Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

TROJ_SIREFEF


  • This topic is locked This topic is locked
2 replies to this topic

#1 Luiserebii

Luiserebii

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:11:34 AM

Posted 09 July 2012 - 10:12 AM

I need some help. My antivirus, Trend Micro Titanium Maximum Security 2012, keeps detecting this virus and it seems to replicate every 4 minutes. Several days ago, the virus was logged as TROJ_SIREFEF.TS. However, it seems I now have a mix of replicating viruses, mainly TROJ_SIREFEF.GDL and BKDR_ZACCESS.FU. I've tried a full scan with MBAM before on safe mode when there was only TROJ_SIREFEF.TS. It picked up some viruses but not SIREFEF.TS it seems.

Also, the antivirus keeps deleting files in D:\Windows\Installer\{long string of numbers and letters}\00000001.@

the last part is also 80000000.@ at times. Attach.txt is attached.

Here's my log (DDS.txt):

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_31
Run by Luiserebii at 11:00:34 on 2012-07-09
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4056.2308 [GMT -4:00]
.
AV: Titanium Maximum Security *Enabled/Updated* {7193B549-236F-55EE-9AEC-F65279E59A92}
SP: Titanium Maximum Security *Enabled/Updated* {CAF254AD-0555-5A60-A05C-CD200262D02F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
D:\Windows\system32\wininit.exe
D:\Windows\system32\lsm.exe
D:\Windows\system32\svchost.exe -k DcomLaunch
D:\Windows\system32\svchost.exe -k RPCSS
D:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
D:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
D:\Windows\system32\svchost.exe -k netsvcs
D:\Windows\system32\svchost.exe -k LocalService
D:\Windows\system32\svchost.exe -k NetworkService
D:\Windows\System32\spoolsv.exe
D:\Program Files\Trend Micro\AMSP\coreServiceShell.exe
D:\Program Files\Trend Micro\UniClient\UiFrmWrk\uiWatchDog.exe
D:\Windows\system32\conhost.exe
D:\Program Files\Trend Micro\AMSP\coreFrameworkHost.exe
D:\Windows\system32\conhost.exe
D:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
D:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinService.exe
D:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
D:\Program Files\Bonjour\mDNSResponder.exe
D:\Windows\system32\dlcxcoms.exe
D:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
D:\Windows\system32\svchost.exe -k imgsvc
D:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe
D:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe
D:\Windows\SysWOW64\vmnat.exe
D:\Windows\SysWOW64\vmnetdhcp.exe
D:\Windows\system32\WUDFHost.exe
D:\Windows\system32\Dwm.exe
D:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesApp64.exe
D:\Windows\Explorer.EXE
D:\Windows\system32\taskhost.exe
D:\Program Files (x86)\Dell Photo AIO Printer 926\dlcxmon.exe
D:\Program Files (x86)\Dell Photo AIO Printer 926\memcard.exe
D:\Windows\System32\igfxtray.exe
D:\Windows\System32\hkcmd.exe
D:\Windows\System32\igfxpers.exe
D:\Program Files\Logitech\SetPointP\SetPoint.exe
D:\Program Files (x86)\RocketDock\RocketDock.exe
D:\Program Files (x86)\Skype\Phone\Skype.exe
D:\Program Files\Trend Micro\UniClient\UiFrmWrk\uiSeAgnt.exe
D:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
D:\Program Files\Rainmeter\Rainmeter.exe
D:\Program Files (x86)\Citrix\ICA Client\concentr.exe
D:\Windows\system32\SearchIndexer.exe
D:\Program Files (x86)\Launchy\Launchy.exe
D:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
D:\Program Files (x86)\TimeLeft3\TimeLeft.exe
D:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
D:\Program Files (x86)\Ask.com\Updater\Updater.exe
D:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe
D:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
D:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinSetup.exe
D:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
D:\Program Files (x86)\Mozilla Firefox\firefox.exe
D:\Program Files\Windows Media Player\wmpnetwk.exe
D:\Windows\system32\taskeng.exe
D:\Program Files\Trend Micro\Titanium\UIFramework\uiWinMgr.exe
D:\Windows\system32\taskeng.exe
D:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
D:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
D:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe
D:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe
D:\Windows\system32\SearchProtocolHost.exe
D:\Windows\system32\SearchFilterHost.exe
D:\Windows\system32\DllHost.exe
D:\Windows\system32\DllHost.exe
D:\Windows\SysWOW64\cmd.exe
D:\Windows\system32\conhost.exe
D:\Windows\SysWOW64\cscript.exe
D:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uInternet Settings,ProxyOverride = *.local
mWinlogon: Userinit=userinit.exe,
BHO: ContributeBHO Class: {074c1dc5-9320-4a9a-947d-c042949c6216} - D:\Program Files (x86)\Adobe\Adobe Contribute CS5.1\Plugins\IEPlugin\contributeieplugin.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - D:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: TmIEPlugInBHO Class: {1ca1377b-dc1d-4a52-9585-6e06050fac53} - D:\Program Files\Trend Micro\AMSP\Module\20004\2.0.1313\6.8.1078\TmIEPlg32.dll
BHO: TSToolbarBHO: {43c6d902-a1c5-45c9-91f6-fd9e90337e18} - D:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - D:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - D:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - D:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
BHO: TmBpIeBHO Class: {bbacbafd-fa5e-4079-8b33-00eb9f13d4ac} - D:\Program Files\Trend Micro\AMSP\Module\20002\7.1.1102\7.1.1102\TmBpIe32.dll
BHO: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - D:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - D:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - D:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: Trend Micro Toolbar: {ccac5586-44d7-4c43-b64a-f042461a97d2} - D:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll
TB: Contribute Toolbar: {517bdde4-e3a7-4570-b21e-2b52b6139fc7} - D:\Program Files (x86)\Adobe\Adobe Contribute CS5.1\Plugins\IEPlugin\contributeieplugin.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - D:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - D:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
uRun: [Xvid] D:\Program Files (x86)\Xvid\CheckUpdate.exe
uRun: [RocketDock] "D:\Program Files (x86)\RocketDock\RocketDock.exe"
uRun: [<NO NAME>] D:\
uRun: [DAEMON Tools Lite] "D:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
uRun: [Skype] "D:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
mRun: [APSDaemon] "D:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [ConnectionCenter] "D:\Program Files (x86)\Citrix\ICA Client\concentr.exe" /startup
mRun: [SwitchBoard] D:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun: [AdobeCS5.5ServiceManager] "D:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin
mRun: [Acrobat Assistant 8.0] "D:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe"
mRun: [<NO NAME>]
mRun: [Adobe ARM] "D:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [ApnUpdater] "D:\Program Files (x86)\Ask.com\Updater\Updater.exe"
mRun: [InstaLAN] "D:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe" startup
StartupFolder: D:\Users\LUISER~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Launchy.lnk - D:\Program Files (x86)\Launchy\Launchy.exe
StartupFolder: D:\Users\LUISER~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\LOGITE~1.LNK - D:\Program Files (x86)\Common Files\LogiShrd\eReg\SetPoint\eReg.exe
StartupFolder: D:\Users\LUISER~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~1.LNK - D:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
StartupFolder: D:\Users\LUISER~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\TimeLeft.lnk - D:\Program Files (x86)\TimeLeft3\TimeLeft.exe
StartupFolder: D:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\RAINME~1.LNK - D:\Program Files\Rainmeter\Rainmeter.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Add to Evernote 4.0 - D:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204
IE: Append Link Target to Existing PDF - D:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - D:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - D:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - D:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - D:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - D:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://D:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - D:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - D:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
LSP: L:\VMware\VMware Workstation\vsocklib.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
TCP: DhcpNameServer = 24.25.5.60 24.25.5.61
TCP: Interfaces\{BED74466-ED1B-4BF3-8D24-E24B707AFBF9} : DhcpNameServer = 24.25.5.60 24.25.5.61
TCP: Interfaces\{BED74466-ED1B-4BF3-8D24-E24B707AFBF9}\0596E656F5B4E6F6C6C6F553 : DhcpNameServer = 172.16.0.1
TCP: Interfaces\{BED74466-ED1B-4BF3-8D24-E24B707AFBF9}\2656C6B696E6E2234316E2765756374737 : DhcpNameServer = 192.168.169.1
TCP: Interfaces\{BED74466-ED1B-4BF3-8D24-E24B707AFBF9}\2656C6B696E6E2362336 : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{BED74466-ED1B-4BF3-8D24-E24B707AFBF9}\35562756269696723702E4564777F627B6 : DhcpNameServer = 192.168.2.1
Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - D:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - D:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - D:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - D:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - D:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - D:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - D:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - D:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - D:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - D:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - D:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - D:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - D:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - D:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - D:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - D:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - D:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - D:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - D:\Program Files\Trend Micro\AMSP\module\20002\7.1.1102\7.1.1102\TmBpIe32.dll
Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - D:\Program Files\Trend Micro\AMSP\module\20004\2.0.1313\6.8.1078\TmIEPlg32.dll
Handler: tmtb - {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} - D:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll
Handler: tmtbim - {0B37915C-8B98-4B9E-80D4-464D2C830D10} - D:\Program Files\Trend Micro\Titanium\UIFramework\ProToolbarIMRatingActiveX.dll
BHO-X64: ContributeBHO Class: {074C1DC5-9320-4A9A-947D-C042949C6216} - D:\Program Files (x86)\Adobe\Adobe Contribute CS5.1\Plugins\IEPlugin\contributeieplugin.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - D:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: TmIEPlugInBHO Class: {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - D:\Program Files\Trend Micro\AMSP\Module\20004\2.0.1313\6.8.1078\TmIEPlg32.dll
BHO-X64: Trend Micro NSC BHO - No File
BHO-X64: TSToolbarBHO: {43C6D902-A1C5-45c9-91F6-FD9E90337E18} - D:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll
BHO-X64: Trend Micro Toolbar BHO - No File
BHO-X64: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO-X64: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - D:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - D:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
BHO-X64: TmBpIeBHO Class: {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - D:\Program Files\Trend Micro\AMSP\Module\20002\7.1.1102\7.1.1102\TmBpIe32.dll
BHO-X64: TmBpIeBHO - No File
BHO-X64: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - D:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
BHO-X64: Ask Toolbar BHO - No File
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - D:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO-X64: SmartSelect - No File
TB-X64: Trend Micro Toolbar: {CCAC5586-44D7-4c43-B64A-F042461A97D2} - D:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll
TB-X64: Contribute Toolbar: {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - D:\Program Files (x86)\Adobe\Adobe Contribute CS5.1\Plugins\IEPlugin\contributeieplugin.dll
TB-X64: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - D:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB-X64: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - D:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
mRun-x64: [APSDaemon] "D:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [ConnectionCenter] "D:\Program Files (x86)\Citrix\ICA Client\concentr.exe" /startup
mRun-x64: [SwitchBoard] D:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun-x64: [AdobeCS5.5ServiceManager] "D:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin
mRun-x64: [Acrobat Assistant 8.0] "D:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe"
mRun-x64: [(Default)]
mRun-x64: [Adobe ARM] "D:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [ApnUpdater] "D:\Program Files (x86)\Ask.com\Updater\Updater.exe"
mRun-x64: [InstaLAN] "D:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe" startup
IE-X64: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://D:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204
.
================= FIREFOX ===================
.
FF - ProfilePath - D:\Users\Luiserebii\AppData\Roaming\Mozilla\Firefox\Profiles\n9zksz8r.default\
FF - plugin: D:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
FF - plugin: D:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: D:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll
FF - plugin: D:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: D:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: D:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: D:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
FF - plugin: D:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: D:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: D:\Program Files (x86)\Mozilla Firefox\plugins\npicaN.dll
FF - plugin: D:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll
FF - plugin: D:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension\components\npToolbarChrome.dll
FF - plugin: D:\Users\Luiserebii\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: D:\Users\Luiserebii\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - plugin: D:\Users\Luiserebii\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: D:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_262.dll
.
---- FIREFOX POLICIES ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
.
============= SERVICES / DRIVERS ===============
.
R0 PxHlpa64;PxHlpa64;D:\Windows\system32\Drivers\PxHlpa64.sys --> D:\Windows\system32\Drivers\PxHlpa64.sys [?]
R1 ctxusbm;Citrix USB Monitor Driver;D:\Windows\system32\DRIVERS\ctxusbm.sys --> D:\Windows\system32\DRIVERS\ctxusbm.sys [?]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;D:\Windows\system32\DRIVERS\dtsoftbus01.sys --> D:\Windows\system32\DRIVERS\dtsoftbus01.sys [?]
R1 tmevtmgr;tmevtmgr;D:\Windows\system32\DRIVERS\tmevtmgr.sys --> D:\Windows\system32\DRIVERS\tmevtmgr.sys [?]
R2 AdobeARMservice;Adobe Acrobat Update Service;D:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928]
R2 Amsp;Trend Micro Solution Platform;D:\Program Files\Trend Micro\AMSP\coreServiceShell.exe [2012-2-11 275912]
R2 cpuz135;cpuz135;\??\D:\Windows\system32\drivers\cpuz135_x64.sys --> D:\Windows\system32\drivers\cpuz135_x64.sys [?]
R2 dlcx_device;dlcx_device;D:\Windows\system32\dlcxcoms.exe -service --> D:\Windows\system32\dlcxcoms.exe -service [?]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;D:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe [2012-5-29 2143072]
R2 VMUSBArbService;VMware USB Arbitration Service;D:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe [2010-11-11 539248]
R3 anvsnddrv;AnvSoft Virtual Sound Device;D:\Windows\system32\drivers\anvsnddrv.sys --> D:\Windows\system32\drivers\anvsnddrv.sys [?]
R3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;D:\Windows\system32\DRIVERS\LEqdUsb.Sys --> D:\Windows\system32\DRIVERS\LEqdUsb.Sys [?]
R3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;D:\Windows\system32\DRIVERS\LHidEqd.Sys --> D:\Windows\system32\DRIVERS\LHidEqd.Sys [?]
R3 ManyCam;ManyCam Virtual Webcam;D:\Windows\system32\DRIVERS\mcvidrv_x64.sys --> D:\Windows\system32\DRIVERS\mcvidrv_x64.sys [?]
R3 mcaudrv_simple;ManyCam Virtual Microphone;D:\Windows\system32\drivers\mcaudrv_x64.sys --> D:\Windows\system32\drivers\mcaudrv_x64.sys [?]
R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;D:\Windows\system32\DRIVERS\netw5v64.sys --> D:\Windows\system32\DRIVERS\netw5v64.sys [?]
R3 OA013Ufd;Creative Camera OA013 Upper Filter Driver;D:\Windows\system32\DRIVERS\OA013Ufd.sys --> D:\Windows\system32\DRIVERS\OA013Ufd.sys [?]
R3 OA013Vid;Creative Camera OA013 Function Driver;D:\Windows\system32\DRIVERS\OA013Vid.sys --> D:\Windows\system32\DRIVERS\OA013Vid.sys [?]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;D:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys [2012-5-8 11856]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;D:\Windows\system32\DRIVERS\yk62x64.sys --> D:\Windows\system32\DRIVERS\yk62x64.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;D:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;D:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 SkypeUpdate;Skype Updater;D:\Program Files (x86)\Skype\Updater\Updater.exe [2012-5-3 158856]
S3 MozillaMaintenance;Mozilla Maintenance Service;D:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-5-5 113120]
S3 osppsvc;Office Software Protection Platform;D:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 pwdrvio;pwdrvio;\??\D:\Windows\system32\pwdrvio.sys --> D:\Windows\system32\pwdrvio.sys [?]
S3 pwdspio;pwdspio;\??\D:\Windows\system32\pwdspio.sys --> D:\Windows\system32\pwdspio.sys [?]
S3 SwitchBoard;Adobe SwitchBoard;D:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 TsUsbFlt;TsUsbFlt;D:\Windows\system32\drivers\tsusbflt.sys --> D:\Windows\system32\drivers\tsusbflt.sys [?]
S3 TsUsbGD;Remote Desktop Generic USB Device;D:\Windows\system32\drivers\TsUsbGD.sys --> D:\Windows\system32\drivers\TsUsbGD.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;D:\Windows\system32\Drivers\usbaapl64.sys --> D:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;D:\Windows\system32\Wat\WatAdminSvc.exe --> D:\Windows\system32\Wat\WatAdminSvc.exe [?]
.
=============== Created Last 30 ================
.
2012-07-06 21:03:03 -------- d-----w- D:\Users\Luiserebii\AppData\Roaming\DonationCoder
2012-07-06 21:03:00 -------- d-----w- D:\ProgramData\DonationCoder
2012-07-06 21:03:00 -------- d-----w- D:\Program Files (x86)\DesktopCoral
2012-07-06 21:00:51 -------- d-----w- D:\Users\Luiserebii\AppData\Roaming\7stacks
2012-07-06 20:58:53 -------- d-----w- D:\Program Files (x86)\Alastria Software
2012-07-06 20:38:53 -------- d-----w- D:\Program Files (x86)\AutoHotkey
2012-07-06 16:31:34 21520 ----a-w- D:\Windows\DCEBoot64.exe
2012-07-05 14:42:45 53248 ----a-r- D:\Users\Luiserebii\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
2012-07-05 14:42:19 18960 ----a-w- D:\Windows\System32\drivers\LNonPnP.sys
2012-07-05 14:39:50 -------- d-----w- D:\Users\Luiserebii\AppData\Roaming\Logishrd
2012-07-02 11:31:16 -------- d-sh--w- D:\Windows\System32\%APPDATA%
2012-07-02 02:14:13 -------- d-----w- D:\Users\Luiserebii\AppData\Local\ElevatedDiagnostics
2012-07-02 01:43:34 -------- d-----w- D:\Users\Luiserebii\AppData\Roaming\Malwarebytes
2012-07-02 01:12:27 -------- d-----w- D:\ProgramData\Malwarebytes
2012-07-02 01:12:25 24904 ----a-w- D:\Windows\System32\drivers\mbam.sys
2012-07-02 01:12:25 -------- d-----w- D:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-06-28 01:28:59 -------- d-----w- D:\Users\Luiserebii\AppData\Local\ManyCam
2012-06-28 01:28:57 -------- d-----w- D:\ProgramData\ManyCam
2012-06-28 01:28:55 -------- d-----w- D:\Users\Luiserebii\AppData\Roaming\ManyCam
2012-06-27 23:24:00 770384 ----a-w- D:\Program Files (x86)\Mozilla Firefox\msvcr100.dll
2012-06-27 23:24:00 421200 ----a-w- D:\Program Files (x86)\Mozilla Firefox\msvcp100.dll
2012-06-27 17:36:16 -------- d-----w- D:\ProgramData\CrypKey
2012-06-27 17:32:54 30272 ----a-w- D:\Windows\System32\Ckldrv.sys
2012-06-27 17:32:54 165888 ----a-r- D:\Windows\Ckconfig.exe
2012-06-27 17:32:54 126976 ----a-w- D:\Windows\System32\Crypserv.exe
2012-06-27 17:32:43 -------- d-----w- D:\ProgramData\AceReader Pro Deluxe Plus
2012-06-27 17:32:43 -------- d-----w- D:\Program Files (x86)\AceReader Pro Deluxe Plus
2012-06-26 16:15:44 2622464 ----a-w- D:\Windows\System32\wucltux.dll
2012-06-26 16:15:35 99840 ----a-w- D:\Windows\System32\wudriver.dll
2012-06-26 16:15:23 36864 ----a-w- D:\Windows\System32\wuapp.exe
2012-06-26 16:15:23 186752 ----a-w- D:\Windows\System32\wuwebv.dll
2012-06-25 21:03:49 -------- d-----w- D:\ProgramData\Belkin
2012-06-25 21:02:57 -------- d-----w- D:\ProgramData\Affinegy
2012-06-25 20:57:55 -------- d-----w- D:\Program Files (x86)\Belkin
2012-06-25 15:29:30 -------- d-----w- D:\Users\Luiserebii\AppData\Local\Diagnostics
2012-06-23 01:41:26 -------- d-----w- D:\Program Files (x86)\Launchy
2012-06-15 18:15:10 -------- d-----w- D:\Program Files (x86)\Ask.com
2012-06-15 18:14:51 -------- d-----w- D:\Users\Luiserebii\AppData\Local\APN
2012-06-15 18:14:44 -------- d-----w- D:\Program Files (x86)\ManyCam
2012-06-15 18:14:15 -------- d-----w- D:\ProgramData\Ask
2012-06-14 21:19:16 -------- d-----w- D:\Users\Luiserebii\AppData\Local\CrashRpt
2012-06-14 21:19:11 -------- d-sh--w- D:\Windows\SysWow64\AI_RecycleBin
2012-06-14 21:19:07 -------- d-----w- D:\Users\Luiserebii\AppData\Local\Procaster
2012-06-14 21:19:07 -------- d-----w- D:\Program Files (x86)\Livestream Procaster
2012-06-14 01:03:49 1462272 ----a-w- D:\Windows\System32\crypt32.dll
2012-06-14 01:02:59 210944 ----a-w- D:\Windows\System32\drivers\rdpwd.sys
2012-06-14 01:02:56 3216384 ----a-w- D:\Windows\System32\msi.dll
2012-06-14 01:02:56 2342400 ----a-w- D:\Windows\SysWow64\msi.dll
2012-06-13 18:32:24 -------- d-----w- D:\Users\Luiserebii\AppData\Local\WBFSManager
2012-06-13 18:31:57 -------- d-----w- D:\Program Files\WBFS
2012-06-13 18:30:54 -------- d-----w- D:\Users\Luiserebii\Stuff
2012-06-12 02:36:39 -------- d-----w- D:\Users\Luiserebii\AppData\Local\Macromedia
.
==================== Find3M ====================
.
2012-07-02 01:40:12 134672 ----a-w- D:\Windows\RegBootClean64.exe
2012-07-01 23:07:19 426184 ----a-w- D:\Windows\SysWow64\FlashPlayerApp.exe
2012-07-01 23:07:18 70344 ----a-w- D:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-05-30 00:46:48 34656 ----a-w- D:\Windows\System32\TURegOpt.exe
2012-05-30 00:46:46 35680 ----a-w- D:\Windows\System32\uxtuneup.dll
2012-05-30 00:46:46 29024 ----a-w- D:\Windows\SysWow64\uxtuneup.dll
2012-05-30 00:46:46 25952 ----a-w- D:\Windows\System32\authuitu.dll
2012-05-30 00:46:46 21344 ----a-w- D:\Windows\SysWow64\authuitu.dll
2012-05-18 02:06:48 2311680 ----a-w- D:\Windows\System32\jscript9.dll
2012-05-18 01:59:14 1392128 ----a-w- D:\Windows\System32\wininet.dll
2012-05-18 01:58:39 1494528 ----a-w- D:\Windows\System32\inetcpl.cpl
2012-05-18 01:55:22 173056 ----a-w- D:\Windows\System32\ieUnatt.exe
2012-05-18 01:51:30 2382848 ----a-w- D:\Windows\System32\mshtml.tlb
2012-05-17 22:45:37 1800192 ----a-w- D:\Windows\SysWow64\jscript9.dll
2012-05-17 22:35:47 1129472 ----a-w- D:\Windows\SysWow64\wininet.dll
2012-05-17 22:35:39 1427968 ----a-w- D:\Windows\SysWow64\inetcpl.cpl
2012-05-17 22:29:45 142848 ----a-w- D:\Windows\SysWow64\ieUnatt.exe
2012-05-17 22:24:45 2382848 ----a-w- D:\Windows\SysWow64\mshtml.tlb
2012-05-15 01:32:33 3146752 ----a-w- D:\Windows\System32\win32k.sys
2012-05-04 11:06:22 5559664 ----a-w- D:\Windows\System32\ntoskrnl.exe
2012-05-04 10:03:53 3968368 ----a-w- D:\Windows\SysWow64\ntkrnlpa.exe
2012-05-04 10:03:50 3913072 ----a-w- D:\Windows\SysWow64\ntoskrnl.exe
2012-05-01 05:40:20 209920 ----a-w- D:\Windows\System32\profsvc.dll
2012-04-26 05:41:56 77312 ----a-w- D:\Windows\System32\rdpwsx.dll
2012-04-26 05:41:55 149504 ----a-w- D:\Windows\System32\rdpcorekmts.dll
2012-04-26 05:34:27 9216 ----a-w- D:\Windows\System32\rdrmemptylst.exe
2012-04-24 05:37:37 184320 ----a-w- D:\Windows\System32\cryptsvc.dll
2012-04-24 05:37:37 140288 ----a-w- D:\Windows\System32\cryptnet.dll
2012-04-24 04:36:42 140288 ----a-w- D:\Windows\SysWow64\cryptsvc.dll
2012-04-24 04:36:42 1158656 ----a-w- D:\Windows\SysWow64\crypt32.dll
2012-04-24 04:36:42 103936 ----a-w- D:\Windows\SysWow64\cryptnet.dll
2012-04-22 14:46:03 329 ---h--w- D:\ProgramData\aoexp.tmp
2012-04-22 04:45:33 974848 ----a-w- D:\Windows\mfc70.dll
2012-04-19 00:56:30 94208 ----a-w- D:\Windows\SysWow64\QuickTimeVR.qtx
2012-04-19 00:56:30 69632 ----a-w- D:\Windows\SysWow64\QuickTime.qts
.
============= FINISH: 11:01:39.34 ===============






Thanks!

BC AdBot (Login to Remove)

 


#2 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:12:34 PM

Posted 09 July 2012 - 11:11 AM

Hi,

Please run the following:

Download Farbar Recovery Scan Tool and save it to a flash drive.

Plug the flashdrive into the infected PC.

Restart your computer and tap F8 to bring up the Advanced Menu, then click Repair your computer

Follow the prompt to enter keyboard input method, and then the prompt to enter a password. If the machine does not have a password, simply click Enter.

In the next menu, use the arrow keys on the keyboard to highlight Command Prompt and press Enter.

  • In the command window type in notepad and press Enter.
  • The notepad opens. Under File menu select Open.
  • Select "Computer" and find your flash drive letter and close the notepad.
  • In the command window type e:\frst64.exe and press Enter.
Note: Replace letter e with the drive letter of your flash drive.

  • The tool will start to run.
  • When the tool opens click Yes to disclaimer.
  • Uncheck the Whitlelist boxes next to Registry, Services, Drivers, and known DLL's
  • Place a check next to List Drivers MD5
  • Press Scan button.
  • It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#3 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:12:34 PM

Posted 15 July 2012 - 01:18 PM

Due to the lack of feedback, this topic is now closed.In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users