Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Malware removal


  • This topic is locked This topic is locked
15 replies to this topic

#1 Ulf

Ulf

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:11:49 AM

Posted 02 July 2012 - 09:39 AM

Hello,

My son picked up a malware from Windows Messenger.
I downloaded Spybot S&D and Malwarebytes to try to get rid of it, but the malware trace continue to come up when running the programs.
As it is still there got the HijackThis, as I understand my son has no CD/DVD emulation programs, however I have not been able to download the DSS program. I tried also with another computer, it appears the link is not working.
I enclose the GMER and Hijackthis log.

Kind regards
Ulf

Attached Files



BC AdBot (Login to Remove)

 


#2 Ulf

Ulf
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:11:49 AM

Posted 02 July 2012 - 10:30 AM

Hi again,

Managed to get the DDS file too through another browser.

Ulf

Attached Files

  • Attached File  DDS.txt   35.83KB   5 downloads


#3 TheShooter93

TheShooter93

    Cody


  • Malware Response Team
  • 4,792 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Orlando, Florida
  • Local time:12:49 PM

Posted 04 July 2012 - 11:00 PM

Hello Ulf,

My name is Cody. I'll be helping you clean up your computer.

Can you please run DDS again, then copy and paste the log it produces in your next reply instead of attaching it as a file. Some reasons I ask this are explained below.

Once you have done so, please give me some time to analyze it.

I will reply as soon as possible (typically within 24 hours, if any longer you will be notified).

Also, please describe any symptoms you are experiencing due to the malware. Any and all details are important.

----------------------------------------------------

Some additional points for you to keep in mind:

  • Do NOT run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.

NOTE: When you post your reply, do not use the Posted Image button but use the Posted Image button instead.

In the upper right hand corner of the topic you will see the Posted Image button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planned. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

Edited by TheShooter93, 04 July 2012 - 11:10 PM.

CCNA R&SCCNA Security | Network+  |  B.S. - Information Technology | Cyber Security Engineer

If I am helping you and have not replied within 48 hours, please send me a private message.

 

 


#4 Ulf

Ulf
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:11:49 AM

Posted 05 July 2012 - 06:07 AM

Hi Cody, thanks for helping me.
My son is not using Windows IE so we haven't seen what the program would be doing with this browser, but assume it would not be good. The malware keeps sending Windows Messenger invites to his friends to click on a photo and to get infected too (he has told everyone to keep away from it). I did run the Spybot and Malwarebytes programs earlier on picking up trojans and malware and have the logs, but not now after your advise to not run any tools.

Best
Ulf

Here is the new DDS log:


.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421
Run by Henrik at 7:42:03 on 2012-07-05
Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.55.1046.18.2037.1107 [GMT -3:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\WLTRYSVC.EXE
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\bcmwltry.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\aestsrv.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
C:\Windows\system32\mfevtps.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Microsoft\BingBar\SeaPort.EXE
C:\Windows\system32\STacSV.exe
C:\Windows\system32\rundll32.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\McAfee Online Backup\MOBKbackup.exe
C:\Program Files\McAfee Online Backup\MOBKbackup.exe
C:\Program Files\McAfee Online Backup\MOBKbackup.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Dell\MediaDirect\PCMService.exe
C:\Windows\System32\WLTRAY.EXE
C:\Windows\OEM02Mon.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Dell\DELL Webcam Manager\DellWMgr.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Windows\system32\igfxsrvc.exe
C:\Users\Henrik\AppData\Local\vcsjdr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Windows Mail\WinMail.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\common files\mcafee\systemcore\ScriptSn.20120627143739.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - c:\program files\windows live\companion\companioncore.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
uRun: [DELL Webcam Manager] "c:\program files\dell\dell webcam manager\DellWMgr.exe" /s
uRun: [Google Update] "c:\users\henrik\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [wohruikl] c:\users\henrik\appdata\local\vcsjdr.exe
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [PCMService] "c:\program files\dell\mediadirect\PCMService.exe"
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [OEM02Mon.exe] c:\windows\OEM02Mon.exe
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [mcui_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\sttray.exe
StartupFolder: c:\users\henrik\appdata\roaming\microsoft\windows\start menu\programs\startup\tpibq.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{2BE0DBFC-066D-4474-9740-1CC29E96D0F7} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{421B4B7A-44DD-462C-B4EE-BA91D451DC41} : DhcpNameServer = 192.168.1.1
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Notify: igfxcui - igfxdev.dll
.
============= SERVICES / DRIVERS ===============
.
R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2012-2-22 464304]
R1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\drivers\mfenlfk.sys [2012-6-16 64912]
R1 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2012-6-16 169608]
R1 MOBKFilter;MOBKFilter;c:\windows\system32\drivers\MOBK.sys [2012-6-16 54776]
R2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\AEstSrv.exe [2012-6-15 73728]
R2 FontCache;Serviço de Cache de Fontes do Windows;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2012-6-16 214904]
R2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2012-6-16 214904]
R2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2012-6-16 214904]
R2 McProxy;McAfee Proxy Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2012-6-16 214904]
R2 McShield;McAfee McShield;c:\program files\common files\mcafee\systemcore\mcshield.exe [2012-6-16 166288]
R2 mfefire;McAfee Firewall Core Service;c:\program files\common files\mcafee\systemcore\mfefire.exe [2012-6-16 161632]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2012-6-16 151880]
R2 MOBKbackup;1%;c:\program files\mcafee online backup\MOBKbackup.exe [2010-4-13 229688]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2012-6-28 1153368]
R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2012-6-16 57600]
R3 IntcHdmiAddService;Intel® High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [2012-6-15 111616]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2012-6-16 180848]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2012-6-16 59456]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2012-6-16 340920]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 BBSvc;Bing Bar Update Service;c:\program files\microsoft\bingbar\BBSvc.EXE [2011-4-1 183560]
S3 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr.sys [2012-6-17 39272]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2012-3-8 1492840]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2012-7-3 40776]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2012-6-16 87656]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\windows live\mesh\wlcrasvc.exe [2010-9-22 51040]
.
=============== Created Last 30 ================
.
2012-07-04 23:06:50 -------- d-----w- c:\users\henrik\appdata\local\{1F87EC50-A2E6-49EB-B314-2E8AF0F2A946}
2012-07-04 23:06:38 -------- d-----w- c:\users\henrik\appdata\local\{7980DFB4-0A87-4D9A-A438-2F46C2677FE9}
2012-07-04 11:06:09 -------- d-----w- c:\users\henrik\appdata\local\{EDCBBAB9-F409-4FFB-BD36-E4AECCEA7F40}
2012-07-04 11:05:58 -------- d-----w- c:\users\henrik\appdata\local\{2FBC71FF-34B2-4612-BC8E-E7ADDCDCA857}
2012-07-03 23:05:41 -------- d-----w- c:\users\henrik\appdata\local\{7274CE5F-0C40-41FD-92E4-2431001D1E9E}
2012-07-03 23:04:50 -------- d-----w- c:\users\henrik\appdata\local\{4A86B48E-062C-4048-8A39-1C0AC5A72433}
2012-07-03 14:36:43 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2012-07-03 10:49:01 -------- d-----w- c:\users\henrik\appdata\local\{A7537BCA-BDDC-40BF-A484-F556D00AD81B}
2012-07-03 10:48:50 -------- d-----w- c:\users\henrik\appdata\local\{E8C9588B-F438-42E7-A6E0-6C838749BC5E}
2012-07-02 22:48:15 -------- d-----w- c:\users\henrik\appdata\local\{20E71473-3D53-4347-9647-4719FD0F08C8}
2012-07-02 22:48:03 -------- d-----w- c:\users\henrik\appdata\local\{0D6DBAAC-4644-479C-B2C9-BDD48EA30195}
2012-07-02 15:19:59 -------- d-----w- c:\users\henrik\appdata\local\Mozilla
2012-07-02 01:05:36 -------- d-----w- c:\users\henrik\appdata\local\{507523B1-EB37-4E4D-81EE-338313151BCF}
2012-07-02 01:04:31 -------- d-----w- c:\users\henrik\appdata\local\{FBA44A11-9D8F-45A2-B59F-D1143F1CFB15}
2012-07-01 13:03:49 -------- d-----w- c:\users\henrik\appdata\local\{5771C4E1-7FFA-4E0E-9805-BD2A78FF70F9}
2012-07-01 13:03:37 -------- d-----w- c:\users\henrik\appdata\local\{7FD0C48D-607D-4069-A972-E32D71AC1198}
2012-07-01 01:02:55 -------- d-----w- c:\users\henrik\appdata\local\{45059BBB-7D6F-40EE-8373-BF53F38E3966}
2012-07-01 01:02:19 -------- d-----w- c:\users\henrik\appdata\local\{0B5FC163-FB0F-4637-BAE5-01D73993D625}
2012-06-30 22:30:09 -------- d-----w- c:\program files\CCleaner
2012-06-30 21:47:23 -------- d-----w- c:\program files\Trend Micro
2012-06-30 13:01:40 -------- d-----w- c:\users\henrik\appdata\local\{259B59E9-5CFC-4E9F-8E53-4ED3739E71C0}
2012-06-30 13:01:27 -------- d-----w- c:\users\henrik\appdata\local\{BB72D00B-E88C-44B0-9129-1E62F084BEDA}
2012-06-30 00:07:32 -------- d-----w- c:\users\henrik\appdata\local\{AC1FBF2E-E97B-46A8-A42A-D26F7B32299E}
2012-06-30 00:07:18 -------- d-----w- c:\users\henrik\appdata\local\{5FE155C3-1300-4C34-AA04-9A4D4051B3DE}
2012-06-29 12:07:01 -------- d-----w- c:\users\henrik\appdata\local\{67CF0EDF-F1E6-44D9-B88B-C2F3E99DFC65}
2012-06-29 12:06:46 -------- d-----w- c:\users\henrik\appdata\local\{5DD2D7E9-7F10-48F1-8942-4A79EF1D93CD}
2012-06-29 00:16:45 -------- d-----w- c:\users\henrik\appdata\roaming\Malwarebytes
2012-06-29 00:16:32 -------- d-----w- c:\programdata\Malwarebytes
2012-06-29 00:16:28 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-29 00:16:27 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-06-29 00:06:16 -------- d-----w- c:\users\henrik\appdata\local\{EA9CF3C4-5074-450E-A549-B100E30F82BA}
2012-06-29 00:06:06 -------- d-----w- c:\users\henrik\appdata\local\{336C1C83-9777-4120-ADBA-9444A10C504F}
2012-06-28 18:34:50 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2012-06-28 18:34:50 -------- d-----w- c:\program files\Spybot - Search & Destroy
2012-06-28 15:37:17 192004 --sh--r- c:\users\henrik\appdata\local\vcsjdr.exe
2012-06-28 15:37:17 192004 --s---r- c:\users\henrik\appdata\roaming\microsoft\windows\start menu\programs\startup\tpibq.exe
2012-06-28 10:01:22 -------- d-----w- c:\users\henrik\appdata\local\{8CF76113-FE48-4E0E-B6A8-A1AF9E900646}
2012-06-28 10:01:10 -------- d-----w- c:\users\henrik\appdata\local\{1D981108-DCAA-4968-A105-C004A60A6C46}
2012-06-27 19:54:26 -------- d-----w- c:\windows\ShellNew
2012-06-27 16:02:20 -------- d-----w- c:\users\henrik\appdata\local\Facebook
2012-06-27 16:01:36 -------- d-----w- c:\users\henrik\appdata\local\{E7ABDE9E-EBB3-4797-AD08-E9343D338AFA}
2012-06-27 16:01:10 -------- d-----w- c:\users\henrik\appdata\local\{8B8FAE43-049D-45D5-80A3-924DD87CFB85}
2012-06-26 22:08:17 -------- d-----w- c:\users\henrik\appdata\local\{D68DC314-ED51-416F-A90A-09FE3EC92EA5}
2012-06-26 22:08:05 -------- d-----w- c:\users\henrik\appdata\local\{6A4278E1-4B21-4DA9-BEA6-BCE9BA77126D}
2012-06-26 10:07:25 -------- d-----w- c:\users\henrik\appdata\local\{182EB432-184E-48AA-B1C7-DA5831382A8C}
2012-06-26 10:06:52 -------- d-----w- c:\users\henrik\appdata\local\{22E11D2A-C960-4634-B87B-29123378439E}
2012-06-25 18:09:12 -------- d-----w- c:\users\henrik\appdata\local\{617D667D-17E8-4260-A3A9-7C5BBD1D1C35}
2012-06-25 01:25:30 -------- d-----w- c:\users\henrik\appdata\local\{C8647A75-2DF2-4598-8E45-F8B7CEA3863E}
2012-06-24 13:05:14 -------- d-----w- c:\users\henrik\appdata\local\{1395ACA0-F3FE-411C-9F4D-4FBF59834B4F}
2012-06-24 13:04:41 -------- d-----w- c:\users\henrik\appdata\local\{3461A290-04EF-420C-A38E-FBCCCA5E51A1}
2012-06-23 20:40:41 -------- d-----w- c:\users\henrik\appdata\local\{5CB67DE9-96BE-4C3A-A340-A3844522578B}
2012-06-23 20:40:05 -------- d-----w- c:\users\henrik\appdata\local\{11593F05-E1B9-47F4-A171-5138C7C93F60}
2012-06-22 23:57:42 -------- d-----w- c:\users\henrik\appdata\local\{0997AACA-2C96-454B-AE28-961EC0BC3176}
2012-06-22 23:56:27 -------- d-----w- c:\users\henrik\appdata\local\{68A25C83-AFFD-4FF2-BD98-6734BE043E86}
2012-06-22 10:00:12 -------- d-----w- c:\users\henrik\appdata\local\{809E4A8E-7D5D-4366-A6D6-2765B70E842A}
2012-06-22 09:59:51 -------- d-----w- c:\users\henrik\appdata\local\{A6A2BD53-ACFB-499E-912F-E6817300F7C3}
2012-06-21 20:44:52 -------- d-----w- c:\users\henrik\appdata\local\{8E2743B9-4B57-491C-8828-BF5B57A42FD2}
2012-06-21 20:44:22 -------- d-----w- c:\users\henrik\appdata\local\{21928415-B9A0-4022-961B-3D3762617878}
2012-06-20 15:53:31 -------- d-----w- c:\users\henrik\appdata\local\{2596FA46-1B2D-4163-B10C-9CC1F4994CAB}
2012-06-20 15:53:03 -------- d-----w- c:\users\henrik\appdata\local\{94988028-9D24-4495-99D9-EB1FF5DB900C}
2012-06-20 15:53:03 -------- d-----w- c:\users\henrik\appdata\local\{13D67989-FC03-4AC9-BE4B-2566554152CE}
2012-06-19 23:52:07 -------- d-----w- c:\users\henrik\appdata\local\{EC7917C1-3689-4589-ACD0-BE04BE42397C}
2012-06-19 23:51:54 -------- d-----w- c:\users\henrik\appdata\local\{A08CF660-BD09-49DB-B138-7C0867AE8BF5}
2012-06-19 12:15:01 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-06-19 12:14:45 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-06-19 12:14:38 33792 ----a-w- c:\windows\system32\wuapp.exe
2012-06-19 12:14:38 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-19 11:49:06 -------- d-----w- c:\users\henrik\appdata\local\{453E1C2D-1879-4C86-AF11-FEB356CD7A2C}
2012-06-19 11:47:53 -------- d-----w- c:\users\henrik\appdata\local\{F0C0B82E-1099-47C4-9E1B-492CA64C7142}
2012-06-18 18:41:52 -------- d-----w- c:\users\henrik\appdata\local\{9BAE5139-4EEB-44DC-A1C9-0EA95B93F510}
2012-06-18 06:00:37 -------- d-----w- c:\users\henrik\appdata\local\{A117FB2F-2005-479A-AB9F-7A99C44CD518}
2012-06-17 17:20:54 -------- d-----w- c:\program files\Microsoft WSE
2012-06-17 17:20:43 2414360 ----a-w- c:\windows\system32\d3dx9_31.dll
2012-06-17 16:48:13 -------- d-----w- c:\users\henrik\appdata\local\{12228782-D067-4CED-86C0-44F4FF1170F2}
2012-06-17 16:47:50 -------- d-----w- c:\users\henrik\Tracing
2012-06-17 16:15:12 39272 ----a-w- c:\windows\system32\drivers\fssfltr.sys
2012-06-17 16:05:37 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2012-06-17 15:59:35 -------- d-----w- c:\windows\PCHEALTH
2012-06-17 15:55:02 -------- d-----w- c:\program files\Microsoft
2012-06-17 15:54:48 69464 ----a-w- c:\windows\system32\XAPOFX1_3.dll
2012-06-17 15:54:48 515416 ----a-w- c:\windows\system32\XAudio2_5.dll
2012-06-17 15:54:48 453456 ----a-w- c:\windows\system32\d3dx10_42.dll
2012-06-17 15:52:40 3426072 ----a-w- c:\windows\system32\d3dx9_32.dll
2012-06-17 15:50:10 7450888 ----a-w- c:\program files\common files\windows live\.cache\d9a975801cd4ca006\bingbarsetup.exe
2012-06-17 15:48:46 15712 ----a-w- c:\program files\common files\windows live\.cache\ad535c801cd4ca005\MeshBetaRemover.exe
2012-06-17 15:48:41 754688 ----a-w- c:\windows\system32\webservices.dll
2012-06-17 15:48:39 89944 ----a-w- c:\program files\common files\windows live\.cache\a7c90e901cd4ca004\DSETUP.dll
2012-06-17 15:48:39 537432 ----a-w- c:\program files\common files\windows live\.cache\a7c90e901cd4ca004\DXSETUP.exe
2012-06-17 15:48:39 1801048 ----a-w- c:\program files\common files\windows live\.cache\a7c90e901cd4ca004\dsetup32.dll
2012-06-17 15:48:04 94040 ----a-w- c:\program files\common files\windows live\.cache\93772ee01cd4ca003\DSETUP.dll
2012-06-17 15:48:04 525656 ----a-w- c:\program files\common files\windows live\.cache\93772ee01cd4ca003\DXSETUP.exe
2012-06-17 15:48:04 1691480 ----a-w- c:\program files\common files\windows live\.cache\93772ee01cd4ca003\dsetup32.dll
2012-06-17 15:47:30 6260088 ----a-w- c:\program files\common files\windows live\.cache\7d4953a01cd4ca002\Silverlight.4.0.exe
2012-06-17 15:46:18 876032 ----a-w- c:\windows\system32\XpsPrint.dll
2012-06-17 15:46:14 1069056 ----a-w- c:\windows\system32\DWrite.dll
2012-06-17 15:46:13 219648 ----a-w- c:\windows\system32\d3d10_1core.dll
2012-06-17 15:46:12 1172480 ----a-w- c:\windows\system32\d3d10warp.dll
2012-06-17 15:46:11 683008 ----a-w- c:\windows\system32\d2d1.dll
2012-06-17 15:46:11 160768 ----a-w- c:\windows\system32\d3d10_1.dll
2012-06-17 15:46:04 -------- d-----w- c:\users\henrik\appdata\local\Windows Live
2012-06-17 02:18:21 -------- d-----w- c:\program files\Windows Portable Devices
2012-06-17 01:12:02 92672 ----a-w- c:\windows\system32\UIAnimation.dll
2012-06-17 01:12:01 3023360 ----a-w- c:\windows\system32\UIRibbon.dll
2012-06-17 01:12:01 1164800 ----a-w- c:\windows\system32\UIRibbonRes.dll
2012-06-17 01:10:34 369664 ----a-w- c:\windows\system32\WMPhoto.dll
2012-06-17 01:10:32 974848 ----a-w- c:\windows\system32\WindowsCodecs.dll
2012-06-17 01:10:32 321024 ----a-w- c:\windows\system32\PhotoMetadataHandler.dll
2012-06-17 01:10:32 252928 ----a-w- c:\windows\system32\dxdiag.exe
2012-06-17 01:10:32 195584 ----a-w- c:\windows\system32\dxdiagn.dll
2012-06-17 01:10:32 189440 ----a-w- c:\windows\system32\WindowsCodecsExt.dll
2012-06-17 01:10:31 519680 ----a-w- c:\windows\system32\d3d11.dll
2012-06-17 00:57:36 5120 ----a-w- c:\windows\system32\wmi.dll
2012-06-17 00:57:36 172032 ----a-w- c:\windows\system32\wintrust.dll
2012-06-17 00:57:36 157696 ----a-w- c:\windows\system32\imagehlp.dll
2012-06-17 00:57:36 12800 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-06-17 00:11:22 936960 ----a-w- c:\program files\common files\microsoft shared\ink\journal.dll
2012-06-17 00:11:22 1404928 ----a-w- c:\program files\common files\microsoft shared\ink\InkObj.dll
2012-06-17 00:11:04 680448 ----a-w- c:\windows\system32\msvcrt.dll
2012-06-17 00:09:23 98816 ----a-w- c:\windows\system32\mfps.dll
2012-06-17 00:09:23 258048 ----a-w- c:\windows\system32\winspool.drv
2012-06-17 00:09:21 26112 ----a-w- c:\windows\system32\printfilterpipelineprxy.dll
2012-06-17 00:08:52 293376 ----a-w- c:\windows\system32\psisdecd.dll
2012-06-17 00:08:51 217088 ----a-w- c:\windows\system32\psisrndr.ax
2012-06-17 00:08:50 57856 ----a-w- c:\windows\system32\MSDvbNP.ax
2012-06-17 00:08:49 69632 ----a-w- c:\windows\system32\Mpeg2Data.ax
2012-06-17 00:08:32 1029120 ----a-w- c:\windows\system32\d3d10.dll
2012-06-17 00:08:31 797696 ----a-w- c:\windows\system32\FntCache.dll
2012-06-17 00:08:30 486400 ----a-w- c:\windows\system32\d3d10level9.dll
2012-06-17 00:08:30 189952 ----a-w- c:\windows\system32\d3d10core.dll
2012-06-17 00:08:28 288768 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2012-06-17 00:08:28 1554432 ----a-w- c:\windows\system32\xpsservices.dll
2012-06-17 00:08:27 847360 ----a-w- c:\windows\system32\OpcServices.dll
2012-06-17 00:07:06 189952 ----a-w- c:\windows\system32\winmm.dll
2012-06-17 00:07:05 23552 ----a-w- c:\windows\system32\mciseq.dll
2012-06-17 00:06:55 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll
2012-06-17 00:06:55 4096 ----a-w- c:\windows\system32\oleaccrc.dll
2012-06-17 00:06:54 238080 ----a-w- c:\windows\system32\oleacc.dll
2012-06-17 00:06:52 563712 ----a-w- c:\windows\system32\oleaut32.dll
2012-06-17 00:05:29 905600 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-06-17 00:05:25 1205064 ----a-w- c:\windows\system32\ntdll.dll
2012-06-17 00:05:20 984064 ----a-w- c:\windows\system32\crypt32.dll
2012-06-17 00:05:19 133120 ----a-w- c:\windows\system32\cryptsvc.dll
2012-06-17 00:05:16 98304 ----a-w- c:\windows\system32\cryptnet.dll
2012-06-17 00:04:55 376320 ----a-w- c:\windows\system32\winsrv.dll
2012-06-17 00:04:51 53120 ----a-w- c:\windows\system32\drivers\partmgr.sys
2012-06-17 00:02:32 2409784 ----a-w- c:\program files\windows mail\OESpamFilter.dat
2012-06-17 00:01:49 2048 ----a-w- c:\windows\system32\tzres.dll
2012-06-16 23:59:56 429056 ----a-w- c:\windows\system32\EncDec.dll
2012-06-16 23:59:32 66560 ----a-w- c:\windows\system32\packager.dll
2012-06-16 23:26:32 231424 ----a-w- c:\windows\system32\msshsq.dll
2012-06-16 23:25:18 1314816 ----a-w- c:\windows\system32\quartz.dll
2012-06-16 23:25:16 497152 ----a-w- c:\windows\system32\qdvd.dll
2012-06-16 23:24:48 2045440 ----a-w- c:\windows\system32\win32k.sys
2012-06-16 23:24:42 278528 ----a-w- c:\windows\system32\schannel.dll
2012-06-16 23:24:41 440192 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-06-16 23:24:40 1259008 ----a-w- c:\windows\system32\lsasrv.dll
2012-06-16 23:24:39 377344 ----a-w- c:\windows\system32\winhttp.dll
2012-06-16 23:24:37 72704 ----a-w- c:\windows\system32\secur32.dll
2012-06-16 23:24:36 9728 ----a-w- c:\windows\system32\lsass.exe
2012-06-16 23:24:29 707584 ----a-w- c:\program files\common files\system\wab32.dll
2012-06-16 23:24:08 49152 ----a-w- c:\windows\system32\csrsrv.dll
2012-06-16 23:23:32 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-06-16 23:23:27 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-06-16 23:22:59 180736 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-06-16 21:44:20 613376 ----a-w- c:\windows\system32\rdpencom.dll
2012-06-16 21:38:23 -------- d-----w- c:\users\henrik\appdata\local\{AE01BEEB-0AEE-416B-AA06-43C63B33216D}
2012-06-16 20:07:04 -------- d-----w- c:\windows\system32\eu-ES
2012-06-16 20:07:04 -------- d-----w- c:\windows\system32\ca-ES
2012-06-16 20:07:03 -------- d-----w- c:\windows\system32\vi-VN
2012-06-16 16:12:28 -------- d-----w- c:\windows\system32\EventProviders
2012-06-16 16:06:59 87552 ----a-w- c:\windows\system32\SearchFilterHost.exe
2012-06-16 16:05:59 93696 ----a-w- c:\windows\system32\drivers\bridge.sys
2012-06-16 16:05:59 41472 ----a-w- c:\windows\system32\drivers\raspppoe.sys
2012-06-16 16:05:59 15872 ----a-w- c:\windows\system32\drivers\usb8023.sys
2012-06-16 16:05:58 7168 ----a-w- c:\windows\system32\f3ahvoas.dll
2012-06-16 16:05:58 2560 ----a-w- c:\windows\system32\msimsg.dll
2012-06-16 16:04:24 83968 ----a-w- c:\windows\system32\wbem\wmiutils.dll
2012-06-16 16:04:24 744448 ----a-w- c:\windows\system32\wbem\wbemcore.dll
2012-06-16 16:04:24 614912 ----a-w- c:\windows\system32\wbem\fastprox.dll
2012-06-16 16:04:24 30208 ----a-w- c:\windows\system32\wbem\wbemprox.dll
2012-06-16 16:04:24 265728 ----a-w- c:\windows\system32\wbem\repdrvfs.dll
2012-06-16 16:04:24 265728 ----a-w- c:\windows\system32\wbem\esscli.dll
2012-06-16 16:04:24 189440 ----a-w- c:\windows\system32\wbem\mofd.dll
2012-06-16 16:04:14 705536 ----a-w- c:\windows\system32\SmiEngine.dll
2012-06-16 16:03:56 218624 ----a-w- c:\windows\system32\wdscore.dll
2012-06-16 16:03:56 130560 ----a-w- c:\windows\system32\PkgMgr.exe
2012-06-16 16:02:58 247808 ----a-w- c:\windows\system32\drvstore.dll
2012-06-16 14:55:51 -------- d-----w- c:\program files\McAfeeMOBK
2012-06-16 14:55:42 54776 ----a-w- c:\windows\system32\drivers\MOBK.sys
2012-06-16 14:55:33 -------- d-----w- c:\program files\McAfee Online Backup
2012-06-16 14:54:04 9608 ----a-w- c:\windows\system32\drivers\mfeclnk.sys
2012-06-16 14:53:56 169608 ----a-w- c:\windows\system32\drivers\mfewfpk.sys
2012-06-16 14:53:55 87656 ----a-w- c:\windows\system32\drivers\mferkdet.sys
2012-06-16 14:53:55 64912 ----a-w- c:\windows\system32\drivers\mfenlfk.sys
2012-06-16 14:53:55 340920 ----a-w- c:\windows\system32\drivers\mfefirek.sys
2012-06-16 14:53:54 59456 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2012-06-16 14:53:54 180848 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2012-06-16 14:53:53 57600 ----a-w- c:\windows\system32\drivers\cfwids.sys
2012-06-16 14:53:46 -------- d-----w- c:\program files\common files\Mcafee
2012-06-16 14:53:45 -------- d-----w- c:\program files\McAfee.com
2012-06-16 14:53:41 -------- d-----w- c:\program files\McAfee
2012-06-16 14:06:31 151880 ----a-w- c:\windows\system32\mfevtps.exe
2012-06-16 13:42:01 411648 ----a-w- c:\windows\system32\drivers\http.sys
2012-06-16 13:42:01 30720 ----a-w- c:\windows\system32\httpapi.dll
2012-06-16 13:42:01 24064 ----a-w- c:\windows\system32\nshhttp.dll
2012-06-16 13:40:01 125952 ----a-w- c:\windows\system32\srvsvc.dll
2012-06-16 13:40:00 17920 ----a-w- c:\windows\system32\netevent.dll
2012-06-16 13:21:31 -------- d-----w- c:\users\henrik\appdata\local\{1F729599-C10F-4A96-B21A-26880A769F5C}
2012-06-16 13:20:48 -------- d-----w- c:\users\henrik\appdata\local\{6A365D00-6E97-4F71-AD2D-588CD826D53B}
2012-06-16 13:09:26 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2012-06-16 13:09:26 49472 ----a-w- c:\windows\system32\netfxperf.dll
2012-06-16 13:09:26 297808 ----a-w- c:\windows\system32\mscoree.dll
2012-06-16 13:09:26 295264 ----a-w- c:\windows\system32\PresentationHost.exe
2012-06-16 13:09:26 1130824 ----a-w- c:\windows\system32\dfshim.dll
2012-06-16 12:52:06 -------- d-----w- c:\users\henrik\appdata\local\{4F407033-432A-49AD-B633-6C62436D28D7}
2012-06-16 04:14:53 -------- d-----w- c:\windows\Panther
2012-06-16 04:14:38 -------- d-sh--w- C:\Boot
2012-06-16 04:14:20 -------- d-----w- c:\windows\system32\OEM
2012-06-16 04:13:25 -------- d-----w- c:\windows\system32\en
2012-06-16 04:13:25 -------- d-----w- c:\windows\system32\0409
2012-06-16 04:13:25 -------- d-----w- c:\windows\pt-BR
2012-06-16 04:13:25 -------- d-----w- c:\windows\en-US
2012-06-16 04:13:24 -------- d-----w- c:\windows\system32\wbem\pt-BR
2012-06-16 04:13:24 -------- d-----w- c:\windows\system32\wbem\en-US
2012-06-16 04:13:24 -------- d-----w- c:\windows\system32\drivers\umdf\pt-BR
2012-06-16 04:13:24 -------- d-----w- c:\windows\system32\drivers\umdf\en-US
2012-06-16 04:13:24 -------- d-----w- c:\windows\system32\drivers\pt-BR
2012-06-16 04:13:24 -------- d-----w- c:\windows\system32\drivers\en-US
2012-06-16 04:12:09 40960 ----a-w- c:\program files\common files\microsoft shared\ink\pt-br\Microsoft.Ink.Resources.dll
2012-06-16 04:11:40 3584 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\pt-br\LMPRTPRC.DLL.mui
2012-06-16 02:32:19 18904 ----a-w- c:\windows\system32\StructuredQuerySchemaTrivial.bin
2012-06-16 01:47:38 9728 ----a-w- c:\windows\system32\TCPSVCS.EXE
2012-06-16 01:47:38 8704 ----a-w- c:\windows\system32\HOSTNAME.EXE
2012-06-16 01:47:38 27136 ----a-w- c:\windows\system32\NETSTAT.EXE
2012-06-16 01:47:38 19968 ----a-w- c:\windows\system32\ARP.EXE
2012-06-16 01:47:38 17920 ----a-w- c:\windows\system32\ROUTE.EXE
2012-06-16 01:47:38 11264 ----a-w- c:\windows\system32\MRINFO.EXE
2012-06-16 01:47:38 105984 ----a-w- c:\windows\system32\netiohlp.dll
2012-06-16 01:47:38 10240 ----a-w- c:\windows\system32\finger.exe
2012-06-16 01:46:08 218624 ----a-w- c:\windows\system32\msv1_0.dll
2012-06-16 01:44:57 1401856 ----a-w- c:\windows\system32\msxml6.dll
2012-06-16 01:43:44 623616 ----a-w- c:\windows\system32\localspl.dll
2012-06-16 01:43:41 954752 ----a-w- c:\windows\system32\mfc40.dll
2012-06-16 01:43:40 954288 ----a-w- c:\windows\system32\mfc40u.dll
2012-06-16 01:43:40 36864 ----a-w- c:\windows\system32\rtutils.dll
2012-06-16 01:43:35 1696256 ----a-w- c:\windows\system32\gameux.dll
2012-06-16 01:43:34 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2012-06-16 01:43:34 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2012-06-16 01:43:18 499712 ----a-w- c:\windows\system32\kerberos.dll
2012-06-16 01:43:17 175104 ----a-w- c:\windows\system32\wdigest.dll
2012-06-16 01:43:10 6656 ----a-w- c:\windows\system32\kbd106n.dll
2012-06-16 01:41:56 81920 ----a-w- c:\windows\system32\consent.exe
2012-06-16 01:39:58 310784 ----a-w- c:\windows\system32\unregmp2.exe
2012-06-16 01:39:58 1418752 ----a-w- c:\program files\windows media player\setup_wm.exe
2012-06-16 01:39:57 -------- d-----w- c:\program files\common files\Windows Live
2012-06-16 01:39:28 -------- d-----w- c:\users\henrik\appdata\local\{BE239813-67F6-457B-A891-DC3F25410742}
2012-06-16 01:24:55 -------- d-----w- c:\users\henrik\appdata\local\Google
2012-06-16 01:24:39 2730536 ----a-w- c:\programdata\microsoft\windows defender\definition updates\backup\mpengine.dll
2012-06-16 01:24:31 6737808 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{aeea5a70-b1ab-4de4-8735-094489f07afd}\mpengine.dll
2012-06-16 01:24:28 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-06-16 01:24:17 -------- d-----w- c:\users\henrik\appdata\local\Deployment
2012-06-16 01:24:17 -------- d-----w- c:\users\henrik\appdata\local\Apps
2012-06-16 01:23:42 98304 ----a-w- c:\windows\system32\cabview.dll
2012-06-16 01:11:58 -------- d-----w- c:\program files\Marvell
2012-06-16 01:10:46 -------- d-----w- c:\users\henrik\appdata\roaming\TMP
2012-06-16 01:09:10 -------- d-----w- c:\windows\system32\PTB
2012-06-16 01:09:09 936472 ----a-w- c:\windows\system32\imsmudlg.exe
2012-06-16 01:08:46 277784 ----a-w- c:\windows\system32\drivers\iaStor.sys
2012-06-16 01:07:21 39936 ----a-w- c:\windows\system32\drivers\rimmptsk.sys
2012-06-16 01:07:21 37376 ----a-w- c:\windows\system32\drivers\rixdptsk.sys
2012-06-16 01:07:21 16480 ----a-w- c:\windows\system32\rixdicon.dll
2012-06-16 01:07:20 90112 ----a-w- c:\windows\system32\snymsico.dll
2012-06-16 01:07:20 42496 ----a-w- c:\windows\system32\drivers\rimsptsk.sys
2012-06-16 01:06:54 692224 ----a-w- c:\program files\common files\installshield\professional\runtime\0701\intel32\iKernel.dll
2012-06-16 01:06:54 57344 ----a-w- c:\program files\common files\installshield\professional\runtime\0701\intel32\ctor.dll
2012-06-16 01:06:54 5632 ----a-w- c:\program files\common files\installshield\professional\runtime\0701\intel32\DotNetInstaller.exe
2012-06-16 01:06:54 282756 ----a-w- c:\program files\common files\installshield\professional\runtime\0701\intel32\setup.dll
2012-06-16 01:06:54 237568 ----a-w- c:\program files\common files\installshield\professional\runtime\0701\intel32\iscript.dll
2012-06-16 01:06:54 163972 ----a-w- c:\program files\common files\installshield\professional\runtime\0701\intel32\iGdi.dll
2012-06-16 01:06:54 155648 ----a-w- c:\program files\common files\installshield\professional\runtime\0701\intel32\iuser.dll
2012-06-16 01:05:53 -------- d-----w- c:\program files\CONEXANT
2012-06-16 01:05:21 986624 ----a-w- c:\windows\system32\drivers\HSX_DPV.sys
2012-06-16 01:05:21 94208 ----a-w- c:\windows\system32\mdmxsdk.dll
2012-06-16 01:05:21 8192 ----a-w- c:\windows\system32\drivers\XAudio.sys
2012-06-16 01:05:21 659968 ----a-w- c:\windows\system32\drivers\HSX_CNXT.sys
2012-06-16 01:05:21 386560 ----a-w- c:\windows\system32\drivers\XAudio.exe
2012-06-16 01:05:21 206848 ----a-w- c:\windows\system32\drivers\HSXHWAZL.sys
2012-06-16 01:05:21 172032 ----a-w- c:\windows\system32\Uci32114.dll
2012-06-16 01:05:21 12672 ----a-w- c:\windows\system32\drivers\mdmxsdk.sys
2012-06-16 00:55:26 920088 ----a-w- c:\windows\system32\igxpun.exe
2012-06-16 00:52:43 -------- d-----w- C:\Intel
2012-06-16 00:47:57 69715 ----a-w- c:\program files\common files\installshield\professional\runtime\10\01\intel32\ctor.dll
2012-06-16 00:47:57 5632 ----a-w- c:\program files\common files\installshield\professional\runtime\10\01\intel32\DotNetInstaller.exe
2012-06-16 00:47:57 266240 ----a-w- c:\program files\common files\installshield\professional\runtime\10\01\intel32\iscript.dll
2012-06-16 00:47:57 172032 ----a-w- c:\program files\common files\installshield\professional\runtime\10\01\intel32\iuser.dll
2012-06-16 00:47:56 733184 ----a-w- c:\program files\common files\installshield\professional\runtime\10\01\intel32\iKernel.dll
2012-06-16 00:47:56 303104 ----a-w- c:\program files\common files\installshield\professional\runtime\10\01\intel32\setup.dll
2012-06-16 00:47:56 180356 ----a-w- c:\program files\common files\installshield\professional\runtime\10\01\intel32\iGdi.dll
2012-06-16 00:45:39 -------- d-----w- c:\program files\Cisco
2012-06-16 00:10:36 74 --sh--r- c:\windows\CT4CET.bin
2012-06-16 00:10:01 -------- d-----w- c:\program files\common files\Reallusion
2012-06-16 00:09:25 5627904 ----a-w- c:\windows\system32\LiveCamVirtual.ocx
2012-06-16 00:09:24 -------- d-----w- c:\program files\common files\Creative
2012-06-16 00:08:44 -------- d-----w- c:\program files\Creative Live! Cam
2012-06-16 00:08:16 -------- d-----w- c:\program files\Creative
2012-06-16 00:07:38 729088 ----a-w- c:\program files\common files\installshield\professional\runtime\09\01\intel32\iKernel.dll
2012-06-16 00:07:38 69715 ----a-w- c:\program files\common files\installshield\professional\runtime\09\01\intel32\ctor.dll
2012-06-16 00:07:38 5632 ----a-w- c:\program files\common files\installshield\professional\runtime\09\01\intel32\DotNetInstaller.exe
2012-06-16 00:07:38 32768 ----a-w- c:\program files\common files\installshield\professional\runtime\Objectps.dll
2012-06-16 00:07:38 266240 ----a-w- c:\program files\common files\installshield\professional\runtime\09\01\intel32\iscript.dll
2012-06-16 00:07:38 192512 ----a-w- c:\program files\common files\installshield\professional\runtime\09\01\intel32\iuser.dll
2012-06-16 00:07:37 311428 ----a-w- c:\program files\common files\installshield\professional\runtime\09\01\intel32\setup.dll
2012-06-16 00:07:37 188548 ----a-w- c:\program files\common files\installshield\professional\runtime\09\01\intel32\iGdi.dll
2012-06-15 23:34:41 45056 ----a-r- c:\users\henrik\appdata\roaming\microsoft\installer\{42929f0f-ce14-47af-9fc7-ff297a603021}\NewShortcut1_42929F0FCE1447AF9FC7FF297A603021_1.exe
2012-06-15 23:34:37 -------- d-----w- c:\windows\system32\vmm32
2012-06-15 23:30:10 -------- d-----w- C:\Dell
2012-06-15 23:30:08 -------- d-----w- c:\users\henrik\appdata\local\MediaDirect
2012-06-15 23:29:47 -------- d-sh--w- c:\windows\Installer
2012-06-15 23:28:39 348160 ----a-w- c:\windows\system32\msvcr71.dll
2012-06-15 23:28:38 89088 ----a-w- c:\windows\system32\atl71.dll
2012-06-15 23:28:38 499712 ----a-w- c:\windows\system32\msvcp71.dll
2012-06-15 23:28:38 1060864 ----a-w- c:\windows\system32\MFC71.dll
2012-06-15 23:28:38 1047552 ----a-w- c:\windows\system32\MFC71u.dll
2012-06-15 23:28:38 -------- d-----w- c:\program files\Dell
2012-06-15 23:24:22 -------- d-sh--we c:\programdata\Modelos
2012-06-15 23:24:22 -------- d-sh--we c:\programdata\Menu Iniciar
2012-06-15 23:24:22 -------- d-sh--we c:\programdata\Favoritos
2012-06-15 23:24:22 -------- d-sh--we c:\programdata\Documentos
2012-06-15 23:24:22 -------- d-sh--we c:\programdata\Dados de aplicativos
2012-06-15 23:24:22 -------- d-sh--we c:\program files\common files\Sistema
2012-06-15 23:24:22 -------- d-sh--we c:\program files\Arquivos Comuns
2012-06-15 23:24:22 -------- d-sh--we C:\Arquivos de programas
.
==================== Find3M ====================
.
2012-06-16 04:12:27 7168 ----a-w- c:\windows\system32\drivers\pt-br\luafv.sys.mui
2012-06-16 04:11:40 4608 ----a-w- c:\windows\system32\drivers\pt-br\ntrigdigi.sys.mui
.
============= FINISH: 7:43:36,80 ===============

#5 TheShooter93

TheShooter93

    Cody


  • Malware Response Team
  • 4,792 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Orlando, Florida
  • Local time:12:49 PM

Posted 05 July 2012 - 09:47 PM

Hello Ulf,

I am currently awaiting approval from a Malware Response Instructor to post further instructions to you.

Due to this delay, my next set of directions won't be within the initial 24 hour period I told you.

I apologize for the wait and will post as soon as I can.

CCNA R&SCCNA Security | Network+  |  B.S. - Information Technology | Cyber Security Engineer

If I am helping you and have not replied within 48 hours, please send me a private message.

 

 


#6 Ulf

Ulf
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:11:49 AM

Posted 06 July 2012 - 09:49 AM

No problem, Cody, I will be waiting. Thanks Ulf

#7 TheShooter93

TheShooter93

    Cody


  • Malware Response Team
  • 4,792 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Orlando, Florida
  • Local time:12:49 PM

Posted 07 July 2012 - 10:27 AM

Hello Ulf,

We need to disable Spybot S&D's "TeaTimer"

TeaTimer works by preventing ANY changes to the system. It will attempt to undo any fixes we run, because it blocks these fixes from running.

In order to safeguard your system from problems that can be brought on by a half finished fix, we need to disable TeaTimer. We can reenable it when we're done if you like.

  • Open SpyBot Search and Destroy by going to Start -> All Programs -> Spybot Search and Destroy -> Spybot Search and Destroy.
  • If prompted with a legal dialog, accept the warning.
  • Click Mode > Advanced Mode.

    Posted Image
  • You may be presented with a warning dialog. If so, click Yes
  • Click on Tools and then Resident

    Posted Image
  • Uncheck this checkbox: "Resident TeaTimer {protection of over-all system settings) active"
  • Close/Exit Spybot Search and Destroy
--------------------------------------------

We need to run a scan with Combofix:

  • Please go to the download page for ComboFix by sUBs.
  • Click the Download Now button pictured below and save the file to your desktop:

    Posted Image
  • Disable any anti-virus and/or firewall software you have installed.
    instructions can be found here if needed
  • Close all open windows including your web browser
    as mentioned in the first post, you may want to print out all instructions before starting
  • Double-click on the ComboFix icon on your desktop. Posted Image
  • Read the Disclaimer and click I Agree if you want to run the software, then you should see a window like the one below:

    Posted Image
  • DO NOT use your computer while ComboFix is running. There are a lot of things going on behind the scenes and a single mouse click can cause the program to stall.

    However, if you see the prompt below, please click Yes to download the Microsoft Windows Recovery Console.

    Posted Image

    If an Internet connection is not available or you choose not to install the recovery console, ComboFix will run in Reduced Functionality mode
  • Allow ComboFix to reboot the computer if necessary, it will run again after you log back in.
  • When complete, a log file will be displayed, please copy and paste the contents of this file into your next post.

    Posted Image

More information about downloading and using ComboFix can be found here if needed.

---------------------------------

Start, Programs\Accessories and right click on Command Prompt, select "Run as Administrator" to open a command prompt.

Note: Type only the text in bold for the following commands.

Reset IPv4 TCP/IP stack to installation defaults: netsh int ipv4 reset reset.log
and press enter

Reset IPv6 TCP/IP stack to installation defaults: netsh int ipv6 reset reset.log
and press enter

Reboot the machine.

---------------------------------

Lastly, try changing the password to the associated email account with the messenger screenname as well as the password to the screenname for the messenger.

Also, browse the internet using Internet Explorer and see if you experience any symptoms of malware.

After you have done all this, please let me know the status of the computer.

CCNA R&SCCNA Security | Network+  |  B.S. - Information Technology | Cyber Security Engineer

If I am helping you and have not replied within 48 hours, please send me a private message.

 

 


#8 Ulf

Ulf
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:11:49 AM

Posted 07 July 2012 - 11:47 AM

Hi Cody,

In the end of the Combofix run, it alerted that something unusual had happened so it could not finalize in the normal way, but then in the end I got the Combofix log anyhow. It appears to be OK when navigating Internet Explorer.

Ulf

Here is the Combofix log:



ComboFix 12-07-07.04 - Henrik 07/07/2012 12:54:11.1.1 - x86
Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.55.1046.18.2037.1064 [GMT -3:00]
Executando de: c:\users\Henrik\Desktop\ComboFix.exe
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
FW: McAfee Firewall *Disabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Henrik\AppData\Local\vcsjdr.exe
c:\users\Henrik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tpibq.exe
c:\windows\system32\oem2.inf
.
.
(((((((((((((((( Arquivos/Ficheiros criados de 2012-06-07 to 2012-07-07 ))))))))))))))))))))))))))))
.
.
2012-07-07 16:01 . 2012-07-07 16:01 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-07-03 14:36 . 2012-07-03 14:36 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2012-06-30 22:30 . 2012-06-30 22:30 -------- d-----w- c:\program files\CCleaner
2012-06-30 21:47 . 2012-06-30 21:47 -------- d-----w- c:\program files\Trend Micro
2012-06-29 00:16 . 2012-06-29 00:16 -------- d-----w- c:\programdata\Malwarebytes
2012-06-29 00:16 . 2012-04-04 18:56 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-29 00:16 . 2012-06-29 00:16 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-06-28 18:34 . 2012-06-30 22:41 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2012-06-28 18:34 . 2012-06-28 18:35 -------- d-----w- c:\program files\Spybot - Search & Destroy
2012-06-27 19:54 . 2012-06-27 19:54 -------- d-----w- c:\program files\Microsoft FrontPage
2012-06-27 19:54 . 2012-06-27 19:54 -------- d-----w- c:\windows\ShellNew
2012-06-19 12:15 . 2012-06-02 22:19 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-19 12:15 . 2012-06-02 22:19 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-19 12:15 . 2012-06-02 22:12 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-06-19 12:15 . 2012-06-02 22:19 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-19 12:14 . 2012-06-02 22:19 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-19 12:14 . 2012-06-02 22:19 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-19 12:14 . 2012-06-02 22:12 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-06-19 12:14 . 2012-06-02 18:19 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-19 12:14 . 2012-06-02 18:12 33792 ----a-w- c:\windows\system32\wuapp.exe
2012-06-17 17:20 . 2012-06-17 17:20 -------- d-----w- c:\program files\Microsoft WSE
2012-06-17 17:20 . 2006-09-28 19:05 2414360 ----a-w- c:\windows\system32\d3dx9_31.dll
2012-06-17 16:58 . 2012-06-20 17:53 -------- d-----w- c:\program files\Electronic Arts
2012-06-17 16:15 . 2012-03-08 21:32 39272 ----a-w- c:\windows\system32\drivers\fssfltr.sys
2012-06-17 16:05 . 2012-06-17 16:05 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2012-06-17 15:59 . 2012-06-17 15:59 -------- d-----w- c:\windows\PCHEALTH
2012-06-17 15:58 . 2012-06-17 16:21 -------- d-----w- c:\program files\Windows Live
2012-06-17 15:55 . 2012-06-17 15:55 -------- d-----w- c:\program files\Microsoft
2012-06-17 15:54 . 2009-09-04 20:44 69464 ----a-w- c:\windows\system32\XAPOFX1_3.dll
2012-06-17 15:54 . 2009-09-04 20:44 515416 ----a-w- c:\windows\system32\XAudio2_5.dll
2012-06-17 15:54 . 2009-09-04 20:29 453456 ----a-w- c:\windows\system32\d3dx10_42.dll
2012-06-17 15:52 . 2006-11-29 16:06 3426072 ----a-w- c:\windows\system32\d3dx9_32.dll
2012-06-17 15:50 . 2012-06-17 22:22 -------- d-----w- c:\program files\Microsoft Silverlight
2012-06-17 15:48 . 2009-08-04 08:02 754688 ----a-w- c:\windows\system32\webservices.dll
2012-06-17 15:46 . 2011-03-12 21:55 876032 ----a-w- c:\windows\system32\XpsPrint.dll
2012-06-17 15:46 . 2012-02-29 13:41 1069056 ----a-w- c:\windows\system32\DWrite.dll
2012-06-17 15:46 . 2012-03-01 14:46 219648 ----a-w- c:\windows\system32\d3d10_1core.dll
2012-06-17 15:46 . 2012-02-29 14:08 1172480 ----a-w- c:\windows\system32\d3d10warp.dll
2012-06-17 15:46 . 2012-03-01 14:46 160768 ----a-w- c:\windows\system32\d3d10_1.dll
2012-06-17 15:46 . 2012-02-29 13:44 683008 ----a-w- c:\windows\system32\d2d1.dll
2012-06-17 02:18 . 2012-06-17 02:18 -------- d-----w- c:\program files\Windows Portable Devices
2012-06-17 01:12 . 2009-09-10 02:00 92672 ----a-w- c:\windows\system32\UIAnimation.dll
2012-06-17 01:12 . 2009-09-10 02:01 3023360 ----a-w- c:\windows\system32\UIRibbon.dll
2012-06-17 01:12 . 2009-09-10 02:00 1164800 ----a-w- c:\windows\system32\UIRibbonRes.dll
2012-06-17 01:10 . 2009-09-25 01:33 369664 ----a-w- c:\windows\system32\WMPhoto.dll
2012-06-17 01:10 . 2009-09-25 02:10 974848 ----a-w- c:\windows\system32\WindowsCodecs.dll
2012-06-17 01:10 . 2009-09-25 02:07 189440 ----a-w- c:\windows\system32\WindowsCodecsExt.dll
2012-06-17 01:10 . 2009-09-25 02:04 321024 ----a-w- c:\windows\system32\PhotoMetadataHandler.dll
2012-06-17 01:10 . 2009-09-25 01:33 195584 ----a-w- c:\windows\system32\dxdiagn.dll
2012-06-17 01:10 . 2009-09-25 01:32 252928 ----a-w- c:\windows\system32\dxdiag.exe
2012-06-17 01:10 . 2009-09-25 01:31 519680 ----a-w- c:\windows\system32\d3d11.dll
2012-06-17 01:09 . 2009-10-01 01:02 30208 ----a-w- c:\windows\system32\WPDShextAutoplay.exe
2012-06-17 01:09 . 2009-10-01 01:02 31232 ----a-w- c:\windows\system32\BthMtpContextHandler.dll
2012-06-17 01:09 . 2009-10-01 01:01 81920 ----a-w- c:\windows\system32\wpdbusenum.dll
2012-06-17 01:09 . 2009-10-01 01:01 60928 ----a-w- c:\windows\system32\PortableDeviceConnectApi.dll
2012-06-17 01:09 . 2009-10-01 01:02 2537472 ----a-w- c:\windows\system32\wpdshext.dll
2012-06-17 01:09 . 2009-10-01 01:02 334848 ----a-w- c:\windows\system32\PortableDeviceApi.dll
2012-06-17 01:09 . 2009-10-01 01:02 87552 ----a-w- c:\windows\system32\WPDShServiceObj.dll
2012-06-17 01:09 . 2009-10-01 01:01 546816 ----a-w- c:\windows\system32\wpd_ci.dll
2012-06-17 01:09 . 2009-10-01 01:01 160256 ----a-w- c:\windows\system32\PortableDeviceTypes.dll
2012-06-17 01:09 . 2009-10-01 01:01 350208 ----a-w- c:\windows\system32\WPDSp.dll
2012-06-17 01:09 . 2009-10-01 01:01 196608 ----a-w- c:\windows\system32\PortableDeviceWMDRM.dll
2012-06-17 01:09 . 2009-10-01 01:01 100864 ----a-w- c:\windows\system32\PortableDeviceClassExtension.dll
2012-06-17 00:57 . 2012-02-29 15:11 5120 ----a-w- c:\windows\system32\wmi.dll
2012-06-17 00:57 . 2012-02-29 15:11 172032 ----a-w- c:\windows\system32\wintrust.dll
2012-06-17 00:57 . 2012-02-29 15:09 157696 ----a-w- c:\windows\system32\imagehlp.dll
2012-06-17 00:57 . 2012-02-29 13:32 12800 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-06-17 00:11 . 2012-02-01 15:10 936960 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2012-06-17 00:11 . 2012-02-01 15:10 1404928 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\InkObj.dll
2012-06-17 00:11 . 2011-12-14 16:17 680448 ----a-w- c:\windows\system32\msvcrt.dll
2012-06-17 00:09 . 2011-01-20 16:07 258048 ----a-w- c:\windows\system32\winspool.drv
2012-06-17 00:09 . 2011-01-20 16:04 98816 ----a-w- c:\windows\system32\mfps.dll
2012-06-17 00:09 . 2011-01-20 16:06 26112 ----a-w- c:\windows\system32\printfilterpipelineprxy.dll
2012-06-17 00:08 . 2011-07-29 16:01 293376 ----a-w- c:\windows\system32\psisdecd.dll
2012-06-17 00:08 . 2011-07-29 16:01 217088 ----a-w- c:\windows\system32\psisrndr.ax
2012-06-17 00:08 . 2011-07-29 16:00 57856 ----a-w- c:\windows\system32\MSDvbNP.ax
2012-06-17 00:08 . 2011-07-29 16:00 69632 ----a-w- c:\windows\system32\Mpeg2Data.ax
2012-06-17 00:08 . 2011-01-20 16:08 1029120 ----a-w- c:\windows\system32\d3d10.dll
2012-06-17 00:08 . 2011-02-22 13:33 797696 ----a-w- c:\windows\system32\FntCache.dll
2012-06-17 00:08 . 2011-01-20 16:08 189952 ----a-w- c:\windows\system32\d3d10core.dll
2012-06-17 00:08 . 2011-01-20 14:11 486400 ----a-w- c:\windows\system32\d3d10level9.dll
2012-06-17 00:08 . 2011-02-22 14:13 288768 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2012-06-17 00:08 . 2011-01-20 14:28 1554432 ----a-w- c:\windows\system32\xpsservices.dll
2012-06-17 00:08 . 2011-01-20 14:25 847360 ----a-w- c:\windows\system32\OpcServices.dll
2012-06-17 00:07 . 2011-10-14 16:03 189952 ----a-w- c:\windows\system32\winmm.dll
2012-06-17 00:07 . 2011-10-14 16:00 23552 ----a-w- c:\windows\system32\mciseq.dll
2012-06-17 00:06 . 2011-08-25 16:15 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll
2012-06-17 00:06 . 2011-08-25 13:31 4096 ----a-w- c:\windows\system32\oleaccrc.dll
2012-06-17 00:06 . 2011-08-25 16:14 238080 ----a-w- c:\windows\system32\oleacc.dll
2012-06-17 00:06 . 2011-08-25 16:14 563712 ----a-w- c:\windows\system32\oleaut32.dll
2012-06-17 00:05 . 2012-03-30 12:39 905600 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-06-17 00:05 . 2011-11-18 20:23 1205064 ----a-w- c:\windows\system32\ntdll.dll
2012-06-17 00:05 . 2012-04-23 16:00 984064 ----a-w- c:\windows\system32\crypt32.dll
2012-06-17 00:05 . 2012-04-23 16:00 133120 ----a-w- c:\windows\system32\cryptsvc.dll
2012-06-17 00:05 . 2012-04-23 16:00 98304 ----a-w- c:\windows\system32\cryptnet.dll
2012-06-17 00:04 . 2011-11-25 15:59 376320 ----a-w- c:\windows\system32\winsrv.dll
2012-06-17 00:04 . 2012-03-20 23:28 53120 ----a-w- c:\windows\system32\drivers\partmgr.sys
2012-06-17 00:02 . 2012-03-01 11:01 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2012-06-17 00:01 . 2011-11-08 14:42 2048 ----a-w- c:\windows\system32\tzres.dll
2012-06-16 23:59 . 2011-10-14 16:02 429056 ----a-w- c:\windows\system32\EncDec.dll
2012-06-16 23:59 . 2011-11-18 17:47 66560 ----a-w- c:\windows\system32\packager.dll
2012-06-16 23:26 . 2010-05-04 19:13 231424 ----a-w- c:\windows\system32\msshsq.dll
2012-06-16 23:25 . 2011-10-25 15:58 1314816 ----a-w- c:\windows\system32\quartz.dll
2012-06-16 23:25 . 2011-10-25 15:58 497152 ----a-w- c:\windows\system32\qdvd.dll
2012-06-16 23:24 . 2012-05-15 19:51 2045440 ----a-w- c:\windows\system32\win32k.sys
2012-06-16 23:24 . 2011-11-16 16:23 278528 ----a-w- c:\windows\system32\schannel.dll
2012-06-16 23:24 . 2011-11-17 06:48 440192 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-06-16 23:24 . 2011-11-16 16:21 1259008 ----a-w- c:\windows\system32\lsasrv.dll
2012-06-16 23:24 . 2011-11-16 16:23 377344 ----a-w- c:\windows\system32\winhttp.dll
2012-06-16 23:24 . 2011-11-16 16:23 72704 ----a-w- c:\windows\system32\secur32.dll
2012-06-16 23:24 . 2011-11-16 14:12 9728 ----a-w- c:\windows\system32\lsass.exe
2012-06-16 23:24 . 2011-09-30 15:57 707584 ----a-w- c:\program files\Common Files\System\wab32.dll
2012-06-16 23:24 . 2011-10-25 15:56 49152 ----a-w- c:\windows\system32\csrsrv.dll
2012-06-16 23:23 . 2012-04-03 08:16 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-06-16 23:23 . 2012-04-03 08:16 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-06-16 23:22 . 2012-05-01 14:03 180736 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-06-16 21:44 . 2012-01-09 15:54 613376 ----a-w- c:\windows\system32\rdpencom.dll
2012-06-16 20:07 . 2012-06-16 20:07 -------- d-----w- c:\windows\system32\ca-ES
2012-06-16 20:07 . 2012-06-16 20:07 -------- d-----w- c:\windows\system32\eu-ES
2012-06-16 20:07 . 2012-06-16 20:07 -------- d-----w- c:\windows\system32\vi-VN
2012-06-16 16:12 . 2012-06-16 16:12 -------- d-----w- c:\windows\system32\EventProviders
2012-06-16 16:06 . 2009-04-11 06:28 160768 ----a-w- c:\windows\system32\spoolss.dll
2012-06-16 16:05 . 2009-04-11 05:42 93696 ----a-w- c:\windows\system32\drivers\bridge.sys
2012-06-16 16:05 . 2009-04-11 04:46 41472 ----a-w- c:\windows\system32\drivers\raspppoe.sys
2012-06-16 16:05 . 2009-04-11 04:46 15872 ----a-w- c:\windows\system32\drivers\usb8023.sys
.
.
((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-17 15:59 . 2011-03-28 21:36 19736 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-06-16 04:12 . 2012-06-16 04:12 7168 ----a-w- c:\windows\system32\drivers\pt-BR\luafv.sys.mui
2012-06-16 04:12 . 2012-06-16 04:12 5120 ----a-w- c:\windows\system32\drivers\pt-BR\tpm.sys.mui
2012-06-16 04:12 . 2012-06-16 04:12 5120 ----a-w- c:\windows\system32\drivers\pt-BR\kbdclass.sys.mui
2012-06-16 04:12 . 2012-06-16 04:12 5120 ----a-w- c:\windows\system32\drivers\pt-BR\e100b325.sys.mui
2012-06-16 04:12 . 2012-06-16 04:12 3072 ----a-w- c:\windows\system32\drivers\pt-BR\kbdhid.sys.mui
2012-06-16 04:12 . 2012-06-16 04:12 22016 ----a-w- c:\windows\system32\drivers\pt-BR\e1e6032.sys.mui
2012-06-16 04:12 . 2012-06-16 04:12 11776 ----a-w- c:\windows\system32\drivers\pt-BR\i8042prt.sys.mui
2012-06-16 04:12 . 2012-06-16 04:12 21504 ----a-w- c:\windows\system32\drivers\pt-BR\viac7.sys.mui
2012-06-16 04:12 . 2012-06-16 04:12 21504 ----a-w- c:\windows\system32\drivers\pt-BR\processr.sys.mui
2012-06-16 04:12 . 2012-06-16 04:12 21504 ----a-w- c:\windows\system32\drivers\pt-BR\intelppm.sys.mui
2012-06-16 04:12 . 2012-06-16 04:12 21504 ----a-w- c:\windows\system32\drivers\pt-BR\crusoe.sys.mui
2012-06-16 04:12 . 2012-06-16 04:12 21504 ----a-w- c:\windows\system32\drivers\pt-BR\amdk8.sys.mui
2012-06-16 04:12 . 2012-06-16 04:12 21504 ----a-w- c:\windows\system32\drivers\pt-BR\amdk7.sys.mui
2012-06-16 04:12 . 2012-06-16 04:12 18944 ----a-w- c:\windows\system32\drivers\pt-BR\E1G60I32.sys.mui
2012-06-16 04:12 . 2012-06-16 04:12 10240 ----a-w- c:\windows\system32\drivers\pt-BR\battc.sys.mui
2012-06-16 04:12 . 2012-06-16 04:12 5632 ----a-w- c:\windows\system32\drivers\pt-BR\b57nd60x.sys.mui
2012-06-16 04:12 . 2012-06-16 04:12 3072 ----a-w- c:\windows\system32\drivers\pt-BR\wdf01000.sys.mui
2012-06-16 04:12 . 2012-06-16 04:12 27136 ----a-w- c:\windows\system32\drivers\pt-BR\mpio.sys.mui
2012-06-16 04:12 . 2012-06-16 04:12 9728 ----a-w- c:\windows\system32\drivers\pt-BR\pci.sys.mui
2012-06-16 04:12 . 2012-06-16 04:12 4608 ----a-w- c:\windows\system32\drivers\pt-BR\isapnp.sys.mui
2012-06-16 04:12 . 2012-06-16 04:12 36864 ----a-w- c:\windows\system32\drivers\pt-BR\volsnap.sys.mui
2012-06-16 04:12 . 2012-06-16 04:12 3584 ----a-w- c:\windows\system32\drivers\pt-BR\mssmbios.sys.mui
2012-06-16 04:12 . 2012-06-16 04:12 3072 ----a-w- c:\windows\system32\drivers\pt-BR\VIAAGP.SYS.mui
2012-06-16 04:12 . 2012-06-16 04:12 3072 ----a-w- c:\windows\system32\drivers\pt-BR\ULIAGPKX.SYS.mui
2012-06-16 04:12 . 2012-06-16 04:12 3072 ----a-w- c:\windows\system32\drivers\pt-BR\SISAGP.SYS.mui
2012-06-16 04:12 . 2012-06-16 04:12 3072 ----a-w- c:\windows\system32\drivers\pt-BR\NV_AGP.SYS.mui
2012-06-16 04:12 . 2012-06-16 04:12 3072 ----a-w- c:\windows\system32\drivers\pt-BR\AMDAGP.SYS.mui
2012-06-16 04:12 . 2012-06-16 04:12 3072 ----a-w- c:\windows\system32\drivers\pt-BR\AGP440.sys.mui
2012-06-16 04:12 . 2012-06-16 04:12 10752 ----a-w- c:\windows\system32\drivers\pt-BR\acpi.sys.mui
2012-06-16 04:12 . 2012-06-16 04:12 6144 ----a-w- c:\windows\system32\drivers\pt-BR\sermouse.sys.mui
2012-06-16 04:12 . 2012-06-16 04:12 5120 ----a-w- c:\windows\system32\drivers\pt-BR\mouclass.sys.mui
2012-06-16 04:12 . 2012-06-16 04:12 3584 ----a-w- c:\windows\system32\drivers\pt-BR\mouhid.sys.mui
2012-06-16 04:12 . 2012-06-16 04:12 3072 ----a-w- c:\windows\system32\drivers\pt-BR\qwavedrv.sys.mui
2012-06-16 04:12 . 2012-06-16 04:12 4096 ----a-w- c:\windows\system32\drivers\pt-BR\modem.sys.mui
2012-06-16 04:12 . 2012-06-16 04:12 4096 ----a-w- c:\windows\system32\drivers\pt-BR\ipnat.sys.mui
2012-06-16 04:12 . 2012-06-16 04:12 3584 ----a-w- c:\windows\system32\drivers\pt-BR\serscan.sys.mui
2012-06-16 04:12 . 2012-06-16 04:12 9728 ----a-w- c:\windows\system32\drivers\pt-BR\afd.sys.mui
2012-06-16 04:12 . 2012-06-16 04:12 6144 ----a-w- c:\windows\system32\drivers\pt-BR\yk60x86.sys.mui
2012-06-16 04:12 . 2012-06-16 04:12 3584 ----a-w- c:\windows\system32\drivers\pt-BR\hidbth.sys.mui
2012-06-16 04:12 . 2012-06-16 04:12 10752 ----a-w- c:\windows\system32\drivers\pt-BR\ltmdmnt.sys.mui
2012-06-16 04:12 . 2012-06-16 04:12 73728 ----a-w- c:\windows\system32\drivers\pt-BR\ntfs.sys.mui
2012-06-16 04:12 . 2012-06-16 04:12 3584 ----a-w- c:\windows\system32\drivers\pt-BR\ati2mpad.sys.mui
2012-06-16 04:12 . 2012-06-16 04:12 3072 ----a-w- c:\windows\system32\drivers\pt-BR\srv.sys.mui
2012-06-16 04:11 . 2012-06-16 04:11 4608 ----a-w- c:\windows\system32\drivers\pt-BR\ntrigdigi.sys.mui
2012-06-16 04:11 . 2012-06-16 04:11 3584 ----a-w- c:\windows\system32\drivers\pt-BR\parvdm.sys.mui
2012-06-16 04:11 . 2012-06-16 04:11 4096 ----a-w- c:\windows\system32\drivers\pt-BR\parport.sys.mui
2012-06-16 04:11 . 2012-06-16 04:11 3584 ----a-w- c:\windows\system32\drivers\pt-BR\RNDISMP.sys.mui
2012-06-16 04:11 . 2012-06-16 04:11 11776 ----a-w- c:\windows\system32\drivers\pt-BR\serial.sys.mui
2012-06-16 04:11 . 2012-06-16 04:11 3072 ----a-w- c:\windows\system32\drivers\pt-BR\UAGP35.SYS.mui
2012-06-16 04:11 . 2012-06-16 04:11 3072 ----a-w- c:\windows\system32\drivers\pt-BR\GAGP30KX.SYS.mui
2012-06-16 04:11 . 2012-06-16 04:11 12288 ----a-w- c:\windows\system32\drivers\pt-BR\ohci1394.sys.mui
2012-06-16 04:11 . 2012-06-16 04:11 3584 ----a-w- c:\windows\system32\drivers\pt-BR\umbus.sys.mui
2012-06-16 04:11 . 2012-06-16 04:11 2560 ----a-w- c:\windows\system32\drivers\pt-BR\BrParwdm.sys.mui
2012-06-16 04:11 . 2012-06-16 04:11 3584 ----a-w- c:\windows\system32\drivers\pt-BR\Dot4usb.sys.mui
2012-06-16 04:11 . 2012-06-16 04:11 2560 ----a-w- c:\windows\system32\drivers\pt-BR\amdide.sys.mui
2012-06-16 04:11 . 2012-06-16 04:11 5632 ----a-w- c:\windows\system32\drivers\pt-BR\fltmgr.sys.mui
2012-06-16 04:11 . 2012-06-16 04:11 5120 ----a-w- c:\windows\system32\drivers\pt-BR\bthpan.sys.mui
2012-06-16 04:11 . 2012-06-16 04:11 5120 ----a-w- c:\windows\system32\drivers\pt-BR\bcm4sbxp.sys.mui
2012-06-16 04:11 . 2012-06-16 04:11 3584 ----a-w- c:\windows\system32\drivers\pt-BR\atikmdag.sys.mui
2012-06-16 04:11 . 2012-06-16 04:11 5120 ----a-w- c:\windows\system32\drivers\pt-BR\nv4_mini.sys.mui
2012-06-16 04:11 . 2012-06-16 04:11 3584 ----a-w- c:\windows\system32\drivers\pt-BR\scsiport.sys.mui
2012-06-16 04:11 . 2012-06-16 04:11 4608 ----a-w- c:\windows\system32\drivers\pt-BR\wacompen.sys.mui
2012-06-16 04:11 . 2012-06-16 04:11 4608 ----a-w- c:\windows\system32\drivers\pt-BR\pscr.sys.mui
2012-06-16 04:11 . 2012-06-16 04:11 4096 ----a-w- c:\windows\system32\drivers\pt-BR\SCR111.sys.mui
2012-06-16 04:11 . 2012-06-16 04:11 4096 ----a-w- c:\windows\system32\drivers\pt-BR\scmstcs.sys.mui
2012-06-16 04:11 . 2012-06-16 04:11 4096 ----a-w- c:\windows\system32\drivers\pt-BR\grserial.sys.mui
2012-06-16 04:11 . 2012-06-16 04:11 4096 ----a-w- c:\windows\system32\drivers\pt-BR\gpr400.sys.mui
2012-06-16 04:11 . 2012-06-16 04:11 3584 ----a-w- c:\windows\system32\drivers\pt-BR\stcusb.sys.mui
2012-06-16 04:11 . 2012-06-16 04:11 3584 ----a-w- c:\windows\system32\drivers\pt-BR\cxbp0wdm.sys.mui
2012-06-16 04:11 . 2012-06-16 04:11 3584 ----a-w- c:\windows\system32\drivers\pt-BR\ati2mtag.sys.mui
2012-06-16 04:11 . 2012-06-16 04:11 3072 ----a-w- c:\windows\system32\drivers\pt-BR\cmbp0wdm.sys.mui
2012-06-16 04:11 . 2012-06-16 04:11 3584 ----a-w- c:\windows\system32\drivers\pt-BR\rndismpx.sys.mui
2012-06-16 04:11 . 2012-06-16 04:11 3072 ----a-w- c:\windows\system32\drivers\pt-BR\pnpmem.sys.mui
2012-06-16 04:11 . 2012-06-16 04:11 2560 ----a-w- c:\windows\system32\drivers\pt-BR\wd.sys.mui
2012-06-16 04:11 . 2012-06-16 04:11 6656 ----a-w- c:\windows\system32\drivers\pt-BR\IPMIDrv.sys.mui
2012-06-16 04:11 . 2012-06-16 04:11 4608 ----a-w- c:\windows\system32\drivers\pt-BR\pcmcia.sys.mui
2012-06-16 04:11 . 2012-06-16 04:11 3584 ----a-w- c:\windows\system32\drivers\pt-BR\pacer.sys.mui
2012-06-16 04:11 . 2012-06-16 04:11 4608 ----a-w- c:\windows\system32\drivers\pt-BR\msdsm.sys.mui
2012-06-16 04:11 . 2012-06-16 04:11 11264 ----a-w- c:\windows\system32\drivers\pt-BR\BrSerId.sys.mui
.
.
(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))
.
.
*Nota* entradas vazias e legítimas por padrão não são apresentadas.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MOBK]
@="{3c3f3c1a-9153-7c05-f938-622e7003894d}"
[HKEY_CLASSES_ROOT\CLSID\{3c3f3c1a-9153-7c05-f938-622e7003894d}]
2010-04-13 23:11 2872120 ----a-w- c:\program files\McAfee Online Backup\MOBKshell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MOBK2]
@="{e6ea1d7d-144e-b977-98c4-84c53c1a69d0}"
[HKEY_CLASSES_ROOT\CLSID\{e6ea1d7d-144e-b977-98c4-84c53c1a69d0}]
2010-04-13 23:11 2872120 ----a-w- c:\program files\McAfee Online Backup\MOBKshell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MOBK3]
@="{b4caf489-1eec-c617-49ad-8d7088598c06}"
[HKEY_CLASSES_ROOT\CLSID\{b4caf489-1eec-c617-49ad-8d7088598c06}]
2010-04-13 23:11 2872120 ----a-w- c:\program files\McAfee Online Backup\MOBKshell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"WindowsWelcomeCenter"="oobefldr.dll" [2009-04-11 2153472]
"DELL Webcam Manager"="c:\program files\Dell\DELL Webcam Manager\DellWMgr.exe" [2007-06-07 118784]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PCMService"="c:\program files\Dell\MediaDirect\PCMService.exe" [2008-05-20 184320]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2007-12-08 3444736]
"OEM02Mon.exe"="c:\windows\OEM02Mon.exe" [2007-05-10 36864]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2007-07-24 174616]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-15 141848]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-15 133656]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2012-03-22 1318816]
"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\sttray.exe" [2007-09-13 405504]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
S2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\aestsrv.exe [x]
.
.
--- =Outros Serviços/Drivers Na Memória ---
.
*Deregistered* - mfeavfk01
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Conteúdo da pasta 'Tarefas Agendadas'
.
2012-07-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3645214367-2806846156-2131021160-1000Core.job
- c:\users\Henrik\AppData\Local\Google\Update\GoogleUpdate.exe [2012-06-16 01:24]
.
2012-07-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3645214367-2806846156-2131021160-1000UA.job
- c:\users\Henrik\AppData\Local\Google\Update\GoogleUpdate.exe [2012-06-16 01:24]
.
.
------- Scan Suplementar -------
.
TCP: DhcpNameServer = 192.168.1.1
.
- - - - ORFÃOS REMOVIDOS - - - -
.
HKCU-Run-wohruikl - c:\users\Henrik\AppData\Local\vcsjdr.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-07-07 13:01
Windows 6.0.6002 Service Pack 2 NTFS
.
Procurando processos ocultos ...
.
Procurando entradas auto inicializáveis ocultas ...
.
Procurando ficheiros/arquivos ocultos ...
.
Varredura completada com sucesso
arquivos/ficheiros ocultos: 0
.
**************************************************************************
.
--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Tempo para conclusão: 2012-07-07 13:07:08
ComboFix-quarantined-files.txt 2012-07-07 16:07
.
Pré-execução: 391.614.668.800 bytes disponíveis
Pós execução: 391.554.273.280 bytes disponíveis
.
- - End Of File - - 9CE87008C7E351A71A5C6873F17C93AA

#9 TheShooter93

TheShooter93

    Cody


  • Malware Response Team
  • 4,792 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Orlando, Florida
  • Local time:12:49 PM

Posted 07 July 2012 - 09:09 PM

Hello Ulf,

Is Windows Messenger still sending out spam messages?

Did you perform the other operations I asked (TCP/IP Reset, Email password change, messenger password change)?

Are you experiencing any other symptoms of malware?

CCNA R&SCCNA Security | Network+  |  B.S. - Information Technology | Cyber Security Engineer

If I am helping you and have not replied within 48 hours, please send me a private message.

 

 


#10 TheShooter93

TheShooter93

    Cody


  • Malware Response Team
  • 4,792 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Orlando, Florida
  • Local time:12:49 PM

Posted 10 July 2012 - 11:26 AM

Hello Ulf,

Are you still here?

It's been 72 hours since your last post. If you need more time, just let me know.

But if you do not respond to this thread within 48 hours, the thread will be closed due to inactivity.

CCNA R&SCCNA Security | Network+  |  B.S. - Information Technology | Cyber Security Engineer

If I am helping you and have not replied within 48 hours, please send me a private message.

 

 


#11 Ulf

Ulf
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:11:49 AM

Posted 10 July 2012 - 11:39 AM

Hi Cody,

Sorry, I wrote a response yesterday, but perhaps I then must have made a mistake as it wasn't posted somehow.

Yes, all look good now. I followed all your instructions, only the email password that we need to get to change, but we will fix that. The messenger is not sending out any messages and IE explorer looks fine.

Many thanks for your help, it seems all is resolved.

Kind regards
Ulf

#12 TheShooter93

TheShooter93

    Cody


  • Malware Response Team
  • 4,792 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Orlando, Florida
  • Local time:12:49 PM

Posted 10 July 2012 - 02:43 PM

Hello Ulf,

-------------------------------------------------------

Download Security Check by screen317 from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
-------------------------------------------------------

I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image
      icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.

CCNA R&SCCNA Security | Network+  |  B.S. - Information Technology | Cyber Security Engineer

If I am helping you and have not replied within 48 hours, please send me a private message.

 

 


#13 Ulf

Ulf
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:11:49 AM

Posted 10 July 2012 - 06:03 PM

Hi Cody,

Here is the Security Check log:


Results of screen317's Security Check version 0.99.42
Windows Vista Service Pack 2 x86 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
McAfee Anti-Virus and Anti-Spyware
WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
Out of date HijackThis installed!
Spybot - Search & Destroy
Malwarebytes Anti-Malware versão 1.61.0.1400
HijackThis 2.0.2
CCleaner
Google Chrome 19.0.1084.56
Google Chrome 20.0.1132.47
````````Process Check: objlist.exe by Laurent````````
Spybot Teatimer.exe is disabled!
McAfee Online Backup MOBKbackup.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: %
````````````````````End of Log``````````````````````

The ESET Online Scanner reported after the scan No threats, so no option was given for List threats, just the Finish button.

Cheers
Ulf

#14 TheShooter93

TheShooter93

    Cody


  • Malware Response Team
  • 4,792 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Orlando, Florida
  • Local time:12:49 PM

Posted 11 July 2012 - 07:42 AM

Hello Ulf,

The following will implement some cleanup procedures as well as reset System Restore points:

Click Start > Run and copy/paste the following bolded text into the Run box and click OK:

ComboFix /Uninstall

---------------------------------------------

Your machine appears clean!

Are you having any additional problems at this point? If so, please let me know. Otherwise feel free to enjoy use of your repaired machine :thumbup2:

The most common cause of an infected machine is the Trojan Horse, or programs which appear to be legitimate but which contain malicious payloads, or which are simply malicious in and of themselves. No antivirus, firewall, host-based intrusion prevention system (HIPS), or other security software can fully protect you against this kind of attack. The best way to project yourself is not to run email attachments from untrusted sources, and avoid software downloaded from the internet wherever possible. Remember, when you run an application, you are giving that application permission to do to your machine anything you can do the machine, including create, modify, or destroy files or other data. In the Windows (and most other systems' such as Unix) security model, applications don't have privileges, users do.

The second most common cause of infection is out of date software. Leaving your system unpatched leaves holes through which attackers can execute code on your behalf without your consent. This goes for far more than common targets such as Windows and Internet Explorer. Most recent threats target other third party software, such as Adobe's Adobe Reader, Shockwave Player, or Flash Player, or Oracle's Java browser plugins. You can check your system for out of date software manually, or by using automated tools such as Secunia's Personal Software Inspector. This goes doubly for security applications such as antivirus and other antimalware products based on definition lists, where out of date lists mean no detection of newer malware.

Finally, occasionally you will be forced to run some potentially infected binary, or attackers will use a hole which is unpatched by software vendors, so a last line of defense is needed. That means turning on a firewall (Windows Firewall included with Windows XP SP2 or later is fine) and leaving it on, and using and keeping up to date an antivirus solution such as Norton AntiVirus. Antiviral solutions don't even have to cost money; for instance Microsoft Secuity Essentials provides perfectly acceptable protection for free. If for some reason you don't like MSE, there are other free products available as well:
  • Avast (home use only)
  • Avira (shows nag screen to purchase full product when updating, home use only)
  • AVG (slightly poorer performance as of late)

That should be fine for the majority of users. However, if you absolutely want additional protection, consider one or more of the following products:
If you want more information on methods malware use to infect your computer, consider browsing our How did I get infected? topic.

CCNA R&SCCNA Security | Network+  |  B.S. - Information Technology | Cyber Security Engineer

If I am helping you and have not replied within 48 hours, please send me a private message.

 

 


#15 Ulf

Ulf
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:11:49 AM

Posted 13 July 2012 - 09:19 AM

Many thanks for your help with this.
Cheers
Ulf




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users