Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Duplicating files


  • This topic is locked This topic is locked
6 replies to this topic

#1 Strategy

Strategy

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:04:14 AM

Posted 06 February 2013 - 11:30 PM

Good day, this virus has been taking up space by duplicating files which is located in the C drive. I did several virus scans, but nothing was found. Is there anyway I can locate this virus?


DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 9.0.8112.16457 BrowserJavaVersion: 10.11.2
Run by Kenneth at 22:53:57 on 2013-02-06
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.2.1033.18.2037.969 [GMT -5:00]
.
AV: avast! Internet Security *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
AV: Advanced SystemCare Ultimate *Disabled/Updated* {1C304DC4-1D72-5DB9-B33A-43B638ECFD30}
SP: avast! Internet Security *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: avast! Internet Security *Disabled* {131692B0-0864-D491-4E21-3A3A1D8BBB47}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Hotspot Shield\bin\openvpnas.exe
C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe
C:\Program Files\Hotspot Shield\bin\hsswd.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\System32\WUDFHost.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\IObit\Advanced SystemCare Ultimate\Suo10_SmartRAM.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Hide My IP\HideMyIpSrv.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\conime.exe
C:\Windows\notepad.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k HPService
.
============== Pseudo HJT Report ===============
.
BHO: Coupon Companion Plugin: {11111111-1111-1111-1111-110211181104} - c:\program files\coupon companion plugin\Coupon Companion Plugin.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - <orphaned>
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Wajam: {A7A6995D-6EE1-4FD1-A258-49395D5BF99C} - c:\program files\wajam\ie\priam_bho.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - c:\program files\microsoft office\office14\URLREDIR.DLL
BHO: Advanced SystemCare Browser Protection: {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} - c:\program files\iobit\advanced systemcare ultimate\browerprotect\ASCPlugin_Protection.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
BHO: Hotspot Shield Class: {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - c:\program files\hotspot shield\hssie\HssIE.dll
TB: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [SmartRAM] "c:\program files\iobit\advanced systemcare ultimate\Suo10_SmartRAM.exe" /m
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /minimized /regrun
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\micros~2\office14\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
LSP: c:\windows\system32\HMIPCore.dll
TCP: Interfaces\{D6BAE132-5F16-467F-8ACB-A277EBD91AE6} : DHCPNameServer = 64.71.255.204 64.71.255.198
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Notify: igfxcui - igfxdev.dll
LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\24.0.1312.57\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\kenneth\appdata\roaming\mozilla\firefox\profiles\5klgpfks.default\
FF - plugin: c:\progra~1\micros~2\office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\micros~2\office14\NPSPWRAP.DLL
FF - plugin: c:\program files\google\update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: c:\programdata\nexonus\ngm\npNxGameUS.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_5_502_135.dll
FF - ExtSQL: 2012-12-27 21:23; ; c:\program files\fiddler2\FiddlerHook
FF - ExtSQL: 2012-12-31 20:42; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - ExtSQL: 2013-01-04 22:05; ; c:\program files\mozilla firefox\extensions\afurladvisor@anchorfree.com
FF - ExtSQL: 2013-02-01 16:51; ; c:\users\kenneth\appdata\roaming\mozilla\firefox\profiles\5klgpfks.default\extensions\ascsurfingprotection@iobit.com
.
============= SERVICES / DRIVERS ===============
.
R0 aswNdis;avast! Firewall NDIS Filter Service;c:\windows\system32\drivers\aswNdis.sys [2013-2-6 12112]
R0 aswNdis2;avast! Firewall Core Firewall Service;c:\windows\system32\drivers\aswNdis2.sys [2013-2-6 199320]
R0 SmartDefragDriver;SmartDefragDriver;c:\windows\system32\drivers\SmartDefragDriver.sys [2013-1-27 15672]
R1 aswKbd;aswKbd;c:\windows\system32\drivers\aswKbd.sys [2013-2-6 20624]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2013-2-6 738504]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2013-2-6 361032]
R1 HssDRV6;Hotspot Shield Routing Driver 6;c:\windows\system32\drivers\hssdrv6.sys [2013-1-10 36040]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2013-2-6 21256]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2013-2-6 58680]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2013-2-6 44808]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
R2 hshld;Hotspot Shield Service;c:\program files\hotspot shield\bin\openvpnas.exe [2013-1-10 533288]
R2 HssWd;Hotspot Shield Monitoring Service;c:\program files\hotspot shield\bin\hsswd.exe [2013-1-10 389928]
R3 taphss6;Anchorfree HSS VPN Adapter;c:\windows\system32\drivers\taphss6.sys [2013-1-10 37064]
RUnknown HideMyIpSRV;HideMyIpSRV; [x]
S1 aswFW;avast! TDI Firewall driver;c:\windows\system32\drivers\aswFW.sys [2013-2-6 106560]
S2 avast! Firewall;avast! Firewall;c:\program files\avast software\avast\afwServ.exe [2013-2-6 133912]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;"c:\program files\logmein hamachi\hamachi-2.exe" -s --> c:\program files\logmein hamachi\hamachi-2.exe [?]
S2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2013-1-23 398184]
S2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2013-1-23 682344]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2013-1-8 161536]
S3 CGVPNCliSrvc;CyberGhost VPN Client;c:\program files\cyberghost vpn\CGVPNCliService.exe [2013-1-6 2438696]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-1-23 21104]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2013-1-23 40776]
S3 WajamUpdater;WajamUpdater;c:\program files\wajam\updater\WajamUpdater.exe [2012-10-5 109064]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2013-02-07 03:26:11 -------- d-----w- c:\program files\ESET
2013-02-07 02:17:01 6991832 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{759b644f-e610-467a-a882-48f8f381f93d}\mpengine.dll
2013-02-07 02:02:47 106560 ----a-w- c:\windows\system32\drivers\aswFW.sys
2013-02-07 02:02:23 199320 ----a-w- c:\windows\system32\drivers\aswNdis2.sys
2013-02-07 02:02:22 738504 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2013-02-07 02:02:22 20624 ----a-w- c:\windows\system32\drivers\aswKbd.sys
2013-02-07 02:02:20 58680 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2013-02-07 02:01:29 41224 ----a-w- c:\windows\avastSS.scr
2013-02-07 02:01:29 12112 ----a-w- c:\windows\system32\drivers\aswNdis.sys
2013-02-07 02:00:37 -------- d-----w- c:\programdata\AVAST Software
2013-02-07 02:00:37 -------- d-----w- c:\program files\AVAST Software
2013-02-07 00:24:43 -------- d-----w- c:\users\kenneth\appdata\local\Razer
2013-02-02 02:54:17 353096 ----a-w- c:\windows\system32\drivers\bdfsfltr.sys
2013-02-02 02:51:59 340624 ----a-w- c:\windows\system32\drivers\trufos.sys
2013-02-01 20:59:21 -------- d-----w- c:\programdata\Nexon
2013-02-01 19:19:40 -------- d-----w- c:\programdata\NexonEU
2013-01-31 03:17:43 -------- d-----w- c:\windows\system32\Hotspot Shield
2013-01-29 03:35:29 -------- d-----r- c:\program files\Skype
2013-01-29 03:10:03 -------- d-----w- c:\users\kenneth\Tracing
2013-01-29 03:08:18 -------- d-----w- c:\program files\Microsoft
2013-01-29 03:08:02 -------- d-----w- c:\program files\Windows Live SkyDrive
2013-01-29 03:04:32 -------- d-----w- c:\program files\common files\Windows Live
2013-01-27 19:35:19 29528 ----a-w- c:\windows\system32\SmartDefragBootTime.exe
2013-01-27 19:34:39 15672 ----a-w- c:\windows\system32\drivers\SmartDefragDriver.sys
2013-01-27 19:16:34 -------- d-----w- c:\programdata\{D76294E6-03B8-4971-AF2E-3F846161A690}
2013-01-27 19:16:30 -------- d-----w- c:\programdata\{5A85B23A-4B58-47D1-9B9C-DFBD7866099F}
2013-01-27 19:16:29 -------- d-----w- c:\users\kenneth\appdata\roaming\IObit
2013-01-27 19:16:29 -------- d-----w- c:\programdata\IObit
2013-01-27 19:16:19 -------- d-----w- c:\program files\IObit
2013-01-27 18:21:10 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-01-26 22:31:01 -------- d-----w- c:\users\kenneth\appdata\roaming\.minecraft
2013-01-24 18:02:01 876032 ----a-w- c:\windows\system32\XpsPrint.dll
2013-01-24 18:02:00 219648 ----a-w- c:\windows\system32\d3d10_1core.dll
2013-01-24 18:02:00 1069056 ----a-w- c:\windows\system32\DWrite.dll
2013-01-24 18:01:59 683008 ----a-w- c:\windows\system32\d2d1.dll
2013-01-24 18:01:59 160768 ----a-w- c:\windows\system32\d3d10_1.dll
2013-01-24 18:01:59 1172480 ----a-w- c:\windows\system32\d3d10warp.dll
2013-01-24 03:08:32 -------- d-----w- c:\program files\Windows Portable Devices
2013-01-23 22:33:07 92672 ----a-w- c:\windows\system32\UIAnimation.dll
2013-01-23 22:33:07 3023360 ----a-w- c:\windows\system32\UIRibbon.dll
2013-01-23 22:33:07 1164800 ----a-w- c:\windows\system32\UIRibbonRes.dll
2013-01-23 22:16:22 5120 ----a-w- c:\windows\system32\wmi.dll
2013-01-23 22:16:22 157696 ----a-w- c:\windows\system32\imagehlp.dll
2013-01-23 22:16:22 12800 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2013-01-23 22:00:34 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2013-01-23 21:48:46 979456 ----a-w- c:\windows\system32\MFH264Dec.dll
2013-01-23 21:47:23 -------- d-----w- c:\windows\pss
2013-01-23 21:42:43 -------- d-----w- c:\users\kenneth\appdata\roaming\Malwarebytes
2013-01-23 21:42:32 -------- d-----w- c:\programdata\Malwarebytes
2013-01-23 21:42:31 21104 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-01-23 21:42:31 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2013-01-23 21:23:38 9728 ----a-w- c:\windows\system32\Wdfres.dll
2013-01-23 21:23:37 73216 ----a-w- c:\windows\system32\WUDFSvc.dll
2013-01-23 21:23:37 66560 ----a-w- c:\windows\system32\drivers\WUDFPf.sys
2013-01-23 21:23:37 172032 ----a-w- c:\windows\system32\WUDFPlatform.dll
2013-01-23 21:23:37 16896 ----a-w- c:\windows\system32\winusb.dll
2013-01-23 21:23:37 155136 ----a-w- c:\windows\system32\drivers\WUDFRd.sys
2013-01-23 21:23:36 613888 ----a-w- c:\windows\system32\WUDFx.dll
2013-01-23 21:23:36 526952 ----a-w- c:\windows\system32\drivers\Wdf01000.sys
2013-01-23 21:23:36 47720 ----a-w- c:\windows\system32\drivers\WdfLdr.sys
2013-01-23 21:23:36 38912 ----a-w- c:\windows\system32\WUDFCoinstaller.dll
2013-01-23 21:23:36 196608 ----a-w- c:\windows\system32\WUDFHost.exe
2013-01-23 21:23:10 -------- d-----w- c:\program files\MSXML 4.0
2013-01-23 00:48:59 69632 ----a-w- c:\windows\system32\drivers\bowser.sys
2013-01-23 00:48:57 23552 ----a-w- c:\windows\system32\mciseq.dll
2013-01-23 00:48:57 189952 ----a-w- c:\windows\system32\winmm.dll
2013-01-23 00:48:56 75264 ----a-w- c:\windows\system32\drivers\dfsc.sys
2013-01-23 00:48:38 623616 ----a-w- c:\windows\system32\localspl.dll
2013-01-23 00:48:22 1162240 ----a-w- c:\windows\system32\mfc42u.dll
2013-01-23 00:48:22 1136640 ----a-w- c:\windows\system32\mfc42.dll
2013-01-23 00:48:19 1205064 ----a-w- c:\windows\system32\ntdll.dll
2013-01-23 00:46:38 1169408 ----a-w- c:\windows\system32\sdclt.exe
2013-01-23 00:45:59 797696 ----a-w- c:\windows\system32\FntCache.dll
2013-01-23 00:45:58 288768 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2013-01-23 00:45:40 66560 ----a-w- c:\windows\system32\packager.dll
2013-01-23 00:45:37 954752 ----a-w- c:\windows\system32\mfc40.dll
2013-01-23 00:45:37 954288 ----a-w- c:\windows\system32\mfc40u.dll
2013-01-23 00:44:14 204288 ----a-w- c:\windows\system32\ncrypt.dll
2013-01-23 00:44:08 376320 ----a-w- c:\windows\system32\winsrv.dll
2013-01-23 00:44:03 1696256 ----a-w- c:\windows\system32\gameux.dll
2013-01-23 00:44:02 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2013-01-23 00:44:00 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2013-01-23 00:41:45 180736 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2013-01-23 00:41:40 677888 ----a-w- c:\windows\system32\mstsc.exe
2013-01-23 00:41:40 2067968 ----a-w- c:\windows\system32\mstscax.dll
2013-01-23 00:41:32 707584 ----a-w- c:\program files\common files\system\wab32.dll
2013-01-23 00:40:41 531968 ----a-w- c:\windows\system32\comctl32.dll
2013-01-23 00:40:39 440704 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2013-01-23 00:40:39 278528 ----a-w- c:\windows\system32\schannel.dll
2013-01-23 00:40:39 1259008 ----a-w- c:\windows\system32\lsasrv.dll
2013-01-23 00:40:38 9728 ----a-w- c:\windows\system32\lsass.exe
2013-01-23 00:40:38 72704 ----a-w- c:\windows\system32\secur32.dll
2013-01-23 00:40:35 231424 ----a-w- c:\windows\system32\msshsq.dll
2013-01-23 00:40:28 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-01-23 00:40:27 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-01-23 00:18:17 6991832 ----a-w- c:\programdata\microsoft\windows defender\definition updates\backup\mpengine.dll
2013-01-23 00:17:32 232336 ------w- c:\windows\system32\MpSigStub.exe
2013-01-23 00:13:17 613376 ----a-w- c:\windows\system32\rdpencom.dll
2013-01-22 23:55:02 2422272 ----a-w- c:\windows\system32\wucltux.dll
2013-01-22 23:54:11 88576 ----a-w- c:\windows\system32\wudriver.dll
2013-01-22 23:53:55 33792 ----a-w- c:\windows\system32\wuapp.exe
2013-01-22 23:53:55 171904 ----a-w- c:\windows\system32\wuwebv.dll
2013-01-21 00:12:50 -------- d-----w- C:\CFLog
2013-01-19 00:50:58 74072 ----a-w- c:\windows\system32\XAPOFX1_4.dll
2013-01-19 00:50:58 528216 ----a-w- c:\windows\system32\XAudio2_6.dll
2013-01-19 00:50:54 81768 ----a-w- c:\windows\system32\xinput1_3.dll
2013-01-19 00:50:54 4178264 ----a-w- c:\windows\system32\D3DX9_41.dll
2013-01-19 00:50:54 238936 ----a-w- c:\windows\system32\xactengine3_6.dll
2013-01-19 00:50:54 22360 ----a-w- c:\windows\system32\X3DAudio1_7.dll
2013-01-19 00:50:52 3495784 ----a-w- c:\windows\system32\d3dx9_33.dll
2013-01-19 00:50:44 -------- d-----w- c:\program files\Microsoft XNA
2013-01-19 00:19:56 -------- d-----w- c:\users\kenneth\appdata\local\CrashRpt
2013-01-19 00:17:52 -------- d-----w- c:\users\kenneth\KAG
2013-01-18 23:20:05 -------- d-----w- c:\program files\Z8Games
2013-01-18 22:59:23 -------- d-----w- c:\program files\BP DOWNLOADER
2013-01-18 03:57:12 -------- d-----w- c:\program files\common files\HP
2013-01-18 03:57:09 -------- d-----w- c:\program files\common files\Hewlett-Packard
2013-01-18 03:56:53 -------- d-----w- c:\windows\hpoj4500g510g-m
2013-01-18 03:55:42 -------- d-----w- c:\program files\HP
2013-01-13 03:28:11 -------- d-----w- C:\Ace of Spades
2013-01-12 22:55:22 -------- d-----w- c:\users\kenneth\appdata\local\Apple Computer
2013-01-12 22:54:49 26840 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2013-01-12 22:53:51 -------- d-----w- c:\program files\iPod
2013-01-12 22:53:46 -------- d-----w- c:\programdata\188F1432-103A-4ffb-80F1-36B633C5C9E1
2013-01-12 22:53:46 -------- d-----w- c:\program files\iTunes
2013-01-12 22:52:22 -------- d-----w- c:\users\kenneth\appdata\local\Apple
2013-01-12 22:48:56 -------- d-----w- c:\program files\Bonjour
2013-01-10 19:41:34 37064 ----a-w- c:\windows\system32\drivers\taphss6.sys
2013-01-10 19:27:44 36040 ----a-w- c:\windows\system32\drivers\hssdrv6.sys
.
==================== Find3M ====================
.
2013-01-23 21:48:45 98816 ----a-w- c:\windows\system32\mfps.dll
2013-01-06 17:06:13 224016 --s---r- c:\windows\system32\TABCTL32.OCX
2013-01-06 17:06:13 1010720 --s---r- c:\windows\system32\MSCHRT20.OCX
2013-01-06 17:06:12 152848 --s---r- c:\windows\system32\COMDLG32.OCX
2013-01-05 20:34:57 859072 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-01-05 20:34:57 779704 ----a-w- c:\windows\system32\deployJava1.dll
2012-12-29 21:50:22 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-12-29 21:50:22 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-12-26 22:30:25 3851784 ----a-w- c:\windows\system32\d3dx9_39.dll
2012-12-16 13:12:54 34304 ----a-w- c:\windows\system32\atmlib.dll
2012-12-16 10:50:29 293376 ----a-w- c:\windows\system32\atmfd.dll
2012-12-11 17:12:08 342288 ----a-w- c:\windows\system32\HMIPCore.dll
2012-11-23 01:35:53 2048000 ----a-w- c:\windows\system32\win32k.sys
2012-11-13 01:29:51 2048 ----a-w- c:\windows\system32\tzres.dll
.
============= FINISH: 22:54:29.55 ===============

BC AdBot (Login to Remove)

 


#2 The Dark Knight

The Dark Knight

    The Magician


  • Security Colleague
  • 661 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Krypton
  • Local time:11:14 PM

Posted 10 February 2013 - 04:21 AM

Hello and welcome to BleepingComputer. I am The Dark Knight and will be assisting you. Please ask questions if anything is unclear. :welcome:

 

What makes think you have a virus replicating files?

 

=====

 

IObit Security 360 is a rogue security program known to cause system problems and that had stolen material from other computer security companies to use in their own program.
IOBit Steals Malwarebytes’ Intellectual Property
IOBit’s Denial of Theft Unconvincing
The program has also been seen to cause numerous system problems that tend to go away after uninstalling their software.

Go to Start>Control Panel>Programs and Features>Programs and uninstall the following programs:
IObit Security 360
Advanced SystemCare

(or any program from IObit)

T-Tools has created a free program that has been designed specifically to remove every last trace of the entries of IObit programs left behind if and when you had decided to uninstall one or more of these programs. Please download BitRemover from here:
http://www.t-tools.nl/bitremoveren.php
Save the program to your Desktop and double-click on the program to run it.
 

=====

 

Please follow these instructions to run ComboFix.exe. Please visit this webpage for download links and instructions for running this tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix (CF).

Please go here to see a list of programs that need to be disabled.

**Note: Do not mouseclick ComboFix's window while it's running. That may cause it to stall.**

**Note 2: If you get a message saying "Illegal operation attempted on a registry key that has been marked for deletion", please restart your computer.**

Please include the C:\ComboFix.txt in your next reply for further review.
 


If you make yourself more than just a man, if you devote yourself to an ideal...you become something else entirely. A legend, Mr. Wayne, a legend!


If I have helped you please consider donating to the Neuroscience Research Institute.


Posted Image
Posted Image


#3 Strategy

Strategy
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:04:14 AM

Posted 10 February 2013 - 09:36 PM

Hey there, well I assume that I have this virus because every minute I've been losing space in my C drive.



#4 Strategy

Strategy
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:04:14 AM

Posted 10 February 2013 - 10:47 PM

I was unable to run combofix, due to the lag caused by the virus. I ended up reformatting my computer twice. I realized that after plugging in my USB device, the C drive starts to fill up. Is there anyway I can access the infected USB safely?

#5 The Dark Knight

The Dark Knight

    The Magician


  • Security Colleague
  • 661 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Krypton
  • Local time:11:14 PM

Posted 11 February 2013 - 12:28 AM

Good afternoon Strategy,

You can use the Panda Vaccine for USBs:

http://www.pandasecurity.com/homeusers/downloads/usbvaccine/

I recommend formatting your USB through Windows, and then applying the vaccine.


Let me know how that goes please.

If you make yourself more than just a man, if you devote yourself to an ideal...you become something else entirely. A legend, Mr. Wayne, a legend!


If I have helped you please consider donating to the Neuroscience Research Institute.


Posted Image
Posted Image


#6 The Dark Knight

The Dark Knight

    The Magician


  • Security Colleague
  • 661 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Krypton
  • Local time:11:14 PM

Posted 15 February 2013 - 04:52 PM

Are you still with us? This topic will be closed in a few days if we do not hear back from you.
 


If you make yourself more than just a man, if you devote yourself to an ideal...you become something else entirely. A legend, Mr. Wayne, a legend!


If I have helped you please consider donating to the Neuroscience Research Institute.


Posted Image
Posted Image


#7 The Dark Knight

The Dark Knight

    The Magician


  • Security Colleague
  • 661 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Krypton
  • Local time:11:14 PM

Posted 22 February 2013 - 04:15 PM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any [ulr=http://www.bleepingcomputer.com/forums/index.php?act=members&max_results=20&filter=9&sort_order=asc&sort_key=members_display_name]Moderator[/url] a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.


If you make yourself more than just a man, if you devote yourself to an ideal...you become something else entirely. A legend, Mr. Wayne, a legend!


If I have helped you please consider donating to the Neuroscience Research Institute.


Posted Image
Posted Image





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users