Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

HELP! Cannot find outgoing threat in my computer.

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

HELP! Cannot find outgoing threat in my computer.

Unread postby dreamhouse » June 26th, 2011, 9:46 am

Hi there, :cheese:

I got an "attack site" banner from firefox for my site some days ago. My site has been attacked constantly in my shared server 1and1 and despite me cleaning the scripts from some files in the server, strong passwording all my accounts (sftp primarily and including email ones) and spending all day yesterday hunting the cause (online antivirus scanners, running full scans from Malwarebytes, Microsoft Security Essentials and System Protect from Advanced System Optimizer), I keep getting the following message from Malwarebytes: Successfully blocked access to a potentially malicious website: 93.125.99.4 (it´s a russian IP and it varies a bit, of course) type: outgoing, port: 49690 (this also varies) and process: iexplore.exe or firefox.exe (depending on what browser I use). This happens everytime I try to access my site http://www.saudefrugal.com. I also decided to run Combofix as a last alternative, and althogh it cleaned my computer even more the popups from Malwarebytes are still popping and my site, although apparently clean, gets "attack site" banners in firefox. I report to stopbadware after cleaning, it gets liberated and after some hours it gets the banner sign again, so it is really worriesome. I also get some popups from Malwarebytes of outgoing blocked access from skype.exe. I run Windows 7 Ultimate x64.

Please, DO help me find the problem inside my computer, PLEASE!!!!! I thank you in advance!

.
DDS (Ver_2011-06-23.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by Clarita Maia at 10:35:07 on 2011-06-26
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.55.1033.18.4096.1581 [GMT -3:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\svchost.exe -k apphost
C:\Program Files (x86)\Advanced System Optimizer 3\ASO3DefragSrv64.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Raxco\PerfectDisk10\PDAgent.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k iissvcs
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files (x86)\network-indicator\NetworkIndicator.exe
C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files\Raxco\PerfectDisk10\PDAgentS1.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\DllHost.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
C:\Program Files (x86)\Advanced System Optimizer 3\ASO3.exe
C:\Program Files (x86)\Advanced System Optimizer 3\SystemCleaner.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\Internet Download Manager\IDMan.exe
C:\Program Files (x86)\Internet Download Manager\IEMonitor.exe
C:\Program Files (x86)\Advanced System Optimizer 3\SystemProtector.exe
C:\Program Files (x86)\Windows Live\Mail\wlmail.exe
C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
C:\Program Files (x86)\Advanced System Optimizer 3\PrivacyProtector.exe
C:\Program Files (x86)\Advanced System Optimizer 3\RegClean.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
uInternet Settings,ProxyOverride = local
BHO: IDM integration (IDMIEHlprObj Class): {0055c089-8582-441b-a0bf-17b458c2a3a8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: RoboForm: {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
BHO: Auxiliar de Conexão do Windows Live ID: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL
BHO: GbIehObj Class: {c41a1c0e-ea6c-11d4-b1b8-444553540000} - C:\PROGRAM FILES (X86)\GBPLUGIN\gbieh.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: &RoboForm: {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
uRun: [network indicator] C:\Program Files (x86)\network-indicator\NetworkIndicator.exe
uRun: [RoboForm] "C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
StartupFolder: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop (2).ini
StartupFolder: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop (2).ini
uPolicies-explorer: NoThumbnailCache = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: + Offline &Explorer: Download the link - file://C:\Program Files (x86)\Offline Explorer Enterprise\Add_UrlO.htm
IE: + Offline E&xplorer: Download the current page - file://C:\Program Files (x86)\Offline Explorer Enterprise\Add_AllO.htm
IE: Add to Google Photos Screensa&ver - C:\Windows\system32\GPhotos.scr/200
IE: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Barra de Ferramentas do RF - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
IE: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Download all links with IDM - C:\Program Files (x86)\Internet Download Manager\IEGetAll.htm
IE: Download FLV video content with IDM - C:\Program Files (x86)\Internet Download Manager\IEGetVL.htm
IE: Download with IDM - C:\Program Files (x86)\Internet Download Manager\IEExt.htm
IE: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~3\Office14\EXCEL.EXE/3000
IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html
IE: Personalizar Menu - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
IE: Preencher - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html
IE: Salvar Formulários - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html
IE: Se&nd to OneNote - C:\PROGRA~1\MICROS~3\Office14\ONBttnIE.dll/105
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html
IE: {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Trusted Zone: bancobrasil.com.br\www
Trusted Zone: bancobrasil.com.br\www14
Trusted Zone: bancobrasil.com.br\www2
Trusted Zone: bb.com.br\www
DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/player/DivXBrowserPlugin.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/s ... wflash.cab
TCP: DhcpNameServer = 8.8.8.8 8.8.4.4
TCP: Interfaces\{5865561F-6189-47D3-BA2F-282A9BD863CE} : DhcpNameServer = 8.8.8.8 8.8.4.4
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SEH: GbPluginObj Class: {e37cb5f0-51f5-4395-a808-5fa49e399f83} - C:\PROGRAM FILES (X86)\GBPLUGIN\gbieh.dll
{0055C089-8582-441B-A0BF-17B458C2A3A8}
{18DF081C-E8AD-4283-A596-FA578C2EBDC3}
{9030D464-4C02-4ABF-8ECC-5164760863C6}
{AA58ED58-01DD-4d91-8333-CF10577473F7}
{AE7CD045-E861-484f-8273-0445EE161910}
{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
{B4F3A835-0E21-4959-BA22-42B3008E02FF}
{C41A1C0E-EA6C-11D4-B1B8-444553540000}
{DBC80044-A445-435b-BC74-9C25C1C588A9}
{F4971EE7-DAA0-4053-9964-665D8EE6A077}
{47833539-D0C5-4125-9FA8-0819E2EAAC93}
{724d43a0-0d85-11d4-9908-00400523e39a}
{2318C2B1-4965-11d4-9B18-009027A5CD4F}
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
IE-X64: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html
IE-X64: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html
IE-X64: {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
SEH-X64: {E37CB5F0-51F5-4395-A808-5FA49E399F83}: GbPlugin ShlObj
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Clarita Maia\AppData\Roaming\Mozilla\Firefox\Profiles\j6dvnkqw.default\
FF - prefs.js: browser.search.selectedEngine - IMDB
FF - prefs.js: browser.startup.homepage - about:blank
FF - prefs.js: network.proxy.http - localhost
FF - prefs.js: network.proxy.http_port - 9666
FF - prefs.js: network.proxy.socks - localhost
FF - prefs.js: network.proxy.socks_port - 9050
FF - prefs.js: network.proxy.ssl - localhost
FF - prefs.js: network.proxy.ssl_port - 9666
FF - prefs.js: network.proxy.type - 0
FF - plugin: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.57\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Clarita Maia\AppData\Roaming\Mozilla\Firefox\Profiles\j6dvnkqw.default\extensions\{4D144BC3-23FB-47de-90C5-63CCB0139CCF}\plugins\npww.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
============= SERVICES / DRIVERS ===============
.
R0 hotcore3;hc3ServiceName;C:\Windows\system32\DRIVERS\hotcore3.sys --> C:\Windows\system32\DRIVERS\hotcore3.sys [?]
R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
R1 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-6-6 64952]
R2 ASO3DiskOptimizer;ASO3DiskOptimizer;C:\Program Files (x86)\Advanced System Optimizer 3\ASO3DefragSrv64.exe [2011-3-5 263480]
R2 IDMWFP;IDMWFP;C:\Windows\system32\DRIVERS\idmwfp.sys --> C:\Windows\system32\DRIVERS\idmwfp.sys [?]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-6-25 366640]
R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-5-22 2218600]
R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
R3 MpNWMon;Microsoft Malware Protection Network Driver;C:\Windows\system32\DRIVERS\MpNWMon.sys --> C:\Windows\system32\DRIVERS\MpNWMon.sys [?]
R3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [2010-11-11 282616]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-2-1 135664]
S3 gupdatem;Serviço do Google Update (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-2-1 135664]
S3 MEMSWEEP2;MEMSWEEP2;\??\C:\Windows\system32\A28E.tmp --> C:\Windows\system32\A28E.tmp [?]
S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-1-9 174440]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\system32\drivers\rdpvideominiport.sys --> C:\Windows\system32\drivers\rdpvideominiport.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
.
=============== Created Last 30 ================
.
2011-06-26 12:18:38 -------- d-----w- C:\Users\Clarita Maia\AppData\Local\{4958ABF6-A8D0-4ED6-BDCF-C3C29B27AE78}
2011-06-26 01:50:10 8873296 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{2A3C8C81-DB3C-4EB1-BDE0-97C64964CFEC}\mpengine.dll
2011-06-25 23:54:44 -------- d-----w- C:\Users\Clarita Maia\AppData\Local\{9CFC643E-CB4C-48F6-B421-5B94808487D9}
2011-06-25 22:44:02 -------- d-sh--w- C:\$RECYCLE.BIN
2011-06-25 21:49:33 118784 ----a-w- C:\Windows\SysWow64\MSSTDFMT.DLL
2011-06-25 21:49:18 -------- d-----w- C:\Program Files (x86)\SpywareBlaster
2011-06-25 17:19:38 -------- d-----w- C:\Program Files\Unlocker
2011-06-25 14:59:17 -------- d-----w- C:\Program Files (x86)\ESET
2011-06-25 11:54:19 -------- d-----w- C:\Users\Clarita Maia\AppData\Local\{8674AC19-AB7C-4885-B3AD-2C3D73426736}
2011-06-25 11:47:55 -------- d-----w- C:\Users\Clarita Maia\AppData\Roaming\Malwarebytes
2011-06-25 11:46:34 39984 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
2011-06-25 11:46:33 -------- d-----w- C:\ProgramData\Malwarebytes
2011-06-25 11:46:29 25912 ----a-w- C:\Windows\System32\drivers\mbam.sys
2011-06-25 11:46:29 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2011-06-24 16:41:35 -------- d-----w- C:\Users\Clarita Maia\AppData\Local\{8E0286DF-986E-4651-9766-B3C3C782FC68}
2011-06-24 01:37:29 -------- d-----w- C:\Users\Clarita Maia\AppData\Roaming\TortoiseSVN
2011-06-24 01:16:37 -------- d-----w- C:\Program Files\TortoiseSVN
2011-06-24 01:16:37 -------- d-----w- C:\Program Files\Common Files\TortoiseOverlays
2011-06-23 16:22:44 -------- d-----w- C:\Users\Clarita Maia\AppData\Local\{8AB4CE45-6C1F-4633-BC24-D0DF08F22060}
2011-06-23 02:44:57 -------- d-----w- C:\Users\Clarita Maia\AppData\Local\{16DE3943-53A0-4BF0-B8E8-68CE2F1A44EE}
2011-06-15 23:16:15 1923968 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2011-06-15 23:16:14 499200 ----a-w- C:\Windows\System32\drivers\afd.sys
2011-06-15 23:16:08 289280 ----a-w- C:\Windows\System32\drivers\mrxsmb10.sys
2011-06-15 23:16:08 158208 ----a-w- C:\Windows\System32\drivers\mrxsmb.sys
2011-06-15 23:16:08 128000 ----a-w- C:\Windows\System32\drivers\mrxsmb20.sys
2011-06-15 23:11:25 3135488 ----a-w- C:\Windows\System32\win32k.sys
2011-06-15 23:11:23 197120 ----a-w- C:\Windows\System32\d3d10_1.dll
2011-06-15 23:11:23 161792 ----a-w- C:\Windows\SysWow64\d3d10_1.dll
2011-06-15 23:11:22 467456 ----a-w- C:\Windows\System32\drivers\srv.sys
2011-06-15 23:11:22 410112 ----a-w- C:\Windows\System32\drivers\srv2.sys
2011-06-15 23:11:22 168448 ----a-w- C:\Windows\System32\drivers\srvnet.sys
2011-06-15 23:06:22 861696 ----a-w- C:\Windows\System32\oleaut32.dll
2011-06-15 23:06:22 571904 ----a-w- C:\Windows\SysWow64\oleaut32.dll
2011-06-15 23:06:21 976896 ----a-w- C:\Windows\System32\inetcomm.dll
2011-06-15 23:06:21 741376 ----a-w- C:\Windows\SysWow64\inetcomm.dll
2011-06-15 20:51:54 -------- d-----w- C:\Users\Clarita Maia\AppData\Local\{5319DC61-6ABF-42D0-9D1E-C24F97B6BA49}
2011-06-15 20:50:57 -------- d-----w- C:\Users\Clarita Maia\AppData\Local\{3001CB78-0D6B-4EF4-B645-FD03DD9B0AFB}
2011-06-15 20:41:30 -------- d-----w- C:\Users\Clarita Maia\AppData\Local\{6B8D89D8-C8F9-41C2-905A-66588FA12B54}
2011-06-15 20:40:46 -------- d-----w- C:\Users\Clarita Maia\AppData\Local\{7D2D9CD0-0EFD-4D47-934A-576A5F077A20}
2011-06-15 20:39:44 -------- d-----w- C:\Users\Clarita Maia\AppData\Local\{1C817F30-7EB6-47E2-AAE0-3068FDE3340B}
2011-06-15 20:31:49 -------- d-----w- C:\Users\Clarita Maia\AppData\Local\{8C8F85C5-9873-48E9-832E-4C34A3FC760D}
2011-06-15 20:30:34 -------- d-----w- C:\Users\Clarita Maia\AppData\Local\{1D89F89E-7441-41A4-B6ED-5C9C2AACC6C3}
2011-06-15 20:29:44 -------- d-----w- C:\Users\Clarita Maia\AppData\Local\{53137FC6-4FA8-4EA7-9D03-0C01F2874FFA}
2011-06-08 10:29:24 -------- d-----w- C:\Users\Clarita Maia\AppData\Local\{D1BD08C1-BC11-4E9B-9D13-A1C05F9FB325}
2011-06-07 11:37:25 -------- d-----w- C:\Users\Clarita Maia\AppData\Local\{6B039C87-8110-459D-BB3F-934064577CB8}
2011-06-06 23:37:01 -------- d-----w- C:\Users\Clarita Maia\AppData\Local\{E6DF70DA-5348-468C-A067-07ECA822F3E0}
2011-06-06 15:55:30 183696 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\nppdf32.dll
2011-06-06 11:36:36 -------- d-----w- C:\Users\Clarita Maia\AppData\Local\{6D8CBCC8-6849-4C97-9F30-CDA0FBCF832B}
2011-06-05 22:54:36 -------- d-----w- C:\Users\Clarita Maia\AppData\Local\{3E44E35D-346E-40D3-9421-A5757CA9289B}
2011-06-05 10:54:12 -------- d-----w- C:\Users\Clarita Maia\AppData\Local\{03AC6780-F594-4C44-8BB8-3BAAC75E3BA4}
2011-06-05 01:09:41 -------- d-----w- C:\Users\Clarita Maia\recovered
2011-06-04 22:40:26 -------- d-----w- C:\Users\Clarita Maia\AppData\Local\{5748731C-7A18-4E9C-8C20-BD05626D9869}
2011-06-04 10:40:02 -------- d-----w- C:\Users\Clarita Maia\AppData\Local\{D8472D72-2400-4739-B8E0-112B14A0DAD4}
2011-06-03 22:26:49 -------- d-----w- C:\Users\Clarita Maia\AppData\Local\{2E11BF66-C253-489C-AC65-B893D2BAF295}
2011-06-03 10:26:24 -------- d-----w- C:\Users\Clarita Maia\AppData\Local\{4FF16397-9B1A-4232-93E8-20B5FA1897D0}
2011-06-02 12:09:40 -------- d-----w- C:\Users\Clarita Maia\AppData\Local\{27E095FA-DB9F-4711-AC89-693B3F8BBB6F}
2011-06-01 22:54:01 -------- d-----w- C:\Users\Clarita Maia\AppData\Local\{EEFE75E2-BFF7-48DB-AC77-3F6BC1AAAAB3}
2011-06-01 10:53:35 -------- d-----w- C:\Users\Clarita Maia\AppData\Local\{26D584BF-7AA4-47C0-A4BF-7E213A6E048B}
2011-05-31 22:53:08 -------- d-----w- C:\Users\Clarita Maia\AppData\Local\{13F8E24F-1E7D-4838-A8F2-1E9FBF64586C}
2011-05-31 17:39:27 -------- d-----w- C:\ProcAlyzer Dumps
2011-05-31 17:24:07 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy 2
2011-05-31 15:01:39 521448 ----a-w- C:\Windows\System32\deployJava1.dll
2011-05-31 10:39:41 -------- d-----w- C:\Users\Clarita Maia\AppData\Local\{4CA711DB-2670-430F-B957-44043B17DCDD}
2011-05-30 14:08:59 -------- d-----w- C:\Users\Clarita Maia\AppData\Local\{61635730-BA97-4B01-A612-A5615C41079F}
2011-05-29 23:31:23 -------- d-----w- C:\Users\Clarita Maia\AppData\Local\{6E2BE3AD-7352-47F2-8DBF-8997EE86B409}
2011-05-29 01:06:23 -------- d-----w- C:\Users\Clarita Maia\AppData\Local\{1C6B9BE4-0BDB-45F6-AE50-C5F7A10D69A1}
2011-05-28 11:01:47 -------- d-----w- C:\Users\Clarita Maia\AppData\Local\{C5FDCAEF-FBF5-4DD7-9E18-D8AFA280FE4B}
2011-05-27 22:49:40 -------- d-----w- C:\Users\Clarita Maia\AppData\Local\{B321D025-DA65-4B2E-BC79-5A210FCC1D38}
.
==================== Find3M ====================
.
2011-06-23 16:22:10 404640 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2011-05-03 19:33:46 2854504 ----a-w- C:\Windows\System32\drivers\RTKVHD64.sys
2011-05-02 21:03:32 88680 ----a-w- C:\Windows\System32\RCoInst64.dll
2011-05-02 18:28:04 1004544 ----a-w- C:\Windows\System32\RCoRes64.dat
2011-04-23 01:29:25 2303488 ----a-w- C:\Windows\System32\jscript9.dll
2011-04-23 01:19:19 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2011-04-22 23:35:56 1797632 ----a-w- C:\Windows\SysWow64\jscript9.dll
2011-04-22 23:25:54 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2011-04-22 22:15:29 27520 ----a-w- C:\Windows\System32\drivers\Diskdump.sys
2011-04-20 17:34:30 3049064 ----a-w- C:\Windows\System32\RtkAPO64.dll
2011-04-20 17:34:30 2393192 ----a-w- C:\Windows\System32\RtPgEx64.dll
2011-04-18 21:50:00 2601816 ----a-w- C:\Windows\System32\WavesGUILib.dll
2011-04-18 21:50:00 2238296 ----a-w- C:\Windows\System32\MaxxAudioRealtek.dll
2011-04-15 19:00:36 53248 ----a-w- C:\Windows\SysWow64\CSVer.dll
2011-04-13 22:40:10 4284416 ----a-w- C:\Windows\SysWow64\GPhotos.scr
2011-04-09 07:02:55 5562240 ----a-w- C:\Windows\System32\ntoskrnl.exe
2011-04-09 06:58:56 142336 ----a-w- C:\Windows\System32\poqexec.exe
2011-04-09 06:02:25 3967872 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2011-04-09 06:02:25 3912576 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2011-04-09 05:56:38 123904 ----a-w- C:\Windows\SysWow64\poqexec.exe
2011-04-08 02:19:16 2582120 ----a-w- C:\Windows\System32\nvsvcr.dll
2011-04-08 02:19:16 117864 ----a-w- C:\Windows\System32\nvmctray.dll
2011-04-08 02:19:16 1012328 ----a-w- C:\Windows\System32\nvvsvc.exe
2011-04-08 02:19:14 797288 ----a-w- C:\Windows\System32\easyUpdatusAPIU64.dll
2011-04-08 02:19:06 6338152 ----a-w- C:\Windows\System32\nvcpl.dll
2011-04-08 02:18:42 3041384 ----a-w- C:\Windows\System32\nvsvc64.dll
2011-03-28 17:46:40 146568 ----a-w- C:\Windows\System32\drivers\idmwfp.sys
.
============= FINISH: 10:35:53,50 ===============

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-06-23.01)
.
Microsoft Windows 7 Ultimate
Boot Device: \Device\HarddiskVolume1
Install Date: 07/11/2009 11:11:55
System Uptime: 26/06/2011 08:46:25 (2 hours ago)
.
Motherboard: Gigabyte Technology Co., Ltd. | | 8I955X Pro
Processor: Intel(R) Pentium(R) D CPU 3.20GHz | Socket 775 | 3215/200mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 44 GiB total, 3,05 GiB free.
D: is FIXED (NTFS) - 59 GiB total, 8,991 GiB free.
E: is FIXED (NTFS) - 41 GiB total, 14,955 GiB free.
F: is FIXED (NTFS) - 89 GiB total, 10,097 GiB free.
G: is FIXED (NTFS) - 0 GiB total, 0,004 GiB free.
H: is FIXED (NTFS) - 67 GiB total, 14,875 GiB free.
I: is FIXED (NTFS) - 27 GiB total, 13,027 GiB free.
J: is FIXED (NTFS) - 27 GiB total, 24,855 GiB free.
K: is FIXED (NTFS) - 27 GiB total, 4,33 GiB free.
L: is CDROM ()
M: is CDROM ()
N: is FIXED (FAT32) - 931 GiB total, 164,204 GiB free.
.
==== Disabled Device Manager Items =============
.
Class GUID:
Description: Modem PCI
Device ID: PCI\VEN_10B9&DEV_5459&SUBSYS_545910A5&REV_00\4&BC67B8D&0&08F0
Manufacturer:
Name: Modem PCI
PNP Device ID: PCI\VEN_10B9&DEV_5459&SUBSYS_545910A5&REV_00\4&BC67B8D&0&08F0
Service:
.
==== System Restore Points ===================
.
RP1197: 25/06/2011 19:53:18 - ComboFix created restore point
RP1198: 25/06/2011 22:49:39 - Windows Update
.
==== Installed Programs ======================
.
4shared Desktop
Adobe Acrobat 9 Pro - English, Français, Deutsch
Adobe Anchor Service CS3
Adobe Asset Services CS3
Adobe Bridge CS3
Adobe Bridge Start Meeting
Adobe Camera Raw 4.0
Adobe CMaps CS4
Adobe Default Language CS4
Adobe Device Central CS3
Adobe Dreamweaver CS3
Adobe ExtendScript Toolkit 2
Adobe Extension Manager CS3
Adobe Fireworks CS3
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Help Viewer CS3
Adobe PDF Library Files CS4
Adobe Reader X (10.1.0) - Português
Adobe Setup
Adobe Type Support CS4
Adobe Update Manager CS3
Adobe Version Cue CS3 Client
Adobe XMP Panels CS3
Advanced System Optimizer
AI RoboForm (All Users)
All My Movies 5.7
CCleaner
CRON-O-METER 0.9.7
D3DX10
Data Lifeguard Diagnostic for Windows
DHTML Editing Component
Dicionário eletrônico Houaiss 3.0
Digital Voice Editor 3
Driver Genius Professional Edition
Efficient Sticky Notes 1.66
ESET Online Scanner v3
Express Burn
FileZilla Client 3.5.0
FormatFactory 2.20
Free Image Convert and Resize version 2.1.9.324
Golden Records Vinyl to CD Converter
Google Book Downloader
Google Toolbar for Internet Explorer
Google Update Helper
HashCheck Shell Extension (x86-32)
hott notes 4
Internet Download Manager
Junk Mail filter update
K-Lite Mega Codec Pack 5.4.4
LightBox Free Image Editor
m3uEdit1
MailStore Home 4.1.0.4598
Malwarebytes' Anti-Malware versão 1.51.0.1200
MediaCoder x64 0.7.3.4616
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Movie Subtitles Searcher 1.0
Mozilla Firefox 4.0.1 (x86 pt-BR)
MSVCRT
MSVCRT_amd64
Nero Lite 9.2.6.0 Build.2.2
Novo Dicionário Aurélio
NVIDIA 3D Vision Controller Driver
Pando
PC Camera (0022.2009.1125.1003)
Picasa 3
Pixillion Image Converter
Real Alternative 1.9.0
Realtek High Definition Audio Driver
SeaTools for Windows
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
SendBlaster 2
Skype Toolbars
Skype™ 5.3
SpywareBlaster 4.4
Subtitle Workshop 2.51
Switch Sound File Converter
Systweak PhotoStudio 2.1
Teleport Ultra (Trial Version)
The KMPlayer (remove only)
Total Video Converter 3.71 100812
Uninstall 1.0.0.1
VLC media player 1.1.8
VobSub v2.23 (Remove Only)
WavePad Sound Editor
Web Easy Professional
Web Easy Professional 8
Windows Live Communications Platform
Windows Live Essentials
Windows Live Galeria de Fotos
Windows Live Installer
Windows Live Mail
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Windows Media Player Firefox Plugin
WinZip 15.0
Xilisoft Video Converter Ultimate
XviD MPEG4 Video Codec (remove only)
XviD4PSP 5.0
Your Uninstaller! 2010
.
==== End Of File ===========================
dreamhouse
Active Member
 
Posts: 1
Joined: June 26th, 2011, 8:55 am
Advertisement
Register to Remove

Re: HELP! Cannot find outgoing threat in my computer.

Unread postby deltalima » June 28th, 2011, 10:13 am

You are already receiving help with this problem at another forum .....

HERE

May I draw your attention to THIS topic, which you should have read before posting for help, and THIS where we tell you why this is not a good idea.

This topic is now closed
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 49 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware