\drivers\BVRPMPR5a64.SYS [?]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-6-12 31125880]
S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2010-3-5 340240]
S3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\system32\Drivers\RtsUStor.sys --> C:\Windows\system32\Drivers\RtsUStor.sys [?]
S3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
S3 WSDPrintDevice;WSD Print Support via UMB;C:\Windows\system32\DRIVERS\WSDPrint.sys --> C:\Windows\system32\DRIVERS\WSDPrint.sys [?]
S3 WSDScan;WSD Scan Support via UMB;C:\Windows\system32\DRIVERS\WSDScan.sys --> C:\Windows\system32\DRIVERS\WSDScan.sys [?]
.
=============== Created Last 30 ================
.
2012-01-30 15:30:06 -------- d-----w- C:\Windows\pss
2012-01-30 15:04:40 69000 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{A0E7FA79-B41F-412C-9C30-177BCB0E8005}\offreg.dll
2012-01-30 14:55:57 917840 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{682EB7DC-C02B-4E67-909E-469D9693B832}\gapaengine.dll
2012-01-30 14:55:53 8602168 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{A0E7FA79-B41F-412C-9C30-177BCB0E8005}\mpengine.dll
2012-01-30 14:50:33 -------- d-----w- C:\Program Files (x86)\Microsoft Security Client
2012-01-30 14:50:25 -------- d-----w- C:\Program Files\Microsoft Security Client
2012-01-30 12:29:54 -------- d-----w- C:\Program Files (x86)\Trend Micro
2012-01-29 19:56:15 -------- d-----w- C:\Program Files (x86)\FreeRIP Toolbar
2012-01-29 19:56:15 -------- d-----w- C:\Program Files (x86)\Common Files\Spigot
2012-01-29 19:56:15 -------- d-----w- C:\Program Files (x86)\Application Updater
2012-01-29 18:50:42 2301208 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2012-01-29 18:50:23 42776 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2012-01-29 18:50:14 710992 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2012-01-27 09:28:33 8602168 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{F32DA276-F95E-460A-B596-FA8DCC5FBDB5}\mpengine.dll
2012-01-16 00:52:35 -------- d-----w- C:\Program Files (x86)\Common Files\The Imaging Source Europe GmbH
2012-01-16 00:52:35 -------- d-----w- C:\Program Files (x86)\Common Files\Data Dynamics
2012-01-16 00:52:34 -------- d-----w- C:\ProgramData\FrogWare
2012-01-16 00:52:34 -------- d-----w- C:\Program Files (x86)\FrogWare
2012-01-16 00:52:34 -------- d-----w- C:\Program Files (x86)\Common Files\Farpoint
2012-01-16 00:52:34 -------- d-----w- C:\Program Files (x86)\Common Files\Component One
2012-01-16 00:52:15 -------- d-----w- C:\Program Files (x86)\Common Files\Wise Installation Wizard
2012-01-16 00:45:29 -------- d-----w- C:\Program Files (x86)\Veedid
2012-01-16 00:39:29 -------- d-----w- C:\Users\dell\AppData\Roaming\desksware
2012-01-16 00:39:29 -------- d-----w- C:\Program Files\desksware
2012-01-14 12:00:04 1572864 ----a-w- C:\Windows\System32\quartz.dll
2012-01-14 12:00:04 1328640 ----a-w- C:\Windows\SysWow64\quartz.dll
2012-01-14 12:00:03 514560 ----a-w- C:\Windows\SysWow64\qdvd.dll
2012-01-14 12:00:03 366592 ----a-w- C:\Windows\System32\qdvd.dll
2012-01-14 11:59:59 1739160 ----a-w- C:\Windows\System32\ntdll.dll
2012-01-14 11:59:59 1292592 ----a-w- C:\Windows\SysWow64\ntdll.dll
2012-01-14 11:59:53 77312 ----a-w- C:\Windows\System32\packager.dll
2012-01-14 11:59:53 67072 ----a-w- C:\Windows\SysWow64\packager.dll
.
==================== Find3M ====================
.
2012-01-04 09:26:37 279096 ------w- C:\Windows\System32\MpSigStub.exe
2011-11-24 05:00:47 3141632 ----a-w- C:\Windows\System32\win32k.sys
2011-11-05 05:17:42 2048 ----a-w- C:\Windows\System32\tzres.dll
2011-11-05 04:30:11 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2011-11-04 01:53:39 2309120 ----a-w- C:\Windows\System32\jscript9.dll
2011-11-04 01:44:47 1390080 ----a-w- C:\Windows\System32\wininet.dll
2011-11-04 01:44:21 1493504 ----a-w- C:\Windows\System32\inetcpl.cpl
2011-11-04 01:34:43 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2011-11-03 22:47:42 1798144 ----a-w- C:\Windows\SysWow64\jscript9.dll
2011-11-03 22:40:21 1427456 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2011-11-03 22:39:47 1127424 ----a-w- C:\Windows\SysWow64\wininet.dll
2011-11-03 22:31:57 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2011-06-13 21:48:15 487607 ----a-w- C:\Program Files (x86)\uninstall.exe
2010-07-08 19:01:42 57344 ----a-w- C:\Program Files (x86)\AptanaStudio.exe
.
============= FINISH: 16:19:06.67 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 40,736 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:13 PM

Posted 03 February 2012 - 10:50 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.
===

Please download Malwarebytes Anti-Malware and save it to your desktop.
  • alternate download link 2
    • Make sure you are connected to the Internet.
    • Double-click on Download_mbam-setup.exe to install the application.
    • When the installation begins, follow the prompts and do not make any changes to default settings.
    • When installation has finished, make sure you leave both of these checked:[list]
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
  • MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.
  • On the Scanner tab:
    • Make sure the "Perform Quick Scan" option is selected.
    • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
  • Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

For complete or visual instructions on installing and running Malwarebytes Anti-Malware please read this link

Post back with the Malwarebytes Anti-Malware log once it's complete.
===

Third party programs if not up to date can be the cause infiltration of an infection.

Please run this security check for my review.

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
===

Please post these logs and include a fresh DDS log for my review.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users