Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Post subject: New virus/trojan that I cannot find

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Post subject: New virus/trojan that I cannot find

Unread postby tmitch » August 30th, 2012, 7:12 pm

This virus changes my downloads name and content when trying to download accounting data from 3 different accounts. Paypal gives me a "winscr" that contains no usable data when trying to get a cvs file.

Bank accounts that support qif file result in file that are named qif, but for various dates are all exactly the same file and contain no usable data.

Avast (free) didn't alert me and couldn't find it. Even the boot scan.
Malwarebytes has been downloaded and can't find the virus anywhere.

Now I have downloaded and scanned with Kaspersky "virus removal tool" and no threats found.

I can download the correct files fine from my laptop. :cry:

I hope I posted this right this time!

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.5.1
Run by Ted at 13:08:34 on 2012-08-30
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2047.1308 [GMT -5:00]
.
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\System32\svchost.exe -k NetworkService
C:\WINDOWS\System32\svchost.exe -k LocalService
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\ThreatFire\TFService.exe
C:\Program Files\NeoSmart Technologies\ToolTipFixer\ToolTipFixer.exe
C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
C:\Program Files\Webroot\Washer\WasherSvc.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\Alwil Software\Avast5\avastUI.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
C:\Program Files\ThreatFire\TFTray.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Free Download Manager\fdm.exe
C:\Program Files\HDD Health\hddhealth.exe
C:\Program Files\Logitech\MouseWare\system\EM_EXEC.EXE
C:\Downloads\tclock\tclock.exe
C:\Program Files\AnalogX\MaxMem\maxmem.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Mozilla Thunderbird\thunderbird.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uWindow Title = Darth's Internet Explorer
uInternet Settings,ProxyServer = http=localhost:8118;https=localhost:8118
uInternet Settings,ProxyOverride = <local>
BHO: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - AcroIEHlprObj Class
BHO: {5ca3d70e-1895-11cf-8e15-001234567890} - DriveLetterAccess
BHO: RoboForm Toolbar Helper: {724d43a9-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\oracle\javafx 2.1 runtime\bin\ssv.dll
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\alwil software\avast5\aswWebRepIE.dll
BHO: FDMIECookiesBHO Class: {cc59e0f9-7e43-44fa-9faa-8377850bf205} - c:\program files\free download manager\iefdm2.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\oracle\javafx 2.1 runtime\bin\jp2ssv.dll
TB: Easy-WebPrint: {327c2873-e90d-4c37-aa9d-10ac9baba46c} - c:\program files\canon\easy-webprint\Toolband.dll
TB: &RoboForm Toolbar: {724d43a0-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\alwil software\avast5\aswWebRepIE.dll
EB: {ADA89D2B-04A5-4656-A56D-519E329137C4} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [Free Download Manager] c:\program files\free download manager\fdm.exe -autorun
uRun: [hddhealth] c:\program files\hdd health\hddhealth.exe -wl
mRun: [zBrowser Launcher] c:\program files\logitech\itouch\iTouch.exe
mRun: [FinePrint Dispatcher v4] c:\windows\system32\spool\drivers\w32x86\2\fpdisp4.exe
mRun: [Logitech Utility] Logi_MwX.Exe
mRun: [avast] "c:\program files\alwil software\avast5\avastUI.exe" /nogui
mRun: [SystemTray] SysTray.Exe
mRun: [C6501Sound] RunDll32 c6501.cpl,CMICtrlWnd
mRun: [CanonMyPrinter] c:\program files\canon\myprinter\BJMyPrt.exe /logon
mRun: [CanonSolutionMenu] c:\program files\canon\solutionmenu\CNSLMAIN.exe /logon
mRun: [ThreatFire] c:\program files\threatfire\TFTray.exe
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
dRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NVMCTRAY.DLL,NvTaskbarInit
StartupFolder: c:\docume~1\ted\startm~1\programs\startup\maxmem.lnk - c:\program files\analogx\maxmem\maxmem.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\em_exec.lnk - c:\program files\logitech\mouseware\system\EM_EXEC.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\tclock.lnk - c:\downloads\tclock\tclock.exe
uPolicies-explorer: NoLogOff = 01000000
uPolicies-explorer: HideClock = 0 (0x0)
IE: Customize Menu - file://c:\program files\siber systems\ai roboform\RoboFormComCustomizeIEMenu.html
IE: Download all with Free Download Manager - file://c:\program files\free download manager\dlall.htm
IE: Download selected with Free Download Manager - file://c:\program files\free download manager\dlselected.htm
IE: Download video with Free Download Manager - file://c:\program files\free download manager\dlfvideo.htm
IE: Download web site with Free Download Manager - file://c:\program files\free download manager\dlpage.htm
IE: Download with Free Download Manager - file://c:\program files\free download manager\dllink.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: Easy-WebPrint Add To Print List - c:\program files\canon\easy-webprint\Resource.dll/RC_AddToList.html
IE: Easy-WebPrint High Speed Print - c:\program files\canon\easy-webprint\Resource.dll/RC_HSPrint.html
IE: Easy-WebPrint Preview - c:\program files\canon\easy-webprint\Resource.dll/RC_Preview.html
IE: Easy-WebPrint Print - c:\program files\canon\easy-webprint\Resource.dll/RC_Print.html
IE: Fill Forms - file://c:\program files\siber systems\ai roboform\RoboFormComFillForms.html
IE: Save Forms - file://c:\program files\siber systems\ai roboform\RoboFormComSavePass.html
IE: Show RoboForm Toolbar - file://c:\program files\siber systems\ai roboform\RoboFormComShowToolbar.html
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\program files\microsoft activesync\INETREPL.DLL
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\program files\microsoft activesync\INETREPL.DLL
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - c:\program files\siber systems\ai roboform\roboform.dll
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - c:\program files\siber systems\ai roboform\roboform.dll
IE: {724d43aa-0d85-11d4-9908-00400523e39a} - {724d43aa-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\microsoft office\office11\REFIEBAR.DLL
IE: {A6B25D86-CB76-44C1-8E35-328EE8F4BEF0} - {ADA89D2B-04A5-4656-A56D-519E329137C4}
IE: {FD4E2FF8-973C-4A19-89BD-8E86B3CFCFE1} - {FD4E2FF8-973C-4A19-89BD-8E86B3CFCFE1} - c:\program files\free download manager\fum\fumiebtn.dll
Trusted Zone: easynews.com\members
Trusted Zone: easynews.com\zip.members
Trusted Zone: expedia.com\www
Trusted Zone: ibc.com\ibcbankonline
Trusted Zone: installogy.com\www
Trusted Zone: microsoft.com\support
Trusted Zone: microsoft.com\www
Trusted Zone: paypal.com\www
Trusted Zone: pcpitstop.com\www
Trusted Zone: weldingtipsandtricks.com\www
Trusted Zone: http://www.m
Trusted Zone: youtube.com\www
DPF: DirectAnimation Java Classes
DPF: Microsoft XML Parser for Java
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://v5.windowsupdate.microsoft.com/v ... 5443775947
DPF: {CA6F0A67-18BB-4E39-BB8A-A1E04D6AACDF} - hxxp://www.superadblocker.com/activex/sabminf.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/aut ... s-i586.cab
DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} - hxxp://utilities.pcpitstop.com/Optimize3/pcpitstop2.dll
TCP: DhcpNameServer = 192.168.2.1
TCP: Interfaces\{5D3D72CC-172E-451C-B547-CF33BF53688A} : DhcpNameServer = 69.27.130.50 69.27.130.51 66.210.168.2
TCP: Interfaces\{8E331F73-A08F-4C1C-A58A-C2903A73B4B9} : DhcpNameServer = 192.168.2.1
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Handler: mctp - {d7b95390-b1c5-11d0-b111-0080c712fe82} - c:\program files\microsoft activesync\AATP.DLL
WinCE Filter: image/bmp - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - c:\program files\microsoft activesync\CENETFLT.DLL
WinCE Filter: image/gif - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - c:\program files\microsoft activesync\CENETFLT.DLL
WinCE Filter: image/jpeg - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - c:\program files\microsoft activesync\CENETFLT.DLL
WinCE Filter: image/xbm - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - c:\program files\microsoft activesync\CENETFLT.DLL
WinCE Filter: text/asp - {6C5C3074-FFAB-11d1-8EC4-00C04F98D57A} - c:\program files\microsoft activesync\CENETFLT.DLL
WinCE Filter: text/html - {6C5C3074-FFAB-11d1-8EC4-00C04F98D57A} - c:\program files\microsoft activesync\CENETFLT.DLL
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: awtQhhhe - awtQhhhe.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
.
============= SERVICES / DRIVERS ===============
.
R0 m5289;m5289;c:\windows\system32\drivers\m5289.sys [2012-4-18 52480]
R0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [2012-4-18 51984]
R0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [2012-4-18 59664]
R0 uliagpkx;ULi AGP Bus Filter Driver;c:\windows\system32\drivers\AGPKX.SYS [2012-4-18 45056]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2012-4-9 729752]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2012-4-18 355632]
R1 mchInjDrv;madCodeHook DLL injection driver;c:\windows\system32\drivers\mchInjDrv.sys [2012-4-18 2560]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\SASDIFSV.SYS [2008-2-29 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2008-2-29 67664]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCORE.EXE [2010-8-21 116608]
R2 AdobeActiveFileMonitor8.0;Adobe Active File Monitor V8;c:\program files\adobe\elements organizer 8.0\PhotoshopElementsFileAgent.exe [2009-10-9 169312]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2012-4-9 21256]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2011-12-3 44808]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-8-26 655944]
R2 ThreatFire;ThreatFire;c:\program files\threatfire\tfservice.exe service --> c:\program files\threatfire\TFService.exe service [?]
R2 ToolTipFixer;ToolTipFixer;c:\program files\neosmart technologies\tooltipfixer\ToolTipFixer.exe [2008-10-14 61952]
R2 wwEngineSvc;Window Washer Engine;c:\program files\webroot\washer\WasherSvc.exe [2009-8-2 598856]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-8-26 22344]
R3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [2012-4-18 33552]
S3 ALSysIO;ALSysIO; [x]
S3 Bdfndisf;BitDefender Firewall NDIS Filter Service;c:\windows\system32\drivers\bdfndisf.sys [2012-4-18 71040]
S3 gupdate1c98ada76b71a2b;Google Update Service (gupdate1c98ada76b71a2b); [x]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-5-7 129976]
S3 NPF;Netgroup Packet Filter;c:\windows\system32\drivers\npf.sys [2012-4-18 14448]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2006-2-16 12872]
S3 UCORESYS;UCORESYS;c:\downloads\asrock\bios\939dual-sata2(2.20)win\afu939dual-sata2_2.20\Ucoresys.sys [2008-6-13 8544]
S3 ULI5261XP;ULi M526X Ethernet NT Driver;c:\windows\system32\drivers\ULILAN51.SYS [2012-4-18 28672]
S3 WCPUID;WCPUID; [x]
S4 PuranDefrag;PuranDefrag;c:\windows\system32\PuranDefragS.exe [2012-4-18 229376]
.
=============== Created Last 30 ================
.
2012-08-27 17:50:47 23040 -c--a-w- c:\windows\system32\dllcache\xrxwbtmp.dll
2012-08-27 17:50:47 17408 -c--a-w- c:\windows\system32\dllcache\xrxscnui.dll
2012-08-27 17:50:47 116224 -c--a-w- c:\windows\system32\dllcache\xrxwiadr.dll
2012-08-27 17:50:46 27648 -c--a-w- c:\windows\system32\dllcache\xrxftplt.exe
2012-08-27 17:50:45 4608 -c--a-w- c:\windows\system32\dllcache\xrxflnch.exe
2012-08-27 17:50:10 99865 -c--a-w- c:\windows\system32\dllcache\xlog.exe
2012-08-27 17:50:03 16970 -c--a-w- c:\windows\system32\dllcache\xem336n5.sys
2012-08-27 17:50:00 19455 -c--a-w- c:\windows\system32\dllcache\wvchntxx.sys
2012-08-27 17:49:53 12063 -c--a-w- c:\windows\system32\dllcache\wsiintxx.sys
2012-08-27 17:48:57 8832 -c--a-w- c:\windows\system32\dllcache\wmiacpi.sys
2012-08-27 17:48:53 154624 -c--a-w- c:\windows\system32\dllcache\wlluc48.sys
2012-08-27 17:48:52 34890 -c--a-w- c:\windows\system32\dllcache\wlandrv2.sys
2012-08-27 17:48:31 771581 -c--a-w- c:\windows\system32\dllcache\winacisa.sys
2012-08-27 17:48:26 87040 -c--a-w- c:\windows\system32\dllcache\wiafbdrv.dll
2012-08-27 17:48:26 53760 -c--a-w- c:\windows\system32\dllcache\wiamsmud.dll
2012-08-27 17:48:11 701386 -c--a-w- c:\windows\system32\dllcache\wdhaalba.sys
2012-08-27 17:48:10 23615 -c--a-w- c:\windows\system32\dllcache\wch7xxnt.sys
2012-08-27 17:48:08 35871 -c--a-w- c:\windows\system32\dllcache\wbfirdma.sys
2012-08-27 17:46:59 113762 -c--a-w- c:\windows\system32\dllcache\usrpda.sys
2012-08-27 17:45:59 315520 -c--a-w- c:\windows\system32\dllcache\trid3d.dll
2012-08-27 17:44:59 7040 -c--a-w- c:\windows\system32\dllcache\tandqic.sys
2012-08-27 17:43:49 61824 -c--a-w- c:\windows\system32\dllcache\speed.sys
2012-08-27 17:42:45 91294 -c--a-w- c:\windows\system32\dllcache\skfpwin.sys
2012-08-27 17:42:45 63547 -c--a-w- c:\windows\system32\dllcache\sla30nd5.sys
2012-08-27 17:42:43 94698 -c--a-w- c:\windows\system32\dllcache\sk98xwin.sys
2012-08-27 17:42:43 157696 -c--a-w- c:\windows\system32\dllcache\sisv256.dll
2012-08-27 17:42:41 50432 -c--a-w- c:\windows\system32\dllcache\sisv.sys
2012-08-27 17:42:40 32768 -c--a-w- c:\windows\system32\dllcache\sisnic.sys
2012-08-27 17:42:40 238592 -c--a-w- c:\windows\system32\dllcache\sisgrv.dll
2012-08-27 17:42:38 104064 -c--a-w- c:\windows\system32\dllcache\sisgrp.sys
2012-08-27 17:42:36 150144 -c--a-w- c:\windows\system32\dllcache\sis6306v.dll
2012-08-27 17:42:35 68608 -c--a-w- c:\windows\system32\dllcache\sis6306p.sys
2012-08-27 17:42:35 252032 -c--a-w- c:\windows\system32\dllcache\sis300iv.dll
2012-08-27 17:42:34 101760 -c--a-w- c:\windows\system32\dllcache\sis300ip.sys
2012-08-27 17:40:59 62496 -c--a-w- c:\windows\system32\dllcache\s3mtrio.dll
2012-08-27 17:39:31 714762 -c--a-w- c:\windows\system32\dllcache\r2mdmkxx.sys
2012-08-27 17:38:59 16128 -c--a-w- c:\windows\system32\dllcache\pscr.sys
2012-08-27 17:37:45 44544 -c--a-w- c:\windows\system32\dllcache\ovui2.dll
2012-08-27 17:36:56 198144 -c--a-w- c:\windows\system32\dllcache\nv3.sys
2012-08-27 17:36:56 123776 -c--a-w- c:\windows\system32\dllcache\nv3.dll
2012-08-27 17:36:47 2056832 -c--a-w- c:\windows\system32\dllcache\ntkrnlpa.exe
2012-08-27 17:36:45 51552 -c--a-w- c:\windows\system32\dllcache\ntgrip.sys
2012-08-27 17:36:40 9344 -c--a-w- c:\windows\system32\dllcache\ntapm.sys
2012-08-27 17:36:39 7552 -c--a-w- c:\windows\system32\dllcache\nsmmc.sys
2012-08-27 17:36:36 28672 -c--a-w- c:\windows\system32\dllcache\nscirda.sys
2012-08-27 17:36:29 87040 -c--a-w- c:\windows\system32\dllcache\nm6wdm.sys
2012-08-27 17:36:28 126080 -c--a-w- c:\windows\system32\dllcache\nm5a2wdm.sys
2012-08-27 17:36:14 32840 -c--a-w- c:\windows\system32\dllcache\ngrpci.sys
2012-08-27 17:36:09 132695 -c--a-w- c:\windows\system32\dllcache\netwlan5.sys
2012-08-27 17:36:00 65278 -c--a-w- c:\windows\system32\dllcache\netflx3.sys
2012-08-27 17:34:59 49024 -c--a-w- c:\windows\system32\dllcache\mstape.sys
2012-08-27 17:34:47 12416 -c--a-w- c:\windows\system32\dllcache\msriffwv.sys
2012-08-27 17:34:31 22016 -c--a-w- c:\windows\system32\dllcache\msircomm.sys
2012-08-27 17:33:55 35200 -c--a-w- c:\windows\system32\dllcache\msgame.sys
2012-08-27 17:33:53 6016 -c--a-w- c:\windows\system32\dllcache\msfsio.sys
2012-08-27 17:33:34 17280 -c--a-w- c:\windows\system32\dllcache\mraid35x.sys
2012-08-27 17:33:12 16128 -c--a-w- c:\windows\system32\dllcache\modemcsa.sys
2012-08-27 17:33:01 6528 -c--a-w- c:\windows\system32\dllcache\miniqic.sys
2012-08-27 17:31:56 4992 -c--a-w- c:\windows\system32\dllcache\loop.sys
2012-08-27 17:31:48 70730 -c--a-w- c:\windows\system32\dllcache\lne100tx.sys
2012-08-27 17:31:47 20573 -c--a-w- c:\windows\system32\dllcache\lne100.sys
2012-08-27 17:31:46 25065 -c--a-w- c:\windows\system32\dllcache\lmndis3.sys
2012-08-27 17:31:45 15744 -c--a-w- c:\windows\system32\dllcache\lit220p.sys
2012-08-27 17:31:40 34688 -c--a-w- c:\windows\system32\dllcache\lbrtfdc.sys
2012-08-27 17:31:39 26442 -c--a-w- c:\windows\system32\dllcache\lanepic5.sys
2012-08-27 17:31:36 19016 -c--a-w- c:\windows\system32\dllcache\ktc111.sys
2012-08-27 17:31:34 37376 -c--a-w- c:\windows\system32\dllcache\kousd.dll
2012-08-27 17:31:26 242176 -c--a-w- c:\windows\system32\dllcache\kdsusd.dll
2012-08-27 17:31:25 45568 -c--a-w- c:\windows\system32\dllcache\kdsui.dll
2012-08-27 17:30:39 8704 -c--a-w- c:\windows\system32\dllcache\kbdjpn.dll
2012-08-27 17:30:39 8192 -c--a-w- c:\windows\system32\dllcache\kbdkor.dll
2012-08-27 17:29:54 6144 -c--a-w- c:\windows\system32\dllcache\kbd106.dll
2012-08-27 17:29:54 6144 -c--a-w- c:\windows\system32\dllcache\kbd101c.dll
2012-08-27 17:29:54 5632 -c--a-w- c:\windows\system32\dllcache\kbd103.dll
2012-08-27 17:29:53 6144 -c--a-w- c:\windows\system32\dllcache\kbd101b.dll
2012-08-27 17:29:39 26624 -c--a-w- c:\windows\system32\dllcache\irstusb.sys
2012-08-27 17:29:36 23552 -c--a-w- c:\windows\system32\dllcache\irmk7.sys
2012-08-27 17:29:20 45632 -c--a-w- c:\windows\system32\dllcache\ip5515.sys
2012-08-27 17:29:19 90200 -c--a-w- c:\windows\system32\dllcache\io8ports.dll
2012-08-27 17:29:19 38784 -c--a-w- c:\windows\system32\dllcache\io8.sys
2012-08-27 17:29:17 5504 -c--a-w- c:\windows\system32\dllcache\intelide.sys
2012-08-27 17:29:15 13056 -c--a-w- c:\windows\system32\dllcache\inport.sys
2012-08-27 17:29:14 16000 -c--a-w- c:\windows\system32\dllcache\ini910u.sys
2012-08-27 17:26:23 50751 -c--a-w- c:\windows\system32\dllcache\hsf_tone.sys
2012-08-27 17:25:55 2688 -c--a-w- c:\windows\system32\dllcache\hidswvd.sys
2012-08-27 17:24:58 442240 -c--a-w- c:\windows\system32\dllcache\fpnpbase.sys
2012-08-27 17:23:59 72192 -c--a-w- c:\windows\system32\dllcache\es1969.sys
2012-08-27 17:22:59 28062 -c--a-w- c:\windows\system32\dllcache\dp83820.sys
2012-08-27 17:21:59 86016 -c--a-w- c:\windows\system32\dllcache\dc240usd.dll
2012-08-27 17:20:56 9344 -c--a-w- c:\windows\system32\dllcache\compbatt.sys
2012-08-27 17:20:50 44032 -c--a-w- c:\windows\system32\dllcache\cnusd.dll
2012-08-27 17:20:50 39936 -c--a-w- c:\windows\system32\dllcache\cnxt1803.sys
2012-08-27 17:20:44 6656 -c--a-w- c:\windows\system32\dllcache\cmdide.sys
2012-08-27 17:20:42 20736 -c--a-w- c:\windows\system32\dllcache\cmbp0wdm.sys
2012-08-27 17:20:41 14080 -c--a-w- c:\windows\system32\dllcache\cmbatt.sys
2012-08-27 17:20:36 248064 -c--a-w- c:\windows\system32\dllcache\cl546xm.sys
2012-08-27 17:20:36 170880 -c--a-w- c:\windows\system32\dllcache\cl546x.dll
2012-08-27 17:20:35 111232 -c--a-w- c:\windows\system32\dllcache\cl5465.dll
2012-08-27 17:20:32 45696 -c--a-w- c:\windows\system32\dllcache\cirrus.sys
2012-08-27 17:20:31 91264 -c--a-w- c:\windows\system32\dllcache\cirrus.dll
2012-08-27 17:20:24 272640 -c--a-w- c:\windows\system32\dllcache\cinemclc.sys
2012-08-27 17:20:20 980034 -c--a-w- c:\windows\system32\dllcache\cicap.sys
2012-08-27 17:18:49 13824 -c--a-w- c:\windows\system32\dllcache\bulltlp3.sys
2012-08-27 17:17:49 26624 -c--a-w- c:\windows\system32\dllcache\ativxbar.sys
2012-08-27 17:16:56 6272 -c--a-w- c:\windows\system32\dllcache\apmbatt.sys
2012-08-27 17:15:59 7424 -c--a-w- c:\windows\system32\dllcache\adicvls.sys
2012-08-27 17:14:41 66048 -c--a-w- c:\windows\system32\dllcache\s3legacy.dll
2012-08-27 17:14:25 2180992 -c--a-w- c:\windows\system32\dllcache\ntoskrnl.exe
2012-08-26 17:17:59 -------- d-----w- c:\documents and settings\ted\application data\Malwarebytes
2012-08-26 17:15:50 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2012-08-26 17:15:25 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-08-26 17:15:22 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-08-19 21:00:26 -------- d-----w- c:\program files\Folder Marker
2012-08-19 19:28:36 -------- d-----w- c:\documents and settings\ted\application data\TrueCrypt
2012-08-19 17:07:10 -------- d-----w- c:\windows\Downloaded Installations
2012-08-16 18:32:31 -------- d-----w- c:\documents and settings\ted\application data\AVS4YOU
2012-08-16 18:29:37 11137024 ----a-w- c:\windows\system32\libmfxsw32.dll
2012-08-16 18:29:10 -------- d-----w- c:\program files\common files\AVSMedia
2012-08-16 18:26:02 -------- d-----w- c:\windows\SxsCaPendDel
2012-08-16 18:24:07 24576 ----a-w- c:\windows\system32\msxml3a.dll
2012-08-16 18:24:07 -------- d-----w- c:\documents and settings\all users\application data\AVS4YOU
2012-08-16 15:50:35 1409 ----a-w- c:\windows\QTFont.for
2012-08-16 15:47:44 -------- d-----w- c:\program files\WMV9_VCM
2012-08-16 15:47:20 53252 ----a-w- c:\windows\Video Cleaner Uninstaller.exe
2012-08-16 15:47:04 -------- d-----w- c:\documents and settings\ted\application data\River Past G5
2012-08-16 15:47:04 -------- d-----w- c:\documents and settings\all users\application data\River Past G5
2012-08-16 15:47:03 -------- d-----w- c:\program files\common files\River Past
2012-08-06 19:52:32 -------- d-----w- c:\documents and settings\ted\local settings\application data\Adobe
2012-08-06 19:40:40 -------- d-----w- c:\program files\common files\Macrovision Shared
2012-08-01 16:14:24 -------- d--h--w- c:\documents and settings\all users\application data\CanonIJEGV
.
==================== Find3M ====================
.
2012-08-21 09:13:15 729752 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-08-21 09:12:33 41224 ----a-w- c:\windows\avastSS.scr
2008-03-23 15:20:33 18672 ----a-w- c:\program files\WEBWRAP.EXE
2008-03-23 15:19:30 9902 ----a-w- c:\program files\VGLUE.DLL
2008-03-23 15:19:19 42798 ----a-w- c:\program files\UNSQUASH.EXE
2008-03-23 14:08:59 7680 ----a-w- c:\program files\TAXFORMS.USA
2008-03-23 14:08:59 726032 ----a-w- c:\program files\TEJ.DLL
2008-03-23 13:37:32 1500736 ----a-w- c:\program files\SIT.DLL
2008-03-23 13:23:46 14192 ----a-w- c:\program files\PERRVAL.DLL
2008-03-23 13:16:25 1497152 ----a-w- c:\program files\NAVIGATE.EXE
2008-03-23 12:22:12 19568 ----a-w- c:\program files\CTL3D.DLL
2008-03-23 12:17:47 605348 ----a-w- c:\program files\CGMZV.DLL
2008-03-23 12:09:58 219648 ----a-w- c:\program files\BC450RTL.DLL
.
=================== ROOTKIT ====================
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600
.
CreateFile("\\.\PHYSICALDRIVE0"): The process cannot access the file because it is being used by another process.
device: opened successfully
user: error reading MBR
.
Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll sfsync02.sys atapi.sys aliide.sys PCIIDEX.SYS
c:\windows\system32\drivers\sfsync02.sys Protection Technology StarForce Protection System
c:\windows\system32\drivers\aliide.sys Acer Laboratories Inc. ALi mini IDE Driver
1 ntkrnlpa!IofCallDriver[0x804EEEB8] -> \Device\Harddisk0\DR0[0x8A692AB8]
3 CLASSPNP[0xBA8F905B] -> ntkrnlpa!IofCallDriver[0x804EEEB8] -> \Device\0000008e[0x8A6ABF18]
5 ACPI[0xBA77F620] -> ntkrnlpa!IofCallDriver[0x804EEEB8] -> \Device\Ide\IdeDeviceP0T0L0-4[0x8A6A8D98]
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; STI ; PUSH AX; POP ES; PUSH AX; POP DS; CLD ; MOV SI, 0x7c1b; MOV DI, 0x61b; PUSH AX; PUSH DI; MOV CX, 0x1e5; REP MOVSB ; RETF ; MOV BP, 0x7be; MOV CL, 0x4; CMP [BP+0x0], CH; JL 0x2e; JNZ 0x3a; }
user != kernel MBR !!!

.
============= FINISH: 13:15:12.23 ===============
tmitch
Active Member
 
Posts: 6
Joined: August 30th, 2012, 1:21 pm
Location: Oklahoma
Advertisement
Register to Remove

Re: Post subject: New virus/trojan that I cannot find

Unread postby NonSuch » August 31st, 2012, 7:28 pm

It appears you are using a computer with an unsupported Operating System.

May I draw your attention to the topic: ALL USERS OF THIS FORUM MUST READ THIS FIRST, which you should have read before posting for help.

The section here explains why we do not offer help for such computers. Thank you for your understanding.

This topic is now closed.
User avatar
NonSuch
Administrator
Administrator
 
Posts: 28747
Joined: February 23rd, 2005, 7:08 am
Location: California


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 202 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware