Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Suspect Malware or Rootkit... Pls Help...

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Suspect Malware or Rootkit... Pls Help...

Unread postby mrlucky » March 31st, 2011, 10:46 pm

.
DDS (Ver_11-03-05.01) - NTFSx86
Run by Robert at 19:30:12.98 on Thu 03/31/2011
Internet Explorer: 8.0.6001.19019
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.1013.258 [GMT -7:00]
.
AV: Norton 360 Premier Edition *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton 360 Premier Edition *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton 360 Premier Edition *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Norton 360 Premier Edition\Engine\5.0.1.4\ccSvcHst.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\taskeng.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Norton 360 Premier Edition\Engine\5.0.1.4\ccSvcHst.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Launch Manager\LManager.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\ehome\ehmsas.exe
C:\Users\Robert\AppData\Local\Temp\RtkBtMnt.exe
C:\Windows\system32\igfxext.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10o_ActiveX.exe
C:\Users\Robert\Desktop\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton 360 premier edition\engine\5.0.1.4\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton 360 premier edition\engine\5.0.1.4\ips\IPSBHO.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton 360 premier edition\engine\5.0.1.4\coIEPlg.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe -s
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 10.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [LManager] c:\progra~1\launch~1\LManager.exe
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
StartupFolder: c:\users\robert\appdata\roaming\micros~1\windows\startm~1\programs\startup\stardo~1.lnk - c:\program files\stardock\objectdockfree\ObjectDock.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Notify: igfxcui - igfxdev.dll
STS: ObjectDockShlExt Class: {1984d045-52cf-49cd-db77-08f378fea4db} - c:\program files\stardock\objectdockfree\ODMenu.dll
.
============= SERVICES / DRIVERS ===============
.
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\n360\0500010.004\SymDS.sys [2011-3-29 340016]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\n360\0500010.004\SymEFA.sys [2011-3-29 652336]
R1 BHDrvx86;BHDrvx86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_5.0.1.4\definitions\bashdefs\20110309.001\BHDrvx86.sys [2011-2-25 800376]
R1 IDSVix86;IDSVix86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_5.0.1.4\definitions\ipsdefs\20110330.001\IDSvix86.sys [2011-3-31 353912]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\n360\0500010.004\Ironx86.sys [2011-3-29 136312]
R1 SYMTDIv;Symantec Vista Network Dispatch Driver;c:\windows\system32\drivers\n360\0500010.004\symtdiv.sys [2011-3-29 330360]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2011-3-29 102448]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-3-30 20952]
.
=============== Created Last 30 ================
.
2011-03-31 22:17:59 -------- d-----w- c:\users\robert\appdata\local\CrashDumps
2011-03-31 03:05:04 -------- d-----w- c:\users\robert\appdata\local\Google
2011-03-31 01:47:13 -------- d-----w- c:\users\robert\appdata\roaming\Malwarebytes
2011-03-31 01:46:55 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-03-31 01:46:54 -------- d-----w- c:\progra~2\Malwarebytes
2011-03-31 01:46:50 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-03-31 01:46:50 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-03-31 01:33:33 -------- d-----w- c:\users\robert\appdata\roaming\Tific
2011-03-31 00:45:52 -------- d-----w- c:\program files\BreakPoint Software
2011-03-30 23:19:01 -------- d-----w- c:\users\robert\appdata\local\ODUI
2011-03-30 23:18:46 -------- d-----w- c:\users\robert\appdata\local\Stardock
2011-03-30 23:18:29 -------- d-----w- c:\users\robert\appdata\roaming\Stardock
2011-03-30 23:17:46 -------- d-----w- c:\users\robert\appdata\local\PackageAware
2011-03-30 22:49:42 -------- d-----w- c:\program files\MagicISO
2011-03-30 21:34:26 -------- d-----w- c:\program files\Magical Jelly Bean
2011-03-30 18:48:10 -------- d-----w- c:\program files\Launch Manager
2011-03-30 04:50:53 -------- d-----w- c:\program files\DVDFab 8
2011-03-30 02:49:29 749832 ----a-w- c:\progra~2\microsoft\ehome\packages\mcespotlight\mcespotlight\SpotlightResources.dll
2011-03-30 02:49:16 416128 ----a-w- c:\progra~2\microsoft\ehome\packages\nettv\browse\NetTVResources.dll
2011-03-30 02:35:56 -------- d-----w- c:\users\robert\appdata\local\Adobe
2011-03-30 00:35:39 920088 ----a-w- c:\windows\system32\igxpun.exe
2011-03-30 00:35:39 -------- d-----w- c:\windows\system32\x64
2011-03-30 00:35:31 319456 ----a-w- c:\windows\system32\difxapi.dll
2011-03-30 00:32:15 356352 ----a-w- c:\windows\EMCRI.dll
2011-03-30 00:08:30 -------- d-----w- c:\windows\BisonCam
2011-03-30 00:01:11 90112 ----a-w- c:\windows\system\BisonVfw.dll
2011-03-30 00:01:11 806320 ----a-w- c:\windows\system32\drivers\BisonCam.sys
2011-03-30 00:01:11 176128 ----a-w- c:\windows\system32\BisonRem.dll
2011-03-30 00:01:11 126976 ----a-w- c:\windows\system\BisonCam.dll
2011-03-30 00:01:10 180224 ----a-w- c:\windows\system\StillDrv.dll
2011-03-30 00:01:09 -------- d-----w- c:\windows\Options
2011-03-29 23:50:40 -------- d-----w- c:\windows\system32\RTCOM
2011-03-29 18:12:06 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2011-03-29 18:12:02 126512 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2011-03-29 18:12:02 -------- d-----w- c:\program files\Symantec
2011-03-29 18:12:02 -------- d-----w- c:\program files\common files\Symantec Shared
2011-03-29 18:11:37 652336 ----a-r- c:\windows\system32\drivers\n360\0500010.004\SymEFA.sys
2011-03-29 18:11:37 509560 ----a-r- c:\windows\system32\drivers\n360\0500010.004\srtsp.sys
2011-03-29 18:11:37 50168 ----a-r- c:\windows\system32\drivers\n360\0500010.004\srtspx.sys
2011-03-29 18:11:37 340016 ----a-r- c:\windows\system32\drivers\n360\0500010.004\SymDS.sys
2011-03-29 18:11:37 330360 ----a-r- c:\windows\system32\drivers\n360\0500010.004\symtdiv.sys
2011-03-29 18:11:37 295032 ----a-r- c:\windows\system32\drivers\n360\0500010.004\symnets.sys
2011-03-29 18:11:37 136312 ----a-r- c:\windows\system32\drivers\n360\0500010.004\Ironx86.sys
2011-03-29 18:11:33 106928 ----a-w- c:\windows\system32\GEARAspi.dll
2011-03-29 18:11:23 -------- d-----w- c:\windows\system32\drivers\n360\0500010.004
2011-03-29 18:11:23 -------- d-----w- c:\windows\system32\drivers\N360
2011-03-29 18:11:21 -------- d-----w- c:\program files\Norton 360 Premier Edition
2011-03-29 18:10:07 -------- d-----w- c:\program files\NortonInstaller
2011-03-29 18:10:07 -------- d-----w- c:\progra~2\NortonInstaller
2011-03-29 17:54:29 -------- d-----w- c:\progra~2\Norton
2011-03-29 17:51:32 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-03-29 17:29:31 -------- d-----w- c:\program files\Windows Portable Devices
2011-03-29 17:27:12 92672 ----a-w- c:\windows\system32\UIAnimation.dll
2011-03-29 17:27:11 3023360 ----a-w- c:\windows\system32\UIRibbon.dll
2011-03-29 17:27:11 1164800 ----a-w- c:\windows\system32\UIRibbonRes.dll
2011-03-29 17:26:30 369664 ----a-w- c:\windows\system32\WMPhoto.dll
2011-03-29 17:26:29 974848 ----a-w- c:\windows\system32\WindowsCodecs.dll
2011-03-29 17:26:29 321024 ----a-w- c:\windows\system32\PhotoMetadataHandler.dll
2011-03-29 17:26:29 195584 ----a-w- c:\windows\system32\dxdiagn.dll
2011-03-29 17:26:29 189440 ----a-w- c:\windows\system32\WindowsCodecsExt.dll
2011-03-29 17:26:28 519680 ----a-w- c:\windows\system32\d3d11.dll
2011-03-29 17:26:28 252928 ----a-w- c:\windows\system32\dxdiag.exe
2011-03-29 17:24:49 4096 ----a-w- c:\windows\system32\oleaccrc.dll
2011-03-29 17:24:48 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll
2011-03-29 17:24:48 234496 ----a-w- c:\windows\system32\oleacc.dll
2011-03-29 16:50:54 -------- d-----w- c:\windows\system32\eu-ES
2011-03-29 16:50:54 -------- d-----w- c:\windows\system32\ca-ES
2011-03-29 16:50:53 -------- d-----w- c:\windows\system32\vi-VN
2011-03-29 16:27:55 -------- d-----w- c:\windows\system32\EventProviders
2011-03-29 16:18:37 18904 ----a-w- c:\windows\system32\StructuredQuerySchemaTrivial.bin
2011-03-29 15:53:04 12240896 ----a-w- c:\windows\system32\NlsLexicons0007.dll
2011-03-29 15:51:59 3217408 ----a-w- c:\windows\system32\WinSAT.exe
2011-03-29 15:50:59 389632 ----a-w- c:\windows\system32\sysmon.ocx
2011-03-29 15:49:47 83968 ----a-w- c:\windows\system32\wbem\wmiutils.dll
2011-03-29 15:49:47 744448 ----a-w- c:\windows\system32\wbem\wbemcore.dll
2011-03-29 15:49:47 30208 ----a-w- c:\windows\system32\wbem\wbemprox.dll
2011-03-29 15:49:47 265728 ----a-w- c:\windows\system32\wbem\esscli.dll
2011-03-29 15:49:47 189440 ----a-w- c:\windows\system32\wbem\mofd.dll
2011-03-29 15:49:46 614912 ----a-w- c:\windows\system32\wbem\fastprox.dll
2011-03-29 15:49:46 265728 ----a-w- c:\windows\system32\wbem\repdrvfs.dll
2011-03-29 15:49:44 705536 ----a-w- c:\windows\system32\SmiEngine.dll
2011-03-29 15:49:42 218624 ----a-w- c:\windows\system32\wdscore.dll
2011-03-29 15:49:42 130560 ----a-w- c:\windows\system32\PkgMgr.exe
2011-03-29 15:49:39 247808 ----a-w- c:\windows\system32\drvstore.dll
2011-03-29 15:45:59 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2011-03-29 15:45:59 109056 ----a-w- c:\windows\system32\iesysprep.dll
2011-03-29 15:45:58 743424 ----a-w- c:\program files\internet explorer\iedvtool.dll
2011-03-29 15:45:56 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-03-29 15:45:52 638232 ----a-w- c:\program files\internet explorer\iexplore.exe
2011-03-29 15:45:05 7680 ----a-w- c:\program files\internet explorer\iecompat.dll
2011-03-29 15:39:35 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2011-03-29 15:39:35 49472 ----a-w- c:\windows\system32\netfxperf.dll
2011-03-29 15:39:35 297808 ----a-w- c:\windows\system32\mscoree.dll
2011-03-29 15:39:35 295264 ----a-w- c:\windows\system32\PresentationHost.exe
2011-03-29 15:39:34 1130824 ----a-w- c:\windows\system32\dfshim.dll
2011-03-29 15:25:33 708608 ----a-w- c:\program files\common files\system\ado\msado15.dll
2011-03-29 15:24:50 3602320 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-03-29 15:24:49 3550096 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-03-29 15:24:49 1205080 ----a-w- c:\windows\system32\ntdll.dll
2011-03-29 15:24:29 1616384 ----a-w- c:\program files\windows mail\msoe.dll
2011-03-29 15:24:28 81920 ----a-w- c:\windows\system32\iccvid.dll
2011-03-29 15:24:26 2039808 ----a-w- c:\windows\system32\win32k.sys
2011-03-29 15:23:52 274944 ----a-w- c:\windows\system32\schannel.dll
2011-03-29 15:17:31 1248768 ----a-w- c:\windows\system32\msxml3.dll
2011-03-29 15:17:26 81920 ----a-w- c:\windows\system32\consent.exe
2011-03-29 15:15:41 2048 ----a-w- c:\windows\system32\tzres.dll
2011-03-29 15:15:32 72704 ----a-w- c:\windows\system32\fontsub.dll
2011-03-29 15:15:32 34304 ----a-w- c:\windows\system32\atmlib.dll
2011-03-29 15:15:32 292352 ----a-w- c:\windows\system32\atmfd.dll
2011-03-29 15:14:22 739328 ----a-w- c:\windows\system32\inetcomm.dll
2011-03-29 15:14:20 531968 ----a-w- c:\windows\system32\comctl32.dll
2011-03-29 15:14:16 905088 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-03-29 15:14:14 677888 ----a-w- c:\windows\system32\mstsc.exe
2011-03-29 15:14:14 63488 ----a-w- c:\windows\system32\tscupgrd.exe
2011-03-29 15:14:14 2067968 ----a-w- c:\windows\system32\mstscax.dll
2011-03-29 14:54:18 -------- d-----w- C:\PerfLogs
2011-03-29 14:25:25 2730536 ----a-w- c:\progra~2\microsoft\windows defender\definition updates\default\MpEngine.dll
2011-03-29 14:25:13 705536 ----a-w- c:\windows\system32\imagesp1.dll
2011-03-29 14:25:09 116736 ----a-w- c:\windows\system32\sstpsvc.dll
2011-03-29 14:25:03 1008184 ----a-w- c:\program files\windows defender\MSASCui.exe
2011-03-29 14:23:59 1548288 ----a-w- c:\windows\system32\WMVDECOD.DLL
2011-03-29 14:22:59 72704 ----a-w- c:\windows\system32\cmdl32.exe
2011-03-29 14:21:30 102400 ----a-w- c:\windows\system32\wbem\mofinstall.dll
2011-03-29 14:21:29 357888 ----a-w- c:\windows\system32\wbemcomn.dll
2011-03-29 14:21:23 129536 ----a-w- c:\windows\system32\sqmapi.dll
2011-03-29 14:21:22 139264 ----a-w- c:\windows\system32\SmiInstaller.dll
2011-03-29 14:21:00 35328 ----a-w- c:\windows\system32\mspatcha.dll
2011-03-29 14:21:00 305152 ----a-w- c:\windows\system32\msdelta.dll
2011-03-29 14:21:00 258560 ----a-w- c:\windows\system32\dpx.dll
2011-03-29 07:52:38 377344 ----a-w- c:\windows\system32\winhttp.dll
2011-03-29 07:50:57 6792528 ----a-w- c:\progra~2\microsoft\windows defender\definition updates\{50e5da72-a0c5-4909-ae44-f225ba580f5a}\mpengine.dll
2011-03-29 07:39:54 243712 ----a-w- c:\windows\system32\rastls.dll
2011-03-29 06:28:06 23552 ----a-w- c:\windows\system32\lpk.dll
2011-03-29 06:28:06 10240 ----a-w- c:\windows\system32\dciman32.dll
2011-03-29 06:22:28 61440 ----a-w- c:\windows\system32\winipsec.dll
2011-03-29 06:22:28 272896 ----a-w- c:\windows\system32\polstore.dll
2011-03-29 06:14:25 11264 ----a-w- c:\windows\system32\MRINFO.EXE
2011-03-29 06:14:24 9728 ----a-w- c:\windows\system32\TCPSVCS.EXE
2011-03-29 06:14:24 8704 ----a-w- c:\windows\system32\HOSTNAME.EXE
2011-03-29 06:14:24 27136 ----a-w- c:\windows\system32\NETSTAT.EXE
2011-03-29 06:14:24 19968 ----a-w- c:\windows\system32\ARP.EXE
2011-03-29 06:14:24 17920 ----a-w- c:\windows\system32\ROUTE.EXE
2011-03-29 06:14:24 105984 ----a-w- c:\windows\system32\netiohlp.dll
2011-03-29 06:14:24 10240 ----a-w- c:\windows\system32\finger.exe
2011-03-29 06:09:27 127488 ----a-w- c:\windows\system32\L2SecHC.dll
2011-03-29 06:09:26 68096 ----a-w- c:\windows\system32\wlanhlp.dll
2011-03-29 06:09:26 65024 ----a-w- c:\windows\system32\wlanapi.dll
2011-03-29 06:09:26 513536 ----a-w- c:\windows\system32\wlansvc.dll
2011-03-29 06:09:26 302592 ----a-w- c:\windows\system32\wlansec.dll
2011-03-29 06:09:26 293376 ----a-w- c:\windows\system32\wlanmsm.dll
2011-03-29 06:09:22 15181 ----a-w- c:\windows\system32\gatherWirelessInfo.vbs
2011-03-29 06:07:46 1401856 ----a-w- c:\windows\system32\msxml6.dll
2011-03-29 06:07:45 2048 ----a-w- c:\windows\system32\msxml3r.dll
2011-03-29 06:07:44 2048 ----a-w- c:\windows\system32\msxml6r.dll
2011-03-29 06:06:08 218624 ----a-w- c:\windows\system32\msv1_0.dll
2011-03-29 06:04:36 79360 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2011-03-29 06:04:36 212992 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-03-29 06:04:36 106496 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-03-29 06:01:45 53248 ----a-w- c:\windows\system32\rrinstaller.exe
2011-03-29 06:01:45 24576 ----a-w- c:\windows\system32\mfpmp.exe
2011-03-29 06:01:45 2048 ----a-w- c:\windows\system32\mferror.dll
2011-03-29 05:51:54 71680 ----a-w- c:\windows\system32\atl.dll
2011-03-29 05:41:59 160256 ----a-w- c:\windows\system32\wkssvc.dll
2011-03-29 05:40:29 53248 ----a-w- c:\windows\system32\tsgqec.dll
2011-03-29 05:40:29 136192 ----a-w- c:\windows\system32\aaclient.dll
2011-03-29 05:34:52 714240 ----a-w- c:\windows\system32\timedate.cpl
2011-03-29 05:29:12 23040 ----a-w- c:\program files\movie maker\WMM2EXT.dll
2011-03-29 05:29:11 195072 ----a-w- c:\program files\movie maker\WMM2AE.dll
2011-03-29 05:25:30 69632 ----a-w- c:\windows\system32\Mpeg2Data.ax
2011-03-29 05:20:06 623616 ----a-w- c:\windows\system32\localspl.dll
2011-03-29 05:13:58 8704 ----a-w- c:\windows\system32\hccoin.dll
2011-03-29 05:13:58 15872 ----a-w- c:\windows\system32\hcrstco.dll
2011-03-29 05:11:29 172032 ----a-w- c:\windows\system32\wintrust.dll
2011-03-29 05:09:58 499712 ----a-w- c:\windows\system32\kerberos.dll
2011-03-29 05:09:58 175104 ----a-w- c:\windows\system32\wdigest.dll
2011-03-29 05:09:57 9728 ----a-w- c:\windows\system32\lsass.exe
2011-03-29 05:09:57 72704 ----a-w- c:\windows\system32\secur32.dll
2011-03-29 05:09:57 439864 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2011-03-29 05:09:57 1259008 ----a-w- c:\windows\system32\lsasrv.dll
2011-03-29 05:06:00 1808896 ----a-w- c:\windows\system32\NlsLexicons0046.dll
2011-03-29 05:06:00 1793536 ----a-w- c:\windows\system32\NlsLexicons0045.dll
2011-03-29 05:01:21 6656 ----a-w- c:\windows\system32\kbd106n.dll
2011-03-29 04:57:55 62464 ----a-w- c:\windows\system32\l3codeca.acm
2011-03-29 04:57:55 220672 ----a-w- c:\windows\system32\l3codecp.acm
2011-03-29 04:55:31 30720 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2011-03-29 04:55:31 25088 ----a-w- c:\windows\system32\drivers\tunnel.sys
2011-03-29 04:55:31 200704 ----a-w- c:\windows\system32\iphlpsvc.dll
2011-03-29 04:55:30 15360 ----a-w- c:\windows\system32\drivers\TUNMP.SYS
2011-03-29 04:47:21 98304 ----a-w- c:\windows\system32\cabview.dll
2011-03-29 04:44:23 37888 ----a-w- c:\windows\system32\printcom.dll
2011-03-29 04:41:26 14848 ----a-w- c:\windows\system32\wshrm.dll
2011-03-29 04:39:56 43520 ----a-w- c:\windows\system32\msdxm.tlb
2011-03-29 04:39:56 313344 ----a-w- c:\windows\system32\wmpdxm.dll
2011-03-29 04:39:56 18432 ----a-w- c:\windows\system32\amcompat.tlb
2011-03-29 04:39:54 7680 ----a-w- c:\windows\system32\spwmp.dll
2011-03-29 04:39:53 4096 ----a-w- c:\windows\system32\msdxm.ocx
2011-03-29 04:39:53 4096 ----a-w- c:\windows\system32\dxmasf.dll
2011-03-29 04:39:53 107520 ----a-w- c:\program files\windows media player\wmpshare.exe
2011-03-29 04:39:52 107520 ----a-w- c:\program files\windows media player\wmpconfig.exe
2011-03-29 04:38:37 347136 ----a-w- c:\windows\system32\RMActivate_ssp.exe
2011-03-29 04:38:37 332288 ----a-w- c:\windows\system32\msdrm.dll
2011-03-29 04:38:37 152576 ----a-w- c:\windows\system32\secproc_ssp_isv.dll
2011-03-29 04:38:37 152064 ----a-w- c:\windows\system32\secproc_ssp.dll
2011-03-29 04:38:36 526336 ----a-w- c:\windows\system32\RMActivate_isv.exe
2011-03-29 04:38:36 518144 ----a-w- c:\windows\system32\RMActivate.exe
2011-03-29 04:38:36 471552 ----a-w- c:\windows\system32\secproc_isv.dll
2011-03-29 04:38:36 471552 ----a-w- c:\windows\system32\secproc.dll
2011-03-29 04:38:36 346624 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe
2011-03-29 04:32:16 -------- d-sh--w- c:\windows\Installer
2011-03-29 03:57:16 84480 ----a-w- c:\windows\system32\INETRES.dll
2011-03-29 03:56:56 60928 ----a-w- c:\windows\system32\msasn1.dll
2011-03-29 03:56:12 6792528 ----a-w- c:\progra~2\microsoft\windows defender\definition updates\backup\mpengine.dll
2011-03-29 03:56:06 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-03-29 03:55:52 784896 ----a-w- c:\windows\system32\rpcrt4.dll
2011-03-29 03:55:09 411648 ----a-w- c:\windows\system32\drivers\http.sys
2011-03-29 03:55:09 30720 ----a-w- c:\windows\system32\httpapi.dll
2011-03-29 03:55:09 24064 ----a-w- c:\windows\system32\nshhttp.dll
2011-03-29 03:53:28 355328 ----a-w- c:\windows\system32\WSDApi.dll
2011-03-29 03:51:58 91136 ----a-w- c:\windows\system32\avifil32.dll
2011-03-29 03:51:58 82944 ----a-w- c:\windows\system32\mciavi32.dll
2011-03-29 03:51:58 65024 ----a-w- c:\windows\system32\avicap32.dll
2011-03-29 03:51:58 31744 ----a-w- c:\windows\system32\msvidc32.dll
2011-03-29 03:51:58 13312 ----a-w- c:\windows\system32\msrle32.dll
2011-03-29 03:51:58 123904 ----a-w- c:\windows\system32\msvfw32.dll
2011-03-29 03:51:57 50176 ----a-w- c:\windows\system32\iyuv_32.dll
2011-03-29 03:51:57 22528 ----a-w- c:\windows\system32\msyuv.dll
2011-03-29 03:51:57 1314816 ----a-w- c:\windows\system32\quartz.dll
2011-03-29 03:51:57 12288 ----a-w- c:\windows\system32\tsbyuv.dll
2011-03-29 03:51:23 604672 ----a-w- c:\windows\system32\WMSPDMOD.DLL
2011-03-29 03:50:50 310784 ----a-w- c:\windows\system32\unregmp2.exe
2011-03-29 03:50:50 1418752 ----a-w- c:\program files\windows media player\setup_wm.exe
2011-03-29 02:39:14 2421760 ----a-w- c:\windows\system32\wucltux.dll
2011-03-29 02:38:46 87552 ----a-w- c:\windows\system32\wudriver.dll
2011-03-29 02:38:26 33792 ----a-w- c:\windows\system32\wuapp.exe
2011-03-29 02:38:26 171608 ----a-w- c:\windows\system32\wuwebv.dll
2011-03-28 19:42:08 -------- d-----w- c:\windows\Panther
2011-03-28 19:41:51 -------- d-sh--w- C:\Boot
.
==================== Find3M ====================
.
2011-03-29 23:48:53 319456 ----a-w- c:\windows\DIFxAPI.dll
2011-03-29 14:42:25 101888 ----a-w- c:\windows\system32\ifxcardm.dll
2011-03-29 14:42:16 82432 ----a-w- c:\windows\system32\axaltocm.dll
2011-03-29 03:58:35 2560 ----a-w- c:\windows\apppatch\AcRes.dll
2011-02-22 22:52:00 1730112 ----a-w- c:\windows\system32\FMAPO.dll
2011-02-22 20:20:20 820224 ----a-w- c:\windows\system32\RCoRes.dat
2011-02-22 18:16:26 2145896 ----a-w- c:\windows\system32\RtkPgExt.dll
2011-02-22 14:13:01 288768 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-02-22 13:33:12 1068544 ----a-w- c:\windows\system32\DWrite.dll
2011-02-22 13:33:09 797696 ----a-w- c:\windows\system32\FntCache.dll
2011-02-18 17:49:40 3805288 ----a-w- c:\windows\system32\RtkAPO.dll
2011-02-17 21:03:54 485992 ----a-w- c:\windows\system32\RtkApoApi.dll
2011-02-16 20:11:28 69224 ----a-w- c:\windows\system32\RtkCoInst.dll
2011-02-09 22:56:00 1284712 ----a-w- c:\windows\RtlExUpd.dll
2011-01-20 16:08:16 478720 ----a-w- c:\windows\system32\dxgi.dll
2011-01-20 16:08:06 219648 ----a-w- c:\windows\system32\d3d10_1core.dll
2011-01-20 16:08:06 189952 ----a-w- c:\windows\system32\d3d10core.dll
2011-01-20 16:08:06 160768 ----a-w- c:\windows\system32\d3d10_1.dll
2011-01-20 16:08:06 1029120 ----a-w- c:\windows\system32\d3d10.dll
2011-01-20 16:07:58 37376 ----a-w- c:\windows\system32\cdd.dll
2011-01-20 16:07:42 258048 ----a-w- c:\windows\system32\winspool.drv
2011-01-20 16:07:16 586240 ----a-w- c:\windows\system32\stobject.dll
2011-01-20 16:06:38 2873344 ----a-w- c:\windows\system32\mf.dll
2011-01-20 16:06:35 26112 ----a-w- c:\windows\system32\printfilterpipelineprxy.dll
2011-01-20 16:04:54 98816 ----a-w- c:\windows\system32\mfps.dll
2011-01-20 16:04:54 209920 ----a-w- c:\windows\system32\mfplat.dll
2011-01-20 14:28:38 1554432 ----a-w- c:\windows\system32\xpsservices.dll
2011-01-20 14:27:50 876032 ----a-w- c:\windows\system32\XpsPrint.dll
2011-01-20 14:26:30 667648 ----a-w- c:\windows\system32\printfilterpipelinesvc.exe
2011-01-20 14:25:25 847360 ----a-w- c:\windows\system32\OpcServices.dll
2011-01-20 14:24:26 135680 ----a-w- c:\windows\system32\XpsRasterService.dll
2011-01-20 14:15:10 979456 ----a-w- c:\windows\system32\MFH264Dec.dll
2011-01-20 14:14:39 357376 ----a-w- c:\windows\system32\MFHEAACdec.dll
2011-01-20 14:14:03 302592 ----a-w- c:\windows\system32\mfmp4src.dll
2011-01-20 14:14:03 261632 ----a-w- c:\windows\system32\mfreadwrite.dll
2011-01-20 14:12:46 1172480 ----a-w- c:\windows\system32\d3d10warp.dll
2011-01-20 14:11:34 486400 ----a-w- c:\windows\system32\d3d10level9.dll
2011-01-20 13:47:51 683008 ----a-w- c:\windows\system32\d2d1.dll
.
============= FINISH: 19:32:37.47 ===============

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_11-03-05.01)
.
Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 3/28/2011 12:46:24 PM
System Uptime: 3/31/2011 3:16:48 AM (16 hours ago)
.
Motherboard: Acer | | Grapevine
Processor: Genuine Intel(R) CPU T2060 @ 1.60GHz | U1 | 1333/133mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 112 GiB total, 80.901 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP34: 3/30/2011 5:19:26 PM - Scheduled Checkpoint
RP35: 3/30/2011 5:45:10 PM - Installed Hex Workshop v6
RP36: 3/31/2011 1:11:27 PM - Scheduled Checkpoint
.
==== Installed Programs ======================
.
Acer OrbiCam
Adobe Flash Player 10 ActiveX
Adobe Reader X (10.0.1)
DVDFab 8.0.8.5 (19/03/2011)
Google Earth Plug-in
Google Update Helper
Hex Workshop v6
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Intel(R) Graphics Media Accelerator Driver
Java Auto Updater
Java(TM) 6 Update 24
Launch Manager
Magic ISO Maker v5.5 (build 0281)
Magical Jelly Bean KeyFinder
Malwarebytes' Anti-Malware
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Norton 360 Premier Edition
Realtek High Definition Audio Driver
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
WinRAR 4.00 (32-bit)
WinZip 15.0
.
==== Event Viewer Messages From Past Week ========
.
3/31/2011 6:04:30 PM, Error: Server [2505] - The server could not bind to the transport \Device\NetBT_Tcpip_{1AF3ADB9-CB07-44C8-A45C-E8FEFB4FB166} because another computer on the network has the same name. The server could not start.
3/31/2011 6:04:30 PM, Error: netbt [4321] - The name "ROBERT-PC :20" could not be registered on the interface with IP address 192.168.2.2. The computer with the IP address 192.168.2.3 did not allow the name to be claimed by this computer.
3/31/2011 6:04:30 PM, Error: netbt [4321] - The name "ROBERT-PC :0" could not be registered on the interface with IP address 192.168.2.2. The computer with the IP address 192.168.2.3 did not allow the name to be claimed by this computer.
3/30/2011 8:07:33 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {8BC3F05E-D86B-11D0-A075-00C04FB68820} to the user Robert-PC\Robert SID (S-1-5-21-3652202756-920738370-1823081302-1000) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
.
==== End Of File ===========================
mrlucky
Regular Member
 
Posts: 16
Joined: January 13th, 2011, 1:34 am
Advertisement
Register to Remove

Re: Suspect Malware or Rootkit... Pls Help...

Unread postby Cypher » April 4th, 2011, 7:54 am

Hi and welcome to Malware Removal Forum.
My name is Cypher, and I will be helping you with your malware problems.
This may or may not, solve other issues you have with your machine.
If you no longer require help i would be grateful if you would let me know.

Before we start please note the following important guidelines.
  • The instructions being given are for YOUR computer and system only!.
    Using these instructions on a different computer, can damage that computer and possibly make it inoperable!
  • If you don't know or understand something, please don't hesitate to ask.
  • Only post your problem at One help site. Applying fixes from multiple help sites can cause problems.
  • Only reply to this thread do not start another, Please continue responding until I give you the "All Clean"
    Absence of symptoms does not mean that everything is clear.
  • Please DO NOT run any other tools or scans whilst I am helping you.
  • Please DO NOT install any other software (or hardware) during the cleaning process.
  • Print each set of instructions... if possible...your Internet connection will not be available during some fix processes.
  • Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
  • Note: No Reply Within 3 Days Will Result In Your Topic Being Closed!

Note: If you haven't done so already, please read this topic ALL USERS OF THIS FORUM MUST READ THIS FIRST where the conditions for receiving help here are explained.
Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start.
Backup your data - XP
Backup your data - Vista
Backup your data - windows 7

Suspect Malware or Rootkit..

Can you tell me what poblems you are having with your computer?

Vista Advice:
  • All applications I ask to be used will require to be run in Administrator mode. IE: Right click on and select Run as Administrator.
  • Your Operating System in use comes with a inbuilt utility called User Access Control(UAC).
  • When prompted by this with anything I ask you to do carry out please select the option Allow.


Please download GMER Rootkit Scanner from Here.
  • Right click the .exe file and chose Run as Administrator. If asked to allow gmer.sys driver to load, please consent.
  • If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO
  • In the right panel, you will see several boxes that have been checked. Uncheck the following ...
    • IAT/EAT
    • Drives/Partition other than Systemdrive (typically C:\)
    • Show All << (don't miss this one)
    See image below, Click the image to enlarge it
    Image
  • Then click the Scan button & wait for it to finish
  • Once done click on the [Save..] button, and in the File name area, type in "Gmer.txt" or it will save as a .log file
  • Save it where you can easily find it, such as your desktop, and post it in your next reply
**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries

Note: Do not run any programs while Gmer is running.


Logs/Information to Post in your Next Reply

  • What problems are you having?
  • Gmer.txt
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 15148
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: Suspect Malware or Rootkit... Pls Help...

Unread postby Cypher » April 7th, 2011, 10:50 am

Due to a lack of response, this topic is now closed.

If you still require help, please open a new thread in the Infected? Virus, malware, adware, ransomware, oh my! forum, include a fresh FRST log, and wait for a new helper.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 15148
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 305 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware