Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

iexplore.exe running hidden audio commercials


  • Please log in to reply
3 replies to this topic

#1 dyondeath

dyondeath

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:03:39 PM

Posted 09 October 2012 - 06:28 AM

Hi guys, I'm experiencing quite a bit of trouble I've ran malwarebytez and tdsskiller in order to remove several infections yet my computer is still experiencing massive data use from this pesky hidden iexplore.exe, it doesn't even appear in my normal processes under task manager, I have to access resource monitor in order to view the processes. I'm also experiencing blue screens periodically, I'm not sure if that has to do with infection or maybe hardware/driver problems, any assistance would be much appreciated.

I'm getting real tired of these audio commercials interrupting my daily computer activities. Not to mention the massive amount of lag generated from it.

BC AdBot (Login to Remove)

 


#2 dyondeath

dyondeath
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:03:39 PM

Posted 09 October 2012 - 06:44 AM

Sorry forgot to include the DDS.txt and attach.

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 1.6.0_17
Run by Lloyd at 4:34:59 on 2012-10-09
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.4094.2392 [GMT -7:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
D:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
C:\Windows\SysWOW64\svchost.exe -k netsvcs
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe
C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneService.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\sysWOW64\svchost.exe -k netsvc
C:\Windows\msisear.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\NETGEAR\WNDA3100v2\WifiSvc.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\Google\Update\1.3.21.123\GoogleCrashHandler.exe
C:\Program Files (x86)\Google\Update\1.3.21.123\GoogleCrashHandler64.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneCmd.exe
C:\Windows\system32\taskmgr.exe
C:\Windows\System32\perfmon.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Windows Live\Companion\companionuser.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\explorer.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\ProgramData\Xj14Tu0v.exe
C:\ProgramData\Xj14Tu0v.exe
C:\ProgramData\Xj14Tu0v.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: Google Gears Helper: {e0fefe40-fbf9-42ae-ba58-794ca7e3fb53} - C:\Program Files (x86)\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
dRun: [dplaysvr] C:\Windows\system32\config\systemprofile\AppData\Local\dplaysvr.exe
dRun: [dbbfbdaaaafcffdct] "C:\ProgramData\dbbfbdaaaafcffdct.exe"
dRun: [ldqeonjlvoyrytk] C:\ProgramData\ldqeonjl.exe
dRunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10n_ActiveX.exe -update activex
dExplorerRun: [Classes] C:\Windows\system32\config\systemprofile\AppData\Roaming\0E8052\0E8052.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - {0B4350D1-055F-47A3-B112-5F2F2B0D6F08} - C:\Program Files (x86)\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
LSP: mswsock.dll
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{5F4271DF-237A-4FF1-A1DC-D199D48611BD} : DhcpNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{5F4271DF-237A-4FF1-A1DC-D199D48611BD}\14D616E64627F69646 : DhcpNameServer = 192.168.2.254
TCP: Interfaces\{5F4271DF-237A-4FF1-A1DC-D199D48611BD}\75161616767686 : DhcpNameServer = 10.0.0.1
TCP: Interfaces\{5F4271DF-237A-4FF1-A1DC-D199D48611BD}\84F4D454D264241483 : DhcpNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{6E3A337D-BEE6-4D99-A124-3D7B44C885E7} : DhcpNameServer = 10.0.0.1
TCP: Interfaces\{8CDC9346-205C-4F5D-85CA-671B72B02CB4} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{ABE56550-9BCE-47C8-A0D5-CF9585C9E5E1} : DhcpNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{ABE56550-9BCE-47C8-A0D5-CF9585C9E5E1}\75161616767686 : DhcpNameServer = 10.0.0.1
TCP: Interfaces\{ABE56550-9BCE-47C8-A0D5-CF9585C9E5E1}\84F4D454D264241483 : DhcpNameServer = 75.75.75.75 75.75.76.76
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Overwolf\SKYPE4~2.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO-X64: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: Google Gears Helper: {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files (x86)\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll
BHO-X64: Google Gears Helper - No File
TB-X64: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Lloyd\AppData\Roaming\Mozilla\Firefox\Profiles\vps6um3x.default\
FF - prefs.js: browser.search.selectedEngine - Amazon.com
FF - prefs.js: browser.startup.homepage - google.com
FF - component: C:\Program Files (x86)\Google\Google Gears\Firefox\lib\ff36\gears.dll
FF - component: C:\Program Files (x86)\Mozilla Firefox\extensions\linkfilter@kaspersky.ru\components\KavLinkFilter.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.10516.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - plugin: C:\Program Files (x86)\Win7codecs\rm\browser\plugins\nppl3260.dll
FF - plugin: C:\Program Files (x86)\Win7codecs\rm\browser\plugins\nprpjplug.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Lloyd\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
FF - plugin: D:\Mozilla Plugins\npitunes.dll
.
---- FIREFOX POLICIES ----
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
============= SERVICES / DRIVERS ===============
.
P2 HiPatchService;Hi-Rez Studios Authenticate and Update Service;D:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [2012-10-8 8704]
R0 SCMNdisP;General NDIS Protocol Driver;C:\Windows\system32\DRIVERS\scmndisp.sys --> C:\Windows\system32\DRIVERS\scmndisp.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 Ias;MicroSoft EventLog Engine;C:\Windows\System32\svchost.exe -k netsvcs [2009-7-13 20992]
R2 LVPrcS64;Process Monitor;C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe [2009-10-7 191000]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-10-4 399432]
R2 SPService;SPService;C:\Windows\sysWOW64\svchost.exe -k netsvc --> C:\Windows\sysWOW64\svchost.exe -k netsvc [?]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-5-15 382272]
R2 W32Serv;Windows Search Scheduler;C:\Windows\msisear.exe [2012-10-4 306176]
R2 WSWNDA3100;WSWNDA3100;C:\Program Files (x86)\NETGEAR\WNDA3100v2\WifiSvc.exe [2011-10-22 272864]
R3 BCMH43XX;Broadcom 802.11 USB Network Adapter Driver;C:\Windows\system32\DRIVERS\bcmwlhigh664.sys --> C:\Windows\system32\DRIVERS\bcmwlhigh664.sys [?]
R3 LVPr2M64;Logitech LVPr2M64 Driver;C:\Windows\system32\DRIVERS\LVPr2M64.sys --> C:\Windows\system32\DRIVERS\LVPr2M64.sys [?]
R3 nvoclk64;NVIDIA Enthusiasts Platform KDM;C:\Windows\system32\DRIVERS\nvoclk64.sys --> C:\Windows\system32\DRIVERS\nvoclk64.sys [?]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-1-13 135664]
S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-10-4 676936]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-13 160944]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\Windows\system32\DRIVERS\ssudbus.sys --> C:\Windows\system32\DRIVERS\ssudbus.sys [?]
S3 fssfltr;fssfltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-1-13 135664]
S3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
S3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;C:\Windows\system32\DRIVERS\MijXfilt.sys --> C:\Windows\system32\DRIVERS\MijXfilt.sys [?]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\system32\drivers\rdpvideominiport.sys --> C:\Windows\system32\drivers\rdpvideominiport.sys [?]
S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);C:\Windows\system32\DRIVERS\ssudmdm.sys --> C:\Windows\system32\DRIVERS\ssudmdm.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S3 xsherlock;xsherlock;C:\Windows\System32\xsherlock.xem [2012-7-14 654944]
S4 OverwolfUpdaterService;Overwolf Updater Service;C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [2012-7-14 18360]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2012-10-09 08:49:06 -------- d-----w- C:\Windows\46ED2B6485C74E1F920CA555B21F2E4C.TMP
2012-10-09 07:04:59 9308616 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{C8F2A1FB-3465-4FA4-8B9A-789AA420EE27}\mpengine.dll
2012-10-08 14:37:26 -------- d-----w- C:\Down
2012-10-08 14:37:02 -------- d-----w- C:\Perfect World Entertainment
2012-10-08 13:46:10 -------- d-----w- C:\Program Files (x86)\Microsoft Chart Controls
2012-10-08 13:42:58 -------- d-----w- C:\ProgramData\Hi-Rez Studios
2012-10-08 13:07:41 -------- d-----w- C:\TDSSKiller_Quarantine
2012-10-08 12:45:34 -------- d-sh--w- C:\$RECYCLE.BIN
2012-10-08 12:38:28 -------- d-s---w- C:\ComboFix
2012-10-08 12:28:33 98816 ----a-w- C:\Windows\sed.exe
2012-10-08 12:28:33 518144 ----a-w- C:\Windows\SWREG.exe
2012-10-08 12:28:33 256000 ----a-w- C:\Windows\PEV.exe
2012-10-08 12:28:33 208896 ----a-w- C:\Windows\MBR.exe
2012-10-05 01:34:36 306176 ----a-w- C:\Windows\msisear.exe
2012-10-05 01:32:32 -------- d-----w- C:\Users\Lloyd\AppData\Local\SCE
2012-10-05 01:32:28 -------- d-----w- C:\Crash
2012-10-05 01:30:36 116224 ----a-w- C:\ProgramData\Xj14Tu0v.exe
2012-10-04 09:53:43 388096 ----a-r- C:\Users\Lloyd\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-10-04 09:53:43 -------- d-----w- C:\Program Files (x86)\Trend Micro
2012-10-03 02:54:16 -------- d-----w- C:\Users\Lloyd\AppData\Roaming\Tolida
2012-10-03 02:54:16 -------- d-----w- C:\Users\Lloyd\AppData\Roaming\Okyp
2012-10-03 02:54:16 -------- d-----w- C:\Users\Lloyd\AppData\Roaming\Nouq
2012-10-03 01:17:56 -------- d-----w- C:\Users\Lloyd\AppData\Roaming\Epload
2012-10-03 01:17:56 -------- d-----w- C:\Users\Lloyd\AppData\Roaming\Byygh
2012-10-03 01:17:56 -------- d-----w- C:\Users\Lloyd\AppData\Roaming\Asgegu
2012-09-29 00:27:06 43 ----a-w- C:\Windows\b.bat
2012-09-25 20:21:50 245760 ----a-w- C:\Windows\System32\OxpsConverter.exe
2012-09-23 19:38:38 -------- d-----w- C:\Program Files (x86)\Common Files\Overwolf
2012-09-19 07:15:51 -------- d-----w- C:\Users\Lloyd\AppData\Local\SKIDROW
2012-09-12 03:51:22 950128 ----a-w- C:\Windows\System32\drivers\ndis.sys
2012-09-12 03:51:21 41472 ----a-w- C:\Windows\System32\drivers\RNDISMP.sys
2012-09-12 03:51:19 574464 ----a-w- C:\Windows\System32\d3d10level9.dll
2012-09-12 03:51:19 490496 ----a-w- C:\Windows\SysWow64\d3d10level9.dll
2012-09-12 03:51:18 376688 ----a-w- C:\Windows\System32\drivers\netio.sys
2012-09-12 03:51:18 1913200 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2012-09-12 03:51:17 288624 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS
.
==================== Find3M ====================
.
2012-09-29 00:27:06 240201 ----a-w- C:\Windows\svcs.exe
2012-09-08 00:04:46 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-08-24 18:05:06 1188864 ----a-w- C:\Windows\System32\wininet.dll
2012-08-24 16:57:48 981504 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-08-24 15:59:30 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
2012-08-24 15:20:39 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-07-30 20:32:08 203104 ----a-w- C:\Windows\System32\drivers\ssudmdm.sys
2012-07-30 20:32:08 102240 ----a-w- C:\Windows\System32\drivers\ssudbus.sys
2012-07-18 18:15:06 3148800 ----a-w- C:\Windows\System32\win32k.sys
2012-07-14 23:27:21 654944 ----a-w- C:\Windows\SysWow64\xsherlock.xem
.
============= FINISH: 4:38:42.99 ===============

You have also submitted a request for help at Techguy.org.
http://forums.techguy.org/virus-other-malware-removal/1071985-bwahh-ultra-infected-crazy-hidden.html

Posting in more than one forum leads to duplication of effort and confusion. Please close the topic at Techguy.org if you want us to help you here.

nasdaq

Attached Files


Edited by nasdaq, 10 October 2012 - 09:58 AM.
Posts in duplicate forums.


#3 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:11:39 PM

Posted 10 October 2012 - 07:00 PM

Please read nasdaq's note at the bottom of the previous post.
Posted Image
m0le is a proud member of UNITE

#4 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:11:39 PM

Posted 13 October 2012 - 08:52 PM

Are you still there?
Posted Image
m0le is a proud member of UNITE




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users