Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Peerblock Shows Botnet


  • This topic is locked This topic is locked
4 replies to this topic

#1 iurnait

iurnait

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:04:36 PM

Posted 10 February 2013 - 02:17 PM

Peerblock is detecting botnet on Sibirskie Seti LTD (89.189.170.4) and botnet on VimpelCom (217.118.78.38)


DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16457  BrowserJavaVersion: 10.13.2
Run by Tianrui_Guo at 10:58:55 on 2013-02-10
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.4044.1402 [GMT -8:00]
.
AV: Norton Internet Security *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton Internet Security *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Internet Security *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\hasplms.exe
C:\Program Files (x86)\Norton Internet Security\Engine\20.2.1.22\ccSvcHst.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
C:\Windows\System32\WUDFHost.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Norton Internet Security\Engine\20.2.1.22\ccSvcHst.exe
C:\Windows\system32\Dwm.exe
C:\Windows\explorer.exe
C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files\PeerBlock\peerblock.exe
C:\Users\Tianrui_Guo\AppData\Roaming\BitTorrent\BitTorrent.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Users\Tianrui_Guo\AppData\Local\GitHub\PortableGit_93e8418133eb85e81a81e5e19c272776524496c6\bin\ssh-agent.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uWinlogon: Shell = expstart.exe
mWinlogon: Userinit = userinit.exe
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\20.2.1.22\coieplg.dll
BHO: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\20.2.1.22\ips\ipsbho.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\20.2.1.22\coieplg.dll
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\20.2.1.22\coieplg.dll
StartupFolder: C:\Users\TIANRU~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Tianrui_Guo\AppData\Roaming\Dropbox\bin\Dropbox.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {36ECAF82-3300-8F84-092E-AFF36D6C7040} - {86529161-034E-4F8A-88D2-3C625E612E04} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
TCP: NameServer = 68.105.28.12 68.105.29.12 68.105.28.11
TCP: Interfaces\{D11C824F-C468-470A-848F-73B3D8FD29C5} : NameServer = 208.67.222.222,208.67.220.220
TCP: Interfaces\{D11C824F-C468-470A-848F-73B3D8FD29C5} : DHCPNameServer = 68.105.28.12 68.105.29.12 68.105.28.11
TCP: Interfaces\{D11C824F-C468-470A-848F-73B3D8FD29C5}\341626C65675966496 : DHCPNameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{D11C824F-C468-470A-848F-73B3D8FD29C5}\35D45435F505F435F513 : DHCPNameServer = 10.0.1.1
TCP: Interfaces\{D11C824F-C468-470A-848F-73B3D8FD29C5}\644423730354 : DHCPNameServer = 68.105.28.12 68.105.29.12 68.105.28.11
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
x64-mStart Page = hxxp://start.toshiba.com/
x64-mDefault_Page_URL = hxxp://start.toshiba.com/
x64-mWinlogon: Userinit = C:\Windows\System32\userinit.exe
x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-BHO: {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - <orphaned>
x64-Run: [TCrdMain] C:\Program Files (x86)\TOSHIBA\FlashCards\TCrdMain.exe
x64-Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe /t
x64-Run: [cAudioFilterAgent] C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe
x64-Run: [IntelTBRunOnce] wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs"
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Tianrui_Guo\AppData\Roaming\Mozilla\Firefox\Profiles\0y29w42w.default\
FF - prefs.js: browser.startup.homepage - encrypted.google.com
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.124\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_149.dll
FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
FF - ExtSQL: 2013-01-22 19:36; {c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}; C:\Users\Tianrui_Guo\AppData\Roaming\Mozilla\Firefox\Profiles\0y29w42w.default\extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}.xpi
FF - ExtSQL: 2013-02-04 15:40; {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}; C:\Users\Tianrui_Guo\AppData\Roaming\Mozilla\Firefox\Profiles\0y29w42w.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF - ExtSQL: 2013-02-04 15:41; support@lastpass.com; C:\Users\Tianrui_Guo\AppData\Roaming\Mozilla\Firefox\Profiles\0y29w42w.default\extensions\support@lastpass.com
FF - ExtSQL: 2013-02-04 19:39; {73a6fe31-595d-460b-a920-fcc0f8843232}; C:\Users\Tianrui_Guo\AppData\Roaming\Mozilla\Firefox\Profiles\0y29w42w.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
FF - ExtSQL: 2013-02-04 19:39; https-everywhere@eff.org; C:\Users\Tianrui_Guo\AppData\Roaming\Mozilla\Firefox\Profiles\0y29w42w.default\extensions\https-everywhere@eff.org
.
============= SERVICES / DRIVERS ===============
.
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2013-1-21 56336]
R0 SymDS;Symantec Data Store;C:\Windows\System32\drivers\NISx64\1402010.016\symds64.sys [2013-1-18 493216]
R0 SymEFA;Symantec Extended File Attributes;C:\Windows\System32\drivers\NISx64\1402010.016\symefa64.sys [2013-1-18 1133216]
R0 tos_sps64;TOSHIBA tos_sps64 Service;C:\Windows\System32\drivers\tos_sps64.sys [2009-6-24 482384]
R0 vididr;Acronis Virtual Disk;C:\Windows\System32\drivers\vididr.sys [2012-11-11 210016]
R0 vidsflt53;Acronis Disk Storage Filter (53);C:\Windows\System32\drivers\vsflt53.sys [2012-11-11 141920]
R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.2.0.19\Definitions\BASHDefs\20130116.013\BHDrvx64.sys [2013-1-15 1388120]
R1 ccSet_NIS;Norton Internet Security Settings Manager;C:\Windows\System32\drivers\NISx64\1402010.016\ccsetx64.sys [2013-1-18 168096]
R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.2.0.19\Definitions\IPSDefs\20130208.001\IDSviA64.sys [2013-2-8 513184]
R1 SymIRON;Symantec Iron Driver;C:\Windows\System32\drivers\NISx64\1402010.016\ironx64.sys [2013-1-18 224416]
R1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\System32\drivers\NISx64\1402010.016\symnets.sys [2013-1-18 432800]
R2 aksdf;aksdf;C:\Windows\System32\drivers\aksdf.sys [2013-1-17 78208]
R2 hasplms;Sentinel Local License Manager;C:\Windows\System32\hasplms.exe  -run --> C:\Windows\System32\hasplms.exe  -run [?]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;C:\Windows\System32\drivers\LMIRfsDriver.sys [2013-1-29 72216]
R2 NIS;Norton Internet Security;C:\Program Files (x86)\Norton Internet Security\Engine\20.2.1.22\ccsvchst.exe [2013-1-18 143928]
R2 TurboB;Turbo Boost UI Monitor driver;C:\Windows\System32\drivers\TurboB.sys [2012-5-30 16168]
R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2012-11-20 2656280]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-11-28 138912]
R3 IntcDAud;Intel® Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2010-10-15 317440]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\Windows\System32\drivers\L1C62x64.sys [2010-11-8 76912]
R3 pbfilter;pbfilter;C:\Program Files\PeerBlock\pbfilter.sys [2013-1-22 24176]
R3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;C:\Windows\System32\drivers\rtl8192Ce.sys [2012-11-5 1109096]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 metasploitPostgreSQL;metasploitPostgreSQL;C:/METASP~1/POSTGR~1/bin/pg_ctl.exe runservice -N "metasploitPostgreSQL" -D "C:/METASP~1/POSTGR~1/data" --> C:/METASP~1/POSTGR~1/bin/pg_ctl.exe runservice -N metasploitPostgreSQL [?]
S3 anvsnddrv;AnvSoft Virtual Sound Device;C:\Windows\System32\drivers\anvsnddrv.sys [2013-1-22 33872]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\Windows\System32\drivers\ssudbus.sys [2012-9-19 102368]
S3 epmntdrv;epmntdrv;C:\Windows\System32\epmntdrv.sys [2013-1-14 17480]
S3 EuGdiDrv;EuGdiDrv;C:\Windows\System32\EuGdiDrv.sys [2013-1-14 9800]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2012-11-5 19456]
S3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);C:\Windows\System32\drivers\ssudmdm.sys [2012-9-19 203104]
S3 taphss6;Anchorfree HSS VPN Adapter;C:\Windows\System32\drivers\taphss6.sys [2013-1-19 42184]
S3 TMachInfo;TMachInfo;C:\Program Files (x86)\Toshiba\TOSHIBA Service Station\TMachInfo.exe [2012-11-13 54136]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2012-11-5 57856]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2012-11-5 30208]
S3 TurboBoost;Intel® Turbo Boost Technology Monitor 2.6;C:\Program Files\Intel\TurboBoost\TurboBoost.exe [2012-5-30 149544]
S3 VBoxUSB;VirtualBox USB;C:\Windows\System32\drivers\VBoxUSB.sys [2012-10-26 105816]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-11-5 1255736]
S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\System32\drivers\wdcsam64.sys [2008-5-6 14464]
.
=============== Created Last 30 ================
.
2013-02-10 18:29:26    --------    d-----w-    C:\Program Files\WinHTTrack
2013-02-09 18:05:41    --------    d-----w-    C:\Users\Tianrui_Guo\apktool
2013-02-09 17:55:10    92    ----a-w-    C:\Windows\apktool.bat
2013-02-09 17:55:10    854016    ----a-w-    C:\Windows\aapt.exe
2013-02-09 04:38:45    --------    d-----w-    C:\Users\Tianrui_Guo\AppData\Local\NeoSmart_Technologies
2013-02-07 03:33:30    925184    ----a-w-    C:\Windows\expstart.exe
2013-02-07 03:32:51    2871808    ----a-w-    C:\Windows\explorer.backup.exe
2013-02-07 01:43:13    --------    d-----w-    C:\ProgramData\PDF Architect
2013-02-07 01:36:34    --------    d-----w-    C:\Users\Tianrui_Guo\AppData\Roaming\PDF Architect
2013-02-07 00:53:32    --------    d-----w-    C:\Users\Tianrui_Guo\AppData\Roaming\pdfforge
2013-02-07 00:53:30    137000    ----a-w-    C:\Windows\SysWow64\MSMAPI32.OCX
2013-02-07 00:53:30    103936    ----a-w-    C:\Windows\System32\pdfcmon.dll
2013-02-07 00:53:29    23552    ----a-w-    C:\Windows\SysWow64\MSMPIDE.DLL
2013-02-07 00:53:29    --------    d-----w-    C:\Program Files (x86)\PDFCreator
2013-02-07 00:41:41    --------    d-----w-    C:\Users\Tianrui_Guo\AppData\Local\Programs
2013-02-07 00:23:35    --------    d-----w-    C:\Users\Tianrui_Guo\.freemind
2013-02-07 00:23:20    --------    d-----w-    C:\Program Files (x86)\FreeMind
2013-02-06 23:09:07    --------    d-----w-    C:\Users\Tianrui_Guo\AppData\Local\NPE
2013-02-06 22:47:48    --------    d-----w-    C:\Users\Tianrui_Guo\.swt
2013-02-05 03:07:12    332288    ----a-w-    C:\Windows\System32\uxtheme.dll.backup
2013-02-05 03:07:10    2851840    ----a-w-    C:\Windows\System32\themeui.dll.backup
2013-02-05 03:07:08    44544    ----a-w-    C:\Windows\System32\themeservice.dll.backup
2013-02-05 00:56:59    --------    d-----w-    C:\Users\Tianrui_Guo\AppData\Local\CrashRpt
2013-02-05 00:46:14    69464    ----a-w-    C:\Windows\SysWow64\XAPOFX1_3.dll
2013-02-05 00:46:14    515416    ----a-w-    C:\Windows\SysWow64\XAudio2_5.dll
2013-02-05 00:46:14    238936    ----a-w-    C:\Windows\SysWow64\xactengine3_5.dll
2013-02-05 00:46:14    1974616    ----a-w-    C:\Windows\SysWow64\D3DCompiler_42.dll
2013-02-05 00:46:14    1868128    ----a-w-    C:\Windows\SysWow64\d3dcsx_43.dll
2013-02-05 00:46:13    5501792    ----a-w-    C:\Windows\SysWow64\d3dcsx_42.dll
2013-02-04 22:36:15    --------    d-----w-    C:\ProgramData\Geevs
2013-02-04 22:36:11    --------    d-----w-    C:\Users\Tianrui_Guo\AppData\Local\SafeNet Sentinel
2013-02-04 22:36:11    --------    d-----w-    C:\ProgramData\SafeNet Sentinel
2013-02-04 20:35:41    --------    d-----w-    C:\Users\Tianrui_Guo\AppData\Roaming\BitTorrent
2013-02-04 20:20:11    108448    ----a-w-    C:\Windows\System32\WindowsAccessBridge-64.dll
2013-02-03 23:10:57    95648    ----a-w-    C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2013-02-03 01:02:36    --------    d-----w-    C:\Users\Tianrui_Guo\AppData\Roaming\Torque
2013-02-03 00:51:37    --------    d-----w-    C:\ProgramData\boost_interprocess
2013-02-01 04:19:38    --------    d-----w-    C:\Users\Tianrui_Guo\AppData\Roaming\Need for Speed World
2013-01-31 23:19:06    --------    d-----w-    C:\Users\Tianrui_Guo\AppData\Roaming\2K Sports
2013-01-31 03:32:53    --------    d-----w-    C:\Users\Tianrui_Guo\AppData\Local\Adobe
2013-01-30 22:58:51    --------    d-----w-    C:\Users\Tianrui_Guo\AppData\Roaming\OpenDNS Updater
2013-01-30 03:42:30    --------    d-----w-    C:\ProgramData\hsswpr_lock
2013-01-30 02:52:22    88600    ----a-w-    C:\Windows\System32\LMIRfsClientNP.dll
2013-01-30 02:52:22    72216    ----a-w-    C:\Windows\System32\drivers\LMIRfsDriver.sys
2013-01-30 02:52:22    60920    ----a-w-    C:\Windows\System32\Spool\prtprocs\x64\LMIproc.dll
2013-01-30 02:52:22    35832    ----a-w-    C:\Windows\System32\LMIport.dll
2013-01-30 02:52:20    84472    ----a-w-    C:\Windows\System32\LMIinit.dll
2013-01-30 01:34:36    --------    d-----w-    C:\Users\Tianrui_Guo\AppData\Local\CrashDumps
2013-01-25 02:41:31    737072    ----a-w-    C:\ProgramData\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore-2\Microsoft.MediaCenter.Sports.UI.dll
2013-01-23 01:57:22    --------    d-----w-    C:\Program Files\Sony
2013-01-23 01:18:26    --------    d-----w-    C:\Program Files\PeerBlock
2013-01-23 00:44:11    33872    ----a-w-    C:\Windows\System32\drivers\anvsnddrv.sys
2013-01-23 00:01:53    77656    ----a-w-    C:\Windows\System32\XAPOFX1_5.dll
2013-01-23 00:01:53    518488    ----a-w-    C:\Windows\System32\XAudio2_7.dll
2013-01-21 18:35:38    56336    ------w-    C:\Windows\System32\drivers\PxHlpa64.sys
2013-01-21 18:35:38    11376    ------w-    C:\Windows\System32\drivers\cdralw2k.sys
2013-01-21 18:35:38    10864    ------w-    C:\Windows\System32\drivers\cdr4_xp.sys
2013-01-21 18:35:37    --------    d-----w-    C:\Program Files (x86)\Common Files\Sonic Shared
2013-01-21 18:35:37    --------    d-----w-    C:\Program Files (x86)\Common Files\PX Storage Engine
2013-01-21 17:11:17    --------    d-----w-    C:\Users\Tianrui_Guo\AppData\Roaming\Process Hacker 2
2013-01-21 17:10:38    --------    d-----w-    C:\Users\Tianrui_Guo\AppData\Roaming\Disk Cleaner
2013-01-20 06:16:48    42184    ----a-w-    C:\Windows\System32\drivers\taphss6.sys
2013-01-19 19:39:55    --------    d-----w-    C:\Users\Tianrui_Guo\.android
2013-01-19 19:31:32    --------    d-----w-    C:\Users\Tianrui_Guo\.eclipse
2013-01-19 19:29:18    --------    d-----w-    C:\Program Files\eclipse
2013-01-18 23:01:08    --------    d-----w-    C:\Program Files (x86)\Audacity
2013-01-18 22:26:51    776864    ----a-w-    C:\Windows\System32\drivers\NISx64\1402010.016\srtsp64.sys
2013-01-18 22:26:51    493216    ----a-w-    C:\Windows\System32\drivers\NISx64\1402010.016\symds64.sys
2013-01-18 22:26:51    432800    ----a-w-    C:\Windows\System32\drivers\NISx64\1402010.016\symnets.sys
2013-01-18 22:26:51    37496    ----a-r-    C:\Windows\System32\drivers\NISx64\1402010.016\srtspx64.sys
2013-01-18 22:26:51    23448    ----a-r-    C:\Windows\System32\drivers\NISx64\1402010.016\symelam.sys
2013-01-18 22:26:51    224416    ----a-w-    C:\Windows\System32\drivers\NISx64\1402010.016\ironx64.sys
2013-01-18 22:26:51    168096    ----a-w-    C:\Windows\System32\drivers\NISx64\1402010.016\ccsetx64.sys
2013-01-18 22:26:51    1133216    ----a-w-    C:\Windows\System32\drivers\NISx64\1402010.016\symefa64.sys
2013-01-18 22:26:41    --------    d-----w-    C:\Windows\System32\drivers\NISx64\1402010.016
2013-01-18 03:40:51    --------    d-----w-    C:\ProgramData\CLSK
2013-01-18 03:24:10    159744    ----a-w-    C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin7.dll
2013-01-18 03:24:10    159744    ----a-w-    C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin6.dll
2013-01-18 03:24:10    159744    ----a-w-    C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin5.dll
2013-01-18 03:24:10    159744    ----a-w-    C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin4.dll
2013-01-18 03:24:10    159744    ----a-w-    C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin3.dll
2013-01-18 03:24:10    159744    ----a-w-    C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin2.dll
2013-01-18 03:24:10    159744    ----a-w-    C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin.dll
2013-01-18 03:10:35    78208    ----a-w-    C:\Windows\System32\drivers\aksdf.sys
2013-01-18 03:10:33    --------    d-----w-    C:\Program Files (x86)\Common Files\Aladdin Shared
2013-01-18 03:10:32    4941768    ----a-w-    C:\Windows\System32\hasplms.exe
2013-01-18 03:10:32    139592    ----a-w-    C:\Windows\System32\drivers\aksfridge.sys
2013-01-18 03:10:30    321536    ----a-w-    C:\Windows\System32\drivers\hardlock.sys
2013-01-18 03:10:27    198088    ----a-w-    C:\Windows\SysWow64\hlvdd.dll
2013-01-17 03:07:03    --------    d-----w-    C:\Users\Tianrui_Guo\.gimp-2.8
2013-01-17 03:05:40    --------    d-----w-    C:\Program Files\GIMP 2
2013-01-15 23:59:53    --------    d-----w-    C:\Users\Tianrui_Guo\AppData\Local\IsolatedStorage
2013-01-15 04:25:01    9800    ----a-w-    C:\Windows\System32\EuGdiDrv.sys
2013-01-15 04:25:01    9160    ----a-w-    C:\Windows\SysWow64\EuGdiDrv.sys
2013-01-15 04:25:01    87112    ----a-w-    C:\Windows\SysWow64\setupempdrv03.exe
2013-01-15 04:25:01    3376640    ----a-w-    C:\Windows\System32\BootMan.exe
2013-01-15 04:25:01    3316736    ----a-w-    C:\Windows\System32\¸´¼þ BootMan.exe
2013-01-15 04:25:01    2468520    ----a-w-    C:\Windows\SysWow64\BootMan.exe
2013-01-15 04:25:01    19840    ----a-w-    C:\Windows\SysWow64\EuEpmGdi.dll
2013-01-15 04:25:01    17480    ----a-w-    C:\Windows\System32\epmntdrv.sys
2013-01-15 04:25:01    16256    ----a-w-    C:\Windows\System32\EuEpmGdi.dll
2013-01-15 04:25:01    14920    ----a-w-    C:\Windows\SysWow64\epmntdrv.sys
2013-01-15 04:25:01    100936    ----a-w-    C:\Windows\System32\setupempdrvx64.exe
2013-01-15 04:02:46    19016    ----a-w-    C:\Windows\System32\drivers\sscdmdfl.sys
2013-01-15 04:02:46    172104    ----a-w-    C:\Windows\System32\drivers\sscdmdm.sys
2013-01-15 04:02:46    15944    ----a-w-    C:\Windows\System32\drivers\sscdwhnt.sys
2013-01-15 04:02:46    15432    ----a-w-    C:\Windows\System32\drivers\sscdcmnt.sys
2013-01-15 04:02:46    136264    ----a-w-    C:\Windows\System32\drivers\sscdbus.sys
2013-01-15 04:02:16    --------    d-----w-    C:\Program Files (x86)\MarkAny
2013-01-13 20:31:47    348160    ----a-w-    C:\Windows\SysWow64\msvcr71.dll
2013-01-13 20:29:45    --------    d-----w-    C:\Users\Tianrui_Guo\.ssh
2013-01-13 02:29:00    --------    d-----w-    C:\Users\Tianrui_Guo\AppData\Roaming\Samsung
2013-01-13 02:25:09    4659712    ----a-w-    C:\Windows\SysWow64\Redemption.dll
2013-01-13 02:24:40    --------    d-----w-    C:\Program Files (x86)\Samsung
.
==================== Find3M  ====================
.
2013-02-09 17:27:29    74096    ----a-w-    C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-02-09 17:27:29    697712    ----a-w-    C:\Windows\SysWow64\FlashPlayerApp.exe
2013-02-05 03:07:12    332288    ----a-w-    C:\Windows\System32\uxtheme.dll
2013-02-05 03:07:10    2851840    ----a-w-    C:\Windows\System32\themeui.dll
2013-02-05 03:07:08    44544    ----a-w-    C:\Windows\System32\themeservice.dll
2013-02-04 20:20:03    963488    ----a-w-    C:\Windows\System32\deployJava1.dll
2013-02-04 20:20:03    1085344    ----a-w-    C:\Windows\System32\npDeployJava1.dll
2013-02-03 23:10:54    861088    ----a-w-    C:\Windows\SysWow64\npDeployJava1.dll
2013-02-03 23:10:54    782240    ----a-w-    C:\Windows\SysWow64\deployJava1.dll
2013-01-10 19:33:50    42696    ----a-w-    C:\Windows\System32\drivers\hssdrv6.sys
2012-12-19 22:48:44    237992    ----a-w-    C:\Windows\System32\drivers\VBoxDrv.sys
2012-12-19 22:47:20    204200    ----a-w-    C:\Windows\System32\VBoxNetFltNobj.dll
2012-12-19 22:47:20    146856    ----a-w-    C:\Windows\System32\drivers\VBoxNetFlt.sys
2012-12-19 22:47:20    132008    ----a-w-    C:\Windows\System32\drivers\VBoxNetAdp.sys
2012-12-19 22:47:20    120232    ----a-w-    C:\Windows\System32\drivers\VBoxUSBMon.sys
2012-12-16 17:11:22    46080    ----a-w-    C:\Windows\System32\atmlib.dll
2012-12-16 14:45:03    367616    ----a-w-    C:\Windows\System32\atmfd.dll
2012-12-16 14:13:28    295424    ----a-w-    C:\Windows\SysWow64\atmfd.dll
2012-12-16 14:13:20    34304    ----a-w-    C:\Windows\SysWow64\atmlib.dll
2012-12-07 13:20:16    441856    ----a-w-    C:\Windows\System32\Wpc.dll
2012-12-07 13:15:31    2746368    ----a-w-    C:\Windows\System32\gameux.dll
2012-12-07 12:26:17    308736    ----a-w-    C:\Windows\SysWow64\Wpc.dll
2012-12-07 12:20:43    2576384    ----a-w-    C:\Windows\SysWow64\gameux.dll
2012-12-07 11:20:04    30720    ----a-w-    C:\Windows\System32\usk.rs
2012-12-07 11:20:03    43520    ----a-w-    C:\Windows\System32\csrr.rs
2012-12-07 11:20:03    23552    ----a-w-    C:\Windows\System32\oflc.rs
2012-12-07 11:20:01    45568    ----a-w-    C:\Windows\System32\oflc-nz.rs
2012-12-07 11:20:01    44544    ----a-w-    C:\Windows\System32\pegibbfc.rs
2012-12-07 11:20:01    20480    ----a-w-    C:\Windows\System32\pegi-fi.rs
2012-12-07 11:20:00    20480    ----a-w-    C:\Windows\System32\pegi-pt.rs
2012-12-07 11:19:59    20480    ----a-w-    C:\Windows\System32\pegi.rs
2012-12-07 11:19:58    46592    ----a-w-    C:\Windows\System32\fpb.rs
2012-12-07 11:19:57    40960    ----a-w-    C:\Windows\System32\cob-au.rs
2012-12-07 11:19:57    21504    ----a-w-    C:\Windows\System32\grb.rs
2012-12-07 11:19:57    15360    ----a-w-    C:\Windows\System32\djctq.rs
2012-12-07 11:19:56    55296    ----a-w-    C:\Windows\System32\cero.rs
2012-12-07 11:19:55    51712    ----a-w-    C:\Windows\System32\esrb.rs
2012-11-30 05:45:35    362496    ----a-w-    C:\Windows\System32\wow64win.dll
2012-11-30 05:45:35    243200    ----a-w-    C:\Windows\System32\wow64.dll
2012-11-30 05:45:35    13312    ----a-w-    C:\Windows\System32\wow64cpu.dll
2012-11-30 05:45:14    215040    ----a-w-    C:\Windows\System32\winsrv.dll
2012-11-30 05:43:12    16384    ----a-w-    C:\Windows\System32\ntvdm64.dll
2012-11-30 05:41:07    424448    ----a-w-    C:\Windows\System32\KernelBase.dll
2012-11-30 04:54:00    5120    ----a-w-    C:\Windows\SysWow64\wow32.dll
2012-11-30 04:53:59    274944    ----a-w-    C:\Windows\SysWow64\KernelBase.dll
2012-11-30 03:23:48    338432    ----a-w-    C:\Windows\System32\conhost.exe
2012-11-30 02:44:06    25600    ----a-w-    C:\Windows\SysWow64\setup16.exe
2012-11-30 02:44:04    7680    ----a-w-    C:\Windows\SysWow64\instnm.exe
2012-11-30 02:44:04    14336    ----a-w-    C:\Windows\SysWow64\ntvdm64.dll
2012-11-30 02:44:03    2048    ----a-w-    C:\Windows\SysWow64\user.exe
2012-11-30 02:38:59    6144    ---ha-w-    C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2012-11-30 02:38:59    4608    ---ha-w-    C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2012-11-30 02:38:59    3584    ---ha-w-    C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2012-11-30 02:38:59    3072    ---ha-w-    C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2012-11-29 19:56:30    35616    ----a-w-    C:\Windows\System32\lmimirr.dll
2012-11-29 19:56:30    14624    ----a-w-    C:\Windows\System32\lmimirr2.dll
2012-11-29 19:56:30    11552    ----a-w-    C:\Windows\System32\drivers\lmimirr.sys
2012-11-23 03:26:31    3149824    ----a-w-    C:\Windows\System32\win32k.sys
2012-11-23 03:13:57    68608    ----a-w-    C:\Windows\System32\taskhost.exe
2012-11-22 05:44:23    800768    ----a-w-    C:\Windows\System32\usp10.dll
2012-11-22 04:45:03    626688    ----a-w-    C:\Windows\SysWow64\usp10.dll
2012-11-20 05:48:49    307200    ----a-w-    C:\Windows\System32\ncrypt.dll
2012-11-20 04:51:09    220160    ----a-w-    C:\Windows\SysWow64\ncrypt.dll
2012-11-14 06:11:44    2312704    ----a-w-    C:\Windows\System32\jscript9.dll
2012-11-14 06:04:11    1392128    ----a-w-    C:\Windows\System32\wininet.dll
2012-11-14 06:02:49    1494528    ----a-w-    C:\Windows\System32\inetcpl.cpl
2012-11-14 05:57:46    599040    ----a-w-    C:\Windows\System32\vbscript.dll
2012-11-14 05:57:35    173056    ----a-w-    C:\Windows\System32\ieUnatt.exe
2012-11-14 05:52:40    2382848    ----a-w-    C:\Windows\System32\mshtml.tlb
2012-11-14 02:09:22    1800704    ----a-w-    C:\Windows\SysWow64\jscript9.dll
2012-11-14 01:58:15    1427968    ----a-w-    C:\Windows\SysWow64\inetcpl.cpl
2012-11-14 01:57:37    1129472    ----a-w-    C:\Windows\SysWow64\wininet.dll
2012-11-14 01:49:25    142848    ----a-w-    C:\Windows\SysWow64\ieUnatt.exe
2012-11-14 01:48:27    420864    ----a-w-    C:\Windows\SysWow64\vbscript.dll
2012-11-14 01:44:42    2382848    ----a-w-    C:\Windows\SysWow64\mshtml.tlb
.
============= FINISH: 11:00:07.77 ===============

 



BC AdBot (Login to Remove)

 


#2 The Dark Knight

The Dark Knight

    The Magician


  • Security Colleague
  • 661 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Krypton
  • Local time:11:36 AM

Posted 15 February 2013 - 04:05 AM

Hello and welcome to BleepingComputer. I am The Dark Knight and will be assisting you. Please ask questions if anything is unclear. welcome.gif

Please follow these instructions to run ComboFix.exe. Please visit this webpage for download links and instructions for running this tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix (CF).

Please go here to see a list of programs that need to be disabled.

**Note: Do not mouseclick ComboFix's window while it's running. That may cause it to stall.**

**Note 2: If you get a message saying "Illegal operation attempted on a registry key that has been marked for deletion", please restart your computer.**

Please include the C:\ComboFix.txt in your next reply for further review.

=====

Also, please download Malwarebytes Anti-Rootkit here.
  • Unzip the contents to a folder on the Desktop.
  • Open the folder where the contents were unzipped and run mbar.exe ( right-click and select Run as administrator for Vista and Windows 7).
  • Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
  • Click on the Cleanup button to remove any threats and reboot if prompted to do so.
  • Wait while the system shuts down and the cleanup process is performed.
  • Please post the two logs produced.
  • Please note: This tool is still in BETA mode, so please ensure you have backed up any important files.

    =====

    In your reply please provide the contents of the following logs:
    • ComboFix.txt.
    • Both MBAR logs.
    How is your computer currently running?

If you make yourself more than just a man, if you devote yourself to an ideal...you become something else entirely. A legend, Mr. Wayne, a legend!


If I have helped you please consider donating to the Neuroscience Research Institute.


Posted Image
Posted Image


#3 The Dark Knight

The Dark Knight

    The Magician


  • Security Colleague
  • 661 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Krypton
  • Local time:11:36 AM

Posted 19 February 2013 - 03:19 PM

Are you still with us? This topic will be closed in a few days if we do not hear back from you.


If you make yourself more than just a man, if you devote yourself to an ideal...you become something else entirely. A legend, Mr. Wayne, a legend!


If I have helped you please consider donating to the Neuroscience Research Institute.


Posted Image
Posted Image


#4 The Dark Knight

The Dark Knight

    The Magician


  • Security Colleague
  • 661 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Krypton
  • Local time:11:36 AM

Posted 23 February 2013 - 04:25 PM

Just a side note: I am away until Tuesday.


If you make yourself more than just a man, if you devote yourself to an ideal...you become something else entirely. A legend, Mr. Wayne, a legend!


If I have helped you please consider donating to the Neuroscience Research Institute.


Posted Image
Posted Image


#5 The Dark Knight

The Dark Knight

    The Magician


  • Security Colleague
  • 661 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Krypton
  • Local time:11:36 AM

Posted 01 March 2013 - 05:53 PM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any [ulr=http://www.bleepingcomputer.com/forums/index.php?act=members&max_results=20&filter=9&sort_order=asc&sort_key=members_display_name]Moderator[/url] a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.


If you make yourself more than just a man, if you devote yourself to an ideal...you become something else entirely. A legend, Mr. Wayne, a legend!


If I have helped you please consider donating to the Neuroscience Research Institute.


Posted Image
Posted Image





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users